ReactOS  0.4.14-dev-593-g1793dcc
ob.h File Reference
#include "ob_x.h"
Include dependency graph for ob.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  _OBP_SET_HANDLE_ATTRIBUTES_CONTEXT
 
struct  _OBP_CLOSE_HANDLE_CONTEXT
 
struct  _OBP_FIND_HANDLE_DATA
 
struct  _SECURITY_DESCRIPTOR_HEADER
 
struct  _OB_SD_CACHE_LIST
 
union  ALIGNEDNAME
 
struct  _OB_TEMP_BUFFER
 

Macros

#define _OB_DEBUG_   0x00
 
#define OB_HANDLE_DEBUG   0x01
 
#define OB_NAMESPACE_DEBUG   0x02
 
#define OB_SECURITY_DEBUG   0x04
 
#define OB_REFERENCE_DEBUG   0x08
 
#define OB_CALLBACK_DEBUG   0x10
 
#define OBTRACE(x, fmt, ...)   DPRINT(fmt, ##__VA_ARGS__)
 
#define GENERIC_ACCESS
 
#define OBJ_PROTECT_CLOSE   0x01
 
#define OBJ_AUDIT_OBJECT_CLOSE   0x04
 
#define OBJ_HANDLE_ATTRIBUTES
 
#define KERNEL_HANDLE_FLAG   0x80000000
 
#define ObpIsKernelHandle(Handle, ProcessorMode)
 
#define ObKernelHandleToHandle(Handle)   (HANDLE)((ULONG_PTR)(Handle) & ~KERNEL_HANDLE_FLAG)
 
#define ObMarkHandleAsKernelHandle(Handle)   (HANDLE)((ULONG_PTR)(Handle) | KERNEL_HANDLE_FLAG)
 
#define ObpGetHandleObject(x)   ((POBJECT_HEADER)((ULONG_PTR)x->Object & ~OBJ_HANDLE_ATTRIBUTES))
 
#define ObpGetHeaderForSd(x)   CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, SecurityDescriptor)
 
#define ObpGetHeaderForEntry(x)   CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, Link)
 
#define TAG_OB_TEMP_STORAGE   'tSbO'
 

Typedefs

typedef struct _OBP_SET_HANDLE_ATTRIBUTES_CONTEXT OBP_SET_HANDLE_ATTRIBUTES_CONTEXT
 
typedef struct _OBP_SET_HANDLE_ATTRIBUTES_CONTEXTPOBP_SET_HANDLE_ATTRIBUTES_CONTEXT
 
typedef struct _OBP_CLOSE_HANDLE_CONTEXT OBP_CLOSE_HANDLE_CONTEXT
 
typedef struct _OBP_CLOSE_HANDLE_CONTEXTPOBP_CLOSE_HANDLE_CONTEXT
 
typedef struct _OBP_FIND_HANDLE_DATA OBP_FIND_HANDLE_DATA
 
typedef struct _OBP_FIND_HANDLE_DATAPOBP_FIND_HANDLE_DATA
 
typedef struct _SECURITY_DESCRIPTOR_HEADER SECURITY_DESCRIPTOR_HEADER
 
typedef struct _SECURITY_DESCRIPTOR_HEADERPSECURITY_DESCRIPTOR_HEADER
 
typedef struct _OB_SD_CACHE_LIST OB_SD_CACHE_LIST
 
typedef struct _OB_SD_CACHE_LISTPOB_SD_CACHE_LIST
 
typedef struct _OB_TEMP_BUFFER OB_TEMP_BUFFER
 
typedef struct _OB_TEMP_BUFFERPOB_TEMP_BUFFER
 

Functions

INIT_FUNCTION BOOLEAN NTAPI ObInitSystem (VOID)
 
VOID NTAPI ObShutdownSystem (VOID)
 
BOOLEAN NTAPI ObpDeleteEntryDirectory (IN POBP_LOOKUP_CONTEXT Context)
 
BOOLEAN NTAPI ObpInsertEntryDirectory (IN POBJECT_DIRECTORY Parent, IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_HEADER ObjectHeader)
 
PVOID NTAPI ObpLookupEntryDirectory (IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
 
VOID NTAPI ObpDeleteSymbolicLink (IN PVOID ObjectBody)
 
NTSTATUS NTAPI ObpParseSymbolicLink (IN PVOID ParsedObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING FullPath, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *NextObject)
 
VOID NTAPI ObpCreateSymbolicLinkName (IN POBJECT_SYMBOLIC_LINK SymbolicLink)
 
VOID NTAPI ObpDeleteSymbolicLinkName (IN POBJECT_SYMBOLIC_LINK SymbolicLink)
 
NTSTATUS NTAPI ObInitProcess (IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
 
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable (IN PEPROCESS Process)
 
VOID NTAPI ObDereferenceProcessHandleTable (IN PEPROCESS Process)
 
VOID NTAPI ObKillProcess (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObpLookupObjectName (IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
 
BOOLEAN NTAPI ObpSetHandleAttributes (IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
 
NTSTATUS NTAPI ObQueryDeviceMapInformation (IN PEPROCESS Process, OUT PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, IN ULONG Flags)
 
VOID NTAPI ObpDeleteObject (IN PVOID Object, IN BOOLEAN CalledFromWorkerThread)
 
LONG FASTCALL ObDereferenceObjectEx (IN PVOID Object, IN LONG Count)
 
LONG FASTCALL ObReferenceObjectEx (IN PVOID Object, IN LONG Count)
 
BOOLEAN FASTCALL ObReferenceObjectSafe (IN PVOID Object)
 
VOID NTAPI ObpReapObject (IN PVOID Unused)
 
VOID FASTCALL ObpSetPermanentObject (IN PVOID ObjectBody, IN BOOLEAN Permanent)
 
VOID NTAPI ObpDeleteNameCheck (IN PVOID Object)
 
VOID NTAPI ObClearProcessHandleTable (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObDuplicateObject (IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
 
VOID NTAPI ObFreeObjectCreateInfoBuffer (IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
 
VOID NTAPI ObpFreeObjectNameBuffer (IN PUNICODE_STRING Name)
 
VOID NTAPI ObpDeleteObjectType (IN PVOID Object)
 
NTSTATUS NTAPI ObReferenceFileObjectForWrite (IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, OUT PFILE_OBJECT *FileObject, OUT POBJECT_HANDLE_INFORMATION HandleInformation)
 
NTSTATUS NTAPI ObSetDeviceMap (IN PEPROCESS Process, IN HANDLE DirectoryHandle)
 
NTSTATUS NTAPI ObSetDirectoryDeviceMap (OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
 
VOID NTAPI ObDereferenceDeviceMap (IN PEPROCESS Process)
 
VOID FASTCALL ObfDereferenceDeviceMap (IN PDEVICE_MAP DeviceMap)
 
VOID NTAPI ObInheritDeviceMap (IN PEPROCESS Parent, IN PEPROCESS Process)
 
INIT_FUNCTION NTSTATUS NTAPI ObpCreateDosDevicesDirectory (VOID)
 
ULONG NTAPI ObIsLUIDDeviceMapsEnabled (VOID)
 
PDEVICE_MAP NTAPI ObpReferenceDeviceMap (VOID)
 
INIT_FUNCTION NTSTATUS NTAPI ObpInitSdCache (VOID)
 
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor (IN POBJECT_HEADER ObjectHeader)
 
BOOLEAN NTAPI ObCheckObjectAccess (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
 
BOOLEAN NTAPI ObCheckCreateObjectAccess (IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckTraverseAccess (IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckObjectReference (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor (IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
 
NTSTATUS NTAPI ObDeassignSecurity (IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
 
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
 
NTSTATUS NTAPI ObSetSecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
 
VOID FASTCALL ObInitializeFastReference (IN PEX_FAST_REF FastRef, IN PVOID Object)
 
PVOID FASTCALL ObFastReplaceObject (IN PEX_FAST_REF FastRef, IN PVOID Object)
 
PVOID FASTCALL ObFastReferenceObject (IN PEX_FAST_REF FastRef)
 
PVOID FASTCALL ObFastReferenceObjectLocked (IN PEX_FAST_REF FastRef)
 
VOID FASTCALL ObFastDereferenceObject (IN PEX_FAST_REF FastRef, IN PVOID Object)
 
NTSTATUS NTAPI ObpCaptureObjectName (IN PUNICODE_STRING CapturedName, IN PUNICODE_STRING ObjectName, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN AllocateFromLookaside)
 
NTSTATUS NTAPI ObpCaptureObjectCreateInformation (IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
 
ULONG NTAPI ObGetProcessHandleCount (IN PEPROCESS Process)
 

Variables

ULONG ObpTraceLevel
 
KEVENT ObpDefaultObject
 
KGUARDED_MUTEX ObpDeviceMapLock
 
POBJECT_TYPE ObpTypeObjectType
 
POBJECT_TYPE ObpDirectoryObjectType
 
POBJECT_TYPE ObpSymbolicLinkObjectType
 
POBJECT_DIRECTORY ObpRootDirectoryObject
 
POBJECT_DIRECTORY ObpTypeDirectoryObject
 
PHANDLE_TABLE ObpKernelHandleTable
 
WORK_QUEUE_ITEM ObpReaperWorkItem
 
volatile PVOID ObpReaperList
 
GENERAL_LOOKASIDE ObpNameBufferLookasideList
 
GENERAL_LOOKASIDE ObpCreateInfoLookasideList
 
BOOLEAN IoCountOperations
 
ALIGNEDNAME ObpDosDevicesShortNamePrefix
 
ALIGNEDNAME ObpDosDevicesShortNameRoot
 
UNICODE_STRING ObpDosDevicesShortName
 
WCHAR ObpUnsecureGlobalNamesBuffer [128]
 
ULONG ObpUnsecureGlobalNamesLength
 
ULONG ObpObjectSecurityMode
 
ULONG ObpProtectionMode
 
ULONG ObpLUIDDeviceMapsDisabled
 
ULONG ObpLUIDDeviceMapsEnabled
 

Macro Definition Documentation

◆ _OB_DEBUG_

#define _OB_DEBUG_   0x00

Definition at line 12 of file ob.h.

◆ GENERIC_ACCESS

#define GENERIC_ACCESS
Value:
GENERIC_WRITE | \
GENERIC_EXECUTE | \
GENERIC_ALL)
#define GENERIC_READ
Definition: compat.h:124

Definition at line 40 of file ob.h.

◆ KERNEL_HANDLE_FLAG

#define KERNEL_HANDLE_FLAG   0x80000000

Definition at line 62 of file ob.h.

◆ OB_CALLBACK_DEBUG

#define OB_CALLBACK_DEBUG   0x10

Definition at line 21 of file ob.h.

◆ OB_HANDLE_DEBUG

#define OB_HANDLE_DEBUG   0x01

Definition at line 17 of file ob.h.

◆ OB_NAMESPACE_DEBUG

#define OB_NAMESPACE_DEBUG   0x02

Definition at line 18 of file ob.h.

◆ OB_REFERENCE_DEBUG

#define OB_REFERENCE_DEBUG   0x08

Definition at line 20 of file ob.h.

◆ OB_SECURITY_DEBUG

#define OB_SECURITY_DEBUG   0x04

Definition at line 19 of file ob.h.

◆ OBJ_AUDIT_OBJECT_CLOSE

#define OBJ_AUDIT_OBJECT_CLOSE   0x04

Definition at line 51 of file ob.h.

◆ OBJ_HANDLE_ATTRIBUTES

#define OBJ_HANDLE_ATTRIBUTES
Value:
OBJ_INHERIT | \
OBJ_AUDIT_OBJECT_CLOSE)
#define OBJ_PROTECT_CLOSE
Definition: ob.h:49

Definition at line 52 of file ob.h.

◆ OBJ_PROTECT_CLOSE

#define OBJ_PROTECT_CLOSE   0x01

Definition at line 49 of file ob.h.

◆ ObKernelHandleToHandle

#define ObKernelHandleToHandle (   Handle)    (HANDLE)((ULONG_PTR)(Handle) & ~KERNEL_HANDLE_FLAG)

Definition at line 73 of file ob.h.

◆ ObMarkHandleAsKernelHandle

#define ObMarkHandleAsKernelHandle (   Handle)    (HANDLE)((ULONG_PTR)(Handle) | KERNEL_HANDLE_FLAG)

Definition at line 75 of file ob.h.

◆ ObpGetHandleObject

#define ObpGetHandleObject (   x)    ((POBJECT_HEADER)((ULONG_PTR)x->Object & ~OBJ_HANDLE_ATTRIBUTES))

Definition at line 81 of file ob.h.

◆ ObpGetHeaderForEntry

#define ObpGetHeaderForEntry (   x)    CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, Link)

Definition at line 93 of file ob.h.

◆ ObpGetHeaderForSd

Definition at line 87 of file ob.h.

◆ ObpIsKernelHandle

#define ObpIsKernelHandle (   Handle,
  ProcessorMode 
)
Value:
((ProcessorMode) == KernelMode) && \
((Handle) != NtCurrentProcess()) && \
#define NtCurrentThread()
#define NtCurrentProcess()
Definition: nt_native.h:1657
_In_ HANDLE Handle
Definition: extypes.h:390
#define ULONG_PTR
Definition: config.h:101
#define KERNEL_HANDLE_FLAG
Definition: ob.h:62

Definition at line 64 of file ob.h.

◆ OBTRACE

#define OBTRACE (   x,
  fmt,
  ... 
)    DPRINT(fmt, ##__VA_ARGS__)

Definition at line 34 of file ob.h.

◆ TAG_OB_TEMP_STORAGE

#define TAG_OB_TEMP_STORAGE   'tSbO'

Definition at line 150 of file ob.h.

Typedef Documentation

◆ OB_SD_CACHE_LIST

◆ OB_TEMP_BUFFER

◆ OBP_CLOSE_HANDLE_CONTEXT

◆ OBP_FIND_HANDLE_DATA

◆ OBP_SET_HANDLE_ATTRIBUTES_CONTEXT

◆ POB_SD_CACHE_LIST

◆ POB_TEMP_BUFFER

◆ POBP_CLOSE_HANDLE_CONTEXT

◆ POBP_FIND_HANDLE_DATA

◆ POBP_SET_HANDLE_ATTRIBUTES_CONTEXT

◆ PSECURITY_DESCRIPTOR_HEADER

◆ SECURITY_DESCRIPTOR_HEADER

Function Documentation

◆ ObAssignObjectSecurityDescriptor()

NTSTATUS NTAPI ObAssignObjectSecurityDescriptor ( IN PVOID  Object,
IN PSECURITY_DESCRIPTOR SecurityDescriptor  OPTIONAL,
IN POOL_TYPE  PoolType 
)

Definition at line 20 of file obsecure.c.

