ReactOS  r75214
ob.h File Reference
#include "ob_x.h"
Include dependency graph for ob.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  _OBP_SET_HANDLE_ATTRIBUTES_CONTEXT
 
struct  _OBP_CLOSE_HANDLE_CONTEXT
 
struct  _OBP_FIND_HANDLE_DATA
 
struct  _SECURITY_DESCRIPTOR_HEADER
 
struct  _OB_SD_CACHE_LIST
 
union  ALIGNEDNAME
 
struct  _OB_TEMP_BUFFER
 

Macros

#define _OB_DEBUG_   0x00
 
#define OB_HANDLE_DEBUG   0x01
 
#define OB_NAMESPACE_DEBUG   0x02
 
#define OB_SECURITY_DEBUG   0x04
 
#define OB_REFERENCE_DEBUG   0x08
 
#define OB_CALLBACK_DEBUG   0x10
 
#define OBTRACE(x, fmt,...)   DPRINT(fmt, ##__VA_ARGS__)
 
#define GENERIC_ACCESS
 
#define OBJ_PROTECT_CLOSE   0x01
 
#define OBJ_AUDIT_OBJECT_CLOSE   0x04
 
#define OBJ_HANDLE_ATTRIBUTES
 
#define KERNEL_HANDLE_FLAG   0x80000000
 
#define ObpIsKernelHandle(Handle, ProcessorMode)
 
#define ObKernelHandleToHandle(Handle)   (HANDLE)((ULONG_PTR)(Handle) & ~KERNEL_HANDLE_FLAG)
 
#define ObMarkHandleAsKernelHandle(Handle)   (HANDLE)((ULONG_PTR)(Handle) | KERNEL_HANDLE_FLAG)
 
#define ObpGetHandleObject(x)   ((POBJECT_HEADER)((ULONG_PTR)x->Object & ~OBJ_HANDLE_ATTRIBUTES))
 
#define ObpGetHeaderForSd(x)   CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, SecurityDescriptor)
 
#define ObpGetHeaderForEntry(x)   CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, Link)
 
#define TAG_OB_TEMP_STORAGE   'tSbO'
 

Typedefs

typedef struct
_OBP_SET_HANDLE_ATTRIBUTES_CONTEXT 
OBP_SET_HANDLE_ATTRIBUTES_CONTEXT
 
typedef struct
_OBP_SET_HANDLE_ATTRIBUTES_CONTEXT
POBP_SET_HANDLE_ATTRIBUTES_CONTEXT
 
typedef struct
_OBP_CLOSE_HANDLE_CONTEXT 
OBP_CLOSE_HANDLE_CONTEXT
 
typedef struct
_OBP_CLOSE_HANDLE_CONTEXT
POBP_CLOSE_HANDLE_CONTEXT
 
typedef struct
_OBP_FIND_HANDLE_DATA 
OBP_FIND_HANDLE_DATA
 
typedef struct
_OBP_FIND_HANDLE_DATA
POBP_FIND_HANDLE_DATA
 
typedef struct
_SECURITY_DESCRIPTOR_HEADER 
SECURITY_DESCRIPTOR_HEADER
 
typedef struct
_SECURITY_DESCRIPTOR_HEADER
PSECURITY_DESCRIPTOR_HEADER
 
typedef struct _OB_SD_CACHE_LIST OB_SD_CACHE_LIST
 
typedef struct _OB_SD_CACHE_LISTPOB_SD_CACHE_LIST
 
typedef struct _OB_TEMP_BUFFER OB_TEMP_BUFFER
 
typedef struct _OB_TEMP_BUFFERPOB_TEMP_BUFFER
 

Functions

BOOLEAN NTAPI ObInitSystem (VOID)
 
VOID NTAPI ObShutdownSystem (VOID)
 
BOOLEAN NTAPI ObpDeleteEntryDirectory (IN POBP_LOOKUP_CONTEXT Context)
 
BOOLEAN NTAPI ObpInsertEntryDirectory (IN POBJECT_DIRECTORY Parent, IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_HEADER ObjectHeader)
 
PVOID NTAPI ObpLookupEntryDirectory (IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
 
VOID NTAPI ObpDeleteSymbolicLink (IN PVOID ObjectBody)
 
NTSTATUS NTAPI ObpParseSymbolicLink (IN PVOID ParsedObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING FullPath, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *NextObject)
 
VOID NTAPI ObpCreateSymbolicLinkName (IN POBJECT_SYMBOLIC_LINK SymbolicLink)
 
VOID NTAPI ObpDeleteSymbolicLinkName (IN POBJECT_SYMBOLIC_LINK SymbolicLink)
 
NTSTATUS NTAPI ObInitProcess (IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
 
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable (IN PEPROCESS Process)
 
VOID NTAPI ObDereferenceProcessHandleTable (IN PEPROCESS Process)
 
VOID NTAPI ObKillProcess (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObpLookupObjectName (IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
 
BOOLEAN NTAPI ObpSetHandleAttributes (IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
 
VOID NTAPI ObQueryDeviceMapInformation (IN PEPROCESS Process, OUT PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo)
 
VOID NTAPI ObpDeleteObject (IN PVOID Object, IN BOOLEAN CalledFromWorkerThread)
 
LONG FASTCALL ObDereferenceObjectEx (IN PVOID Object, IN LONG Count)
 
LONG FASTCALL ObReferenceObjectEx (IN PVOID Object, IN LONG Count)
 
BOOLEAN FASTCALL ObReferenceObjectSafe (IN PVOID Object)
 
VOID NTAPI ObpReapObject (IN PVOID Unused)
 
VOID FASTCALL ObpSetPermanentObject (IN PVOID ObjectBody, IN BOOLEAN Permanent)
 
VOID NTAPI ObpDeleteNameCheck (IN PVOID Object)
 
VOID NTAPI ObClearProcessHandleTable (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObDuplicateObject (IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
 
VOID NTAPI ObFreeObjectCreateInfoBuffer (IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
 
VOID NTAPI ObpFreeObjectNameBuffer (IN PUNICODE_STRING Name)
 
VOID NTAPI ObpDeleteObjectType (IN PVOID Object)
 
NTSTATUS NTAPI ObpCreateDeviceMap (IN HANDLE DirectoryHandle)
 
VOID NTAPI ObDereferenceDeviceMap (IN PEPROCESS Process)
 
VOID FASTCALL ObfDereferenceDeviceMap (IN PDEVICE_MAP DeviceMap)
 
VOID NTAPI ObInheritDeviceMap (IN PEPROCESS Parent, IN PEPROCESS Process)
 
NTSTATUS NTAPI ObpCreateDosDevicesDirectory (VOID)
 
NTSTATUS NTAPI ObpInitSdCache (VOID)
 
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor (IN POBJECT_HEADER ObjectHeader)
 
BOOLEAN NTAPI ObCheckObjectAccess (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
 
BOOLEAN NTAPI ObCheckCreateObjectAccess (IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckTraverseAccess (IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckObjectReference (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor (IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
 
NTSTATUS NTAPI ObDeassignSecurity (IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
 
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
 
NTSTATUS NTAPI ObSetSecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
 
VOID FASTCALL ObInitializeFastReference (IN PEX_FAST_REF FastRef, IN PVOID Object)
 
PVOID FASTCALL ObFastReplaceObject (IN PEX_FAST_REF FastRef, IN PVOID Object)
 
PVOID FASTCALL ObFastReferenceObject (IN PEX_FAST_REF FastRef)
 
PVOID FASTCALL ObFastReferenceObjectLocked (IN PEX_FAST_REF FastRef)
 
VOID FASTCALL ObFastDereferenceObject (IN PEX_FAST_REF FastRef, IN PVOID Object)
 
NTSTATUS NTAPI ObpCaptureObjectName (IN PUNICODE_STRING CapturedName, IN PUNICODE_STRING ObjectName, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN AllocateFromLookaside)
 
NTSTATUS NTAPI ObpCaptureObjectCreateInformation (IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
 
ULONG NTAPI ObGetProcessHandleCount (IN PEPROCESS Process)
 

Variables

ULONG ObpTraceLevel
 
KEVENT ObpDefaultObject
 
KGUARDED_MUTEX ObpDeviceMapLock
 
POBJECT_TYPE ObpTypeObjectType
 
POBJECT_TYPE ObSymbolicLinkType
 
POBJECT_DIRECTORY ObpRootDirectoryObject
 
POBJECT_DIRECTORY ObpTypeDirectoryObject
 
PHANDLE_TABLE ObpKernelHandleTable
 
WORK_QUEUE_ITEM ObpReaperWorkItem
 
volatile PVOID ObpReaperList
 
GENERAL_LOOKASIDE ObpNameBufferLookasideList
 
GENERAL_LOOKASIDE ObpCreateInfoLookasideList
 
BOOLEAN IoCountOperations
 
ALIGNEDNAME ObpDosDevicesShortNamePrefix
 
ALIGNEDNAME ObpDosDevicesShortNameRoot
 
UNICODE_STRING ObpDosDevicesShortName
 

Macro Definition Documentation

#define _OB_DEBUG_   0x00

Definition at line 12 of file ob.h.

#define GENERIC_ACCESS
Value:
#define GENERIC_ALL
Definition: nt_native.h:92
#define GENERIC_WRITE
Definition: nt_native.h:90
#define GENERIC_READ
Definition: compat.h:124
#define GENERIC_EXECUTE
Definition: nt_native.h:91

Definition at line 40 of file ob.h.

#define KERNEL_HANDLE_FLAG   0x80000000

Definition at line 62 of file ob.h.

#define OB_CALLBACK_DEBUG   0x10

Definition at line 21 of file ob.h.

#define OB_NAMESPACE_DEBUG   0x02

Definition at line 18 of file ob.h.

Referenced by ObpLookupObjectName().

#define OB_REFERENCE_DEBUG   0x08

Definition at line 20 of file ob.h.

#define OB_SECURITY_DEBUG   0x04

Definition at line 19 of file ob.h.

#define OBJ_AUDIT_OBJECT_CLOSE   0x04

Definition at line 51 of file ob.h.

Referenced by ObDuplicateObject(), ObpCreateHandle(), and ObQueryObjectAuditingByHandle().

#define OBJ_PROTECT_CLOSE   0x01

Definition at line 49 of file ob.h.

Referenced by NtQueryObject(), and ObpCloseHandleTableEntry().

#define ObMarkHandleAsKernelHandle (   Handle)    (HANDLE)((ULONG_PTR)(Handle) | KERNEL_HANDLE_FLAG)

Definition at line 75 of file ob.h.

Referenced by ObDuplicateObject(), ObpCreateHandle(), and ObpCreateUnnamedHandle().

#define ObpGetHeaderForEntry (   x)    CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, Link)

Definition at line 93 of file ob.h.

Referenced by ObLogSecurityDescriptor().

#define ObpIsKernelHandle (   Handle,
  ProcessorMode 
)
Value:
((ProcessorMode) == KernelMode) && \
((Handle) != NtCurrentProcess()) && \
#define NtCurrentThread()
#define NtCurrentProcess()
Definition: nt_native.h:1657
_In_ HANDLE Handle
Definition: extypes.h:390
#define ULONG_PTR
Definition: config.h:101
#define KERNEL_HANDLE_FLAG
Definition: ob.h:62

Definition at line 64 of file ob.h.

Referenced by NtSetInformationObject(), NtWaitForMultipleObjects(), ObIsKernelHandle(), ObpCloseHandle(), ObQueryObjectAuditingByHandle(), and ObSetHandleAttributes().

#define TAG_OB_TEMP_STORAGE   'tSbO'

Definition at line 150 of file ob.h.

Referenced by ObOpenObjectByName().

Typedef Documentation

Function Documentation

NTSTATUS NTAPI ObAssignObjectSecurityDescriptor ( IN PVOID  Object,
IN PSECURITY_DESCRIPTOR SecurityDescriptor  OPTIONAL,
IN POOL_TYPE  PoolType 
)

Definition at line 20 of file obsecure.c.

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

23 {
24  POBJECT_HEADER ObjectHeader;
27  PEX_FAST_REF FastRef;
28  PAGED_CODE();
29 
30  /* Get the object header */
31  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
32  FastRef = (PEX_FAST_REF)&ObjectHeader->SecurityDescriptor;
34  {
35  /* Nothing to assign */
37  return STATUS_SUCCESS;
38  }
39 
40  /* Add it to our internal cache */
42  &NewSd,
43  MAX_FAST_REFS + 1);
44  if (NT_SUCCESS(Status))
45  {
46  /* Free the old copy */
48 
49  /* Set the new pointer */
50  ASSERT(NewSd);
51  ExInitializeFastReference(FastRef, NewSd);
52  }
53 
54  /* Return status */
55  return Status;
56 }
#define STATUS_SUCCESS
Definition: contextmenu.cpp:55
FORCEINLINE VOID ExInitializeFastReference(OUT PEX_FAST_REF FastRef, IN OPTIONAL PVOID Object)
Definition: ex.h:536
struct _EX_FAST_REF * PEX_FAST_REF
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
smooth NULL
Definition: ftsmooth.c:513
#define TAG_SD
Definition: tag.h:176
if(!(yy_init))
Definition: macro.lex.yy.c:704
#define PAGED_CODE()
Definition: video.h:57
static IUnknown Object
Definition: main.c:512
NTSTATUS NTAPI ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN ULONG RefBias)
Definition: obsdcach.c:364
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: cmd.c:149
LONG NTSTATUS
Definition: DriverTester.h:11
#define MAX_FAST_REFS
Definition: ex.h:118
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1097
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:497
BOOLEAN NTAPI ObCheckCreateObjectAccess ( IN PVOID  Object,
IN ACCESS_MASK  CreateAccess,
IN PACCESS_STATE  AccessState,
IN PUNICODE_STRING  ComponentName,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 203 of file obsecure.c.

Referenced by ObpLookupObjectName().

210 {
211  POBJECT_HEADER ObjectHeader;
214  BOOLEAN SdAllocated;
215  BOOLEAN Result = TRUE;
219  PAGED_CODE();
220 
221  /* Get the header and type */
222  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
223  ObjectType = ObjectHeader->Type;
224 
225  /* Get the security descriptor */
226  Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
227  if (!NT_SUCCESS(Status))
228  {
229  /* We failed */
230  *AccessStatus = Status;
231  return FALSE;
232  }
233 
234  /* Lock the security context */
235  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
236 
237  /* Check if we have an SD */
238  if (SecurityDescriptor)
239  {
240  /* Now do the entire access check */
241  Result = SeAccessCheck(SecurityDescriptor,
242  &AccessState->SubjectSecurityContext,
243  TRUE,
244  CreateAccess,
245  0,
246  &Privileges,
247  &ObjectType->TypeInfo.GenericMapping,
248  AccessMode,
249  &GrantedAccess,
250  AccessStatus);
251  if (Privileges)
252  {
253  /* We got privileges, append them to the access state and free them */
254  Status = SeAppendPrivileges(AccessState, Privileges);
255  SeFreePrivileges(Privileges);
256  }
257  }
258 
259  /* We're done, unlock the context and release security */
260  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
261  ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
262  return Result;
263 }
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
#define TRUE
Definition: types.h:120
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE ObjectType
Definition: security.c:80
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:332
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:310
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:407
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
smooth NULL
Definition: ftsmooth.c:513
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
unsigned char BOOLEAN
#define PAGED_CODE()
Definition: video.h:57
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: cmd.c:149
LONG NTSTATUS
Definition: DriverTester.h:11
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
POBJECT_TYPE Type
Definition: obtypes.h:487
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40
BOOLEAN NTAPI ObCheckObjectAccess ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  ReturnedStatus 
)

Definition at line 441 of file obsecure.c.

Referenced by CmpDoOpen(), and ObpIncrementHandleCount().

