Author: hpoussin Date: Tue Jul 3 02:39:11 2007 New Revision: 27366
URL: http://svn.reactos.org/svn/reactos?rev=27366&view=rev Log: Replace tabs by spaces. No code change
Modified: trunk/reactos/ntoskrnl/se/semgr.c trunk/reactos/ntoskrnl/se/token.c
Modified: trunk/reactos/ntoskrnl/se/semgr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=273... ============================================================================== --- trunk/reactos/ntoskrnl/se/semgr.c (original) +++ trunk/reactos/ntoskrnl/se/semgr.c Tue Jul 3 02:39:11 2007 @@ -123,15 +123,15 @@
/* Create '\Security' directory */ RtlInitUnicodeString(&Name, - L"\Security"); + L"\Security"); InitializeObjectAttributes(&ObjectAttributes, - &Name, - OBJ_PERMANENT, - 0, - NULL); + &Name, + OBJ_PERMANENT, + 0, + NULL); Status = ZwCreateDirectoryObject(&DirectoryHandle, - DIRECTORY_ALL_ACCESS, - &ObjectAttributes); + DIRECTORY_ALL_ACCESS, + &ObjectAttributes); if (!NT_SUCCESS(Status)) { DPRINT1("Failed to create 'Security' directory!\n"); @@ -140,17 +140,17 @@
/* Create 'LSA_AUTHENTICATION_INITALIZED' event */ RtlInitUnicodeString(&Name, - L"\LSA_AUTHENTICATION_INITALIZED"); + L"\LSA_AUTHENTICATION_INITALIZED"); InitializeObjectAttributes(&ObjectAttributes, - &Name, - OBJ_PERMANENT, - DirectoryHandle, - SePublicDefaultSd); + &Name, + OBJ_PERMANENT, + DirectoryHandle, + SePublicDefaultSd); Status = ZwCreateEvent(&EventHandle, - EVENT_ALL_ACCESS, - &ObjectAttributes, - SynchronizationEvent, - FALSE); + EVENT_ALL_ACCESS, + &ObjectAttributes, + SynchronizationEvent, + FALSE); if (!NT_SUCCESS(Status)) { DPRINT1("Failed to create 'LSA_AUTHENTICATION_INITALIZED' event!\n"); @@ -271,170 +271,170 @@
/* Get owner and owner size */ if (SecurityInformation & OWNER_SECURITY_INFORMATION) - { - if (SecurityDescriptor->Owner != NULL) - { - if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) - Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner + - (ULONG_PTR)SecurityDescriptor); - else - Owner = (PSID)SecurityDescriptor->Owner; - OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); - } - Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED); - } + { + if (SecurityDescriptor->Owner != NULL) + { + if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) + Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner + + (ULONG_PTR)SecurityDescriptor); + else + Owner = (PSID)SecurityDescriptor->Owner; + OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); + } + Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED); + } else - { - if (ObjectSd->Owner != NULL) - { - Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd); - OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); - } - Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED); - } + { + if (ObjectSd->Owner != NULL) + { + Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd); + OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); + } + Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED); + }
/* Get group and group size */ if (SecurityInformation & GROUP_SECURITY_INFORMATION) - { - if (SecurityDescriptor->Group != NULL) - { - if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) - Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group + - (ULONG_PTR)SecurityDescriptor); - else - Group = (PSID)SecurityDescriptor->Group; - GroupLength = ROUND_UP(RtlLengthSid(Group), 4); - } - Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED); - } + { + if (SecurityDescriptor->Group != NULL) + { + if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) + Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group + + (ULONG_PTR)SecurityDescriptor); + else + Group = (PSID)SecurityDescriptor->Group; + GroupLength = ROUND_UP(RtlLengthSid(Group), 4); + } + Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED); + } else - { - if (ObjectSd->Group != NULL) - { - Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd); - GroupLength = ROUND_UP(RtlLengthSid(Group), 4); - } - Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED); - } + { + if (ObjectSd->Group != NULL) + { + Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd); + GroupLength = ROUND_UP(RtlLengthSid(Group), 4); + } + Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED); + }
/* Get DACL and DACL size */ if (SecurityInformation & DACL_SECURITY_INFORMATION) - { - if ((SecurityDescriptor->Control & SE_DACL_PRESENT) && - (SecurityDescriptor->Dacl != NULL)) - { - if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) - Dacl = (PACL)((ULONG_PTR)SecurityDescriptor->Dacl + - (ULONG_PTR)SecurityDescriptor); - else - Dacl = (PACL)SecurityDescriptor->Dacl; - - DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4); - } - Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT)); - } + { + if ((SecurityDescriptor->Control & SE_DACL_PRESENT) && + (SecurityDescriptor->Dacl != NULL)) + { + if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) + Dacl = (PACL)((ULONG_PTR)SecurityDescriptor->Dacl + + (ULONG_PTR)SecurityDescriptor); + else + Dacl = (PACL)SecurityDescriptor->Dacl; + + DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4); + } + Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT)); + } else - { - if ((ObjectSd->Control & SE_DACL_PRESENT) && - (ObjectSd->Dacl != NULL)) - { - Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd); - DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4); - } - Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT)); - } + { + if ((ObjectSd->Control & SE_DACL_PRESENT) && + (ObjectSd->Dacl != NULL)) + { + Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd); + DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4); + } + Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT)); + }