23 {
24  POBJECT_HEADER ObjectHeader;
27  PEX_FAST_REF FastRef;
28  PAGED_CODE();
29 
30  /* Get the object header */
31  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
32  FastRef = (PEX_FAST_REF)&ObjectHeader->SecurityDescriptor;
34  {
35  /* Nothing to assign */
37  return STATUS_SUCCESS;
38  }
39 
40  /* Add it to our internal cache */
42  &NewSd,
43  MAX_FAST_REFS + 1);
44  if (NT_SUCCESS(Status))
45  {
46  /* Free the old copy */
48 
49  /* Set the new pointer */
50  ASSERT(NewSd);
51  ExInitializeFastReference(FastRef, NewSd);
52  }
53 
54  /* Return status */
55  return Status;
56 }
FORCEINLINE VOID ExInitializeFastReference(OUT PEX_FAST_REF FastRef, IN OPTIONAL PVOID Object)
Definition: ex.h:582
struct _EX_FAST_REF * PEX_FAST_REF
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
smooth NULL
Definition: ftsmooth.c:416
#define TAG_SD
Definition: tag.h:176
if(!(yy_init))
Definition: macro.lex.yy.c:714
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static IUnknown Object
Definition: main.c:512
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
NTSTATUS NTAPI ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN ULONG RefBias)
Definition: obsdcach.c:364
Status
Definition: gdiplustypes.h:24
#define MAX_FAST_REFS
Definition: ex.h:128
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
return STATUS_SUCCESS
Definition: btrfs.c:2938
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:503

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObCheckCreateObjectAccess()

BOOLEAN NTAPI ObCheckCreateObjectAccess ( IN PVOID  Object,
IN ACCESS_MASK  CreateAccess,
IN PACCESS_STATE  AccessState,
IN PUNICODE_STRING  ComponentName,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 203 of file obsecure.c.

210 {
211  POBJECT_HEADER ObjectHeader;
214  BOOLEAN SdAllocated;
215  BOOLEAN Result = TRUE;
219  PAGED_CODE();
220 
221  /* Get the header and type */
222  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
223  ObjectType = ObjectHeader->Type;
224 
225  /* Get the security descriptor */
227  if (!NT_SUCCESS(Status))
228  {
229  /* We failed */
230  *AccessStatus = Status;
231  return FALSE;
232  }
233 
234  /* Lock the security context */
235  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
236 
237  /* Check if we have an SD */
238  if (SecurityDescriptor)
239  {
240  /* Now do the entire access check */
242  &AccessState->SubjectSecurityContext,
243  TRUE,
244  CreateAccess,
245  0,
246  &Privileges,
247  &ObjectType->TypeInfo.GenericMapping,
248  AccessMode,
249  &GrantedAccess,
250  AccessStatus);
251  if (Privileges)
252  {
253  /* We got privileges, append them to the access state and free them */
256  }
257  }
258 
259  /* We're done, unlock the context and release security */
260  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
262  return Result;
263 }
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
ObjectType
Definition: metafile.c:80
#define TRUE
Definition: types.h:120
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:407
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
Status
Definition: gdiplustypes.h:24
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40

Referenced by ObpLookupObjectName().

◆ ObCheckObjectAccess()

BOOLEAN NTAPI ObCheckObjectAccess ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  ReturnedStatus 
)

Definition at line 441 of file obsecure.c.

446 {
447  POBJECT_HEADER ObjectHeader;
450  BOOLEAN SdAllocated;
452  BOOLEAN Result;
455  PAGED_CODE();
456 
457  /* Get the object header and type */
458  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
459  ObjectType = ObjectHeader->Type;
460 
461  /* Get security information */
463  if (!NT_SUCCESS(Status))
464  {
465  /* Return failure */
466  *ReturnedStatus = Status;
467  return FALSE;
468  }
469  else if (!SecurityDescriptor)
470  {
471  /* Otherwise, if we don't actually have an SD, return success */
472  *ReturnedStatus = Status;
473  return TRUE;
474  }
475 
476  /* Lock the security context */
477  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
478 
479  /* Now do the entire access check */
481  &AccessState->SubjectSecurityContext,
482  TRUE,
483  AccessState->RemainingDesiredAccess,
484  AccessState->PreviouslyGrantedAccess,
485  &Privileges,
486  &ObjectType->TypeInfo.GenericMapping,
487  AccessMode,
488  &GrantedAccess,
489  ReturnedStatus);
490  if (Privileges)
491  {
492  /* We got privileges, append them to the access state and free them */
495  }
496 
497  /* Check if access was granted */
498  if (Result)
499  {
500  /* Update the access state */
501  AccessState->RemainingDesiredAccess &= ~(GrantedAccess |
503  AccessState->PreviouslyGrantedAccess |= GrantedAccess;
504  }
505 
506  /* Do audit alarm */
508  Object,
509  NULL,
511  AccessState,
512  FALSE,
513  Result,
514  AccessMode,
515  &AccessState->GenerateOnClose);
516 
517  /* We're done, unlock the context and release security */
518  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
520  return Result;
521 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
ObjectType
Definition: metafile.c:80
#define TRUE
Definition: types.h:120
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:407
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
VOID NTAPI SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName, IN PVOID Object OPTIONAL, IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN BOOLEAN ObjectCreated, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode, OUT PBOOLEAN GenerateOnClose)
Definition: audit.c:803
Status
Definition: gdiplustypes.h:24
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40

Referenced by CmpDoOpen(), and ObpIncrementHandleCount().

◆ ObClearProcessHandleTable()

VOID NTAPI ObClearProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 2024 of file obhandle.c.

2025 {
2029  BOOLEAN AttachedToProcess = FALSE;
2030 
2031  ASSERT(Process);
2032 
2033  /* Ensure the handle table doesn't go away while we use it */
2035  if (!HandleTable) return;
2036 
2037  /* Attach to the current process if needed */
2038  if (PsGetCurrentProcess() != Process)
2039  {
2041  AttachedToProcess = TRUE;
2042  }
2043 
2044  /* Enter a critical region */
2046 
2047  /* Fill out the context */
2048  Context.AccessMode = UserMode;
2049  Context.HandleTable = HandleTable;
2050 
2051  /* Sweep the handle table to close all handles */
2054  &Context);
2055 
2056  /* Leave the critical region */
2058 
2059  /* Detach if needed */
2060  if (AttachedToProcess)
2062 
2063  /* Let the handle table go */
2065 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
#define TRUE
Definition: types.h:120
KAPC_STATE
Definition: ketypes.h:1273
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:701
#define PsGetCurrentProcess
Definition: psfuncs.h:17
unsigned char BOOLEAN
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define KeEnterCriticalRegion()
Definition: ke_x.h:83
#define KeLeaveCriticalRegion()
Definition: ke_x.h:114
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:753
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1492
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1196
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
struct tagContext Context
Definition: acpixf.h:1030
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1921
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51

Referenced by NtTerminateProcess(), and PspTerminateProcess().

◆ ObDeassignSecurity()

NTSTATUS NTAPI ObDeassignSecurity ( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)

Definition at line 60 of file obsecure.c.

61 {
62  EX_FAST_REF FastRef;
63  ULONG Count;
64  PSECURITY_DESCRIPTOR OldSecurityDescriptor;
65 
66  /* Get the fast reference and capture it */
67  FastRef = *(PEX_FAST_REF)SecurityDescriptor;
68 
69  /* Don't free again later */
71 
72  /* Get the descriptor and reference count */
73  OldSecurityDescriptor = ExGetObjectFastReference(FastRef);
74  Count = ExGetCountFastReference(FastRef);
75 
76  /* Dereference the descriptor */
77  ObDereferenceSecurityDescriptor(OldSecurityDescriptor, Count + 1);
78 
79  /* All done */
80  return STATUS_SUCCESS;
81 }
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:566
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
Definition: obsdcach.c:287
struct _EX_FAST_REF * PEX_FAST_REF
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
Definition: exfuncs.h:1015
smooth NULL
Definition: ftsmooth.c:416
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:574
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObDereferenceDeviceMap()

VOID NTAPI ObDereferenceDeviceMap ( IN PEPROCESS  Process)

Definition at line 456 of file devicemap.c.

457 {
458  PDEVICE_MAP DeviceMap;
459 
460  DPRINT("ObDereferenceDeviceMap()\n");
461 
462  /* Get the pointer to this process devicemap and reset it
463  holding the device map lock */
465  DeviceMap = Process->DeviceMap;
466  Process->DeviceMap = NULL;
468 
469  /* Continue only if there is a device map */
470  if (DeviceMap != NULL)
471  ObfDereferenceDeviceMap(DeviceMap);
472 }
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24

Referenced by PspDeleteProcess(), and PspSetPrimaryToken().

◆ ObDereferenceObjectEx()

LONG FASTCALL ObDereferenceObjectEx ( IN PVOID  Object,
IN LONG  Count 
)

Definition at line 90 of file obref.c.

92 {
94  LONG_PTR NewCount;
95 
96  /* Extract the object header */
98 
99  /* Check whether the object can now be deleted. */
100  NewCount = InterlockedExchangeAddSizeT(&Header->PointerCount, -Count) - Count;
101  if (!NewCount) ObpDeferObjectDeletion(Header);
102 
103  /* Return the current count */
104  return NewCount;
105 }
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
Definition: exfuncs.h:1015
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
VOID NTAPI ObpDeferObjectDeletion(IN POBJECT_HEADER Header)
Definition: obref.c:55
Definition: Header.h:8
static IUnknown Object
Definition: main.c:512
#define InterlockedExchangeAddSizeT(a, b)
Definition: interlocked.h:196
__int3264 LONG_PTR
Definition: mstsclib_h.h:276

Referenced by ExpTimerApcKernelRoutine(), ExTimerRundown(), NtCancelTimer(), NtSetTimer(), ObFastReferenceObject(), ObFastReplaceObject(), and PspCreateThread().

◆ ObDereferenceProcessHandleTable()

VOID NTAPI ObDereferenceProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 51 of file obhandle.c.

52 {
53  /* Release the process lock */
54  ExReleaseRundownProtection(&Process->RundownProtect);
55 }
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219

Referenced by ObClearProcessHandleTable(), ObDuplicateObject(), ObFindHandleForObject(), ObGetProcessHandleCount(), and ObInitProcess().

◆ ObDuplicateObject()

NTSTATUS NTAPI ObDuplicateObject ( IN PEPROCESS  SourceProcess,
IN HANDLE  SourceHandle,
IN PEPROCESS TargetProcess  OPTIONAL,
IN PHANDLE TargetHandle  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
IN ULONG  Options,
IN KPROCESSOR_MODE  PreviousMode 
)

Definition at line 2201 of file obhandle.c.

2209 {
2210  HANDLE_TABLE_ENTRY NewHandleEntry;
2211  BOOLEAN AttachedToProcess = FALSE;
2212  PVOID SourceObject;
2213  POBJECT_HEADER ObjectHeader;
2215  HANDLE NewHandle;
2217  NTSTATUS Status;
2218  ACCESS_MASK TargetAccess, SourceAccess;
2221  AUX_ACCESS_DATA AuxData;
2224  ULONG AuditMask;
2226 
2227  PAGED_CODE();
2229  "%s - Duplicating handle: %p for %p into %p\n",
2230  __FUNCTION__,
2231  SourceHandle,
2232  SourceProcess,
2233  TargetProcess);
2234 
2235  /* Assume failure */
2236  if (TargetHandle) *TargetHandle = NULL;
2237 
2238  /* Check if we're not duplicating the same access */
2239  if (!(Options & DUPLICATE_SAME_ACCESS))
2240  {
2241  /* Validate the desired access */
2242  Status = STATUS_SUCCESS; //ObpValidateDesiredAccess(DesiredAccess);
2243  if (!NT_SUCCESS(Status)) return Status;
2244  }
2245 
2246  /* Reference the object table */
2247  HandleTable = ObReferenceProcessHandleTable(SourceProcess);
2249 
2250  /* Reference the process object */
2252  SourceProcess,
2253  HandleTable,
2254  PreviousMode,
2255  &SourceObject,
2257  &AuditMask);
2258  if (!NT_SUCCESS(Status))
2259  {
2260  /* Fail */
2261  ObDereferenceProcessHandleTable(SourceProcess);
2262  return Status;
2263  }
2264  else
2265  {
2266  /* Check if we have to don't have to audit object close */
2267  if (!(HandleInformation.HandleAttributes & OBJ_AUDIT_OBJECT_CLOSE))
2268  {
2269  /* Then there is no audit mask */
2270  AuditMask = 0;
2271  }
2272  }
2273 
2274  /* Check if there's no target process */
2275  if (!TargetProcess)
2276  {
2277  /* Check if the caller wanted actual duplication */
2279  {
2280  /* Invalid request */
2282  }
2283  else
2284  {
2285  /* Otherwise, do the attach */
2286  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2287 
2288  /* Close the handle and detach */
2291  }
2292 
2293  /* Return */
2294  ObDereferenceProcessHandleTable(SourceProcess);
2295  ObDereferenceObject(SourceObject);
2296  return Status;
2297  }
2298 
2299  /* Create a kernel handle if asked, but only in the system process */
2300  if (PreviousMode == KernelMode &&
2302  TargetProcess == PsInitialSystemProcess)
2303  {
2304  KernelHandle = TRUE;
2305  }
2306 
2307  /* Get the target handle table */
2308  HandleTable = ObReferenceProcessHandleTable(TargetProcess);
2309  if (!HandleTable)
2310  {
2311  /* Check if the caller wanted us to close the handle */
2313  {
2314  /* Do the attach */
2315  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2316 
2317  /* Close the handle and detach */
2320  }
2321 
2322  /* Return */
2323  ObDereferenceProcessHandleTable(SourceProcess);
2324  ObDereferenceObject(SourceObject);
2326  }
2327 
2328  /* Get the source access */
2329  SourceAccess = HandleInformation.GrantedAccess;
2330 
2331  /* Check if we're not in the target process */
2332  if (TargetProcess != PsGetCurrentProcess())
2333  {
2334  /* Attach to it */
2335  KeStackAttachProcess(&TargetProcess->Pcb, &ApcState);
2336  AttachedToProcess = TRUE;
2337  }
2338 
2339  /* Check if we're duplicating the attributes */
2341  {
2342  /* Duplicate them */
2343  HandleAttributes = HandleInformation.HandleAttributes;
2344  }
2345  else
2346  {
2347  /* Don't allow caller to bypass auditing */
2348  HandleAttributes |= HandleInformation.HandleAttributes &
2350  }
2351 
2352  /* Check if we're duplicating the access */
2353  if (Options & DUPLICATE_SAME_ACCESS) DesiredAccess = SourceAccess;
2354 
2355  /* Get object data */
2356  ObjectHeader = OBJECT_TO_OBJECT_HEADER(SourceObject);
2357  ObjectType = ObjectHeader->Type;
2358 
2359  /* Fill out the entry */
2360  RtlZeroMemory(&NewHandleEntry, sizeof(HANDLE_TABLE_ENTRY));
2361  NewHandleEntry.Object = ObjectHeader;
2362  NewHandleEntry.ObAttributes |= (HandleAttributes & OBJ_HANDLE_ATTRIBUTES);
2363 
2364  /* Check if we're using a generic mask */
2366  {
2367  /* Map it */
2369  &ObjectType->TypeInfo.GenericMapping);
2370  }
2371 
2372  /* Set the target access, always propagate ACCESS_SYSTEM_SECURITY */
2373  TargetAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
2375  NewHandleEntry.GrantedAccess = TargetAccess;
2376 
2377  /* Check if we're asking for new access */
2378  if (TargetAccess & ~SourceAccess)
2379  {
2380  /* We are. We need the security procedure to validate this */
2381  if (ObjectType->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
2382  {
2383  /* Use our built-in access state */
2386  &AuxData,
2387  TargetAccess,
2388  &ObjectType->TypeInfo.GenericMapping);
2389  }
2390  else
2391  {
2392  /* Otherwise we can't allow this privilege elevation */
2394  }
2395  }
2396  else
2397  {
2398  /* We don't need an access state */
2400  }
2401 
2402  /* Make sure the access state was created OK */
2403  if (NT_SUCCESS(Status))
2404  {
2405  /* Add a new handle */
2406  Status = ObpIncrementHandleCount(SourceObject,
2408  PreviousMode,
2412  }
2413 
2414  /* Check if we were attached */
2415  if (AttachedToProcess)
2416  {
2417  /* We can safely detach now */
2419  AttachedToProcess = FALSE;
2420  }
2421 
2422  /* Check if we have to close the source handle */
2424  {
2425  /* Attach and close */
2426  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2429  }
2430 
2431  /* Check if we had an access state */
2433 
2434  /* Now check if incrementing actually failed */
2435  if (!NT_SUCCESS(Status))
2436  {
2437  /* Dereference handle tables */
2438  ObDereferenceProcessHandleTable(SourceProcess);
2439  ObDereferenceProcessHandleTable(TargetProcess);
2440 
2441  /* Dereference the source object */
2442  ObDereferenceObject(SourceObject);
2443  return Status;
2444  }
2445 
2446  if (NewHandleEntry.ObAttributes & OBJ_PROTECT_CLOSE)
2447  {
2448  NewHandleEntry.ObAttributes &= ~OBJ_PROTECT_CLOSE;
2449  NewHandleEntry.GrantedAccess |= ObpAccessProtectCloseBit;
2450  }
2451 
2452  /* Now create the handle */
2453  NewHandle = ExCreateHandle(HandleTable, &NewHandleEntry);
2454  if (!NewHandle)
2455  {
2456  /* Undo the increment */
2457  ObpDecrementHandleCount(SourceObject,
2458  TargetProcess,
2459  TargetAccess,
2460  ObjectType);
2461 
2462  /* Deference the object and set failure status */
2463  ObDereferenceObject(SourceObject);
2465  }
2466 
2467  /* Mark it as a kernel handle if requested */
2468  if (KernelHandle)
2469  {
2470  NewHandle = ObMarkHandleAsKernelHandle(NewHandle);
2471  }
2472 
2473  /* Return the handle */
2474  if (TargetHandle) *TargetHandle = NewHandle;
2475 
2476  /* Dereference handle tables */
2477  ObDereferenceProcessHandleTable(SourceProcess);
2478  ObDereferenceProcessHandleTable(TargetProcess);
2479 
2480  /* Return status */
2482  "%s - Duplicated handle: %p for %p into %p. Source: %p HC PC %lx %lx\n",
2483  __FUNCTION__,
2484  NewHandle,
2485  SourceProcess,
2486  TargetProcess,
2487  SourceObject,
2488  ObjectHeader->PointerCount,
2489  ObjectHeader->HandleCount);
2490  return Status;
2491 }
ObjectType
Definition: metafile.c:80
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define DUPLICATE_CLOSE_SOURCE
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
#define TRUE
Definition: types.h:120
ULONG ObpAccessProtectCloseBit
Definition: obhandle.c:21
NTSTATUS NTAPI SeCreateAccessState(IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:439
KAPC_STATE
Definition: ketypes.h:1273
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LONG_PTR HandleCount
Definition: obtypes.h:490
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
HANDLE KernelHandle
Definition: legacy.c:24
ULONG_PTR ObAttributes
Definition: extypes.h:600
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
#define GENERIC_ACCESS
Definition: wlx.c:26
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
_In_ HANDLE SourceHandle
Definition: obfuncs.h:429
enum OPTION_FLAGS Options
Definition: stats.c:44
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:791
#define OBJ_PROTECT_CLOSE
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
#define DUPLICATE_SAME_ACCESS
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:701
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:808
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:527
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:75
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:488
ULONG GrantedAccess
Definition: extypes.h:606
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:139
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle(IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
Definition: obhandle.c:88
#define OB_HANDLE_DEBUG
Definition: ob.h:17
Status
Definition: gdiplustypes.h:24
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:753
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1492
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
VOID NTAPI SeDeleteAccessState(IN PACCESS_STATE AccessState)
Definition: access.c:460
LONG_PTR PointerCount
Definition: obtypes.h:487
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
PVOID Object
Definition: extypes.h:599
POBJECT_TYPE Type
Definition: obtypes.h:493
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
return STATUS_SUCCESS
Definition: btrfs.c:2938
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51
#define __FUNCTION__
Definition: types.h:112
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
Definition: obfuncs.h:429
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)