446 {
447  POBJECT_HEADER ObjectHeader;
450  BOOLEAN SdAllocated;
452  BOOLEAN Result;
455  PAGED_CODE();
456 
457  /* Get the object header and type */
458  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
459  ObjectType = ObjectHeader->Type;
460 
461  /* Get security information */
462  Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
463  if (!NT_SUCCESS(Status))
464  {
465  /* Return failure */
466  *ReturnedStatus = Status;
467  return FALSE;
468  }
469  else if (!SecurityDescriptor)
470  {
471  /* Otherwise, if we don't actually have an SD, return success */
472  *ReturnedStatus = Status;
473  return TRUE;
474  }
475 
476  /* Lock the security context */
477  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
478 
479  /* Now do the entire access check */
480  Result = SeAccessCheck(SecurityDescriptor,
481  &AccessState->SubjectSecurityContext,
482  TRUE,
483  AccessState->RemainingDesiredAccess,
484  AccessState->PreviouslyGrantedAccess,
485  &Privileges,
486  &ObjectType->TypeInfo.GenericMapping,
487  AccessMode,
488  &GrantedAccess,
489  ReturnedStatus);
490  if (Privileges)
491  {
492  /* We got privileges, append them to the access state and free them */
493  Status = SeAppendPrivileges(AccessState, Privileges);
494  SeFreePrivileges(Privileges);
495  }
496 
497  /* Check if access was granted */
498  if (Result)
499  {
500  /* Update the access state */
501  AccessState->RemainingDesiredAccess &= ~(GrantedAccess |
503  AccessState->PreviouslyGrantedAccess |= GrantedAccess;
504  }
505 
506  /* Do audit alarm */
507  SeOpenObjectAuditAlarm(&ObjectType->Name,
508  Object,
509  NULL,
510  SecurityDescriptor,
511  AccessState,
512  FALSE,
513  Result,
514  AccessMode,
515  &AccessState->GenerateOnClose);
516 
517  /* We're done, unlock the context and release security */
518  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
519  ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
520  return Result;
521 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
#define TRUE
Definition: types.h:120
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE ObjectType
Definition: security.c:80
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:332
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:310
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:407
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
smooth NULL
Definition: ftsmooth.c:513
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
unsigned char BOOLEAN
#define PAGED_CODE()
Definition: video.h:57
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
VOID NTAPI SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName, IN PVOID Object OPTIONAL, IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN BOOLEAN ObjectCreated, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode, OUT PBOOLEAN GenerateOnClose)
Definition: audit.c:803
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: cmd.c:149
LONG NTSTATUS
Definition: DriverTester.h:11
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
UNICODE_STRING Name
Definition: obtypes.h:383
POBJECT_TYPE Type
Definition: obtypes.h:487
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40
VOID NTAPI ObClearProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 2023 of file obhandle.c.

Referenced by NtTerminateProcess(), and PspTerminateProcess().

2024 {
2028  BOOLEAN AttachedToProcess = FALSE;
2029 
2030  ASSERT(Process);
2031 
2032  /* Ensure the handle table doesn't go away while we use it */
2033  HandleTable = ObReferenceProcessHandleTable(Process);
2034  if (!HandleTable) return;
2035 
2036  /* Attach to the current process if needed */
2037  if (PsGetCurrentProcess() != Process)
2038  {
2039  KeStackAttachProcess(&Process->Pcb, &ApcState);
2040  AttachedToProcess = TRUE;
2041  }
2042 
2043  /* Enter a critical region */
2045 
2046  /* Fill out the context */
2047  Context.AccessMode = UserMode;
2048  Context.HandleTable = HandleTable;
2049 
2050  /* Sweep the handle table to close all handles */
2051  ExSweepHandleTable(HandleTable,
2053  &Context);
2054 
2055  /* Leave the critical region */
2057 
2058  /* Detach if needed */
2059  if (AttachedToProcess)
2060  KeUnstackDetachProcess(&ApcState);
2061 
2062  /* Let the handle table go */
2064 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
#define TRUE
Definition: types.h:120
KAPC_STATE
Definition: ketypes.h:1258
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
PHANDLE_TABLE HandleTable
Definition: ob.h:107
#define FALSE
Definition: types.h:117
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:649
#define PsGetCurrentProcess
Definition: psfuncs.h:17
unsigned char BOOLEAN
#define KeEnterCriticalRegion()
Definition: ke_x.h:83
#define KeLeaveCriticalRegion()
Definition: ke_x.h:114
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:701
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1415
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1192
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
struct tagContext Context
Definition: acpixf.h:1013
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1920
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51
KPROCESSOR_MODE AccessMode
Definition: ob.h:108
NTSTATUS NTAPI ObDeassignSecurity ( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)

Definition at line 60 of file obsecure.c.

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

61 {
62  EX_FAST_REF FastRef;
63  ULONG Count;
64  PSECURITY_DESCRIPTOR OldSecurityDescriptor;
65 
66  /* Get the fast reference and capture it */
67  FastRef = *(PEX_FAST_REF)SecurityDescriptor;
68 
69  /* Don't free again later */
71 
72  /* Get the descriptor and reference count */
73  OldSecurityDescriptor = ExGetObjectFastReference(FastRef);
74  Count = ExGetCountFastReference(FastRef);
75 
76  /* Dereference the descriptor */
77  ObDereferenceSecurityDescriptor(OldSecurityDescriptor, Count + 1);
78 
79  /* All done */
80  return STATUS_SUCCESS;
81 }
#define STATUS_SUCCESS
Definition: contextmenu.cpp:55
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:520
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
Definition: obsdcach.c:287
struct _EX_FAST_REF * PEX_FAST_REF
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
Definition: exfuncs.h:1015
smooth NULL
Definition: ftsmooth.c:513
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:528
unsigned int ULONG
Definition: retypes.h:1
VOID NTAPI ObDereferenceDeviceMap ( IN PEPROCESS  Process)

Definition at line 72 of file devicemap.c.

Referenced by PspDeleteProcess().

73 {
74  PDEVICE_MAP DeviceMap;
75 
76  DPRINT("ObDereferenceDeviceMap()\n");
77 
78  /* Get the pointer to this process devicemap and reset it
79  holding the device map lock */
81  DeviceMap = Process->DeviceMap;
82  Process->DeviceMap = NULL;
84 
85  /* Continue only if there is a device map */
86  if (DeviceMap == NULL)
87  return;
88 
89  /* Acquire the device map lock again */
91 
92  /* Decrement the reference counter */
93  DeviceMap->ReferenceCount--;
94  DPRINT("ReferenceCount: %lu\n", DeviceMap->ReferenceCount);
95 
96  /* Leave, if there are still references to this device map */
97  if (DeviceMap->ReferenceCount != 0)
98  {
99  /* Release the device map lock and leave */
101  return;
102  }
103 
104  /* Nobody is referencing it anymore, unlink the DOS directory */
105  DeviceMap->DosDevicesDirectory->DeviceMap = NULL;
106 
107  /* Release the device map lock */
109 
110  /* Dereference the DOS Devices Directory and free the DeviceMap */
112  ExFreePoolWithTag(DeviceMap, 'mDbO');
113 }
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
smooth NULL
Definition: ftsmooth.c:513
void DPRINT(...)
Definition: polytest.cpp:61
struct _DEVICE_MAP * DeviceMap
Definition: obtypes.h:418
ULONG ReferenceCount
Definition: obtypes.h:521
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
POBJECT_DIRECTORY DosDevicesDirectory
Definition: obtypes.h:519
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1097
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24
LONG FASTCALL ObDereferenceObjectEx ( IN PVOID  Object,
IN LONG  Count 
)

Definition at line 88 of file obref.c.

Referenced by ExpTimerApcKernelRoutine(), ExTimerRundown(), NtCancelTimer(), NtSetTimer(), ObFastReferenceObject(), ObFastReplaceObject(), and PspCreateThread().

90 {
92  LONG NewCount;
93 
94  /* Extract the object header */
96 
97  /* Check whether the object can now be deleted. */
98  NewCount = InterlockedExchangeAdd(&Header->PointerCount, -Count) - Count;
99  if (!NewCount) ObpDeferObjectDeletion(Header);
100 
101  /* Return the current count */
102  return NewCount;
103 }
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
Definition: exfuncs.h:1015
LONG PointerCount
Definition: obtypes.h:481
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
VOID NTAPI ObpDeferObjectDeletion(IN POBJECT_HEADER Header)
Definition: obref.c:53
Definition: Header.h:8
long LONG
Definition: pedump.c:60
#define InterlockedExchangeAdd
Definition: interlocked.h:181
static IUnknown Object
Definition: main.c:512
VOID NTAPI ObDereferenceProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 51 of file obhandle.c.

Referenced by ObClearProcessHandleTable(), ObDuplicateObject(), ObFindHandleForObject(), ObGetProcessHandleCount(), and ObInitProcess().

52 {
53  /* Release the process lock */
54  ExReleaseRundownProtection(&Process->RundownProtect);
55 }
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
NTSTATUS NTAPI ObDuplicateObject ( IN PEPROCESS  SourceProcess,
IN HANDLE  SourceHandle,
IN PEPROCESS TargetProcess  OPTIONAL,
IN PHANDLE TargetHandle  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
IN ULONG  Options,
IN KPROCESSOR_MODE  PreviousMode 
)

Definition at line 2200 of file obhandle.c.

Referenced by DbgkpOpenHandles(), and NtDuplicateObject().

2208 {
2209  HANDLE_TABLE_ENTRY NewHandleEntry;
2210  BOOLEAN AttachedToProcess = FALSE;
2211  PVOID SourceObject;
2212  POBJECT_HEADER ObjectHeader;
2214  HANDLE NewHandle;
2216  NTSTATUS Status;
2217  ACCESS_MASK TargetAccess, SourceAccess;
2220  AUX_ACCESS_DATA AuxData;
2223  ULONG AuditMask;
2225 
2226  PAGED_CODE();
2228  "%s - Duplicating handle: %p for %p into %p\n",
2229  __FUNCTION__,
2230  SourceHandle,
2231  SourceProcess,
2232  TargetProcess);
2233 
2234  /* Assume failure */
2235  if (TargetHandle) *TargetHandle = NULL;
2236 
2237  /* Check if we're not duplicating the same access */
2238  if (!(Options & DUPLICATE_SAME_ACCESS))
2239  {
2240  /* Validate the desired access */
2241  Status = STATUS_SUCCESS; //ObpValidateDesiredAccess(DesiredAccess);
2242  if (!NT_SUCCESS(Status)) return Status;
2243  }
2244 
2245  /* Reference the object table */
2246  HandleTable = ObReferenceProcessHandleTable(SourceProcess);
2247  if (!HandleTable) return STATUS_PROCESS_IS_TERMINATING;
2248 
2249  /* Reference the process object */
2251  SourceProcess,
2252  HandleTable,
2253  PreviousMode,
2254  &SourceObject,
2255  &HandleInformation,
2256  &AuditMask);
2257  if (!NT_SUCCESS(Status))
2258  {
2259  /* Fail */
2260  ObDereferenceProcessHandleTable(SourceProcess);
2261  return Status;
2262  }
2263  else
2264  {
2265  /* Check if we have to don't have to audit object close */
2266  if (!(HandleInformation.HandleAttributes & OBJ_AUDIT_OBJECT_CLOSE))
2267  {
2268  /* Then there is no audit mask */
2269  AuditMask = 0;
2270  }
2271  }
2272 
2273  /* Check if there's no target process */
2274  if (!TargetProcess)
2275  {
2276  /* Check if the caller wanted actual duplication */
2278  {
2279  /* Invalid request */
2280  Status = STATUS_INVALID_PARAMETER;
2281  }
2282  else
2283  {
2284  /* Otherwise, do the attach */
2285  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2286 
2287  /* Close the handle and detach */
2289  KeUnstackDetachProcess(&ApcState);
2290  }
2291 
2292  /* Return */
2293  ObDereferenceProcessHandleTable(SourceProcess);
2294  ObDereferenceObject(SourceObject);
2295  return Status;
2296  }
2297 
2298  /* Create a kernel handle if asked, but only in the system process */
2299  if (PreviousMode == KernelMode &&
2301  TargetProcess == PsInitialSystemProcess)
2302  {
2303  KernelHandle = TRUE;
2304  }
2305 
2306  /* Get the target handle table */
2307  HandleTable = ObReferenceProcessHandleTable(TargetProcess);
2308  if (!HandleTable)
2309  {
2310  /* Check if the caller wanted us to close the handle */
2312  {
2313  /* Do the attach */
2314  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2315 
2316  /* Close the handle and detach */
2318  KeUnstackDetachProcess(&ApcState);
2319  }
2320 
2321  /* Return */
2322  ObDereferenceProcessHandleTable(SourceProcess);
2323  ObDereferenceObject(SourceObject);
2325  }
2326 
2327  /* Get the source access */
2328  SourceAccess = HandleInformation.GrantedAccess;
2329 
2330  /* Check if we're not in the target process */
2331  if (TargetProcess != PsGetCurrentProcess())
2332  {
2333  /* Attach to it */
2334  KeStackAttachProcess(&TargetProcess->Pcb, &ApcState);
2335  AttachedToProcess = TRUE;
2336  }
2337 
2338  /* Check if we're duplicating the attributes */
2340  {
2341  /* Duplicate them */
2342  HandleAttributes = HandleInformation.HandleAttributes;
2343  }
2344  else
2345  {
2346  /* Don't allow caller to bypass auditing */
2347  HandleAttributes |= HandleInformation.HandleAttributes &
2349  }
2350 
2351  /* Check if we're duplicating the access */
2352  if (Options & DUPLICATE_SAME_ACCESS) DesiredAccess = SourceAccess;
2353 
2354  /* Get object data */
2355  ObjectHeader = OBJECT_TO_OBJECT_HEADER(SourceObject);
2356  ObjectType = ObjectHeader->Type;
2357 
2358  /* Fill out the entry */
2359  RtlZeroMemory(&NewHandleEntry, sizeof(HANDLE_TABLE_ENTRY));
2360  NewHandleEntry.Object = ObjectHeader;
2361  NewHandleEntry.ObAttributes |= (HandleAttributes & OBJ_HANDLE_ATTRIBUTES);
2362 
2363  /* Check if we're using a generic mask */
2365  {
2366  /* Map it */
2368  &ObjectType->TypeInfo.GenericMapping);
2369  }
2370 
2371  /* Set the target access, always propagate ACCESS_SYSTEM_SECURITY */
2372  TargetAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
2374  NewHandleEntry.GrantedAccess = TargetAccess;
2375 
2376  /* Check if we're asking for new access */
2377  if (TargetAccess & ~SourceAccess)
2378  {
2379  /* We are. We need the security procedure to validate this */
2381  {
2382  /* Use our built-in access state */
2383  PassedAccessState = &AccessState;
2384  Status = SeCreateAccessState(&AccessState,
2385  &AuxData,
2386  TargetAccess,
2387  &ObjectType->TypeInfo.GenericMapping);
2388  }
2389  else
2390  {
2391  /* Otherwise we can't allow this privilege elevation */
2392  Status = STATUS_ACCESS_DENIED;
2393  }
2394  }
2395  else
2396  {
2397  /* We don't need an access state */
2398  Status = STATUS_SUCCESS;
2399  }
2400 
2401  /* Make sure the access state was created OK */
2402  if (NT_SUCCESS(Status))
2403  {
2404  /* Add a new handle */
2405  Status = ObpIncrementHandleCount(SourceObject,
2406  PassedAccessState,
2407  PreviousMode,
2411  }
2412 
2413  /* Check if we were attached */
2414  if (AttachedToProcess)
2415  {
2416  /* We can safely detach now */
2417  KeUnstackDetachProcess(&ApcState);
2418  AttachedToProcess = FALSE;
2419  }
2420 
2421  /* Check if we have to close the source handle */
2423  {
2424  /* Attach and close */
2425  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2427  KeUnstackDetachProcess(&ApcState);
2428  }
2429 
2430  /* Check if we had an access state */
2431  if (PassedAccessState) SeDeleteAccessState(PassedAccessState);
2432 
2433  /* Now check if incrementing actually failed */
2434  if (!NT_SUCCESS(Status))
2435  {
2436  /* Dereference handle tables */
2437  ObDereferenceProcessHandleTable(SourceProcess);
2438  ObDereferenceProcessHandleTable(TargetProcess);
2439 
2440  /* Dereference the source object */
2441  ObDereferenceObject(SourceObject);
2442  return Status;
2443  }
2444 
2445  /* Now create the handle */
2446  NewHandle = ExCreateHandle(HandleTable, &NewHandleEntry);
2447  if (!NewHandle)
2448  {
2449  /* Undo the increment */
2450  ObpDecrementHandleCount(SourceObject,
2451  TargetProcess,
2452  TargetAccess,
2453  ObjectType);
2454 
2455  /* Deference the object and set failure status */
2456  ObDereferenceObject(SourceObject);
2458  }
2459 
2460  /* Mark it as a kernel handle if requested */
2461  if (KernelHandle)
2462  {
2463  NewHandle = ObMarkHandleAsKernelHandle(NewHandle);
2464  }
2465 
2466  /* Return the handle */
2468 
2469  /* Dereference handle tables */
2470  ObDereferenceProcessHandleTable(SourceProcess);
2471  ObDereferenceProcessHandleTable(TargetProcess);
2472 
2473  /* Return status */
2475  "%s - Duplicated handle: %p for %p into %p. Source: %p HC PC %lx %lx\n",
2476  __FUNCTION__,
2477  NewHandle,
2478  SourceProcess,
2479  TargetProcess,
2480  SourceObject,
2481  ObjectHeader->PointerCount,
2482  ObjectHeader->HandleCount);
2483  return Status;
2484 }
DWORD *typedef PVOID
Definition: winlogon.h:52
#define STATUS_SUCCESS
Definition: contextmenu.cpp:55
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define DUPLICATE_CLOSE_SOURCE
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
#define TRUE
Definition: types.h:120
NTSTATUS NTAPI SeCreateAccessState(IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:435
KAPC_STATE
Definition: ketypes.h:1258
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE ObjectType
Definition: security.c:80
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
HANDLE KernelHandle
Definition: legacy.c:24
ULONG_PTR ObAttributes
Definition: extypes.h:600
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
struct _ACPI_EFI_FILE_HANDLE ** NewHandle
Definition: acefiex.h:335
#define GENERIC_ACCESS
Definition: wlx.c:26
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
LONG PointerCount
Definition: obtypes.h:481
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
_In_ HANDLE SourceHandle
Definition: obfuncs.h:429
IN POBJECT_ATTRIBUTES PortAttributes IN ACCESS_MASK DesiredAccess
Definition: creport.c:28
enum OPTION_FLAGS Options
Definition: stats.c:44
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:787
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
#define DUPLICATE_SAME_ACCESS
ACCESS_MASK GrantedAccess
Definition: iotypes.h:158
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:649
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:808
LONG HandleCount
Definition: obtypes.h:484
smooth NULL
Definition: ftsmooth.c:513
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:527
unsigned char BOOLEAN
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:75
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3392
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:488
ULONG GrantedAccess
Definition: extypes.h:606
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:139
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define PAGED_CODE()
Definition: video.h:57
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle(IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
Definition: obhandle.c:88
#define OB_HANDLE_DEBUG
Definition: ob.h:17
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: cmd.c:149
DWORD *typedef HANDLE
Definition: winlogon.h:52
LONG NTSTATUS
Definition: DriverTester.h:11
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:701
OB_SECURITY_METHOD SecurityProcedure
Definition: obtypes.h:371
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1415
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
VOID NTAPI SeDeleteAccessState(IN PACCESS_STATE AccessState)
Definition: access.c:456
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
PVOID Object
Definition: extypes.h:599
#define __FUNCTION__
Definition: compiler.h:205
POBJECT_TYPE Type
Definition: obtypes.h:487
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
Definition: obfuncs.h:429
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
VOID FASTCALL ObFastDereferenceObject ( IN PEX_FAST_REF  FastRef,
IN PVOID  Object 
)

