The old ones gave compiler errors... if you guys can fix them, go ahead :) -- Best regards, Alex Ionescu
On 2012-09-12, at 9:56 AM, Timo Kreuzer <[email protected]> wrote: > > What was the problem with the old macros? The new ones are error-prone. > > if (NeedLock) SepAcquireTokenLockExclusive(Token); // <= fail! > > WBR, > Timo > > > > > Am 12.09.2012 18:29, schrieb [email protected]: >> Author: ion >> Date: Wed Sep 12 16:29:28 2012 >> New Revision: 57284 >> >> URL: http://svn.reactos.org/svn/reactos?rev=57284&view=rev >> Log: >> [NTOSKRNL]: Use the token lock acquire/release macros that were already >> written instead of manually doing it. Also fix the macros since they didn't >> work in GCC. >> No functional change, just code cleanup. >> >> Modified: >> trunk/reactos/ntoskrnl/include/internal/se.h >> trunk/reactos/ntoskrnl/se/access.c >> trunk/reactos/ntoskrnl/se/semgr.c >> >> Modified: trunk/reactos/ntoskrnl/include/internal/se.h >> URL: >> http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/se.h?rev=57284&r1=57283&r2=57284&view=diff >> ============================================================================== >> --- trunk/reactos/ntoskrnl/include/internal/se.h [iso-8859-1] (original) >> +++ trunk/reactos/ntoskrnl/include/internal/se.h [iso-8859-1] Wed Sep 12 >> 16:29:28 2012 >> @@ -1,4 +1,28 @@ >> #pragma once >> + >> +typedef struct _KNOWN_ACE >> +{ >> + ACE_HEADER Header; >> + ACCESS_MASK Mask; >> + ULONG SidStart; >> +} KNOWN_ACE, *PKNOWN_ACE; >> + >> +typedef struct _KNOWN_OBJECT_ACE >> +{ >> + ACE_HEADER Header; >> + ACCESS_MASK Mask; >> + ULONG Flags; >> + ULONG SidStart; >> +} KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE; >> + >> +typedef struct _KNOWN_COMPOUND_ACE >> +{ >> + ACE_HEADER Header; >> + ACCESS_MASK Mask; >> + USHORT CompoundAceType; >> + USHORT Reserved; >> + ULONG SidStart; >> +} KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE; >> PSID >> FORCEINLINE >> @@ -75,6 +99,8 @@ >> return Descriptor->Sacl; >> } >> } >> + >> +#ifndef RTL_H >> /* SID Authorities */ >> extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority; >> @@ -156,6 +182,19 @@ >> extern PSECURITY_DESCRIPTOR SeSystemDefaultSd; >> extern PSECURITY_DESCRIPTOR SeUnrestrictedSd; >> + >> +#define SepAcquireTokenLockExclusive(Token) >> \ >> + KeEnterCriticalRegion(); >> \ >> + ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); >> \ >> + >> +#define SepAcquireTokenLockShared(Token) >> \ >> + KeEnterCriticalRegion(); >> \ >> + ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); >> \ >> + >> +#define SepReleaseTokenLock(Token) >> \ >> + ExReleaseResource(((PTOKEN)Token)->TokenLock); >> \ >> + KeLeaveCriticalRegion(); >> \ >> + >> // >> // Token Functions >> // >> @@ -434,24 +473,6 @@ >> OUT PACCESS_TOKEN* NewToken >> ); >> -#define SepAcquireTokenLockExclusive(Token) >> \ >> - do { >> \ >> - KeEnterCriticalRegion(); >> \ >> - ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); >> \ >> - while(0) >> - >> -#define SepAcquireTokenLockShared(Token) >> \ >> - do { >> \ >> - KeEnterCriticalRegion(); >> \ >> - ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); >> \ >> - while(0) >> - >> -#define SepReleaseTokenLock(Token) >> \ >> - do { >> \ >> - ExReleaseResource(((PTOKEN)Token)->TokenLock); >> \ >> - KeLeaveCriticalRegion(); >> \ >> - while(0) >> - >> VOID NTAPI >> SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, >> OUT PACCESS_MASK DesiredAccess); >> @@ -460,4 +481,6 @@ >> SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, >> OUT PACCESS_MASK DesiredAccess); >> +#endif >> + >> /* EOF */ >> >> Modified: trunk/reactos/ntoskrnl/se/access.c >> URL: >> http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/access.c?rev=57284&r1=57283&r2=57284&view=diff >> ============================================================================== >> --- trunk/reactos/ntoskrnl/se/access.c [iso-8859-1] (original) >> +++ trunk/reactos/ntoskrnl/se/access.c [iso-8859-1] Wed Sep 12 16:29:28 2012 >> @@ -130,11 +130,7 @@ >> ASSERT(Sid != NULL); >> /* Lock the token if needed */ >> - if (!TokenLocked) >> - { >> - KeEnterCriticalRegion(); >> - ExAcquireResourceSharedLite(Token->TokenLock, TRUE); >> - } >> + if (!TokenLocked) SepAcquireTokenLockShared(Token); >> /* Check if the owner SID is found, handling restricted case as well >> */ >> Result = SepSidInToken(Token, Sid); >> @@ -144,11 +140,7 @@ >> } >> /* Release the lock if we had acquired it */ >> - if (!TokenLocked) >> - { >> - ExReleaseResourceLite(Token->TokenLock); >> - KeLeaveCriticalRegion(); >> - } >> + if (!TokenLocked) SepReleaseTokenLock(Token); >> /* Return the result */ >> return Result; >> @@ -168,15 +160,13 @@ >> TokenControl->TokenSource = Token->TokenSource; >> /* Lock the token */ >> - KeEnterCriticalRegion(); >> - ExAcquireResourceSharedLite(Token->TokenLock, TRUE); >> + SepAcquireTokenLockShared(Token); >> /* Capture the modified it */ >> TokenControl->ModifiedId = Token->ModifiedId; >> /* Unlock it */ >> - ExReleaseResourceLite(Token->TokenLock); >> - KeLeaveCriticalRegion(); >> + SepReleaseTokenLock(Token); >> } >> NTSTATUS >> @@ -327,13 +317,11 @@ >> ClientToken = SubjectContext->ClientToken; >> /* Always lock the primary */ >> - KeEnterCriticalRegion(); >> - ExAcquireResourceSharedLite(PrimaryToken->TokenLock, TRUE); >> + SepAcquireTokenLockShared(PrimaryToken); >> /* Lock the impersonation one if it's there */ >> if (!ClientToken) return; >> - KeEnterCriticalRegion(); >> - ExAcquireResourceSharedLite(ClientToken->TokenLock, TRUE); >> + SepAcquireTokenLockShared(ClientToken); >> } >> /* >> @@ -351,13 +339,11 @@ >> ClientToken = SubjectContext->ClientToken; >> /* Always unlock the primary one */ >> - ExReleaseResourceLite(PrimaryToken->TokenLock); >> - KeLeaveCriticalRegion(); >> + SepReleaseTokenLock(PrimaryToken); >> /* Unlock the impersonation one if it's there */ >> if (!ClientToken) return; >> - ExReleaseResourceLite(ClientToken->TokenLock); >> - KeLeaveCriticalRegion(); >> + SepReleaseTokenLock(ClientToken); >> } >> /* >> >> Modified: trunk/reactos/ntoskrnl/se/semgr.c >> URL: >> http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=57284&r1=57283&r2=57284&view=diff >> ============================================================================== >> --- trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] (original) >> +++ trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] Wed Sep 12 16:29:28 2012 >> @@ -952,8 +952,7 @@ >> SeCaptureSubjectContext(&SubjectSecurityContext); >> /* Lock the token */ >> - KeEnterCriticalRegion(); >> - ExAcquireResourceSharedLite(Token->TokenLock, TRUE); >> + SepAcquireTokenLockShared(Token); >> /* Check if the token is the owner and grant WRITE_DAC and >> READ_CONTROL rights */ >> if (DesiredAccess & (WRITE_DAC | READ_CONTROL | MAXIMUM_ALLOWED)) >> @@ -990,8 +989,7 @@ >> /* Release subject context and unlock the token */ >> SeReleaseSubjectContext(&SubjectSecurityContext); >> - ExReleaseResourceLite(Token->TokenLock); >> - KeLeaveCriticalRegion(); >> + SepReleaseTokenLock(Token); >> /* Release the captured security descriptor */ >> SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, >> >> >> > > > _______________________________________________ > Ros-dev mailing list > [email protected] > http://www.reactos.org/mailman/listinfo/ros-dev _______________________________________________ Ros-dev mailing list [email protected] http://www.reactos.org/mailman/listinfo/ros-dev
