https://git.reactos.org/?p=reactos.git;a=commitdiff;h=5b2dda91348d200fde43ee...
commit 5b2dda91348d200fde43ee09d796174efa982d78 Author: Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org AuthorDate: Mon Jun 25 15:24:44 2018 +0200 Commit: Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org CommitDate: Wed Jun 27 23:40:14 2018 +0200
[NTOS:SE] Finish SepCreateImpersonationTokenDacl() implementation.
- Re-enable a commented-out block; - Return the allocated Dacl. - Use the correct pool tag when freeing the allocated Dacl. --- ntoskrnl/include/internal/se.h | 6 +++--- ntoskrnl/se/acl.c | 29 ++++++++++++++++------------- ntoskrnl/se/token.c | 6 +++--- 3 files changed, 22 insertions(+), 19 deletions(-)
diff --git a/ntoskrnl/include/internal/se.h b/ntoskrnl/include/internal/se.h index 125055fe11..040d23c174 100644 --- a/ntoskrnl/include/internal/se.h +++ b/ntoskrnl/include/internal/se.h @@ -317,9 +317,9 @@ SeIsTokenChild( NTSTATUS NTAPI SepCreateImpersonationTokenDacl( - PTOKEN Token, - PTOKEN PrimaryToken, - PACL *Dacl + _In_ PTOKEN Token, + _In_ PTOKEN PrimaryToken, + _Out_ PACL* Dacl );
VOID diff --git a/ntoskrnl/se/acl.c b/ntoskrnl/se/acl.c index 392f2a9ea6..3829684794 100644 --- a/ntoskrnl/se/acl.c +++ b/ntoskrnl/se/acl.c @@ -224,22 +224,26 @@ SepInitDACLs(VOID) return TRUE; }
-NTSTATUS NTAPI -SepCreateImpersonationTokenDacl(PTOKEN Token, - PTOKEN PrimaryToken, - PACL *Dacl) +NTSTATUS +NTAPI +SepCreateImpersonationTokenDacl( + _In_ PTOKEN Token, + _In_ PTOKEN PrimaryToken, + _Out_ PACL* Dacl) { ULONG AclLength; - PVOID TokenDacl; + PACL TokenDacl;
PAGED_CODE();
+ *Dacl = NULL; + AclLength = sizeof(ACL) + - (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) + - (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) + - (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) + - (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) + - (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid)); + (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) + + (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) + + (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) + + (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) + + (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
TokenDacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_ACL); if (TokenDacl == NULL) @@ -257,14 +261,13 @@ SepCreateImpersonationTokenDacl(PTOKEN Token, RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL, SeLocalSystemSid);
- /* FIXME */ -#if 0 if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL) { RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL, SeRestrictedCodeSid); } -#endif + + *Dacl = TokenDacl;
return STATUS_SUCCESS; } diff --git a/ntoskrnl/se/token.c b/ntoskrnl/se/token.c index 46ab29b0f7..b9c4e6f1f4 100644 --- a/ntoskrnl/se/token.c +++ b/ntoskrnl/se/token.c @@ -3325,7 +3325,8 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
/* * At first open the thread token for information access and verify - * that the token associated with thread is valid. */ + * that the token associated with thread is valid. + */
Status = ObReferenceObjectByHandle(ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID*)&Thread, @@ -3386,7 +3387,6 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle, InitializeObjectAttributes(&ObjectAttributes, NULL, HandleAttributes, NULL, Dacl ? &SecurityDescriptor : NULL);
- Status = SepDuplicateToken(Token, &ObjectAttributes, EffectiveOnly, TokenImpersonation, ImpersonationLevel, KernelMode, &NewToken); @@ -3406,7 +3406,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle, PreviousMode, &hToken); }
- if (Dacl) ExFreePoolWithTag(Dacl, TAG_TOKEN_ACL); + if (Dacl) ExFreePoolWithTag(Dacl, TAG_ACL);
if (RestoreImpersonation) {