[hbelusca] 60301: [NTOS] - Fix disabling impersonation in PsDisableImpersonation, and - Fix how we do restore impersonation in NtOpenThreadTokenEx. Patch by Thomas Faber, CORE-7476 #comment Patch c... - Ros-diffs

22 Sep 2013

Author: hbelusca
Date: Sun Sep 22 00:26:31 2013
New Revision: 60301

URL: http://svn.reactos.org/svn/reactos?rev=60301&view=rev
Log:
[NTOS]
- Fix disabling impersonation in PsDisableImpersonation, and
- Fix how we do restore impersonation in NtOpenThreadTokenEx.
Patch by Thomas Faber,
CORE-7476 #comment Patch committed in revision 60301, thanks :). Please retest the bug.

Modified:
    trunk/reactos/ntoskrnl/ps/security.c
    trunk/reactos/ntoskrnl/se/token.c

Modified: trunk/reactos/ntoskrnl/ps/security.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ps/security.c?rev…
==============================================================================

--- trunk/reactos/ntoskrnl/ps/security.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ps/security.c	[iso-8859-1] Sun Sep 22 00:26:31 2013
@@ -820,10 +820,10 @@
 BOOLEAN
 NTAPI
 PsDisableImpersonation(IN PETHREAD Thread,
-                       IN PSE_IMPERSONATION_STATE ImpersonationState)
+                       OUT PSE_IMPERSONATION_STATE ImpersonationState)
 {
     PPS_IMPERSONATION_INFORMATION Impersonation = NULL;
-    LONG NewValue, OldValue;
+    LONG OldFlags;
     PAGED_CODE();
     PSTRACE(PS_SECURITY_DEBUG,
             "Thread: %p State: %p\n", Thread, ImpersonationState);
@@ -835,19 +835,11 @@
         PspLockThreadSecurityExclusive(Thread);
 
         /* Disable impersonation */
-        OldValue = Thread->CrossThreadFlags;
-        do
-        {
-            /* Attempt to change the flag */
-            NewValue =
-                InterlockedCompareExchange((PLONG)&Thread->CrossThreadFlags,
-                                           OldValue &~
-                                           CT_ACTIVE_IMPERSONATION_INFO_BIT,
-                                           OldValue);
-        } while (NewValue != OldValue);
+        OldFlags = PspClearCrossThreadFlag(Thread,
+                                           CT_ACTIVE_IMPERSONATION_INFO_BIT);
 
         /* Make sure nobody disabled it behind our back */
-        if (NewValue & CT_ACTIVE_IMPERSONATION_INFO_BIT)
+        if (OldFlags & CT_ACTIVE_IMPERSONATION_INFO_BIT)
         {
             /* Copy the old state */
             Impersonation = Thread->ImpersonationInfo;

Modified: trunk/reactos/ntoskrnl/se/token.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=60…
==============================================================================
--- trunk/reactos/ntoskrnl/se/token.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/token.c	[iso-8859-1] Sun Sep 22 00:26:31 2013
@@ -1065,7 +1065,7 @@
     PTOKEN Token;
     ULONG RequiredLength;
     KPROCESSOR_MODE PreviousMode;
-    NTSTATUS Status = STATUS_SUCCESS;
+    NTSTATUS Status;
 
     PAGED_CODE();
 
@@ -2429,6 +2429,7 @@
     PACL Dacl = NULL;
     KPROCESSOR_MODE PreviousMode;
     NTSTATUS Status;
+    BOOLEAN RestoreImpersonation = FALSE;
 
     PAGED_CODE();
 
@@ -2482,7 +2483,8 @@
 
     if (OpenAsSelf)
     {
-        PsDisableImpersonation(PsGetCurrentThread(), &ImpersonationState);
+        RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(),
+                                                      &ImpersonationState);
     }
 
     if (CopyOnOpen)
@@ -2533,7 +2535,7 @@
 
     if (Dacl) ExFreePoolWithTag(Dacl, TAG_TOKEN_ACL);
 
-    if (OpenAsSelf)
+    if (RestoreImpersonation)
     {
         PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState);
     }



    