ReactOS  0.4.15-dev-3441-g67ad4e7
ob.h File Reference
#include "ob_x.h"
Include dependency graph for ob.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  _OBP_SET_HANDLE_ATTRIBUTES_CONTEXT
 
struct  _OBP_CLOSE_HANDLE_CONTEXT
 
struct  _OBP_FIND_HANDLE_DATA
 
struct  _SECURITY_DESCRIPTOR_HEADER
 
struct  _OB_SD_CACHE_LIST
 
union  ALIGNEDNAME
 
struct  _OB_TEMP_BUFFER
 

Macros

#define _OB_DEBUG_   0x00
 
#define OB_HANDLE_DEBUG   0x01
 
#define OB_NAMESPACE_DEBUG   0x02
 
#define OB_SECURITY_DEBUG   0x04
 
#define OB_REFERENCE_DEBUG   0x08
 
#define OB_CALLBACK_DEBUG   0x10
 
#define OBTRACE(x, fmt, ...)   DPRINT(fmt, ##__VA_ARGS__)
 
#define GENERIC_ACCESS
 
#define OBJ_PROTECT_CLOSE   0x01
 
#define OBJ_AUDIT_OBJECT_CLOSE   0x04
 
#define OBJ_HANDLE_ATTRIBUTES
 
#define ObpAccessProtectCloseBit   0x02000000L
 
#define KERNEL_HANDLE_FLAG   0x80000000
 
#define ObpIsKernelHandle(Handle, ProcessorMode)
 
#define ObKernelHandleToHandle(Handle)   (HANDLE)((ULONG_PTR)(Handle) & ~KERNEL_HANDLE_FLAG)
 
#define ObMarkHandleAsKernelHandle(Handle)   (HANDLE)((ULONG_PTR)(Handle) | KERNEL_HANDLE_FLAG)
 
#define ObpGetHandleObject(x)   ((POBJECT_HEADER)((ULONG_PTR)x->Object & ~OBJ_HANDLE_ATTRIBUTES))
 
#define ObpGetHeaderForSd(x)   CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, SecurityDescriptor)
 
#define ObpGetHeaderForEntry(x)   CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, Link)
 
#define TAG_OB_TEMP_STORAGE   'tSbO'
 

Typedefs

typedef struct _OBP_SET_HANDLE_ATTRIBUTES_CONTEXT OBP_SET_HANDLE_ATTRIBUTES_CONTEXT
 
typedef struct _OBP_SET_HANDLE_ATTRIBUTES_CONTEXTPOBP_SET_HANDLE_ATTRIBUTES_CONTEXT
 
typedef struct _OBP_CLOSE_HANDLE_CONTEXT OBP_CLOSE_HANDLE_CONTEXT
 
typedef struct _OBP_CLOSE_HANDLE_CONTEXTPOBP_CLOSE_HANDLE_CONTEXT
 
typedef struct _OBP_FIND_HANDLE_DATA OBP_FIND_HANDLE_DATA
 
typedef struct _OBP_FIND_HANDLE_DATAPOBP_FIND_HANDLE_DATA
 
typedef struct _SECURITY_DESCRIPTOR_HEADER SECURITY_DESCRIPTOR_HEADER
 
typedef struct _SECURITY_DESCRIPTOR_HEADERPSECURITY_DESCRIPTOR_HEADER
 
typedef struct _OB_SD_CACHE_LIST OB_SD_CACHE_LIST
 
typedef struct _OB_SD_CACHE_LISTPOB_SD_CACHE_LIST
 
typedef struct _OB_TEMP_BUFFER OB_TEMP_BUFFER
 
typedef struct _OB_TEMP_BUFFERPOB_TEMP_BUFFER
 

Functions

BOOLEAN NTAPI ObInitSystem (VOID)
 
VOID NTAPI ObShutdownSystem (VOID)
 
BOOLEAN NTAPI ObpDeleteEntryDirectory (IN POBP_LOOKUP_CONTEXT Context)
 
BOOLEAN NTAPI ObpInsertEntryDirectory (IN POBJECT_DIRECTORY Parent, IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_HEADER ObjectHeader)
 
PVOID NTAPI ObpLookupEntryDirectory (IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
 
VOID NTAPI ObpDeleteSymbolicLink (IN PVOID ObjectBody)
 
NTSTATUS NTAPI ObpParseSymbolicLink (IN PVOID ParsedObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING FullPath, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *NextObject)
 
VOID NTAPI ObpCreateSymbolicLinkName (IN POBJECT_SYMBOLIC_LINK SymbolicLink)
 
VOID NTAPI ObpDeleteSymbolicLinkName (IN POBJECT_SYMBOLIC_LINK SymbolicLink)
 
NTSTATUS NTAPI ObInitProcess (IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
 
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable (IN PEPROCESS Process)
 
VOID NTAPI ObDereferenceProcessHandleTable (IN PEPROCESS Process)
 
VOID NTAPI ObKillProcess (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObpLookupObjectName (IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
 
BOOLEAN NTAPI ObpSetHandleAttributes (IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
 
NTSTATUS NTAPI ObQueryDeviceMapInformation (_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
 
VOID NTAPI ObpDeleteObject (IN PVOID Object, IN BOOLEAN CalledFromWorkerThread)
 
LONG FASTCALL ObDereferenceObjectEx (IN PVOID Object, IN LONG Count)
 
LONG FASTCALL ObReferenceObjectEx (IN PVOID Object, IN LONG Count)
 
BOOLEAN FASTCALL ObReferenceObjectSafe (IN PVOID Object)
 
VOID NTAPI ObpReapObject (IN PVOID Unused)
 
VOID FASTCALL ObpSetPermanentObject (IN PVOID ObjectBody, IN BOOLEAN Permanent)
 
VOID NTAPI ObpDeleteNameCheck (IN PVOID Object)
 
VOID NTAPI ObClearProcessHandleTable (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObDuplicateObject (IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
 
VOID NTAPI ObFreeObjectCreateInfoBuffer (IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
 
VOID NTAPI ObpFreeObjectNameBuffer (IN PUNICODE_STRING Name)
 
VOID NTAPI ObpDeleteObjectType (IN PVOID Object)
 
NTSTATUS NTAPI ObReferenceFileObjectForWrite (IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, OUT PFILE_OBJECT *FileObject, OUT POBJECT_HANDLE_INFORMATION HandleInformation)
 
NTSTATUS NTAPI ObSetDeviceMap (IN PEPROCESS Process, IN HANDLE DirectoryHandle)
 
NTSTATUS NTAPI ObSetDirectoryDeviceMap (OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
 
VOID NTAPI ObDereferenceDeviceMap (IN PEPROCESS Process)
 
VOID FASTCALL ObfDereferenceDeviceMap (IN PDEVICE_MAP DeviceMap)
 
VOID NTAPI ObInheritDeviceMap (IN PEPROCESS Parent, IN PEPROCESS Process)
 
NTSTATUS NTAPI ObpCreateDosDevicesDirectory (VOID)
 
ULONG NTAPI ObIsLUIDDeviceMapsEnabled (VOID)
 
PDEVICE_MAP NTAPI ObpReferenceDeviceMap (VOID)
 
NTSTATUS NTAPI ObpInitSdCache (VOID)
 
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor (IN POBJECT_HEADER ObjectHeader)
 
BOOLEAN NTAPI ObCheckObjectAccess (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
 
BOOLEAN NTAPI ObCheckCreateObjectAccess (IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckTraverseAccess (IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckObjectReference (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor (IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
 
NTSTATUS NTAPI ObDeassignSecurity (IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
 
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
 
NTSTATUS NTAPI ObSetSecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
 
VOID FASTCALL ObInitializeFastReference (IN PEX_FAST_REF FastRef, IN PVOID Object)
 
PVOID FASTCALL ObFastReplaceObject (IN PEX_FAST_REF FastRef, IN PVOID Object)
 
PVOID FASTCALL ObFastReferenceObject (IN PEX_FAST_REF FastRef)
 
PVOID FASTCALL ObFastReferenceObjectLocked (IN PEX_FAST_REF FastRef)
 
VOID FASTCALL ObFastDereferenceObject (IN PEX_FAST_REF FastRef, IN PVOID Object)
 
NTSTATUS NTAPI ObpCaptureObjectName (IN PUNICODE_STRING CapturedName, IN PUNICODE_STRING ObjectName, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN AllocateFromLookaside)
 
NTSTATUS NTAPI ObpCaptureObjectCreateInformation (IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
 
ULONG NTAPI ObGetProcessHandleCount (IN PEPROCESS Process)
 

Variables

ULONG ObpTraceLevel
 
KEVENT ObpDefaultObject
 
KGUARDED_MUTEX ObpDeviceMapLock
 
POBJECT_TYPE ObpTypeObjectType
 
POBJECT_TYPE ObpDirectoryObjectType
 
POBJECT_TYPE ObpSymbolicLinkObjectType
 
POBJECT_DIRECTORY ObpRootDirectoryObject
 
POBJECT_DIRECTORY ObpTypeDirectoryObject
 
PHANDLE_TABLE ObpKernelHandleTable
 
WORK_QUEUE_ITEM ObpReaperWorkItem
 
volatile PVOID ObpReaperList
 
GENERAL_LOOKASIDE ObpNameBufferLookasideList
 
GENERAL_LOOKASIDE ObpCreateInfoLookasideList
 
BOOLEAN IoCountOperations
 
ALIGNEDNAME ObpDosDevicesShortNamePrefix
 
ALIGNEDNAME ObpDosDevicesShortNameRoot
 
UNICODE_STRING ObpDosDevicesShortName
 
WCHAR ObpUnsecureGlobalNamesBuffer [128]
 
ULONG ObpUnsecureGlobalNamesLength
 
ULONG ObpObjectSecurityMode
 
ULONG ObpProtectionMode
 
ULONG ObpLUIDDeviceMapsDisabled
 
ULONG ObpLUIDDeviceMapsEnabled
 

Macro Definition Documentation

◆ _OB_DEBUG_

#define _OB_DEBUG_   0x00

Definition at line 12 of file ob.h.

◆ GENERIC_ACCESS

#define GENERIC_ACCESS
Value:
GENERIC_WRITE | \
GENERIC_EXECUTE | \
GENERIC_ALL)
#define GENERIC_READ
Definition: compat.h:135

Definition at line 40 of file ob.h.

◆ KERNEL_HANDLE_FLAG

#define KERNEL_HANDLE_FLAG   0x80000000

Definition at line 67 of file ob.h.

◆ OB_CALLBACK_DEBUG

#define OB_CALLBACK_DEBUG   0x10

Definition at line 21 of file ob.h.

◆ OB_HANDLE_DEBUG

#define OB_HANDLE_DEBUG   0x01

Definition at line 17 of file ob.h.

◆ OB_NAMESPACE_DEBUG

#define OB_NAMESPACE_DEBUG   0x02

Definition at line 18 of file ob.h.

◆ OB_REFERENCE_DEBUG

#define OB_REFERENCE_DEBUG   0x08

Definition at line 20 of file ob.h.

◆ OB_SECURITY_DEBUG

#define OB_SECURITY_DEBUG   0x04

Definition at line 19 of file ob.h.

◆ OBJ_AUDIT_OBJECT_CLOSE

#define OBJ_AUDIT_OBJECT_CLOSE   0x04

Definition at line 51 of file ob.h.

◆ OBJ_HANDLE_ATTRIBUTES

#define OBJ_HANDLE_ATTRIBUTES
Value:
OBJ_INHERIT | \
OBJ_AUDIT_OBJECT_CLOSE)
#define OBJ_PROTECT_CLOSE
Definition: ob.h:49

Definition at line 52 of file ob.h.

◆ OBJ_PROTECT_CLOSE

#define OBJ_PROTECT_CLOSE   0x01

Definition at line 49 of file ob.h.

◆ ObKernelHandleToHandle

#define ObKernelHandleToHandle (   Handle)    (HANDLE)((ULONG_PTR)(Handle) & ~KERNEL_HANDLE_FLAG)

Definition at line 78 of file ob.h.

◆ ObMarkHandleAsKernelHandle

#define ObMarkHandleAsKernelHandle (   Handle)    (HANDLE)((ULONG_PTR)(Handle) | KERNEL_HANDLE_FLAG)

Definition at line 80 of file ob.h.

◆ ObpAccessProtectCloseBit

#define ObpAccessProtectCloseBit   0x02000000L

Definition at line 59 of file ob.h.

◆ ObpGetHandleObject

#define ObpGetHandleObject (   x)    ((POBJECT_HEADER)((ULONG_PTR)x->Object & ~OBJ_HANDLE_ATTRIBUTES))

Definition at line 86 of file ob.h.

◆ ObpGetHeaderForEntry

#define ObpGetHeaderForEntry (   x)    CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, Link)

Definition at line 98 of file ob.h.

◆ ObpGetHeaderForSd

Definition at line 92 of file ob.h.

◆ ObpIsKernelHandle

#define ObpIsKernelHandle (   Handle,
  ProcessorMode 
)
Value:
((ProcessorMode) == KernelMode) && \
((Handle) != NtCurrentProcess()) && \
#define NtCurrentThread()
#define NtCurrentProcess()
Definition: nt_native.h:1657
_In_ HANDLE Handle
Definition: extypes.h:390
#define ULONG_PTR
Definition: config.h:101
#define KERNEL_HANDLE_FLAG
Definition: ob.h:67

Definition at line 69 of file ob.h.

◆ OBTRACE

#define OBTRACE (   x,
  fmt,
  ... 
)    DPRINT(fmt, ##__VA_ARGS__)

Definition at line 34 of file ob.h.

◆ TAG_OB_TEMP_STORAGE

#define TAG_OB_TEMP_STORAGE   'tSbO'

Definition at line 155 of file ob.h.

Typedef Documentation

◆ OB_SD_CACHE_LIST

◆ OB_TEMP_BUFFER

◆ OBP_CLOSE_HANDLE_CONTEXT

◆ OBP_FIND_HANDLE_DATA

◆ OBP_SET_HANDLE_ATTRIBUTES_CONTEXT

◆ POB_SD_CACHE_LIST

◆ POB_TEMP_BUFFER

◆ POBP_CLOSE_HANDLE_CONTEXT

◆ POBP_FIND_HANDLE_DATA

◆ POBP_SET_HANDLE_ATTRIBUTES_CONTEXT

◆ PSECURITY_DESCRIPTOR_HEADER

◆ SECURITY_DESCRIPTOR_HEADER

Function Documentation

◆ ObAssignObjectSecurityDescriptor()

NTSTATUS NTAPI ObAssignObjectSecurityDescriptor ( IN PVOID  Object,
IN PSECURITY_DESCRIPTOR SecurityDescriptor  OPTIONAL,
IN POOL_TYPE  PoolType 
)

Definition at line 20 of file obsecure.c.

