[NTOS:MM] Fix ViewSize parameter passed to MiInsertVadEx() from MiCreatePebOrTeb()

[reactos.git] / ntoskrnl / se / sd.c

diff --git a/ntoskrnl/se/sd.c b/ntoskrnl/se/sd.c
index d6e5b53..a6b0829 100644 (file)
--- a/ntoskrnl/se/sd.c
+++ b/ntoskrnl/se/sd.c
@@ -208,7 +208,7 @@ SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
 
 NTSTATUS
 NTAPI
-SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL,
+SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
                                    IN KPROCESSOR_MODE AccessMode,
                                    IN POOL_TYPE PoolType,
                                    IN BOOLEAN CaptureIfKernel,
@@ -281,8 +281,9 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIO
             {
                 if (*Present)
                 {
-                    CapturedQos = ExAllocatePool(PoolType,
-                                                 sizeof(SECURITY_QUALITY_OF_SERVICE));
+                    CapturedQos = ExAllocatePoolWithTag(PoolType,
+                                                        sizeof(SECURITY_QUALITY_OF_SERVICE),
+                                                        TAG_QOS);
                     if (CapturedQos != NULL)
                     {
                         RtlCopyMemory(CapturedQos,
@@ -312,8 +313,9 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIO
                         if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
                             sizeof(SECURITY_QUALITY_OF_SERVICE))
                         {
-                            CapturedQos = ExAllocatePool(PoolType,
-                                                         sizeof(SECURITY_QUALITY_OF_SERVICE));
+                            CapturedQos = ExAllocatePoolWithTag(PoolType,
+                                                                sizeof(SECURITY_QUALITY_OF_SERVICE),
+                                                                TAG_QOS);
                             if (CapturedQos != NULL)
                             {
                                 RtlCopyMemory(CapturedQos,
@@ -371,7 +373,7 @@ SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecur
     if (CapturedSecurityQualityOfService != NULL &&
         (AccessMode != KernelMode || CaptureIfKernel))
     {
-        ExFreePool(CapturedSecurityQualityOfService);
+        ExFreePoolWithTag(CapturedSecurityQualityOfService, TAG_QOS);
     }
 }
 
@@ -526,7 +528,7 @@ SeCaptureSecurityDescriptor(
     {
         _SEH2_YIELD(return _SEH2_GetExceptionCode());
     }
-    _SEH2_END
+    _SEH2_END;
 
     /*
      * Allocate enough memory to store a complete copy of a self-relative
@@ -862,7 +864,7 @@ SeSetSecurityDescriptorInfoEx(
         Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
     }
     OwnerLength = Owner ? RtlLengthSid(Owner) : 0;
-    NT_ASSERT(OwnerLength % sizeof(ULONG) == 0);
+    ASSERT(OwnerLength % sizeof(ULONG) == 0);
 
     /* Get group and group size */
     if (SecurityInformation & GROUP_SECURITY_INFORMATION)
@@ -876,7 +878,7 @@ SeSetSecurityDescriptorInfoEx(
         Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
     }
     GroupLength = Group ? RtlLengthSid(Group) : 0;
-    NT_ASSERT(GroupLength % sizeof(ULONG) == 0);
+    ASSERT(GroupLength % sizeof(ULONG) == 0);
 
     /* Get DACL and DACL size */
     if (SecurityInformation & DACL_SECURITY_INFORMATION)
@@ -904,9 +906,11 @@ SeSetSecurityDescriptorInfoEx(
     }
     SaclLength = Sacl ? ROUND_UP((ULONG)Sacl->AclSize, 4) : 0;
 
