https://git.reactos.org/?p=reactos.git;a=commitdiff;h=5b2dda91348d200fde43ee09d796174efa982d78

commit 5b2dda91348d200fde43ee09d796174efa982d78
Author:     Hermès Bélusca-Maïto <[email protected]>
AuthorDate: Mon Jun 25 15:24:44 2018 +0200
Commit:     Hermès Bélusca-Maïto <[email protected]>
CommitDate: Wed Jun 27 23:40:14 2018 +0200

    [NTOS:SE] Finish SepCreateImpersonationTokenDacl() implementation.
    
    - Re-enable a commented-out block;
    - Return the allocated Dacl.
    - Use the correct pool tag when freeing the allocated Dacl.
---
 ntoskrnl/include/internal/se.h |  6 +++---
 ntoskrnl/se/acl.c              | 29 ++++++++++++++++-------------
 ntoskrnl/se/token.c            |  6 +++---
 3 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/ntoskrnl/include/internal/se.h b/ntoskrnl/include/internal/se.h
index 125055fe11..040d23c174 100644
--- a/ntoskrnl/include/internal/se.h
+++ b/ntoskrnl/include/internal/se.h
@@ -317,9 +317,9 @@ SeIsTokenChild(
 NTSTATUS
 NTAPI
 SepCreateImpersonationTokenDacl(
-    PTOKEN Token,
-    PTOKEN PrimaryToken,
-    PACL *Dacl
+    _In_ PTOKEN Token,
+    _In_ PTOKEN PrimaryToken,
+    _Out_ PACL* Dacl
 );
 
 VOID
diff --git a/ntoskrnl/se/acl.c b/ntoskrnl/se/acl.c
index 392f2a9ea6..3829684794 100644
--- a/ntoskrnl/se/acl.c
+++ b/ntoskrnl/se/acl.c
@@ -224,22 +224,26 @@ SepInitDACLs(VOID)
     return TRUE;
 }
 
-NTSTATUS NTAPI
-SepCreateImpersonationTokenDacl(PTOKEN Token,
-                                PTOKEN PrimaryToken,
-                                PACL *Dacl)
+NTSTATUS
+NTAPI
+SepCreateImpersonationTokenDacl(
+    _In_ PTOKEN Token,
+    _In_ PTOKEN PrimaryToken,
+    _Out_ PACL* Dacl)
 {
     ULONG AclLength;
-    PVOID TokenDacl;
+    PACL TokenDacl;
 
     PAGED_CODE();
 
+    *Dacl = NULL;
+
     AclLength = sizeof(ACL) +
-    (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
-    (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
-    (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
-    (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
-    (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
+        (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
+        (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+        (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
+        (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
+        (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
 
     TokenDacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_ACL);
     if (TokenDacl == NULL)
@@ -257,14 +261,13 @@ SepCreateImpersonationTokenDacl(PTOKEN Token,
     RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
                            SeLocalSystemSid);
 
-    /* FIXME */
-#if 0
     if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
     {
         RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
                                SeRestrictedCodeSid);
     }
-#endif
+
+    *Dacl = TokenDacl;
 
     return STATUS_SUCCESS;
 }
diff --git a/ntoskrnl/se/token.c b/ntoskrnl/se/token.c
index 46ab29b0f7..b9c4e6f1f4 100644
--- a/ntoskrnl/se/token.c
+++ b/ntoskrnl/se/token.c
@@ -3325,7 +3325,8 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
 
     /*
      * At first open the thread token for information access and verify
-     * that the token associated with thread is valid.     */
+     * that the token associated with thread is valid.
+     */
 
     Status = ObReferenceObjectByHandle(ThreadHandle, THREAD_QUERY_INFORMATION,
                                        PsThreadType, PreviousMode, 
(PVOID*)&Thread,
@@ -3386,7 +3387,6 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
                 InitializeObjectAttributes(&ObjectAttributes, NULL, 
HandleAttributes,
                                            NULL, Dacl ? &SecurityDescriptor : 
NULL);
 
-
                 Status = SepDuplicateToken(Token, &ObjectAttributes, 
EffectiveOnly,
                                            TokenImpersonation, 
ImpersonationLevel,
                                            KernelMode, &NewToken);
@@ -3406,7 +3406,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
                                        PreviousMode, &hToken);
     }
 
-    if (Dacl) ExFreePoolWithTag(Dacl, TAG_TOKEN_ACL);
+    if (Dacl) ExFreePoolWithTag(Dacl, TAG_ACL);
 
     if (RestoreImpersonation)
     {

Reply via email to