[ros-diffs] [ion] 22277: - Fixup some comments and add Eric Kohl's name to this file, since he had worked on some of the original calls. - Minor/trivial fixes to some Object Security APIs that were left in the dark: * Use PagedPool instead of NonPagedPool memory, and also tag the allocation for debugging. * Send needed data to the security procedure instead of NULL/0, including the Generic Mapping, and the actual Security Decriptor. * Only un-assign the descriptor in case of failure, not all the time (the whole point of the API is to assign it!) * Tell the caller that memory was NOT allocated if we failed to get the security descriptor.
ion at svn.reactos.org
ion at svn.reactos.org
Thu Jun 8 04:36:13 CEST 2006
- Previous message: [ros-diffs] [ion] 22276: - Split ObpCreateHandle into two distinct operations: Incrementing and Creating (like we have Delete/Decrement). No code additions, just splitting. - Because of the split, we can now directly only do an Increment when duplicating the handle, since we don't need to create a brand new one. Also, when inheriting, we can now properly do an increment as well, instead of simply manually increasing the handle count (because for each inherited handle, access checks and openprocedure should've still been called).
- Next message: [ros-diffs] [ion] 22278: - I just noticed that ObInsertObject never got updated to deal with the improvements in ObFindObject and ACCESS_STATE usage, so made the following fixes: * Create the ACCESS_STATE structure much earlier. * Actually send the access state and parse context to ObFindObject, when called from ObInsertObject (this should fix some hidden regressions, since they finally get an access state with access masks now). * Remove some deprecated hacks. * If inserting the handle failed, cleanup the name and remove it from the directory entry. * Fix a memory leak because we weren't deleting the access state.
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ion
Date: Thu Jun 8 06:36:12 2006
New Revision: 22277
URL: http://svn.reactos.ru/svn/reactos?rev=22277&view=rev
Log:
- Fixup some comments and add Eric Kohl's name to this file, since he had worked on some of the original calls.
- Minor/trivial fixes to some Object Security APIs that were left in the dark:
* Use PagedPool instead of NonPagedPool memory, and also tag the allocation for debugging.
* Send needed data to the security procedure instead of NULL/0, including the Generic Mapping, and the actual Security Decriptor.
* Only un-assign the descriptor in case of failure, not all the time (the whole point of the API is to assign it!)
* Tell the caller that memory was NOT allocated if we failed to get the security descriptor.
Modified:
trunk/reactos/ntoskrnl/ob/security.c
Modified: trunk/reactos/ntoskrnl/ob/security.c
URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/ntoskrnl/ob/security.c?rev=22277&r1=22276&r2=22277&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/ob/security.c (original)
+++ trunk/reactos/ntoskrnl/ob/security.c Thu Jun 8 06:36:12 2006
@@ -4,6 +4,7 @@
* FILE: ntoskrnl/ob/security.c
* PURPOSE: SRM Interface of the Object Manager
* PROGRAMMERS: Alex Ionescu (alex at relsoft.net)
+* Eric Kohl
*/
/* INCLUDES *****************************************************************/
@@ -65,12 +66,15 @@
NewDescriptor,
NULL,
NULL,
- NonPagedPool,
- NULL);
-
- /* Release the new security descriptor */
- SeDeassignSecurity(&NewDescriptor);
-
+ PagedPool,
+ &Type->TypeInfo.GenericMapping);
+ if (!NT_SUCCESS(Status))
+ {
+ /* Release the new security descriptor */
+ SeDeassignSecurity(&NewDescriptor);
+ }
+
+ /* Return to caller */
return Status;
}
@@ -101,61 +105,70 @@
OUT PBOOLEAN MemoryAllocated)
{
POBJECT_HEADER Header;
+ POBJECT_TYPE Type;
ULONG Length;
NTSTATUS Status;
PAGED_CODE();
+ /* Get the object header and type */
Header = OBJECT_TO_OBJECT_HEADER(Object);
- if (Header->Type == NULL) return STATUS_UNSUCCESSFUL;
-