/* Get SACL and SACL size */ if (SecurityInformation & SACL_SECURITY_INFORMATION) - { - if ((SecurityDescriptor->Control & SE_SACL_PRESENT) && - (SecurityDescriptor->Sacl != NULL)) - { - if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) - Sacl = (PACL)((ULONG_PTR)SecurityDescriptor->Sacl + - (ULONG_PTR)SecurityDescriptor); - else - Sacl = (PACL)SecurityDescriptor->Sacl; - SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4); - } - Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT)); - } + { + if ((SecurityDescriptor->Control & SE_SACL_PRESENT) && + (SecurityDescriptor->Sacl != NULL)) + { + if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) + Sacl = (PACL)((ULONG_PTR)SecurityDescriptor->Sacl + + (ULONG_PTR)SecurityDescriptor); + else + Sacl = (PACL)SecurityDescriptor->Sacl; + SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4); + } + Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT)); + } else - { - if ((ObjectSd->Control & SE_SACL_PRESENT) && - (ObjectSd->Sacl != NULL)) - { - Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd); - SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4); - } - Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT)); - } + { + if ((ObjectSd->Control & SE_SACL_PRESENT) && + (ObjectSd->Sacl != NULL)) + { + Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd); + SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4); + } + Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT)); + }
NewSd = ExAllocatePool(NonPagedPool, - sizeof(SECURITY_DESCRIPTOR) + OwnerLength + GroupLength + - DaclLength + SaclLength); + sizeof(SECURITY_DESCRIPTOR) + OwnerLength + GroupLength + + DaclLength + SaclLength); if (NewSd == NULL) - { - ObDereferenceObject(Object); - return STATUS_INSUFFICIENT_RESOURCES; - } + { + ObDereferenceObject(Object); + return STATUS_INSUFFICIENT_RESOURCES; + }
RtlCreateSecurityDescriptor(NewSd, - SECURITY_DESCRIPTOR_REVISION1); + SECURITY_DESCRIPTOR_REVISION1); /* We always build a self-relative descriptor */ NewSd->Control = (USHORT)Control | SE_SELF_RELATIVE;
Current = (ULONG_PTR)NewSd + sizeof(SECURITY_DESCRIPTOR);
if (OwnerLength != 0) - { - RtlCopyMemory((PVOID)Current, - Owner, - OwnerLength); - NewSd->Owner = (PSID)(Current - (ULONG_PTR)NewSd); - Current += OwnerLength; - } + { + RtlCopyMemory((PVOID)Current, + Owner, + OwnerLength); + NewSd->Owner = (PSID)(Current - (ULONG_PTR)NewSd); + Current += OwnerLength; + }
if (GroupLength != 0) - { - RtlCopyMemory((PVOID)Current, - Group, - GroupLength); - NewSd->Group = (PSID)(Current - (ULONG_PTR)NewSd); - Current += GroupLength; - } + { + RtlCopyMemory((PVOID)Current, + Group, + GroupLength); + NewSd->Group = (PSID)(Current - (ULONG_PTR)NewSd); + Current += GroupLength; + }
if (DaclLength != 0) - { - RtlCopyMemory((PVOID)Current, - Dacl, - DaclLength); - NewSd->Dacl = (PACL)(Current - (ULONG_PTR)NewSd); - Current += DaclLength; - } + { + RtlCopyMemory((PVOID)Current, + Dacl, + DaclLength); + NewSd->Dacl = (PACL)(Current - (ULONG_PTR)NewSd); + Current += DaclLength; + }
if (SaclLength != 0) - { - RtlCopyMemory((PVOID)Current, - Sacl, - SaclLength); - NewSd->Sacl = (PACL)(Current - (ULONG_PTR)NewSd); - Current += SaclLength; - } + { + RtlCopyMemory((PVOID)Current, + Sacl, + SaclLength); + NewSd->Sacl = (PACL)(Current - (ULONG_PTR)NewSd); + Current += SaclLength; + }
/* Add the new SD */ Status = ObpAddSecurityDescriptor(NewSd, - &Header->SecurityDescriptor); + &Header->SecurityDescriptor); if (NT_SUCCESS(Status)) - { - /* Remove the old security descriptor */ - ObpRemoveSecurityDescriptor(ObjectSd); - } + { + /* Remove the old security descriptor */ + ObpRemoveSecurityDescriptor(ObjectSd); + } else - { - /* Restore the old security descriptor */ - Header->SecurityDescriptor = ObjectSd; - } + { + /* Restore the old security descriptor */ + Header->SecurityDescriptor = ObjectSd; + }
ExFreePool(NewSd); } @@ -449,7 +449,7 @@ { /* Assign the security descriptor to the object header */ Status = ObpAddSecurityDescriptor(SecurityDescriptor, - &Header->SecurityDescriptor); + &Header->SecurityDescriptor); }
@@ -571,14 +571,14 @@ */ NTSTATUS STDCALL SeAssignSecurityEx(IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL, - IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL, - OUT PSECURITY_DESCRIPTOR *NewDescriptor, - IN GUID *ObjectType OPTIONAL, - IN BOOLEAN IsDirectoryObject, - IN ULONG AutoInheritFlags, - IN PSECURITY_SUBJECT_CONTEXT SubjectContext, - IN PGENERIC_MAPPING GenericMapping, - IN POOL_TYPE PoolType) + IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL, + OUT PSECURITY_DESCRIPTOR *NewDescriptor, + IN GUID *ObjectType OPTIONAL, + IN BOOLEAN IsDirectoryObject, + IN ULONG AutoInheritFlags, + IN PSECURITY_SUBJECT_CONTEXT SubjectContext, + IN PGENERIC_MAPPING GenericMapping, + IN POOL_TYPE PoolType) { UNIMPLEMENTED; return STATUS_NOT_IMPLEMENTED; @@ -601,12 +601,12 @@ */ NTSTATUS STDCALL SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL, - PSECURITY_DESCRIPTOR _ExplicitDescriptor OPTIONAL, - PSECURITY_DESCRIPTOR *NewDescriptor, - BOOLEAN IsDirectoryObject, - PSECURITY_SUBJECT_CONTEXT SubjectContext, - PGENERIC_MAPPING GenericMapping, - POOL_TYPE PoolType) + PSECURITY_DESCRIPTOR _ExplicitDescriptor OPTIONAL, + PSECURITY_DESCRIPTOR *NewDescriptor, + BOOLEAN IsDirectoryObject, + PSECURITY_SUBJECT_CONTEXT SubjectContext, + PGENERIC_MAPPING GenericMapping, + POOL_TYPE PoolType) { PISECURITY_DESCRIPTOR ParentDescriptor = _ParentDescriptor; PISECURITY_DESCRIPTOR ExplicitDescriptor = _ExplicitDescriptor; @@ -646,23 +646,23 @@ Owner = ExplicitDescriptor->Owner;
