Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

898 lines
21 KiB

/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
obsdata.c
Abstract:
Object Manager Security Descriptor Caching
Author:
Robert Reichel (robertre) 12-Oct-1993
Revision History:
Neill Clift (NeillC) 16-Nov-2000
General cleanup. Don't free/allocate pool under locks. Don't do unaligned fetches during hashing.
Reduce lock contention etc. Add fast referencing of security descriptor.
--*/
#include "obp.h"
#if DBG
#define OB_DIAGNOSTICS_ENABLED 1
#endif // DBG
//
// These definitions are useful diagnostics aids
//
#if OB_DIAGNOSTICS_ENABLED
//
// Test for enabled diagnostic
//
#define IF_OB_GLOBAL( FlagName ) if (ObsDebugFlags & (OBS_DEBUG_##FlagName))
//
// Diagnostics print statement
//
#define ObPrint( FlagName, _Text_ ) IF_OB_GLOBAL( FlagName ) DbgPrint _Text_
#else
//
// diagnostics not enabled - No diagnostics included in build
//
//
// Test for diagnostics enabled
//
#define IF_OB_GLOBAL( FlagName ) if (FALSE)
//
// Diagnostics print statement (expands to no-op)
//
#define ObPrint( FlagName, _Text_ ) ;
#endif // OB_DIAGNOSTICS_ENABLED
//
// The following flags enable or disable various diagnostic
// capabilities within OB code. These flags are set in
// ObGlobalFlag (only available within a DBG system).
//
//
#define OBS_DEBUG_ALLOC_TRACKING ((ULONG) 0x00000001L)
#define OBS_DEBUG_CACHE_FREES ((ULONG) 0x00000002L)
#define OBS_DEBUG_BREAK_ON_INIT ((ULONG) 0x00000004L)
#define OBS_DEBUG_SHOW_COLLISIONS ((ULONG) 0x00000008L)
#define OBS_DEBUG_SHOW_STATISTICS ((ULONG) 0x00000010L)
#define OBS_DEBUG_SHOW_REFERENCES ((ULONG) 0x00000020L)
#define OBS_DEBUG_SHOW_DEASSIGN ((ULONG) 0x00000040L)
#define OBS_DEBUG_STOP_INVALID_DESCRIPTOR ((ULONG) 0x00000080L)
#define OBS_DEBUG_SHOW_HEADER_FREE ((ULONG) 0x00000100L)
//
// Define struct of single hash clash chain
//
typedef struct _OB_SD_CACHE_LIST {
EX_PUSH_LOCK PushLock;
LIST_ENTRY Head;
} OB_SD_CACHE_LIST, *POB_SD_CACHE_LIST;
//
// Array of pointers to security descriptor entries
//
#ifdef ALLOC_DATA_PRAGMA
#pragma data_seg("PAGEDATA")
#endif
OB_SD_CACHE_LIST ObsSecurityDescriptorCache[SECURITY_DESCRIPTOR_CACHE_ENTRIES];
#if OB_DIAGNOSTICS_ENABLED
LONG ObsTotalCacheEntries = 0;
ULONG ObsDebugFlags = 0;
#endif
#ifdef ALLOC_DATA_PRAGMA
#pragma data_seg()
#endif
#if defined (ALLOC_PRAGMA)
#pragma alloc_text(INIT,ObpInitSecurityDescriptorCache)
#pragma alloc_text(PAGE,ObpHashSecurityDescriptor)
#pragma alloc_text(PAGE,ObpHashBuffer)
#pragma alloc_text(PAGE,ObLogSecurityDescriptor)
#pragma alloc_text(PAGE,ObpCreateCacheEntry)
#pragma alloc_text(PAGE,ObpReferenceSecurityDescriptor)
#pragma alloc_text(PAGE,ObDeassignSecurity)
#pragma alloc_text(PAGE,ObDereferenceSecurityDescriptor)
#pragma alloc_text(PAGE,ObpDestroySecurityDescriptorHeader)
#pragma alloc_text(PAGE,ObpCompareSecurityDescriptors)
#pragma alloc_text(PAGE,ObReferenceSecurityDescriptor)
#endif
NTSTATUS
ObpInitSecurityDescriptorCache (
VOID
)
/*++
Routine Description:
Allocates and initializes the globalSecurity Descriptor Cache
Arguments:
None
Return Value:
STATUS_SUCCESS on success, NTSTATUS on failure.