Referenced by DbgkpOpenHandles(), and NtDuplicateObject().

◆ ObFastDereferenceObject()

VOID FASTCALL ObFastDereferenceObject ( IN PEX_FAST_REF  FastRef,
IN PVOID  Object 
)

Definition at line 169 of file obref.c.

171 {
172  /* Release a fast reference. If this failed, use the slow path */
174 }
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
static IUnknown Object
Definition: main.c:512
FORCEINLINE BOOLEAN ExReleaseFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: ex.h:671

Referenced by NtOpenThreadTokenEx(), PspCreateProcess(), PspCreateThread(), PspExitThread(), PspInitializeProcessSecurity(), PspSetPrimaryToken(), SeIsTokenChild(), SeIsTokenSibling(), and SeReleaseSubjectContext().

◆ ObFastReferenceObject()

PVOID FASTCALL ObFastReferenceObject ( IN PEX_FAST_REF  FastRef)

Definition at line 134 of file obref.c.

135 {
136  EX_FAST_REF OldValue;
138  PVOID Object;
139 
140  /* Reference the object and get it pointer */
141  OldValue = ExAcquireFastReference(FastRef);
142  Object = ExGetObjectFastReference(OldValue);
143 
144  /* Check how many references are left */
145  Count = ExGetCountFastReference(OldValue);
146 
147  /* Check if the reference count is over 1 */
148  if (Count > 1) return Object;
149 
150  /* Check if the reference count has reached 0 */
151  if (!Count) return NULL;
152 
153  /* Otherwise, reference the object 7 times */
155 
156  /* Now update the reference count */
157  if (!ExInsertFastReference(FastRef, Object))
158  {
159  /* We failed: completely dereference the object */
161  }
162 
163  /* Return the Object */
164  return Object;
165 }
LONG FASTCALL ObReferenceObjectEx(IN PVOID Object, IN LONG Count)
Definition: obref.c:79
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:566
FORCEINLINE BOOLEAN ExInsertFastReference(IN OUT PEX_FAST_REF FastRef, IN PVOID Object)
Definition: ex.h:632
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
Definition: exfuncs.h:1015
uint32_t ULONG_PTR
Definition: typedefs.h:63
FORCEINLINE EX_FAST_REF ExAcquireFastReference(IN OUT PEX_FAST_REF FastRef)
Definition: ex.h:603
smooth NULL
Definition: ftsmooth.c:416
LONG FASTCALL ObDereferenceObjectEx(IN PVOID Object, IN LONG Count)
Definition: obref.c:90
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:574
static IUnknown Object
Definition: main.c:512
#define MAX_FAST_REFS
Definition: ex.h:128

Referenced by PsReferenceEffectiveToken(), and PsReferencePrimaryToken().

◆ ObFastReferenceObjectLocked()

PVOID FASTCALL ObFastReferenceObjectLocked ( IN PEX_FAST_REF  FastRef)

Definition at line 121 of file obref.c.

122 {
123  PVOID Object;
124  EX_FAST_REF OldValue = *FastRef;
125 
126  /* Get the object and reference it slowly */
127  Object = ExGetObjectFastReference(OldValue);
129  return Object;
130 }
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:566
static IUnknown Object
Definition: main.c:512
#define ObReferenceObject
Definition: obfuncs.h:204

Referenced by PsReferenceEffectiveToken(), and PsReferencePrimaryToken().

◆ ObFastReplaceObject()

PVOID FASTCALL ObFastReplaceObject ( IN PEX_FAST_REF  FastRef,
IN PVOID  Object 
)

◆ ObfDereferenceDeviceMap()

VOID FASTCALL ObfDereferenceDeviceMap ( IN PDEVICE_MAP  DeviceMap)

Definition at line 477 of file devicemap.c.

478 {
479  DPRINT("ObfDereferenceDeviceMap()\n");
480 
481  /* Acquire the device map lock */
483 
484  /* Decrement the reference counter */
485  DeviceMap->ReferenceCount--;
486  DPRINT("ReferenceCount: %lu\n", DeviceMap->ReferenceCount);
487 
488  /* Leave, if there are still references to this device map */
489  if (DeviceMap->ReferenceCount != 0)
490  {
491  /* Release the device map lock and leave */
493  return;
494  }
495 
496  /* Nobody is referencing it anymore, unlink the DOS directory */
497  DeviceMap->DosDevicesDirectory->DeviceMap = NULL;
498 
499  /* Release the devicemap lock */
501 
502  /* Dereference the DOS Devices Directory and free the Device Map */
503  ObMakeTemporaryObject(DeviceMap->DosDevicesDirectory);
504  ObDereferenceObject(DeviceMap->DosDevicesDirectory);
505  ExFreePoolWithTag(DeviceMap, 'mDbO');
506 }
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24
VOID NTAPI ObMakeTemporaryObject(IN PVOID ObjectBody)
Definition: oblife.c:1361

Referenced by ObDereferenceDeviceMap(), ObpLookupObjectName(), ObpSetCurrentProcessDeviceMap(), ObQueryDeviceMapInformation(), ObSetDeviceMap(), SeGetLogonIdDeviceMap(), and SepRmDereferenceLogonSession().

◆ ObFreeObjectCreateInfoBuffer()

VOID NTAPI ObFreeObjectCreateInfoBuffer ( IN POBJECT_CREATE_INFORMATION  ObjectCreateInfo)

Definition at line 604 of file oblife.c.

605 {
606  /* Call the macro. We use this function to isolate Ob internals from Io */
608 }
FORCEINLINE VOID ObpFreeCapturedAttributes(IN PVOID Buffer, IN PP_NPAGED_LOOKASIDE_NUMBER Type)
Definition: ob_x.h:348

Referenced by IoCreateStreamFileObjectLite().

◆ ObGetProcessHandleCount()

ULONG NTAPI ObGetProcessHandleCount ( IN PEPROCESS  Process)

Definition at line 59 of file obhandle.c.

60 {
61  ULONG HandleCount;
63 
64  ASSERT(Process);
65 
66  /* Ensure the handle table doesn't go away while we use it */
68 
69  if (HandleTable != NULL)
70  {
71  /* Count the number of handles the process has */
72  HandleCount = HandleTable->HandleCount;
73 
74  /* Let the handle table go */
76  }
77  else
78  {
79  /* No handle table, no handles */
80  HandleCount = 0;
81  }
82 
83  return HandleCount;
84 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
smooth NULL
Definition: ftsmooth.c:416
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
unsigned int ULONG
Definition: retypes.h:1
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51

Referenced by NtQueryInformationProcess(), and QSI_DEF().

◆ ObInheritDeviceMap()

VOID NTAPI ObInheritDeviceMap ( IN PEPROCESS  Parent,
IN PEPROCESS  Process 
)

Definition at line 511 of file devicemap.c.

513 {
514  PDEVICE_MAP DeviceMap;
515 
516  DPRINT("ObInheritDeviceMap()\n");
517 
518  /* Acquire the device map lock */
520 
521  /* Get the parent process device map or the system device map */
522  DeviceMap = (Parent != NULL) ? Parent->DeviceMap : ObSystemDeviceMap;
523  if (DeviceMap != NULL)
524  {
525  /* Reference the device map and attach it to the new process */
526  DeviceMap->ReferenceCount++;
527  DPRINT("ReferenceCount: %lu\n", DeviceMap->ReferenceCount);
528 
529  Process->DeviceMap = DeviceMap;
530  }
531 
532  /* Release the device map lock */
534 }
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:728
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
if(!(yy_init))
Definition: macro.lex.yy.c:714
PDEVICE_MAP ObSystemDeviceMap
Definition: obinit.c:46
ULONG ReferenceCount
Definition: obtypes.h:527
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24

Referenced by PspCreateProcess().

◆ ObInitializeFastReference()

VOID FASTCALL ObInitializeFastReference ( IN PEX_FAST_REF  FastRef,
IN PVOID  Object 
)

Definition at line 109 of file obref.c.

111 {
112  /* Check if we were given an object and reference it 7 times */
114 
115  /* Setup the fast reference */
117 }
LONG FASTCALL ObReferenceObjectEx(IN PVOID Object, IN LONG Count)
Definition: obref.c:79
FORCEINLINE VOID ExInitializeFastReference(OUT PEX_FAST_REF FastRef, IN OPTIONAL PVOID Object)
Definition: ex.h:582
static IUnknown Object
Definition: main.c:512
#define MAX_FAST_REFS
Definition: ex.h:128

Referenced by PspInitializeProcessSecurity(), SeAssignPrimaryToken(), and SepInitializationPhase0().

◆ ObInitProcess()

NTSTATUS NTAPI ObInitProcess ( IN PEPROCESS Parent  OPTIONAL,
IN PEPROCESS  Process 
)

Definition at line 2087 of file obhandle.c.

2089 {
2090  PHANDLE_TABLE ParentTable, ObjectTable;
2091 
2092  /* Check for a parent */
2093  if (Parent)
2094  {
2095  /* Reference the parent's table */
2096  ParentTable = ObReferenceProcessHandleTable(Parent);
2097  if (!ParentTable) return STATUS_PROCESS_IS_TERMINATING;
2098 
2099  /* Duplicate it */
2100  ObjectTable = ExDupHandleTable(Process,
2101  ParentTable,
2103  OBJ_INHERIT);
2104  }
2105  else
2106  {
2107  /* Otherwise just create a new table */
2108  ParentTable = NULL;
2109  ObjectTable = ExCreateHandleTable(Process);
2110  }
2111 
2112  /* Make sure we have a table */
2113  if (ObjectTable)
2114  {
2115  /* Associate it */
2116  Process->ObjectTable = ObjectTable;
2117 
2118  /* Check for auditing */
2120  {
2121  /* FIXME: TODO */
2122  DPRINT1("Need auditing!\n");
2123  }
2124 
2125  /* Get rid of the old table now */
2126  if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2127 
2128  /* We are done */
2129  return STATUS_SUCCESS;
2130  }
2131  else
2132  {
2133  /* Fail */
2134  Process->ObjectTable = NULL;
2135  if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2137  }
2138 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:728
smooth NULL
Definition: ftsmooth.c:416
PHANDLE_TABLE NTAPI ExDupHandleTable(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PEX_DUPLICATE_HANDLE_CALLBACK DupHandleProcedure, IN ULONG_PTR Mask)
Definition: handle.c:1036
#define OBJ_INHERIT
Definition: winternl.h:225
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:488
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
Definition: handle.c:765
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
BOOLEAN NTAPI ObpDuplicateHandleCallback(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: obhandle.c:1957
BOOLEAN NTAPI SeDetailedAuditingWithToken(IN PTOKEN Token)
Definition: audit.c:25
return STATUS_SUCCESS
Definition: btrfs.c:2938
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51

Referenced by PspCreateProcess().