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE) - { - Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor); - - } + { + Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor); + + } } else { if (Token != NULL) - { - DPRINT("Use token owner sid!\n"); - Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid; - } + { + DPRINT("Use token owner sid!\n"); + Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid; + } else - { - DPRINT("Use default owner sid!\n"); - Owner = SeLocalSystemSid; - } + { + DPRINT("Use default owner sid!\n"); + Owner = SeLocalSystemSid; + }
Control |= SE_OWNER_DEFAULTED; } @@ -676,22 +676,22 @@ DPRINT("Use explicit group sid!\n"); Group = ExplicitDescriptor->Group; if (ExplicitDescriptor->Control & SE_SELF_RELATIVE) - { - Group = (PSID)(((ULONG_PTR)Group) + (ULONG_PTR)ExplicitDescriptor); - } + { + Group = (PSID)(((ULONG_PTR)Group) + (ULONG_PTR)ExplicitDescriptor); + } } else { if (Token != NULL) - { - DPRINT("Use token group sid!\n"); - Group = Token->PrimaryGroup; - } + { + DPRINT("Use token group sid!\n"); + Group = Token->PrimaryGroup; + } else - { - DPRINT("Use default group sid!\n"); - Group = SeLocalSystemSid; - } + { + DPRINT("Use default group sid!\n"); + Group = SeLocalSystemSid; + }
Control |= SE_OWNER_DEFAULTED; } @@ -707,22 +707,22 @@ DPRINT("Use explicit DACL!\n"); Dacl = ExplicitDescriptor->Dacl; if (Dacl != NULL && (ExplicitDescriptor->Control & SE_SELF_RELATIVE)) - { - Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ExplicitDescriptor); - } + { + Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ExplicitDescriptor); + }
Control |= SE_DACL_PRESENT; } else if (ParentDescriptor != NULL && - (ParentDescriptor->Control & SE_DACL_PRESENT)) + (ParentDescriptor->Control & SE_DACL_PRESENT)) { DPRINT("Use parent DACL!\n"); /* FIXME: Inherit */ Dacl = ParentDescriptor->Dacl; if (Dacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE)) - { - Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor); - } + { + Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor); + } Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED); } else if (Token != NULL && Token->DefaultDacl != NULL) @@ -750,22 +750,22 @@ DPRINT("Use explicit SACL!\n"); Sacl = ExplicitDescriptor->Sacl; if (Sacl != NULL && (ExplicitDescriptor->Control & SE_SELF_RELATIVE)) - { - Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ExplicitDescriptor); - } + { + Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ExplicitDescriptor); + }
Control |= SE_SACL_PRESENT; } else if (ParentDescriptor != NULL && - (ParentDescriptor->Control & SE_SACL_PRESENT)) + (ParentDescriptor->Control & SE_SACL_PRESENT)) { DPRINT("Use parent SACL!\n"); /* FIXME: Inherit */ Sacl = ParentDescriptor->Sacl; if (Sacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE)) - { - Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor); - } + { + Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor); + } Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED); }
@@ -777,14 +777,14 @@ OwnerLength + GroupLength + DaclLength + SaclLength;
DPRINT("L: sizeof(SECURITY_DESCRIPTOR) %d OwnerLength %d GroupLength %d DaclLength %d SaclLength %d\n", - sizeof(SECURITY_DESCRIPTOR), - OwnerLength, - GroupLength, - DaclLength, - SaclLength); + sizeof(SECURITY_DESCRIPTOR), + OwnerLength, + GroupLength, + DaclLength, + SaclLength);
Descriptor = ExAllocatePool(PagedPool, - Length); + Length); if (Descriptor == NULL) { DPRINT1("ExAlloctePool() failed\n"); @@ -794,7 +794,7 @@
RtlZeroMemory( Descriptor, Length ); RtlCreateSecurityDescriptor(Descriptor, - SECURITY_DESCRIPTOR_REVISION); + SECURITY_DESCRIPTOR_REVISION);
Descriptor->Control = (USHORT)Control | SE_SELF_RELATIVE;
@@ -803,8 +803,8 @@ if (SaclLength != 0) { RtlCopyMemory((PVOID)Current, - Sacl, - SaclLength); + Sacl, + SaclLength); Descriptor->Sacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor); Current += SaclLength; } @@ -812,8 +812,8 @@ if (DaclLength != 0) { RtlCopyMemory((PVOID)Current, - Dacl, - DaclLength); + Dacl, + DaclLength); Descriptor->Dacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor); Current += DaclLength; } @@ -821,8 +821,8 @@ if (OwnerLength != 0) { RtlCopyMemory((PVOID)Current, - Owner, - OwnerLength); + Owner, + OwnerLength); Descriptor->Owner = (PSID)((ULONG_PTR)Current - (ULONG_PTR)Descriptor); Current += OwnerLength; DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner); @@ -852,7 +852,7 @@
static BOOLEAN SepSidInToken(PACCESS_TOKEN _Token, - PSID Sid) + PSID Sid) { ULONG i; PTOKEN Token = (PTOKEN)_Token; @@ -901,15 +901,15 @@ */ BOOLEAN STDCALL SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, - IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, - IN BOOLEAN SubjectContextLocked, - IN ACCESS_MASK DesiredAccess, - IN ACCESS_MASK PreviouslyGrantedAccess, - OUT PPRIVILEGE_SET* Privileges, - IN PGENERIC_MAPPING GenericMapping, - IN KPROCESSOR_MODE AccessMode, - OUT PACCESS_MASK GrantedAccess, - OUT PNTSTATUS AccessStatus) + IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, + IN BOOLEAN SubjectContextLocked, + IN ACCESS_MASK DesiredAccess, + IN ACCESS_MASK PreviouslyGrantedAccess, + OUT PPRIVILEGE_SET* Privileges, + IN PGENERIC_MAPPING GenericMapping, + IN KPROCESSOR_MODE AccessMode, + OUT PACCESS_MASK GrantedAccess, + OUT PNTSTATUS AccessStatus) { LUID_AND_ATTRIBUTES Privilege; ACCESS_MASK CurrentAccess, AccessMask; @@ -994,19 +994,19 @@
Token = SubjectSecurityContext->ClientToken ? - SubjectSecurityContext->ClientToken : SubjectSecurityContext->PrimaryToken; + SubjectSecurityContext->ClientToken : SubjectSecurityContext->PrimaryToken;
/* Get the DACL */ Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor, - &Present, - &Dacl, - &Defaulted); + &Present, + &Dacl, + &Defaulted); if (!NT_SUCCESS(Status)) { if (SubjectContextLocked == FALSE) - { - SeUnlockSubjectContext(SubjectSecurityContext); - } + { + SeUnlockSubjectContext(SubjectSecurityContext); + }