23 {
24  POBJECT_HEADER ObjectHeader;
27  PEX_FAST_REF FastRef;
28  PAGED_CODE();
29 
30  /* Get the object header */
31  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
32  FastRef = (PEX_FAST_REF)&ObjectHeader->SecurityDescriptor;
34  {
35  /* Nothing to assign */
37  return STATUS_SUCCESS;
38  }
39 
40  /* Add it to our internal cache */
42  &NewSd,
43  MAX_FAST_REFS + 1);
44  if (NT_SUCCESS(Status))
45  {
46  /* Free the old copy */
48 
49  /* Set the new pointer */
50  ASSERT(NewSd);
51  ExInitializeFastReference(FastRef, NewSd);
52  }
53 
54  /* Return status */
55  return Status;
56 }
FORCEINLINE VOID ExInitializeFastReference(OUT PEX_FAST_REF FastRef, IN OPTIONAL PVOID Object)
Definition: ex.h:594
struct _EX_FAST_REF * PEX_FAST_REF
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
if(dx==0 &&dy==0)
Definition: linetemp.h:174
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define TAG_SD
Definition: tag.h:176
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN ULONG RefBias)
Definition: obsdcach.c:364
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
#define NULL
Definition: types.h:112
#define MAX_FAST_REFS
Definition: ex.h:131
#define STATUS_SUCCESS
Definition: shellext.h:65
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:503
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObCheckCreateObjectAccess()

BOOLEAN NTAPI ObCheckCreateObjectAccess ( IN PVOID  Object,
IN ACCESS_MASK  CreateAccess,
IN PACCESS_STATE  AccessState,
IN PUNICODE_STRING  ComponentName,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 203 of file obsecure.c.

210 {
211  POBJECT_HEADER ObjectHeader;
214  BOOLEAN SdAllocated;
215  BOOLEAN Result = TRUE;
219  PAGED_CODE();
220 
221  /* Get the header and type */
222  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
223  ObjectType = ObjectHeader->Type;
224 
225  /* Get the security descriptor */
227  if (!NT_SUCCESS(Status))
228  {
229  /* We failed */
230  *AccessStatus = Status;
231  return FALSE;
232  }
233 
234  /* Lock the security context */
235  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
236 
237  /* Check if we have an SD */
238  if (SecurityDescriptor)
239  {
240  /* Now do the entire access check */
242  &AccessState->SubjectSecurityContext,
243  TRUE,
244  CreateAccess,
245  0,
246  &Privileges,
247  &ObjectType->TypeInfo.GenericMapping,
248  AccessMode,
249  &GrantedAccess,
250  AccessStatus);
251  if (Privileges)
252  {
253  /* We got privileges, append them to the access state and free them */
256  }
257  }
258 
259  /* We're done, unlock the context and release security */
260  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
262  return Result;
263 }
ObjectType
Definition: metafile.c:80
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:456
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:487
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:459
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
Definition: priv.c:669
#define NULL
Definition: types.h:112
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
NTSTATUS NTAPI SeAppendPrivileges(_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
Appends additional privileges.
Definition: priv.c:588
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define PAGED_CODE()

Referenced by ObpLookupObjectName().

◆ ObCheckObjectAccess()

BOOLEAN NTAPI ObCheckObjectAccess ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  ReturnedStatus 
)

Definition at line 441 of file obsecure.c.

446 {
447  POBJECT_HEADER ObjectHeader;
450  BOOLEAN SdAllocated;
452  BOOLEAN Result;
455  PAGED_CODE();
456 
457  /* Get the object header and type */
458  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
459  ObjectType = ObjectHeader->Type;
460 
461  /* Get security information */
463  if (!NT_SUCCESS(Status))
464  {
465  /* Return failure */
466  *ReturnedStatus = Status;
467  return FALSE;
468  }
469  else if (!SecurityDescriptor)
470  {
471  /* Otherwise, if we don't actually have an SD, return success */
472  *ReturnedStatus = Status;
473  return TRUE;
474  }
475 
476  /* Lock the security context */
477  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
478 
479  /* Now do the entire access check */
481  &AccessState->SubjectSecurityContext,
482  TRUE,
483  AccessState->RemainingDesiredAccess,
484  AccessState->PreviouslyGrantedAccess,
485  &Privileges,
486  &ObjectType->TypeInfo.GenericMapping,
487  AccessMode,
488  &GrantedAccess,
489  ReturnedStatus);
490  if (Privileges)
491  {
492  /* We got privileges, append them to the access state and free them */
495  }
496 
497  /* Check if access was granted */
498  if (Result)
499  {
500  /* Update the access state */
501  AccessState->RemainingDesiredAccess &= ~(GrantedAccess |
503  AccessState->PreviouslyGrantedAccess |= GrantedAccess;
504  }
505 
506  /* Do audit alarm */
508  Object,
509  NULL,
511  AccessState,
512  FALSE,
513  Result,
514  AccessMode,
515  &AccessState->GenerateOnClose);
516 
517  /* We're done, unlock the context and release security */
518  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
520  return Result;
521 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
ObjectType
Definition: metafile.c:80
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:456
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:487
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
VOID NTAPI SeOpenObjectAuditAlarm(_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
Creates an audit with alarm notification of an object that is being opened.
Definition: audit.c:1314
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:459
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
Definition: priv.c:669
#define NULL
Definition: types.h:112
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
NTSTATUS NTAPI SeAppendPrivileges(_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
Appends additional privileges.
Definition: priv.c:588
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define PAGED_CODE()

Referenced by CmpDoOpen(), and ObpIncrementHandleCount().

◆ ObClearProcessHandleTable()

VOID NTAPI ObClearProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 2023 of file obhandle.c.

2024 {
2028  BOOLEAN AttachedToProcess = FALSE;
2029 
2030  ASSERT(Process);
2031 
2032  /* Ensure the handle table doesn't go away while we use it */
2034  if (!HandleTable) return;
2035 
2036  /* Attach to the current process if needed */
2037  if (PsGetCurrentProcess() != Process)
2038  {
2040  AttachedToProcess = TRUE;
2041  }
2042 
2043  /* Enter a critical region */
2045 
2046  /* Fill out the context */
2047  Context.AccessMode = UserMode;
2048  Context.HandleTable = HandleTable;
2049 
2050  /* Sweep the handle table to close all handles */
2053  &Context);
2054 
2055  /* Leave the critical region */
2057 
2058  /* Detach if needed */
2059  if (AttachedToProcess)
2061 
2062  /* Let the handle table go */
2064 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:28
KAPC_STATE
Definition: ketypes.h:1280
#define TRUE
Definition: types.h:120
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
#define FALSE
Definition: types.h:117
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
#define PsGetCurrentProcess
Definition: psfuncs.h:17
unsigned char BOOLEAN
#define ASSERT(a)
Definition: mode.c:44
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1680
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1196
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
struct tagContext Context
Definition: acpixf.h:1034
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1920
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:50

Referenced by NtTerminateProcess(), and PspTerminateProcess().

◆ ObDeassignSecurity()

NTSTATUS NTAPI ObDeassignSecurity ( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)

Definition at line 60 of file obsecure.c.

61 {
62  EX_FAST_REF FastRef;
63  ULONG Count;
64  PSECURITY_DESCRIPTOR OldSecurityDescriptor;
65 
66  /* Get the fast reference and capture it */
67  FastRef = *(PEX_FAST_REF)SecurityDescriptor;
68 
69  /* Don't free again later */
71 
72  /* Get the descriptor and reference count */
73  OldSecurityDescriptor = ExGetObjectFastReference(FastRef);
74  Count = ExGetCountFastReference(FastRef);
75 
76  /* Dereference the descriptor */
77  ObDereferenceSecurityDescriptor(OldSecurityDescriptor, Count + 1);
78 
79  /* All done */
80  return STATUS_SUCCESS;
81 }
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:578
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
Definition: obsdcach.c:287
struct _EX_FAST_REF * PEX_FAST_REF
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
int Count
Definition: noreturn.cpp:7
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:586
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObDereferenceDeviceMap()

VOID NTAPI ObDereferenceDeviceMap ( IN PEPROCESS  Process)

Definition at line 456 of file devicemap.c.

457 {
458  PDEVICE_MAP DeviceMap;
459 
460  DPRINT("ObDereferenceDeviceMap()\n");
461 
462  /* Get the pointer to this process devicemap and reset it
463  holding the device map lock */
465  DeviceMap = Process->DeviceMap;
466  Process->DeviceMap = NULL;
468 
469  /* Continue only if there is a device map */
470  if (DeviceMap != NULL)
471  ObfDereferenceDeviceMap(DeviceMap);
472 }
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
#define NULL
Definition: types.h:112
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define DPRINT
Definition: sndvol32.h:71
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24

Referenced by PspDeleteProcess(), and PspSetPrimaryToken().

◆ ObDereferenceObjectEx()

LONG FASTCALL ObDereferenceObjectEx ( IN PVOID  Object,
IN LONG  Count 
)

Definition at line 88 of file obref.c.

90 {
92  LONG_PTR NewCount;
93 
94  /* Extract the object header */
96 
97  /* Check whether the object can now be deleted. */
98  NewCount = InterlockedExchangeAddSizeT(&Header->PointerCount, -Count) - Count;
99  if (!NewCount) ObpDeferObjectDeletion(Header);
100 
101  /* Return the current count */
102  return NewCount;
103 }
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
VOID NTAPI ObpDeferObjectDeletion(IN POBJECT_HEADER Header)
Definition: obref.c:53
Definition: Header.h:8
int Count
Definition: noreturn.cpp:7
#define InterlockedExchangeAddSizeT(a, b)
Definition: interlocked.h:196
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
__int3264 LONG_PTR
Definition: mstsclib_h.h:276

Referenced by ExpTimerApcKernelRoutine(), ExTimerRundown(), NtCancelTimer(), NtSetTimer(), ObFastReferenceObject(), ObFastReplaceObject(), and PspCreateThread().

◆ ObDereferenceProcessHandleTable()

VOID NTAPI ObDereferenceProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 50 of file obhandle.c.

51 {
52  /* Release the process lock */
53  ExReleaseRundownProtection(&Process->RundownProtect);
54 }
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219

Referenced by ObClearProcessHandleTable(), ObDuplicateObject(), ObFindHandleForObject(), ObGetProcessHandleCount(), and ObInitProcess().

◆ ObDuplicateObject()

NTSTATUS NTAPI ObDuplicateObject ( IN PEPROCESS  SourceProcess,
IN HANDLE  SourceHandle,
IN PEPROCESS TargetProcess  OPTIONAL,
IN PHANDLE TargetHandle  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
IN ULONG  Options,
IN KPROCESSOR_MODE  PreviousMode 
)

Definition at line 2200 of file obhandle.c.