- if (Header->Type->TypeInfo.SecurityProcedure == NULL)
- {
+ Type = Header->Type;
+
+ /* Check if the object uses default security */
+ if (Type->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
+ {
+ /* Reference the descriptor and return it */
ObpReferenceCachedSecurityDescriptor(Header->SecurityDescriptor);
*SecurityDescriptor = Header->SecurityDescriptor;
+
+ /* Tell the caller that we didn't have to allocate anything */
*MemoryAllocated = FALSE;
return STATUS_SUCCESS;
}
/* Get the security descriptor size */
Length = 0;
- Status = Header->Type->TypeInfo.SecurityProcedure(Object,
- QuerySecurityDescriptor,
- OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION |
- SACL_SECURITY_INFORMATION,
- NULL,
- &Length,
- NULL,
- NonPagedPool,
- NULL);
+ Status = Type->TypeInfo.SecurityProcedure(Object,
+ QuerySecurityDescriptor,
+ OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION |
+ SACL_SECURITY_INFORMATION,
+ NULL,
+ &Length,
+ &Header->SecurityDescriptor,
+ PagedPool,
+ &Type->TypeInfo.GenericMapping);
if (Status != STATUS_BUFFER_TOO_SMALL) return Status;
/* Allocate security descriptor */
- *SecurityDescriptor = ExAllocatePool(NonPagedPool, Length);
- if (*SecurityDescriptor == NULL) return STATUS_INSUFFICIENT_RESOURCES;
+ *SecurityDescriptor = ExAllocatePoolWithTag(PagedPool,
+ Length,
+ TAG('O', 'b', 'S', 'q'));
+ if (!(*SecurityDescriptor)) return STATUS_INSUFFICIENT_RESOURCES;
/* Query security descriptor */
- Status = Header->Type->TypeInfo.SecurityProcedure(Object,
- QuerySecurityDescriptor,
- OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION |
- SACL_SECURITY_INFORMATION,
- *SecurityDescriptor,
- &Length,
- NULL,
- NonPagedPool,
- NULL);
+ *MemoryAllocated = TRUE;
+ Status = Type->TypeInfo.SecurityProcedure(Object,
+ QuerySecurityDescriptor,
+ OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION |
+ SACL_SECURITY_INFORMATION,
+ *SecurityDescriptor,
+ &Length,
+ &Header->SecurityDescriptor,
+ PagedPool,
+ &Type->TypeInfo.GenericMapping);
if (!NT_SUCCESS(Status))
{
+ /* Free the descriptor and tell the caller we failed */
ExFreePool(*SecurityDescriptor);
- return Status;
- }
-
- *MemoryAllocated = TRUE;
-
- return STATUS_SUCCESS;
+ *MemoryAllocated = FALSE;
+ }
+
+ /* Return status */
+ return Status;
}
/*++
@@ -182,14 +195,18 @@
{
PAGED_CODE();
- if (SecurityDescriptor == NULL) return;
-
+ /* Nothing to do in this case */
+ if (!SecurityDescriptor) return;
+
+ /* Check if we had allocated it from memory */
if (MemoryAllocated)
{
+ /* Free it */
ExFreePool(SecurityDescriptor);
}
else
{
+ /* Otherwise this means we used an internal descriptor */
ObpDereferenceCachedSecurityDescriptor(SecurityDescriptor);
}
}
- Previous message: [ros-diffs] [ion] 22276: - Split ObpCreateHandle into two distinct operations: Incrementing and Creating (like we have Delete/Decrement). No code additions, just splitting. - Because of the split, we can now directly only do an Increment when duplicating the handle, since we don't need to create a brand new one. Also, when inheriting, we can now properly do an increment as well, instead of simply manually increasing the handle count (because for each inherited handle, access checks and openprocedure should've still been called).
- Next message: [ros-diffs] [ion] 22278: - I just noticed that ObInsertObject never got updated to deal with the improvements in ObFindObject and ACCESS_STATE usage, so made the following fixes: * Create the ACCESS_STATE structure much earlier. * Actually send the access state and parse context to ObFindObject, when called from ObInsertObject (this should fix some hidden regressions, since they finally get an access state with access masks now). * Remove some deprecated hacks. * If inserting the handle failed, cleanup the name and remove it from the directory entry. * Fix a memory leak because we weren't deleting the access state.
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Ros-diffs
mailing list