*AccessStatus = Status; return FALSE; @@ -1016,9 +1016,9 @@ if (Present == TRUE && Dacl == NULL) { if (SubjectContextLocked == FALSE) - { - SeUnlockSubjectContext(SubjectSecurityContext); - } + { + SeUnlockSubjectContext(SubjectSecurityContext); + }
*GrantedAccess = DesiredAccess; *AccessStatus = STATUS_SUCCESS; @@ -1032,36 +1032,36 @@ Privilege.Attributes = SE_PRIVILEGE_ENABLED;
if (SepPrivilegeCheck(Token, - &Privilege, - 1, - PRIVILEGE_SET_ALL_NECESSARY, - AccessMode)) + &Privilege, + 1, + PRIVILEGE_SET_ALL_NECESSARY, + AccessMode)) { CurrentAccess |= WRITE_OWNER; if (DesiredAccess == CurrentAccess) - { - if (SubjectContextLocked == FALSE) - { - SeUnlockSubjectContext(SubjectSecurityContext); - } - - *GrantedAccess = CurrentAccess; - *AccessStatus = STATUS_SUCCESS; - return TRUE; - } + { + if (SubjectContextLocked == FALSE) + { + SeUnlockSubjectContext(SubjectSecurityContext); + } + + *GrantedAccess = CurrentAccess; + *AccessStatus = STATUS_SUCCESS; + return TRUE; + } }
/* RULE 3: Check whether the token is the owner */ Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor, - &Sid, - &Defaulted); + &Sid, + &Defaulted); if (!NT_SUCCESS(Status)) { DPRINT1("RtlGetOwnerSecurityDescriptor() failed (Status %lx)\n", Status); if (SubjectContextLocked == FALSE) - { - SeUnlockSubjectContext(SubjectSecurityContext); - } + { + SeUnlockSubjectContext(SubjectSecurityContext); + }
*AccessStatus = Status; return FALSE; @@ -1071,25 +1071,25 @@ { CurrentAccess |= (READ_CONTROL | WRITE_DAC); if (DesiredAccess == CurrentAccess) - { - if (SubjectContextLocked == FALSE) - { - SeUnlockSubjectContext(SubjectSecurityContext); - } - - *GrantedAccess = CurrentAccess; - *AccessStatus = STATUS_SUCCESS; - return TRUE; - } + { + if (SubjectContextLocked == FALSE) + { + SeUnlockSubjectContext(SubjectSecurityContext); + } + + *GrantedAccess = CurrentAccess; + *AccessStatus = STATUS_SUCCESS; + return TRUE; + } }
/* Fail if DACL is absent */ if (Present == FALSE) { if (SubjectContextLocked == FALSE) - { - SeUnlockSubjectContext(SubjectSecurityContext); - } + { + SeUnlockSubjectContext(SubjectSecurityContext); + }
*GrantedAccess = 0; *AccessStatus = STATUS_ACCESS_DENIED; @@ -1172,13 +1172,13 @@
NTSTATUS STDCALL NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, - IN HANDLE TokenHandle, - IN ACCESS_MASK DesiredAccess, - IN PGENERIC_MAPPING GenericMapping, - OUT PPRIVILEGE_SET PrivilegeSet, - OUT PULONG ReturnLength, - OUT PACCESS_MASK GrantedAccess, - OUT PNTSTATUS AccessStatus) + IN HANDLE TokenHandle, + IN ACCESS_MASK DesiredAccess, + IN PGENERIC_MAPPING GenericMapping, + OUT PPRIVILEGE_SET PrivilegeSet, + OUT PULONG ReturnLength, + OUT PACCESS_MASK GrantedAccess, + OUT PNTSTATUS AccessStatus) { SECURITY_SUBJECT_CONTEXT SubjectSecurityContext = {0}; KPROCESSOR_MODE PreviousMode; @@ -1198,11 +1198,11 @@ }
Status = ObReferenceObjectByHandle(TokenHandle, - TOKEN_QUERY, - SepTokenObjectType, - PreviousMode, - (PVOID*)&Token, - NULL); + TOKEN_QUERY, + SepTokenObjectType, + PreviousMode, + (PVOID*)&Token, + NULL); if (!NT_SUCCESS(Status)) { DPRINT1("Failed to reference token (Status %lx)\n", Status); @@ -1232,15 +1232,15 @@ SeLockSubjectContext(&SubjectSecurityContext);
if (SeAccessCheck(SecurityDescriptor, - &SubjectSecurityContext, - TRUE, - DesiredAccess, - 0, - &PrivilegeSet, - GenericMapping, - PreviousMode, - GrantedAccess, - AccessStatus)) + &SubjectSecurityContext, + TRUE, + DesiredAccess, + 0, + &PrivilegeSet, + GenericMapping, + PreviousMode, + GrantedAccess, + AccessStatus)) { Status = *AccessStatus; }
Modified: trunk/reactos/ntoskrnl/se/token.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=273... ============================================================================== --- trunk/reactos/ntoskrnl/se/token.c (original) +++ trunk/reactos/ntoskrnl/se/token.c Tue Jul 3 02:39:11 2007 @@ -26,9 +26,9 @@ ERESOURCE SepTokenLock;
static GENERIC_MAPPING SepTokenMapping = {TOKEN_READ, - TOKEN_WRITE, - TOKEN_EXECUTE, - TOKEN_ALL_ACCESS}; + TOKEN_WRITE, + TOKEN_EXECUTE, + TOKEN_ALL_ACCESS};
static const INFORMATION_CLASS_INFO SeTokenInformationClass[] = {
@@ -133,7 +133,7 @@
static ULONG RtlLengthSidAndAttributes(ULONG Count, - PSID_AND_ATTRIBUTES Src) + PSID_AND_ATTRIBUTES Src) { ULONG i; ULONG uLength; @@ -151,8 +151,8 @@ NTSTATUS NTAPI SepFindPrimaryGroupAndDefaultOwner(PTOKEN Token, - PSID PrimaryGroup, - PSID DefaultOwner) + PSID PrimaryGroup, + PSID DefaultOwner) { ULONG i;
@@ -167,15 +167,15 @@ for (i = 0; i < Token->UserAndGroupCount; i++) { if (DefaultOwner && - RtlEqualSid(Token->UserAndGroups[i].Sid, DefaultOwner)) - { - Token->DefaultOwnerIndex = i; - } + RtlEqualSid(Token->UserAndGroups[i].Sid, DefaultOwner)) + { + Token->DefaultOwnerIndex = i; + }
if (RtlEqualSid(Token->UserAndGroups[i].Sid, PrimaryGroup)) - { - Token->PrimaryGroup = Token->UserAndGroups[i].Sid; - } + { + Token->PrimaryGroup = Token->UserAndGroups[i].Sid; + } }
if (Token->DefaultOwnerIndex == Token->UserAndGroupCount) @@ -195,12 +195,12 @@ NTSTATUS STDCALL SepDuplicateToken(PTOKEN Token, - POBJECT_ATTRIBUTES ObjectAttributes, - BOOLEAN EffectiveOnly, - TOKEN_TYPE TokenType, - SECURITY_IMPERSONATION_LEVEL Level, - KPROCESSOR_MODE PreviousMode, - PTOKEN* NewAccessToken) + POBJECT_ATTRIBUTES ObjectAttributes, + BOOLEAN EffectiveOnly, + TOKEN_TYPE TokenType, + SECURITY_IMPERSONATION_LEVEL Level, + KPROCESSOR_MODE PreviousMode, + PTOKEN* NewAccessToken) { ULONG uLength; ULONG i; @@ -211,14 +211,14 @@ PAGED_CODE();