Definition at line 167 of file obref.c.

Referenced by NtOpenThreadTokenEx(), PspCreateProcess(), PspCreateThread(), PspExitThread(), PspInitializeProcessSecurity(), PspSetPrimaryToken(), SeIsTokenChild(), and SeReleaseSubjectContext().

169 {
170  /* Release a fast reference. If this failed, use the slow path */
172 }
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
static IUnknown Object
Definition: main.c:512
FORCEINLINE BOOLEAN ExReleaseFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: ex.h:625
PVOID FASTCALL ObFastReferenceObject ( IN PEX_FAST_REF  FastRef)

Definition at line 132 of file obref.c.

Referenced by PsReferenceEffectiveToken(), and PsReferencePrimaryToken().

133 {
134  EX_FAST_REF OldValue;
136  PVOID Object;
137 
138  /* Reference the object and get it pointer */
139  OldValue = ExAcquireFastReference(FastRef);
140  Object = ExGetObjectFastReference(OldValue);
141 
142  /* Check how many references are left */
143  Count = ExGetCountFastReference(OldValue);
144 
145  /* Check if the reference count is over 1 */
146  if (Count > 1) return Object;
147 
148  /* Check if the reference count has reached 0 */
149  if (!Count) return NULL;
150 
151  /* Otherwise, reference the object 7 times */
153 
154  /* Now update the reference count */
155  if (!ExInsertFastReference(FastRef, Object))
156  {
157  /* We failed: completely dereference the object */
159  }
160 
161  /* Return the Object */
162  return Object;
163 }
DWORD *typedef PVOID
Definition: winlogon.h:52
LONG FASTCALL ObReferenceObjectEx(IN PVOID Object, IN LONG Count)
Definition: obref.c:77
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:520
FORCEINLINE BOOLEAN ExInsertFastReference(IN OUT PEX_FAST_REF FastRef, IN PVOID Object)
Definition: ex.h:586
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
Definition: exfuncs.h:1015
uint32_t ULONG_PTR
Definition: typedefs.h:64
FORCEINLINE EX_FAST_REF ExAcquireFastReference(IN OUT PEX_FAST_REF FastRef)
Definition: ex.h:557
smooth NULL
Definition: ftsmooth.c:513
LONG FASTCALL ObDereferenceObjectEx(IN PVOID Object, IN LONG Count)
Definition: obref.c:88
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:528
static IUnknown Object
Definition: main.c:512
#define MAX_FAST_REFS
Definition: ex.h:118
PVOID FASTCALL ObFastReferenceObjectLocked ( IN PEX_FAST_REF  FastRef)

Definition at line 119 of file obref.c.

Referenced by PsReferenceEffectiveToken(), and PsReferencePrimaryToken().

120 {
121  PVOID Object;
122  EX_FAST_REF OldValue = *FastRef;
123 
124  /* Get the object and reference it slowly */
125  Object = ExGetObjectFastReference(OldValue);
126  if (Object) ObReferenceObject(Object);
127  return Object;
128 }
DWORD *typedef PVOID
Definition: winlogon.h:52
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:520
static IUnknown Object
Definition: main.c:512
#define ObReferenceObject
Definition: obfuncs.h:204
PVOID FASTCALL ObFastReplaceObject ( IN PEX_FAST_REF  FastRef,
IN PVOID  Object 
)
VOID FASTCALL ObfDereferenceDeviceMap ( IN PDEVICE_MAP  DeviceMap)

Definition at line 118 of file devicemap.c.

119 {
120  DPRINT("ObfDereferenceDeviceMap()\n");
121 
122  /* Acquire the device map lock */
124 
125  /* Decrement the reference counter */
126  DeviceMap->ReferenceCount--;
127  DPRINT("ReferenceCount: %lu\n", DeviceMap->ReferenceCount);
128 
129  /* Leave, if there are still references to this device map */
130  if (DeviceMap->ReferenceCount != 0)
131  {
132  /* Release the device map lock and leave */
134  return;
135  }
136 
137  /* Nobody is referencing it anymore, unlink the DOS directory */
138  DeviceMap->DosDevicesDirectory->DeviceMap = NULL;
139 
140  /* Release the devicemap lock */
142 
143  /* Dereference the DOS Devices Directory and free the Device Map */
144  ObDereferenceObject(DeviceMap->DosDevicesDirectory );
145  ExFreePoolWithTag(DeviceMap, 'mDbO');
146 }
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
smooth NULL
Definition: ftsmooth.c:513
void DPRINT(...)
Definition: polytest.cpp:61
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1097
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24
VOID NTAPI ObFreeObjectCreateInfoBuffer ( IN POBJECT_CREATE_INFORMATION  ObjectCreateInfo)

Definition at line 590 of file oblife.c.

Referenced by IoCreateStreamFileObjectLite().

591 {
592  /* Call the macro. We use this function to isolate Ob internals from Io */
594 }
FORCEINLINE VOID ObpFreeCapturedAttributes(IN PVOID Buffer, IN PP_NPAGED_LOOKASIDE_NUMBER Type)
Definition: ob_x.h:348
ULONG NTAPI ObGetProcessHandleCount ( IN PEPROCESS  Process)

Definition at line 59 of file obhandle.c.

Referenced by NtQueryInformationProcess(), and QSI_DEF().

60 {
61  ULONG HandleCount;
63 
64  ASSERT(Process);
65 
66  /* Ensure the handle table doesn't go away while we use it */
68 
69  if (HandleTable != NULL)
70  {
71  /* Count the number of handles the process has */
72  HandleCount = HandleTable->HandleCount;
73 
74  /* Let the handle table go */
76  }
77  else
78  {
79  /* No handle table, no handles */
80  HandleCount = 0;
81  }
82 
83  return HandleCount;
84 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
smooth NULL
Definition: ftsmooth.c:513
LONG HandleCount
Definition: extypes.h:644
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
unsigned int ULONG
Definition: retypes.h:1
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51
VOID NTAPI ObInheritDeviceMap ( IN PEPROCESS  Parent,
IN PEPROCESS  Process 
)

Definition at line 151 of file devicemap.c.

Referenced by PspCreateProcess().

153 {
154  PDEVICE_MAP DeviceMap;
155 
156  DPRINT("ObInheritDeviceMap()\n");
157 
158  /* Acquire the device map lock */
160 
161  /* Get the parent process device map or the system device map */
162  DeviceMap = (Parent != NULL) ? Parent->DeviceMap : ObSystemDeviceMap;
163  if (DeviceMap != NULL)
164  {
165  /* Reference the device map and attach it to the new process */
166  DeviceMap->ReferenceCount++;
167  DPRINT("ReferenceCount: %lu\n", DeviceMap->ReferenceCount);
168 
169  Process->DeviceMap = DeviceMap;
170  }
171 
172  /* Release the device map lock */
174 }
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:717
smooth NULL
Definition: ftsmooth.c:513
void DPRINT(...)
Definition: polytest.cpp:61
if(!(yy_init))
Definition: macro.lex.yy.c:704
PDEVICE_MAP ObSystemDeviceMap
Definition: obinit.c:46
ULONG ReferenceCount
Definition: obtypes.h:521
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24
VOID FASTCALL ObInitializeFastReference ( IN PEX_FAST_REF  FastRef,
IN PVOID  Object 
)

Definition at line 107 of file obref.c.

Referenced by PspInitializeProcessSecurity(), SeAssignPrimaryToken(), and SepInitializationPhase0().

109 {
110  /* Check if we were given an object and reference it 7 times */
112 
113  /* Setup the fast reference */
115 }
LONG FASTCALL ObReferenceObjectEx(IN PVOID Object, IN LONG Count)
Definition: obref.c:77
FORCEINLINE VOID ExInitializeFastReference(OUT PEX_FAST_REF FastRef, IN OPTIONAL PVOID Object)
Definition: ex.h:536
static IUnknown Object
Definition: main.c:512
#define MAX_FAST_REFS
Definition: ex.h:118
NTSTATUS NTAPI ObInitProcess ( IN PEPROCESS Parent  OPTIONAL,
IN PEPROCESS  Process 
)

Definition at line 2086 of file obhandle.c.

Referenced by PspCreateProcess().

2088 {
2089  PHANDLE_TABLE ParentTable, ObjectTable;
2090 
2091  /* Check for a parent */
2092  if (Parent)
2093  {
2094  /* Reference the parent's table */
2095  ParentTable = ObReferenceProcessHandleTable(Parent);
2096  if (!ParentTable) return STATUS_PROCESS_IS_TERMINATING;
2097 
2098  /* Duplicate it */
2099  ObjectTable = ExDupHandleTable(Process,
2100  ParentTable,
2102  OBJ_INHERIT);
2103  }
2104  else
2105  {
2106  /* Otherwise just create a new table */
2107  ParentTable = NULL;
2108  ObjectTable = ExCreateHandleTable(Process);
2109  }
2110 
2111  /* Make sure we have a table */
2112  if (ObjectTable)
2113  {
2114  /* Associate it */
2115  Process->ObjectTable = ObjectTable;
2116 
2117  /* Check for auditing */
2119  {
2120  /* FIXME: TODO */
2121  DPRINT1("Need auditing!\n");
2122  }
2123 
2124  /* Get rid of the old table now */
2125  if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2126 
2127  /* We are done */
2128  return STATUS_SUCCESS;
2129  }
2130  else
2131  {
2132  /* Fail */
2133  Process->ObjectTable = NULL;
2134  if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2136  }
2137 }
#define STATUS_SUCCESS
Definition: contextmenu.cpp:55
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:717
smooth NULL
Definition: ftsmooth.c:513
PHANDLE_TABLE NTAPI ExDupHandleTable(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PEX_DUPLICATE_HANDLE_CALLBACK DupHandleProcedure, IN ULONG_PTR Mask)
Definition: handle.c:1032
#define OBJ_INHERIT
Definition: winternl.h:225
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:488
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
Definition: handle.c:761
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
BOOLEAN NTAPI ObpDuplicateHandleCallback(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: obhandle.c:1956
BOOLEAN NTAPI SeDetailedAuditingWithToken(IN PTOKEN Token)
Definition: audit.c:25
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51
BOOLEAN NTAPI ObInitSystem ( VOID  )

Definition at line 199 of file obinit.c.

