[ros-diffs] [ion] 25396: - Complete the hack that's already in SeAccessCheck to also return STATUS_SUCCESS if we return TRUE always. Otherwise, code might weirdly fail. - Save parent directory during lookups and check if the caller has the right to traverse it, if we ever need to. - Optimize the configuration of the lookup context so that it's only done when necessary, add stub calls to lock the directory.

ion at svn.reactos.org ion at svn.reactos.org
Tue Jan 9 10:30:43 CET 2007


Author: ion
Date: Tue Jan  9 12:30:43 2007
New Revision: 25396

URL: http://svn.reactos.org/svn/reactos?rev=25396&view=rev
Log:
- Complete the hack that's already in SeAccessCheck to also return STATUS_SUCCESS if we return TRUE always. Otherwise, code might weirdly fail.
- Save parent directory during lookups and check if the caller has the right to traverse it, if we ever need to.
- Optimize the configuration of the lookup context so that it's only done when necessary, add stub calls to lock the directory.

Modified:
    trunk/reactos/ntoskrnl/ob/obname.c
    trunk/reactos/ntoskrnl/ob/obref.c
    trunk/reactos/ntoskrnl/se/semgr.c

Modified: trunk/reactos/ntoskrnl/ob/obname.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ob/obname.c?rev=25396&r1=25395&r2=25396&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/ob/obname.c (original)
+++ trunk/reactos/ntoskrnl/ob/obname.c Tue Jan  9 12:30:43 2007
@@ -293,7 +293,7 @@
                     OUT PVOID *FoundObject)
 {
     PVOID RootDirectory;
-    PVOID Directory = NULL;
+    PVOID Directory = NULL, ParentDirectory = NULL;
     PVOID Object;
     POBJECT_HEADER ObjectHeader;
     NTSTATUS Status;
@@ -523,20 +523,58 @@
         }
 
         /* Get its size and make sure it's valid */
-        if (!(ComponentName.Length -= RemainingName.Length))
-        {
+        ComponentName.Length -= RemainingName.Length;
+        if (!ComponentName.Length)
+        {
+            /* Invalid size, fail */
             Status = STATUS_OBJECT_NAME_INVALID;
             break;
         }
 
-        /* Do the look up */
-        LookupContext->DirectoryLocked = TRUE;
-        LookupContext->Directory = Directory;
+        /* Check if this is a user-mode call that needs to traverse */
+        if ((AccessCheckMode != KernelMode) &&
+            !(AccessState->Flags & TOKEN_HAS_TRAVERSE_PRIVILEGE))
+        {
+            /* Check if we have a parent directory */
+            if (ParentDirectory)
+            {
+                /* Check for traverse access */
+                if (!ObpCheckTraverseAccess(ParentDirectory,
+                                            DIRECTORY_TRAVERSE,
+                                            AccessState,
+                                            FALSE,
+                                            AccessCheckMode,
+                                            &Status))
+                {
+                    /* We don't have it, fail */
+                    break;
+                }
+            }
+        }
+
+        /* Check if we don't have a remaining name yet */
+        if (!RemainingName.Length)
+        {
+            /* Check if we are inserting an object */
+            if (InsertObject)
+            {
+                /* Lock the directory */
+                //ObpAcquireDirectoryLockExclusive(LookupContext, Directory);
+
+                /* Setup the context */
+                // FIXME: ObpSetLookupDirectory(Dir);?
+                LookupContext->Directory = Directory;
+                LookupContext->DirectoryLocked = TRUE;
+                LookupContext->LockStateSignature = 0xCCCC1234;
+            }
+        }
+
+        /* Do the lookup */
         Object = ObpLookupEntryDirectory(Directory,
-                                                &ComponentName,
-                                                Attributes,
-                                                InsertObject ? FALSE : TRUE,
-                                                LookupContext);
+                                         &ComponentName,
+                                         Attributes,
+                                         InsertObject ? FALSE : TRUE,
+                                         LookupContext);
         if (!Object)
         {
             /* We didn't find it... do we still have a path? */
@@ -568,64 +606,64 @@
                 break;
             }
 