--*/
{
ULONG i;
IF_OB_GLOBAL( BREAK_ON_INIT ) {
DbgBreakPoint();
}
//
// Initialize all the list heads and their associated locks.
//
for (i = 0; i < SECURITY_DESCRIPTOR_CACHE_ENTRIES; i++) {
ExInitializePushLock (&ObsSecurityDescriptorCache[i].PushLock);
InitializeListHead (&ObsSecurityDescriptorCache[i].Head);
}
//
// And return to our caller
//
return( STATUS_SUCCESS );
}
ULONG
ObpHashSecurityDescriptor (
PSECURITY_DESCRIPTOR SecurityDescriptor,
ULONG Length
)
/*++
Routine Description:
Hashes a security descriptor to a 32 bit value
Arguments:
SecurityDescriptor - Provides the security descriptor to be hashed
Length - Length of security descriptor
Return Value:
ULONG - a 32 bit hash value.
--*/
{
ULONG Hash;
Hash = ObpHashBuffer (SecurityDescriptor, Length);
return Hash;
}
ULONG
ObpHashBuffer (
PVOID Data,
ULONG Length
)
/*++
Routine Description:
Hashes a buffer into a 32 bit value
Arguments:
Data - Buffer containing the data to be hashed.
Length - The length in bytes of the buffer
Return Value:
ULONG - a 32 bit hash value.
--*/
{
PULONG Buffer, BufferEnd;
PUCHAR Bufferp, BufferEndp;
ULONG Result = 0;
//
// Calculate buffer bounds as byte pointers
//
Bufferp = Data;
BufferEndp = Bufferp + Length;
//
// Calculate buffer bounds as rounded down ULONG pointers
//
Buffer = Data;
BufferEnd = (PULONG)(Bufferp + (Length&~(sizeof (ULONG) - 1)));
//
// Loop over a whole number of ULONGs
//
while (Buffer < BufferEnd) {
Result ^= *Buffer++;
Result = _rotl (Result, 3);
}
//
// Pull in the remaining bytes
//
Bufferp = (PUCHAR) Buffer;
while (Bufferp < BufferEndp) {
Result ^= *Bufferp++;
Result = _rotl (Result, 3);
}
return Result;
}
NTSTATUS
ObLogSecurityDescriptor (
IN PSECURITY_DESCRIPTOR InputSecurityDescriptor,
OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor,
IN ULONG RefBias
)
/*++
Routine Description:
Takes a passed security descriptor and registers it into the
security descriptor database.
Arguments:
InputSecurityDescriptor - The new security descriptor to be logged into
the database. On a successful return this memory will have been
freed back to pool.
OutputSecurityDescriptor - Output security descriptor to be used by the
caller.
RefBias - Amount to bias the security descriptor reference count by.
Typicaly either 1 or ExFastRefGetAdditionalReferenceCount () + 1,
Return Value:
An appropriate status value
--*/
{
ULONG FullHash;
ULONG Slot;
PSECURITY_DESCRIPTOR_HEADER NewDescriptor;
PLIST_ENTRY Front;
PSECURITY_DESCRIPTOR_HEADER Header = NULL;
BOOLEAN Match;
POB_SD_CACHE_LIST Chain;
PETHREAD CurrentThread;
ULONG Length;
Length = RtlLengthSecurityDescriptor (InputSecurityDescriptor);
FullHash = ObpHashSecurityDescriptor (InputSecurityDescriptor, Length);
Slot = FullHash % SECURITY_DESCRIPTOR_CACHE_ENTRIES;
NewDescriptor = NULL;
//
// First lock the table for read access. We will change this to write if we have to insert later
//
Chain = &ObsSecurityDescriptorCache[Slot];
CurrentThread = PsGetCurrentThread ();
KeEnterCriticalRegionThread (&CurrentThread->Tcb);
ExAcquirePushLockShared (&Chain->PushLock);
do {
//
// See if the list for this slot is in use.
// Lock the table first, unlock if if we don't need it.
//
Match = FALSE;
//
// Zoom down the hash bucket looking for a full hash match
//
for (Front = Chain->Head.Flink;
Front != &Chain->Head;
Front = Front->Flink) {
Header = LINK_TO_SD_HEADER (Front);
//
// The list is ordered by full hash value and is maintained this way by virtue
// of the fact that we use the 'Back' variable for the insert.