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

200 {
203  OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
205  HANDLE Handle;
206  PKPRCB Prcb = KeGetCurrentPrcb();
207  PLIST_ENTRY ListHead, NextEntry;
209  POBJECT_HEADER_CREATOR_INFO CreatorInfo;
210  POBJECT_HEADER_NAME_INFO NameInfo;
211  PSECURITY_DESCRIPTOR KernelObjectsSD = NULL;
213 
214  /* Check if this is actually Phase 1 initialization */
215  if (ObpInitializationPhase != 0) goto ObPostPhase0;
216 
217  /* Initialize the OBJECT_CREATE_INFORMATION List */
219  NonPagedPool,
221  'ICbO',
222  32,
224 
225  /* Set the captured UNICODE_STRING Object Name List */
227  PagedPool,
228  248,
229  'MNbO',
230  16,
232 
233  /* Temporarily setup both pointers to the shared list */
238 
239  /* Initialize the security descriptor cache */
240  ObpInitSdCache();
241 
242  /* Initialize the Default Event */
244 
245  /* Initialize the Dos Device Map mutex */
247 
248  /* Setup default access for the system process */
249  PsGetCurrentProcess()->GrantedAccess = PROCESS_ALL_ACCESS;
250  PsGetCurrentThread()->GrantedAccess = THREAD_ALL_ACCESS;
251 
252  /* Setup the Object Reaper */
254 
255  /* Initialize default Quota block */
257 
258  /* Create kernel handle table */
259  PsGetCurrentProcess()->ObjectTable = ExCreateHandleTable(NULL);
260  ObpKernelHandleTable = PsGetCurrentProcess()->ObjectTable;
261 
262  /* Create the Type Type */
263  RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
264  RtlInitUnicodeString(&Name, L"Type");
265  ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
266  ObjectTypeInitializer.ValidAccessMask = OBJECT_TYPE_ALL_ACCESS;
267  ObjectTypeInitializer.UseDefaultObject = TRUE;
268  ObjectTypeInitializer.MaintainTypeList = TRUE;
269  ObjectTypeInitializer.PoolType = NonPagedPool;
270  ObjectTypeInitializer.GenericMapping = ObpTypeMapping;
271  ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_TYPE);
272  ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;
273  ObjectTypeInitializer.DeleteProcedure = ObpDeleteObjectType;
274  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObpTypeObjectType);
275 
276  /* Create the Directory Type */
277  RtlInitUnicodeString(&Name, L"Directory");
278  ObjectTypeInitializer.PoolType = PagedPool;
279  ObjectTypeInitializer.ValidAccessMask = DIRECTORY_ALL_ACCESS;
280  ObjectTypeInitializer.CaseInsensitive = TRUE;
281  ObjectTypeInitializer.MaintainTypeList = FALSE;
282  ObjectTypeInitializer.GenericMapping = ObpDirectoryMapping;
283  ObjectTypeInitializer.DeleteProcedure = NULL;
284  ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_DIRECTORY);
285  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObDirectoryType);
287 
288  /* Create 'symbolic link' object type */
289  RtlInitUnicodeString(&Name, L"SymbolicLink");
290  ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_SYMBOLIC_LINK);
291  ObjectTypeInitializer.GenericMapping = ObpSymbolicLinkMapping;
292  ObjectTypeInitializer.ValidAccessMask = SYMBOLIC_LINK_ALL_ACCESS;
293  ObjectTypeInitializer.ParseProcedure = ObpParseSymbolicLink;
294  ObjectTypeInitializer.DeleteProcedure = ObpDeleteSymbolicLink;
295  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObSymbolicLinkType);
297 
298  /* Phase 0 initialization complete */
300  return TRUE;
301 
302 ObPostPhase0:
303 
304  /* Re-initialize lookaside lists */
305  ObInit2();
306 
307  /* Initialize Object Types directory attributes */
308  RtlInitUnicodeString(&Name, L"\\");
309  InitializeObjectAttributes(&ObjectAttributes,
310  &Name,
312  NULL,
314 
315  /* Create the directory */
316  Status = NtCreateDirectoryObject(&Handle,
318  &ObjectAttributes);
319  if (!NT_SUCCESS(Status)) return FALSE;
320 
321  /* Get a handle to it */
322  Status = ObReferenceObjectByHandle(Handle,
323  0,
325  KernelMode,
327  NULL);
328  if (!NT_SUCCESS(Status)) return FALSE;
329 
330  /* Close the extra handle */
331  Status = NtClose(Handle);
332  if (!NT_SUCCESS(Status)) return FALSE;
333 
334  /* Create a custom security descriptor for the KernelObjects directory */
335  Status = ObpCreateKernelObjectsSD(&KernelObjectsSD);
336  if (!NT_SUCCESS(Status))
337  return FALSE;
338 
339  /* Initialize the KernelObjects directory attributes */
340  RtlInitUnicodeString(&Name, L"\\KernelObjects");
341  InitializeObjectAttributes(&ObjectAttributes,
342  &Name,
344  NULL,
345  KernelObjectsSD);
346 
347  /* Create the directory */
348  Status = NtCreateDirectoryObject(&Handle,
350  &ObjectAttributes);
351  ExFreePoolWithTag(KernelObjectsSD, TAG_SD);
352  if (!NT_SUCCESS(Status)) return FALSE;
353 
354  /* Close the extra handle */
355  Status = NtClose(Handle);
356  if (!NT_SUCCESS(Status)) return FALSE;
357 
358  /* Initialize ObjectTypes directory attributes */
359  RtlInitUnicodeString(&Name, L"\\ObjectTypes");
360  InitializeObjectAttributes(&ObjectAttributes,
361  &Name,
363  NULL,
364  NULL);
365 
366  /* Create the directory */
367  Status = NtCreateDirectoryObject(&Handle,
369  &ObjectAttributes);
370  if (!NT_SUCCESS(Status)) return FALSE;
371 
372  /* Get a handle to it */
373  Status = ObReferenceObjectByHandle(Handle,
374  0,
376  KernelMode,
378  NULL);
379  if (!NT_SUCCESS(Status)) return FALSE;
380 
381  /* Close the extra handle */
382  Status = NtClose(Handle);
383  if (!NT_SUCCESS(Status)) return FALSE;
384 
385  /* Initialize lookup context */
386  ObpInitializeLookupContext(&Context);
387 
388  /* Lock it */
390 
391  /* Loop the object types */
392  ListHead = &ObpTypeObjectType->TypeList;
393  NextEntry = ListHead->Flink;
394  while (ListHead != NextEntry)
395  {
396  /* Get the creator info from the list */
397  CreatorInfo = CONTAINING_RECORD(NextEntry,
399  TypeList);
400 
401  /* Recover the header and the name header from the creator info */
402  Header = (POBJECT_HEADER)(CreatorInfo + 1);
403  NameInfo = OBJECT_HEADER_TO_NAME_INFO(Header);
404 
405  /* Make sure we have a name, and aren't inserted yet */
406  if ((NameInfo) && !(NameInfo->Directory))
407  {
408  /* Do the initial lookup to setup the context */
410  &NameInfo->Name,
412  FALSE,
413  &Context))
414  {
415  /* Insert this object type */
417  &Context,
418  Header);
419  }
420  }
421 
422  /* Move to the next entry */
423  NextEntry = NextEntry->Flink;
424  }
425 
426  /* Cleanup after lookup */
427  ObpReleaseLookupContext(&Context);
428 
429  /* Initialize DOS Devices Directory and related Symbolic Links */
430  Status = ObpCreateDosDevicesDirectory();
431  if (!NT_SUCCESS(Status)) return FALSE;
432  return TRUE;
433 }
VOID NTAPI ObpDeleteSymbolicLink(IN PVOID ObjectBody)
DWORD *typedef PVOID
Definition: winlogon.h:52
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
Definition: oblife.c:1034
#define THREAD_ALL_ACCESS
Definition: nt_native.h:1339
#define TRUE
Definition: types.h:120
#define PROCESS_ALL_ACCESS
Definition: nt_native.h:1324
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
Definition: bidi.c:75
WORK_QUEUE_ITEM ObpReaperWorkItem
Definition: oblife.c:28
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
Definition: ketypes.h:1054
UNICODE_STRING Name
Definition: obtypes.h:433
GENERIC_MAPPING ObpDirectoryMapping
Definition: obinit.c:27
#define OBJ_OPENLINK
Definition: winternl.h:230
static NTSTATUS NTAPI INIT_FUNCTION ObpCreateKernelObjectsSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: obinit.c:61
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
#define OBJ_PERMANENT
Definition: winternl.h:226
POBJECT_TYPE ObDirectoryType
Definition: obdir.c:21
GENERAL_LOOKASIDE ObpCreateInfoLookasideList
Definition: oblife.c:26
ULONG ObpInitializationPhase
Definition: obinit.c:53
VOID NTAPI ObpDeleteObjectType(IN PVOID Object)
Definition: oblife.c:1315
static POBJECT_TYPE ObpDefaultObject
Definition: ObTypes.c:138
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
GENERIC_MAPPING ObpTypeMapping
Definition: obinit.c:19
POBJECT_DIRECTORY ObpRootDirectoryObject
Definition: obname.c:19
PP_LOOKASIDE_LIST PPLookasideList[16]
Definition: ketypes.h:624
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:388
struct _OBJECT_HEADER * POBJECT_HEADER
#define FALSE
Definition: types.h:117
Definition: Header.h:8
GENERAL_LOOKASIDE ObpNameBufferLookasideList
Definition: oblife.c:26
#define PsGetCurrentProcess
Definition: psfuncs.h:17
VOID NTAPI ObpReapObject(IN PVOID Unused)
Definition: oblife.c:221
smooth NULL
Definition: ftsmooth.c:513
NTSTATUS NTAPI ObpCreateDosDevicesDirectory(VOID)
Definition: obname.c:130
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
#define TAG_SD
Definition: tag.h:176
OBJECT_TYPE
Definition: ntobjenum.h:27
BOOLEAN NTAPI ObpInsertEntryDirectory(IN POBJECT_DIRECTORY Parent, IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_HEADER ObjectHeader)
Definition: obdir.c:46
struct _LIST_ENTRY * Flink
Definition: typedefs.h:120
_In_ HANDLE Handle
Definition: extypes.h:390
#define ExInitializeWorkItem(Item, Routine, Context)
Definition: exfuncs.h:265
FORCEINLINE VOID ObpAcquireDirectoryLockExclusive(IN POBJECT_DIRECTORY Directory, IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:190
OB_PARSE_METHOD ParseProcedure
Definition: obtypes.h:370
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
Definition: handle.c:761
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3392
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
struct _GENERAL_LOOKASIDE * L
Definition: ketypes.h:760
_In_ PUNICODE_STRING Name
Definition: mrx.h:213
VOID NTAPI INIT_FUNCTION ExInitializeSystemLookasideList(IN PGENERAL_LOOKASIDE List, IN POOL_TYPE Type, IN ULONG Size, IN ULONG Tag, IN USHORT MaximumDepth, IN PLIST_ENTRY ListHead)
Definition: lookas.c:35
PVOID NTAPI ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
Definition: obdir.c:123
BOOLEAN INIT_FUNCTION NTAPI ObInit2(VOID)
Definition: obinit.c:132
Definition: typedefs.h:118
#define SYNCHRONIZE
Definition: nt_native.h:61
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
#define OBJECT_TYPE_ALL_ACCESS
Definition: nt_native.h:1248
NTSTATUS NTAPI ObpInitSdCache(VOID)
Definition: obsdcach.c:61
Status
Definition: gdiplustypes.h:24
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:255
#define NT_SUCCESS(StatCode)
Definition: cmd.c:149
NTSTATUS NTAPI NtCreateDirectoryObject(OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: obdir.c:731
DWORD *typedef HANDLE
Definition: winlogon.h:52
VOID FASTCALL KeInitializeGuardedMutex(OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:31
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:221
LONG NTSTATUS
Definition: DriverTester.h:11
#define KeInitializeEvent(pEvt, foo, foo2)
Definition: env_spec_w32.h:477
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
struct _GENERAL_LOOKASIDE * P
Definition: ketypes.h:759
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
NTSTATUS NTAPI ObpParseSymbolicLink(IN PVOID ParsedObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING FullPath, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *NextObject)
Definition: oblink.c:363
GENERIC_MAPPING ObpSymbolicLinkMapping
Definition: obinit.c:38
VOID NTAPI PsInitializeQuotaSystem(VOID)
Definition: quota.c:101
static POBJECT_TYPE ObpTypeObjectType
Definition: ObTypes.c:122
struct tagContext Context
Definition: acpixf.h:1013
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
POBJECT_TYPE ObSymbolicLinkType
Definition: oblink.c:18
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1097
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24
LIST_ENTRY TypeList
Definition: obtypes.h:382
OB_DELETE_METHOD DeleteProcedure
Definition: obtypes.h:369
struct _OBJECT_SYMBOLIC_LINK OBJECT_SYMBOLIC_LINK
ULONG DefaultNonPagedPoolCharge
Definition: obtypes.h:365
LIST_ENTRY ExSystemLookasideListHead
Definition: lookas.c:25
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:23
POBJECT_DIRECTORY ObpTypeDirectoryObject
Definition: obname.c:20
struct _OBJECT_DIRECTORY OBJECT_DIRECTORY
VOID NTAPI ObKillProcess ( IN PEPROCESS  Process)

Definition at line 2156 of file obhandle.c.

Referenced by PspDeleteProcess(), and PspExitThread().

2157 {
2160  BOOLEAN HardErrors;
2161  PAGED_CODE();
2162 
2163  /* Wait for process rundown and then complete it */
2164  ExWaitForRundownProtectionRelease(&Process->RundownProtect);
2165  ExRundownCompleted(&Process->RundownProtect);
2166 
2167  /* Get the object table */
2168  HandleTable = Process->ObjectTable;
2169  if (!HandleTable) return;
2170 
2171  /* Disable hard errors while we close handles */
2172  HardErrors = IoSetThreadHardErrorMode(FALSE);
2173 
2174  /* Enter a critical region */
2176 
2177  /* Fill out the context */
2178  Context.AccessMode = KernelMode;
2179  Context.HandleTable = HandleTable;
2180 
2181  /* Sweep the handle table to close all handles */
2182  ExSweepHandleTable(HandleTable,
2184  &Context);
2185  ASSERT(HandleTable->HandleCount == 0);
2186 
2187  /* Leave the critical region */
2189 
2190  /* Re-enable hard errors */
2191  IoSetThreadHardErrorMode(HardErrors);
2192 
2193  /* Destroy the object table */
2194  Process->ObjectTable = NULL;
2195  ExDestroyHandleTable(HandleTable, NULL);
2196 }
NTKERNELAPI VOID FASTCALL ExRundownCompleted(_Out_ PEX_RUNDOWN_REF RunRef)
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
VOID NTAPI ExDestroyHandleTable(IN PHANDLE_TABLE HandleTable, IN PVOID DestroyHandleProcedure OPTIONAL)
Definition: handle.c:923
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
PHANDLE_TABLE HandleTable
Definition: ob.h:107
#define FALSE
Definition: types.h:117
smooth NULL
Definition: ftsmooth.c:513
NTKERNELAPI VOID FASTCALL ExWaitForRundownProtectionRelease(_Inout_ PEX_RUNDOWN_REF RunRef)
LONG HandleCount
Definition: extypes.h:644
unsigned char BOOLEAN
#define PAGED_CODE()
Definition: video.h:57
BOOLEAN NTAPI IoSetThreadHardErrorMode(IN BOOLEAN HardErrorEnabled)
Definition: error.c:707
#define KeEnterCriticalRegion()
Definition: ke_x.h:83
#define KeLeaveCriticalRegion()
Definition: ke_x.h:114
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1192
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
struct tagContext Context
Definition: acpixf.h:1013
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1920
KPROCESSOR_MODE AccessMode
Definition: ob.h:108
NTSTATUS NTAPI ObpCaptureObjectCreateInformation ( IN POBJECT_ATTRIBUTES  ObjectAttributes,
IN KPROCESSOR_MODE  AccessMode,
IN KPROCESSOR_MODE  CreatorMode,
IN BOOLEAN  AllocateFromLookaside,
IN POBJECT_CREATE_INFORMATION  ObjectCreateInfo,
OUT PUNICODE_STRING  ObjectName 
)

Definition at line 456 of file oblife.c.

Referenced by ObCreateObject(), and ObOpenObjectByName().

462 {
465  PSECURITY_QUALITY_OF_SERVICE SecurityQos;
466  PUNICODE_STRING LocalObjectName = NULL;
467  PAGED_CODE();
468 
469  /* Zero out the Capture Data */
470  RtlZeroMemory(ObjectCreateInfo, sizeof(OBJECT_CREATE_INFORMATION));
471 
472  /* SEH everything here for protection */
473  _SEH2_TRY
474  {
475  /* Check if we got attributes */
476  if (ObjectAttributes)
477  {
478  /* Check if we're in user mode */
479  if (AccessMode != KernelMode)
480  {
481  /* Probe the attributes */
483  sizeof(OBJECT_ATTRIBUTES),
484  sizeof(ULONG));
485  }
486 
487  /* Validate the Size and Attributes */
488  if ((ObjectAttributes->Length != sizeof(OBJECT_ATTRIBUTES)) ||
490  {
491  /* Invalid combination, fail */
493  }
494 
495  /* Set some Create Info and do not allow user-mode kernel handles */
496  ObjectCreateInfo->RootDirectory = ObjectAttributes->RootDirectory;
497  ObjectCreateInfo->Attributes = ObjectAttributes->Attributes & OBJ_VALID_KERNEL_ATTRIBUTES;
498  if (CreatorMode != KernelMode) ObjectCreateInfo->Attributes &= ~OBJ_KERNEL_HANDLE;
499  LocalObjectName = ObjectAttributes->ObjectName;
500  SecurityDescriptor = ObjectAttributes->SecurityDescriptor;
501  SecurityQos = ObjectAttributes->SecurityQualityOfService;
502 
503  /* Check if we have a security descriptor */
504  if (SecurityDescriptor)
505  {
506  /* Capture it. Note: This has an implicit memory barrier due
507  to the function call, so cleanup is safe here.) */
508  Status = SeCaptureSecurityDescriptor(SecurityDescriptor,
509  AccessMode,
510  NonPagedPool,
511  TRUE,
512  &ObjectCreateInfo->
513  SecurityDescriptor);
514  if (!NT_SUCCESS(Status))
515  {
516  /* Capture failed, quit */
517  ObjectCreateInfo->SecurityDescriptor = NULL;
518  _SEH2_YIELD(return Status);
519  }
520 
521  /* Save the probe mode and security descriptor size */
522  ObjectCreateInfo->SecurityDescriptorCharge = 2048; /* FIXME */
523  ObjectCreateInfo->ProbeMode = AccessMode;
524  }
525 
526  /* Check if we have QoS */
527  if (SecurityQos)
528  {
529  /* Check if we came from user mode */
530  if (AccessMode != KernelMode)
531  {
532  /* Validate the QoS */
533  ProbeForRead(SecurityQos,
535  sizeof(ULONG));
536  }
537 
538  /* Save Info */
539  ObjectCreateInfo->SecurityQualityOfService = *SecurityQos;
540  ObjectCreateInfo->SecurityQos =
541  &ObjectCreateInfo->SecurityQualityOfService;
542  }
543  }
544  else
545  {
546  /* We don't have a name */
547  LocalObjectName = NULL;
548  }
549  }
551  {
552  /* Cleanup and return the exception code */
553  ObpReleaseObjectCreateInformation(ObjectCreateInfo);
555  }
556  _SEH2_END;
557 
558  /* Now check if the Object Attributes had an Object Name */
559  if (LocalObjectName)
560  {
562  LocalObjectName,
563  AccessMode,
564  AllocateFromLookaside);
565  }
566  else
567  {
568  /* Clear the string */
569  RtlInitEmptyUnicodeString(ObjectName, NULL, 0);
570 
571  /* It cannot have specified a Root Directory */
572  if (ObjectCreateInfo->RootDirectory)
573  {
575  }
576  }
577 
578  /* Cleanup if we failed */
579  if (!NT_SUCCESS(Status))
580  {
581  ObpReleaseObjectCreateInformation(ObjectCreateInfo);
582  }
583 
584  /* Return status to caller */
585  return Status;
586 }
#define STATUS_SUCCESS
Definition: contextmenu.cpp:55
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
FORCEINLINE VOID ObpReleaseObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:296
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
NTSTATUS NTAPI ObpCaptureObjectName(IN OUT PUNICODE_STRING CapturedName, IN PUNICODE_STRING ObjectName, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN UseLookaside)
Definition: oblife.c:377
#define _SEH2_END
Definition: pseh2_64.h:7
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
smooth NULL
Definition: ftsmooth.c:513
#define OBJ_VALID_KERNEL_ATTRIBUTES
Definition: obtypes.h:92
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define PAGED_CODE()
Definition: video.h:57
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: cmd.c:149
LONG NTSTATUS
Definition: DriverTester.h:11
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:325
#define _SEH2_TRY
Definition: pseh2_64.h:5
#define STATUS_OBJECT_NAME_INVALID
Definition: udferr_usr.h:148
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:434
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
NTSTATUS NTAPI ObpCaptureObjectName ( IN PUNICODE_STRING  CapturedName,
IN PUNICODE_STRING  ObjectName,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  AllocateFromLookaside 
)

Referenced by ObReferenceObjectByName().

