ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
{
EX_FAST_REF FastRef;
- ULONG_PTR Count;
+ ULONG Count;
PSECURITY_DESCRIPTOR OldSecurityDescriptor;
-
+
/* Get the fast reference and capture it */
FastRef = *(PEX_FAST_REF)SecurityDescriptor;
-
+
/* Don't free again later */
*SecurityDescriptor = NULL;
-
+
/* Get the descriptor and reference count */
OldSecurityDescriptor = ExGetObjectFastReference(FastRef);
Count = ExGetCountFastReference(FastRef);
-
+
/* Dereference the descriptor */
ObDereferenceSecurityDescriptor(OldSecurityDescriptor, Count + 1);
PSECURITY_DESCRIPTOR OldDescriptor, NewDescriptor, CachedDescriptor;
PEX_FAST_REF FastRef;
EX_FAST_REF OldValue;
- ULONG_PTR Count;
+ ULONG Count;
PAGED_CODE();
/* Get the object header */
&NewDescriptor,
PoolType,
GenericMapping);
- if (NT_SUCCESS(Status))
+ if (!NT_SUCCESS(Status))
{
- /* Now add this to the cache */
- Status = ObLogSecurityDescriptor(NewDescriptor,
- &CachedDescriptor,
- MAX_FAST_REFS + 1);
-
- /* Let go of our uncached copy */
- ExFreePool(NewDescriptor);
-
- /* Check for success */
- if (NT_SUCCESS(Status))
- {
- /* Do the swap */
- FastRef = (PEX_FAST_REF)OutputSecurityDescriptor;
- OldValue = ExCompareSwapFastReference(FastRef,
- CachedDescriptor,
- OldDescriptor);
-
- /* Get the security descriptor */
- SecurityDescriptor = ExGetObjectFastReference(OldValue);
- Count = ExGetCountFastReference(OldValue);
-
- /* Make sure the swap worked */
- if (SecurityDescriptor == OldDescriptor)
- {
- /* Flush waiters */
- ObpAcquireObjectLock(ObjectHeader);
- ObpReleaseObjectLock(ObjectHeader);
-
- /* And dereference the old one */
- ObDereferenceSecurityDescriptor(OldDescriptor, Count + 2);
- break;
- }
- else
- {
- /* Someone changed it behind our back -- try again */
- ObDereferenceSecurityDescriptor(OldDescriptor, 1);
- ObDereferenceSecurityDescriptor(CachedDescriptor,
- MAX_FAST_REFS + 1);
- }
- }
- else
- {
- /* We failed, dereference the old one */
- ObDereferenceSecurityDescriptor(OldDescriptor, 1);
- break;
- }
+ /* We failed, dereference the old one */
+ if (OldDescriptor) ObDereferenceSecurityDescriptor(OldDescriptor, 1);
+ break;
}
- else
+
+ /* Now add this to the cache */
+ Status = ObLogSecurityDescriptor(NewDescriptor,
+ &CachedDescriptor,
+ MAX_FAST_REFS + 1);
+
+ /* Let go of our uncached copy */
+ ExFreePool(NewDescriptor);
+
+ /* Check for success */
+ if (!NT_SUCCESS(Status))
{
/* We failed, dereference the old one */
- if (OldDescriptor) ObDereferenceSecurityDescriptor(OldDescriptor, 1);
+ ObDereferenceSecurityDescriptor(OldDescriptor, 1);
break;
}
+
+ /* Do the swap */
+ FastRef = (PEX_FAST_REF)OutputSecurityDescriptor;
+ OldValue = ExCompareSwapFastReference(FastRef,
+ CachedDescriptor,
+ OldDescriptor);
+
+ /* Make sure the swap worked */
+ if (ExGetObjectFastReference(OldValue) == OldDescriptor)
+ {
+ /* Flush waiters */
+ ObpAcquireObjectLock(ObjectHeader);
+ ObpReleaseObjectLock(ObjectHeader);
+
+ /* And dereference the old one */
+ Count = ExGetCountFastReference(OldValue);
+ ObDereferenceSecurityDescriptor(OldDescriptor, Count + 2);
+ break;
+ }
+ else
+ {
+ /* Someone changed it behind our back -- try again */
+ ObDereferenceSecurityDescriptor(OldDescriptor, 1);
+ ObDereferenceSecurityDescriptor(CachedDescriptor,
+ MAX_FAST_REFS + 1);
+ }
}
/* Return status */
{
POBJECT_HEADER ObjectHeader;
POBJECT_TYPE ObjectType;
- PSECURITY_DESCRIPTOR SecurityDescriptor;
+ PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
BOOLEAN SdAllocated;
BOOLEAN Result = TRUE;
ACCESS_MASK GrantedAccess = 0;
{
POBJECT_HEADER ObjectHeader;
POBJECT_TYPE ObjectType;
- PSECURITY_DESCRIPTOR SecurityDescriptor;
+ PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
BOOLEAN SdAllocated;
BOOLEAN Result;
ACCESS_MASK GrantedAccess = 0;
return FALSE;
}
+ /* First try to perform a fast traverse check
+ * If it fails, then the entire access check will
+ * have to be done.
+ */
+ Result = SeFastTraverseCheck(SecurityDescriptor,
+ AccessState,
+ FILE_WRITE_DATA,
+ AccessMode);
+ if (Result)
+ {
+ ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
+ return TRUE;
+ }
+
/* Lock the security context */
SeLockSubjectContext(&AccessState->SubjectSecurityContext);
{
POBJECT_HEADER ObjectHeader;
POBJECT_TYPE ObjectType;
- PSECURITY_DESCRIPTOR SecurityDescriptor;
+ PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
BOOLEAN SdAllocated;
BOOLEAN Result;
ACCESS_MASK GrantedAccess = 0;
PAGED_CODE();
/* Check if we're dealing with a kernel handle */
- if (ObIsKernelHandle(Handle, ExGetPreviousMode()))
+ if (ObpIsKernelHandle(Handle, ExGetPreviousMode()))
{
/* Use the kernel table and convert the handle */
HandleTable = ObpKernelHandleTable;