2208 {
2209  HANDLE_TABLE_ENTRY NewHandleEntry;
2210  BOOLEAN AttachedToProcess = FALSE;
2211  PVOID SourceObject;
2212  POBJECT_HEADER ObjectHeader;
2214  HANDLE NewHandle;
2216  NTSTATUS Status;
2217  ACCESS_MASK TargetAccess, SourceAccess;
2220  AUX_ACCESS_DATA AuxData;
2223  ULONG AuditMask;
2225 
2226  PAGED_CODE();
2228  "%s - Duplicating handle: %p for %p into %p\n",
2229  __FUNCTION__,
2230  SourceHandle,
2231  SourceProcess,
2232  TargetProcess);
2233 
2234  /* Assume failure */
2235  if (TargetHandle) *TargetHandle = NULL;
2236 
2237  /* Check if we're not duplicating the same access */
2238  if (!(Options & DUPLICATE_SAME_ACCESS))
2239  {
2240  /* Validate the desired access */
2241  Status = STATUS_SUCCESS; //ObpValidateDesiredAccess(DesiredAccess);
2242  if (!NT_SUCCESS(Status)) return Status;
2243  }
2244 
2245  /* Reference the object table */
2246  HandleTable = ObReferenceProcessHandleTable(SourceProcess);
2248 
2249  /* Reference the process object */
2251  SourceProcess,
2252  HandleTable,
2253  PreviousMode,
2254  &SourceObject,
2256  &AuditMask);
2257  if (!NT_SUCCESS(Status))
2258  {
2259  /* Fail */
2260  ObDereferenceProcessHandleTable(SourceProcess);
2261  return Status;
2262  }
2263  else
2264  {
2265  /* Check if we have to don't have to audit object close */
2266  if (!(HandleInformation.HandleAttributes & OBJ_AUDIT_OBJECT_CLOSE))
2267  {
2268  /* Then there is no audit mask */
2269  AuditMask = 0;
2270  }
2271  }
2272 
2273  /* Check if there's no target process */
2274  if (!TargetProcess)
2275  {
2276  /* Check if the caller wanted actual duplication */
2278  {
2279  /* Invalid request */
2281  }
2282  else
2283  {
2284  /* Otherwise, do the attach */
2285  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2286 
2287  /* Close the handle and detach */
2290  }
2291 
2292  /* Return */
2293  ObDereferenceProcessHandleTable(SourceProcess);
2294  ObDereferenceObject(SourceObject);
2295  return Status;
2296  }
2297 
2298  /* Create a kernel handle if asked, but only in the system process */
2299  if (PreviousMode == KernelMode &&
2301  TargetProcess == PsInitialSystemProcess)
2302  {
2303  KernelHandle = TRUE;
2304  }
2305 
2306  /* Get the target handle table */
2307  HandleTable = ObReferenceProcessHandleTable(TargetProcess);
2308  if (!HandleTable)
2309  {
2310  /* Check if the caller wanted us to close the handle */
2312  {
2313  /* Do the attach */
2314  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2315 
2316  /* Close the handle and detach */
2319  }
2320 
2321  /* Return */
2322  ObDereferenceProcessHandleTable(SourceProcess);
2323  ObDereferenceObject(SourceObject);
2325  }
2326 
2327  /* Get the source access */
2328  SourceAccess = HandleInformation.GrantedAccess;
2329 
2330  /* Check if we're not in the target process */
2331  if (TargetProcess != PsGetCurrentProcess())
2332  {
2333  /* Attach to it */
2334  KeStackAttachProcess(&TargetProcess->Pcb, &ApcState);
2335  AttachedToProcess = TRUE;
2336  }
2337 
2338  /* Check if we're duplicating the attributes */
2340  {
2341  /* Duplicate them */
2342  HandleAttributes = HandleInformation.HandleAttributes;
2343  }
2344  else
2345  {
2346  /* Don't allow caller to bypass auditing */
2347  HandleAttributes |= HandleInformation.HandleAttributes &
2349  }
2350 
2351  /* Check if we're duplicating the access */
2352  if (Options & DUPLICATE_SAME_ACCESS) DesiredAccess = SourceAccess;
2353 
2354  /* Get object data */
2355  ObjectHeader = OBJECT_TO_OBJECT_HEADER(SourceObject);
2356  ObjectType = ObjectHeader->Type;
2357 
2358  /* Fill out the entry */
2359  RtlZeroMemory(&NewHandleEntry, sizeof(HANDLE_TABLE_ENTRY));
2360  NewHandleEntry.Object = ObjectHeader;
2361  NewHandleEntry.ObAttributes |= (HandleAttributes & OBJ_HANDLE_ATTRIBUTES);
2362 
2363  /* Check if we're using a generic mask */
2365  {
2366  /* Map it */
2368  &ObjectType->TypeInfo.GenericMapping);
2369  }
2370 
2371  /* Set the target access, always propagate ACCESS_SYSTEM_SECURITY */
2372  TargetAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
2374  NewHandleEntry.GrantedAccess = TargetAccess;
2375 
2376  /* Check if we're asking for new access */
2377  if (TargetAccess & ~SourceAccess)
2378  {
2379  /* We are. We need the security procedure to validate this */
2380  if (ObjectType->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
2381  {
2382  /* Use our built-in access state */
2385  &AuxData,
2386  TargetAccess,
2387  &ObjectType->TypeInfo.GenericMapping);
2388  }
2389  else
2390  {
2391  /* Otherwise we can't allow this privilege elevation */
2393  }
2394  }
2395  else
2396  {
2397  /* We don't need an access state */
2399  }
2400 
2401  /* Make sure the access state was created OK */
2402  if (NT_SUCCESS(Status))
2403  {
2404  /* Add a new handle */
2405  Status = ObpIncrementHandleCount(SourceObject,
2407  PreviousMode,
2411  }
2412 
2413  /* Check if we were attached */
2414  if (AttachedToProcess)
2415  {
2416  /* We can safely detach now */
2418  AttachedToProcess = FALSE;
2419  }
2420 
2421  /* Check if we have to close the source handle */
2423  {
2424  /* Attach and close */
2425  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2428  }
2429 
2430  /* Check if we had an access state */
2432 
2433  /* Now check if incrementing actually failed */
2434  if (!NT_SUCCESS(Status))
2435  {
2436  /* Dereference handle tables */
2437  ObDereferenceProcessHandleTable(SourceProcess);
2438  ObDereferenceProcessHandleTable(TargetProcess);
2439 
2440  /* Dereference the source object */
2441  ObDereferenceObject(SourceObject);
2442  return Status;
2443  }
2444 
2445  if (NewHandleEntry.ObAttributes & OBJ_PROTECT_CLOSE)
2446  {
2447  NewHandleEntry.ObAttributes &= ~OBJ_PROTECT_CLOSE;
2448  NewHandleEntry.GrantedAccess |= ObpAccessProtectCloseBit;
2449  }
2450 
2451  /* Now create the handle */
2452  NewHandle = ExCreateHandle(HandleTable, &NewHandleEntry);
2453  if (!NewHandle)
2454  {
2455  /* Undo the increment */
2456  ObpDecrementHandleCount(SourceObject,
2457  TargetProcess,
2458  TargetAccess,
2459  ObjectType);
2460 
2461  /* Deference the object and set failure status */
2462  ObDereferenceObject(SourceObject);
2464  }
2465 
2466  /* Mark it as a kernel handle if requested */
2467  if (KernelHandle)
2468  {
2469  NewHandle = ObMarkHandleAsKernelHandle(NewHandle);
2470  }
2471 
2472  /* Return the handle */
2473  if (TargetHandle) *TargetHandle = NewHandle;
2474 
2475  /* Dereference handle tables */
2476  ObDereferenceProcessHandleTable(SourceProcess);
2477  ObDereferenceProcessHandleTable(TargetProcess);
2478 
2479  /* Return status */
2481  "%s - Duplicated handle: %p for %p into %p. Source: %p HC PC %lx %lx\n",
2482  __FUNCTION__,
2483  NewHandle,
2484  SourceProcess,
2485  TargetProcess,
2486  SourceObject,
2487  ObjectHeader->PointerCount,
2488  ObjectHeader->HandleCount);
2489  return Status;
2490 }
ObjectType
Definition: metafile.c:80
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define DUPLICATE_CLOSE_SOURCE
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:28
KAPC_STATE
Definition: ketypes.h:1280
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LONG_PTR HandleCount
Definition: obtypes.h:490
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
HANDLE KernelHandle
Definition: legacy.c:24
ULONG_PTR ObAttributes
Definition: extypes.h:600
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
#define GENERIC_ACCESS
Definition: wlx.c:26
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
_In_ HANDLE SourceHandle
Definition: obfuncs.h:429
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:668
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
NTSTATUS NTAPI SeCreateAccessState(_Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
Creates an access state.
Definition: access.c:639
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:791
#define OBJ_PROTECT_CLOSE
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
#define DUPLICATE_SAME_ACCESS
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:807
unsigned char BOOLEAN
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:526
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_In_ PWDFDEVICE_INIT _In_ PWDF_REMOVE_LOCK_OPTIONS Options
Definition: wdfdevice.h:3531
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:80
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:502
ULONG GrantedAccess
Definition: extypes.h:606
#define ObDereferenceObject
Definition: obfuncs.h:203
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:139
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle(IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
Definition: obhandle.c:87
#define OB_HANDLE_DEBUG
Definition: ob.h:17
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1680
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
LONG_PTR PointerCount
Definition: obtypes.h:487
#define NULL
Definition: types.h:112
#define ObpAccessProtectCloseBit
Definition: ob.h:59
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
PVOID Object
Definition: extypes.h:599
#define STATUS_SUCCESS
Definition: shellext.h:65
POBJECT_TYPE Type
Definition: obtypes.h:493
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:50
#define __FUNCTION__
Definition: types.h:112
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
Definition: obfuncs.h:429
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
#define PAGED_CODE()

Referenced by DbgkpOpenHandles(), and NtDuplicateObject().

◆ ObFastDereferenceObject()

VOID FASTCALL ObFastDereferenceObject ( IN PEX_FAST_REF  FastRef,
IN PVOID  Object 
)

Definition at line 167 of file obref.c.

169 {
170  /* Release a fast reference. If this failed, use the slow path */
172 }
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:373
FORCEINLINE BOOLEAN ExReleaseFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: ex.h:683
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object

Referenced by NtOpenThreadTokenEx(), PsImpersonateClient(), PspCreateProcess(), PspCreateThread(), PspExitThread(), PspInitializeProcessSecurity(), PspSetPrimaryToken(), SeIsTokenChild(), SeIsTokenSibling(), SepImpersonateAnonymousToken(), and SeReleaseSubjectContext().

◆ ObFastReferenceObject()

PVOID FASTCALL ObFastReferenceObject ( IN PEX_FAST_REF  FastRef)

Definition at line 132 of file obref.c.

133 {
134  EX_FAST_REF OldValue;
136  PVOID Object;
137 
138  /* Reference the object and get it pointer */
139  OldValue = ExAcquireFastReference(FastRef);
140  Object = ExGetObjectFastReference(OldValue);
141 
142  /* Check how many references are left */
143  Count = ExGetCountFastReference(OldValue);
144 
145  /* Check if the reference count is over 1 */
146  if (Count > 1) return Object;
147 
148  /* Check if the reference count has reached 0 */
149  if (!Count) return NULL;
150 
151  /* Otherwise, reference the object 7 times */
153 
154  /* Now update the reference count */
155  if (!ExInsertFastReference(FastRef, Object))
156  {
157  /* We failed: completely dereference the object */
159  }
160 
161  /* Return the Object */
162  return Object;
163 }
LONG FASTCALL ObReferenceObjectEx(IN PVOID Object, IN LONG Count)
Definition: obref.c:77
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:578
FORCEINLINE BOOLEAN ExInsertFastReference(IN OUT PEX_FAST_REF FastRef, IN PVOID Object)
Definition: ex.h:644
uint32_t ULONG_PTR
Definition: typedefs.h:65
FORCEINLINE EX_FAST_REF ExAcquireFastReference(IN OUT PEX_FAST_REF FastRef)
Definition: ex.h:615
LONG FASTCALL ObDereferenceObjectEx(IN PVOID Object, IN LONG Count)
Definition: obref.c:88
int Count
Definition: noreturn.cpp:7
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:586
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
#define NULL
Definition: types.h:112
#define MAX_FAST_REFS
Definition: ex.h:131

Referenced by PsReferenceEffectiveToken(), and PsReferencePrimaryToken().

◆ ObFastReferenceObjectLocked()

PVOID FASTCALL ObFastReferenceObjectLocked ( IN PEX_FAST_REF  FastRef)

Definition at line 119 of file obref.c.

120 {
121  PVOID Object;
122  EX_FAST_REF OldValue = *FastRef;
123 
124  /* Get the object and reference it slowly */
125  Object = ExGetObjectFastReference(OldValue);
127  return Object;
128 }
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:578
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
#define ObReferenceObject
Definition: obfuncs.h:204

Referenced by PsReferenceEffectiveToken(), and PsReferencePrimaryToken().

◆ ObFastReplaceObject()

PVOID FASTCALL ObFastReplaceObject ( IN PEX_FAST_REF  FastRef,
IN PVOID  Object 
)

◆ ObfDereferenceDeviceMap()

VOID FASTCALL ObfDereferenceDeviceMap ( IN PDEVICE_MAP  DeviceMap)

Definition at line 477 of file devicemap.c.

478 {
479  DPRINT("ObfDereferenceDeviceMap()\n");
480 
481  /* Acquire the device map lock */
483 
484  /* Decrement the reference counter */
485  DeviceMap->ReferenceCount--;
486  DPRINT("ReferenceCount: %lu\n", DeviceMap->ReferenceCount);
487 
488  /* Leave, if there are still references to this device map */
489  if (DeviceMap->ReferenceCount != 0)
490  {
491  /* Release the device map lock and leave */
493  return;
494  }
495 
496  /* Nobody is referencing it anymore, unlink the DOS directory */
497  DeviceMap->DosDevicesDirectory->DeviceMap = NULL;
498 
499  /* Release the devicemap lock */
501 
502  /* Dereference the DOS Devices Directory and free the Device Map */
503  ObMakeTemporaryObject(DeviceMap->DosDevicesDirectory);
504  ObDereferenceObject(DeviceMap->DosDevicesDirectory);
505  ExFreePoolWithTag(DeviceMap, 'mDbO');
506 }
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define ObDereferenceObject
Definition: obfuncs.h:203
#define NULL
Definition: types.h:112
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define DPRINT
Definition: sndvol32.h:71
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
VOID NTAPI ObMakeTemporaryObject(IN PVOID ObjectBody)
Definition: oblife.c:1361

Referenced by ObDereferenceDeviceMap(), ObpLookupObjectName(), ObpSetCurrentProcessDeviceMap(), ObQueryDeviceMapInformation(), ObSetDeviceMap(), SeGetLogonIdDeviceMap(), SepRmDeleteLogonSession(), and SepRmDereferenceLogonSession().

◆ ObFreeObjectCreateInfoBuffer()

VOID NTAPI ObFreeObjectCreateInfoBuffer ( IN POBJECT_CREATE_INFORMATION  ObjectCreateInfo)

Definition at line 604 of file oblife.c.

605 {
606  /* Call the macro. We use this function to isolate Ob internals from Io */
608 }
FORCEINLINE VOID ObpFreeCapturedAttributes(IN PVOID Buffer, IN PP_NPAGED_LOOKASIDE_NUMBER Type)
Definition: ob_x.h:416

Referenced by IoCreateStreamFileObjectLite().

◆ ObGetProcessHandleCount()

ULONG NTAPI ObGetProcessHandleCount ( IN PEPROCESS  Process)

Definition at line 58 of file obhandle.c.

59 {
60  ULONG HandleCount;
62 
63  ASSERT(Process);
64 
65  /* Ensure the handle table doesn't go away while we use it */
67 
68  if (HandleTable != NULL)
69  {
70  /* Count the number of handles the process has */
71  HandleCount = HandleTable->HandleCount;
72 
73  /* Let the handle table go */
75  }
76  else
77  {
78  /* No handle table, no handles */
79  HandleCount = 0;
80  }
81 
82  return HandleCount;
83 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:28
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
#define ASSERT(a)
Definition: mode.c:44
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
unsigned int ULONG
Definition: retypes.h:1
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:50

Referenced by NtQueryInformationProcess(), and QSI_DEF().

◆ ObInheritDeviceMap()

VOID NTAPI ObInheritDeviceMap ( IN PEPROCESS  Parent,
IN PEPROCESS  Process 
)

Definition at line 511 of file devicemap.c.

513 {
514  PDEVICE_MAP DeviceMap;
515 
516  DPRINT("ObInheritDeviceMap()\n");
517 
518  /* Acquire the device map lock */
520 
521  /* Get the parent process device map or the system device map */
522  DeviceMap = (Parent != NULL) ? Parent->DeviceMap : ObSystemDeviceMap;
523  if (DeviceMap != NULL)
524  {
525  /* Reference the device map and attach it to the new process */
526  DeviceMap->ReferenceCount++;
527  DPRINT("ReferenceCount: %lu\n", DeviceMap->ReferenceCount);
528 
529  Process->DeviceMap = DeviceMap;
530  }
531 
532  /* Release the device map lock */
534 }
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:728
if(dx==0 &&dy==0)
Definition: linetemp.h:174
PDEVICE_MAP ObSystemDeviceMap
Definition: obinit.c:46
ULONG ReferenceCount
Definition: obtypes.h:527
#define NULL
Definition: types.h:112
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define DPRINT
Definition: sndvol32.h:71
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24

Referenced by PspCreateProcess().

◆ ObInitializeFastReference()

VOID FASTCALL ObInitializeFastReference ( IN PEX_FAST_REF  FastRef,
IN PVOID  Object 
)

Definition at line 107 of file obref.c.

109 {
110  /* Check if we were given an object and reference it 7 times */
112 
113  /* Setup the fast reference */
115 }
LONG FASTCALL ObReferenceObjectEx(IN PVOID Object, IN LONG Count)
Definition: obref.c:77
FORCEINLINE VOID ExInitializeFastReference(OUT PEX_FAST_REF FastRef, IN OPTIONAL PVOID Object)
Definition: ex.h:594
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
#define MAX_FAST_REFS
Definition: ex.h:131

Referenced by PspInitializeProcessSecurity(), SeAssignPrimaryToken(), and SepInitializationPhase0().

◆ ObInitProcess()

NTSTATUS NTAPI ObInitProcess ( IN PEPROCESS Parent  OPTIONAL,
IN PEPROCESS  Process 
)

Definition at line 2086 of file obhandle.c.

2088 {
2089  PHANDLE_TABLE ParentTable, ObjectTable;
2090 
2091  /* Check for a parent */
2092  if (Parent)
2093  {
2094  /* Reference the parent's table */
2095  ParentTable = ObReferenceProcessHandleTable(Parent);
2096  if (!ParentTable) return STATUS_PROCESS_IS_TERMINATING;
2097 
2098  /* Duplicate it */
2099  ObjectTable = ExDupHandleTable(Process,
2100  ParentTable,
2102  OBJ_INHERIT);
2103  }
2104  else
2105  {
2106  /* Otherwise just create a new table */
2107  ParentTable = NULL;
2108  ObjectTable = ExCreateHandleTable(Process);
2109  }
2110 
2111  /* Make sure we have a table */
2112  if (ObjectTable)
2113  {
2114  /* Associate it */
2115  Process->ObjectTable = ObjectTable;
2116 
2117  /* Check for auditing */
2119  {
2120  /* FIXME: TODO */
2121  DPRINT1("Need auditing!\n");
2122  }
2123 
2124  /* Get rid of the old table now */
2125  if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2126 
2127  /* We are done */
2128  return STATUS_SUCCESS;
2129  }
2130  else
2131  {
2132  /* Fail */
2133  Process->ObjectTable = NULL;
2134  if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2136  }
2137 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:28
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:728
PHANDLE_TABLE NTAPI ExDupHandleTable(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PEX_DUPLICATE_HANDLE_CALLBACK DupHandleProcedure, IN ULONG_PTR Mask)
Definition: handle.c:1036
#define OBJ_INHERIT
Definition: winternl.h:225
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:502
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
Definition: handle.c:765
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
BOOLEAN NTAPI ObpDuplicateHandleCallback(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: obhandle.c:1956
#define STATUS_SUCCESS
Definition: shellext.h:65
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:50
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
Definition: audit.c:34

Referenced by PspCreateProcess().

