Author: hbelusca Date: Sun Sep 22 00:26:31 2013 New Revision: 60301
URL: http://svn.reactos.org/svn/reactos?rev=60301&view=rev Log: [NTOS] - Fix disabling impersonation in PsDisableImpersonation, and - Fix how we do restore impersonation in NtOpenThreadTokenEx. Patch by Thomas Faber, CORE-7476 #comment Patch committed in revision 60301, thanks :). Please retest the bug.
Modified: trunk/reactos/ntoskrnl/ps/security.c trunk/reactos/ntoskrnl/se/token.c
Modified: trunk/reactos/ntoskrnl/ps/security.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ps/security.c?rev=... ============================================================================== --- trunk/reactos/ntoskrnl/ps/security.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ps/security.c [iso-8859-1] Sun Sep 22 00:26:31 2013 @@ -820,10 +820,10 @@ BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, - IN PSE_IMPERSONATION_STATE ImpersonationState) + OUT PSE_IMPERSONATION_STATE ImpersonationState) { PPS_IMPERSONATION_INFORMATION Impersonation = NULL; - LONG NewValue, OldValue; + LONG OldFlags; PAGED_CODE(); PSTRACE(PS_SECURITY_DEBUG, "Thread: %p State: %p\n", Thread, ImpersonationState); @@ -835,19 +835,11 @@ PspLockThreadSecurityExclusive(Thread);
/* Disable impersonation */ - OldValue = Thread->CrossThreadFlags; - do - { - /* Attempt to change the flag */ - NewValue = - InterlockedCompareExchange((PLONG)&Thread->CrossThreadFlags, - OldValue &~ - CT_ACTIVE_IMPERSONATION_INFO_BIT, - OldValue); - } while (NewValue != OldValue); + OldFlags = PspClearCrossThreadFlag(Thread, + CT_ACTIVE_IMPERSONATION_INFO_BIT);
/* Make sure nobody disabled it behind our back */ - if (NewValue & CT_ACTIVE_IMPERSONATION_INFO_BIT) + if (OldFlags & CT_ACTIVE_IMPERSONATION_INFO_BIT) { /* Copy the old state */ Impersonation = Thread->ImpersonationInfo;
Modified: trunk/reactos/ntoskrnl/se/token.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=603... ============================================================================== --- trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] Sun Sep 22 00:26:31 2013 @@ -1065,7 +1065,7 @@ PTOKEN Token; ULONG RequiredLength; KPROCESSOR_MODE PreviousMode; - NTSTATUS Status = STATUS_SUCCESS; + NTSTATUS Status;
PAGED_CODE();
@@ -2429,6 +2429,7 @@ PACL Dacl = NULL; KPROCESSOR_MODE PreviousMode; NTSTATUS Status; + BOOLEAN RestoreImpersonation = FALSE;
PAGED_CODE();
@@ -2482,7 +2483,8 @@
if (OpenAsSelf) { - PsDisableImpersonation(PsGetCurrentThread(), &ImpersonationState); + RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(), + &ImpersonationState); }
if (CopyOnOpen) @@ -2533,7 +2535,7 @@
if (Dacl) ExFreePoolWithTag(Dacl, TAG_TOKEN_ACL);
- if (OpenAsSelf) + if (RestoreImpersonation) { PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState); }