Author: tfaber Date: Sun Feb 15 17:57:34 2015 New Revision: 66300 URL: http://svn.reactos.org/svn/reactos?rev=66300&view=rev Log: [TDILIB][IPHLPAPI][WSHTCPIP] - Request only the access rights that are actually required in openTcpFile. Fixes many should-be access denied errors originating from netshell. While this doesn't fix the root cause of CORE-9172, it is a required step if we ever want netshell to work for non-Admin users. CORE-9172 Modified: trunk/reactos/dll/win32/iphlpapi/address.c trunk/reactos/dll/win32/iphlpapi/ifenum_reactos.c trunk/reactos/dll/win32/iphlpapi/iphlpapi_main.c trunk/reactos/dll/win32/iphlpapi/ipstats_reactos.c trunk/reactos/dll/win32/iphlpapi/route_reactos.c trunk/reactos/dll/win32/wshtcpip/wshtcpip.c trunk/reactos/lib/tdilib/enum.c trunk/reactos/lib/tdilib/handle.c trunk/reactos/lib/tdilib/tdilib.h Modified: trunk/reactos/dll/win32/iphlpapi/address.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/iphlpapi/address… ============================================================================== --- trunk/reactos/dll/win32/iphlpapi/address.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/iphlpapi/address.c [iso-8859-1] Sun Feb 15 17:57:34 2015 @@ -306,7 +306,7 @@ ZeroMemory(Ptr, RemainingSize); /* open the tcpip driver */ - Status = openTcpFile(&TcpFile); + Status = openTcpFile(&TcpFile, FILE_READ_DATA); if (!NT_SUCCESS(Status)) { ERR("Could not open handle to tcpip.sys. Status %08x\n", Status); Modified: trunk/reactos/dll/win32/iphlpapi/ifenum_reactos.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/iphlpapi/ifenum_… ============================================================================== --- trunk/reactos/dll/win32/iphlpapi/ifenum_reactos.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/iphlpapi/ifenum_reactos.c [iso-8859-1] Sun Feb 15 17:57:34 2015 @@ -225,7 +225,7 @@ NTSTATUS status; int i; - status = openTcpFile( &tcpFile ); + status = openTcpFile( &tcpFile, FILE_READ_DATA ); if( !NT_SUCCESS(status) ) { WARN("getNumInterfaces: failed %08x\n", status ); @@ -350,7 +350,7 @@ IFInfo ifInfo; HANDLE tcpFile; char *interfaceName = 0, *adapter_name = 0; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA ); if( NT_SUCCESS(status) ) { status = getInterfaceInfoByIndex( tcpFile, index, &ifInfo ); @@ -379,7 +379,7 @@ { IFInfo ifInfo; HANDLE tcpFile; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA ); if( NT_SUCCESS(status) ) { status = getInterfaceInfoByName( tcpFile, (char *)name, &ifInfo ); @@ -400,7 +400,7 @@ IFInfo *ifInfo; InterfaceIndexTable *ret = 0; HANDLE tcpFile; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA ); if( NT_SUCCESS(status) ) { status = getInterfaceInfoSet( tcpFile, &ifInfo, &numInterfaces ); @@ -476,7 +476,7 @@ NTSTATUS status = STATUS_SUCCESS; DWORD addrOut = INADDR_ANY; - status = openTcpFile( &tcpFile ); + status = openTcpFile( &tcpFile, FILE_READ_DATA ); if( NT_SUCCESS(status) ) { status = getIPAddrEntryForIf( tcpFile, name, index, &ifInfo ); @@ -527,7 +527,7 @@ { HANDLE tcpFile; IFInfo info; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA ); if( NT_SUCCESS(status) ) { status = getInterfaceInfoByName( tcpFile, (char *)name, &info ); @@ -544,7 +544,7 @@ { HANDLE tcpFile; IFInfo info; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA ); if( NT_SUCCESS(status) ) { status = getInterfaceInfoByIndex( tcpFile, index, &info ); @@ -581,7 +581,7 @@ { HANDLE tcpFile; IFInfo info; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA ); TRACE("Called.