BOOLEAN NTAPI ObpCheckObjectReference ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 340 of file obsecure.c.

Referenced by ObReferenceObjectByName().

345 {
346  POBJECT_HEADER ObjectHeader;
349  BOOLEAN SdAllocated;
350  BOOLEAN Result;
354  PAGED_CODE();
355 
356  /* Get the header and type */
357  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
358  ObjectType = ObjectHeader->Type;
359 
360  /* Get the security descriptor */
361  Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
362  if (!NT_SUCCESS(Status))
363  {
364  /* We failed */
365  *AccessStatus = Status;
366  return FALSE;
367  }
368 
369  /* Lock the security context */
370  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
371 
372  /* Now do the entire access check */
373  Result = SeAccessCheck(SecurityDescriptor,
374  &AccessState->SubjectSecurityContext,
375  TRUE,
376  AccessState->RemainingDesiredAccess,
377  AccessState->PreviouslyGrantedAccess,
378  &Privileges,
379  &ObjectType->TypeInfo.GenericMapping,
380  AccessMode,
381  &GrantedAccess,
382  AccessStatus);
383  if (Result)
384  {
385  /* Update the access state */
386  AccessState->RemainingDesiredAccess &= ~GrantedAccess;
387  AccessState->PreviouslyGrantedAccess |= GrantedAccess;
388  }
389 
390  /* Check if we have an SD */
391  if (SecurityDescriptor)
392  {
393  /* Do audit alarm */
394 #if 0
395  SeObjectReferenceAuditAlarm(&AccessState->OperationID,
396  Object,
397  SecurityDescriptor,
398  &AccessState->SubjectSecurityContext,
399  AccessState->RemainingDesiredAccess |
400  AccessState->PreviouslyGrantedAccess,
401  ((PAUX_ACCESS_DATA)(AccessState->AuxData))->
402  PrivilegeSet,
403  Result,
404  AccessMode);
405 #endif
406  }
407 
408  /* We're done, unlock the context and release security */
409  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
410  ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
411  return Result;
412 }
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
#define TRUE
Definition: types.h:120
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE ObjectType
Definition: security.c:80
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:332
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:310
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
smooth NULL
Definition: ftsmooth.c:513
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
unsigned char BOOLEAN
#define PAGED_CODE()
Definition: video.h:57
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: cmd.c:149
LONG NTSTATUS
Definition: DriverTester.h:11
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
POBJECT_TYPE Type
Definition: obtypes.h:487
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40
BOOLEAN NTAPI ObpCheckTraverseAccess ( IN PVOID  Object,
IN ACCESS_MASK  TraverseAccess,
IN PACCESS_STATE AccessState  OPTIONAL,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 267 of file obsecure.c.

Referenced by ObpLookupObjectName().

273 {
274  POBJECT_HEADER ObjectHeader;
277  BOOLEAN SdAllocated;
278  BOOLEAN Result;
282  PAGED_CODE();
283 
284  /* Get the header and type */
285  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
286  ObjectType = ObjectHeader->Type;
287 
288  /* Get the security descriptor */
289  Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
290  if (!NT_SUCCESS(Status))
291  {
292  /* We failed */
293  *AccessStatus = Status;
294  return FALSE;
295  }
296 
297  /* First try to perform a fast traverse check
298  * If it fails, then the entire access check will
299  * have to be done.
300  */
301  Result = SeFastTraverseCheck(SecurityDescriptor,
302  AccessState,
304  AccessMode);
305  if (Result)
306  {
307  ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
308  return TRUE;
309  }
310 
311  /* Lock the security context */
312  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
313 
314  /* Now do the entire access check */
315  Result = SeAccessCheck(SecurityDescriptor,
316  &AccessState->SubjectSecurityContext,
317  TRUE,
318  TraverseAccess,
319  0,
320  &Privileges,
321  &ObjectType->TypeInfo.GenericMapping,
322  AccessMode,
323  &GrantedAccess,
324  AccessStatus);
325  if (Privileges)
326  {
327  /* We got privileges, append them to the access state and free them */
328  Status = SeAppendPrivileges(AccessState, Privileges);
329  SeFreePrivileges(Privileges);
330  }
331 
332  /* We're done, unlock the context and release security */
333  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
334  ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
335  return Result;
336 }
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
#define TRUE
Definition: types.h:120
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE ObjectType
Definition: security.c:80
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:332
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:310
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:407
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
smooth NULL
Definition: ftsmooth.c:513
#define FILE_WRITE_DATA
Definition: nt_native.h:631
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
unsigned char BOOLEAN
#define PAGED_CODE()
Definition: video.h:57
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
BOOLEAN NTAPI SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode)
Definition: accesschk.c:460
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: cmd.c:149
LONG NTSTATUS
Definition: DriverTester.h:11
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
POBJECT_TYPE Type
Definition: obtypes.h:487
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSTATUS NTAPI ObpCreateDeviceMap ( IN HANDLE  DirectoryHandle)

Definition at line 20 of file devicemap.c.

Referenced by ObpCreateDosDevicesDirectory().

21 {
22  POBJECT_DIRECTORY DirectoryObject = NULL;
23  PDEVICE_MAP DeviceMap = NULL;
25 
30  (PVOID*)&DirectoryObject,
31  NULL);
32  if (!NT_SUCCESS(Status))
33  {
34  DPRINT("ObReferenceObjectByHandle() failed (Status 0x%08lx)\n", Status);
35  return Status;
36  }
37 
38  /* Allocate and initialize a new device map */
40  sizeof(*DeviceMap),
41  'mDbO');
42  if (DeviceMap == NULL)
43  {
44  ObDereferenceObject(DirectoryObject);
46  }
47 
48  /* Initialize the device map */
49  RtlZeroMemory(DeviceMap, sizeof(*DeviceMap));
50  DeviceMap->ReferenceCount = 1;
51  DeviceMap->DosDevicesDirectory = DirectoryObject;
52 
53  /* Acquire the device map lock */
55 
56  /* Attach the device map to the directory object */
57  DirectoryObject->DeviceMap = DeviceMap;
58 
59  /* Attach the device map to the process */
60  ObSystemDeviceMap = DeviceMap;
61  PsGetCurrentProcess()->DeviceMap = DeviceMap;
62 
63  /* Release the device map lock */
65 
66  return STATUS_SUCCESS;
67 }
DWORD *typedef PVOID
Definition: winlogon.h:52
#define STATUS_SUCCESS
Definition: contextmenu.cpp:55
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define KeGetPreviousMode()
Definition: ketypes.h:1081
static HANDLE DirectoryHandle
Definition: ObType.c:48
POBJECT_TYPE ObDirectoryType
Definition: obdir.c:21
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:388
#define PsGetCurrentProcess
Definition: psfuncs.h:17
smooth NULL
Definition: ftsmooth.c:513
void DPRINT(...)
Definition: polytest.cpp:61
#define DIRECTORY_TRAVERSE
Definition: nt_native.h:1255
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PDEVICE_MAP ObSystemDeviceMap
Definition: obinit.c:46
Status
Definition: gdiplustypes.h:24
struct _DEVICE_MAP * DeviceMap
Definition: obtypes.h:418
#define NT_SUCCESS(StatCode)
Definition: cmd.c:149
LONG NTSTATUS
Definition: DriverTester.h:11
ULONG ReferenceCount
Definition: obtypes.h:521
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
POBJECT_DIRECTORY DosDevicesDirectory
Definition: obtypes.h:519
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24
NTSTATUS NTAPI ObpCreateDosDevicesDirectory ( VOID  )

Definition at line 130 of file obname.c.

Referenced by ObInitSystem().

131 {
133  UNICODE_STRING RootName, TargetName, LinkName;
134  HANDLE Handle, SymHandle;
135  PSECURITY_DESCRIPTOR DosDevicesSD = NULL;
137 
138  /* Create a custom security descriptor for the global DosDevices directory */
139  Status = ObpCreateGlobalDosDevicesSD(&DosDevicesSD);
140  if (!NT_SUCCESS(Status))
141  return Status;
142 
143  /* Create the global DosDevices directory \?? */
144  RtlInitUnicodeString(&RootName, L"\\GLOBAL??");
145  InitializeObjectAttributes(&ObjectAttributes,
146  &RootName,
148  NULL,
149  DosDevicesSD);
150  Status = NtCreateDirectoryObject(&Handle,
152  &ObjectAttributes);
153  ExFreePoolWithTag(DosDevicesSD, TAG_SD);
154  if (!NT_SUCCESS(Status)) return Status;
155 
156  /* Create the system device map */
157  Status = ObpCreateDeviceMap(Handle);
158  if (!NT_SUCCESS(Status))
159  return Status;
160 
161  /*********************************************\
162  |*** HACK until we support device mappings ***|
163  |*** Add a symlink \??\ <--> \GLOBAL??\ ***|
164  \*********************************************/
165  RtlInitUnicodeString(&LinkName, L"\\??");
166  InitializeObjectAttributes(&ObjectAttributes,
167  &LinkName,
169  NULL,
170  NULL);
171  Status = NtCreateSymbolicLinkObject(&SymHandle,
173  &ObjectAttributes,
174  &RootName);
175  if (NT_SUCCESS(Status)) NtClose(SymHandle);
176  /*********************************************\
177  \*********************************************/
178 
179  // FIXME: Create a device mapping for the global \?? directory
180 
181  /*
182  * Initialize the \??\GLOBALROOT symbolic link
183  * pointing to the root directory \ .
184  */
185  RtlInitUnicodeString(&LinkName, L"GLOBALROOT");
186  RtlInitUnicodeString(&TargetName, L"");
187  InitializeObjectAttributes(&ObjectAttributes,
188  &LinkName,
190  Handle,
191  NULL);
192  Status = NtCreateSymbolicLinkObject(&SymHandle,
194  &ObjectAttributes,
195  &TargetName);
196  if (NT_SUCCESS(Status)) NtClose(SymHandle);
197 
198  /*
199  * Initialize the \??\Global symbolic link pointing to the global
200  * DosDevices directory \?? . It is used to access the global \??
201  * by user-mode components which, by default, use a per-session
202  * DosDevices directory.
203  */
204  RtlInitUnicodeString(&LinkName, L"Global");
205  InitializeObjectAttributes(&ObjectAttributes,
206  &LinkName,
208  Handle,
209  NULL);
210  Status = NtCreateSymbolicLinkObject(&SymHandle,
212  &ObjectAttributes,
213  &RootName);
214  if (NT_SUCCESS(Status)) NtClose(SymHandle);
215 
216  /* Close the directory handle */
217  NtClose(Handle);
218  if (!NT_SUCCESS(Status)) return Status;
219 
220  /*
221  * Initialize the \DosDevices symbolic link pointing to the global
222  * DosDevices directory \?? , for backward compatibility with
223  * Windows NT-2000 systems.
224  */
225  RtlCreateUnicodeString(&LinkName, L"\\DosDevices");
227  InitializeObjectAttributes(&ObjectAttributes,
228  &LinkName,
230  NULL,
231  NULL);
232  Status = NtCreateSymbolicLinkObject(&SymHandle,
234  &ObjectAttributes,
235  &RootName);
236  if (NT_SUCCESS(Status)) NtClose(SymHandle);
237 
238  /* Return status */
239  return Status;
240 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
const uint16_t * PCWSTR
Definition: typedefs.h:56
Definition: bidi.c:75
#define OBJ_PERMANENT
Definition: winternl.h:226
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
NTSTATUS NTAPI INIT_FUNCTION ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: obname.c:37
smooth NULL
Definition: ftsmooth.c:513
NTSTATUS NTAPI ObpCreateDeviceMap(IN HANDLE DirectoryHandle)
Definition: devicemap.c:20
#define TAG_SD
Definition: tag.h:176
_In_ HANDLE Handle
Definition: extypes.h:390
ALIGNEDNAME ObpDosDevicesShortNameRoot
Definition: obname.c:24
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3392
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
WCHAR TargetName[256]
Definition: arping.c:27
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: cmd.c:149
NTSTATUS NTAPI NtCreateDirectoryObject(OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: obdir.c:731
DWORD *typedef HANDLE
Definition: winlogon.h:52
LONG NTSTATUS
Definition: DriverTester.h:11
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1097
VOID NTAPI ObpCreateSymbolicLinkName ( IN POBJECT_SYMBOLIC_LINK  SymbolicLink)

Definition at line 184 of file oblink.c.

Referenced by ObInsertObject().