◆ ObInitSystem()

INIT_FUNCTION BOOLEAN NTAPI ObInitSystem ( VOID  )

Definition at line 202 of file obinit.c.

203 {
206  OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
208  HANDLE Handle;
209  PKPRCB Prcb = KeGetCurrentPrcb();
210  PLIST_ENTRY ListHead, NextEntry;
212  POBJECT_HEADER_CREATOR_INFO CreatorInfo;
213  POBJECT_HEADER_NAME_INFO NameInfo;
214  PSECURITY_DESCRIPTOR KernelObjectsSD = NULL;
216 
217  /* Check if this is actually Phase 1 initialization */
218  if (ObpInitializationPhase != 0) goto ObPostPhase0;
219 
220  /* Initialize the OBJECT_CREATE_INFORMATION List */
222  NonPagedPool,
224  'ICbO',
225  32,
227 
228  /* Set the captured UNICODE_STRING Object Name List */
230  PagedPool,
231  248,
232  'MNbO',
233  16,
235 
236  /* Temporarily setup both pointers to the shared list */
241 
242  /* Initialize the security descriptor cache */
243  ObpInitSdCache();
244 
245  /* Initialize the Default Event */
247 
248  /* Initialize the Dos Device Map mutex */
250 
251  /* Setup default access for the system process */
252  PsGetCurrentProcess()->GrantedAccess = PROCESS_ALL_ACCESS;
253  PsGetCurrentThread()->GrantedAccess = THREAD_ALL_ACCESS;
254 
255  /* Setup the Object Reaper */
257 
258  /* Initialize default Quota block */
260 
261  /* Create kernel handle table */
262  PsGetCurrentProcess()->ObjectTable = ExCreateHandleTable(NULL);
263  ObpKernelHandleTable = PsGetCurrentProcess()->ObjectTable;
264 
265  /* Create the Type Type */
266  RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
267  RtlInitUnicodeString(&Name, L"Type");
268  ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
269  ObjectTypeInitializer.ValidAccessMask = OBJECT_TYPE_ALL_ACCESS;
270  ObjectTypeInitializer.UseDefaultObject = TRUE;
271  ObjectTypeInitializer.MaintainTypeList = TRUE;
272  ObjectTypeInitializer.PoolType = NonPagedPool;
273  ObjectTypeInitializer.GenericMapping = ObpTypeMapping;
274  ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_TYPE);
275  ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;
276  ObjectTypeInitializer.DeleteProcedure = ObpDeleteObjectType;
277  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObpTypeObjectType);
278 
279  /* Create the Directory Type */
280  RtlInitUnicodeString(&Name, L"Directory");
281  ObjectTypeInitializer.PoolType = PagedPool;
282  ObjectTypeInitializer.ValidAccessMask = DIRECTORY_ALL_ACCESS;
283  ObjectTypeInitializer.CaseInsensitive = TRUE;
284  ObjectTypeInitializer.MaintainTypeList = FALSE;
285  ObjectTypeInitializer.GenericMapping = ObpDirectoryMapping;
286  ObjectTypeInitializer.DeleteProcedure = NULL;
287  ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_DIRECTORY);
288  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObpDirectoryObjectType);
289  ObpDirectoryObjectType->TypeInfo.ValidAccessMask &= ~SYNCHRONIZE;
290 
291  /* Create 'symbolic link' object type */
292  RtlInitUnicodeString(&Name, L"SymbolicLink");
293  ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_SYMBOLIC_LINK);
294  ObjectTypeInitializer.GenericMapping = ObpSymbolicLinkMapping;
295  ObjectTypeInitializer.ValidAccessMask = SYMBOLIC_LINK_ALL_ACCESS;
296  ObjectTypeInitializer.ParseProcedure = ObpParseSymbolicLink;
297  ObjectTypeInitializer.DeleteProcedure = ObpDeleteSymbolicLink;
298  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObpSymbolicLinkObjectType);
299  ObpSymbolicLinkObjectType->TypeInfo.ValidAccessMask &= ~SYNCHRONIZE;
300 
301  /* Phase 0 initialization complete */
303  return TRUE;
304 
305 ObPostPhase0:
306 
307  /* Re-initialize lookaside lists */
308  ObInit2();
309 
310  /* Initialize Object Types directory attributes */
311  RtlInitUnicodeString(&Name, L"\\");
313  &Name,
315  NULL,
317 
318  /* Create the directory */
322  if (!NT_SUCCESS(Status)) return FALSE;
323 
324  /* Get a handle to it */
326  0,
328  KernelMode,
330  NULL);
331  if (!NT_SUCCESS(Status)) return FALSE;
332 
333  /* Close the extra handle */
334  Status = NtClose(Handle);
335  if (!NT_SUCCESS(Status)) return FALSE;
336 
337  /* Create a custom security descriptor for the KernelObjects directory */
338  Status = ObpCreateKernelObjectsSD(&KernelObjectsSD);
339  if (!NT_SUCCESS(Status))
340  return FALSE;
341 
342  /* Initialize the KernelObjects directory attributes */
343  RtlInitUnicodeString(&Name, L"\\KernelObjects");
345  &Name,
347  NULL,
348  KernelObjectsSD);
349 
350  /* Create the directory */
354  ExFreePoolWithTag(KernelObjectsSD, TAG_SD);
355  if (!NT_SUCCESS(Status)) return FALSE;
356 
357  /* Close the extra handle */
358  Status = NtClose(Handle);
359  if (!NT_SUCCESS(Status)) return FALSE;
360 
361  /* Initialize ObjectTypes directory attributes */
362  RtlInitUnicodeString(&Name, L"\\ObjectTypes");
364  &Name,
366  NULL,
367  NULL);
368 
369  /* Create the directory */
373  if (!NT_SUCCESS(Status)) return FALSE;
374 
375  /* Get a handle to it */
377  0,
379  KernelMode,
381  NULL);
382  if (!NT_SUCCESS(Status)) return FALSE;
383 
384  /* Close the extra handle */
385  Status = NtClose(Handle);
386  if (!NT_SUCCESS(Status)) return FALSE;
387 
388  /* Initialize lookup context */
390 
391  /* Lock it */
393 
394  /* Loop the object types */
395  ListHead = &ObpTypeObjectType->TypeList;
396  NextEntry = ListHead->Flink;
397  while (ListHead != NextEntry)
398  {
399  /* Get the creator info from the list */
400  CreatorInfo = CONTAINING_RECORD(NextEntry,
402  TypeList);
403 
404  /* Recover the header and the name header from the creator info */
405  Header = (POBJECT_HEADER)(CreatorInfo + 1);
407 
408  /* Make sure we have a name, and aren't inserted yet */
409  if ((NameInfo) && !(NameInfo->Directory))
410  {
411  /* Do the initial lookup to setup the context */
413  &NameInfo->Name,
415  FALSE,
416  &Context))
417  {
418  /* Insert this object type */
420  &Context,
421  Header);
422  }
423  }
424 
425  /* Move to the next entry */
426  NextEntry = NextEntry->Flink;
427  }
428 
429  /* Cleanup after lookup */
431 
432  /* Initialize DOS Devices Directory and related Symbolic Links */
434  if (!NT_SUCCESS(Status)) return FALSE;
435  return TRUE;
436 }
VOID NTAPI ObpDeleteSymbolicLink(IN PVOID ObjectBody)
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
Definition: oblife.c:1048
#define THREAD_ALL_ACCESS
Definition: nt_native.h:1339
#define TRUE
Definition: types.h:120
#define PROCESS_ALL_ACCESS
Definition: nt_native.h:1324
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
WORK_QUEUE_ITEM ObpReaperWorkItem
Definition: oblife.c:28
static INIT_FUNCTION NTSTATUS NTAPI ObpCreateKernelObjectsSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: obinit.c:64
LONG NTSTATUS
Definition: precomp.h:26
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
Definition: ketypes.h:1062
UNICODE_STRING Name
Definition: obtypes.h:433
GENERIC_MAPPING ObpDirectoryMapping
Definition: obinit.c:27
INIT_FUNCTION NTSTATUS NTAPI ObpInitSdCache(VOID)
Definition: obsdcach.c:61
#define OBJ_OPENLINK
Definition: winternl.h:230
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
#define OBJ_PERMANENT
Definition: winternl.h:226
GENERAL_LOOKASIDE ObpCreateInfoLookasideList
Definition: oblife.c:26
ULONG ObpInitializationPhase
Definition: obinit.c:53
VOID NTAPI ObpDeleteObjectType(IN PVOID Object)
Definition: oblife.c:1329
static POBJECT_TYPE ObpDefaultObject
Definition: ObTypes.c:138
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
GENERIC_MAPPING ObpTypeMapping
Definition: obinit.c:19
POBJECT_DIRECTORY ObpRootDirectoryObject
Definition: obname.c:19
PP_LOOKASIDE_LIST PPLookasideList[16]
Definition: ketypes.h:624
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
struct _OBJECT_HEADER * POBJECT_HEADER
Definition: Header.h:8
GENERAL_LOOKASIDE ObpNameBufferLookasideList
Definition: oblife.c:26
struct NameRec_ * Name
Definition: cdprocs.h:464
#define PsGetCurrentProcess
Definition: psfuncs.h:17
VOID NTAPI ObpReapObject(IN PVOID Unused)
Definition: oblife.c:221
smooth NULL
Definition: ftsmooth.c:416
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
#define TAG_SD
Definition: tag.h:176
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
OBJECT_TYPE
Definition: ntobjenum.h:23
INIT_FUNCTION VOID NTAPI ExInitializeSystemLookasideList(IN PGENERAL_LOOKASIDE List, IN POOL_TYPE Type, IN ULONG Size, IN ULONG Tag, IN USHORT MaximumDepth, IN PLIST_ENTRY ListHead)
Definition: lookas.c:35
BOOLEAN NTAPI ObpInsertEntryDirectory(IN POBJECT_DIRECTORY Parent, IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_HEADER ObjectHeader)
Definition: obdir.c:45
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
_In_ HANDLE Handle
Definition: extypes.h:390
#define ObpDirectoryObjectType
Definition: ObTypes.c:123
#define ExInitializeWorkItem(Item, Routine, Context)
Definition: exfuncs.h:265
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
FORCEINLINE VOID ObpAcquireDirectoryLockExclusive(IN POBJECT_DIRECTORY Directory, IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:190
OB_PARSE_METHOD ParseProcedure
Definition: obtypes.h:370
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
Definition: handle.c:765
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
struct _GENERAL_LOOKASIDE * L
Definition: ketypes.h:760
static const WCHAR L[]
Definition: oid.c:1250
PVOID NTAPI ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
Definition: obdir.c:158
BOOLEAN INIT_FUNCTION NTAPI ObInit2(VOID)
Definition: obinit.c:135
Definition: typedefs.h:117
#define SYNCHRONIZE
Definition: nt_native.h:61
#define OBJECT_TYPE_ALL_ACCESS
Definition: nt_native.h:1248
Status
Definition: gdiplustypes.h:24
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:255
NTSTATUS NTAPI NtCreateDirectoryObject(OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: obdir.c:773
#define ObpSymbolicLinkObjectType
Definition: ObTypes.c:124
VOID FASTCALL KeInitializeGuardedMutex(OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:31
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:221
#define KeInitializeEvent(pEvt, foo, foo2)
Definition: env_spec_w32.h:477
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
struct _GENERAL_LOOKASIDE * P
Definition: ketypes.h:759
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
NTSTATUS NTAPI ObpParseSymbolicLink(IN PVOID ParsedObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING FullPath, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *NextObject)
Definition: oblink.c:431
GENERIC_MAPPING ObpSymbolicLinkMapping
Definition: obinit.c:38
VOID NTAPI PsInitializeQuotaSystem(VOID)
Definition: quota.c:100
INIT_FUNCTION NTSTATUS NTAPI ObpCreateDosDevicesDirectory(VOID)
Definition: obname.c:177
static POBJECT_TYPE ObpTypeObjectType
Definition: ObTypes.c:122
struct tagContext Context
Definition: acpixf.h:1030
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
KGUARDED_MUTEX ObpDeviceMapLock
Definition: oblife.c:24
LIST_ENTRY TypeList
Definition: obtypes.h:382
OB_DELETE_METHOD DeleteProcedure
Definition: obtypes.h:369
struct _OBJECT_SYMBOLIC_LINK OBJECT_SYMBOLIC_LINK
ULONG DefaultNonPagedPoolCharge
Definition: obtypes.h:365
LIST_ENTRY ExSystemLookasideListHead
Definition: lookas.c:25
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:23
POBJECT_DIRECTORY ObpTypeDirectoryObject
Definition: obname.c:20
struct _OBJECT_DIRECTORY OBJECT_DIRECTORY

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ ObIsLUIDDeviceMapsEnabled()

ULONG NTAPI ObIsLUIDDeviceMapsEnabled ( VOID  )

Definition at line 661 of file devicemap.c.

662 {
664 }
ULONG ObpLUIDDeviceMapsEnabled
Definition: devicemap.c:18

Referenced by NtQueryInformationProcess(), and PspSetPrimaryToken().

◆ ObKillProcess()

VOID NTAPI ObKillProcess ( IN PEPROCESS  Process)

Definition at line 2157 of file obhandle.c.

2158 {
2161  BOOLEAN HardErrors;
2162  PAGED_CODE();
2163 
2164  /* Wait for process rundown and then complete it */
2165  ExWaitForRundownProtectionRelease(&Process->RundownProtect);
2166  ExRundownCompleted(&Process->RundownProtect);
2167 
2168  /* Get the object table */
2169  HandleTable = Process->ObjectTable;
2170  if (!HandleTable) return;
2171 
2172  /* Disable hard errors while we close handles */
2173  HardErrors = IoSetThreadHardErrorMode(FALSE);
2174 
2175  /* Enter a critical region */
2177 
2178  /* Fill out the context */
2179  Context.AccessMode = KernelMode;
2180  Context.HandleTable = HandleTable;
2181 
2182  /* Sweep the handle table to close all handles */
2185  &Context);
2186  ASSERT(HandleTable->HandleCount == 0);
2187 
2188  /* Leave the critical region */
2190 
2191  /* Re-enable hard errors */
2192  IoSetThreadHardErrorMode(HardErrors);
2193 
2194  /* Destroy the object table */
2195  Process->ObjectTable = NULL;
2197 }
NTKERNELAPI VOID FASTCALL ExRundownCompleted(_Out_ PEX_RUNDOWN_REF RunRef)
VOID NTAPI ExDestroyHandleTable(IN PHANDLE_TABLE HandleTable, IN PVOID DestroyHandleProcedure OPTIONAL)
Definition: handle.c:927
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
#define PAGED_CODE()
Definition: video.h:57
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
NTKERNELAPI VOID FASTCALL ExWaitForRundownProtectionRelease(_Inout_ PEX_RUNDOWN_REF RunRef)
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
BOOLEAN NTAPI IoSetThreadHardErrorMode(IN BOOLEAN HardErrorEnabled)
Definition: error.c:707
#define KeEnterCriticalRegion()
Definition: ke_x.h:83
#define KeLeaveCriticalRegion()
Definition: ke_x.h:114
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1196
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
struct tagContext Context
Definition: acpixf.h:1030
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1921

Referenced by PspDeleteProcess(), and PspExitThread().

