From: Eric Kohl Date: Sat, 29 May 2010 20:40:28 +0000 (+0000) Subject: [FORMATTING] X-Git-Tag: backups/header-work@57446~11^2~189 X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=6af485d3aaf3a567504048d983f7caa429e8145c [FORMATTING] No code changes. svn path=/trunk/; revision=47428 --- diff --git a/reactos/lib/rtl/process.c b/reactos/lib/rtl/process.c index 5d6c6896a04..50e36eb38d5 100644 --- a/reactos/lib/rtl/process.c +++ b/reactos/lib/rtl/process.c @@ -43,7 +43,7 @@ RtlpMapFile(PUNICODE_STRING ImageFileName, if (!NT_SUCCESS(Status)) { DPRINT1("Failed to read image file from disk\n"); - return(Status); + return Status; } /* Now create a section for this image */ @@ -94,7 +94,7 @@ RtlpInitEnvironment(HANDLE ProcessHandle, if (!NT_SUCCESS(Status)) { DPRINT1("Failed to reserve 1MB of space \n"); - return(Status); + return Status; } } @@ -118,7 +118,7 @@ RtlpInitEnvironment(HANDLE ProcessHandle, if (!NT_SUCCESS(Status)) { DPRINT1("Failed to allocate Environment Block\n"); - return(Status); + return Status; } /* Write the Environment Block */ @@ -144,7 +144,7 @@ RtlpInitEnvironment(HANDLE ProcessHandle, if (!NT_SUCCESS(Status)) { DPRINT1("Failed to allocate Parameter Block\n"); - return(Status); + return Status; } /* Write the Parameter Block */ @@ -245,7 +245,7 @@ RtlCreateUserProcess(IN PUNICODE_STRING ImageFileName, { DPRINT1("Could not create Kernel Process Object\n"); ZwClose(hSection); - return(Status); + return Status; } /* Get some information on the image */ @@ -259,7 +259,7 @@ RtlCreateUserProcess(IN PUNICODE_STRING ImageFileName, DPRINT1("Could not query Section Info\n"); ZwClose(ProcessInfo->ProcessHandle); ZwClose(hSection); - return(Status); + return Status; } /* Get some information about the process */ @@ -273,7 +273,7 @@ RtlCreateUserProcess(IN PUNICODE_STRING ImageFileName, DPRINT1("Could not query Process Info\n"); ZwClose(ProcessInfo->ProcessHandle); ZwClose(hSection); - return(Status); + return Status; } /* Create Process Environment */ @@ -312,22 +312,21 @@ PVOID NTAPI RtlEncodePointer(IN PVOID Pointer) { - ULONG Cookie; - NTSTATUS Status; - - Status = ZwQueryInformationProcess(NtCurrentProcess(), - ProcessCookie, - &Cookie, - sizeof(Cookie), - NULL); - - if(!NT_SUCCESS(Status)) - { - DPRINT1("Failed to receive the process cookie! Status: 0x%lx\n", Status); - return Pointer; - } - - return (PVOID)((ULONG_PTR)Pointer ^ Cookie); + ULONG Cookie; + NTSTATUS Status; + + Status = ZwQueryInformationProcess(NtCurrentProcess(), + ProcessCookie, + &Cookie, + sizeof(Cookie), + NULL); + if(!NT_SUCCESS(Status)) + { + DPRINT1("Failed to receive the process cookie! Status: 0x%lx\n", Status); + return Pointer; + } + + return (PVOID)((ULONG_PTR)Pointer ^ Cookie); } /* @@ -337,7 +336,7 @@ PVOID NTAPI RtlDecodePointer(IN PVOID Pointer) { - return RtlEncodePointer(Pointer); + return RtlEncodePointer(Pointer); } /* diff --git a/reactos/ntoskrnl/se/sd.c b/reactos/ntoskrnl/se/sd.c index a0cb2cc5595..0e0eadcea36 100644 --- a/reactos/ntoskrnl/se/sd.c +++ b/reactos/ntoskrnl/se/sd.c @@ -249,9 +249,11 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length == sizeof(SECURITY_QUALITY_OF_SERVICE)) { - /* don't allocate memory here because ExAllocate should bugcheck - the system if it's buggy, SEH would catch that! So make a local - copy of the qos structure.*/ + /* + * Don't allocate memory here because ExAllocate should bugcheck + * the system if it's buggy, SEH would catch that! So make a local + * copy of the qos structure. + */ RtlCopyMemory(&SafeQos, ObjectAttributes->SecurityQualityOfService, sizeof(SECURITY_QUALITY_OF_SERVICE)); @@ -407,8 +409,10 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _SEH2_TRY { - /* first only probe and copy until the control field of the descriptor - to determine whether it's a self-relative descriptor */ + /* + * First only probe and copy until the control field of the descriptor + * to determine whether it's a self-relative descriptor + */ DescriptorSize = FIELD_OFFSET(SECURITY_DESCRIPTOR, Owner); ProbeForRead(OriginalSecurityDescriptor, @@ -420,22 +424,24 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _SEH2_YIELD(return STATUS_UNKNOWN_REVISION); } - /* make a copy on the stack */ + /* Make a copy on the stack */ DescriptorCopy.Revision = OriginalSecurityDescriptor->Revision; DescriptorCopy.Sbz1 = OriginalSecurityDescriptor->Sbz1; DescriptorCopy.Control = OriginalSecurityDescriptor->Control; DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ? sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR)); - /* probe and copy the entire security descriptor structure. The SIDs - and ACLs will be probed and copied later though */ + /* + * Probe and copy the entire security descriptor structure. The SIDs + * and ACLs will be probed and copied later though + */ ProbeForRead(OriginalSecurityDescriptor, DescriptorSize, sizeof(ULONG)); if (DescriptorCopy.Control & SE_SELF_RELATIVE) { PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor; - + DescriptorCopy.Owner = (PSID)RelSD->Owner; DescriptorCopy.Group = (PSID)RelSD->Group; DescriptorCopy.Sacl = (PACL)RelSD->Sacl; @@ -468,12 +474,12 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, } else { - if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1) + if (OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1) { return STATUS_UNKNOWN_REVISION; } - /* make a copy on the stack */ + /* Make a copy on the stack */ DescriptorCopy.Revision = OriginalSecurityDescriptor->Revision; DescriptorCopy.Sbz1 = OriginalSecurityDescriptor->Sbz1; DescriptorCopy.Control = OriginalSecurityDescriptor->Control; @@ -482,7 +488,7 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, if (DescriptorCopy.Control & SE_SELF_RELATIVE) { PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor; - + DescriptorCopy.Owner = (PSID)RelSD->Owner; DescriptorCopy.Group = (PSID)RelSD->Group; DescriptorCopy.Sacl = (PACL)RelSD->Sacl; @@ -499,9 +505,11 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, if (DescriptorCopy.Control & SE_SELF_RELATIVE) { - /* in case we're dealing with a self-relative descriptor, do a basic convert - to an absolute descriptor. We do this so we can simply access the data - using the pointers without calculating them again. */ + /* + * In case we're dealing with a self-relative descriptor, do a basic convert + * to an absolute descriptor. We do this so we can simply access the data + * using the pointers without calculating them again. + */ DescriptorCopy.Control &= ~SE_SELF_RELATIVE; if (DescriptorCopy.Owner != NULL) { @@ -521,7 +529,7 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, } } - /* determine the size of the SIDs */ + /* Determine the size of the SIDs */ #define DetermineSIDSize(SidType) \ do { \ if(DescriptorCopy.SidType != NULL) \ @@ -530,7 +538,7 @@ SID *SidType = (SID*)DescriptorCopy.SidType; \ \ if(CurrentMode != KernelMode) \ { \ -/* securely access the buffers! */ \ +/* Securely access the buffers! */ \ _SEH2_TRY \ { \ SidType##SAC = ProbeForReadUchar(&SidType->SubAuthorityCount); \ @@ -561,7 +569,7 @@ DescriptorSize += ROUND_UP(SidType##Size, sizeof(ULONG)); \ #undef DetermineSIDSize - /* determine the size of the ACLs */ + /* Determine the size of the ACLs */ #define DetermineACLSize(AclType, AclFlag) \ do { \ if((DescriptorCopy.Control & SE_##AclFlag##_PRESENT) && \ @@ -571,7 +579,7 @@ PACL AclType = (PACL)DescriptorCopy.AclType; \ \ if(CurrentMode != KernelMode) \ { \ -/* securely access the buffers! */ \ +/* Securely access the buffers! */ \ _SEH2_TRY \ { \ AclType##Size = ProbeForReadUshort(&AclType->AclSize); \ @@ -604,27 +612,31 @@ DescriptorCopy.AclType = NULL; \ #undef DetermineACLSize - /* allocate enough memory to store a complete copy of a self-relative - security descriptor */ + /* + * Allocate enough memory to store a complete copy of a self-relative + * security descriptor + */ NewDescriptor = ExAllocatePoolWithTag(PoolType, DescriptorSize, TAG_SD); - if(NewDescriptor != NULL) + if (NewDescriptor != NULL) { ULONG_PTR Offset = sizeof(SECURITY_DESCRIPTOR); - + RtlZeroMemory(NewDescriptor, DescriptorSize); NewDescriptor->Revision = DescriptorCopy.Revision; NewDescriptor->Sbz1 = DescriptorCopy.Sbz1; NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE; - + _SEH2_TRY { - /* setup the offsets and copy the SIDs and ACLs to the new - self-relative security descriptor. Probing the pointers is not - neccessary anymore as we did that when collecting the sizes! - Make sure to validate the SIDs and ACLs *again* as they could have - been modified in the meanwhile! */ + /* + * Setup the offsets and copy the SIDs and ACLs to the new + * self-relative security descriptor. Probing the pointers is not + * neccessary anymore as we did that when collecting the sizes! + * Make sure to validate the SIDs and ACLs *again* as they could have + * been modified in the meanwhile! + */ #define CopySID(Type) \ do { \ if(DescriptorCopy.Type != NULL) \ @@ -673,14 +685,16 @@ Offset += ROUND_UP(Type##Size, sizeof(ULONG)); \ } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { - /* we failed to copy the data to the new descriptor */ + /* We failed to copy the data to the new descriptor */ ExFreePool(NewDescriptor); _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; - /* we're finally done! copy the pointer to the captured descriptor to - to the caller */ + /* + * We're finally done! + * Copy the pointer to the captured descriptor to to the caller. + */ *CapturedSecurityDescriptor = NewDescriptor; return STATUS_SUCCESS; } @@ -691,7 +705,7 @@ Offset += ROUND_UP(Type##Size, sizeof(ULONG)); \ } else { - /* nothing to do... */ + /* Nothing to do... */ *CapturedSecurityDescriptor = NULL; } @@ -765,6 +779,7 @@ SeQuerySecurityDescriptorInfo(IN PSECURITY_INFORMATION SecurityInformation, Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd); DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4); } + Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT)); } @@ -776,6 +791,7 @@ SeQuerySecurityDescriptorInfo(IN PSECURITY_INFORMATION SecurityInformation, Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd); SaclLength = ROUND_UP(Sacl->AclSize, 4); } + Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT)); } @@ -846,14 +862,16 @@ SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, { PAGED_CODE(); - /* WARNING! You need to call this function with the same value for CurrentMode - and CaptureIfKernelMode that you previously passed to - SeCaptureSecurityDescriptor() in order to avoid memory leaks! */ - if(CapturedSecurityDescriptor != NULL && - (CurrentMode != KernelMode || - (CurrentMode == KernelMode && CaptureIfKernelMode))) + /* + * WARNING! You need to call this function with the same value for CurrentMode + * and CaptureIfKernelMode that you previously passed to + * SeCaptureSecurityDescriptor() in order to avoid memory leaks! + */ + if (CapturedSecurityDescriptor != NULL && + (CurrentMode != KernelMode || + (CurrentMode == KernelMode && CaptureIfKernelMode))) { - /* only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */ + /* Only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */ ExFreePoolWithTag(CapturedSecurityDescriptor, TAG_SD); } @@ -888,8 +906,9 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL, ObjectSd = *ObjectsSecurityDescriptor; + /* The object does not have a security descriptor. */ if (!ObjectSd) - return STATUS_NO_SECURITY_ON_OBJECT; // The object does not have a security descriptor. + return STATUS_NO_SECURITY_ON_OBJECT; SecurityInformation = *_SecurityInformation; @@ -1074,8 +1093,9 @@ SeSetSecurityDescriptorInfoEx(IN PVOID Object OPTIONAL, { PISECURITY_DESCRIPTOR ObjectSd = *ObjectsSecurityDescriptor; + /* The object does not have a security descriptor. */ if (!ObjectSd) - return STATUS_NO_SECURITY_ON_OBJECT; // The object does not have a security descriptor. + return STATUS_NO_SECURITY_ON_OBJECT; UNIMPLEMENTED; return STATUS_NOT_IMPLEMENTED; diff --git a/reactos/ntoskrnl/se/token.c b/reactos/ntoskrnl/se/token.c index 7bb2d95bb54..30f7fc84bef 100644 --- a/reactos/ntoskrnl/se/token.c +++ b/reactos/ntoskrnl/se/token.c @@ -790,10 +790,10 @@ SepCreateSystemProcessToken(VOID) Privileges[i].Attributes = 0; Privileges[i++].Luid = SeTakeOwnershipPrivilege; - Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED; + Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED; Privileges[i++].Luid = SeCreatePagefilePrivilege; - Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED; + Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED; Privileges[i++].Luid = SeLockMemoryPrivilege; Privileges[i].Attributes = 0; @@ -802,16 +802,16 @@ SepCreateSystemProcessToken(VOID) Privileges[i].Attributes = 0; Privileges[i++].Luid = SeIncreaseQuotaPrivilege; - Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED; + Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED; Privileges[i++].Luid = SeIncreaseBasePriorityPrivilege; - Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED; + Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED; Privileges[i++].Luid = SeCreatePermanentPrivilege; - Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED; + Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED; Privileges[i++].Luid = SeDebugPrivilege; - Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED; + Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED; Privileges[i++].Luid = SeAuditPrivilege; Privileges[i].Attributes = 0; @@ -820,7 +820,7 @@ SepCreateSystemProcessToken(VOID) Privileges[i].Attributes = 0; Privileges[i++].Luid = SeSystemEnvironmentPrivilege; - Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED; + Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED; Privileges[i++].Luid = SeChangeNotifyPrivilege; Privileges[i].Attributes = 0; @@ -835,7 +835,7 @@ SepCreateSystemProcessToken(VOID) Privileges[i].Attributes = 0; Privileges[i++].Luid = SeLoadDriverPrivilege; - Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED; + Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED; Privileges[i++].Luid = SeProfileSingleProcessPrivilege; Privileges[i].Attributes = 0; @@ -1709,7 +1709,7 @@ NtSetInformationToken(IN HANDLE TokenHandle, { PACL CapturedAcl; - /* capture and copy the dacl */ + /* Capture and copy the dacl */ Status = SepCaptureAcl(InputAcl, PreviousMode, PagedPool, @@ -1717,19 +1717,19 @@ NtSetInformationToken(IN HANDLE TokenHandle, &CapturedAcl); if (NT_SUCCESS(Status)) { - /* free the previous dacl if present */ + /* Free the previous dacl if present */ if(Token->DefaultDacl != NULL) { ExFreePool(Token->DefaultDacl); } - /* set the new dacl */ + /* Set the new dacl */ Token->DefaultDacl = CapturedAcl; } } else { - /* clear and free the default dacl if present */ + /* Clear and free the default dacl if present */ if (Token->DefaultDacl != NULL) { ExFreePool(Token->DefaultDacl); @@ -1750,7 +1750,7 @@ NtSetInformationToken(IN HANDLE TokenHandle, _SEH2_TRY { - /* buffer size was already verified, no need to check here again */ + /* Buffer size was already verified, no need to check here again */ SessionId = *(PULONG)TokenInformation; } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) @@ -1880,7 +1880,7 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle, } } - /* free the captured structure */ + /* Free the captured structure */ SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService, PreviousMode, FALSE); @@ -1997,7 +1997,8 @@ NtAdjustPrivilegesToken(IN HANDLE TokenHandle, } else { - /* FIXME: Should revert all the changes, calculate how + /* + * FIXME: Should revert all the changes, calculate how * much space would be needed, set ResultLength * accordingly and fail. */ @@ -2044,7 +2045,8 @@ NtAdjustPrivilegesToken(IN HANDLE TokenHandle, } else { - /* FIXME: Should revert all the changes, calculate how + /* + * FIXME: Should revert all the changes, calculate how * much space would be needed, set ResultLength * accordingly and fail. */