185 {
186  POBJECT_HEADER ObjectHeader;
187  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
188  PVOID Object = NULL;
190  UNICODE_STRING TargetPath;
193  ULONG ReparseCnt;
194  const ULONG MaxReparseAttempts = 20;
196 
197  /* FIXME: Need to support Device maps */
198 
199  /* Get header data */
200  ObjectHeader = OBJECT_TO_OBJECT_HEADER(SymbolicLink);
201  ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
202 
203  /* Check if we are not actually in a directory with a device map */
204  if (!(ObjectNameInfo) ||
205  !(ObjectNameInfo->Directory) /*||
206  !(ObjectNameInfo->Directory->DeviceMap)*/)
207  {
208  ObpDereferenceNameInfo(ObjectNameInfo);
209  return;
210  }
211 
212  /* Check if it's a DOS drive letter, and set the drive index accordingly */
213  if (ObjectNameInfo->Name.Length == 2 * sizeof(WCHAR) &&
214  ObjectNameInfo->Name.Buffer[1] == L':' &&
215  ( (ObjectNameInfo->Name.Buffer[0] >= L'A' &&
216  ObjectNameInfo->Name.Buffer[0] <= L'Z') ||
217  (ObjectNameInfo->Name.Buffer[0] >= L'a' &&
218  ObjectNameInfo->Name.Buffer[0] <= L'z') ))
219  {
220  SymbolicLink->DosDeviceDriveIndex =
221  RtlUpcaseUnicodeChar(ObjectNameInfo->Name.Buffer[0]) - L'A';
222  /* The Drive index start from 1 */
223  SymbolicLink->DosDeviceDriveIndex++;
224 
225  /* Initialize lookup context */
226  ObpInitializeLookupContext(&Context);
227 
228  /* Start the search from the root */
229  Directory = ObpRootDirectoryObject;
230  TargetPath = SymbolicLink->LinkTarget;
231 
232  /*
233  * Locate the IoDeviceObject if any this symbolic link points to.
234  * To prevent endless reparsing, setting an upper limit on the
235  * number of reparses.
236  */
237  Status = STATUS_REPARSE_OBJECT;
238  ReparseCnt = 0;
239  while (Status == STATUS_REPARSE_OBJECT &&
240  ReparseCnt < MaxReparseAttempts)
241  {
242  Status =
244  &Directory,
245  &TargetPath,
246  &Context,
247  &Object);
248  if (Status == STATUS_REPARSE_OBJECT)
249  ReparseCnt++;
250  }
251 
252  /* Cleanup lookup context */
253  ObpReleaseLookupContext(&Context);
254 
255  /* Error, or max resparse attemtps exceeded */
256  if (! NT_SUCCESS(Status) || ReparseCnt >= MaxReparseAttempts)
257  {
258  /* Cleanup */
259  ObpDereferenceNameInfo(ObjectNameInfo);
260  return;
261  }
262 
263  if (Object)
264  {
265  /* Calculate the drive type */
266  switch(((PDEVICE_OBJECT)Object)->DeviceType)
267  {
269  DriveType = DOSDEVICE_DRIVE_RAMDISK;
270  break;
271  case FILE_DEVICE_CD_ROM:
273  DriveType = DOSDEVICE_DRIVE_CDROM;
274  break;
275  case FILE_DEVICE_DISK:
278  if (((PDEVICE_OBJECT)Object)->Characteristics & FILE_REMOVABLE_MEDIA)
279  DriveType = DOSDEVICE_DRIVE_REMOVABLE;
280  else
281  DriveType = DOSDEVICE_DRIVE_FIXED;
282  break;
283  case FILE_DEVICE_NETWORK:
285  DriveType = DOSDEVICE_DRIVE_REMOTE;
286  break;
287  default:
288  DPRINT1("Device Type %lu for %wZ is not known or unhandled\n",
289  ((PDEVICE_OBJECT)Object)->DeviceType,
290  &SymbolicLink->LinkTarget);
291  DriveType = DOSDEVICE_DRIVE_UNKNOWN;
292  }
293  }
294 
295  /* Add a new drive entry */
297  ObSystemDeviceMap->DriveType[SymbolicLink->DosDeviceDriveIndex-1] =
298  (UCHAR)DriveType;
300  1 << (SymbolicLink->DosDeviceDriveIndex-1);
302  }
303 
304  /* Cleanup */
305  ObpDereferenceNameInfo(ObjectNameInfo);
306 }
DWORD *typedef PVOID
Definition: winlogon.h:52
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
#define FILE_DEVICE_DISK
Definition: winioctl.h:112
#define DOSDEVICE_DRIVE_REMOTE
Definition: obtypes.h:167
#define FILE_DEVICE_NETWORK
Definition: winioctl.h:123
Definition: bidi.c:75
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define DOSDEVICE_DRIVE_RAMDISK
Definition: obtypes.h:169
__wchar_t WCHAR
Definition: xmlstorage.h:180
DeviceType
Definition: mmdrv.h:41
#define FILE_DEVICE_FILE_SYSTEM
Definition: winioctl.h:114
#define DOSDEVICE_DRIVE_CDROM
Definition: obtypes.h:168
UNICODE_STRING Name
Definition: obtypes.h:433
#define FILE_DEVICE_VIRTUAL_DISK
Definition: winioctl.h:141
NTSYSAPI WCHAR NTAPI RtlUpcaseUnicodeChar(WCHAR Source)
POBJECT_DIRECTORY ObpRootDirectoryObject
Definition: obname.c:19
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FILE_DEVICE_CD_ROM
Definition: winioctl.h:107
ULONG DriveMap
Definition: obtypes.h:522
#define DOSDEVICE_DRIVE_REMOVABLE
Definition: obtypes.h:165
#define FILE_REMOVABLE_MEDIA
Definition: nt_native.h:807
#define STATUS_REPARSE_OBJECT
Definition: ntstatus.h:102
#define DOSDEVICE_DRIVE_CALCULATE
Definition: obtypes.h:164
#define DOSDEVICE_DRIVE_UNKNOWN
Definition: obtypes.h:163
smooth NULL
Definition: ftsmooth.c:513
#define FILE_DEVICE_DISK_FILE_SYSTEM
Definition: winioctl.h:113
#define DOSDEVICE_DRIVE_FIXED
Definition: obtypes.h:166
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
UCHAR DriveType[32]
Definition: obtypes.h:523
static IUnknown Object
Definition: main.c:512
int WINAPI DriveType(int DriveType)
Definition: shellord.c:1408
unsigned char UCHAR
Definition: xmlstorage.h:181
PDEVICE_MAP ObSystemDeviceMap
Definition: obinit.c:46
Status
Definition: gdiplustypes.h:24
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:255
#define NT_SUCCESS(StatCode)
Definition: cmd.c:149
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:221
LONG NTSTATUS
Definition: DriverTester.h:11
#define FILE_DEVICE_NETWORK_FILE_SYSTEM
Definition: winioctl.h:125
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define DPRINT1
Definition: precomp.h:8
#define FILE_DEVICE_CD_ROM_FILE_SYSTEM
Definition: winioctl.h:108
struct tagContext Context
Definition: acpixf.h:1013
unsigned int ULONG
Definition: retypes.h:1
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24
_In_ BOOLEAN _In_ USHORT Directory
Definition: rtlfuncs.h:3718
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
static const WCHAR SymbolicLink[]
Definition: interface.c:31
BOOLEAN NTAPI ObpDeleteEntryDirectory ( IN POBP_LOOKUP_CONTEXT  Context)

Referenced by ObpDeleteNameCheck().

VOID NTAPI ObpDeleteNameCheck ( IN PVOID  Object)

Definition at line 261 of file obname.c.

Referenced by ObInsertObject(), ObpDecrementHandleCount(), and ObpSetPermanentObject().

262 {
263  POBJECT_HEADER ObjectHeader;
265  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
267  PVOID Directory = NULL;
268 
269  /* Get object structures */
270  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
271  ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
272  ObjectType = ObjectHeader->Type;
273 
274  /*
275  * Check if the handle count is 0, if the object is named,
276  * and if the object isn't a permanent object.
277  */
278  if (!(ObjectHeader->HandleCount) &&
279  (ObjectNameInfo) &&
280  (ObjectNameInfo->Name.Length) &&
281  (ObjectNameInfo->Directory) &&
282  !(ObjectHeader->Flags & OB_FLAG_PERMANENT))
283  {
284  /* Setup a lookup context */
285  ObpInitializeLookupContext(&Context);
286 
287  /* Lock the directory */
288  ObpAcquireDirectoryLockExclusive(ObjectNameInfo->Directory, &Context);
289 
290  /* Do the lookup */
291  Object = ObpLookupEntryDirectory(ObjectNameInfo->Directory,
292  &ObjectNameInfo->Name,
293  0,
294  FALSE,
295  &Context);
296  if (Object)
297  {
298  /* Lock the object */
299  ObpAcquireObjectLock(ObjectHeader);
300 
301  /* Make sure we can still delete the object */
302  if (!(ObjectHeader->HandleCount) &&
303  !(ObjectHeader->Flags & OB_FLAG_PERMANENT))
304  {
305  /* First delete it from the directory */
306  ObpDeleteEntryDirectory(&Context);
307 
308  /* Check if this is a symbolic link */
309  if (ObjectType == ObSymbolicLinkType)
310  {
311  /* Remove internal name */
313  }
314 
315  /* Check if the kernel exclusive is set */
316  ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
317  if ((ObjectNameInfo) &&
318  (ObjectNameInfo->QueryReferences & OB_FLAG_KERNEL_EXCLUSIVE))
319  {
320  /* Remove protection flag */
321  InterlockedExchangeAdd((PLONG)&ObjectNameInfo->QueryReferences,
323  }
324 
325  /* Get the directory */
326  Directory = ObjectNameInfo->Directory;
327  }
328 
329  /* Release the lock */
330  ObpReleaseObjectLock(ObjectHeader);
331  }
332 
333  /* Cleanup after lookup */
334  ObpReleaseLookupContext(&Context);
335 
336  /* Remove another query reference since we added one on top */
337  ObpDereferenceNameInfo(ObjectNameInfo);
338 
339  /* Check if we were inserted in a directory */
340  if (Directory)
341  {
342  /* We were, so first remove the extra reference we had added */
343  ObpDereferenceNameInfo(ObjectNameInfo);
344 
345  /* Now dereference the object as well */
347  }
348  }
349  else
350  {
351  /* Remove the reference we added */
352  ObpDereferenceNameInfo(ObjectNameInfo);
353  }
354 }
DWORD *typedef PVOID
Definition: winlogon.h:52
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE ObjectType
Definition: security.c:80
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
UNICODE_STRING Name
Definition: obtypes.h:433
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
#define OB_FLAG_PERMANENT
Definition: obtypes.h:101
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FALSE
Definition: types.h:117
LONG HandleCount
Definition: obtypes.h:484
smooth NULL
Definition: ftsmooth.c:513
UCHAR Flags
Definition: obtypes.h:491
#define InterlockedExchangeAdd
Definition: interlocked.h:181
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
FORCEINLINE VOID ObpAcquireDirectoryLockExclusive(IN POBJECT_DIRECTORY Directory, IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:190
static IUnknown Object
Definition: main.c:512
PVOID NTAPI ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
Definition: obdir.c:123
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:255
VOID NTAPI ObpDeleteSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
Definition: oblink.c:24
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:221
struct tagContext Context
Definition: acpixf.h:1013
base for all directory entries
Definition: entries.h:138
POBJECT_TYPE ObSymbolicLinkType
Definition: oblink.c:18
POBJECT_TYPE Type
Definition: obtypes.h:487
signed int * PLONG
Definition: retypes.h:5
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
#define OB_FLAG_KERNEL_EXCLUSIVE
Definition: obtypes.h:109
BOOLEAN NTAPI ObpDeleteEntryDirectory(IN POBP_LOOKUP_CONTEXT Context)
VOID NTAPI ObpDeleteObject ( IN PVOID  Object,
IN BOOLEAN  CalledFromWorkerThread 
)

Definition at line 148 of file oblife.c.

Referenced by ObfDereferenceObject(), and ObpReapObject().

150 {
153  POBJECT_HEADER_NAME_INFO NameInfo;
154  POBJECT_HEADER_CREATOR_INFO CreatorInfo;
155  KIRQL CalloutIrql;
156  PAGED_CODE();
157 
158  /* Get the header and type */
160  ObjectType = Header->Type;
161 
162  /* Get creator and name information */
163  NameInfo = OBJECT_HEADER_TO_NAME_INFO(Header);
164  CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(Header);
165 
166  /* Check if the object is on a type list */
167  if ((CreatorInfo) && !(IsListEmpty(&CreatorInfo->TypeList)))
168  {
169  /* Lock the object type */
170  ObpEnterObjectTypeMutex(ObjectType);
171 
172  /* Remove the object from the type list */
173  RemoveEntryList(&CreatorInfo->TypeList);
174 
175  /* Release the lock */
176  ObpLeaveObjectTypeMutex(ObjectType);
177  }
178 
179  /* Check if we have a name */
180  if ((NameInfo) && (NameInfo->Name.Buffer))
181  {
182  /* Free it */
183  ExFreePool(NameInfo->Name.Buffer);
184  RtlInitEmptyUnicodeString(&NameInfo->Name, NULL, 0);
185  }
186 
187  /* Check if we have a security descriptor */
188  if (Header->SecurityDescriptor)
189  {
190  /* Call the security procedure to delete it */
191  ObpCalloutStart(&CalloutIrql);
192  ObjectType->TypeInfo.SecurityProcedure(Object,
193  DeleteSecurityDescriptor,
194  0,
195  NULL,
196  NULL,
197  &Header->SecurityDescriptor,
198  0,
199  NULL);
200  ObpCalloutEnd(CalloutIrql, "Security", ObjectType, Object);
201  }
202 
203  /* Check if we have a delete procedure */
204  if (ObjectType->TypeInfo.DeleteProcedure)
205  {
206  /* Save whether we were deleted from worker thread or not */
207  if (!CalledFromWorkerThread) Header->Flags |= OB_FLAG_DEFER_DELETE;
208 
209  /* Call it */
210  ObpCalloutStart(&CalloutIrql);
211  ObjectType->TypeInfo.DeleteProcedure(Object);
212  ObpCalloutEnd(CalloutIrql, "Delete", ObjectType, Object);
213  }
214 
215  /* Now de-allocate all object members */
217 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE ObjectType
Definition: security.c:80
UNICODE_STRING Name
Definition: obtypes.h:433
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
UCHAR KIRQL
Definition: env_spec_w32.h:591
Definition: Header.h:8
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:429
smooth NULL
Definition: ftsmooth.c:513
UCHAR Flags
Definition: obtypes.h:491
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:272
#define PAGED_CODE()
Definition: video.h:57
static IUnknown Object
Definition: main.c:512
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:284
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:437
VOID FASTCALL ObpDeallocateObject(IN PVOID Object)
Definition: oblife.c:39
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
#define OB_FLAG_DEFER_DELETE
Definition: obtypes.h:104
OB_SECURITY_METHOD SecurityProcedure
Definition: obtypes.h:371
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
Definition: obtypes.h:126
POBJECT_TYPE Type
Definition: obtypes.h:487
OB_DELETE_METHOD DeleteProcedure
Definition: obtypes.h:369
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:497
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
VOID NTAPI ObpDeleteObjectType ( IN PVOID  Object)

Definition at line 1315 of file oblife.c.

Referenced by ObInitSystem().

1316 {
1317  ULONG i;
1319 
1320  /* Loop our locks */
1321  for (i = 0; i < 4; i++)
1322  {
1323  /* Delete each one */
1324  ExDeleteResourceLite(&ObjectType->ObjectLocks[i]);
1325  }
1326 
1327  /* Delete our main mutex */
1328  ExDeleteResourceLite(&ObjectType->Mutex);
1329 }
DWORD *typedef PVOID
Definition: winlogon.h:52
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE ObjectType
Definition: security.c:80
NTSTATUS NTAPI ExDeleteResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1456
GLenum GLclampf GLint i
Definition: glfuncs.h:14
ERESOURCE Mutex
Definition: obtypes.h:381
static IUnknown Object
Definition: main.c:512
ERESOURCE ObjectLocks[4]
Definition: obtypes.h:392
unsigned int ULONG
Definition: retypes.h:1
VOID NTAPI ObpDeleteSymbolicLink ( IN PVOID  ObjectBody)

Referenced by ObInitSystem().

VOID NTAPI ObpDeleteSymbolicLinkName ( IN POBJECT_SYMBOLIC_LINK  SymbolicLink)

Definition at line 24 of file oblink.c.

Referenced by ObpDeleteNameCheck().

25 {
26  POBJECT_HEADER ObjectHeader;
27  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
28 
29  /* FIXME: Need to support Device maps */
30 
31  /* Get header data */
32  ObjectHeader = OBJECT_TO_OBJECT_HEADER(SymbolicLink);
33  ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
34 
35  /* Check if we are not actually in a directory with a device map */
36  if (!(ObjectNameInfo) ||
37  !(ObjectNameInfo->Directory) /*||
38  !(ObjectNameInfo->Directory->DeviceMap)*/)
39  {
40  ObpDereferenceNameInfo(ObjectNameInfo);
41  return;
42  }
43 
44  /* Check if it's a DOS drive letter, and remove the entry from drive map if needed */
45  if (SymbolicLink->DosDeviceDriveIndex != 0 &&
46  ObjectNameInfo->Name.Length == 2 * sizeof(WCHAR) &&
47  ObjectNameInfo->Name.Buffer[1] == L':' &&
48  ( (ObjectNameInfo->Name.Buffer[0] >= L'A' &&
49  ObjectNameInfo->Name.Buffer[0] <= L'Z') ||
50  (ObjectNameInfo->Name.Buffer[0] >= L'a' &&
51  ObjectNameInfo->Name.Buffer[0] <= L'z') ))
52  {
53  /* Remove the drive entry */
55  ObSystemDeviceMap->DriveType[SymbolicLink->DosDeviceDriveIndex-1] =
58  ~(1 << (SymbolicLink->DosDeviceDriveIndex-1));
60 
61  /* Reset the drive index, valid drive index starts from 1 */
62  SymbolicLink->DosDeviceDriveIndex = 0;
63  }
64 
65  ObpDereferenceNameInfo(ObjectNameInfo);
66 }
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
Definition: bidi.c:75
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
__wchar_t WCHAR
Definition: xmlstorage.h:180
UNICODE_STRING Name
Definition: obtypes.h:433
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
ULONG DriveMap
Definition: obtypes.h:522
#define DOSDEVICE_DRIVE_UNKNOWN
Definition: obtypes.h:163
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
UCHAR DriveType[32]
Definition: obtypes.h:523
PDEVICE_MAP ObSystemDeviceMap
Definition: obinit.c:46
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
static const WCHAR SymbolicLink[]
Definition: interface.c:31
VOID NTAPI ObpFreeObjectNameBuffer ( IN PUNICODE_STRING  Name)

Definition at line 347 of file oblife.c.

