mirrors/reactos
0
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-01-06 11:43:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS]

Browse Source 
- Fix disabling impersonation in PsDisableImpersonation, and
- Fix how we do restore impersonation in NtOpenThreadTokenEx.
Patch by Thomas Faber,
CORE-7476 #comment Patch committed in revision 60301, thanks :). Please retest the bug.

svn path=/trunk/; revision=60301
This commit is contained in:
Hermès Bélusca-Maïto 2013-09-22 00:26:31 +00:00
parent ccafea6eee
commit cb93b06d35
2 changed files with 10 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
reactos/ntoskrnl/ps/security.c
View File

@ -820,10 +820,10 @@ PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
BOOLEAN
NTAPI
PsDisableImpersonation(IN PETHREAD Thread,
IN PSE_IMPERSONATION_STATE ImpersonationState)
OUT PSE_IMPERSONATION_STATE ImpersonationState)
{
PPS_IMPERSONATION_INFORMATION Impersonation = NULL;
LONG NewValue, OldValue;
LONG OldFlags;
PAGED_CODE();
PSTRACE(PS_SECURITY_DEBUG,
"Thread: %p State: %p\n", Thread, ImpersonationState);
@ -835,19 +835,11 @@ PsDisableImpersonation(IN PETHREAD Thread,
PspLockThreadSecurityExclusive(Thread);
/* Disable impersonation */
OldValue = Thread->CrossThreadFlags;
do
{
/* Attempt to change the flag */
NewValue =
InterlockedCompareExchange((PLONG)&Thread->CrossThreadFlags,
OldValue &~
CT_ACTIVE_IMPERSONATION_INFO_BIT,
OldValue);
} while (NewValue != OldValue);
OldFlags = PspClearCrossThreadFlag(Thread,
CT_ACTIVE_IMPERSONATION_INFO_BIT);
/* Make sure nobody disabled it behind our back */
if (NewValue & CT_ACTIVE_IMPERSONATION_INFO_BIT)
if (OldFlags & CT_ACTIVE_IMPERSONATION_INFO_BIT)
{
/* Copy the old state */
Impersonation = Thread->ImpersonationInfo;

8
reactos/ntoskrnl/se/token.c
View File

@ -1065,7 +1065,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
PTOKEN Token;
ULONG RequiredLength;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status = STATUS_SUCCESS;
NTSTATUS Status;
PAGED_CODE();
@ -2429,6 +2429,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
PACL Dacl = NULL;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
BOOLEAN RestoreImpersonation = FALSE;
PAGED_CODE();
@ -2482,7 +2483,8 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
if (OpenAsSelf)
{
PsDisableImpersonation(PsGetCurrentThread(), &ImpersonationState);
RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(),
&ImpersonationState);
}
if (CopyOnOpen)
@ -2533,7 +2535,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
if (Dacl) ExFreePoolWithTag(Dacl, TAG_TOKEN_ACL);
if (OpenAsSelf)
if (RestoreImpersonation)
{
PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState);
}