[weiden] 13235: 1. fixed prototypes of NtSetSystemTime and NtQuerySystemTime and made them handle passed buffers securely - Ros-diffs

23 Jan 2005

1. fixed prototypes of NtSetSystemTime and NtQuerySystemTime and made
them handle passed buffers securely
2. check for the SeSystemtimePrivilege privilege in NtSetSystemTime()
3. write debug messages when privileges are missing
Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c
Modified: trunk/reactos/ntoskrnl/ex/profile.c
Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c
Modified: trunk/reactos/ntoskrnl/ex/time.c
Modified: trunk/reactos/ntoskrnl/ob/symlink.c
Modified: trunk/reactos/ntoskrnl/ps/process.c
  _____
Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c

--- trunk/reactos/ntoskrnl/cm/ntfunc.c	2005-01-23 22:42:31 UTC (rev
13234)
+++ trunk/reactos/ntoskrnl/cm/ntfunc.c	2005-01-23 23:02:19 UTC (rev
13235)
@@ -1638,7 +1638,7 @@
KeyCell->Flags |= REG_KEY_LINK_CELL;
     }
-  NtQuerySystemTime (&KeyCell->LastWriteTime);
+  ZwQuerySystemTime (&KeyCell->LastWriteTime);
   CmiMarkBlockDirty (RegistryHive, KeyObject->KeyCellOffset);
ExReleaseResourceLite(&CmiRegistryLock);
@@ -1683,7 +1683,7 @@
    			 KeyObject->KeyCellOffset,
    			 ValueName);
-  NtQuerySystemTime (&KeyObject->KeyCell->LastWriteTime);
+  ZwQuerySystemTime (&KeyObject->KeyCell->LastWriteTime);
   CmiMarkBlockDirty (KeyObject->RegistryHive,
KeyObject->KeyCellOffset);
/* Release hive lock */
  _____
Modified: trunk/reactos/ntoskrnl/ex/profile.c
--- trunk/reactos/ntoskrnl/ex/profile.c	2005-01-23 22:42:31 UTC (rev
13234)
+++ trunk/reactos/ntoskrnl/ex/profile.c	2005-01-23 23:02:19 UTC (rev
13235)
@@ -178,6 +178,7 @@
if(!SeSinglePrivilegeCheck(SeSystemProfilePrivilege,
                                  PreviousMode))
       {
+        DPRINT1("NtCreateProfile: Caller requires the
SeSystemProfilePrivilege privilege!\n");
         return STATUS_PRIVILEGE_NOT_HELD;
       }
     }
  _____
Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c
--- trunk/reactos/ntoskrnl/ex/sysinfo.c	2005-01-23 22:42:31 UTC (rev
13234)
+++ trunk/reactos/ntoskrnl/ex/sysinfo.c	2005-01-23 23:02:19 UTC (rev
13235)
@@ -154,6 +154,7 @@
RtlReleaseCapturedUnicodeString(&WName,
                                      PreviousMode,
                                      FALSE);
+      DPRINT1("NtQuerySystemEnvironmentValue: Caller requires the
SeSystemEnvironmentPrivilege privilege!\n");
       return STATUS_PRIVILEGE_NOT_HELD;
     }
@@ -295,6 +296,7 @@
       }
       else
       {
+        DPRINT1("NtSetSystemEnvironmentValue: Caller requires the
SeSystemEnvironmentPrivilege privilege!\n");
         Status = STATUS_PRIVILEGE_NOT_HELD;
       }
_____
Modified: trunk/reactos/ntoskrnl/ex/time.c
--- trunk/reactos/ntoskrnl/ex/time.c	2005-01-23 22:42:31 UTC (rev
13234)
+++ trunk/reactos/ntoskrnl/ex/time.c	2005-01-23 23:02:19 UTC (rev
13235)
@@ -142,28 +142,57 @@
* RETURNS: Status
  */
 NTSTATUS STDCALL
-NtSetSystemTime(IN PLARGE_INTEGER UnsafeNewSystemTime,
-		OUT PLARGE_INTEGER UnsafeOldSystemTime OPTIONAL)
+NtSetSystemTime(IN PLARGE_INTEGER SystemTime,
+		OUT PLARGE_INTEGER PreviousTime OPTIONAL)
 {
   LARGE_INTEGER OldSystemTime;
   LARGE_INTEGER NewSystemTime;
   LARGE_INTEGER LocalTime;
   TIME_FIELDS TimeFields;
-  NTSTATUS Status;
-
-  /* FIXME: Check for SeSystemTimePrivilege */
-
-  Status = MmCopyFromCaller(&NewSystemTime, UnsafeNewSystemTime,
-			    sizeof(NewSystemTime));
-  if (!NT_SUCCESS(Status))
+  KPROCESSOR_MODE PreviousMode;
+  NTSTATUS Status = STATUS_SUCCESS;
+  
+  PreviousMode = ExGetPreviousMode();
+  
+  if(PreviousMode != KernelMode)
+  {
+    _SEH_TRY
     {
+      ProbeForRead(SystemTime,
+                   sizeof(LARGE_INTEGER),