\n"); @@ -606,7 +606,7 @@ { HANDLE tcpFile; IFInfo info; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA ); TRACE("Called.\n"); @@ -641,7 +641,7 @@ PULONG NteContext, PULONG NteInstance ) { HANDLE tcpFile; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA | FILE_WRITE_DATA ); IP_SET_DATA Data; IO_STATUS_BLOCK Iosb; @@ -682,7 +682,7 @@ NTSTATUS deleteIpAddress( ULONG NteContext ) { HANDLE tcpFile; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA | FILE_WRITE_DATA ); IO_STATUS_BLOCK Iosb; TRACE("Called.\n"); Modified: trunk/reactos/dll/win32/iphlpapi/iphlpapi_main.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/iphlpapi/iphlpap… ============================================================================== --- trunk/reactos/dll/win32/iphlpapi/iphlpapi_main.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/iphlpapi/iphlpapi_main.c [iso-8859-1] Sun Feb 15 17:57:34 2015 @@ -2145,7 +2145,7 @@ if (!pArpEntry) return ERROR_INVALID_PARAMETER; - if (!NT_SUCCESS(openTcpFile( &tcpFile ))) + if (!NT_SUCCESS(openTcpFile( &tcpFile, FILE_READ_DATA | FILE_WRITE_DATA ))) return ERROR_NOT_SUPPORTED; if (!NT_SUCCESS(getNthIpEntity( tcpFile, pArpEntry->dwIndex, &id ))) @@ -2312,7 +2312,7 @@ if (!indexTable) return ERROR_NOT_ENOUGH_MEMORY; - ret = openTcpFile(&tcpFile); + ret = openTcpFile(&tcpFile, FILE_READ_DATA); if (!NT_SUCCESS(ret)) return ERROR_NO_DATA; Modified: trunk/reactos/dll/win32/iphlpapi/ipstats_reactos.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/iphlpapi/ipstats… ============================================================================== --- trunk/reactos/dll/win32/iphlpapi/ipstats_reactos.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/iphlpapi/ipstats_reactos.c [iso-8859-1] Sun Feb 15 17:57:34 2015 @@ -366,7 +366,7 @@ TRACE("called.\n"); - status = openTcpFile( &tcpFile ); + status = openTcpFile( &tcpFile, FILE_READ_DATA ); if( !NT_SUCCESS(status) ) { TRACE("failure: %08x\n", (int)status ); @@ -421,7 +421,7 @@ DWORD numRoutes = getNumRoutes(), routesAdded = 0; TDIEntityID ent; HANDLE tcpFile; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA ); int i; if( !NT_SUCCESS(status) ) @@ -498,7 +498,7 @@ TRACE("called.\n"); - status = openTcpFile( &tcpFile ); + status = openTcpFile( &tcpFile, FILE_READ_DATA ); if( !NT_SUCCESS(status) ) { TRACE("failure: %08x\n", (int)status ); @@ -550,7 +550,7 @@ totalNumber = getNumArpEntries(); - status = openTcpFile( &tcpFile ); + status = openTcpFile( &tcpFile, FILE_READ_DATA ); if( !NT_SUCCESS(status) ) { TRACE("failure: %08x\n", (int)status ); Modified: trunk/reactos/dll/win32/iphlpapi/route_reactos.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/iphlpapi/route_r… ============================================================================== --- trunk/reactos/dll/win32/iphlpapi/route_reactos.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/iphlpapi/route_reactos.c [iso-8859-1] Sun Feb 15 17:57:34 2015 @@ -31,7 +31,7 @@ DWORD createIpForwardEntry( PMIB_IPFORWARDROW pRoute ) { HANDLE tcpFile; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA | FILE_WRITE_DATA ); TCP_REQUEST_SET_INFORMATION_EX_ROUTE_ENTRY req = TCP_REQUEST_SET_INFORMATION_INIT; IPRouteEntry *rte; @@ -96,7 +96,7 @@ DWORD deleteIpForwardEntry( PMIB_IPFORWARDROW pRoute ) { HANDLE tcpFile; - NTSTATUS status = openTcpFile( &tcpFile ); + NTSTATUS status = openTcpFile( &tcpFile, FILE_READ_DATA | FILE_WRITE_DATA ); TCP_REQUEST_SET_INFORMATION_EX_ROUTE_ENTRY req = TCP_REQUEST_SET_INFORMATION_INIT; IPRouteEntry *rte; Modified: trunk/reactos/dll/win32/wshtcpip/wshtcpip.