NTSTATUS
NTAPI
-SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
{
if (*Present)
{
- CapturedQos = ExAllocatePool(PoolType,
- sizeof(SECURITY_QUALITY_OF_SERVICE));
+ CapturedQos = ExAllocatePoolWithTag(PoolType,
+ sizeof(SECURITY_QUALITY_OF_SERVICE),
+ TAG_QOS);
if (CapturedQos != NULL)
{
RtlCopyMemory(CapturedQos,
if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
sizeof(SECURITY_QUALITY_OF_SERVICE))
{
- CapturedQos = ExAllocatePool(PoolType,
- sizeof(SECURITY_QUALITY_OF_SERVICE));
+ CapturedQos = ExAllocatePoolWithTag(PoolType,
+ sizeof(SECURITY_QUALITY_OF_SERVICE),
+ TAG_QOS);
if (CapturedQos != NULL)
{
RtlCopyMemory(CapturedQos,
if (CapturedSecurityQualityOfService != NULL &&
(AccessMode != KernelMode || CaptureIfKernel))
{
- ExFreePool(CapturedSecurityQualityOfService);
+ ExFreePoolWithTag(CapturedSecurityQualityOfService, TAG_QOS);
}
}
{
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
- _SEH2_END
+ _SEH2_END;
/*
* Allocate enough memory to store a complete copy of a self-relative
Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
}
OwnerLength = Owner ? RtlLengthSid(Owner) : 0;
- NT_ASSERT(OwnerLength % sizeof(ULONG) == 0);
+ ASSERT(OwnerLength % sizeof(ULONG) == 0);
/* Get group and group size */
if (SecurityInformation & GROUP_SECURITY_INFORMATION)
Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
}
GroupLength = Group ? RtlLengthSid(Group) : 0;
- NT_ASSERT(GroupLength % sizeof(ULONG) == 0);
+ ASSERT(GroupLength % sizeof(ULONG) == 0);
/* Get DACL and DACL size */
if (SecurityInformation & DACL_SECURITY_INFORMATION)
}
SaclLength = Sacl ? ROUND_UP((ULONG)Sacl->AclSize, 4) : 0;
- NewSd = ExAllocatePool(NonPagedPool,
- sizeof(SECURITY_DESCRIPTOR_RELATIVE) + OwnerLength + GroupLength +
- DaclLength + SaclLength);
+ NewSd = ExAllocatePoolWithTag(NonPagedPool,
+ sizeof(SECURITY_DESCRIPTOR_RELATIVE) +
+ OwnerLength + GroupLength +
+ DaclLength + SaclLength,
+ TAG_SD);
if (NewSd == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
if (!Owner)
{
- DPRINT("Use token owner sid!\n");
- Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
+ if (AutoInheritFlags & 0x20 /* FIXME: SEF_DEFAULT_OWNER_FROM_PARENT */)
+ {
+ DPRINT("Use parent owner sid!\n");
+ if (!ARGUMENT_PRESENT(ParentDescriptor))
+ {
+ SeUnlockSubjectContext(SubjectContext);
+ return STATUS_INVALID_OWNER;
+ }
+
+ Owner = SepGetOwnerFromDescriptor(ParentDescriptor);
+ if (!Owner)
+ {
+ SeUnlockSubjectContext(SubjectContext);
+ return STATUS_INVALID_OWNER;
+ }
+ }
+ else
+ {
+ DPRINT("Use token owner sid!\n");
+ Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
+ }
}
OwnerLength = RtlLengthSid(Owner);
- NT_ASSERT(OwnerLength % sizeof(ULONG) == 0);
+ ASSERT(OwnerLength % sizeof(ULONG) == 0);
/* Inherit the Group SID */
if (ExplicitDescriptor != NULL)
}
if (!Group)
{
- DPRINT("Use token group sid!\n");
- Group = Token->PrimaryGroup;
+ if (AutoInheritFlags & 0x40 /* FIXME: SEF_DEFAULT_GROUP_FROM_PARENT */)
+ {
+ DPRINT("Use parent group sid!\n");
+ if (!ARGUMENT_PRESENT(ParentDescriptor))
+ {
+ SeUnlockSubjectContext(SubjectContext);
+ return STATUS_INVALID_PRIMARY_GROUP;
+ }
+
+ Group = SepGetGroupFromDescriptor(ParentDescriptor);
+ if (!Group)
+ {
+ SeUnlockSubjectContext(SubjectContext);
+ return STATUS_INVALID_PRIMARY_GROUP;
+ }
+ }
+ else
+ {
+ DPRINT("Use token group sid!\n");
+ Group = Token->PrimaryGroup;
+ }
}
if (!Group)
{
return STATUS_INVALID_PRIMARY_GROUP;
}
GroupLength = RtlLengthSid(Group);
- NT_ASSERT(GroupLength % sizeof(ULONG) == 0);
+ ASSERT(GroupLength % sizeof(ULONG) == 0);
/* Inherit the DACL */
DaclLength = 0;
GenericMapping);
if (DaclPresent)
Control |= SE_DACL_PRESENT;
- NT_ASSERT(DaclLength % sizeof(ULONG) == 0);
+ ASSERT(DaclLength % sizeof(ULONG) == 0);
/* Inherit the SACL */
SaclLength = 0;
GenericMapping);
if (SaclPresent)
Control |= SE_SACL_PRESENT;
- NT_ASSERT(SaclLength % sizeof(ULONG) == 0);
+ ASSERT(SaclLength % sizeof(ULONG) == 0);
/* Allocate and initialize the new security descriptor */
Length = sizeof(SECURITY_DESCRIPTOR_RELATIVE) +
SaclIsInherited,
IsDirectoryObject,
GenericMapping);
- NT_ASSERT(Status == STATUS_SUCCESS);
+ ASSERT(Status == STATUS_SUCCESS);
Descriptor->Sacl = Current;
Current += SaclLength;
}
DaclIsInherited,
IsDirectoryObject,
GenericMapping);
- NT_ASSERT(Status == STATUS_SUCCESS);
+ ASSERT(Status == STATUS_SUCCESS);
Descriptor->Dacl = Current;
Current += DaclLength;
}