Status = ObCreateObject(PreviousMode, - SepTokenObjectType, - ObjectAttributes, - PreviousMode, - NULL, - sizeof(TOKEN), - 0, - 0, - (PVOID*)&AccessToken); + SepTokenObjectType, + ObjectAttributes, + PreviousMode, + NULL, + sizeof(TOKEN), + 0, + 0, + (PVOID*)&AccessToken); if (!NT_SUCCESS(Status)) { DPRINT1("ObCreateObject() failed (Status %lx)\n"); @@ -249,8 +249,8 @@ AccessToken->TokenSource.SourceIdentifier.LowPart = Token->TokenSource.SourceIdentifier.LowPart; AccessToken->TokenSource.SourceIdentifier.HighPart = Token->TokenSource.SourceIdentifier.HighPart; memcpy(AccessToken->TokenSource.SourceName, - Token->TokenSource.SourceName, - sizeof(Token->TokenSource.SourceName)); + Token->TokenSource.SourceName, + sizeof(Token->TokenSource.SourceName)); AccessToken->ExpirationTime.QuadPart = Token->ExpirationTime.QuadPart; AccessToken->UserAndGroupCount = Token->UserAndGroupCount; AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex; @@ -261,24 +261,24 @@
AccessToken->UserAndGroups = (PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, - uLength, - TAG('T', 'O', 'K', 'u')); + uLength, + TAG('T', 'O', 'K', 'u'));
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount, - Token->UserAndGroups, - uLength, - AccessToken->UserAndGroups, - EndMem, - &EndMem, - &uLength); + Token->UserAndGroups, + uLength, + AccessToken->UserAndGroups, + EndMem, + &EndMem, + &uLength); if (NT_SUCCESS(Status)) { Status = SepFindPrimaryGroupAndDefaultOwner( - AccessToken, - Token->PrimaryGroup, - 0); + AccessToken, + Token->PrimaryGroup, + 0); }
if (NT_SUCCESS(Status)) @@ -287,32 +287,32 @@
uLength = AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES); AccessToken->Privileges = - (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, - uLength, - TAG('T', 'O', 'K', 'p')); + (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, + uLength, + TAG('T', 'O', 'K', 'p'));
for (i = 0; i < AccessToken->PrivilegeCount; i++) - { - RtlCopyLuid(&AccessToken->Privileges[i].Luid, - &Token->Privileges[i].Luid); - AccessToken->Privileges[i].Attributes = - Token->Privileges[i].Attributes; - } + { + RtlCopyLuid(&AccessToken->Privileges[i].Luid, + &Token->Privileges[i].Luid); + AccessToken->Privileges[i].Attributes = + Token->Privileges[i].Attributes; + }
if ( Token->DefaultDacl ) - { - AccessToken->DefaultDacl = - (PACL) ExAllocatePoolWithTag(PagedPool, - Token->DefaultDacl->AclSize, - TAG('T', 'O', 'K', 'd')); - memcpy(AccessToken->DefaultDacl, - Token->DefaultDacl, - Token->DefaultDacl->AclSize); - } + { + AccessToken->DefaultDacl = + (PACL) ExAllocatePoolWithTag(PagedPool, + Token->DefaultDacl->AclSize, + TAG('T', 'O', 'K', 'd')); + memcpy(AccessToken->DefaultDacl, + Token->DefaultDacl, + Token->DefaultDacl->AclSize); + } else - { - AccessToken->DefaultDacl = 0; - } + { + AccessToken->DefaultDacl = 0; + } }
if ( NT_SUCCESS(Status) ) @@ -404,20 +404,20 @@ NTSTATUS STDCALL SeAppendPrivileges( - PACCESS_STATE AccessState, - PPRIVILEGE_SET Privileges - ) -{ - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + PACCESS_STATE AccessState, + PPRIVILEGE_SET Privileges + ) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; }
NTSTATUS STDCALL SeCopyClientToken(PACCESS_TOKEN Token, SECURITY_IMPERSONATION_LEVEL Level, - KPROCESSOR_MODE PreviousMode, - PACCESS_TOKEN* NewToken) + KPROCESSOR_MODE PreviousMode, + PACCESS_TOKEN* NewToken) { NTSTATUS Status; OBJECT_ATTRIBUTES ObjectAttributes; @@ -425,17 +425,17 @@ PAGED_CODE();
InitializeObjectAttributes(&ObjectAttributes, - NULL, - 0, - NULL, - NULL); + NULL, + 0, + NULL, + NULL); Status = SepDuplicateToken(Token, - &ObjectAttributes, - FALSE, - TokenImpersonation, - Level, - PreviousMode, - (PTOKEN*)NewToken); + &ObjectAttributes, + FALSE, + TokenImpersonation, + Level, + PreviousMode, + (PTOKEN*)NewToken);
return(Status); } @@ -523,14 +523,14 @@ NTSTATUS STDCALL SeCreateClientSecurityFromSubjectContext( - IN PSECURITY_SUBJECT_CONTEXT SubjectContext, - IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, - IN BOOLEAN ServerIsRemote, - OUT PSECURITY_CLIENT_CONTEXT ClientContext - ) -{ - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + IN PSECURITY_SUBJECT_CONTEXT SubjectContext, + IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, + IN BOOLEAN ServerIsRemote, + OUT PSECURITY_CLIENT_CONTEXT ClientContext + ) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; }
/* @@ -539,16 +539,16 @@ NTSTATUS STDCALL SeFilterToken( - IN PACCESS_TOKEN ExistingToken, - IN ULONG Flags, - IN PTOKEN_GROUPS SidsToDisable OPTIONAL, - IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, - IN PTOKEN_GROUPS RestrictedSids OPTIONAL, - OUT PACCESS_TOKEN * FilteredToken - ) -{ - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + IN PACCESS_TOKEN ExistingToken, + IN ULONG Flags, + IN PTOKEN_GROUPS SidsToDisable OPTIONAL, + IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, + IN PTOKEN_GROUPS RestrictedSids OPTIONAL, + OUT PACCESS_TOKEN * FilteredToken + ) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; }
/* @@ -557,10 +557,10 @@ VOID STDCALL SeFreePrivileges( - IN PPRIVILEGE_SET Privileges - ) -{ - UNIMPLEMENTED; + IN PPRIVILEGE_SET Privileges + ) +{ + UNIMPLEMENTED; }
@@ -570,12 +570,12 @@ NTSTATUS STDCALL SeImpersonateClientEx( - IN PSECURITY_CLIENT_CONTEXT ClientContext, - IN PETHREAD ServerThread OPTIONAL - ) -{ - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + IN PSECURITY_CLIENT_CONTEXT ClientContext, + IN PETHREAD ServerThread OPTIONAL + ) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; }
/* @@ -583,7 +583,7 @@ */ VOID STDCALL SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext, - IN PETHREAD ServerThread OPTIONAL) + IN PETHREAD ServerThread OPTIONAL) { UCHAR b;
@@ -602,10 +602,10 @@ ServerThread = PsGetCurrentThread(); } PsImpersonateClient(ServerThread, - ClientContext->ClientToken, - 1, - b, - ClientContext->SecurityQos.ImpersonationLevel); + ClientContext->ClientToken, + 1, + b, + ClientContext->SecurityQos.ImpersonationLevel); }
