X-Git-Url: https://git.reactos.org/?p=reactos.git;a=blobdiff_plain;f=reactos%2Fntoskrnl%2Fse%2Fsemgr.c;h=85cbead194ed8f249071c0eaccba1ce7e7969486;hp=4ceaa19c4afa3bbcad61ea7c4dda20d84ff93821;hb=78b292be2c29b5d925d90042ff1189688ed137d1;hpb=c71cdeb49d5e586a630e3ab5242cbe575e39a7ad diff --git a/reactos/ntoskrnl/se/semgr.c b/reactos/ntoskrnl/se/semgr.c index 4ceaa19c4af..85cbead194e 100644 --- a/reactos/ntoskrnl/se/semgr.c +++ b/reactos/ntoskrnl/se/semgr.c @@ -348,22 +348,18 @@ SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, } } -/* PUBLIC FUNCTIONS ***********************************************************/ - -/* - * @implemented - */ BOOLEAN NTAPI -SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, - IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, - IN BOOLEAN SubjectContextLocked, - IN ACCESS_MASK DesiredAccess, - IN ACCESS_MASK PreviouslyGrantedAccess, - OUT PPRIVILEGE_SET* Privileges, - IN PGENERIC_MAPPING GenericMapping, - IN KPROCESSOR_MODE AccessMode, - OUT PACCESS_MASK GrantedAccess, - OUT PNTSTATUS AccessStatus) +SepAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, + IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, + IN BOOLEAN SubjectContextLocked, + IN ACCESS_MASK DesiredAccess, + IN ACCESS_MASK PreviouslyGrantedAccess, + OUT PPRIVILEGE_SET* Privileges, + IN PGENERIC_MAPPING GenericMapping, + IN KPROCESSOR_MODE AccessMode, + OUT PACCESS_MASK GrantedAccess, + OUT PNTSTATUS AccessStatus, + SECURITY_IMPERSONATION_LEVEL LowestImpersonationLevel) { LUID_AND_ATTRIBUTES Privilege; ACCESS_MASK CurrentAccess, AccessMask; @@ -409,7 +405,7 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, /* Check for invalid impersonation */ if ((SubjectSecurityContext->ClientToken) && - (SubjectSecurityContext->ImpersonationLevel < SecurityImpersonation)) + (SubjectSecurityContext->ImpersonationLevel < LowestImpersonationLevel)) { *AccessStatus = STATUS_BAD_IMPERSONATION_LEVEL; return FALSE; @@ -619,6 +615,37 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, } } +/* PUBLIC FUNCTIONS ***********************************************************/ + +/* + * @implemented + */ +BOOLEAN NTAPI +SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, + IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, + IN BOOLEAN SubjectContextLocked, + IN ACCESS_MASK DesiredAccess, + IN ACCESS_MASK PreviouslyGrantedAccess, + OUT PPRIVILEGE_SET* Privileges, + IN PGENERIC_MAPPING GenericMapping, + IN KPROCESSOR_MODE AccessMode, + OUT PACCESS_MASK GrantedAccess, + OUT PNTSTATUS AccessStatus) +{ + /* Call the internal function */ + return SepAccessCheck(SecurityDescriptor, + SubjectSecurityContext, + SubjectContextLocked, + DesiredAccess, + PreviouslyGrantedAccess, + Privileges, + GenericMapping, + AccessMode, + GrantedAccess, + AccessStatus, + SecurityImpersonation); +} + /* SYSTEM CALLS ***************************************************************/ /* @@ -691,16 +718,17 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, SeLockSubjectContext(&SubjectSecurityContext); /* Now perform the access check */ - SeAccessCheck(SecurityDescriptor, - &SubjectSecurityContext, - TRUE, - DesiredAccess, - 0, - &PrivilegeSet, //FIXME - GenericMapping, - PreviousMode, - GrantedAccess, - AccessStatus); + SepAccessCheck(SecurityDescriptor, + &SubjectSecurityContext, + TRUE, + DesiredAccess, + 0, + &PrivilegeSet, //FIXME + GenericMapping, + PreviousMode, + GrantedAccess, + AccessStatus, + SecurityIdentification); /* Unlock subject context and dereference the token */ SeUnlockSubjectContext(&SubjectSecurityContext);