//
if (Header->FullHash > FullHash) {
break;
}
if (Header->FullHash == FullHash) {
Match = ObpCompareSecurityDescriptors (InputSecurityDescriptor,
Length,
&Header->SecurityDescriptor);
if (Match) {
break;
}
ObPrint (SHOW_COLLISIONS, ("Got a collision on %d, no match\n", Slot));
}
}
//
// If we have a match then we'll get the caller to use the old
// cached descriptor, but bumping its ref count, freeing what
// the caller supplied and returning the old one to our caller
//
if (Match) {
InterlockedExchangeAdd ((PLONG)&Header->RefCount, RefBias);
ObPrint (SHOW_REFERENCES, ("Reference Hash = 0x%lX, New RefCount = %d\n", Header->FullHash, Header->RefCount));
ExReleasePushLock (&Chain->PushLock);
KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
*OutputSecurityDescriptor = &Header->SecurityDescriptor;
if (NewDescriptor != NULL) {
ExFreePool (NewDescriptor);
}
return STATUS_SUCCESS;
}
if (NewDescriptor == NULL) {
ExReleasePushLockShared (&Chain->PushLock);
KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
//
// Can't use an existing one, create a new entry
// and insert it into the list.
//
NewDescriptor = ObpCreateCacheEntry (InputSecurityDescriptor,
Length,
FullHash,
RefBias);
if (NewDescriptor == NULL) {
return STATUS_INSUFFICIENT_RESOURCES;
}
//
// Reacquire the lock in write mode. We will probably have to insert now
//
KeEnterCriticalRegionThread (&CurrentThread->Tcb);
ExAcquirePushLockExclusive (&Chain->PushLock);
} else {
break;
}
} while (1);
#if OB_DIAGNOSTICS_ENABLED
InterlockedIncrement (&ObsTotalCacheEntries);
#endif
ObPrint (SHOW_STATISTICS, ("ObsTotalCacheEntries = %d \n", ObsTotalCacheEntries));
ObPrint (SHOW_COLLISIONS, ("Adding new entry for index #%d \n", Slot));
//
// Insert the entry before the 'Front' entry. If there is no 'Front' entry then this
// is just inserting at the head
//
InsertTailList (Front, &NewDescriptor->Link);
ExReleasePushLockExclusive (&Chain->PushLock);
KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
//
// Set the output security descriptor and return to our caller
//
*OutputSecurityDescriptor = &NewDescriptor->SecurityDescriptor;
return( STATUS_SUCCESS );
}
PSECURITY_DESCRIPTOR_HEADER
ObpCreateCacheEntry (
PSECURITY_DESCRIPTOR InputSecurityDescriptor,
ULONG SecurityDescriptorLength,
ULONG FullHash,
ULONG RefBias
)
/*++
Routine Description:
Allocates and initializes a new cache entry.
Arguments:
InputSecurityDescriptor - The security descriptor to be cached.
Length - Length of security descriptor
FullHash - Full 32 bit hash of the security descriptor.
RefBias - Amount to bias the security descriptor reference count by.
Typicaly either 1 or ExFastRefGetAdditionalReferenceCount () + 1,
Return Value:
A pointer to the newly allocated cache entry, or NULL
--*/
{
ULONG CacheEntrySize;
PSECURITY_DESCRIPTOR_HEADER NewDescriptor;
//
// Compute the size that we'll need to allocate. We need space for
// the security descriptor cache minus the funny quad at the end and the
// security descriptor itself.
//
ASSERT (SecurityDescriptorLength == RtlLengthSecurityDescriptor (InputSecurityDescriptor));
CacheEntrySize = SecurityDescriptorLength + (sizeof (SECURITY_DESCRIPTOR_HEADER) - sizeof(QUAD));
//
// Now allocate space for the cached entry
//
NewDescriptor = ExAllocatePoolWithTag (PagedPool, CacheEntrySize, 'cSbO');
if (NewDescriptor == NULL) {
return NULL;
}
//
// Fill the header, copy over the descriptor data, and return to our
// caller
//
NewDescriptor->RefCount = RefBias;
NewDescriptor->FullHash = FullHash;
RtlCopyMemory (&NewDescriptor->SecurityDescriptor,
InputSecurityDescriptor,
SecurityDescriptorLength);
return NewDescriptor;
}
VOID
ObReferenceSecurityDescriptor (
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ULONG Count
)
/*++
Routine Description:
References the security descriptor.
Arguments:
SecurityDescriptor - Security descriptor inside the cache to reference.