◆ ObInitSystem()

BOOLEAN NTAPI ObInitSystem ( VOID  )

Definition at line 203 of file obinit.c.

204 {
207  OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
209  HANDLE Handle;
210  PKPRCB Prcb = KeGetCurrentPrcb();
211  PLIST_ENTRY ListHead, NextEntry;
213  POBJECT_HEADER_CREATOR_INFO CreatorInfo;
214  POBJECT_HEADER_NAME_INFO NameInfo;
215  PSECURITY_DESCRIPTOR KernelObjectsSD = NULL;
217 
218  /* Check if this is actually Phase 1 initialization */
219  if (ObpInitializationPhase != 0) goto ObPostPhase0;
220 
221  /* Initialize the OBJECT_CREATE_INFORMATION List */
223  NonPagedPool,
225  'ICbO',
226  32,
228 
229  /* Set the captured UNICODE_STRING Object Name List */
231  PagedPool,
232  248,
233  'MNbO',
234  16,
236 
237  /* Temporarily setup both pointers to the shared list */
242 
243  /* Initialize the security descriptor cache */
244  ObpInitSdCache();
245 
246  /* Initialize the Default Event */
248 
249  /* Initialize the Dos Device Map mutex */
251 
252  /* Setup default access for the system process */
253  PsGetCurrentProcess()->GrantedAccess = PROCESS_ALL_ACCESS;
254  PsGetCurrentThread()->GrantedAccess = THREAD_ALL_ACCESS;
255 
256  /* Setup the Object Reaper */
258 
259  /* Initialize default Quota block */
261 
262  /* Create kernel handle table */
263  PsGetCurrentProcess()->ObjectTable = ExCreateHandleTable(NULL);
264  ObpKernelHandleTable = PsGetCurrentProcess()->ObjectTable;
265 
266  /* Create the Type Type */
267  RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
268  RtlInitUnicodeString(&Name, L"Type");
269  ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
270  ObjectTypeInitializer.ValidAccessMask = OBJECT_TYPE_ALL_ACCESS;
271  ObjectTypeInitializer.UseDefaultObject = TRUE;
272  ObjectTypeInitializer.MaintainTypeList = TRUE;
273  ObjectTypeInitializer.PoolType = NonPagedPool;
274  ObjectTypeInitializer.GenericMapping = ObpTypeMapping;
275  ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_TYPE);
276  ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;
277  ObjectTypeInitializer.DeleteProcedure = ObpDeleteObjectType;
278  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObpTypeObjectType);
279 
280  /* Create the Directory Type */
281  RtlInitUnicodeString(&Name, L"Directory");
282  ObjectTypeInitializer.PoolType = PagedPool;
283  ObjectTypeInitializer.ValidAccessMask = DIRECTORY_ALL_ACCESS;
284  ObjectTypeInitializer.CaseInsensitive = TRUE;
285  ObjectTypeInitializer.MaintainTypeList = FALSE;
286  ObjectTypeInitializer.GenericMapping = ObpDirectoryMapping;
287  ObjectTypeInitializer.DeleteProcedure = NULL;
288  ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_DIRECTORY);
289  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObpDirectoryObjectType);
290  ObpDirectoryObjectType->TypeInfo.ValidAccessMask &= ~SYNCHRONIZE;
291 
292  /* Create 'symbolic link' object type */
293  RtlInitUnicodeString(&Name, L"SymbolicLink");
294  ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_SYMBOLIC_LINK);
295  ObjectTypeInitializer.GenericMapping = ObpSymbolicLinkMapping;
296  ObjectTypeInitializer.ValidAccessMask = SYMBOLIC_LINK_ALL_ACCESS;
297  ObjectTypeInitializer.ParseProcedure = ObpParseSymbolicLink;
298  ObjectTypeInitializer.DeleteProcedure = ObpDeleteSymbolicLink;
299  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObpSymbolicLinkObjectType);
300  ObpSymbolicLinkObjectType->TypeInfo.ValidAccessMask &= ~SYNCHRONIZE;
301 
302  /* Phase 0 initialization complete */
304  return TRUE;
305 
306 ObPostPhase0:
307 
308  /* Re-initialize lookaside lists */
309  ObInit2();
310 
311  /* Initialize Object Types directory attributes */
312  RtlInitUnicodeString(&Name, L"\\");
314  &Name,
316  NULL,
318 
319  /* Create the directory */
323  if (!NT_SUCCESS(Status)) return FALSE;
324 
325  /* Get a handle to it */
327  0,
329  KernelMode,
331  NULL);
332  if (!NT_SUCCESS(Status)) return FALSE;
333 
334  /* Close the extra handle */
335  Status = NtClose(Handle);
336  if (!NT_SUCCESS(Status)) return FALSE;
337 
338  /* Create a custom security descriptor for the KernelObjects directory */
339  Status = ObpCreateKernelObjectsSD(&KernelObjectsSD);
340  if (!NT_SUCCESS(Status))
341  return FALSE;
342 
343  /* Initialize the KernelObjects directory attributes */
344  RtlInitUnicodeString(&Name, L"\\KernelObjects");
346  &Name,
348  NULL,
349  KernelObjectsSD);
350 
351  /* Create the directory */
355  ExFreePoolWithTag(KernelObjectsSD, TAG_SD);
356  if (!NT_SUCCESS(Status)) return FALSE;
357 
358  /* Close the extra handle */
359  Status = NtClose(Handle);
360  if (!NT_SUCCESS(Status)) return FALSE;
361 
362  /* Initialize ObjectTypes directory attributes */
363  RtlInitUnicodeString(&Name, L"\\ObjectTypes");
365  &Name,
367  NULL,
368  NULL);
369 
370  /* Create the directory */
374  if (!NT_SUCCESS(Status)) return FALSE;
375 
376  /* Get a handle to it */
378  0,
380  KernelMode,
382  NULL);
383  if (!NT_SUCCESS(Status)) return FALSE;
384 
385  /* Close the extra handle */
386  Status = NtClose(Handle);
387  if (!NT_SUCCESS(Status)) return FALSE;
388 
389  /* Initialize the lookup context and lock it */
392 
393  /* Loop the object types */
394  ListHead = &ObpTypeObjectType->TypeList;
395  NextEntry = ListHead->Flink;
396  while (ListHead != NextEntry)
397  {
398  /* Get the creator info from the list */
399  CreatorInfo = CONTAINING_RECORD(NextEntry,
401  TypeList);
402 
403  /* Recover the header and the name header from the creator info */
404  Header = (POBJECT_HEADER)(CreatorInfo + 1);
406 
407  /* Make sure we have a name, and aren't inserted yet */
408  if ((NameInfo) && !(NameInfo->Directory))
409  {
410  /* Do the initial lookup to setup the context */
412  &NameInfo->Name,
414  FALSE,
415  &Context))
416  {
417  /* Insert this object type */
419  &Context,
420  Header);
421  }
422  }
423 
424  /* Move to the next entry */
425  NextEntry = NextEntry->Flink;
426  }
427 
428  /* Cleanup after lookup */
430 
431  /* Initialize DOS Devices Directory and related Symbolic Links */
433  if (!NT_SUCCESS(Status)) return FALSE;
434  return TRUE;
435 }
VOID NTAPI ObpDeleteSymbolicLink(IN PVOID ObjectBody)
#define OBJ_OPENLINK
Definition: winternl.h:230
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
Definition: oblife.c:1048
#define THREAD_ALL_ACCESS
Definition: nt_native.h:1339
#define PROCESS_ALL_ACCESS
Definition: nt_native.h:1324
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
WORK_QUEUE_ITEM ObpReaperWorkItem
Definition: oblife.c:28
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
Definition: ketypes.h:1079
UNICODE_STRING Name
Definition: obtypes.h:433
GENERIC_MAPPING ObpDirectoryMapping
Definition: obinit.c:27
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
GENERAL_LOOKASIDE ObpCreateInfoLookasideList
Definition: oblife.c:26
ULONG ObpInitializationPhase
Definition: obinit.c:54
VOID NTAPI ObpDeleteObjectType(IN PVOID Object)
Definition: oblife.c:1329
static POBJECT_TYPE ObpDefaultObject
Definition: ObTypes.c:138
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
GENERIC_MAPPING ObpTypeMapping
Definition: obinit.c:19
POBJECT_DIRECTORY ObpRootDirectoryObject
Definition: obname.c:19
PP_LOOKASIDE_LIST PPLookasideList[16]
Definition: ketypes.h:628
#define L(x)
Definition: ntvdm.h:50
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
struct _OBJECT_HEADER * POBJECT_HEADER
#define FALSE
Definition: types.h:117
Definition: Header.h:8
GENERAL_LOOKASIDE ObpNameBufferLookasideList
Definition: oblife.c:26
struct NameRec_ * Name
Definition: cdprocs.h:459
#define PsGetCurrentProcess
Definition: psfuncs.h:17
VOID NTAPI ObpReapObject(IN PVOID Unused)
Definition: oblife.c:221
NTSTATUS NTAPI ObpCreateDosDevicesDirectory(VOID)
Definition: obname.c:177
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
#define TAG_SD
Definition: tag.h:176
VOID NTAPI ExInitializeSystemLookasideList(IN PGENERAL_LOOKASIDE List, IN POOL_TYPE Type, IN ULONG Size, IN ULONG Tag, IN USHORT MaximumDepth, IN PLIST_ENTRY ListHead)
Definition: lookas.c:31
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
OBJECT_TYPE
Definition: ntobjenum.h:23
BOOLEAN NTAPI ObpInsertEntryDirectory(IN POBJECT_DIRECTORY Parent, IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_HEADER ObjectHeader)
Definition: obdir.c:45
Status
Definition: gdiplustypes.h:24
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
#define ObpDirectoryObjectType
Definition: ObTypes.c:123
#define ExInitializeWorkItem(Item, Routine, Context)
Definition: exfuncs.h:265
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
OB_PARSE_METHOD ParseProcedure
Definition: obtypes.h:370
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
Definition: handle.c:765
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
struct _GENERAL_LOOKASIDE * L
Definition: ketypes.h:802
PVOID NTAPI ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
Definition: obdir.c:158
#define OBJ_PERMANENT
Definition: winternl.h:226
Definition: typedefs.h:119
#define SYNCHRONIZE
Definition: nt_native.h:61
#define OBJECT_TYPE_ALL_ACCESS
Definition: nt_native.h:1248
NTSTATUS NTAPI ObpInitSdCache(VOID)
Definition: obsdcach.c:61
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Releases an initialized object directory lookup context. Unlocks it if necessary, and dereferences th...
Definition: ob_x.h:323
NTSTATUS NTAPI NtCreateDirectoryObject(OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: obdir.c:765
#define ObpSymbolicLinkObjectType
Definition: ObTypes.c:124
VOID FASTCALL KeInitializeGuardedMutex(OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:31
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Initializes a new object directory lookup context. Used for lookup operations (insertions/deletions) ...
Definition: ob_x.h:258
BOOLEAN NTAPI ObInit2(VOID)
Definition: obinit.c:136
#define KeInitializeEvent(pEvt, foo, foo2)
Definition: env_spec_w32.h:477
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
struct _GENERAL_LOOKASIDE * P
Definition: ketypes.h:801
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
static NTSTATUS NTAPI ObpCreateKernelObjectsSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: obinit.c:65
NTSTATUS NTAPI ObpParseSymbolicLink(IN PVOID ParsedObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING FullPath, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *NextObject)
Definition: oblink.c:431
#define NULL
Definition: types.h:112
GENERIC_MAPPING ObpSymbolicLinkMapping
Definition: obinit.c:38
VOID NTAPI PsInitializeQuotaSystem(VOID)
Definition: quota.c:107
static POBJECT_TYPE ObpTypeObjectType
Definition: ObTypes.c:122
_In_ HANDLE Handle
Definition: extypes.h:390
struct tagContext Context
Definition: acpixf.h:1034
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24
LIST_ENTRY TypeList
Definition: obtypes.h:382
OB_DELETE_METHOD DeleteProcedure
Definition: obtypes.h:369
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
struct _OBJECT_SYMBOLIC_LINK OBJECT_SYMBOLIC_LINK
ULONG DefaultNonPagedPoolCharge
Definition: obtypes.h:365
LIST_ENTRY ExSystemLookasideListHead
Definition: lookas.c:21
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:17
POBJECT_DIRECTORY ObpTypeDirectoryObject
Definition: obname.c:20
FORCEINLINE VOID ObpAcquireLookupContextLock(IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_DIRECTORY Directory)
Locks an object directory lookup context for performing lookup operations (insertions/deletions) in a...
Definition: ob_x.h:281
struct _OBJECT_DIRECTORY OBJECT_DIRECTORY

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ ObIsLUIDDeviceMapsEnabled()

ULONG NTAPI ObIsLUIDDeviceMapsEnabled ( VOID  )

Definition at line 662 of file devicemap.c.

663 {
665 }
ULONG ObpLUIDDeviceMapsEnabled
Definition: devicemap.c:18

Referenced by NtQueryInformationProcess(), and PspSetPrimaryToken().

◆ ObKillProcess()

VOID NTAPI ObKillProcess ( IN PEPROCESS  Process)

Definition at line 2156 of file obhandle.c.

2157 {
2160  BOOLEAN HardErrors;
2161  PAGED_CODE();
2162 
2163  /* Wait for process rundown and then complete it */
2164  ExWaitForRundownProtectionRelease(&Process->RundownProtect);
2165  ExRundownCompleted(&Process->RundownProtect);
2166 
2167  /* Get the object table */
2168  HandleTable = Process->ObjectTable;
2169  if (!HandleTable) return;
2170 
2171  /* Disable hard errors while we close handles */
2172  HardErrors = IoSetThreadHardErrorMode(FALSE);
2173 
2174  /* Enter a critical region */
2176 
2177  /* Fill out the context */
2178  Context.AccessMode = KernelMode;
2179  Context.HandleTable = HandleTable;
2180 
2181  /* Sweep the handle table to close all handles */
2184  &Context);
2185  ASSERT(HandleTable->HandleCount == 0);
2186 
2187  /* Leave the critical region */
2189 
2190  /* Re-enable hard errors */
2191  IoSetThreadHardErrorMode(HardErrors);
2192 
2193  /* Destroy the object table */
2194  Process->ObjectTable = NULL;
2196 }
NTKERNELAPI VOID FASTCALL ExRundownCompleted(_Out_ PEX_RUNDOWN_REF RunRef)
VOID NTAPI ExDestroyHandleTable(IN PHANDLE_TABLE HandleTable, IN PVOID DestroyHandleProcedure OPTIONAL)
Definition: handle.c:927
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
NTKERNELAPI VOID FASTCALL ExWaitForRundownProtectionRelease(_Inout_ PEX_RUNDOWN_REF RunRef)
#define ASSERT(a)
Definition: mode.c:44
BOOLEAN NTAPI IoSetThreadHardErrorMode(IN BOOLEAN HardErrorEnabled)
Definition: error.c:726
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
#define NULL
Definition: types.h:112
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1196
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
struct tagContext Context
Definition: acpixf.h:1034
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1920
#define PAGED_CODE()

Referenced by PspDeleteProcess(), and PspExitThread().