◆ ObpCaptureObjectCreateInformation()

NTSTATUS NTAPI ObpCaptureObjectCreateInformation ( IN POBJECT_ATTRIBUTES  ObjectAttributes,
IN KPROCESSOR_MODE  AccessMode,
IN KPROCESSOR_MODE  CreatorMode,
IN BOOLEAN  AllocateFromLookaside,
IN POBJECT_CREATE_INFORMATION  ObjectCreateInfo,
OUT PUNICODE_STRING  ObjectName 
)

Definition at line 456 of file oblife.c.

462 {
463  ULONG SdCharge, QuotaInfoSize;
466  PSECURITY_QUALITY_OF_SERVICE SecurityQos;
467  PUNICODE_STRING LocalObjectName = NULL;
468  PAGED_CODE();
469 
470  /* Zero out the Capture Data */
471  RtlZeroMemory(ObjectCreateInfo, sizeof(OBJECT_CREATE_INFORMATION));
472 
473  /* SEH everything here for protection */
474  _SEH2_TRY
475  {
476  /* Check if we got attributes */
477  if (ObjectAttributes)
478  {
479  /* Check if we're in user mode */
480  if (AccessMode != KernelMode)
481  {
482  /* Probe the attributes */
484  sizeof(OBJECT_ATTRIBUTES),
485  sizeof(ULONG));
486  }
487 
488  /* Validate the Size and Attributes */
489  if ((ObjectAttributes->Length != sizeof(OBJECT_ATTRIBUTES)) ||
491  {
492  /* Invalid combination, fail */
494  }
495 
496  /* Set some Create Info and do not allow user-mode kernel handles */
497  ObjectCreateInfo->RootDirectory = ObjectAttributes->RootDirectory;
498  ObjectCreateInfo->Attributes = ObjectAttributes->Attributes & OBJ_VALID_KERNEL_ATTRIBUTES;
499  if (CreatorMode != KernelMode) ObjectCreateInfo->Attributes &= ~OBJ_KERNEL_HANDLE;
500  LocalObjectName = ObjectAttributes->ObjectName;
501  SecurityDescriptor = ObjectAttributes->SecurityDescriptor;
502  SecurityQos = ObjectAttributes->SecurityQualityOfService;
503 
504  /* Check if we have a security descriptor */
505  if (SecurityDescriptor)
506  {
507  /* Capture it. Note: This has an implicit memory barrier due
508  to the function call, so cleanup is safe here.) */
510  AccessMode,
511  NonPagedPool,
512  TRUE,
513  &ObjectCreateInfo->
515  if (!NT_SUCCESS(Status))
516  {
517  /* Capture failed, quit */
518  ObjectCreateInfo->SecurityDescriptor = NULL;
519  _SEH2_YIELD(return Status);
520  }
521 
522  /*
523  * By default, assume a SD size of 1024 and allow twice its
524  * size.
525  * If SD size happen to be bigger than that, then allow it
526  */
527  SdCharge = 2048;
528  SeComputeQuotaInformationSize(ObjectCreateInfo->SecurityDescriptor,
529  &QuotaInfoSize);
530  if ((2 * QuotaInfoSize) > 2048)
531  {
532  SdCharge = 2 * QuotaInfoSize;
533  }
534 
535  /* Save the probe mode and security descriptor size */
536  ObjectCreateInfo->SecurityDescriptorCharge = SdCharge;
537  ObjectCreateInfo->ProbeMode = AccessMode;
538  }
539 
540  /* Check if we have QoS */
541  if (SecurityQos)
542  {
543  /* Check if we came from user mode */
544  if (AccessMode != KernelMode)
545  {
546  /* Validate the QoS */
547  ProbeForRead(SecurityQos,
549  sizeof(ULONG));
550  }
551 
552  /* Save Info */
553  ObjectCreateInfo->SecurityQualityOfService = *SecurityQos;
554  ObjectCreateInfo->SecurityQos =
555  &ObjectCreateInfo->SecurityQualityOfService;
556  }
557  }
558  else
559  {
560  /* We don't have a name */
561  LocalObjectName = NULL;
562  }
563  }
565  {
566  /* Cleanup and return the exception code */
567  ObpReleaseObjectCreateInformation(ObjectCreateInfo);
569  }
570  _SEH2_END;
571 
572  /* Now check if the Object Attributes had an Object Name */
573  if (LocalObjectName)
574  {
576  LocalObjectName,
577  AccessMode,
578  AllocateFromLookaside);
579  }
580  else
581  {
582  /* Clear the string */
583  RtlInitEmptyUnicodeString(ObjectName, NULL, 0);
584 
585  /* It cannot have specified a Root Directory */
586  if (ObjectCreateInfo->RootDirectory)
587  {
589  }
590  }
591 
592  /* Cleanup if we failed */
593  if (!NT_SUCCESS(Status))
594  {
595  ObpReleaseObjectCreateInformation(ObjectCreateInfo);
596  }
597 
598  /* Return status to caller */
599  return Status;
600 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
NTSTATUS NTAPI SeComputeQuotaInformationSize(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
FORCEINLINE VOID ObpReleaseObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:296
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
NTSTATUS NTAPI ObpCaptureObjectName(IN OUT PUNICODE_STRING CapturedName, IN PUNICODE_STRING ObjectName, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN UseLookaside)
Definition: oblife.c:377
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
smooth NULL
Definition: ftsmooth.c:416
#define OBJ_VALID_KERNEL_ATTRIBUTES
Definition: obtypes.h:92
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:351
#define STATUS_OBJECT_NAME_INVALID
Definition: udferr_usr.h:148
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:434
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231

Referenced by ObCreateObject(), and ObOpenObjectByName().

◆ ObpCaptureObjectName()

NTSTATUS NTAPI ObpCaptureObjectName ( IN PUNICODE_STRING  CapturedName,
IN PUNICODE_STRING  ObjectName,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  AllocateFromLookaside 
)

Referenced by ObReferenceObjectByName().

◆ ObpCheckObjectReference()

BOOLEAN NTAPI ObpCheckObjectReference ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 340 of file obsecure.c.

345 {
346  POBJECT_HEADER ObjectHeader;
349  BOOLEAN SdAllocated;
350  BOOLEAN Result;
354  PAGED_CODE();
355 
356  /* Get the header and type */
357  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
358  ObjectType = ObjectHeader->Type;
359 
360  /* Get the security descriptor */
362  if (!NT_SUCCESS(Status))
363  {
364  /* We failed */
365  *AccessStatus = Status;
366  return FALSE;
367  }
368 
369  /* Lock the security context */
370  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
371 
372  /* Now do the entire access check */
374  &AccessState->SubjectSecurityContext,
375  TRUE,
376  AccessState->RemainingDesiredAccess,
377  AccessState->PreviouslyGrantedAccess,
378  &Privileges,
379  &ObjectType->TypeInfo.GenericMapping,
380  AccessMode,
381  &GrantedAccess,
382  AccessStatus);
383  if (Result)
384  {
385  /* Update the access state */
386  AccessState->RemainingDesiredAccess &= ~GrantedAccess;
387  AccessState->PreviouslyGrantedAccess |= GrantedAccess;
388  }
389 
390  /* Check if we have an SD */
391  if (SecurityDescriptor)
392  {
393  /* Do audit alarm */
394 #if 0
395  SeObjectReferenceAuditAlarm(&AccessState->OperationID,
396  Object,
398  &AccessState->SubjectSecurityContext,
399  AccessState->RemainingDesiredAccess |
400  AccessState->PreviouslyGrantedAccess,
401  ((PAUX_ACCESS_DATA)(AccessState->AuxData))->
402  PrivilegeSet,
403  Result,
404  AccessMode);
405 #endif
406  }
407 
408  /* We're done, unlock the context and release security */
409  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
411  return Result;
412 }
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
ObjectType
Definition: metafile.c:80
#define TRUE
Definition: types.h:120
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
Status
Definition: gdiplustypes.h:24
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40

Referenced by ObReferenceObjectByName().

◆ ObpCheckTraverseAccess()

BOOLEAN NTAPI ObpCheckTraverseAccess ( IN PVOID  Object,
IN ACCESS_MASK  TraverseAccess,
IN PACCESS_STATE AccessState  OPTIONAL,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 267 of file obsecure.c.

273 {
274  POBJECT_HEADER ObjectHeader;
277  BOOLEAN SdAllocated;
278  BOOLEAN Result;
282  PAGED_CODE();
283 
284  /* Get the header and type */
285  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
286  ObjectType = ObjectHeader->Type;
287 
288  /* Get the security descriptor */
290  if (!NT_SUCCESS(Status))
291  {
292  /* We failed */
293  *AccessStatus = Status;
294  return FALSE;
295  }
296 
297  /* First try to perform a fast traverse check
298  * If it fails, then the entire access check will
299  * have to be done.
300  */
302  AccessState,
304  AccessMode);
305  if (Result)
306  {
308  return TRUE;
309  }
310 
311  /* Lock the security context */
312  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
313 
314  /* Now do the entire access check */
316  &AccessState->SubjectSecurityContext,
317  TRUE,
318  TraverseAccess,
319  0,
320  &Privileges,
321  &ObjectType->TypeInfo.GenericMapping,
322  AccessMode,
323  &GrantedAccess,
324  AccessStatus);
325  if (Privileges)
326  {
327  /* We got privileges, append them to the access state and free them */
330  }
331 
332  /* We're done, unlock the context and release security */
333  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
335  return Result;
336 }
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
ObjectType
Definition: metafile.c:80
#define TRUE
Definition: types.h:120
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:407
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define FILE_WRITE_DATA
Definition: nt_native.h:631
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
BOOLEAN NTAPI SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode)
Definition: accesschk.c:460
Status
Definition: gdiplustypes.h:24
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40

Referenced by ObpLookupObjectName().

◆ ObpCreateDosDevicesDirectory()

INIT_FUNCTION NTSTATUS NTAPI ObpCreateDosDevicesDirectory ( VOID  )

Definition at line 177 of file obname.c.

178 {
180  UNICODE_STRING RootName, TargetName, LinkName;
181  HANDLE Handle, SymHandle;
182  SECURITY_DESCRIPTOR DosDevicesSD;
184 
185  /*
186  * Enable LUID mappings only if not explicitely disabled
187  * and if protection mode is set
188  */
191  else
193 
194  /* Create a custom security descriptor for the global DosDevices directory */
195  Status = ObpGetDosDevicesProtection(&DosDevicesSD);
196  if (!NT_SUCCESS(Status))
197  return Status;
198 
199  /* Create the global DosDevices directory \?? */
200  RtlInitUnicodeString(&RootName, L"\\GLOBAL??");
202  &RootName,
204  NULL,
205  &DosDevicesSD);
209  if (!NT_SUCCESS(Status))
210  goto done;
211 
212  /* Create the system device map */
214  if (!NT_SUCCESS(Status))
215  goto done;
216 
217  /*
218  * Initialize the \??\GLOBALROOT symbolic link
219  * pointing to the root directory \ .
220  */
221  RtlInitUnicodeString(&LinkName, L"GLOBALROOT");
224  &LinkName,
226  Handle,
227  &DosDevicesSD);
228  Status = NtCreateSymbolicLinkObject(&SymHandle,
231  &TargetName);
232  if (NT_SUCCESS(Status)) NtClose(SymHandle);
233 
234  /*
235  * Initialize the \??\Global symbolic link pointing to the global
236  * DosDevices directory \?? . It is used to access the global \??
237  * by user-mode components which, by default, use a per-session
238  * DosDevices directory.
239  */
240  RtlInitUnicodeString(&LinkName, L"Global");
242  &LinkName,
244  Handle,
245  &DosDevicesSD);
246  Status = NtCreateSymbolicLinkObject(&SymHandle,
249  &RootName);
250  if (NT_SUCCESS(Status)) NtClose(SymHandle);
251 
252  /* Close the directory handle */
253  NtClose(Handle);
254  if (!NT_SUCCESS(Status))
255  goto done;
256 
257  /*
258  * Initialize the \DosDevices symbolic link pointing to the global
259  * DosDevices directory \?? , for backward compatibility with
260  * Windows NT-2000 systems.
261  */
262  RtlCreateUnicodeString(&LinkName, L"\\DosDevices");
265  &LinkName,
267  NULL,
268  &DosDevicesSD);
269  Status = NtCreateSymbolicLinkObject(&SymHandle,
272  &RootName);
273  if (NT_SUCCESS(Status)) NtClose(SymHandle);
274 
275 done:
276  ObpFreeDosDevicesProtection(&DosDevicesSD);
277 
278  /* Return status */
279  return Status;
280 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
const uint16_t * PCWSTR
Definition: typedefs.h:55
INIT_FUNCTION VOID NTAPI ObpFreeDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obname.c:161
ULONG ObpLUIDDeviceMapsEnabled
Definition: devicemap.c:18
INIT_FUNCTION NTSTATUS NTAPI ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obname.c:40
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
Definition: devicemap.c:24
#define OBJ_PERMANENT
Definition: winternl.h:226
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
smooth NULL
Definition: ftsmooth.c:416
_In_ HANDLE Handle
Definition: extypes.h:390
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ALIGNEDNAME ObpDosDevicesShortNameRoot
Definition: obname.c:24
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
static const WCHAR L[]
Definition: oid.c:1250
WCHAR TargetName[256]
Definition: arping.c:27
Status
Definition: gdiplustypes.h:24
NTSTATUS NTAPI NtCreateDirectoryObject(OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: obdir.c:773
ULONG ObpProtectionMode
Definition: obinit.c:56
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
ULONG ObpLUIDDeviceMapsDisabled
Definition: devicemap.c:17

Referenced by ObInitSystem().

◆ ObpCreateSymbolicLinkName()

VOID NTAPI ObpCreateSymbolicLinkName ( IN POBJECT_SYMBOLIC_LINK  SymbolicLink)

Definition at line 334 of file oblink.c.

335 {
336  WCHAR UpperDrive;
337  POBJECT_HEADER ObjectHeader;
338  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
339 
340  /* Get header data */
341  ObjectHeader = OBJECT_TO_OBJECT_HEADER(SymbolicLink);
342  ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
343 
344  /* No name info, nothing to create */
345  if (ObjectNameInfo == NULL)
346  {
347  return;
348  }
349 
350  /* If we have a device map, look for creating a letter based drive */
351  if (ObjectNameInfo->Directory != NULL &&
352  ObjectNameInfo->Directory->DeviceMap != NULL)
353  {
354  /* Is it a drive letter based name? */
355  if (ObjectNameInfo->Name.Length == 2 * sizeof(WCHAR))
356  {
357  if (ObjectNameInfo->Name.Buffer[1] == L':')
358  {
359  UpperDrive = RtlUpcaseUnicodeChar(ObjectNameInfo->Name.Buffer[0]);
360  if (UpperDrive >= L'A' && UpperDrive <= L'Z')
361  {
362  /* Compute its index (it's 1 based - 0 means no letter) */
363  SymbolicLink->DosDeviceDriveIndex = UpperDrive - (L'A' - 1);
364  }
365  }
366  }
367 
368  /* Call the helper */
370  }
371 
372  /* We're done */
373  ObpDereferenceNameInfo(ObjectNameInfo);
374 }
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
UNICODE_STRING Name
Definition: obtypes.h:433
NTSYSAPI WCHAR NTAPI RtlUpcaseUnicodeChar(WCHAR Source)
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
smooth NULL
Definition: ftsmooth.c:416
__wchar_t WCHAR
Definition: xmlstorage.h:180
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
static const WCHAR L[]
Definition: oid.c:1250
struct _DEVICE_MAP * DeviceMap
Definition: obtypes.h:418
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
static const WCHAR SymbolicLink[]
Definition: interface.c:31

Referenced by ObInsertObject().