Count - Amount to reference by
Return Value:
None.
--*/
{
PSECURITY_DESCRIPTOR_HEADER SecurityDescriptorHeader;
SecurityDescriptorHeader = SD_TO_SD_HEADER( SecurityDescriptor );
ObPrint( SHOW_REFERENCES, ("Referencing Hash %lX, Refcount = %d \n",SecurityDescriptorHeader->FullHash,
SecurityDescriptorHeader->RefCount));
//
// Increment the reference count
//
InterlockedExchangeAdd ((PLONG)&SecurityDescriptorHeader->RefCount, Count);
}
PSECURITY_DESCRIPTOR
ObpReferenceSecurityDescriptor (
POBJECT_HEADER ObjectHeader
)
/*++
Routine Description:
References the security descriptor of the passed object.
Arguments:
Object - Object being access validated.
Return Value:
The security descriptor of the object.
--*/
{
PSECURITY_DESCRIPTOR_HEADER SecurityDescriptorHeader;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PEX_FAST_REF FastRef;
EX_FAST_REF OldRef;
ULONG RefsToAdd, Unused;
//
// Attempt the fast reference
//
FastRef = (PEX_FAST_REF) &ObjectHeader->SecurityDescriptor;
OldRef = ExFastReference (FastRef);
SecurityDescriptor = ExFastRefGetObject (OldRef);
//
// See if we can fast reference this security descriptor. Return NULL if there wasn't one
// and go the slow way if there are no more cached references left.
//
Unused = ExFastRefGetUnusedReferences (OldRef);
if (Unused >= 1 || SecurityDescriptor == NULL) {
if (Unused == 1) {
//
// If we took the counter to zero then attempt to make life easier for
// the next referencer by resetting the counter to its max. Since we now
// have a reference to the security descriptor we can do this.
//
RefsToAdd = ExFastRefGetAdditionalReferenceCount ();
SecurityDescriptorHeader = SD_TO_SD_HEADER( SecurityDescriptor );
InterlockedExchangeAdd ((PLONG)&SecurityDescriptorHeader->RefCount, RefsToAdd);
//
// Try to add the added references to the cache. If we fail then just
// release them. This dereference can not take the reference count to zero.
//
if (!ExFastRefAddAdditionalReferenceCounts (FastRef, SecurityDescriptor, RefsToAdd)) {
InterlockedExchangeAdd ((PLONG)&SecurityDescriptorHeader->RefCount, -(LONG)RefsToAdd);
}
}
return SecurityDescriptor;
}
ObpLockObjectShared( ObjectHeader );
SecurityDescriptor = ExFastRefGetObject (*FastRef);
IF_OB_GLOBAL( STOP_INVALID_DESCRIPTOR ) {
if(!RtlValidSecurityDescriptor ( SecurityDescriptor )) {
DbgBreakPoint();
}
}
//
// The obejcts security descriptor is not allowed to go fron NON-NULL to NULL.
//
SecurityDescriptorHeader = SD_TO_SD_HEADER( SecurityDescriptor );
ObPrint( SHOW_REFERENCES, ("Referencing Hash %lX, Refcount = %d \n",SecurityDescriptorHeader->FullHash,
SecurityDescriptorHeader->RefCount));
//
// Increment the reference count
//
InterlockedIncrement ((PLONG) &SecurityDescriptorHeader->RefCount);
ObpUnlockObject( ObjectHeader );
return( SecurityDescriptor );
}
NTSTATUS
ObDeassignSecurity (
IN OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor
)
/*++
Routine Description:
This routine dereferences the input security descriptor
Arguments:
SecurityDescriptor - Supplies the security descriptor
being modified
Return Value:
Only returns STATUS_SUCCESS
--*/
{
PSECURITY_DESCRIPTOR SecurityDescriptor;
EX_FAST_REF FastRef;
ObPrint( SHOW_DEASSIGN,("Deassigning security descriptor %x\n",*pSecurityDescriptor));
//
// NULL out the SecurityDescriptor in the object's
// header so we don't try to free it again.
//
FastRef = *(PEX_FAST_REF) pSecurityDescriptor;
*pSecurityDescriptor = NULL;
SecurityDescriptor = ExFastRefGetObject (FastRef);
ObDereferenceSecurityDescriptor (SecurityDescriptor, ExFastRefGetUnusedReferences (FastRef) + 1);
return STATUS_SUCCESS;
}
VOID
ObDereferenceSecurityDescriptor (
PSECURITY_DESCRIPTOR SecurityDescriptor,
ULONG Count
)
/*++
Routine Description:
Decrements the refcount of a cached security descriptor
Arguments:
SecurityDescriptor - Points to a cached security descriptor
Return Value:
None.