◆ ObpCaptureObjectCreateInformation()

NTSTATUS NTAPI ObpCaptureObjectCreateInformation ( IN POBJECT_ATTRIBUTES  ObjectAttributes,
IN KPROCESSOR_MODE  AccessMode,
IN KPROCESSOR_MODE  CreatorMode,
IN BOOLEAN  AllocateFromLookaside,
IN POBJECT_CREATE_INFORMATION  ObjectCreateInfo,
OUT PUNICODE_STRING  ObjectName 
)

Definition at line 456 of file oblife.c.

462 {
463  ULONG SdCharge, QuotaInfoSize;
466  PSECURITY_QUALITY_OF_SERVICE SecurityQos;
467  PUNICODE_STRING LocalObjectName = NULL;
468  PAGED_CODE();
469 
470  /* Zero out the Capture Data */
471  RtlZeroMemory(ObjectCreateInfo, sizeof(OBJECT_CREATE_INFORMATION));
472 
473  /* SEH everything here for protection */
474  _SEH2_TRY
475  {
476  /* Check if we got attributes */
477  if (ObjectAttributes)
478  {
479  /* Check if we're in user mode */
480  if (AccessMode != KernelMode)
481  {
482  /* Probe the attributes */
484  sizeof(OBJECT_ATTRIBUTES),
485  sizeof(ULONG));
486  }
487 
488  /* Validate the Size and Attributes */
489  if ((ObjectAttributes->Length != sizeof(OBJECT_ATTRIBUTES)) ||
491  {
492  /* Invalid combination, fail */
494  }
495 
496  /* Set some Create Info and do not allow user-mode kernel handles */
497  ObjectCreateInfo->RootDirectory = ObjectAttributes->RootDirectory;
498  ObjectCreateInfo->Attributes = ObjectAttributes->Attributes & OBJ_VALID_KERNEL_ATTRIBUTES;
499  if (CreatorMode != KernelMode) ObjectCreateInfo->Attributes &= ~OBJ_KERNEL_HANDLE;
500  LocalObjectName = ObjectAttributes->ObjectName;
501  SecurityDescriptor = ObjectAttributes->SecurityDescriptor;
502  SecurityQos = ObjectAttributes->SecurityQualityOfService;
503 
504  /* Check if we have a security descriptor */
505  if (SecurityDescriptor)
506  {
507  /* Capture it. Note: This has an implicit memory barrier due
508  to the function call, so cleanup is safe here.) */
510  AccessMode,
511  NonPagedPool,
512  TRUE,
513  &ObjectCreateInfo->
515  if (!NT_SUCCESS(Status))
516  {
517  /* Capture failed, quit */
518  ObjectCreateInfo->SecurityDescriptor = NULL;
519  _SEH2_YIELD(return Status);
520  }
521 
522  /*
523  * By default, assume a SD size of 1024 and allow twice its
524  * size.
525  * If SD size happen to be bigger than that, then allow it
526  */
527  SdCharge = 2048;
528  SeComputeQuotaInformationSize(ObjectCreateInfo->SecurityDescriptor,
529  &QuotaInfoSize);
530  if ((2 * QuotaInfoSize) > 2048)
531  {
532  SdCharge = 2 * QuotaInfoSize;
533  }
534 
535  /* Save the probe mode and security descriptor size */
536  ObjectCreateInfo->SecurityDescriptorCharge = SdCharge;
537  ObjectCreateInfo->ProbeMode = AccessMode;
538  }
539 
540  /* Check if we have QoS */
541  if (SecurityQos)
542  {
543  /* Check if we came from user mode */
544  if (AccessMode != KernelMode)
545  {
546  /* Validate the QoS */
547  ProbeForRead(SecurityQos,
549  sizeof(ULONG));
550  }
551 
552  /* Save Info */
553  ObjectCreateInfo->SecurityQualityOfService = *SecurityQos;
554  ObjectCreateInfo->SecurityQos =
555  &ObjectCreateInfo->SecurityQualityOfService;
556  }
557  }
558  else
559  {
560  /* We don't have a name */
561  LocalObjectName = NULL;
562  }
563  }
565  {
566  /* Cleanup and return the exception code */
567  ObpReleaseObjectCreateInformation(ObjectCreateInfo);
569  }
570  _SEH2_END;
571 
572  /* Now check if the Object Attributes had an Object Name */
573  if (LocalObjectName)
574  {
576  LocalObjectName,
577  AccessMode,
578  AllocateFromLookaside);
579  }
580  else
581  {
582  /* Clear the string */
583  RtlInitEmptyUnicodeString(ObjectName, NULL, 0);
584 
585  /* It cannot have specified a Root Directory */
586  if (ObjectCreateInfo->RootDirectory)
587  {
589  }
590  }
591 
592  /* Cleanup if we failed */
593  if (!NT_SUCCESS(Status))
594  {
595  ObpReleaseObjectCreateInformation(ObjectCreateInfo);
596  }
597 
598  /* Return status to caller */
599  return Status;
600 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSTATUS NTAPI SeComputeQuotaInformationSize(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
FORCEINLINE VOID ObpReleaseObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:364
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObpCaptureObjectName(IN OUT PUNICODE_STRING CapturedName, IN PUNICODE_STRING ObjectName, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN UseLookaside)
Definition: oblife.c:377
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define OBJ_VALID_KERNEL_ATTRIBUTES
Definition: obtypes.h:92
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
Definition: create.c:4400
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:351
#define STATUS_OBJECT_NAME_INVALID
Definition: udferr_usr.h:148
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define PAGED_CODE()

Referenced by ObCreateObject(), and ObOpenObjectByName().

◆ ObpCaptureObjectName()

NTSTATUS NTAPI ObpCaptureObjectName ( IN PUNICODE_STRING  CapturedName,
IN PUNICODE_STRING  ObjectName,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  AllocateFromLookaside 
)

Referenced by ObReferenceObjectByName().

◆ ObpCheckObjectReference()

BOOLEAN NTAPI ObpCheckObjectReference ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 340 of file obsecure.c.

345 {
346  POBJECT_HEADER ObjectHeader;
349  BOOLEAN SdAllocated;
350  BOOLEAN Result;
354  PAGED_CODE();
355 
356  /* Get the header and type */
357  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
358  ObjectType = ObjectHeader->Type;
359 
360  /* Get the security descriptor */
362  if (!NT_SUCCESS(Status))
363  {
364  /* We failed */
365  *AccessStatus = Status;
366  return FALSE;
367  }
368 
369  /* Lock the security context */
370  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
371 
372  /* Now do the entire access check */
374  &AccessState->SubjectSecurityContext,
375  TRUE,
376  AccessState->RemainingDesiredAccess,
377  AccessState->PreviouslyGrantedAccess,
378  &Privileges,
379  &ObjectType->TypeInfo.GenericMapping,
380  AccessMode,
381  &GrantedAccess,
382  AccessStatus);
383  if (Result)
384  {
385  /* Update the access state */
386  AccessState->RemainingDesiredAccess &= ~GrantedAccess;
387  AccessState->PreviouslyGrantedAccess |= GrantedAccess;
388  }
389 
390  /* Check if we have an SD */
391  if (SecurityDescriptor)
392  {
393  /* Do audit alarm */
394 #if 0
395  SeObjectReferenceAuditAlarm(&AccessState->OperationID,
396  Object,
398  &AccessState->SubjectSecurityContext,
399  AccessState->RemainingDesiredAccess |
400  AccessState->PreviouslyGrantedAccess,
401  ((PAUX_ACCESS_DATA)(AccessState->AuxData))->
402  PrivilegeSet,
403  Result,
404  AccessMode);
405 #endif
406  }
407 
408  /* We're done, unlock the context and release security */
409  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
411  return Result;
412 }
ObjectType
Definition: metafile.c:80
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:456
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:487
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:459
#define NULL
Definition: types.h:112
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define PAGED_CODE()

Referenced by ObReferenceObjectByName().

◆ ObpCheckTraverseAccess()

BOOLEAN NTAPI ObpCheckTraverseAccess ( IN PVOID  Object,
IN ACCESS_MASK  TraverseAccess,
IN PACCESS_STATE AccessState  OPTIONAL,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 267 of file obsecure.c.

273 {
274  POBJECT_HEADER ObjectHeader;
277  BOOLEAN SdAllocated;
278  BOOLEAN Result;
282  PAGED_CODE();
283 
284  /* Get the header and type */
285  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
286  ObjectType = ObjectHeader->Type;
287 
288  /* Get the security descriptor */
290  if (!NT_SUCCESS(Status))
291  {
292  /* We failed */
293  *AccessStatus = Status;
294  return FALSE;
295  }
296 
297  /* First try to perform a fast traverse check
298  * If it fails, then the entire access check will
299  * have to be done.
300  */
302  AccessState,
304  AccessMode);
305  if (Result)
306  {
308  return TRUE;
309  }
310 
311  /* Lock the security context */
312  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
313 
314  /* Now do the entire access check */
316  &AccessState->SubjectSecurityContext,
317  TRUE,
318  TraverseAccess,
319  0,
320  &Privileges,
321  &ObjectType->TypeInfo.GenericMapping,
322  AccessMode,
323  &GrantedAccess,
324  AccessStatus);
325  if (Privileges)
326  {
327  /* We got privileges, append them to the access state and free them */
330  }
331 
332  /* We're done, unlock the context and release security */
333  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
335  return Result;
336 }
ObjectType
Definition: metafile.c:80
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:456
#define FALSE
Definition: types.h:117
BOOLEAN NTAPI SeFastTraverseCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:601
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:487
#define FILE_WRITE_DATA
Definition: nt_native.h:631
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:459
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
Definition: priv.c:669
#define NULL
Definition: types.h:112
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
NTSTATUS NTAPI SeAppendPrivileges(_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
Appends additional privileges.
Definition: priv.c:588
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define PAGED_CODE()

Referenced by ObpLookupObjectName().

◆ ObpCreateDosDevicesDirectory()

NTSTATUS NTAPI ObpCreateDosDevicesDirectory ( VOID  )

Definition at line 177 of file obname.c.

178 {
180  UNICODE_STRING RootName, TargetName, LinkName;
181  HANDLE Handle, SymHandle;
182  SECURITY_DESCRIPTOR DosDevicesSD;
184 
185  /*
186  * Enable LUID mappings only if not explicitely disabled
187  * and if protection mode is set
188  */
191  else
193 
194  /* Create a custom security descriptor for the global DosDevices directory */
195  Status = ObpGetDosDevicesProtection(&DosDevicesSD);
196  if (!NT_SUCCESS(Status))
197  return Status;
198 
199  /* Create the global DosDevices directory \?? */
200  RtlInitUnicodeString(&RootName, L"\\GLOBAL??");
202  &RootName,
204  NULL,
205  &DosDevicesSD);
209  if (!NT_SUCCESS(Status))
210  goto done;
211 
212  /* Create the system device map */
214  if (!NT_SUCCESS(Status))
215  goto done;
216 
217  /*
218  * Initialize the \??\GLOBALROOT symbolic link
219  * pointing to the root directory \ .
220  */
221  RtlInitUnicodeString(&LinkName, L"GLOBALROOT");
224  &LinkName,
226  Handle,
227  &DosDevicesSD);
228  Status = NtCreateSymbolicLinkObject(&SymHandle,
231  &TargetName);
232  if (NT_SUCCESS(Status)) NtClose(SymHandle);
233 
234  /*
235  * Initialize the \??\Global symbolic link pointing to the global
236  * DosDevices directory \?? . It is used to access the global \??
237  * by user-mode components which, by default, use a per-session
238  * DosDevices directory.
239  */
240  RtlInitUnicodeString(&LinkName, L"Global");
242  &LinkName,
244  Handle,
245  &DosDevicesSD);
246  Status = NtCreateSymbolicLinkObject(&SymHandle,
249  &RootName);
250  if (NT_SUCCESS(Status)) NtClose(SymHandle);
251 
252  /* Close the directory handle */
253  NtClose(Handle);
254  if (!NT_SUCCESS(Status))
255  goto done;
256 
257  /*
258  * Initialize the \DosDevices symbolic link pointing to the global
259  * DosDevices directory \?? , for backward compatibility with
260  * Windows NT-2000 systems.
261  */
262  RtlInitUnicodeString(&LinkName, L"\\DosDevices");
265  &LinkName,
267  NULL,
268  &DosDevicesSD);
269  Status = NtCreateSymbolicLinkObject(&SymHandle,
272  &RootName);
273  if (NT_SUCCESS(Status)) NtClose(SymHandle);
274 
275 done:
276  ObpFreeDosDevicesProtection(&DosDevicesSD);
277 
278  /* Return status */
279  return Status;
280 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
const uint16_t * PCWSTR
Definition: typedefs.h:57
NTSTATUS NTAPI ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obname.c:40
ULONG ObpLUIDDeviceMapsEnabled
Definition: devicemap.c:18
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
Definition: devicemap.c:24
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
#define L(x)
Definition: ntvdm.h:50
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ALIGNEDNAME ObpDosDevicesShortNameRoot
Definition: obname.c:24
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
#define OBJ_PERMANENT
Definition: winternl.h:226
WCHAR TargetName[256]
Definition: arping.c:27
NTSTATUS NTAPI NtCreateDirectoryObject(OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: obdir.c:765
ULONG ObpProtectionMode
Definition: obinit.c:57
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
#define NULL
Definition: types.h:112
_In_ HANDLE Handle
Definition: extypes.h:390
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
ULONG ObpLUIDDeviceMapsDisabled
Definition: devicemap.c:17
VOID NTAPI ObpFreeDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obname.c:161

Referenced by ObInitSystem().

◆ ObpCreateSymbolicLinkName()

VOID NTAPI ObpCreateSymbolicLinkName ( IN POBJECT_SYMBOLIC_LINK  SymbolicLink)

Definition at line 334 of file oblink.c.