-                /* Get the object header */
-                ObjectHeader = OBJECT_TO_OBJECT_HEADER(InsertObject);
-
-                /* FIXME: Check if this is a Section Object or Sym Link */
-                /* FIXME: If it is, then check if this isn't session 0 */
-                /* FIXME: If it isn't, check for SeCreateGlobalPrivilege */
-                /* FIXME: If privilege isn't there, check for unsecure name */
-                /* FIXME: If it isn't a known unsecure name, then fail */
-
-                /* Create Object Name */
-                NewName = ExAllocatePoolWithTag(PagedPool,
-                                                ComponentName.Length,
-                                                OB_NAME_TAG);
-                if (!(NewName) ||
-                    !(ObpInsertEntryDirectory(Directory,
-                                              LookupContext,
-                                              ObjectHeader)))
-                {
-                    /* Either couldn't allocate the name, or insert failed */
-                    if (NewName) ExFreePool(NewName);
-
-                    /* Fail due to memory reasons */
-                    Status = STATUS_INSUFFICIENT_RESOURCES;
-                    break;
-                }
-
-                /* Reference newly to be inserted object */
-                ObReferenceObject(InsertObject);
-
-                /* Get the name information */
-                ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
-
-                /* Reference the directory */
-                ObReferenceObject(Directory);
-
-                /* Copy the Name */
-                RtlCopyMemory(NewName,
-                              ComponentName.Buffer,
-                              ComponentName.Length);
-
-                /* Check if we had an old name */
-                if (ObjectNameInfo->Name.Buffer)
-                {
-                    /* Free it */
-                    ExFreePool(ObjectNameInfo->Name.Buffer);
-                }
-
-                /* Write new one */
-                ObjectNameInfo->Name.Buffer = NewName;
-                ObjectNameInfo->Name.Length = ComponentName.Length;
-                ObjectNameInfo->Name.MaximumLength = ComponentName.Length;
-
-                /* Return Status and the Expected Object */
-                Status = STATUS_SUCCESS;
-                Object = InsertObject;
-
-                /* Get out of here */
+            /* Get the object header */
+            ObjectHeader = OBJECT_TO_OBJECT_HEADER(InsertObject);
+
+            /* FIXME: Check if this is a Section Object or Sym Link */
+            /* FIXME: If it is, then check if this isn't session 0 */
+            /* FIXME: If it isn't, check for SeCreateGlobalPrivilege */
+            /* FIXME: If privilege isn't there, check for unsecure name */
+            /* FIXME: If it isn't a known unsecure name, then fail */
+
+            /* Create Object Name */
+            NewName = ExAllocatePoolWithTag(PagedPool,
+                                            ComponentName.Length,
+                                            OB_NAME_TAG);
+            if (!(NewName) ||
+                !(ObpInsertEntryDirectory(Directory,
+                                          LookupContext,
+                                          ObjectHeader)))
+            {
+                /* Either couldn't allocate the name, or insert failed */
+                if (NewName) ExFreePool(NewName);
+
+                /* Fail due to memory reasons */
+                Status = STATUS_INSUFFICIENT_RESOURCES;
                 break;
+            }
+
+            /* Reference newly to be inserted object */
+            ObReferenceObject(InsertObject);
+
+            /* Get the name information */
+            ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
+
+            /* Reference the directory */
+            ObReferenceObject(Directory);
+
+            /* Copy the Name */
+            RtlCopyMemory(NewName,
+                          ComponentName.Buffer,
+                          ComponentName.Length);
+
+            /* Check if we had an old name */
+            if (ObjectNameInfo->Name.Buffer)
+            {
+                /* Free it */
+                ExFreePool(ObjectNameInfo->Name.Buffer);
+            }
+
+            /* Write new one */
+            ObjectNameInfo->Name.Buffer = NewName;
+            ObjectNameInfo->Name.Length = ComponentName.Length;
+            ObjectNameInfo->Name.MaximumLength = ComponentName.Length;
+
+            /* Return Status and the Expected Object */
+            Status = STATUS_SUCCESS;
+            Object = InsertObject;
+
+            /* Get out of here */
+            break;
         }
 
 Reparse:
@@ -680,6 +718,7 @@
                     }
 
                     /* Start at Root */
+                    ParentDirectory = NULL;
                     RootDirectory = NameSpaceRoot;
 
                     /* Check for reparse status */
@@ -766,6 +805,7 @@
                 if (ObjectHeader->Type == ObDirectoryType)
                 {
                     /* Restart from this directory */
+                    ParentDirectory = Directory;
                     Directory = Object;
                 }
                 else

Modified: trunk/reactos/ntoskrnl/ob/obref.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ob/obref.c?rev=25396&r1=25395&r2=25396&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/ob/obref.c (original)
+++ trunk/reactos/ntoskrnl/ob/obref.c Tue Jan  9 12:30:43 2007
@@ -444,7 +444,6 @@
                                     &Status))
         {
             /* Return the object */
-            Status = STATUS_SUCCESS;
             *ObjectPtr = Object;
         }
     }

Modified: trunk/reactos/ntoskrnl/se/semgr.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=25396&r1=25395&r2=25396&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/se/semgr.c (original)
+++ trunk/reactos/ntoskrnl/se/semgr.c Tue Jan  9 12:30:43 2007
@@ -1054,7 +1054,7 @@
     }
   else
     {
-      *AccessStatus = STATUS_ACCESS_DENIED;
+      *AccessStatus = STATUS_SUCCESS;
       DPRINT("FIX caller rights (granted 0x%lx, desired 0x%lx)!\n",
         *GrantedAccess, DesiredAccess);
       return TRUE; /* FIXME: should be FALSE */




More information about the Ros-diffs mailing list