@@ -658,10 +658,10 @@ */ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle, - IN TOKEN_INFORMATION_CLASS TokenInformationClass, - OUT PVOID TokenInformation, - IN ULONG TokenInformationLength, - OUT PULONG ReturnLength) + IN TOKEN_INFORMATION_CLASS TokenInformationClass, + OUT PVOID TokenInformation, + IN ULONG TokenInformationLength, + OUT PULONG ReturnLength) { union { @@ -693,11 +693,11 @@ }
Status = ObReferenceObjectByHandle(TokenHandle, - (TokenInformationClass == TokenSource) ? TOKEN_QUERY_SOURCE : TOKEN_QUERY, - SepTokenObjectType, - PreviousMode, - (PVOID*)&Token, - NULL); + (TokenInformationClass == TokenSource) ? TOKEN_QUERY_SOURCE : TOKEN_QUERY, + SepTokenObjectType, + PreviousMode, + (PVOID*)&Token, + NULL); if (NT_SUCCESS(Status)) { switch (TokenInformationClass) @@ -783,7 +783,7 @@ } _SEH_END;
- break; + break; }
case TokenPrivileges: @@ -1114,9 +1114,9 @@ }
case TokenGroupsAndPrivileges: - DPRINT1("NtQueryInformationToken(TokenGroupsAndPrivileges) not implemented\n"); - Status = STATUS_NOT_IMPLEMENTED; - break; + DPRINT1("NtQueryInformationToken(TokenGroupsAndPrivileges) not implemented\n"); + Status = STATUS_NOT_IMPLEMENTED; + break;
case TokenRestrictedSids: { @@ -1160,13 +1160,13 @@ } _SEH_END;
- break; + break; }
case TokenSandBoxInert: - DPRINT1("NtQueryInformationToken(TokenSandboxInert) not implemented\n"); - Status = STATUS_NOT_IMPLEMENTED; - break; + DPRINT1("NtQueryInformationToken(TokenSandboxInert) not implemented\n"); + Status = STATUS_NOT_IMPLEMENTED; + break;
case TokenSessionId: { @@ -1200,9 +1200,9 @@ }
default: - DPRINT1("NtQueryInformationToken(%d) invalid information class\n", TokenInformationClass); - Status = STATUS_INVALID_INFO_CLASS; - break; + DPRINT1("NtQueryInformationToken(%d) invalid information class\n", TokenInformationClass); + Status = STATUS_INVALID_INFO_CLASS; + break; }
ObDereferenceObject(Token); @@ -1217,13 +1217,13 @@ NTSTATUS STDCALL SeQueryInformationToken( - IN PACCESS_TOKEN Token, - IN TOKEN_INFORMATION_CLASS TokenInformationClass, - OUT PVOID *TokenInformation - ) -{ - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + IN PACCESS_TOKEN Token, + IN TOKEN_INFORMATION_CLASS TokenInformationClass, + OUT PVOID *TokenInformation + ) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; }
/* @@ -1232,9 +1232,9 @@ NTSTATUS STDCALL SeQuerySessionIdToken( - IN PACCESS_TOKEN Token, - IN PULONG pSessionId - ) + IN PACCESS_TOKEN Token, + IN PULONG pSessionId + ) { *pSessionId = ((PTOKEN)Token)->SessionId; return STATUS_SUCCESS; @@ -1248,9 +1248,9 @@
NTSTATUS STDCALL NtSetInformationToken(IN HANDLE TokenHandle, - IN TOKEN_INFORMATION_CLASS TokenInformationClass, - OUT PVOID TokenInformation, - IN ULONG TokenInformationLength) + IN TOKEN_INFORMATION_CLASS TokenInformationClass, + OUT PVOID TokenInformation, + IN ULONG TokenInformationLength) { PTOKEN Token; KPROCESSOR_MODE PreviousMode; @@ -1281,11 +1281,11 @@ }
Status = ObReferenceObjectByHandle(TokenHandle, - NeededAccess, - SepTokenObjectType, - PreviousMode, - (PVOID*)&Token, - NULL); + NeededAccess, + SepTokenObjectType, + PreviousMode, + (PVOID*)&Token, + NULL); if (NT_SUCCESS(Status)) { switch (TokenInformationClass) @@ -1539,11 +1539,11 @@ }
Status = ObReferenceObjectByHandle(ExistingTokenHandle, - TOKEN_DUPLICATE, - SepTokenObjectType, - PreviousMode, - (PVOID*)&Token, - NULL); + TOKEN_DUPLICATE, + SepTokenObjectType, + PreviousMode, + (PVOID*)&Token, + NULL); if (NT_SUCCESS(Status)) { Status = SepDuplicateToken(Token, @@ -1551,19 +1551,19 @@ EffectiveOnly, TokenType, (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous), - PreviousMode, - &NewToken); + PreviousMode, + &NewToken);
ObDereferenceObject(Token);
if (NT_SUCCESS(Status)) { Status = ObInsertObject((PVOID)NewToken, - NULL, - DesiredAccess, - 0, - NULL, - &hToken); + NULL, + DesiredAccess, + 0, + NULL, + &hToken);
if (NT_SUCCESS(Status)) { @@ -1590,15 +1590,15 @@
VOID SepAdjustGroups(PACCESS_TOKEN Token, - ULONG a, - BOOLEAN ResetToDefault, - PSID_AND_ATTRIBUTES Groups, - ULONG b, - KPROCESSOR_MODE PreviousMode, - ULONG c, - PULONG d, - PULONG e, - PULONG f) + ULONG a, + BOOLEAN ResetToDefault, + PSID_AND_ATTRIBUTES Groups, + ULONG b, + KPROCESSOR_MODE PreviousMode, + ULONG c, + PULONG d, + PULONG e, + PULONG f) { UNIMPLEMENTED; } @@ -1606,11 +1606,11 @@
NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle, - IN BOOLEAN ResetToDefault, - IN PTOKEN_GROUPS NewState, - IN ULONG BufferLength, - OUT PTOKEN_GROUPS PreviousState OPTIONAL, - OUT PULONG ReturnLength) + IN BOOLEAN ResetToDefault, + IN PTOKEN_GROUPS NewState, + IN ULONG BufferLength, + OUT PTOKEN_GROUPS PreviousState OPTIONAL, + OUT PULONG ReturnLength) { #if 0 NTSTATUS Status; @@ -1622,23 +1622,23 @@ PAGED_CODE();
Status = ObReferenceObjectByHandle(TokenHandle, - ?, - SepTokenObjectType, - UserMode, - (PVOID*)&Token, - NULL); + ?, + SepTokenObjectType, + UserMode, + (PVOID*)&Token, + NULL);
SepAdjustGroups(Token, - 0, - ResetToDefault, - NewState->Groups, - ?, - PreviousState, - 0, - &a, - &b, - &c); + 0, + ResetToDefault, + NewState->Groups, + ?, + PreviousState, + 0, + &a, + &b, + &c); #else UNIMPLEMENTED; return(STATUS_NOT_IMPLEMENTED); @@ -1649,14 +1649,14 @@ #if 0 NTSTATUS SepAdjustPrivileges(PACCESS_TOKEN Token, - ULONG a, - KPROCESSOR_MODE PreviousMode, - ULONG PrivilegeCount, - PLUID_AND_ATTRIBUTES Privileges, - PTOKEN_PRIVILEGES* PreviousState, - PULONG b, - PULONG c, - PULONG d) + ULONG a, + KPROCESSOR_MODE PreviousMode, + ULONG PrivilegeCount, + PLUID_AND_ATTRIBUTES Privileges, + PTOKEN_PRIVILEGES* PreviousState, + PULONG b, + PULONG c, + PULONG d) { ULONG i;