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wshtcpip/wshtcpi… ============================================================================== --- trunk/reactos/dll/win32/wshtcpip/wshtcpip.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/wshtcpip/wshtcpip.c [iso-8859-1] Sun Feb 15 17:57:34 2015 @@ -391,7 +391,7 @@ HANDLE TcpCC; DWORD BytesReturned; - if (openTcpFile(&TcpCC) != STATUS_SUCCESS) + if (openTcpFile(&TcpCC, FILE_READ_DATA | FILE_WRITE_DATA) != STATUS_SUCCESS) return WSAEINVAL; Status = DeviceIoControl(TcpCC, @@ -449,7 +449,7 @@ case WSH_NOTIFY_BIND: DPRINT("WSHNotify: WSH_NOTIFY_BIND\n"); - Status = openTcpFile(&TcpCC); + Status = openTcpFile(&TcpCC, FILE_READ_DATA); if (Status != STATUS_SUCCESS) return WSAEINVAL; Modified: trunk/reactos/lib/tdilib/enum.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/tdilib/enum.c?rev=6630… ============================================================================== --- trunk/reactos/lib/tdilib/enum.c [iso-8859-1] (original) +++ trunk/reactos/lib/tdilib/enum.c [iso-8859-1] Sun Feb 15 17:57:34 2015 @@ -26,7 +26,7 @@ DWORD toiType, DWORD toiId, DWORD teiEntity, - DWORD teiInstance, + DWORD teiInstance, DWORD fixedPart, DWORD entrySize, PVOID *tdiEntitySet, @@ -113,7 +113,7 @@ INFO_TYPE_PROVIDER, ENTITY_LIST_ID, GENERIC_ENTITY, - 0, + 0, 0, sizeof(TDIEntityID), (PVOID *)entitySet, Modified: trunk/reactos/lib/tdilib/handle.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/tdilib/handle.c?rev=66… ============================================================================== --- trunk/reactos/lib/tdilib/handle.c [iso-8859-1] (original) +++ trunk/reactos/lib/tdilib/handle.c [iso-8859-1] Sun Feb 15 17:57:34 2015 @@ -9,7 +9,7 @@ const PWCHAR TcpFileName = L"\\Device\\Tcp"; -NTSTATUS openTcpFile(PHANDLE tcpFile) +NTSTATUS openTcpFile(PHANDLE tcpFile, ACCESS_MASK DesiredAccess) { UNICODE_STRING fileName; OBJECT_ATTRIBUTES objectAttributes; @@ -24,18 +24,12 @@ NULL, NULL ); - status = ZwCreateFile( tcpFile, - SYNCHRONIZE | GENERIC_EXECUTE | - GENERIC_READ | GENERIC_WRITE, - &objectAttributes, - &ioStatusBlock, - NULL, - FILE_ATTRIBUTE_NORMAL, - FILE_SHARE_READ | FILE_SHARE_WRITE, - FILE_OPEN_IF, - FILE_SYNCHRONOUS_IO_NONALERT, - 0, - 0 ); + status = NtOpenFile( tcpFile, + DesiredAccess | SYNCHRONIZE, + &objectAttributes, + &ioStatusBlock, + FILE_SHARE_READ | FILE_SHARE_WRITE, + FILE_SYNCHRONOUS_IO_NONALERT); /* String does not need to be freed: it points to the constant * string we provided */ Modified: trunk/reactos/lib/tdilib/tdilib.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/tdilib/tdilib.h?rev=66… ============================================================================== --- trunk/reactos/lib/tdilib/tdilib.h [iso-8859-1] (original) +++ trunk/reactos/lib/tdilib/tdilib.h [iso-8859-1] Sun Feb 15 17:57:34 2015 @@ -7,7 +7,7 @@ #pragma once -NTSTATUS openTcpFile(PHANDLE tcpFile); +NTSTATUS openTcpFile(PHANDLE tcpFile, ACCESS_MASK DesiredAccess); VOID closeTcpFile(HANDLE tcpFile); NTSTATUS tdiGetEntityIDSet( HANDLE tcpFile, TDIEntityID **entitySet, PDWORD numEntities );