335 {
336  WCHAR UpperDrive;
337  POBJECT_HEADER ObjectHeader;
338  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
339 
340  /* Get header data */
341  ObjectHeader = OBJECT_TO_OBJECT_HEADER(SymbolicLink);
342  ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
343 
344  /* No name info, nothing to create */
345  if (ObjectNameInfo == NULL)
346  {
347  return;
348  }
349 
350  /* If we have a device map, look for creating a letter based drive */
351  if (ObjectNameInfo->Directory != NULL &&
352  ObjectNameInfo->Directory->DeviceMap != NULL)
353  {
354  /* Is it a drive letter based name? */
355  if (ObjectNameInfo->Name.Length == 2 * sizeof(WCHAR))
356  {
357  if (ObjectNameInfo->Name.Buffer[1] == L':')
358  {
359  UpperDrive = RtlUpcaseUnicodeChar(ObjectNameInfo->Name.Buffer[0]);
360  if (UpperDrive >= L'A' && UpperDrive <= L'Z')
361  {
362  /* Compute its index (it's 1 based - 0 means no letter) */
363  SymbolicLink->DosDeviceDriveIndex = UpperDrive - (L'A' - 1);
364  }
365  }
366  }
367 
368  /* Call the helper */
370  }
371 
372  /* We're done */
373  ObpDereferenceNameInfo(ObjectNameInfo);
374 }
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
UNICODE_STRING Name
Definition: obtypes.h:433
NTSYSAPI WCHAR NTAPI RtlUpcaseUnicodeChar(WCHAR Source)
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define L(x)
Definition: ntvdm.h:50
#define FALSE
Definition: types.h:117
__wchar_t WCHAR
Definition: xmlstorage.h:180
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
struct _DEVICE_MAP * DeviceMap
Definition: obtypes.h:418
#define NULL
Definition: types.h:112
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
static const WCHAR SymbolicLink[]
Definition: interface.c:31

Referenced by ObInsertObject().

◆ ObpDeleteEntryDirectory()

BOOLEAN NTAPI ObpDeleteEntryDirectory ( IN POBP_LOOKUP_CONTEXT  Context)

Referenced by ObpDeleteNameCheck().

◆ ObpDeleteNameCheck()

VOID NTAPI ObpDeleteNameCheck ( IN PVOID  Object)

Definition at line 301 of file obname.c.

302 {
303  POBJECT_HEADER ObjectHeader;
305  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
307  PVOID Directory = NULL;
308 
309  /* Get object structures */
310  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
311  ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
312  ObjectType = ObjectHeader->Type;
313 
314  /*
315  * Check if the handle count is 0, if the object is named,
316  * and if the object isn't a permanent object.
317  */
318  if (!(ObjectHeader->HandleCount) &&
319  (ObjectNameInfo) &&
320  (ObjectNameInfo->Name.Length) &&
321  (ObjectNameInfo->Directory) &&
322  !(ObjectHeader->Flags & OB_FLAG_PERMANENT))
323  {
324  /* Setup a lookup context and lock it */
326  ObpAcquireLookupContextLock(&Context, ObjectNameInfo->Directory);
327 
328  /* Do the lookup */
329  Object = ObpLookupEntryDirectory(ObjectNameInfo->Directory,
330  &ObjectNameInfo->Name,
331  0,
332  FALSE,
333  &Context);
334  if (Object)
335  {
336  /* Lock the object */
337  ObpAcquireObjectLock(ObjectHeader);
338 
339  /* Make sure we can still delete the object */
340  if (!(ObjectHeader->HandleCount) &&
341  !(ObjectHeader->Flags & OB_FLAG_PERMANENT))
342  {
343  /* First delete it from the directory */
345 
346  /* Check if this is a symbolic link */
348  {
349  /* Remove internal name */
351  }
352 
353  /* Check if the kernel exclusive flag is set */
354  ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
355  if ((ObjectNameInfo) &&
356  (ObjectNameInfo->QueryReferences & OB_FLAG_KERNEL_EXCLUSIVE))
357  {
358  /* Remove protection flag */
359  InterlockedExchangeAdd((PLONG)&ObjectNameInfo->QueryReferences,
361  }
362 
363  /* Get the directory */
364  Directory = ObjectNameInfo->Directory;
365  }
366 
367  /* Release the lock */
368  ObpReleaseObjectLock(ObjectHeader);
369  }
370 
371  /* Cleanup after lookup */
373 
374  /* Remove another query reference since we added one on top */
375  ObpDereferenceNameInfo(ObjectNameInfo);
376 
377  /* Check if we were inserted in a directory */
378  if (Directory)
379  {
380  /* We were, so first remove the extra reference we had added */
381  ObpDereferenceNameInfo(ObjectNameInfo);
382 
383  /* Now dereference the object as well */
385  }
386  }
387  else
388  {
389  /* Remove the reference we added */
390  ObpDereferenceNameInfo(ObjectNameInfo);
391  }
392 }
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
ObjectType
Definition: metafile.c:80
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
LONG_PTR HandleCount
Definition: obtypes.h:490
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
UNICODE_STRING Name
Definition: obtypes.h:433
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
#define OB_FLAG_PERMANENT
Definition: obtypes.h:101
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FALSE
Definition: types.h:117
UCHAR Flags
Definition: obtypes.h:497
#define InterlockedExchangeAdd
Definition: interlocked.h:181
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
#define ObDereferenceObject
Definition: obfuncs.h:203
PVOID NTAPI ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
Definition: obdir.c:158
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Releases an initialized object directory lookup context. Unlocks it if necessary, and dereferences th...
Definition: ob_x.h:323
VOID NTAPI ObpDeleteSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
Definition: oblink.c:326
#define ObpSymbolicLinkObjectType
Definition: ObTypes.c:124
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Initializes a new object directory lookup context. Used for lookup operations (insertions/deletions) ...
Definition: ob_x.h:258
#define NULL
Definition: types.h:112
struct tagContext Context
Definition: acpixf.h:1034
base for all directory entries
Definition: entries.h:138
POBJECT_TYPE Type
Definition: obtypes.h:493
signed int * PLONG
Definition: retypes.h:5
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
#define OB_FLAG_KERNEL_EXCLUSIVE
Definition: obtypes.h:109
BOOLEAN NTAPI ObpDeleteEntryDirectory(IN POBP_LOOKUP_CONTEXT Context)
FORCEINLINE VOID ObpAcquireLookupContextLock(IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_DIRECTORY Directory)
Locks an object directory lookup context for performing lookup operations (insertions/deletions) in a...
Definition: ob_x.h:281

Referenced by ObInsertObject(), ObpDecrementHandleCount(), and ObpSetPermanentObject().

◆ ObpDeleteObject()

VOID NTAPI ObpDeleteObject ( IN PVOID  Object,
IN BOOLEAN  CalledFromWorkerThread 
)

Definition at line 148 of file oblife.c.

150 {
153  POBJECT_HEADER_NAME_INFO NameInfo;
154  POBJECT_HEADER_CREATOR_INFO CreatorInfo;
155  KIRQL CalloutIrql;
156  PAGED_CODE();
157 
158  /* Get the header and type */
160  ObjectType = Header->Type;
161 
162  /* Get creator and name information */
164  CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(Header);
165 
166  /* Check if the object is on a type list */
167  if ((CreatorInfo) && !(IsListEmpty(&CreatorInfo->TypeList)))
168  {
169  /* Lock the object type */
171 
172  /* Remove the object from the type list */
173  RemoveEntryList(&CreatorInfo->TypeList);
174 
175  /* Release the lock */
177  }
178 
179  /* Check if we have a name */
180  if ((NameInfo) && (NameInfo->Name.Buffer))
181  {
182  /* Free it */
183  ExFreePool(NameInfo->Name.Buffer);
184  RtlInitEmptyUnicodeString(&NameInfo->Name, NULL, 0);
185  }
186 
187  /* Check if we have a security descriptor */
188  if (Header->SecurityDescriptor)
189  {
190  /* Call the security procedure to delete it */
191  ObpCalloutStart(&CalloutIrql);
192  ObjectType->TypeInfo.SecurityProcedure(Object,
193  DeleteSecurityDescriptor,
194  0,
195  NULL,
196  NULL,
197  &Header->SecurityDescriptor,
198  0,
199  NULL);
200  ObpCalloutEnd(CalloutIrql, "Security", ObjectType, Object);
201  }
202 
203  /* Check if we have a delete procedure */
204  if (ObjectType->TypeInfo.DeleteProcedure)
205  {
206  /* Save whether we were deleted from worker thread or not */
207  if (!CalledFromWorkerThread) Header->Flags |= OB_FLAG_DEFER_DELETE;
208 
209  /* Call it */
210  ObpCalloutStart(&CalloutIrql);
211  ObjectType->TypeInfo.DeleteProcedure(Object);
212  ObpCalloutEnd(CalloutIrql, "Delete", ObjectType, Object);
213  }
214 
215  /* Now de-allocate all object members */
217 }
ObjectType
Definition: metafile.c:80
UNICODE_STRING Name
Definition: obtypes.h:433
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
UCHAR KIRQL
Definition: env_spec_w32.h:591
Definition: Header.h:8
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:497
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:340
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:352
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505
VOID FASTCALL ObpDeallocateObject(IN PVOID Object)
Definition: oblife.c:39
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
#define OB_FLAG_DEFER_DELETE
Definition: obtypes.h:104
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
Definition: obtypes.h:126
#define NULL
Definition: types.h:112
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
#define PAGED_CODE()

Referenced by ObfDereferenceObject(), and ObpReapObject().

◆ ObpDeleteObjectType()

VOID NTAPI ObpDeleteObjectType ( IN PVOID  Object)

Definition at line 1329 of file oblife.c.

1330 {
1331  ULONG i;
1333 
1334  /* Loop our locks */
1335  for (i = 0; i < 4; i++)
1336  {
1337  /* Delete each one */
1338  ExDeleteResourceLite(&ObjectType->ObjectLocks[i]);
1339  }
1340 
1341  /* Delete our main mutex */
1343 }
ObjectType
Definition: metafile.c:80
NTSTATUS NTAPI ExDeleteResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1456
void * PVOID
Definition: retypes.h:9
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int ULONG
Definition: retypes.h:1

Referenced by ObInitSystem().

◆ ObpDeleteSymbolicLink()

VOID NTAPI ObpDeleteSymbolicLink ( IN PVOID  ObjectBody)

Referenced by ObInitSystem().

◆ ObpDeleteSymbolicLinkName()

VOID NTAPI ObpDeleteSymbolicLinkName ( IN POBJECT_SYMBOLIC_LINK  SymbolicLink)

Definition at line 326 of file oblink.c.

327 {
328  /* Just call the helper */
330 }
#define TRUE
Definition: types.h:120
static const WCHAR SymbolicLink[]
Definition: interface.c:31

Referenced by ObpDeleteNameCheck().

◆ ObpFreeObjectNameBuffer()

VOID NTAPI ObpFreeObjectNameBuffer ( IN PUNICODE_STRING  Name)

Definition at line 347 of file oblife.c.

348 {
349  PVOID Buffer = Name->Buffer;
350 
351  /* We know this is a pool-allocation if the size doesn't match */
352  if (Name->MaximumLength != OBP_NAME_LOOKASIDE_MAX_SIZE)
353  {
354  /*
355  * Free it from the pool.
356  *
357  * We cannot use here ExFreePoolWithTag(..., OB_NAME_TAG); , because
358  * the object name may have been massaged during operation by different
359  * object parse routines. If the latter ones have to resolve a symbolic
360  * link (e.g. as is done by CmpParseKey() and CmpGetSymbolicLink()),
361  * the original object name is freed and re-allocated from the pool,
362  * possibly with a different pool tag. At the end of the day, the new
363  * object name can be reallocated and completely different, but we
364  * should still be able to free it!
365  */
367  }
368  else
369  {
370  /* Otherwise, free from the lookaside */
372  }
373 }
FORCEINLINE VOID ObpFreeCapturedAttributes(IN PVOID Buffer, IN PP_NPAGED_LOOKASIDE_NUMBER Type)
Definition: ob_x.h:416
Definition: bufpool.h:45
#define OBP_NAME_LOOKASIDE_MAX_SIZE
Definition: ob_x.h:18
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by ObCreateObject(), ObOpenObjectByName(), ObpCaptureObjectName(), and ObReferenceObjectByName().

◆ ObpInitSdCache()

NTSTATUS NTAPI ObpInitSdCache ( VOID  )

Definition at line 61 of file obsdcach.c.

62 {
63  ULONG i;
64 
65  /* Loop each cache entry */
66  for (i = 0; i < SD_CACHE_ENTRIES; i++)
67  {
68  /* Initialize the lock and the list */
71  }
72 
73  /* Return success */
74  return STATUS_SUCCESS;
75 }
OB_SD_CACHE_LIST ObsSecurityDescriptorCache[SD_CACHE_ENTRIES]
Definition: obsdcach.c:18
#define SD_CACHE_ENTRIES
Definition: obsdcach.c:17
#define ExInitializePushLock
Definition: ex.h:1011
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
unsigned int ULONG
Definition: retypes.h:1
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by ObInitSystem().

◆ ObpInsertEntryDirectory()

BOOLEAN NTAPI ObpInsertEntryDirectory ( IN POBJECT_DIRECTORY  Parent,
IN POBP_LOOKUP_CONTEXT  Context,
IN POBJECT_HEADER  ObjectHeader 
)

Definition at line 45 of file obdir.c.

48 {
49  POBJECT_DIRECTORY_ENTRY *AllocatedEntry;
50  POBJECT_DIRECTORY_ENTRY NewEntry;
51  POBJECT_HEADER_NAME_INFO HeaderNameInfo;
52 
53  /* Make sure we have a name */
54  ASSERT(ObjectHeader->NameInfoOffset != 0);
55 
56  /* Validate the context */
57  if ((Context->Object) ||
58  !(Context->DirectoryLocked) ||
59  (Parent != Context->Directory))
60  {
61  /* Invalid context */
62  DPRINT1("OB: ObpInsertEntryDirectory - invalid context %p %u\n",
63  Context, Context->DirectoryLocked);
64  ASSERT(FALSE);
65  return FALSE;
66  }
67 
68  /* Allocate a new Directory Entry */
70  sizeof(OBJECT_DIRECTORY_ENTRY),
71  OB_DIR_TAG);
72  if (!NewEntry) return FALSE;
73 
74  /* Save the hash */
75  NewEntry->HashValue = Context->HashValue;
76 
77  /* Get the Object Name Information */
78  HeaderNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
79 
80  /* Get the Allocated entry */
81  AllocatedEntry = &Parent->HashBuckets[Context->HashIndex];
82 
83  /* Set it */
84  NewEntry->ChainLink = *AllocatedEntry;
85  *AllocatedEntry = NewEntry;
86 
87  /* Associate the Object */
88  NewEntry->Object = &ObjectHeader->Body;
89 
90  /* Associate the Directory */
91  HeaderNameInfo->Directory = Parent;
92  return TRUE;
93 }
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
#define TRUE
Definition: types.h:120
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:728
PVOID Object
Definition: obtypes.h:401
#define OB_DIR_TAG
Definition: tag.h:152
#define FALSE
Definition: types.h:117
#define ASSERT(a)
Definition: mode.c:44
ULONG HashValue
Definition: obtypes.h:403
Definition: obtypes.h:398
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
struct _OBJECT_DIRECTORY_ENTRY * ChainLink
Definition: obtypes.h:400
#define DPRINT1
Definition: precomp.h:8

Referenced by ObCreateObjectType(), ObInitSystem(), and ObpLookupObjectName().

◆ ObpLookupEntryDirectory()

PVOID NTAPI ObpLookupEntryDirectory ( IN POBJECT_DIRECTORY  Directory,
IN PUNICODE_STRING  Name,
IN ULONG  Attributes,
IN UCHAR  SearchShadow,
IN POBP_LOOKUP_CONTEXT  Context 
)

Definition at line 158 of file obdir.c.