@@ -1665,24 +1665,24 @@ if (Token->PrivilegeCount > 0) { for (i = 0; i < Token->PrivilegeCount; i++) - { - if (PreviousMode != KernelMode) - { - if (Token->Privileges[i]->Attributes & SE_PRIVILEGE_ENABLED == 0) - { - if (a != 0) - { - if (PreviousState != NULL) - { - memcpy(&PreviousState[i], - &Token->Privileges[i], - sizeof(LUID_AND_ATTRIBUTES)); - } - Token->Privileges[i].Attributes &= (~SE_PRIVILEGE_ENABLED); - } - } - } - } + { + if (PreviousMode != KernelMode) + { + if (Token->Privileges[i]->Attributes & SE_PRIVILEGE_ENABLED == 0) + { + if (a != 0) + { + if (PreviousState != NULL) + { + memcpy(&PreviousState[i], + &Token->Privileges[i], + sizeof(LUID_AND_ATTRIBUTES)); + } + Token->Privileges[i].Attributes &= (~SE_PRIVILEGE_ENABLED); + } + } + } + } }
if (PreviousMode != KernelMode) @@ -1692,8 +1692,8 @@ else { if (PrivilegeCount <= ?) - { - } + { + } } if ( } @@ -1705,11 +1705,11 @@ */ NTSTATUS STDCALL NtAdjustPrivilegesToken (IN HANDLE TokenHandle, - IN BOOLEAN DisableAllPrivileges, - IN PTOKEN_PRIVILEGES NewState, - IN ULONG BufferLength, - OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, - OUT PULONG ReturnLength OPTIONAL) + IN BOOLEAN DisableAllPrivileges, + IN PTOKEN_PRIVILEGES NewState, + IN ULONG BufferLength, + OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, + OUT PULONG ReturnLength OPTIONAL) { // PLUID_AND_ATTRIBUTES Privileges; KPROCESSOR_MODE PreviousMode; @@ -1734,41 +1734,41 @@ // PrivilegeCount = NewState->PrivilegeCount; PreviousMode = KeGetPreviousMode (); // SeCaptureLuidAndAttributesArray(NewState->Privileges, -// PrivilegeCount, -// PreviousMode, -// NULL, -// 0, -// NonPagedPool, -// 1, -// &Privileges, -// &Length); +// PrivilegeCount, +// PreviousMode, +// NULL, +// 0, +// NonPagedPool, +// 1, +// &Privileges, +// &Length);
Status = ObReferenceObjectByHandle (TokenHandle, - TOKEN_ADJUST_PRIVILEGES | (PreviousState != NULL ? TOKEN_QUERY : 0), - SepTokenObjectType, - PreviousMode, - (PVOID*)&Token, - NULL); + TOKEN_ADJUST_PRIVILEGES | (PreviousState != NULL ? TOKEN_QUERY : 0), + SepTokenObjectType, + PreviousMode, + (PVOID*)&Token, + NULL); if (!NT_SUCCESS(Status)) { DPRINT1 ("Failed to reference token (Status %lx)\n", Status); // SeReleaseLuidAndAttributesArray(Privileges, -// PreviousMode, -// 0); +// PreviousMode, +// 0); return Status; }
#if 0 SepAdjustPrivileges(Token, - 0, - PreviousMode, - PrivilegeCount, - Privileges, - PreviousState, - &a, - &b, - &c); + 0, + PreviousMode, + PrivilegeCount, + Privileges, + PreviousState, + &a, + &b, + &c); #endif
PrivilegeCount = (BufferLength - FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges)) / @@ -1781,14 +1781,14 @@ if (DisableAllPrivileges == TRUE) { for (i = 0; i < Token->PrivilegeCount; i++) - { - if (Token->Privileges[i].Attributes != 0) - { - DPRINT ("Attributes differ\n"); - - /* Save current privilege */ - if (PreviousState != NULL) - { + { + if (Token->Privileges[i].Attributes != 0) + { + DPRINT ("Attributes differ\n"); + + /* Save current privilege */ + if (PreviousState != NULL) + { if (k < PrivilegeCount) { PreviousState->PrivilegeCount++; @@ -1803,37 +1803,37 @@ */ } k++; - } - - /* Update current privlege */ - Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED; - } - } + } + + /* Update current privlege */ + Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED; + } + } Status = STATUS_SUCCESS; } else { Count = 0; for (i = 0; i < Token->PrivilegeCount; i++) - { - for (j = 0; j < NewState->PrivilegeCount; j++) - { - if (Token->Privileges[i].Luid.LowPart == NewState->Privileges[j].Luid.LowPart && - Token->Privileges[i].Luid.HighPart == NewState->Privileges[j].Luid.HighPart) - { - DPRINT ("Found privilege\n"); - - if ((Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED) != - (NewState->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED)) - { - DPRINT ("Attributes differ\n"); - DPRINT ("Current attributes %lx desired attributes %lx\n", - Token->Privileges[i].Attributes, - NewState->Privileges[j].Attributes); - - /* Save current privilege */ - if (PreviousState != NULL) - { + { + for (j = 0; j < NewState->PrivilegeCount; j++) + { + if (Token->Privileges[i].Luid.LowPart == NewState->Privileges[j].Luid.LowPart && + Token->Privileges[i].Luid.HighPart == NewState->Privileges[j].Luid.HighPart) + { + DPRINT ("Found privilege\n"); + + if ((Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED) != + (NewState->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED)) + { + DPRINT ("Attributes differ\n"); + DPRINT ("Current attributes %lx desired attributes %lx\n", + Token->Privileges[i].Attributes, + NewState->Privileges[j].Attributes); + + /* Save current privilege */ + if (PreviousState != NULL) + { if (k < PrivilegeCount) { PreviousState->PrivilegeCount++; @@ -1848,33 +1848,33 @@ */ } k++; - } - - /* Update current privlege */ - Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED; - Token->Privileges[i].Attributes |= - (NewState->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED); - DPRINT ("New attributes %lx\n", - Token->Privileges[i].Attributes); - } + } + + /* Update current privlege */ + Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED; + Token->Privileges[i].Attributes |= + (NewState->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED); + DPRINT ("New attributes %lx\n", + Token->Privileges[i].Attributes); + } Count++; - } - } - } + } + } + } Status = Count < NewState->PrivilegeCount ? STATUS_NOT_ALL_ASSIGNED : STATUS_SUCCESS; }
if (ReturnLength != NULL) { *ReturnLength = sizeof(TOKEN_PRIVILEGES) + - (sizeof(LUID_AND_ATTRIBUTES) * (k - 1)); + (sizeof(LUID_AND_ATTRIBUTES) * (k - 1)); }
ObDereferenceObject (Token);
// SeReleaseLuidAndAttributesArray(Privileges, -// PreviousMode, -// 0); +// PreviousMode, +// 0);
DPRINT ("NtAdjustPrivilegesToken() done\n");
@@ -1926,14 +1926,14 @@ * Initialize the token */ Status = ObCreateObject(KernelMode, - SepTokenObjectType, - NULL, - KernelMode, - NULL, - sizeof(TOKEN), - 0, - 0, - (PVOID*)&AccessToken); + SepTokenObjectType, + NULL, + KernelMode, + NULL, + sizeof(TOKEN), + 0, + 0, + (PVOID*)&AccessToken); if (!NT_SUCCESS(Status)) { return NULL; @@ -1978,8 +1978,8 @@