◆ ObpDeleteEntryDirectory()

BOOLEAN NTAPI ObpDeleteEntryDirectory ( IN POBP_LOOKUP_CONTEXT  Context)

Referenced by ObpDeleteNameCheck().

◆ ObpDeleteNameCheck()

VOID NTAPI ObpDeleteNameCheck ( IN PVOID  Object)

Definition at line 301 of file obname.c.

302 {
303  POBJECT_HEADER ObjectHeader;
305  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
307  PVOID Directory = NULL;
308 
309  /* Get object structures */
310  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
311  ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
312  ObjectType = ObjectHeader->Type;
313 
314  /*
315  * Check if the handle count is 0, if the object is named,
316  * and if the object isn't a permanent object.
317  */
318  if (!(ObjectHeader->HandleCount) &&
319  (ObjectNameInfo) &&
320  (ObjectNameInfo->Name.Length) &&
321  (ObjectNameInfo->Directory) &&
322  !(ObjectHeader->Flags & OB_FLAG_PERMANENT))
323  {
324  /* Setup a lookup context */
326 
327  /* Lock the directory */
329 
330  /* Do the lookup */
331  Object = ObpLookupEntryDirectory(ObjectNameInfo->Directory,
332  &ObjectNameInfo->Name,
333  0,
334  FALSE,
335  &Context);
336  if (Object)
337  {
338  /* Lock the object */
339  ObpAcquireObjectLock(ObjectHeader);
340 
341  /* Make sure we can still delete the object */
342  if (!(ObjectHeader->HandleCount) &&
343  !(ObjectHeader->Flags & OB_FLAG_PERMANENT))
344  {
345  /* First delete it from the directory */
347 
348  /* Check if this is a symbolic link */
350  {
351  /* Remove internal name */
353  }
354 
355  /* Check if the kernel exclusive is set */
356  ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
357  if ((ObjectNameInfo) &&
358  (ObjectNameInfo->QueryReferences & OB_FLAG_KERNEL_EXCLUSIVE))
359  {
360  /* Remove protection flag */
361  InterlockedExchangeAdd((PLONG)&ObjectNameInfo->QueryReferences,
363  }
364 
365  /* Get the directory */
366  Directory = ObjectNameInfo->Directory;
367  }
368 
369  /* Release the lock */
370  ObpReleaseObjectLock(ObjectHeader);
371  }
372 
373  /* Cleanup after lookup */
375 
376  /* Remove another query reference since we added one on top */
377  ObpDereferenceNameInfo(ObjectNameInfo);
378 
379  /* Check if we were inserted in a directory */
380  if (Directory)
381  {
382  /* We were, so first remove the extra reference we had added */
383  ObpDereferenceNameInfo(ObjectNameInfo);
384 
385  /* Now dereference the object as well */
387  }
388  }
389  else
390  {
391  /* Remove the reference we added */
392  ObpDereferenceNameInfo(ObjectNameInfo);
393  }
394 }
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
ObjectType
Definition: metafile.c:80
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
LONG_PTR HandleCount
Definition: obtypes.h:490
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
UNICODE_STRING Name
Definition: obtypes.h:433
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
#define OB_FLAG_PERMANENT
Definition: obtypes.h:101
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
smooth NULL
Definition: ftsmooth.c:416
UCHAR Flags
Definition: obtypes.h:497
#define InterlockedExchangeAdd
Definition: interlocked.h:181
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
FORCEINLINE VOID ObpAcquireDirectoryLockExclusive(IN POBJECT_DIRECTORY Directory, IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:190
static IUnknown Object
Definition: main.c:512
PVOID NTAPI ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
Definition: obdir.c:158
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:255
VOID NTAPI ObpDeleteSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
Definition: oblink.c:326
#define ObpSymbolicLinkObjectType
Definition: ObTypes.c:124
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:221
struct tagContext Context
Definition: acpixf.h:1030
base for all directory entries
Definition: entries.h:138
POBJECT_TYPE Type
Definition: obtypes.h:493
signed int * PLONG
Definition: retypes.h:5
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
#define OB_FLAG_KERNEL_EXCLUSIVE
Definition: obtypes.h:109
BOOLEAN NTAPI ObpDeleteEntryDirectory(IN POBP_LOOKUP_CONTEXT Context)

Referenced by ObInsertObject(), ObpDecrementHandleCount(), and ObpSetPermanentObject().

◆ ObpDeleteObject()

VOID NTAPI ObpDeleteObject ( IN PVOID  Object,
IN BOOLEAN  CalledFromWorkerThread 
)

Definition at line 148 of file oblife.c.

150 {
153  POBJECT_HEADER_NAME_INFO NameInfo;
154  POBJECT_HEADER_CREATOR_INFO CreatorInfo;
155  KIRQL CalloutIrql;
156  PAGED_CODE();
157 
158  /* Get the header and type */
160  ObjectType = Header->Type;
161 
162  /* Get creator and name information */
164  CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(Header);
165 
166  /* Check if the object is on a type list */
167  if ((CreatorInfo) && !(IsListEmpty(&CreatorInfo->TypeList)))
168  {
169  /* Lock the object type */
171 
172  /* Remove the object from the type list */
173  RemoveEntryList(&CreatorInfo->TypeList);
174 
175  /* Release the lock */
177  }
178 
179  /* Check if we have a name */
180  if ((NameInfo) && (NameInfo->Name.Buffer))
181  {
182  /* Free it */
183  ExFreePool(NameInfo->Name.Buffer);
184  RtlInitEmptyUnicodeString(&NameInfo->Name, NULL, 0);
185  }
186 
187  /* Check if we have a security descriptor */
188  if (Header->SecurityDescriptor)
189  {
190  /* Call the security procedure to delete it */
191  ObpCalloutStart(&CalloutIrql);
192  ObjectType->TypeInfo.SecurityProcedure(Object,
193  DeleteSecurityDescriptor,
194  0,
195  NULL,
196  NULL,
197  &Header->SecurityDescriptor,
198  0,
199  NULL);
200  ObpCalloutEnd(CalloutIrql, "Security", ObjectType, Object);
201  }
202 
203  /* Check if we have a delete procedure */
204  if (ObjectType->TypeInfo.DeleteProcedure)
205  {
206  /* Save whether we were deleted from worker thread or not */
207  if (!CalledFromWorkerThread) Header->Flags |= OB_FLAG_DEFER_DELETE;
208 
209  /* Call it */
210  ObpCalloutStart(&CalloutIrql);
211  ObjectType->TypeInfo.DeleteProcedure(Object);
212  ObpCalloutEnd(CalloutIrql, "Delete", ObjectType, Object);
213  }
214 
215  /* Now de-allocate all object members */
217 }
ObjectType
Definition: metafile.c:80
UNICODE_STRING Name
Definition: obtypes.h:433
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
UCHAR KIRQL
Definition: env_spec_w32.h:591
Definition: Header.h:8
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:429
smooth NULL
Definition: ftsmooth.c:416
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:272
static IUnknown Object
Definition: main.c:512
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:284
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:437
VOID FASTCALL ObpDeallocateObject(IN PVOID Object)
Definition: oblife.c:39
#define OB_FLAG_DEFER_DELETE
Definition: obtypes.h:104
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
Definition: obtypes.h:126
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by ObfDereferenceObject(), and ObpReapObject().

◆ ObpDeleteObjectType()

VOID NTAPI ObpDeleteObjectType ( IN PVOID  Object)

Definition at line 1329 of file oblife.c.

1330 {
1331  ULONG i;
1333 
1334  /* Loop our locks */
1335  for (i = 0; i < 4; i++)
1336  {
1337  /* Delete each one */
1338  ExDeleteResourceLite(&ObjectType->ObjectLocks[i]);
1339  }
1340 
1341  /* Delete our main mutex */
1343 }
ObjectType
Definition: metafile.c:80
NTSTATUS NTAPI ExDeleteResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1456
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
void * PVOID
Definition: retypes.h:9
static IUnknown Object
Definition: main.c:512
unsigned int ULONG
Definition: retypes.h:1

Referenced by ObInitSystem().

◆ ObpDeleteSymbolicLink()

VOID NTAPI ObpDeleteSymbolicLink ( IN PVOID  ObjectBody)

Referenced by ObInitSystem().

◆ ObpDeleteSymbolicLinkName()

VOID NTAPI ObpDeleteSymbolicLinkName ( IN POBJECT_SYMBOLIC_LINK  SymbolicLink)

Definition at line 326 of file oblink.c.

327 {
328  /* Just call the helper */
330 }
#define TRUE
Definition: types.h:120
static const WCHAR SymbolicLink[]
Definition: interface.c:31

Referenced by ObpDeleteNameCheck().

◆ ObpFreeObjectNameBuffer()

VOID NTAPI ObpFreeObjectNameBuffer ( IN PUNICODE_STRING  Name)

Definition at line 347 of file oblife.c.

348 {
349  PVOID Buffer = Name->Buffer;
350 
351  /* We know this is a pool-allocation if the size doesn't match */
352  if (Name->MaximumLength != OBP_NAME_LOOKASIDE_MAX_SIZE)
353  {
354  /*
355  * Free it from the pool.
356  *
357  * We cannot use here ExFreePoolWithTag(..., OB_NAME_TAG); , because
358  * the object name may have been massaged during operation by different
359  * object parse routines. If the latter ones have to resolve a symbolic
360  * link (e.g. as is done by CmpParseKey() and CmpGetSymbolicLink()),
361  * the original object name is freed and re-allocated from the pool,
362  * possibly with a different pool tag. At the end of the day, the new
363  * object name can be reallocated and completely different, but we
364  * should still be able to free it!
365  */
367  }
368  else
369  {
370  /* Otherwise, free from the lookaside */
372  }
373 }
FORCEINLINE VOID ObpFreeCapturedAttributes(IN PVOID Buffer, IN PP_NPAGED_LOOKASIDE_NUMBER Type)
Definition: ob_x.h:348
Definition: bufpool.h:45
#define OBP_NAME_LOOKASIDE_MAX_SIZE
Definition: ob_x.h:18
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by ObCreateObject(), ObOpenObjectByName(), ObpCaptureObjectName(), and ObReferenceObjectByName().

◆ ObpInitSdCache()

INIT_FUNCTION NTSTATUS NTAPI ObpInitSdCache ( VOID  )

Definition at line 61 of file obsdcach.c.

62 {
63  ULONG i;
64 
65  /* Loop each cache entry */
66  for (i = 0; i < SD_CACHE_ENTRIES; i++)
67  {
68  /* Initialize the lock and the list */
71  }
72 
73  /* Return success */
74  return STATUS_SUCCESS;
75 }
OB_SD_CACHE_LIST ObsSecurityDescriptorCache[SD_CACHE_ENTRIES]
Definition: obsdcach.c:18
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define SD_CACHE_ENTRIES
Definition: obsdcach.c:17
#define ExInitializePushLock
Definition: ex.h:999
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by ObInitSystem().

◆ ObpInsertEntryDirectory()

BOOLEAN NTAPI ObpInsertEntryDirectory ( IN POBJECT_DIRECTORY  Parent,
IN POBP_LOOKUP_CONTEXT  Context,
IN POBJECT_HEADER  ObjectHeader 
)

Definition at line 45 of file obdir.c.

48 {
49  POBJECT_DIRECTORY_ENTRY *AllocatedEntry;
50  POBJECT_DIRECTORY_ENTRY NewEntry;
51  POBJECT_HEADER_NAME_INFO HeaderNameInfo;
52 
53  /* Make sure we have a name */
54  ASSERT(ObjectHeader->NameInfoOffset != 0);
55 
56  /* Validate the context */
57  if ((Context->Object) ||
58  !(Context->DirectoryLocked) ||
59  (Parent != Context->Directory))
60  {
61  /* Invalid context */
62  DPRINT1("OB: ObpInsertEntryDirectory - invalid context %p %u\n",
63  Context, Context->DirectoryLocked);
64  ASSERT(FALSE);
65  return FALSE;
66  }
67 
68  /* Allocate a new Directory Entry */
70  sizeof(OBJECT_DIRECTORY_ENTRY),
71  OB_DIR_TAG);
72  if (!NewEntry) return FALSE;
73 
74  /* Save the hash */
75  NewEntry->HashValue = Context->HashValue;
76 
77  /* Get the Object Name Information */
78  HeaderNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
79 
80  /* Get the Allocated entry */
81  AllocatedEntry = &Parent->HashBuckets[Context->HashIndex];
82 
83  /* Set it */
84  NewEntry->ChainLink = *AllocatedEntry;
85  *AllocatedEntry = NewEntry;
86 
87  /* Associate the Object */
88  NewEntry->Object = &ObjectHeader->Body;
89 
90  /* Associate the Directory */
91  HeaderNameInfo->Directory = Parent;
92  return TRUE;
93 }
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
#define TRUE
Definition: types.h:120
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:728
PVOID Object
Definition: obtypes.h:401
#define OB_DIR_TAG
Definition: tag.h:152
ULONG HashValue
Definition: obtypes.h:403
Definition: obtypes.h:398
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
struct _OBJECT_DIRECTORY_ENTRY * ChainLink
Definition: obtypes.h:400
#define DPRINT1
Definition: precomp.h:8

Referenced by ObCreateObjectType(), ObInitSystem(), and ObpLookupObjectName().

◆ ObpLookupEntryDirectory()

PVOID NTAPI ObpLookupEntryDirectory ( IN POBJECT_DIRECTORY  Directory,
IN PUNICODE_STRING  Name,
IN ULONG  Attributes,
IN UCHAR  SearchShadow,
IN POBP_LOOKUP_CONTEXT  Context 
)

Definition at line 158 of file obdir.c.