163 {
165  POBJECT_HEADER_NAME_INFO HeaderNameInfo;
166  POBJECT_HEADER ObjectHeader;
168  ULONG HashIndex;
169  LONG TotalChars;
170  WCHAR CurrentChar;
171  POBJECT_DIRECTORY_ENTRY *AllocatedEntry;
172  POBJECT_DIRECTORY_ENTRY *LookupBucket;
173  POBJECT_DIRECTORY_ENTRY CurrentEntry;
174  PVOID FoundObject = NULL;
175  PWSTR Buffer;
176  POBJECT_DIRECTORY ShadowDirectory;
177 
178  PAGED_CODE();
179 
180  /* Check if we should search the shadow directory */
181  if (ObpLUIDDeviceMapsEnabled == 0) SearchShadow = FALSE;
182 
183  /* Fail if we don't have a directory or name */
184  if (!(Directory) || !(Name)) goto Quickie;
185 
186  /* Get name information */
187  TotalChars = Name->Length / sizeof(WCHAR);
188  Buffer = Name->Buffer;
189 
190  /* Set up case-sensitivity */
192 
193  /* Fail if the name is empty */
194  if (!(Buffer) || !(TotalChars)) goto Quickie;
195 
196  /* Create the Hash */
197  for (HashValue = 0; TotalChars; TotalChars--)
198  {
199  /* Go to the next Character */
200  CurrentChar = *Buffer++;
201 
202  /* Prepare the Hash */
203  HashValue += (HashValue << 1) + (HashValue >> 1);
204 
205  /* Create the rest based on the name */
206  if (CurrentChar < 'a') HashValue += CurrentChar;
207  else if (CurrentChar > 'z') HashValue += RtlUpcaseUnicodeChar(CurrentChar);
208  else HashValue += (CurrentChar - ('a'-'A'));
209  }
210 
211  /* Merge it with our number of hash buckets */
212  HashIndex = HashValue % 37;
213 
214  /* Save the result */
215  Context->HashValue = HashValue;
216  Context->HashIndex = (USHORT)HashIndex;
217 
218 DoItAgain:
219  /* Get the root entry and set it as our lookup bucket */
220  AllocatedEntry = &Directory->HashBuckets[HashIndex];
221  LookupBucket = AllocatedEntry;
222 
223  /* Check if the directory is already locked */
224  if (!Context->DirectoryLocked)
225  {
226  /* Lock it */
228  }
229 
230  /* Start looping */
231  while ((CurrentEntry = *AllocatedEntry))
232  {
233  /* Do the hashes match? */
234  if (CurrentEntry->HashValue == HashValue)
235  {
236  /* Make sure that it has a name */
237  ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentEntry->Object);
238 
239  /* Get the name information */
240  ASSERT(ObjectHeader->NameInfoOffset != 0);
241  HeaderNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
242 
243  /* Do the names match? */
244  if ((Name->Length == HeaderNameInfo->Name.Length) &&
245  (RtlEqualUnicodeString(Name, &HeaderNameInfo->Name, CaseInsensitive)))
246  {
247  break;
248  }
249  }
250 
251  /* Move to the next entry */
252  AllocatedEntry = &CurrentEntry->ChainLink;
253  }
254 
255  /* Check if we still have an entry */
256  if (CurrentEntry)
257  {
258  /* Set this entry as the first, to speed up incoming insertion */
259  if (AllocatedEntry != LookupBucket)
260  {
261  /* Check if the directory was locked or convert the lock */
262  if ((Context->DirectoryLocked) ||
264  {
265  /* Set the Current Entry */
266  *AllocatedEntry = CurrentEntry->ChainLink;
267 
268  /* Link to the old Hash Entry */
269  CurrentEntry->ChainLink = *LookupBucket;
270 
271  /* Set the new Hash Entry */
272  *LookupBucket = CurrentEntry;
273  }
274  }
275 
276  /* Save the found object */
277  FoundObject = CurrentEntry->Object;
278  goto Quickie;
279  }
280  else
281  {
282  /* Check if the directory was locked */
283  if (!Context->DirectoryLocked)
284  {
285  /* Release the lock */
287  }
288 
289  /* Check if we should scan the shadow directory */
290  if ((SearchShadow) && (Directory->DeviceMap))
291  {
292  ShadowDirectory = ObpGetShadowDirectory(Directory);
293  /* A global DOS directory was found, loop it again */
294  if (ShadowDirectory != NULL)
295  {
296  Directory = ShadowDirectory;
297  goto DoItAgain;
298  }
299  }
300  }
301 
302 Quickie:
303  /* Check if we inserted an object */
304  if (FoundObject)
305  {
306  /* Get the object name information */
307  ObjectHeader = OBJECT_TO_OBJECT_HEADER(FoundObject);
308  ObpReferenceNameInfo(ObjectHeader);
309 
310  /* Reference the object being looked up */
311  ObReferenceObject(FoundObject);
312 
313  /* Check if the directory was locked */
314  if (!Context->DirectoryLocked)
315  {
316  /* Release the lock */
318  }
319  }
320 
321  /* Release any object previously looked up and replace it with the new one */
323  Context->Object = FoundObject;
324 
325  /* Return the object we found */
326  return FoundObject;
327 }
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
IN BOOLEAN OUT PSTR Buffer
Definition: progress.h:34
ULONG ObpLUIDDeviceMapsEnabled
Definition: devicemap.c:18
#define TRUE
Definition: types.h:120
uint16_t * PWSTR
Definition: typedefs.h:56
UNICODE_STRING Name
Definition: obtypes.h:433
_In_ BOOLEAN _In_ ULONG _Out_ PULONG HashValue
Definition: rtlfuncs.h:2037
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
UCHAR NameInfoOffset
Definition: obtypes.h:494
NTSYSAPI WCHAR NTAPI RtlUpcaseUnicodeChar(WCHAR Source)
PVOID Object
Definition: obtypes.h:401
FORCEINLINE VOID ObpReleaseDirectoryLock(IN POBJECT_DIRECTORY Directory, IN POBP_LOOKUP_CONTEXT Context)
Unlocks a previously shared or exclusively locked directory.
Definition: ob_x.h:238
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FALSE
Definition: types.h:117
long LONG
Definition: pedump.c:60
POBJECT_DIRECTORY NTAPI ObpGetShadowDirectory(IN POBJECT_DIRECTORY Directory)
Definition: obdir.c:110
FORCEINLINE VOID ObpAcquireDirectoryLockShared(IN POBJECT_DIRECTORY Directory, IN POBP_LOOKUP_CONTEXT Context)
Locks a directory for shared access. Used for reading members of the directory object.
Definition: ob_x.h:185
unsigned char BOOLEAN
_In_ const STRING _In_ BOOLEAN CaseInsensitive
Definition: rtlfuncs.h:2304
Definition: bufpool.h:45
#define ASSERT(a)
Definition: mode.c:44
__wchar_t WCHAR
Definition: xmlstorage.h:180
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
ULONG HashValue
Definition: obtypes.h:403
Definition: obtypes.h:398
FORCEINLINE VOID ObpReleaseLookupContextObject(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:292
unsigned short USHORT
Definition: pedump.c:61
FORCEINLINE BOOLEAN ExConvertPushLockSharedToExclusive(IN PEX_PUSH_LOCK PushLock)
Definition: ex.h:1137
struct _OBJECT_DIRECTORY_ENTRY * ChainLink
Definition: obtypes.h:400
#define NULL
Definition: types.h:112
#define ObReferenceObject
Definition: obfuncs.h:204
unsigned int ULONG
Definition: retypes.h:1
base for all directory entries
Definition: entries.h:138
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
#define PAGED_CODE()
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes

Referenced by ObCreateObjectType(), ObInitSystem(), ObpDeleteNameCheck(), ObpLookupObjectName(), and ObpProcessDosDeviceSymbolicLink().

◆ ObpLookupObjectName()

NTSTATUS NTAPI ObpLookupObjectName ( IN HANDLE RootHandle  OPTIONAL,
IN OUT PUNICODE_STRING  ObjectName,
IN ULONG  Attributes,
IN POBJECT_TYPE  ObjectType,
IN KPROCESSOR_MODE  AccessMode,
IN OUT PVOID  ParseContext,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos  OPTIONAL,
IN PVOID InsertObject  OPTIONAL,
IN OUT PACCESS_STATE  AccessState,
OUT POBP_LOOKUP_CONTEXT  LookupContext,
OUT PVOID FoundObject 
)

Definition at line 446 of file obname.c.