+                   sizeof(ULONG));
+      NewSystemTime = *SystemTime;
+      if(PreviousTime != NULL)
+      {
+        ProbeForWrite(PreviousTime,
+                      sizeof(LARGE_INTEGER),
+                      sizeof(ULONG));
+      }
+    }
+    _SEH_HANDLE
+    {
+      Status = _SEH_GetExceptionCode();
+    }
+    _SEH_END;
+    
+    if(!NT_SUCCESS(Status))
+    {
       return Status;
     }
+  }
+  
+  if(!SeSinglePrivilegeCheck(SeSystemtimePrivilege,
+                             PreviousMode))
+  {
+    DPRINT1("NtSetSystemTime: Caller requires the SeSystemtimePrivilege
privilege!\n");
+    return STATUS_PRIVILEGE_NOT_HELD;
+  }
+  
+  if(PreviousTime != NULL)
+  {
+    KeQuerySystemTime(&OldSystemTime);
+  }
-  if (UnsafeOldSystemTime != NULL)
-    {
-      KeQuerySystemTime(&OldSystemTime);
-    }
   ExSystemTimeToLocalTime(&NewSystemTime,
    		  &LocalTime);
   RtlTimeToTimeFields(&LocalTime,
@@ -173,15 +202,18 @@
   /* Set system time */
   KiSetSystemTime(&NewSystemTime);
-  if (UnsafeOldSystemTime != NULL)
+  if(PreviousTime != NULL)
+  {
+    _SEH_TRY
     {
-      Status = MmCopyToCaller(UnsafeOldSystemTime, &OldSystemTime,
-			      sizeof(OldSystemTime));
-      if (!NT_SUCCESS(Status))
-	{
-          return Status;
-	}
+      *PreviousTime = OldSystemTime;
     }
+    _SEH_HANDLE
+    {
+      Status = _SEH_GetExceptionCode();
+    }
+    _SEH_END;
+  }
return STATUS_SUCCESS;
 }
@@ -194,19 +226,38 @@
  *          time of day in the standard time format.
  */
 NTSTATUS STDCALL
-NtQuerySystemTime(OUT PLARGE_INTEGER UnsafeCurrentTime)
+NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
 {
-  LARGE_INTEGER CurrentTime;
-  NTSTATUS Status;
+  KPROCESSOR_MODE PreviousMode;
+  NTSTATUS Status = STATUS_SUCCESS;
-  KeQuerySystemTime(&CurrentTime);
-  Status = MmCopyToCaller(UnsafeCurrentTime, &CurrentTime,
-			  sizeof(CurrentTime));
-  if (!NT_SUCCESS(Status))
+  PreviousMode = ExGetPreviousMode();
+
+  if(PreviousMode != KernelMode)
+  {
+    _SEH_TRY
     {
-      return(Status);
+      ProbeForRead(SystemTime,
+                   sizeof(LARGE_INTEGER),
+                   sizeof(ULONG));
+
+      /* it's safe to pass the pointer directly to KeQuerySystemTime as
it's just
+         a basic copy to these pointer, if it raises an exception
nothing dangerous
+         can happen! */
+      KeQuerySystemTime(SystemTime);
     }
-  return STATUS_SUCCESS;
+    _SEH_HANDLE
+    {
+      Status = _SEH_GetExceptionCode();
+    }
+    _SEH_END;
+  }
+  else
+  {
+    KeQuerySystemTime(SystemTime);
+  }
+  
+  return Status;
 }
_____
Modified: trunk/reactos/ntoskrnl/ob/symlink.c
--- trunk/reactos/ntoskrnl/ob/symlink.c	2005-01-23 22:42:31 UTC (rev
13234)
+++ trunk/reactos/ntoskrnl/ob/symlink.c	2005-01-23 23:02:19 UTC (rev
13235)
@@ -256,7 +256,7 @@
DPRINT("DeviceName %S\n", SymbolicLink->TargetName.Buffer);
-  NtQuerySystemTime (&SymbolicLink->CreateTime);
+  ZwQuerySystemTime (&SymbolicLink->CreateTime);
DPRINT("%s() = STATUS_SUCCESS\n",__FUNCTION__);
   ObDereferenceObject(SymbolicLink);
  _____
Modified: trunk/reactos/ntoskrnl/ps/process.c
--- trunk/reactos/ntoskrnl/ps/process.c	2005-01-23 22:42:31 UTC (rev
13234)
+++ trunk/reactos/ntoskrnl/ps/process.c	2005-01-23 23:02:19 UTC (rev
13235)
@@ -1932,6 +1932,7 @@
if(!SeSinglePrivilegeCheck(SeTcbPrivilege,
                                        PreviousMode))
             {
+              DPRINT1("NtSetInformationProcess: Caller requires the
SeTcbPrivilege privilege for setting ProcessSessionInformation!\n");
               /* can't set the session id, bail! */
               Status = STATUS_PRIVILEGE_NOT_HELD;
               break;

    