163 {
165  POBJECT_HEADER_NAME_INFO HeaderNameInfo;
166  POBJECT_HEADER ObjectHeader;
168  ULONG HashIndex;
169  LONG TotalChars;
170  WCHAR CurrentChar;
171  POBJECT_DIRECTORY_ENTRY *AllocatedEntry;
172  POBJECT_DIRECTORY_ENTRY *LookupBucket;
173  POBJECT_DIRECTORY_ENTRY CurrentEntry;
174  PVOID FoundObject = NULL;
175  PWSTR Buffer;
176  POBJECT_DIRECTORY ShadowDirectory;
177  PAGED_CODE();
178 
179  /* Check if we should search the shadow directory */
180  if (ObpLUIDDeviceMapsEnabled == 0) SearchShadow = FALSE;
181 
182  /* Fail if we don't have a directory or name */
183  if (!(Directory) || !(Name)) goto Quickie;
184 
185  /* Get name information */
186  TotalChars = Name->Length / sizeof(WCHAR);
187  Buffer = Name->Buffer;
188 
189  /* Set up case-sensitivity */
191 
192  /* Fail if the name is empty */
193  if (!(Buffer) || !(TotalChars)) goto Quickie;
194 
195  /* Create the Hash */
196  for (HashValue = 0; TotalChars; TotalChars--)
197  {
198  /* Go to the next Character */
199  CurrentChar = *Buffer++;
200 
201  /* Prepare the Hash */
202  HashValue += (HashValue << 1) + (HashValue >> 1);
203 
204  /* Create the rest based on the name */
205  if (CurrentChar < 'a') HashValue += CurrentChar;
206  else if (CurrentChar > 'z') HashValue += RtlUpcaseUnicodeChar(CurrentChar);
207  else HashValue += (CurrentChar - ('a'-'A'));
208  }
209 
210  /* Merge it with our number of hash buckets */
211  HashIndex = HashValue % 37;
212 
213  /* Save the result */
214  Context->HashValue = HashValue;
215  Context->HashIndex = (USHORT)HashIndex;
216 
217 DoItAgain:
218  /* Get the root entry and set it as our lookup bucket */
219  AllocatedEntry = &Directory->HashBuckets[HashIndex];
220  LookupBucket = AllocatedEntry;
221 
222  /* Check if the directory is already locked */
223  if (!Context->DirectoryLocked)
224  {
225  /* Lock it */
227  }
228 
229  /* Start looping */
230  while ((CurrentEntry = *AllocatedEntry))
231  {
232  /* Do the hashes match? */
233  if (CurrentEntry->HashValue == HashValue)
234  {
235  /* Make sure that it has a name */
236  ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentEntry->Object);
237 
238  /* Get the name information */
239  ASSERT(ObjectHeader->NameInfoOffset != 0);
240  HeaderNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
241 
242  /* Do the names match? */
243  if ((Name->Length == HeaderNameInfo->Name.Length) &&
244  (RtlEqualUnicodeString(Name, &HeaderNameInfo->Name, CaseInsensitive)))
245  {
246  break;
247  }
248  }
249 
250  /* Move to the next entry */
251  AllocatedEntry = &CurrentEntry->ChainLink;
252  }
253 
254  /* Check if we still have an entry */
255  if (CurrentEntry)
256  {
257  /* Set this entry as the first, to speed up incoming insertion */
258  if (AllocatedEntry != LookupBucket)
259  {
260  /* Check if the directory was locked or convert the lock */
261  if ((Context->DirectoryLocked) ||
263  {
264  /* Set the Current Entry */
265  *AllocatedEntry = CurrentEntry->ChainLink;
266 
267  /* Link to the old Hash Entry */
268  CurrentEntry->ChainLink = *LookupBucket;
269 
270  /* Set the new Hash Entry */
271  *LookupBucket = CurrentEntry;
272  }
273  }
274 
275  /* Save the found object */
276  FoundObject = CurrentEntry->Object;
277  goto Quickie;
278  }
279  else
280  {
281  /* Check if the directory was locked */
282  if (!Context->DirectoryLocked)
283  {
284  /* Release the lock */
286  }
287 
288  /* Check if we should scan the shadow directory */
289  if ((SearchShadow) && (Directory->DeviceMap))
290  {
291  ShadowDirectory = ObpGetShadowDirectory(Directory);
292  /* A global DOS directory was found, loop it again */
293  if (ShadowDirectory != NULL)
294  {
295  Directory = ShadowDirectory;
296  goto DoItAgain;
297  }
298  }
299  }
300 
301 Quickie:
302  /* Check if we inserted an object */
303  if (FoundObject)
304  {
305  /* Get the object name information */
306  ObjectHeader = OBJECT_TO_OBJECT_HEADER(FoundObject);
307  ObpReferenceNameInfo(ObjectHeader);
308 
309  /* Reference the object being looked up */
310  ObReferenceObject(FoundObject);
311 
312  /* Check if the directory was locked */
313  if (!Context->DirectoryLocked)
314  {
315  /* Release the lock */
317  }
318  }
319 
320  /* Check if we found an object already */
321  if (Context->Object)
322  {
323  /* We already did a lookup, so remove this object's query reference */
324  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Context->Object);
325  HeaderNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
326  ObpDereferenceNameInfo(HeaderNameInfo);
327 
328  /* Also dereference the object itself */
329  ObDereferenceObject(Context->Object);
330  }
331 
332  /* Return the object we found */
333  Context->Object = FoundObject;
334  return FoundObject;
335 }
#define TRUE
Definition: types.h:120
ULONG ObpLUIDDeviceMapsEnabled
Definition: devicemap.c:18
uint16_t * PWSTR
Definition: typedefs.h:54
UNICODE_STRING Name
Definition: obtypes.h:433
_In_ BOOLEAN _In_ ULONG _Out_ PULONG HashValue
Definition: rtlfuncs.h:2039
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
UCHAR NameInfoOffset
Definition: obtypes.h:494
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
NTSYSAPI WCHAR NTAPI RtlUpcaseUnicodeChar(WCHAR Source)
PVOID Object
Definition: obtypes.h:401
#define PAGED_CODE()
Definition: video.h:57
FORCEINLINE VOID ObpReleaseDirectoryLock(IN POBJECT_DIRECTORY Directory, IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:210
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
long LONG
Definition: pedump.c:60
POBJECT_DIRECTORY NTAPI ObpGetShadowDirectory(IN POBJECT_DIRECTORY Directory)
Definition: obdir.c:110
FORCEINLINE VOID ObpAcquireDirectoryLockShared(IN POBJECT_DIRECTORY Directory, IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:174
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_In_ const STRING _In_ BOOLEAN CaseInsensitive
Definition: rtlfuncs.h:2261
Definition: bufpool.h:45
__wchar_t WCHAR
Definition: xmlstorage.h:180
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
ULONG HashValue
Definition: obtypes.h:403
Definition: obtypes.h:398
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
_Must_inspect_result_ _In_ USHORT _In_ PHIDP_PREPARSED_DATA _Out_writes_to_ LengthAttributes PHIDP_EXTENDED_ATTRIBUTES Attributes
Definition: hidpi.h:348
unsigned short USHORT
Definition: pedump.c:61
FORCEINLINE BOOLEAN ExConvertPushLockSharedToExclusive(IN PEX_PUSH_LOCK PushLock)
Definition: ex.h:1125
struct _OBJECT_DIRECTORY_ENTRY * ChainLink
Definition: obtypes.h:400
#define ObReferenceObject
Definition: obfuncs.h:204
unsigned int ULONG
Definition: retypes.h:1
base for all directory entries
Definition: entries.h:138
IN BOOLEAN OUT PSTR Buffer
Definition: progress.h:34
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)

Referenced by ObCreateObjectType(), ObInitSystem(), ObpDeleteNameCheck(), ObpLookupObjectName(), and ObpProcessDosDeviceSymbolicLink().

◆ ObpLookupObjectName()

NTSTATUS NTAPI ObpLookupObjectName ( IN HANDLE RootHandle  OPTIONAL,
IN OUT PUNICODE_STRING  ObjectName,
IN ULONG  Attributes,
IN POBJECT_TYPE  ObjectType,
IN KPROCESSOR_MODE  AccessMode,
IN OUT PVOID  ParseContext,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos  OPTIONAL,
IN PVOID InsertObject  OPTIONAL,
IN OUT PACCESS_STATE  AccessState,
OUT POBP_LOOKUP_CONTEXT  LookupContext,
OUT PVOID FoundObject 
)

Definition at line 448 of file obname.c.