457 {
458  PVOID Object;
459  POBJECT_HEADER ObjectHeader;
460  UNICODE_STRING ComponentName, RemainingName;
461  BOOLEAN Reparse = FALSE, SymLink = FALSE;
463  POBJECT_DIRECTORY ReferencedDirectory = NULL, ReferencedParentDirectory = NULL;
464  KIRQL CalloutIrql;
465  OB_PARSE_METHOD ParseRoutine;
467  KPROCESSOR_MODE AccessCheckMode;
468  PWCHAR NewName;
469  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
470  ULONG MaxReparse = 30;
471  PDEVICE_MAP DeviceMap = NULL;
472  UNICODE_STRING LocalName;
473  PAGED_CODE();
475  "%s - Finding Object: %wZ. Expecting: %p\n",
476  __FUNCTION__,
477  ObjectName,
478  InsertObject);
479 
480  /* Initialize starting state */
481  ObpInitializeLookupContext(LookupContext);
482  *FoundObject = NULL;
484  Object = NULL;
485 
486  /* Check if case-insensitivity is checked */
487  if (ObpCaseInsensitive)
488  {
489  /* Check if the object type requests this */
490  if (!(ObjectType) || (ObjectType->TypeInfo.CaseInsensitive))
491  {
492  /* Add the flag to disable case sensitivity */
494  }
495  }
496 
497  /* Check if this is a access checks are being forced */
498  AccessCheckMode = (Attributes & OBJ_FORCE_ACCESS_CHECK) ?
500 
501  /* Check if we got a Root Directory */
502  if (RootHandle)
503  {
504  /* We did. Reference it */
505  Status = ObReferenceObjectByHandle(RootHandle,
506  0,
507  NULL,
508  AccessMode,
509  (PVOID*)&RootDirectory,
510  NULL);
511  if (!NT_SUCCESS(Status)) return Status;
512 
513  /* Get the header */
514  ObjectHeader = OBJECT_TO_OBJECT_HEADER(RootDirectory);
515 
516  /* The name cannot start with a separator, unless this is a file */
517  if ((ObjectName->Buffer) &&
518  (ObjectName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR) &&
519  (ObjectHeader->Type != IoFileObjectType))
520  {
521  /* The syntax is bad, so fail this request */
524  }
525 
526  /* Don't parse a Directory */
527  if (ObjectHeader->Type != ObpDirectoryObjectType)
528  {
529  /* Make sure the Object Type has a parse routine */
530  ParseRoutine = ObjectHeader->Type->TypeInfo.ParseProcedure;
531  if (!ParseRoutine)
532  {
533  /* We can't parse a name if we don't have a parse routine */
535  return STATUS_INVALID_HANDLE;
536  }
537 
538  /* Set default parse count */
539  MaxReparse = 30;
540 
541  /* Now parse */
542  while (TRUE)
543  {
544  /* Start with the full name */
546 
547  /* Call the Parse Procedure */
548  ObpCalloutStart(&CalloutIrql);
549  Status = ParseRoutine(RootDirectory,
550  ObjectType,
551  AccessState,
552  AccessCheckMode,
553  Attributes,
554  ObjectName,
555  &RemainingName,
556  ParseContext,
557  SecurityQos,
558  &Object);
559  ObpCalloutEnd(CalloutIrql, "Parse", ObjectHeader->Type, Object);
560 
561  /* Check for success or failure, so not reparse */
562  if ((Status != STATUS_REPARSE) &&
564  {
565  /* Check for failure */
566  if (!NT_SUCCESS(Status))
567  {
568  /* Parse routine might not have cleared this, do it */
569  Object = NULL;
570  }
571  else if (!Object)
572  {
573  /* Modify status to reflect failure inside Ob */
575  }
576 
577  /* We're done, return the status and object */
578  *FoundObject = Object;
580  return Status;
581  }
582  else if ((!ObjectName->Length) ||
583  (!ObjectName->Buffer) ||
584  (ObjectName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR))
585  {
586  /* Reparsed to the root directory, so start over */
589 
590  /* Don't use this anymore, since we're starting at root */
591  RootHandle = NULL;
592  goto ParseFromRoot;
593  }
594  else if (--MaxReparse)
595  {
596  /* Try reparsing again */
597  continue;
598  }
599  else
600  {
601  /* Reparsed too many times */
603 
604  /* Return the object and normalized status */
605  *FoundObject = Object;
607  return Status;
608  }
609  }
610  }
611  else if (!(ObjectName->Length) || !(ObjectName->Buffer))
612  {
613  /* Just return the Root Directory if we didn't get a name */
615  0,
616  ObjectType,
617  AccessMode);
619 
620  /* Remove the first reference we added and return the object */
622  *FoundObject = Object;
623  return Status;
624  }
625 
626  LocalName = *ObjectName;
627  }
628  else
629  {
630  /* We did not get a Root Directory, so use the root */
632 
633  /* It must start with a path separator */
634  if (!(ObjectName->Length) ||
635  !(ObjectName->Buffer) ||
636  (ObjectName->Buffer[0] != OBJ_NAME_PATH_SEPARATOR))
637  {
638  /* This name is invalid, so fail */
640  }
641 
642  /* Check if the name is only the path separator */
643  if (ObjectName->Length == sizeof(OBJ_NAME_PATH_SEPARATOR))
644  {
645  /* So the caller only wants the root directory; do we have one? */
646  if (!RootDirectory)
647  {
648  /* This must be the first time we're creating it... right? */
649  if (InsertObject)
650  {
651  /* Yes, so return it to ObInsert so that it can create it */
652  Status = ObReferenceObjectByPointer(InsertObject,
653  0,
654  ObjectType,
655  AccessMode);
656  if (NT_SUCCESS(Status)) *FoundObject = InsertObject;
657  return Status;
658  }
659  else
660  {
661  /* This should never really happen */
662  ASSERT(FALSE);
664  }
665  }
666  else
667  {
668  /* We do have the root directory, so just return it */
670  0,
671  ObjectType,
672  AccessMode);
673  if (NT_SUCCESS(Status)) *FoundObject = RootDirectory;
674  return Status;
675  }
676  }
677  else
678  {
679 ParseFromRoot:
680  LocalName = *ObjectName;
681 
682  /* Deference the device map if we already have one */
683  if (DeviceMap != NULL)
684  {
685  ObfDereferenceDeviceMap(DeviceMap);
686  DeviceMap = NULL;
687  }
688 
689  /* Check if this is a possible DOS name */
690  if (!((ULONG_PTR)(ObjectName->Buffer) & 7))
691  {
692  /*
693  * This could be one. Does it match the prefix?
694  * Note that as an optimization, the match is done as 64-bit
695  * compare since the prefix is "\??\" which is exactly 8 bytes.
696  *
697  * In the second branch, we test for "\??" which is also valid.
698  * This time, we use a 32-bit compare followed by a Unicode
699  * character compare (16-bit), since the sum is 6 bytes.
700  */
701  if ((ObjectName->Length >= ObpDosDevicesShortName.Length) &&
702  (*(PULONGLONG)(ObjectName->Buffer) ==
704  {
705  DeviceMap = ObpReferenceDeviceMap();
706  /* We have a local mapping, drop the ?? prefix */
707  if (DeviceMap != NULL && DeviceMap->DosDevicesDirectory != NULL)
708  {
709  LocalName.Length -= ObpDosDevicesShortName.Length;
711  LocalName.Buffer += (ObpDosDevicesShortName.Length / sizeof(WCHAR));
712 
713  /* We'll browse that local directory */
714  Directory = DeviceMap->DosDevicesDirectory;
715  }
716  }
717  else if ((ObjectName->Length == ObpDosDevicesShortName.Length -
718  sizeof(WCHAR)) &&
719  (*(PULONG)(ObjectName->Buffer) ==
721  (*((PWCHAR)(ObjectName->Buffer) + 2) ==
723  {
724  DeviceMap = ObpReferenceDeviceMap();
725 
726  /* Caller is looking for the directory itself */
727  if (DeviceMap != NULL && DeviceMap->DosDevicesDirectory != NULL)
728  {
730  0,
731  ObjectType,
732  AccessMode);
733  if (NT_SUCCESS(Status))
734  {
735  *FoundObject = DeviceMap->DosDevicesDirectory;
736  }
737 
738  ObfDereferenceDeviceMap(DeviceMap);
739  return Status;
740  }
741  }
742  }
743  }
744  }
745 
746  /* Check if we were reparsing a symbolic link */
747  if (!SymLink)
748  {
749  /* Allow reparse */
750  Reparse = TRUE;
751  MaxReparse = 30;
752  }
753 
754  /* Reparse */
755  while (Reparse && MaxReparse)
756  {
757  /* Get the name */
758  RemainingName = LocalName;
759 
760  /* Disable reparsing again */
761  Reparse = FALSE;
762 
763  /* Start parse loop */
764  while (TRUE)
765  {
766  /* Clear object */
767  Object = NULL;
768 
769  /* Check if the name starts with a path separator */
770  if ((RemainingName.Length) &&
771  (RemainingName.Buffer[0] == OBJ_NAME_PATH_SEPARATOR))
772  {
773  /* Skip the path separator */
774  RemainingName.Buffer++;
775  RemainingName.Length -= sizeof(OBJ_NAME_PATH_SEPARATOR);
776  }
777 
778  /* Find the next Part Name */
779  ComponentName = RemainingName;
780  while (RemainingName.Length)
781  {
782  /* Break if we found the \ ending */
783  if (RemainingName.Buffer[0] == OBJ_NAME_PATH_SEPARATOR) break;
784 
785  /* Move on */
786  RemainingName.Buffer++;
787  RemainingName.Length -= sizeof(OBJ_NAME_PATH_SEPARATOR);
788  }
789 
790  /* Get its size and make sure it's valid */
791  ComponentName.Length -= RemainingName.Length;
792  if (!ComponentName.Length)
793  {
794  /* Invalid size, fail */
796  break;
797  }
798 
799  /* Check if we're in the root */
801 
802  /* Check if this is a user-mode call that needs to traverse */
803  if ((AccessCheckMode != KernelMode) &&
805  {
806  /* We shouldn't have referenced a directory yet */
807  ASSERT(ReferencedDirectory == NULL);
808 
809  /* Reference the directory */
811  ReferencedDirectory = Directory;
812 
813  /* Check if we have a parent directory */
814  if (ParentDirectory)
815  {
816  /* Check for traverse access */
819  AccessState,
820  FALSE,
821  AccessCheckMode,
822  &Status))
823  {
824  /* We don't have it, fail */
825  break;
826  }
827  }
828  }
829 
830  /* Check if we don't have a remaining name yet */
831  if (!RemainingName.Length)
832  {
833  /* Check if we don't have a referenced directory yet */
834  if (!ReferencedDirectory)
835  {
836  /* Reference it */
838  ReferencedDirectory = Directory;
839  }
840 
841  /* Check if we are inserting an object */
842  if (InsertObject)
843  {
844  /* Lock the lookup context */
845  ObpAcquireLookupContextLock(LookupContext, Directory);
846  }
847  }
848 
849  /* Do the lookup */
851  &ComponentName,
852  Attributes,
853  InsertObject ? FALSE : TRUE,
854  LookupContext);
855  if (!Object)
856  {
857  /* We didn't find it... do we still have a path? */
858  if (RemainingName.Length)
859  {
860  /* Then tell the caller the path wasn't found */
862  break;
863  }
864  else if (!InsertObject)
865  {
866  /* Otherwise, we have a path, but the name isn't valid */
868  break;
869  }
870 
871  /* Check create access for the object */
876  AccessState,
877  &ComponentName,
878  FALSE,
879  AccessCheckMode,
880  &Status))
881  {
882  /* We don't have create access, fail */
883  break;
884  }
885 
886  /* Get the object header */
887  ObjectHeader = OBJECT_TO_OBJECT_HEADER(InsertObject);
888 
889  /*
890  * Deny object creation if:
891  * That's a section object or a symbolic link
892  * Which isn't in the same section that root directory
893  * That doesn't have the SeCreateGlobalPrivilege
894  * And that is not a known unsecure name
895  */
896  if (RootDirectory->SessionId != -1)
897  {
898  if (ObjectHeader->Type == MmSectionObjectType ||
899  ObjectHeader->Type == ObpSymbolicLinkObjectType)
900  {
901  if (RootDirectory->SessionId != PsGetCurrentProcessSessionId() &&
902  !SeSinglePrivilegeCheck(SeCreateGlobalPrivilege, AccessCheckMode) &&
904  {
906  break;
907  }
908  }
909  }
910 
911  /* Create Object Name */
913  ComponentName.Length,
914  OB_NAME_TAG);
915  if (!(NewName) ||
917  LookupContext,
918  ObjectHeader)))
919  {
920  /* Either couldn't allocate the name, or insert failed */
922 
923  /* Fail due to memory reasons */
925  break;
926  }
927 
928  /* Reference newly to be inserted object */
929  ObReferenceObject(InsertObject);
930 
931  /* Get the name information */
932  ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
933 
934  /* Reference the directory */
936 
937  /* Copy the Name */
939  ComponentName.Buffer,
940  ComponentName.Length);
941 
942  /* Check if we had an old name */
943  if (ObjectNameInfo->Name.Buffer)
944  {
945  /* Free it */
946  ExFreePoolWithTag(ObjectNameInfo->Name.Buffer, OB_NAME_TAG);
947  }
948 
949  /* Write new one */
950  ObjectNameInfo->Name.Buffer = NewName;
951  ObjectNameInfo->Name.Length = ComponentName.Length;
952  ObjectNameInfo->Name.MaximumLength = ComponentName.Length;
953 
954  /* Return Status and the Expected Object */
956  Object = InsertObject;
957 
958  /* Get out of here */
959  break;
960  }
961 
962 ReparseObject:
963  /* We found it, so now get its header */
964  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
965 
966  /*
967  * Check for a parse Procedure, but don't bother to parse for an insert
968  * unless it's a Symbolic Link, in which case we MUST parse
969  */
970  ParseRoutine = ObjectHeader->Type->TypeInfo.ParseProcedure;
971  if ((ParseRoutine) &&
972  (!(InsertObject) || (ParseRoutine == ObpParseSymbolicLink)))
973  {
974  /* Use the Root Directory next time */
975  Directory = NULL;
976 
977  /* Increment the pointer count */
978  InterlockedExchangeAddSizeT(&ObjectHeader->PointerCount, 1);
979 
980  /* Cleanup from the first lookup */
981  ObpReleaseLookupContext(LookupContext);
982 
983  /* Check if we have a referenced directory */
984  if (ReferencedDirectory)
985  {
986  /* We do, dereference it */
987  ObDereferenceObject(ReferencedDirectory);
988  ReferencedDirectory = NULL;
989  }
990 
991  /* Check if we have a referenced parent directory */
992  if (ReferencedParentDirectory)
993  {
994  /* We do, dereference it */
995  ObDereferenceObject(ReferencedParentDirectory);
996  ReferencedParentDirectory = NULL;
997  }
998 
999  /* Call the Parse Procedure */
1000  ObpCalloutStart(&CalloutIrql);
1001  Status = ParseRoutine(Object,
1002  ObjectType,
1003  AccessState,
1004  AccessCheckMode,
1005  Attributes,
1006  ObjectName,
1007  &RemainingName,
1008  ParseContext,
1009  SecurityQos,
1010  &Object);
1011  ObpCalloutEnd(CalloutIrql, "Parse", ObjectHeader->Type, Object);
1012 
1013  /* Remove our extra reference */
1014  ObDereferenceObject(&ObjectHeader->Body);
1015 
1016  /* Check if we have to reparse */
1017  if ((Status == STATUS_REPARSE) ||
1019  {
1020  /* Reparse again */
1021  Reparse = TRUE;
1022  --MaxReparse;
1023  if (MaxReparse == 0)
1024  {
1025  Object = NULL;
1026  break;
1027  }
1028 
1029  /* Start over from root if we got sent back there */
1030  if ((Status == STATUS_REPARSE_OBJECT) ||
1031  (ObjectName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR))
1032  {
1033  /* Check if we got a root directory */
1034  if (RootHandle)
1035  {
1036  /* Stop using it, because we have a new directory now */
1038  RootHandle = NULL;
1039  }
1040 
1041  /* Start at Root */
1044 
1045  /* Check for reparse status */
1047  {
1048  /* Don't reparse again */
1049  Reparse = FALSE;
1050 
1051  /* Did we actually get an object to which to reparse? */
1052  if (!Object)
1053  {
1054  /* We didn't, so set a failure status */
1056  }
1057  else
1058  {
1059  /* We did, so we're free to parse the new object */
1060  goto ReparseObject;
1061  }
1062  }
1063  else
1064  {
1065  /* This is a symbolic link */
1066  SymLink = TRUE;
1067  goto ParseFromRoot;
1068  }
1069  }
1071  {
1072  /* We got STATUS_REPARSE but are at the Root Directory */
1073  Object = NULL;
1075  Reparse = FALSE;
1076  }
1077  }
1078  else if (!NT_SUCCESS(Status))
1079  {
1080  /* Total failure */
1081  Object = NULL;
1082  }
1083  else if (!Object)
1084  {
1085  /* We didn't reparse but we didn't find the Object Either */
1087  }
1088 
1089  /* Break out of the loop */
1090  break;
1091  }
1092  else
1093  {
1094  /* No parse routine...do we still have a remaining name? */
1095  if (!RemainingName.Length)
1096  {
1097  /* Are we creating an object? */
1098  if (!InsertObject)
1099  {
1100  /* Check if this is a user-mode call that needs to traverse */
1101  if ((AccessCheckMode != KernelMode) &&
1103  {
1104  /* Check if we can get it */
1107  AccessState,
1108  FALSE,
1109  AccessCheckMode,
1110  &Status))
1111  {
1112  /* We don't have access, fail */
1113  Object = NULL;
1114  break;
1115  }
1116  }
1117 
1118  /* Reference the Object */
1120  0,
1121  ObjectType,
1122  AccessMode);
1123  if (!NT_SUCCESS(Status)) Object = NULL;
1124  }
1125 
1126  /* And get out of the reparse loop */
1127  break;
1128  }
1129  else
1130  {
1131  /* We still have a name; check if this is a directory object */
1132  if (ObjectHeader->Type == ObpDirectoryObjectType)
1133  {
1134  /* Check if we have a referenced parent directory */
1135  if (ReferencedParentDirectory)
1136  {
1137  /* Dereference it */
1138  ObDereferenceObject(ReferencedParentDirectory);
1139  }
1140 
1141  /* Restart the lookup from this directory */
1142  ReferencedParentDirectory = ReferencedDirectory;
1144  Directory = Object;
1145  ReferencedDirectory = NULL;
1146  }
1147  else
1148  {
1149  /* We still have a name, but no parse routine for it */
1151  Object = NULL;
1152  break;
1153  }
1154  }
1155  }
1156  }
1157  }
1158 
1159  /* Check if we failed */
1160  if (!NT_SUCCESS(Status))
1161  {
1162  /* Cleanup after lookup */
1163  ObpReleaseLookupContext(LookupContext);
1164  }
1165 
1166  /* Check if we have a device map and dereference it if so */
1167  if (DeviceMap) ObfDereferenceDeviceMap(DeviceMap);
1168 
1169  /* Check if we have a referenced directory and dereference it if so */
1170  if (ReferencedDirectory) ObDereferenceObject(ReferencedDirectory);
1171 
1172  /* Check if we have a referenced parent directory */
1173  if (ReferencedParentDirectory)
1174  {
1175  /* We do, dereference it */
1176  ObDereferenceObject(ReferencedParentDirectory);
1177  }
1178 
1179  /* Set the found object and check if we got one */
1180  *FoundObject = Object;
1181  if (!Object)
1182  {
1183  /* Nothing was found. Did we reparse or get success? */
1184  if ((Status == STATUS_REPARSE) || (NT_SUCCESS(Status)))
1185  {
1186  /* Set correct failure */
1188  }
1189  }
1190 
1191  /* Check if we had a root directory */
1192  if (RootHandle) ObDereferenceObject(RootDirectory);
1193 
1194  /* Return status to caller */
1196  "%s - Found Object: %p. Expected: %p\n",
1197  __FUNCTION__,
1198  *FoundObject,
1199  InsertObject);
1200  return Status;
1201 }
ObjectType
Definition: metafile.c:80
UNICODE_STRING ObpDosDevicesShortName
Definition: obname.c:25
BOOLEAN ObpCaseInsensitive
Definition: obname.c:18
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
WCHAR RootDirectory[MAX_PATH]
Definition: format.c:74
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
USHORT MaximumLength
Definition: env_spec_w32.h:370
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define BooleanFlagOn(F, SF)
Definition: ext2fs.h:183
#define DIRECTORY_CREATE_OBJECT
Definition: nt_native.h:1256
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
BOOLEAN NTAPI ObpIsUnsecureName(IN PUNICODE_STRING ObjectName, IN BOOLEAN CaseInSensitive)
Definition: obname.c:396
LONG NTSTATUS
Definition: precomp.h:26
UNICODE_STRING Name
Definition: obtypes.h:433
$ULONG LowPart
Definition: ntbasedef.h:569
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
Definition: setypes.h:1156
BOOLEAN NTAPI ObpCheckTraverseAccess(IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
Definition: obsecure.c:267
uint16_t * PWCHAR
Definition: typedefs.h:56
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
UCHAR KIRQL
Definition: env_spec_w32.h:591
ULARGE_INTEGER Alignment
Definition: ob.h:149
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
ULONGLONG QuadPart
Definition: ms-dtyp.idl:185
#define FALSE
Definition: types.h:117
#define OBJ_NAME_PATH_SEPARATOR
Definition: arcname_tests.c:25
#define STATUS_REPARSE_OBJECT
Definition: ntstatus.h:102
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: