Status = SeSubProcessToken(ParentToken,
&NewToken,
TRUE,
- 0);//MmGetSessionId(Process));
+ MmGetSessionId(Process));
/* Dereference the Parent */
ObFastDereferenceObject(&Parent->Token, ParentToken);
/* Reference it from the handle */
Status = ObReferenceObjectByHandle(Token,
TOKEN_ASSIGN_PRIMARY,
- SepTokenObjectType,
+ SeTokenObjectType,
ExGetPreviousMode(),
&NewToken,
NULL);
PACCESS_TOKEN NewToken = Token;
NTSTATUS Status, AccessStatus;
BOOLEAN Result, SdAllocated;
- PSECURITY_DESCRIPTOR SecurityDescriptor;
+ PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
SECURITY_SUBJECT_CONTEXT SubjectContext;
PSTRACE(PS_SECURITY_DEBUG, "Process: %p Token: %p\n", Process, Token);
/* Reference it */
Status = ObReferenceObjectByHandle(TokenHandle,
TOKEN_ASSIGN_PRIMARY,
- SepTokenObjectType,
+ SeTokenObjectType,
PreviousMode,
(PVOID*)&NewToken,
NULL);
HandleAttributes,
NULL,
DesiredAccess,
- SepTokenObjectType,
+ SeTokenObjectType,
PreviousMode,
&hToken);
ObDereferenceObject(Token);
/* Get the token object */
Status = ObReferenceObjectByHandle(TokenHandle,
TOKEN_IMPERSONATE,
- SepTokenObjectType,
+ SeTokenObjectType,
KeGetPreviousMode(),
(PVOID*)&Token,
NULL);
if (OldData)
{
/* Someone beat us to it, free our copy */
- ExFreePool(Impersonation);
+ ExFreePoolWithTag(Impersonation, TAG_PS_IMPERSONATION);
Impersonation = OldData;
}
}
/* Check if we don't have impersonation info */
Process = Thread->ThreadsProcess;
- if (!Thread->ActiveImpersonationInfo)
- {
- /* Fast Reference the Token */
- Token = ObFastReferenceObject(&Process->Token);
-
- /* Check if we got the Token or if we got locked */
- if (!Token)
- {
- /* Lock the Process */
- PspLockProcessSecurityShared(Process);
-
- /* Do a Locked Fast Reference */
- Token = ObFastReferenceObjectLocked(&Process->Token);
-
- /* Unlock the Process */
- PspUnlockProcessSecurityShared(Process);
- }
- }
- else
+ if (Thread->ActiveImpersonationInfo)
{
/* Lock the Process */
PspLockProcessSecurityShared(Process);
PspUnlockProcessSecurityShared(Process);
}
+ /* Fast Reference the Token */
+ Token = ObFastReferenceObject(&Process->Token);
+
+ /* Check if we got the Token or if we got locked */
+ if (!Token)
+ {
+ /* Lock the Process */
+ PspLockProcessSecurityShared(Process);
+
+ /* Do a Locked Fast Reference */
+ Token = ObFastReferenceObjectLocked(&Process->Token);
+
+ /* Unlock the Process */
+ PspUnlockProcessSecurityShared(Process);
+ }
+
/* Return the token */
*TokenType = TokenPrimary;
*EffectiveOnly = FALSE;
BOOLEAN
NTAPI
PsDisableImpersonation(IN PETHREAD Thread,
- IN PSE_IMPERSONATION_STATE ImpersonationState)
+ OUT PSE_IMPERSONATION_STATE ImpersonationState)
{
PPS_IMPERSONATION_INFORMATION Impersonation = NULL;
- LONG NewValue, OldValue;
+ LONG OldFlags;
PAGED_CODE();
PSTRACE(PS_SECURITY_DEBUG,
"Thread: %p State: %p\n", Thread, ImpersonationState);
PspLockThreadSecurityExclusive(Thread);
/* Disable impersonation */
- OldValue = Thread->CrossThreadFlags;
- do
- {
- /* Attempt to change the flag */
- NewValue =
- InterlockedCompareExchange((PLONG)&Thread->CrossThreadFlags,
- OldValue &~
- CT_ACTIVE_IMPERSONATION_INFO_BIT,
- OldValue);
- } while (NewValue != OldValue);
+ OldFlags = PspClearCrossThreadFlag(Thread,
+ CT_ACTIVE_IMPERSONATION_INFO_BIT);
/* Make sure nobody disabled it behind our back */
- if (NewValue & CT_ACTIVE_IMPERSONATION_INFO_BIT)
+ if (OldFlags & CT_ACTIVE_IMPERSONATION_INFO_BIT)
{
/* Copy the old state */
Impersonation = Thread->ImpersonationInfo;