Referenced by ObCreateObject(), ObOpenObjectByName(), ObpCaptureObjectName(), and ObReferenceObjectByName().

348 {
349  PVOID Buffer = Name->Buffer;
350 
351  /* We know this is a pool-allocation if the size doesn't match */
352  if (Name->MaximumLength != OBP_NAME_LOOKASIDE_MAX_SIZE)
353  {
354  /*
355  * Free it from the pool.
356  *
357  * We cannot use here ExFreePoolWithTag(..., OB_NAME_TAG); , because
358  * the object name may have been massaged during operation by different
359  * object parse routines. If the latter ones have to resolve a symbolic
360  * link (e.g. as is done by CmpParseKey() and CmpGetSymbolicLink()),
361  * the original object name is freed and re-allocated from the pool,
362  * possibly with a different pool tag. At the end of the day, the new
363  * object name can be reallocated and completely different, but we
364  * should still be able to free it!
365  */
366  ExFreePool(Buffer);
367  }
368  else
369  {
370  /* Otherwise, free from the lookaside */
372  }
373 }
DWORD *typedef PVOID
Definition: winlogon.h:52
FORCEINLINE VOID ObpFreeCapturedAttributes(IN PVOID Buffer, IN PP_NPAGED_LOOKASIDE_NUMBER Type)
Definition: ob_x.h:348
Definition: bufpool.h:45
_In_ PUNICODE_STRING Name
Definition: mrx.h:213
#define OBP_NAME_LOOKASIDE_MAX_SIZE
Definition: ob_x.h:18
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
NTSTATUS NTAPI ObpInitSdCache ( VOID  )

Definition at line 61 of file obsdcach.c.

Referenced by ObInitSystem().

62 {
63  ULONG i;
64 
65  /* Loop each cache entry */
66  for (i = 0; i < SD_CACHE_ENTRIES; i++)
67  {
68  /* Initialize the lock and the list */
71  }
72 
73  /* Return success */
74  return STATUS_SUCCESS;
75 }
#define STATUS_SUCCESS
Definition: contextmenu.cpp:55
OB_SD_CACHE_LIST ObsSecurityDescriptorCache[SD_CACHE_ENTRIES]
Definition: obsdcach.c:18
GLenum GLclampf GLint i
Definition: glfuncs.h:14
#define SD_CACHE_ENTRIES
Definition: obsdcach.c:17
#define ExInitializePushLock
Definition: ex.h:943
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
unsigned int ULONG
Definition: retypes.h:1
BOOLEAN NTAPI ObpInsertEntryDirectory ( IN POBJECT_DIRECTORY  Parent,
IN POBP_LOOKUP_CONTEXT  Context,
IN POBJECT_HEADER  ObjectHeader 
)

Definition at line 46 of file obdir.c.

Referenced by ObCreateObjectType(), ObInitSystem(), and ObpLookupObjectName().

49 {
50  POBJECT_DIRECTORY_ENTRY *AllocatedEntry;
51  POBJECT_DIRECTORY_ENTRY NewEntry;
52  POBJECT_HEADER_NAME_INFO HeaderNameInfo;
53 
54  /* Make sure we have a name */
55  ASSERT(ObjectHeader->NameInfoOffset != 0);
56 
57  /* Validate the context */
58  if ((Context->Object) ||
59  !(Context->DirectoryLocked) ||
60  (Parent != Context->Directory))
61  {
62  /* Invalid context */
63  DPRINT1("OB: ObpInsertEntryDirectory - invalid context %p %u\n",
64  Context, Context->DirectoryLocked);
65  ASSERT(FALSE);
66  return FALSE;
67  }
68 
69  /* Allocate a new Directory Entry */
71  sizeof(OBJECT_DIRECTORY_ENTRY),
72  OB_DIR_TAG);
73  if (!NewEntry) return FALSE;
74 
75  /* Save the hash */
76  NewEntry->HashValue = Context->HashValue;
77 
78  /* Get the Object Name Information */
79  HeaderNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
80 
81  /* Get the Allocated entry */
82  AllocatedEntry = &Parent->HashBuckets[Context->HashIndex];
83 
84  /* Set it */
85  NewEntry->ChainLink = *AllocatedEntry;
86  *AllocatedEntry = NewEntry;
87 
88  /* Associate the Object */
89  NewEntry->Object = &ObjectHeader->Body;
90 
91  /* Associate the Directory */
92  HeaderNameInfo->Directory = Parent;
93  return TRUE;
94 }
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
#define TRUE
Definition: types.h:120
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:717
PVOID Object
Definition: obtypes.h:401
#define OB_DIR_TAG
Definition: tag.h:152
#define FALSE
Definition: types.h:117
ULONG HashValue
Definition: obtypes.h:403
Definition: obtypes.h:398
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
struct _OBJECT_DIRECTORY_ENTRY * ChainLink
Definition: obtypes.h:400
#define DPRINT1
Definition: precomp.h:8
PVOID NTAPI ObpLookupEntryDirectory ( IN POBJECT_DIRECTORY  Directory,
IN PUNICODE_STRING  Name,
IN ULONG  Attributes,
IN UCHAR  SearchShadow,
IN POBP_LOOKUP_CONTEXT  Context 
)

Definition at line 123 of file obdir.c.

Referenced by ObCreateObjectType(), ObInitSystem(), ObpDeleteNameCheck(), ObpLookupObjectName(), and ObpParseSymbolicLinkToIoDeviceObject().

128 {
130  POBJECT_HEADER_NAME_INFO HeaderNameInfo;
131  POBJECT_HEADER ObjectHeader;
133  ULONG HashIndex;
134  LONG TotalChars;
135  WCHAR CurrentChar;
136  POBJECT_DIRECTORY_ENTRY *AllocatedEntry;
137  POBJECT_DIRECTORY_ENTRY *LookupBucket;
138  POBJECT_DIRECTORY_ENTRY CurrentEntry;
139  PVOID FoundObject = NULL;
140  PWSTR Buffer;
141  PAGED_CODE();
142 
143  /* Check if we should search the shadow directory */
144  if (!ObpLUIDDeviceMapsEnabled) SearchShadow = FALSE;
145 
146  /* Fail if we don't have a directory or name */
147  if (!(Directory) || !(Name)) goto Quickie;
148 
149  /* Get name information */
150  TotalChars = Name->Length / sizeof(WCHAR);
151  Buffer = Name->Buffer;
152 
153  /* Set up case-sensitivity */
154  if (Attributes & OBJ_CASE_INSENSITIVE) CaseInsensitive = TRUE;
155 
156  /* Fail if the name is empty */
157  if (!(Buffer) || !(TotalChars)) goto Quickie;
158 
159  /* Create the Hash */
160  for (HashValue = 0; TotalChars; TotalChars--)
161  {
162  /* Go to the next Character */
163  CurrentChar = *Buffer++;
164 
165  /* Prepare the Hash */
166  HashValue += (HashValue << 1) + (HashValue >> 1);
167 
168  /* Create the rest based on the name */
169  if (CurrentChar < 'a') HashValue += CurrentChar;
170  else if (CurrentChar > 'z') HashValue += RtlUpcaseUnicodeChar(CurrentChar);
171  else HashValue += (CurrentChar - ('a'-'A'));
172  }
173 
174  /* Merge it with our number of hash buckets */
175  HashIndex = HashValue % 37;
176 
177  /* Save the result */
178  Context->HashValue = HashValue;
179  Context->HashIndex = (USHORT)HashIndex;
180 
181  /* Get the root entry and set it as our lookup bucket */
182  AllocatedEntry = &Directory->HashBuckets[HashIndex];
183  LookupBucket = AllocatedEntry;
184 
185  /* Check if the directory is already locked */
186  if (!Context->DirectoryLocked)
187  {
188  /* Lock it */
190  }
191 
192  /* Start looping */
193  while ((CurrentEntry = *AllocatedEntry))
194  {
195  /* Do the hashes match? */
196  if (CurrentEntry->HashValue == HashValue)
197  {
198  /* Make sure that it has a name */
199  ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentEntry->Object);
200 
201  /* Get the name information */
202  ASSERT(ObjectHeader->NameInfoOffset != 0);
203  HeaderNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
204 
205  /* Do the names match? */
206  if ((Name->Length == HeaderNameInfo->Name.Length) &&
207  (RtlEqualUnicodeString(Name, &HeaderNameInfo->Name, CaseInsensitive)))
208  {
209  break;
210  }
211  }
212 
213  /* Move to the next entry */
214  AllocatedEntry = &CurrentEntry->ChainLink;
215  }
216 
217  /* Check if we still have an entry */
218  if (CurrentEntry)
219  {
220  /* Set this entry as the first, to speed up incoming insertion */
221  if (AllocatedEntry != LookupBucket)
222  {
223  /* Check if the directory was locked or convert the lock */
224  if ((Context->DirectoryLocked) ||
226  {
227  /* Set the Current Entry */
228  *AllocatedEntry = CurrentEntry->ChainLink;
229 
230  /* Link to the old Hash Entry */
231  CurrentEntry->ChainLink = *LookupBucket;
232 
233  /* Set the new Hash Entry */
234  *LookupBucket = CurrentEntry;
235  }
236  }
237 
238  /* Save the found object */
239  FoundObject = CurrentEntry->Object;
240  goto Quickie;
241  }
242  else
243  {
244  /* Check if the directory was locked */
245  if (!Context->DirectoryLocked)
246  {
247  /* Release the lock */
249  }
250 
251  /* Check if we should scan the shadow directory */
252  if ((SearchShadow) && (Directory->DeviceMap))
253  {
254  /* FIXME: We don't support this yet */
255  ASSERT(FALSE);
256  }
257  }
258 
259 Quickie:
260  /* Check if we inserted an object */
261  if (FoundObject)
262  {
263  /* Get the object name information */
264  ObjectHeader = OBJECT_TO_OBJECT_HEADER(FoundObject);
265  ObpReferenceNameInfo(ObjectHeader);
266 
267  /* Reference the object being looked up */
268  ObReferenceObject(FoundObject);
269 
270  /* Check if the directory was locked */
271  if (!Context->DirectoryLocked)
272  {
273  /* Release the lock */
275  }
276  }
277 
278  /* Check if we found an object already */
279  if (Context->Object)
280  {
281  /* We already did a lookup, so remove this object's query reference */
282  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Context->Object);
283  HeaderNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
284  ObpDereferenceNameInfo(HeaderNameInfo);
285 
286  /* Also dereference the object itself */
287  ObDereferenceObject(Context->Object);
288  }
289 
290  /* Return the object we found */
291  Context->Object = FoundObject;
292  return FoundObject;
293 }
DWORD *typedef PVOID
Definition: winlogon.h:52
#define TRUE
Definition: types.h:120
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
__wchar_t WCHAR
Definition: xmlstorage.h:180
UNICODE_STRING Name
Definition: obtypes.h:433
PVOID *typedef PWSTR
Definition: winlogon.h:57
_In_ BOOLEAN _In_ ULONG _Out_ PULONG HashValue
Definition: rtlfuncs.h:2039
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
UCHAR NameInfoOffset
Definition: obtypes.h:488
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
#define WCHAR
Definition: msvc.h:43
NTSYSAPI WCHAR NTAPI RtlUpcaseUnicodeChar(WCHAR Source)
PVOID Object
Definition: obtypes.h:401
FORCEINLINE VOID ObpReleaseDirectoryLock(IN POBJECT_DIRECTORY Directory, IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:210
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FALSE
Definition: types.h:117
long LONG
Definition: pedump.c:60
FORCEINLINE VOID ObpAcquireDirectoryLockShared(IN POBJECT_DIRECTORY Directory, IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:174
smooth NULL
Definition: ftsmooth.c:513
_In_ const STRING _In_ BOOLEAN CaseInsensitive
Definition: rtlfuncs.h:2245
unsigned char BOOLEAN
BOOLEAN ObpLUIDDeviceMapsEnabled
Definition: obdir.c:20
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
ULONG HashValue
Definition: obtypes.h:403
Definition: obtypes.h:398
#define PAGED_CODE()
Definition: video.h:57
UINTN VOID * Buffer
Definition: acefiex.h:370
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
_In_ PUNICODE_STRING Name
Definition: mrx.h:213
unsigned short USHORT
Definition: pedump.c:61
FORCEINLINE BOOLEAN ExConvertPushLockSharedToExclusive(IN PEX_PUSH_LOCK PushLock)
Definition: ex.h:1069
struct _OBJECT_DIRECTORY_ENTRY * ChainLink
Definition: obtypes.h:400
#define ObReferenceObject
Definition: obfuncs.h:204
unsigned int ULONG
Definition: retypes.h:1
base for all directory entries
Definition: entries.h:138
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
struct _ACPI_EFI_FILE_HANDLE CHAR16 UINT64 UINT64 Attributes
Definition: acefiex.h:335
NTSTATUS NTAPI ObpLookupObjectName ( IN HANDLE RootHandle  OPTIONAL,
IN OUT PUNICODE_STRING  ObjectName,
IN ULONG  Attributes,
IN POBJECT_TYPE  ObjectType,
IN KPROCESSOR_MODE  AccessMode,
IN OUT PVOID  ParseContext,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos  OPTIONAL,
IN PVOID InsertObject  OPTIONAL,
IN OUT PACCESS_STATE  AccessState,
OUT POBP_LOOKUP_CONTEXT  LookupContext,
OUT PVOID FoundObject 
)

Definition at line 358 of file obname.c.

Referenced by ObInsertObject(), ObOpenObjectByName(), and ObReferenceObjectByName().

369 {
370  PVOID Object;
371  POBJECT_HEADER ObjectHeader;
372  UNICODE_STRING ComponentName, RemainingName;
373  BOOLEAN Reparse = FALSE, SymLink = FALSE;
374  POBJECT_DIRECTORY Directory = NULL, ParentDirectory = NULL, RootDirectory;
375  POBJECT_DIRECTORY ReferencedDirectory = NULL, ReferencedParentDirectory = NULL;
376  KIRQL CalloutIrql;
377  OB_PARSE_METHOD ParseRoutine;
379  KPROCESSOR_MODE AccessCheckMode;
380  PWCHAR NewName;
381  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
382  ULONG MaxReparse = 30;
383  PAGED_CODE();
385  "%s - Finding Object: %wZ. Expecting: %p\n",
386  __FUNCTION__,
387  ObjectName,
388  InsertObject);
389 
390  /* Initialize starting state */
391  ObpInitializeLookupContext(LookupContext);
392  *FoundObject = NULL;
393  Status = STATUS_SUCCESS;
394  Object = NULL;
395 
396  /* Check if case-insensitivity is checked */
397  if (ObpCaseInsensitive)
398  {
399  /* Check if the object type requests this */
400  if (!(ObjectType) || (ObjectType->TypeInfo.CaseInsensitive))
401  {
402  /* Add the flag to disable case sensitivity */
404  }
405  }
406 
407  /* Check if this is a access checks are being forced */
408  AccessCheckMode = (Attributes & OBJ_FORCE_ACCESS_CHECK) ?
410 
411  /* Check if we got a Root Directory */
412  if (RootHandle)
413  {
414  /* We did. Reference it */
415  Status = ObReferenceObjectByHandle(RootHandle,
416  0,
417  NULL,
418  AccessMode,
419  (PVOID*)&RootDirectory,
420  NULL);
421  if (!NT_SUCCESS(Status)) return Status;
422 
423  /* Get the header */
424  ObjectHeader = OBJECT_TO_OBJECT_HEADER(RootDirectory);
425 
426  /* The name cannot start with a separator, unless this is a file */
427  if ((ObjectName->Buffer) &&
429  (ObjectHeader->Type != IoFileObjectType))
430  {
431  /* The syntax is bad, so fail this request */
432  ObDereferenceObject(RootDirectory);
434  }
435 
436  /* Don't parse a Directory */
437  if (ObjectHeader->Type != ObDirectoryType)
438  {
439  /* Make sure the Object Type has a parse routine */
440  ParseRoutine = ObjectHeader->Type->TypeInfo.ParseProcedure;
441  if (!ParseRoutine)
442  {
443  /* We can't parse a name if we don't have a parse routine */
444  ObDereferenceObject(RootDirectory);
445  return STATUS_INVALID_HANDLE;
446  }
447 
448  /* Set default parse count */
449  MaxReparse = 30;
450 
451  /* Now parse */
452  while (TRUE)
453  {
454  /* Start with the full name */
455  RemainingName = *ObjectName;
456 
457  /* Call the Parse Procedure */
458  ObpCalloutStart(&CalloutIrql);
459  Status = ParseRoutine(RootDirectory,
460  ObjectType,
461  AccessState,
462  AccessCheckMode,
463  Attributes,
464  ObjectName,
465  &RemainingName,
466  ParseContext,
467  SecurityQos,
468  &Object);
469  ObpCalloutEnd(CalloutIrql, "Parse", ObjectHeader->Type, Object);
470 
471  /* Check for success or failure, so not reparse */
472  if ((Status != STATUS_REPARSE) &&
473  (Status != STATUS_REPARSE_OBJECT))
474  {
475  /* Check for failure */
476  if (!NT_SUCCESS(Status))
477  {
478  /* Parse routine might not have cleared this, do it */
479  Object = NULL;
480  }
481  else if (!Object)
482  {
483  /* Modify status to reflect failure inside Ob */
485  }
486 
487  /* We're done, return the status and object */
488  *FoundObject = Object;
489  ObDereferenceObject(RootDirectory);
490  return Status;
491  }
492  else if ((!ObjectName->Length) ||
493  (!ObjectName->Buffer) ||
495  {
496  /* Reparsed to the root directory, so start over */
497  ObDereferenceObject(RootDirectory);
498  RootDirectory = ObpRootDirectoryObject;
499 
500  /* Don't use this anymore, since we're starting at root */
501  RootHandle = NULL;
502  goto ParseFromRoot;
503  }
504  else if (--MaxReparse)
505  {
506  /* Try reparsing again */
507  continue;
508  }
509  else
510  {
511  /* Reparsed too many times */
512  ObDereferenceObject(RootDirectory);
513 
514  /* Return the object and normalized status */
515  *FoundObject = Object;
516  if (!Object) Status = STATUS_OBJECT_NAME_NOT_FOUND;
517  return Status;
518  }
519  }
520  }
521  else if (!(ObjectName->Length) || !(ObjectName->Buffer))
522  {
523  /* Just return the Root Directory if we didn't get a name */
524  Status = ObReferenceObjectByPointer(RootDirectory,
525  0,
526  ObjectType,
527  AccessMode);
528  if (NT_SUCCESS(Status)) Object = RootDirectory;
529 
530  /* Remove the first reference we added and return the object */
531  ObDereferenceObject(RootDirectory);
532  *FoundObject = Object;
533  return Status;
534  }
535  }
536  else
537  {
538  /* We did not get a Root Directory, so use the root */
539  RootDirectory = ObpRootDirectoryObject;
540 
541  /* It must start with a path separator */
542  if (!(ObjectName->Length) ||
543  !(ObjectName->Buffer) ||
545  {
546  /* This name is invalid, so fail */
548  }
549 
550  /* Check if the name is only the path separator */
551  if (ObjectName->Length == sizeof(OBJ_NAME_PATH_SEPARATOR))
552  {
553  /* So the caller only wants the root directory; do we have one? */
554  if (!RootDirectory)
555  {
556  /* This must be the first time we're creating it... right? */
557  if (InsertObject)
558  {
559  /* Yes, so return it to ObInsert so that it can create it */
560  Status = ObReferenceObjectByPointer(InsertObject,
561  0,
562  ObjectType,
563  AccessMode);
564  if (NT_SUCCESS(Status)) *FoundObject = InsertObject;
565  return Status;
566  }
567  else
568  {
569  /* This should never really happen */
570  ASSERT(FALSE);
572  }
573  }
574  else
575  {
576  /* We do have the root directory, so just return it */
577  Status = ObReferenceObjectByPointer(RootDirectory,
578  0,
579  ObjectType,
580  AccessMode);
581  if (NT_SUCCESS(Status)) *FoundObject = RootDirectory;
582  return Status;
583  }
584  }
585  else
586  {
587 ParseFromRoot:
588  /* FIXME: Check if we have a device map */
589 
590  /* Check if this is a possible DOS name */
591  if (!((ULONG_PTR)(ObjectName->Buffer) & 7))
592  {
593  /*
594  * This could be one. Does it match the prefix?
595  * Note that as an optimization, the match is done as 64-bit
596  * compare since the prefix is "\??\" which is exactly 8 bytes.
597  *
598  * In the second branch, we test for "\??" which is also valid.
599  * This time, we use a 32-bit compare followed by a Unicode
600  * character compare (16-bit), since the sum is 6 bytes.
601  */
603  (*(PULONGLONG)(ObjectName->Buffer) ==
605  {
606  /* FIXME! */
607  }
609  sizeof(WCHAR)) &&
610  (*(PULONG)(ObjectName->Buffer) ==
612  (*((PWCHAR)(ObjectName->Buffer) + 2) ==
614  {
615  /* FIXME! */
616  }
617  }
618  }
619  }
620 
621  /* Check if we were reparsing a symbolic link */
622  if (!SymLink)
623  {
624  /* Allow reparse */
625  Reparse = TRUE;
626  MaxReparse = 30;
627  }
628 
629  /* Reparse */
630  while (Reparse && MaxReparse)
631  {
632  /* Get the name */
633  RemainingName = *ObjectName;
634 
635  /* Disable reparsing again */
636  Reparse = FALSE;
637 
638  /* Start parse loop */
639  while (TRUE)
640  {
641  /* Clear object */
642  Object = NULL;
643 
644  /* Check if the name starts with a path separator */
645  if ((RemainingName.Length) &&
646  (RemainingName.Buffer[0] == OBJ_NAME_PATH_SEPARATOR))
647  {
648  /* Skip the path separator */
649  RemainingName.Buffer++;
650  RemainingName.Length -= sizeof(OBJ_NAME_PATH_SEPARATOR);
651  }
652 
653  /* Find the next Part Name */
654  ComponentName = RemainingName;
655  while (RemainingName.Length)
656  {
657  /* Break if we found the \ ending */
658  if (RemainingName.Buffer[0] == OBJ_NAME_PATH_SEPARATOR) break;
659 
660  /* Move on */
661  RemainingName.Buffer++;
662  RemainingName.Length -= sizeof(OBJ_NAME_PATH_SEPARATOR);
663  }
664 
665  /* Get its size and make sure it's valid */
666  ComponentName.Length -= RemainingName.Length;
667  if (!ComponentName.Length)
668  {
669  /* Invalid size, fail */
671  break;
672  }
673 
674  /* Check if we're in the root */
675  if (!Directory) Directory = RootDirectory;
676 
677  /* Check if this is a user-mode call that needs to traverse */
678  if ((AccessCheckMode != KernelMode) &&
680  {
681  /* We shouldn't have referenced a directory yet */
682  ASSERT(ReferencedDirectory == NULL);
683 
684  /* Reference the directory */
685  ObReferenceObject(Directory);
686  ReferencedDirectory = Directory;
687 
688  /* Check if we have a parent directory */
689  if (ParentDirectory)
690  {
691  /* Check for traverse access */
692  if (!ObpCheckTraverseAccess(ParentDirectory,
694  AccessState,
695  FALSE,
696  AccessCheckMode,
697  &Status))
698  {
699  /* We don't have it, fail */
700  break;
701  }
702  }
703  }
704 
705  /* Check if we don't have a remaining name yet */
706  if (!RemainingName.Length)
707  {
708  /* Check if we don't have a referenced directory yet */
709  if (!ReferencedDirectory)
710  {
711  /* Reference it */
712  ObReferenceObject(Directory);
713  ReferencedDirectory = Directory;
714  }
715 
716  /* Check if we are inserting an object */
717  if (InsertObject)
718  {
719  /* Lock the directory */
720  ObpAcquireDirectoryLockExclusive(Directory, LookupContext);
721  }
722  }
723 
724  /* Do the lookup */
725  Object = ObpLookupEntryDirectory(Directory,
726  &ComponentName,
727  Attributes,
728  InsertObject ? FALSE : TRUE,
729  LookupContext);
730  if (!Object)
731  {
732  /* We didn't find it... do we still have a path? */
733  if (RemainingName.Length)
734  {
735  /* Then tell the caller the path wasn't found */
737  break;
738  }
739  else if (!InsertObject)
740  {
741  /* Otherwise, we have a path, but the name isn't valid */
743  break;
744  }
745 
746  /* Check create access for the object */
747  if (!ObCheckCreateObjectAccess(Directory,
751  AccessState,
752  &ComponentName,
753  FALSE,
754  AccessCheckMode,
755  &Status))
756  {
757  /* We don't have create access, fail */
758  break;
759  }
760 
761  /* Get the object header */
762  ObjectHeader = OBJECT_TO_OBJECT_HEADER(InsertObject);
763 
764  /* FIXME: Check if this is a Section Object or Sym Link */
765  /* FIXME: If it is, then check if this isn't session 0 */
766  /* FIXME: If it isn't, check for SeCreateGlobalPrivilege */
767  /* FIXME: If privilege isn't there, check for unsecure name */
768  /* FIXME: If it isn't a known unsecure name, then fail */
769 
770  /* Create Object Name */
772  ComponentName.Length,
773  OB_NAME_TAG);
774  if (!(NewName) ||
775  !(ObpInsertEntryDirectory(Directory,
776  LookupContext,
777  ObjectHeader)))
778  {
779  /* Either couldn't allocate the name, or insert failed */
780  if (NewName) ExFreePoolWithTag(NewName, OB_NAME_TAG);
781 
782  /* Fail due to memory reasons */
784  break;
785  }
786 
787  /* Reference newly to be inserted object */
788  ObReferenceObject(InsertObject);
789 
790  /* Get the name information */
791  ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
792 
793  /* Reference the directory */
794  ObReferenceObject(Directory);
795 
796  /* Copy the Name */
797  RtlCopyMemory(NewName,
798  ComponentName.Buffer,
799  ComponentName.Length);
800 
801  /* Check if we had an old name */
802  if (ObjectNameInfo->Name.Buffer)
803  {
804  /* Free it */
805  ExFreePoolWithTag(ObjectNameInfo->Name.Buffer, OB_NAME_TAG);
806  }
807 
808  /* Write new one */
809  ObjectNameInfo->Name.Buffer = NewName;
810  ObjectNameInfo->Name.Length = ComponentName.Length;
811  ObjectNameInfo->Name.MaximumLength = ComponentName.Length;
812 
813  /* Return Status and the Expected Object */
814  Status = STATUS_SUCCESS;
815  Object = InsertObject;
816 
817  /* Get out of here */
818  break;
819  }
820 
821 ReparseObject:
822  /* We found it, so now get its header */
823  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
824 
825  /*
826  * Check for a parse Procedure, but don't bother to parse for an insert
827  * unless it's a Symbolic Link, in which case we MUST parse
828  */
829  ParseRoutine = ObjectHeader->Type->TypeInfo.ParseProcedure;
830  if ((ParseRoutine) &&
831  (!(InsertObject) || (ParseRoutine == ObpParseSymbolicLink)))
832  {
833  /* Use the Root Directory next time */
834  Directory = NULL;
835 
836  /* Increment the pointer count */
837  InterlockedExchangeAdd(&ObjectHeader->PointerCount, 1);
838 
839  /* Cleanup from the first lookup */
840  ObpReleaseLookupContext(LookupContext);
841 
842  /* Check if we have a referenced directory */
843  if (ReferencedDirectory)
844  {
845  /* We do, dereference it */
846  ObDereferenceObject(ReferencedDirectory);
847  ReferencedDirectory = NULL;
848  }
849 
850  /* Check if we have a referenced parent directory */
851  if (ReferencedParentDirectory)
852  {
853  /* We do, dereference it */
854  ObDereferenceObject(ReferencedParentDirectory);
855  ReferencedParentDirectory = NULL;
856  }
857 
858  /* Call the Parse Procedure */
859  ObpCalloutStart(&CalloutIrql);
860  Status = ParseRoutine(Object,
861  ObjectType,
862  AccessState,
863  AccessCheckMode,
864  Attributes,
865  ObjectName,
866  &RemainingName,
867  ParseContext,
868  SecurityQos,
869  &Object);
870  ObpCalloutEnd(CalloutIrql, "Parse", ObjectHeader->Type, Object);
871 
872  /* Remove our extra reference */
873  ObDereferenceObject(&ObjectHeader->Body);
874 
875  /* Check if we have to reparse */
876  if ((Status == STATUS_REPARSE) ||
877  (Status == STATUS_REPARSE_OBJECT))
878  {
879  /* Reparse again */
880  Reparse = TRUE;
881  --MaxReparse;
882  if (MaxReparse == 0)
883  {
884  Object = NULL;
885  break;
886  }
887 
888  /* Start over from root if we got sent back there */
889  if ((Status == STATUS_REPARSE_OBJECT) ||
891  {
892  /* Check if we got a root directory */
893  if (RootHandle)
894  {
895  /* Stop using it, because we have a new directory now */
896  ObDereferenceObject(RootDirectory);
897  RootHandle = NULL;
898  }
899 
900  /* Start at Root */
901  ParentDirectory = NULL;
902  RootDirectory = ObpRootDirectoryObject;
903 
904  /* Check for reparse status */
905  if (Status == STATUS_REPARSE_OBJECT)
906  {
907  /* Don't reparse again */
908  Reparse = FALSE;
909 
910  /* Did we actually get an object to which to reparse? */
911  if (!Object)
912  {
913  /* We didn't, so set a failure status */
915  }
916  else
917  {
918  /* We did, so we're free to parse the new object */
919  goto ReparseObject;
920  }
921  }
922  else
923  {
924  /* This is a symbolic link */
925  SymLink = TRUE;
926  goto ParseFromRoot;
927  }
928  }
929  else if (RootDirectory == ObpRootDirectoryObject)
930  {
931  /* We got STATUS_REPARSE but are at the Root Directory */
932  Object = NULL;
934  Reparse = FALSE;
935  }
936  }
937  else if (!NT_SUCCESS(Status))
938  {
939  /* Total failure */
940  Object = NULL;
941  }
942  else if (!Object)
943  {
944  /* We didn't reparse but we didn't find the Object Either */
946  }
947 
948  /* Break out of the loop */
949  break;
950  }
951  else
952  {
953  /* No parse routine...do we still have a remaining name? */
954  if (!RemainingName.Length)
955  {
956  /* Are we creating an object? */
957  if (!InsertObject)
958  {
959  /* Check if this is a user-mode call that needs to traverse */
960  if ((AccessCheckMode != KernelMode) &&
962  {
963  /* Check if we can get it */
964  if (!ObpCheckTraverseAccess(Directory,
966  AccessState,
967  FALSE,
968  AccessCheckMode,
969  &Status))
970  {
971  /* We don't have access, fail */
972  Object = NULL;
973  break;
974  }
975  }
976 
977  /* Reference the Object */
978  Status = ObReferenceObjectByPointer(Object,
979  0,
980  ObjectType,
981  AccessMode);
982  if (!NT_SUCCESS(Status)) Object = NULL;
983  }
984 
985  /* And get out of the reparse loop */
986  break;
987  }
988  else
989  {
990  /* We still have a name; check if this is a directory object */
991  if (ObjectHeader->Type == ObDirectoryType)
992  {
993  /* Check if we have a referenced parent directory */
994  if (ReferencedParentDirectory)
995  {
996  /* Dereference it */
997  ObDereferenceObject(ReferencedParentDirectory);
998  }
999 
1000  /* Restart the lookup from this directory */
1001  ReferencedParentDirectory = ReferencedDirectory;
1002  ParentDirectory = Directory;
1003  Directory = Object;
1004  ReferencedDirectory = NULL;
1005  }
1006  else
1007  {
1008  /* We still have a name, but no parse routine for it */
1009  Status = STATUS_OBJECT_TYPE_MISMATCH;
1010  Object = NULL;
1011  break;
1012  }
1013  }
1014  }
1015  }
1016  }
1017 
1018  /* Check if we failed */
1019  if (!NT_SUCCESS(Status))
1020  {
1021  /* Cleanup after lookup */