AccessToken->UserAndGroups = (PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, - uSize, - TAG('T', 'O', 'K', 'u')); + uSize, + TAG('T', 'O', 'K', 'u')); SidArea = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
i = 0; @@ -2009,9 +2009,9 @@
uSize = AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES); AccessToken->Privileges = - (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, - uSize, - TAG('T', 'O', 'K', 'p')); + (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, + uSize, + TAG('T', 'O', 'K', 'p'));
i = 0; AccessToken->Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED; @@ -2089,8 +2089,8 @@ uSize = (uSize & (~3)) + 8; AccessToken->DefaultDacl = (PACL) ExAllocatePoolWithTag(PagedPool, - uSize, - TAG('T', 'O', 'K', 'd')); + uSize, + TAG('T', 'O', 'K', 'd')); Status = RtlCreateAcl(AccessToken->DefaultDacl, uSize, ACL_REVISION); if ( NT_SUCCESS(Status) ) { @@ -2114,18 +2114,18 @@
NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes, - IN TOKEN_TYPE TokenType, - IN PLUID AuthenticationId, - IN PLARGE_INTEGER ExpirationTime, - IN PTOKEN_USER TokenUser, - IN PTOKEN_GROUPS TokenGroups, - IN PTOKEN_PRIVILEGES TokenPrivileges, - IN PTOKEN_OWNER TokenOwner, - IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, - IN PTOKEN_DEFAULT_DACL TokenDefaultDacl, - IN PTOKEN_SOURCE TokenSource) + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes, + IN TOKEN_TYPE TokenType, + IN PLUID AuthenticationId, + IN PLARGE_INTEGER ExpirationTime, + IN PTOKEN_USER TokenUser, + IN PTOKEN_GROUPS TokenGroups, + IN PTOKEN_PRIVILEGES TokenPrivileges, + IN PTOKEN_OWNER TokenOwner, + IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, + IN PTOKEN_DEFAULT_DACL TokenDefaultDacl, + IN PTOKEN_SOURCE TokenSource) { HANDLE hToken; PTOKEN AccessToken; @@ -2201,14 +2201,14 @@ return(Status);
Status = ObCreateObject(PreviousMode, - SepTokenObjectType, - ObjectAttributes, - PreviousMode, - NULL, - sizeof(TOKEN), - 0, - 0, - (PVOID*)&AccessToken); + SepTokenObjectType, + ObjectAttributes, + PreviousMode, + NULL, + sizeof(TOKEN), + 0, + 0, + (PVOID*)&AccessToken); if (!NT_SUCCESS(Status)) { DPRINT1("ObCreateObject() failed (Status %lx)\n"); @@ -2218,10 +2218,10 @@ AccessToken->TokenLock = &SepTokenLock;
RtlCopyLuid(&AccessToken->TokenSource.SourceIdentifier, - &TokenSource->SourceIdentifier); + &TokenSource->SourceIdentifier); memcpy(AccessToken->TokenSource.SourceName, - TokenSource->SourceName, - sizeof(TokenSource->SourceName)); + TokenSource->SourceName, + sizeof(TokenSource->SourceName));
RtlCopyLuid(&AccessToken->TokenId, &TokenId); RtlCopyLuid(&AccessToken->AuthenticationId, AuthenticationId); @@ -2250,44 +2250,44 @@
AccessToken->UserAndGroups = (PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, - uLength, - TAG('T', 'O', 'K', 'u')); + uLength, + TAG('T', 'O', 'K', 'u'));
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
Status = RtlCopySidAndAttributesArray(1, - &TokenUser->User, - uLength, - AccessToken->UserAndGroups, - EndMem, - &EndMem, - &uLength); + &TokenUser->User, + uLength, + AccessToken->UserAndGroups, + EndMem, + &EndMem, + &uLength); if (NT_SUCCESS(Status)) { Status = RtlCopySidAndAttributesArray(TokenGroups->GroupCount, - TokenGroups->Groups, - uLength, - &AccessToken->UserAndGroups[1], - EndMem, - &EndMem, - &uLength); + TokenGroups->Groups, + uLength, + &AccessToken->UserAndGroups[1], + EndMem, + &EndMem, + &uLength); }
if (NT_SUCCESS(Status)) { Status = SepFindPrimaryGroupAndDefaultOwner( - AccessToken, - TokenPrimaryGroup->PrimaryGroup, - TokenOwner->Owner); + AccessToken, + TokenPrimaryGroup->PrimaryGroup, + TokenOwner->Owner); }
if (NT_SUCCESS(Status)) { uLength = TokenPrivileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES); AccessToken->Privileges = - (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, - uLength, - TAG('T', 'O', 'K', 'p')); + (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, + uLength, + TAG('T', 'O', 'K', 'p'));
if (PreviousMode != KernelMode) { @@ -2314,20 +2314,20 @@ if (NT_SUCCESS(Status)) { AccessToken->DefaultDacl = - (PACL) ExAllocatePoolWithTag(PagedPool, - TokenDefaultDacl->DefaultDacl->AclSize, - TAG('T', 'O', 'K', 'd')); + (PACL) ExAllocatePoolWithTag(PagedPool, + TokenDefaultDacl->DefaultDacl->AclSize, + TAG('T', 'O', 'K', 'd')); memcpy(AccessToken->DefaultDacl, - TokenDefaultDacl->DefaultDacl, - TokenDefaultDacl->DefaultDacl->AclSize); + TokenDefaultDacl->DefaultDacl, + TokenDefaultDacl->DefaultDacl->AclSize); }
Status = ObInsertObject ((PVOID)AccessToken, - NULL, - DesiredAccess, - 0, - NULL, - &hToken); + NULL, + DesiredAccess, + 0, + NULL, + &hToken); if (!NT_SUCCESS(Status)) { DPRINT1("ObInsertObject() failed (Status %lx)\n", Status); @@ -2355,7 +2355,7 @@ */ NTSTATUS STDCALL SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token, - OUT PLUID LogonId) + OUT PLUID LogonId) { PAGED_CODE();
@@ -2396,8 +2396,8 @@ BOOLEAN STDCALL SeTokenIsAdmin( - IN PACCESS_TOKEN Token - ) + IN PACCESS_TOKEN Token + ) { PAGED_CODE(); return (((PTOKEN)Token)->TokenFlags & TOKEN_WRITE_RESTRICTED) != 0; @@ -2409,8 +2409,8 @@ BOOLEAN STDCALL SeTokenIsRestricted( - IN PACCESS_TOKEN Token - ) + IN PACCESS_TOKEN Token + ) { PAGED_CODE(); return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0; @@ -2422,8 +2422,8 @@ BOOLEAN STDCALL SeTokenIsWriteRestricted( - IN PACCESS_TOKEN Token - ) + IN PACCESS_TOKEN Token + ) { PAGED_CODE(); return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_RESTORE_PRIVILEGE) != 0; @@ -2436,11 +2436,11 @@ NTSTATUS STDCALL NtImpersonateAnonymousToken( - IN HANDLE Thread - ) -{ - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + IN HANDLE Thread + ) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; }
-
hpoussin@svn.reactos.org