-    NewSd = ExAllocatePool(NonPagedPool,
-                           sizeof(SECURITY_DESCRIPTOR_RELATIVE) + OwnerLength + GroupLength +
-                           DaclLength + SaclLength);
+    NewSd = ExAllocatePoolWithTag(NonPagedPool,
+                                  sizeof(SECURITY_DESCRIPTOR_RELATIVE) +
+                                  OwnerLength + GroupLength +
+                                  DaclLength + SaclLength,
+                                  TAG_SD);
     if (NewSd == NULL)
     {
         return STATUS_INSUFFICIENT_RESOURCES;
@@ -1184,11 +1188,30 @@ SeAssignSecurityEx(
     }
     if (!Owner)
     {
-        DPRINT("Use token owner sid!\n");
-        Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
+        if (AutoInheritFlags & 0x20 /* FIXME: SEF_DEFAULT_OWNER_FROM_PARENT */)
+        {
+            DPRINT("Use parent owner sid!\n");
+            if (!ARGUMENT_PRESENT(ParentDescriptor))
+            {
+                SeUnlockSubjectContext(SubjectContext);
+                return STATUS_INVALID_OWNER;
+            }
+
+            Owner = SepGetOwnerFromDescriptor(ParentDescriptor);
+            if (!Owner)
+            {
+                SeUnlockSubjectContext(SubjectContext);
+                return STATUS_INVALID_OWNER;
+            }
+        }
+        else
+        {
+            DPRINT("Use token owner sid!\n");
+            Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
+        }
     }
     OwnerLength = RtlLengthSid(Owner);
-    NT_ASSERT(OwnerLength % sizeof(ULONG) == 0);
+    ASSERT(OwnerLength % sizeof(ULONG) == 0);
 
     /* Inherit the Group SID */
     if (ExplicitDescriptor != NULL)
@@ -1197,8 +1220,27 @@ SeAssignSecurityEx(
     }
     if (!Group)
     {
-        DPRINT("Use token group sid!\n");
-        Group = Token->PrimaryGroup;
+        if (AutoInheritFlags & 0x40 /* FIXME: SEF_DEFAULT_GROUP_FROM_PARENT */)
+        {
+            DPRINT("Use parent group sid!\n");
+            if (!ARGUMENT_PRESENT(ParentDescriptor))
+            {
+                SeUnlockSubjectContext(SubjectContext);
+                return STATUS_INVALID_PRIMARY_GROUP;
+            }
+
+            Group = SepGetGroupFromDescriptor(ParentDescriptor);
+            if (!Group)
+            {
+                SeUnlockSubjectContext(SubjectContext);
+                return STATUS_INVALID_PRIMARY_GROUP;
+            }
+        }
+        else
+        {
+            DPRINT("Use token group sid!\n");
+            Group = Token->PrimaryGroup;
+        }
     }
     if (!Group)
     {
@@ -1206,7 +1248,7 @@ SeAssignSecurityEx(
         return STATUS_INVALID_PRIMARY_GROUP;
     }
     GroupLength = RtlLengthSid(Group);
-    NT_ASSERT(GroupLength % sizeof(ULONG) == 0);
+    ASSERT(GroupLength % sizeof(ULONG) == 0);
 
     /* Inherit the DACL */
     DaclLength = 0;
@@ -1241,7 +1283,7 @@ SeAssignSecurityEx(
                         GenericMapping);
     if (DaclPresent)
         Control |= SE_DACL_PRESENT;
-    NT_ASSERT(DaclLength % sizeof(ULONG) == 0);
+    ASSERT(DaclLength % sizeof(ULONG) == 0);
 
     /* Inherit the SACL */
     SaclLength = 0;
@@ -1276,7 +1318,7 @@ SeAssignSecurityEx(
                         GenericMapping);
     if (SaclPresent)
         Control |= SE_SACL_PRESENT;
-    NT_ASSERT(SaclLength % sizeof(ULONG) == 0);
+    ASSERT(SaclLength % sizeof(ULONG) == 0);
 
     /* Allocate and initialize the new security descriptor */
     Length = sizeof(SECURITY_DESCRIPTOR_RELATIVE) +
@@ -1314,7 +1356,7 @@ SeAssignSecurityEx(
                                  SaclIsInherited,
                                  IsDirectoryObject,
                                  GenericMapping);
-        NT_ASSERT(Status == STATUS_SUCCESS);
+        ASSERT(Status == STATUS_SUCCESS);
         Descriptor->Sacl = Current;
         Current += SaclLength;
     }
@@ -1329,7 +1371,7 @@ SeAssignSecurityEx(
                                  DaclIsInherited,
                                  IsDirectoryObject,
                                  GenericMapping);
-        NT_ASSERT(Status == STATUS_SUCCESS);
+        ASSERT(Status == STATUS_SUCCESS);
         Descriptor->Dacl = Current;
         Current += DaclLength;
     }