--*/
{
PSECURITY_DESCRIPTOR_HEADER SecurityDescriptorHeader;
PVOID PoolToFree;
LONG OldValue, NewValue;
POB_SD_CACHE_LIST Chain;
PETHREAD CurrentThread;
ULONG Slot;
SecurityDescriptorHeader = SD_TO_SD_HEADER( SecurityDescriptor );
//
// First see if its possible to do a non-zero transition lock free.
//
OldValue = SecurityDescriptorHeader->RefCount;
//
// If the old value is equal to the decrement then we will be the deleter of this block. We need the lock for that
//
while (OldValue != (LONG) Count) {
NewValue = InterlockedCompareExchange ((PLONG)&SecurityDescriptorHeader->RefCount, OldValue - Count, OldValue);
if (NewValue == OldValue) {
return;
}
OldValue = NewValue;
}
//
// Lock the security descriptor cache and get a pointer
// to the security descriptor header
//
Slot = SecurityDescriptorHeader->FullHash % SECURITY_DESCRIPTOR_CACHE_ENTRIES;
Chain = &ObsSecurityDescriptorCache[Slot];
CurrentThread = PsGetCurrentThread ();
KeEnterCriticalRegionThread (&CurrentThread->Tcb);
ExAcquirePushLockExclusive (&Chain->PushLock);
//
// Do some debug work
//
ObPrint( SHOW_REFERENCES, ("Dereferencing SecurityDescriptor %x, hash %lx, refcount = %d \n", SecurityDescriptor,
SecurityDescriptorHeader->FullHash,
SecurityDescriptorHeader->RefCount));
ASSERT(SecurityDescriptorHeader->RefCount != 0);
//
// Decrement the ref count and if it is now zero then
// we can completely remove this entry from the cache
//
if (InterlockedExchangeAdd ((PLONG)&SecurityDescriptorHeader->RefCount, -(LONG)Count) == (LONG)Count) {
PoolToFree = ObpDestroySecurityDescriptorHeader (SecurityDescriptorHeader);
//
// Unlock the security descriptor cache and free the pool
//
ExReleasePushLockExclusive (&Chain->PushLock);
KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
ExFreePool (PoolToFree);
} else {
//
// Unlock the security descriptor cache and return to our caller
//
ExReleasePushLockExclusive (&Chain->PushLock);
KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
}
}
PVOID
ObpDestroySecurityDescriptorHeader (
IN PSECURITY_DESCRIPTOR_HEADER Header
)
/*++
Routine Description:
Frees a cached security descriptor and unlinks it from the chain.
Arguments:
Header - Pointer to a security descriptor header (cached security
descriptor)
Return Value:
None.
--*/
{
ASSERT ( Header->RefCount == 0 );
#if OB_DIAGNOSTICS_ENABLED
InterlockedDecrement (&ObsTotalCacheEntries);
#endif
ObPrint( SHOW_STATISTICS, ("ObsTotalCacheEntries = %d \n",ObsTotalCacheEntries));
//
// Unlink the cached security descriptor from its linked list
//
RemoveEntryList (&Header->Link);
ObPrint( SHOW_HEADER_FREE, ("Freeing memory at %x \n",Header));
//
// Now return the cached descriptor to our caller to free
//
return Header;
}
BOOLEAN
ObpCompareSecurityDescriptors (
IN PSECURITY_DESCRIPTOR SD1,
IN ULONG Length1,
IN PSECURITY_DESCRIPTOR SD2
)
/*++
Routine Description:
Performs a byte by byte comparison of two self relative security
descriptors to determine if they are identical.
Arguments:
SD1, SD2 - Security descriptors to be compared.
Length1 - Length of SD1
Return Value:
TRUE - They are the same.
FALSE - They are different.
--*/
{
ULONG Length2;
//
// Calculating the length is pretty fast, see if we
// can get away with doing only that.
//
ASSERT (Length1 == RtlLengthSecurityDescriptor ( SD1 ));
Length2 = RtlLengthSecurityDescriptor ( SD2 );
if (Length1 != Length2) {
return( FALSE );
}
return (BOOLEAN)RtlEqualMemory ( SD1, SD2, Length1 );
}