459 {
460  PVOID Object;
461  POBJECT_HEADER ObjectHeader;
462  UNICODE_STRING ComponentName, RemainingName;
463  BOOLEAN Reparse = FALSE, SymLink = FALSE;
465  POBJECT_DIRECTORY ReferencedDirectory = NULL, ReferencedParentDirectory = NULL;
466  KIRQL CalloutIrql;
467  OB_PARSE_METHOD ParseRoutine;
469  KPROCESSOR_MODE AccessCheckMode;
470  PWCHAR NewName;
471  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
472  ULONG MaxReparse = 30;
473  PDEVICE_MAP DeviceMap = NULL;
474  UNICODE_STRING LocalName;
475  PAGED_CODE();
477  "%s - Finding Object: %wZ. Expecting: %p\n",
478  __FUNCTION__,
479  ObjectName,
480  InsertObject);
481 
482  /* Initialize starting state */
483  ObpInitializeLookupContext(LookupContext);
484  *FoundObject = NULL;
486  Object = NULL;
487 
488  /* Check if case-insensitivity is checked */
489  if (ObpCaseInsensitive)
490  {
491  /* Check if the object type requests this */
492  if (!(ObjectType) || (ObjectType->TypeInfo.CaseInsensitive))
493  {
494  /* Add the flag to disable case sensitivity */
496  }
497  }
498 
499  /* Check if this is a access checks are being forced */
500  AccessCheckMode = (Attributes & OBJ_FORCE_ACCESS_CHECK) ?
502 
503  /* Check if we got a Root Directory */
504  if (RootHandle)
505  {
506  /* We did. Reference it */
507  Status = ObReferenceObjectByHandle(RootHandle,
508  0,
509  NULL,
510  AccessMode,
511  (PVOID*)&RootDirectory,
512  NULL);
513  if (!NT_SUCCESS(Status)) return Status;
514 
515  /* Get the header */
516  ObjectHeader = OBJECT_TO_OBJECT_HEADER(RootDirectory);
517 
518  /* The name cannot start with a separator, unless this is a file */
519  if ((ObjectName->Buffer) &&
520  (ObjectName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR) &&
521  (ObjectHeader->Type != IoFileObjectType))
522  {
523  /* The syntax is bad, so fail this request */
526  }
527 
528  /* Don't parse a Directory */
529  if (ObjectHeader->Type != ObpDirectoryObjectType)
530  {
531  /* Make sure the Object Type has a parse routine */
532  ParseRoutine = ObjectHeader->Type->TypeInfo.ParseProcedure;
533  if (!ParseRoutine)
534  {
535  /* We can't parse a name if we don't have a parse routine */
537  return STATUS_INVALID_HANDLE;
538  }
539 
540  /* Set default parse count */
541  MaxReparse = 30;
542 
543  /* Now parse */
544  while (TRUE)
545  {
546  /* Start with the full name */
548 
549  /* Call the Parse Procedure */
550  ObpCalloutStart(&CalloutIrql);
551  Status = ParseRoutine(RootDirectory,
552  ObjectType,
553  AccessState,
554  AccessCheckMode,
555  Attributes,
556  ObjectName,
557  &RemainingName,
558  ParseContext,
559  SecurityQos,
560  &Object);
561  ObpCalloutEnd(CalloutIrql, "Parse", ObjectHeader->Type, Object);
562 
563  /* Check for success or failure, so not reparse */
564  if ((Status != STATUS_REPARSE) &&
566  {
567  /* Check for failure */
568  if (!NT_SUCCESS(Status))
569  {
570  /* Parse routine might not have cleared this, do it */
571  Object = NULL;
572  }
573  else if (!Object)
574  {
575  /* Modify status to reflect failure inside Ob */
577  }
578 
579  /* We're done, return the status and object */
580  *FoundObject = Object;
582  return Status;
583  }
584  else if ((!ObjectName->Length) ||
585  (!ObjectName->Buffer) ||
586  (ObjectName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR))
587  {
588  /* Reparsed to the root directory, so start over */
591 
592  /* Don't use this anymore, since we're starting at root */
593  RootHandle = NULL;
594  goto ParseFromRoot;
595  }
596  else if (--MaxReparse)
597  {
598  /* Try reparsing again */
599  continue;
600  }
601  else
602  {
603  /* Reparsed too many times */
605 
606  /* Return the object and normalized status */
607  *FoundObject = Object;
609  return Status;
610  }
611  }
612  }
613  else if (!(ObjectName->Length) || !(ObjectName->Buffer))
614  {
615  /* Just return the Root Directory if we didn't get a name */
617  0,
618  ObjectType,
619  AccessMode);
621 
622  /* Remove the first reference we added and return the object */
624  *FoundObject = Object;
625  return Status;
626  }
627 
628  LocalName = *ObjectName;
629  }
630  else
631  {
632  /* We did not get a Root Directory, so use the root */
634 
635  /* It must start with a path separator */
636  if (!(ObjectName->Length) ||
637  !(ObjectName->Buffer) ||
638  (ObjectName->Buffer[0] != OBJ_NAME_PATH_SEPARATOR))
639  {
640  /* This name is invalid, so fail */
642  }
643 
644  /* Check if the name is only the path separator */
645  if (ObjectName->Length == sizeof(OBJ_NAME_PATH_SEPARATOR))
646  {
647  /* So the caller only wants the root directory; do we have one? */
648  if (!RootDirectory)
649  {
650  /* This must be the first time we're creating it... right? */
651  if (InsertObject)
652  {
653  /* Yes, so return it to ObInsert so that it can create it */
654  Status = ObReferenceObjectByPointer(InsertObject,
655  0,
656  ObjectType,
657  AccessMode);
658  if (NT_SUCCESS(Status)) *FoundObject = InsertObject;
659  return Status;
660  }
661  else
662  {
663  /* This should never really happen */
664  ASSERT(FALSE);
666  }
667  }
668  else
669  {
670  /* We do have the root directory, so just return it */
672  0,
673  ObjectType,
674  AccessMode);
675  if (NT_SUCCESS(Status)) *FoundObject = RootDirectory;
676  return Status;
677  }
678  }
679  else
680  {
681 ParseFromRoot:
682  LocalName = *ObjectName;
683 
684  /* Deference the device map if we already have one */
685  if (DeviceMap != NULL)
686  {
687  ObfDereferenceDeviceMap(DeviceMap);
688  DeviceMap = NULL;
689  }
690 
691  /* Check if this is a possible DOS name */
692  if (!((ULONG_PTR)(ObjectName->Buffer) & 7))
693  {
694  /*
695  * This could be one. Does it match the prefix?
696  * Note that as an optimization, the match is done as 64-bit
697  * compare since the prefix is "\??\" which is exactly 8 bytes.
698  *
699  * In the second branch, we test for "\??" which is also valid.
700  * This time, we use a 32-bit compare followed by a Unicode
701  * character compare (16-bit), since the sum is 6 bytes.
702  */
703  if ((ObjectName->Length >= ObpDosDevicesShortName.Length) &&
704  (*(PULONGLONG)(ObjectName->Buffer) ==
706  {
707  DeviceMap = ObpReferenceDeviceMap();
708  /* We have a local mapping, drop the ?? prefix */
709  if (DeviceMap != NULL && DeviceMap->DosDevicesDirectory != NULL)
710  {
711  LocalName.Length -= ObpDosDevicesShortName.Length;
713  LocalName.Buffer += (ObpDosDevicesShortName.Length / sizeof(WCHAR));
714 
715  /* We'll browse that local directory */
716  Directory = DeviceMap->DosDevicesDirectory;
717  }
718  }
719  else if ((ObjectName->Length == ObpDosDevicesShortName.Length -
720  sizeof(WCHAR)) &&
721  (*(PULONG)(ObjectName->Buffer) ==
723  (*((PWCHAR)(ObjectName->Buffer) + 2) ==
725  {
726  DeviceMap = ObpReferenceDeviceMap();
727 
728  /* Caller is looking for the directory itself */
729  if (DeviceMap != NULL && DeviceMap->DosDevicesDirectory != NULL)
730  {
732  0,
733  ObjectType,
734  AccessMode);
735  if (NT_SUCCESS(Status))
736  {
737  *FoundObject = DeviceMap->DosDevicesDirectory;
738  }
739 
740  ObfDereferenceDeviceMap(DeviceMap);
741  return Status;
742  }
743  }
744  }
745  }
746  }
747 
748  /* Check if we were reparsing a symbolic link */
749  if (!SymLink)
750  {
751  /* Allow reparse */
752  Reparse = TRUE;
753  MaxReparse = 30;
754  }
755 
756  /* Reparse */
757  while (Reparse && MaxReparse)
758  {
759  /* Get the name */
760  RemainingName = LocalName;
761 
762  /* Disable reparsing again */
763  Reparse = FALSE;
764 
765  /* Start parse loop */
766  while (TRUE)
767  {
768  /* Clear object */
769  Object = NULL;
770 
771  /* Check if the name starts with a path separator */
772  if ((RemainingName.Length) &&
773  (RemainingName.Buffer[0] == OBJ_NAME_PATH_SEPARATOR))
774  {
775  /* Skip the path separator */
776  RemainingName.Buffer++;
777  RemainingName.Length -= sizeof(OBJ_NAME_PATH_SEPARATOR);
778  }
779 
780  /* Find the next Part Name */
781  ComponentName = RemainingName;
782  while (RemainingName.Length)
783  {
784  /* Break if we found the \ ending */
785  if (RemainingName.Buffer[0] == OBJ_NAME_PATH_SEPARATOR) break;
786 
787  /* Move on */
788  RemainingName.Buffer++;
789  RemainingName.Length -= sizeof(OBJ_NAME_PATH_SEPARATOR);
790  }
791 
792  /* Get its size and make sure it's valid */
793  ComponentName.Length -= RemainingName.Length;
794  if (!ComponentName.Length)
795  {
796  /* Invalid size, fail */
798  break;
799  }
800 
801  /* Check if we're in the root */
803 
804  /* Check if this is a user-mode call that needs to traverse */
805  if ((AccessCheckMode != KernelMode) &&
807  {
808  /* We shouldn't have referenced a directory yet */
809  ASSERT(ReferencedDirectory == NULL);
810 
811  /* Reference the directory */
813  ReferencedDirectory = Directory;
814 
815  /* Check if we have a parent directory */
816  if (ParentDirectory)
817  {
818  /* Check for traverse access */
821  AccessState,
822  FALSE,
823  AccessCheckMode,
824  &Status))
825  {
826  /* We don't have it, fail */
827  break;
828  }
829  }
830  }
831 
832  /* Check if we don't have a remaining name yet */
833  if (!RemainingName.Length)
834  {
835  /* Check if we don't have a referenced directory yet */
836  if (!ReferencedDirectory)
837  {
838  /* Reference it */
840  ReferencedDirectory = Directory;
841  }
842 
843  /* Check if we are inserting an object */
844  if (InsertObject)
845  {
846  /* Lock the directory */
848  }
849  }
850 
851  /* Do the lookup */
853  &ComponentName,
854  Attributes,
855  InsertObject ? FALSE : TRUE,
856  LookupContext);
857  if (!Object)
858  {
859  /* We didn't find it... do we still have a path? */
860  if (RemainingName.Length)
861  {
862  /* Then tell the caller the path wasn't found */
864  break;
865  }
866  else if (!InsertObject)
867  {
868  /* Otherwise, we have a path, but the name isn't valid */
870  break;
871  }
872 
873  /* Check create access for the object */
878  AccessState,
879  &ComponentName,
880  FALSE,
881  AccessCheckMode,
882  &Status))
883  {
884  /* We don't have create access, fail */
885  break;
886  }
887 
888  /* Get the object header */
889  ObjectHeader = OBJECT_TO_OBJECT_HEADER(InsertObject);
890 
891  /*
892  * Deny object creation if:
893  * That's a section object or a symbolic link
894  * Which isn't in the same section that root directory
895  * That doesn't have the SeCreateGlobalPrivilege
896  * And that is not a known unsecure name
897  */
898  if (RootDirectory->SessionId != -1)
899  {
900  if (ObjectHeader->Type == MmSectionObjectType ||
901  ObjectHeader->Type == ObpSymbolicLinkObjectType)
902  {
903  if (RootDirectory->SessionId != PsGetCurrentProcessSessionId() &&
904  !SeSinglePrivilegeCheck(SeCreateGlobalPrivilege, AccessCheckMode) &&
906  {
908  break;
909  }
910  }
911  }
912 
913  /* Create Object Name */
915  ComponentName.Length,
916  OB_NAME_TAG);
917  if (!(NewName) ||
919  LookupContext,
920  ObjectHeader)))
921  {
922  /* Either couldn't allocate the name, or insert failed */
924 
925  /* Fail due to memory reasons */
927  break;
928  }
929 
930  /* Reference newly to be inserted object */
931  ObReferenceObject(InsertObject);
932 
933  /* Get the name information */
934  ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
935 
936  /* Reference the directory */
938 
939  /* Copy the Name */
941  ComponentName.Buffer,
942  ComponentName.Length);
943 
944  /* Check if we had an old name */
945  if (ObjectNameInfo->Name.Buffer)
946  {
947  /* Free it */
948  ExFreePoolWithTag(ObjectNameInfo->Name.Buffer, OB_NAME_TAG);
949  }
950 
951  /* Write new one */
952  ObjectNameInfo->Name.Buffer = NewName;
953  ObjectNameInfo->Name.Length = ComponentName.Length;
954  ObjectNameInfo->Name.MaximumLength = ComponentName.Length;
955 
956  /* Return Status and the Expected Object */
958  Object = InsertObject;
959 
960  /* Get out of here */
961  break;
962  }
963 
964 ReparseObject:
965  /* We found it, so now get its header */
966  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
967 
968  /*
969  * Check for a parse Procedure, but don't bother to parse for an insert
970  * unless it's a Symbolic Link, in which case we MUST parse
971  */
972  ParseRoutine = ObjectHeader->Type->TypeInfo.ParseProcedure;
973  if ((ParseRoutine) &&
974  (!(InsertObject) || (ParseRoutine == ObpParseSymbolicLink)))
975  {
976  /* Use the Root Directory next time */
977  Directory = NULL;
978 
979  /* Increment the pointer count */
980  InterlockedExchangeAddSizeT(&ObjectHeader->PointerCount, 1);
981 
982  /* Cleanup from the first lookup */
983  ObpReleaseLookupContext(LookupContext);
984 
985  /* Check if we have a referenced directory */
986  if (ReferencedDirectory)
987  {
988  /* We do, dereference it */
989  ObDereferenceObject(ReferencedDirectory);
990  ReferencedDirectory = NULL;
991  }
992 
993  /* Check if we have a referenced parent directory */
994  if (ReferencedParentDirectory)
995  {
996  /* We do, dereference it */
997  ObDereferenceObject(ReferencedParentDirectory);
998  ReferencedParentDirectory = NULL;
999  }
1000 
1001  /* Call the Parse Procedure */
1002  ObpCalloutStart(&CalloutIrql);
1003  Status = ParseRoutine(Object,
1004  ObjectType,
1005  AccessState,
1006  AccessCheckMode,
1007  Attributes,
1008  ObjectName,
1009  &RemainingName,
1010  ParseContext,
1011  SecurityQos,
1012  &Object);
1013  ObpCalloutEnd(CalloutIrql, "Parse", ObjectHeader->Type, Object);
1014 
1015  /* Remove our extra reference */
1016  ObDereferenceObject(&ObjectHeader->Body);
1017 
1018  /* Check if we have to reparse */
1019  if ((Status == STATUS_REPARSE) ||
1021  {
1022  /* Reparse again */
1023  Reparse = TRUE;
1024  --MaxReparse;
1025  if (MaxReparse == 0)
1026  {
1027  Object = NULL;
1028  break;
1029  }
1030 
1031  /* Start over from root if we got sent back there */
1032  if ((Status == STATUS_REPARSE_OBJECT) ||
1033  (ObjectName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR))
1034  {
1035  /* Check if we got a root directory */
1036  if (RootHandle)
1037  {
1038  /* Stop using it, because we have a new directory now */
1040  RootHandle = NULL;
1041  }
1042 
1043  /* Start at Root */
1046 
1047  /* Check for reparse status */
1049  {
1050  /* Don't reparse again */
1051  Reparse = FALSE;
1052 
1053  /* Did we actually get an object to which to reparse? */
1054  if (!Object)
1055  {
1056  /* We didn't, so set a failure status */
1058  }
1059  else
1060  {
1061  /* We did, so we're free to parse the new object */
1062  goto ReparseObject;
1063  }
1064  }
1065  else
1066  {
1067  /* This is a symbolic link */
1068  SymLink = TRUE;
1069  goto ParseFromRoot;
1070  }
1071  }
1073  {
1074  /* We got STATUS_REPARSE but are at the Root Directory */
1075  Object = NULL;
1077  Reparse = FALSE;
1078  }
1079  }
1080  else if (!NT_SUCCESS(Status))
1081  {
1082  /* Total failure */
1083  Object = NULL;
1084  }
1085  else if (!Object)
1086  {
1087  /* We didn't reparse but we didn't find the Object Either */
1089  }
1090 
1091  /* Break out of the loop */
1092  break;
1093  }
1094  else
1095  {
1096  /* No parse routine...do we still have a remaining name? */
1097  if (!RemainingName.Length)
1098  {
1099  /* Are we creating an object? */
1100  if (!InsertObject)
1101  {
1102  /* Check if this is a user-mode call that needs to traverse */
1103  if ((AccessCheckMode != KernelMode) &&
1105  {
1106  /* Check if we can get it */
1109  AccessState,
1110  FALSE,
1111  AccessCheckMode,
1112  &Status))
1113  {
1114  /* We don't have access, fail */
1115  Object = NULL;
1116  break;
1117  }
1118  }
1119 
1120  /* Reference the Object */
1122  0,
1123  ObjectType,
1124  AccessMode);
1125  if (!NT_SUCCESS(Status)) Object = NULL;
1126  }
1127 
1128  /* And get out of the reparse loop */
1129  break;
1130  }
1131  else
1132  {
1133  /* We still have a name; check if this is a directory object */
1134  if (ObjectHeader->Type == ObpDirectoryObjectType)
1135  {
1136  /* Check if we have a referenced parent directory */
1137  if (ReferencedParentDirectory)
1138  {
1139  /* Dereference it */
1140  ObDereferenceObject(ReferencedParentDirectory);
1141  }
1142 
1143  /* Restart the lookup from this directory */
1144  ReferencedParentDirectory = ReferencedDirectory;
1146  Directory = Object;
1147  ReferencedDirectory = NULL;
1148  }
1149  else
1150  {
1151  /* We still have a name, but no parse routine for it */
1153  Object = NULL;
1154  break;
1155  }
1156  }
1157  }
1158  }
1159  }
1160 
1161  /* Check if we failed */
1162  if (!NT_SUCCESS(Status))
1163  {
1164  /* Cleanup after lookup */
1165  ObpReleaseLookupContext(LookupContext);
1166  }
1167 
1168  /* Check if we have a device map and dereference it if so */
1169  if (DeviceMap) ObfDereferenceDeviceMap(DeviceMap);
1170 
1171  /* Check if we have a referenced directory and dereference it if so */
1172  if (ReferencedDirectory) ObDereferenceObject(ReferencedDirectory);
1173 
1174  /* Check if we have a referenced parent directory */
1175  if (ReferencedParentDirectory)
1176  {
1177  /* We do, dereference it */
1178  ObDereferenceObject(ReferencedParentDirectory);
1179  }
1180 
1181  /* Set the found object and check if we got one */
1182  *FoundObject = Object;
1183  if (!Object)
1184  {
1185  /* Nothing was found. Did we reparse or get success? */
1186  if ((Status == STATUS_REPARSE) || (NT_SUCCESS(Status)))
1187  {
1188  /* Set correct failure */
1190  }
1191  }
1192 
1193  /* Check if we had a root directory */
1194  if (RootHandle) ObDereferenceObject(RootDirectory);
1195 
1196  /* Return status to caller */
1198  "%s - Found Object: %p. Expected: %p\n",
1199  __FUNCTION__,
1200  *FoundObject,
1201  InsertObject);
1202  return Status;
1203 }
ObjectType
Definition: metafile.c:80
UNICODE_STRING ObpDosDevicesShortName
Definition: obname.c:25
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
BOOLEAN ObpCaseInsensitive
Definition: obname.c:18
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
WCHAR RootDirectory[MAX_PATH]
Definition: format.c:74
USHORT MaximumLength
Definition: env_spec_w32.h:370
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define BooleanFlagOn(F, SF)
Definition: ext2fs.h:183
#define DIRECTORY_CREATE_OBJECT
Definition: nt_native.h:1256
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
BOOLEAN NTAPI ObpIsUnsecureName(IN PUNICODE_STRING ObjectName, IN BOOLEAN CaseInSensitive)
Definition: obname.c:398
LONG NTSTATUS
Definition: precomp.h:26
UNICODE_STRING Name
Definition: obtypes.h:433
$ULONG LowPart
Definition: ntbasedef.h:576
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:524
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
Definition: setypes.h:1124
BOOLEAN NTAPI ObpCheckTraverseAccess(IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
Definition: obsecure.c:267
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
uint16_t * PWCHAR
Definition: typedefs.h:54
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:231
#define PAGED_CODE()
Definition: video.h:57
uint32_t ULONG_PTR
Definition: typedefs.h:63
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
UCHAR KIRQL
Definition: env_spec_w32.h:591
ULARGE_INTEGER Alignment
Definition: ob.h:144
#define OBJ_FORCE_ACCESS_CHECK
Definition: winternl.h:232
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
ULONGLONG QuadPart
Definition: ms-dtyp.idl:185
#define OBJ_NAME_PATH_SEPARATOR
Definition: arcname_tests.c:25
#define STATUS_REPARSE_OBJECT
Definition: ntstatus.h:102
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
unsigned char BOOLEAN
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:429
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
Definition: obref.c:383
NTSTATUS(NTAPI * OB_PARSE_METHOD)(_In_ PVOID ParseObject, _In_ PVOID ObjectType, _Inout_ PACCESS_STATE AccessState, _In_ KPROCESSOR_MODE AccessMode, _In_ ULONG Attributes, _Inout_ PUNICODE_STRING CompleteName, _Inout_ PUNICODE_STRING RemainingName, _Inout_opt_ PVOID Context, _In_opt_ PSECURITY_QUALITY_OF_SERVICE SecurityQos, _Out_ PVOID *Object)
Definition: obtypes.h:215
BOOLEAN NTAPI ObpInsertEntryDirectory(IN POBJECT_DIRECTORY Parent, IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_HEADER ObjectHeader)