|
|
/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
obsdata.c
Abstract:
Object Manager Security Descriptor Caching
Author:
Robert Reichel (robertre) 12-Oct-1993
Revision History:
Neill Clift (NeillC) 16-Nov-2000
General cleanup. Don't free/allocate pool under locks. Don't do unaligned fetches during hashing. Reduce lock contention etc. Add fast referencing of security descriptor.
--*/
#include "obp.h"
#if DBG
#define OB_DIAGNOSTICS_ENABLED 1
#endif // DBG
//
// These definitions are useful diagnostics aids
//
#if OB_DIAGNOSTICS_ENABLED
//
// Test for enabled diagnostic
//
#define IF_OB_GLOBAL( FlagName ) if (ObsDebugFlags & (OBS_DEBUG_##FlagName))
//
// Diagnostics print statement
//
#define ObPrint( FlagName, _Text_ ) IF_OB_GLOBAL( FlagName ) DbgPrint _Text_
#else
//
// diagnostics not enabled - No diagnostics included in build
//
//
// Test for diagnostics enabled
//
#define IF_OB_GLOBAL( FlagName ) if (FALSE)
//
// Diagnostics print statement (expands to no-op)
//
#define ObPrint( FlagName, _Text_ ) ;
#endif // OB_DIAGNOSTICS_ENABLED
//
// The following flags enable or disable various diagnostic
// capabilities within OB code. These flags are set in
// ObGlobalFlag (only available within a DBG system).
//
//
#define OBS_DEBUG_ALLOC_TRACKING ((ULONG) 0x00000001L)
#define OBS_DEBUG_CACHE_FREES ((ULONG) 0x00000002L)
#define OBS_DEBUG_BREAK_ON_INIT ((ULONG) 0x00000004L)
#define OBS_DEBUG_SHOW_COLLISIONS ((ULONG) 0x00000008L)
#define OBS_DEBUG_SHOW_STATISTICS ((ULONG) 0x00000010L)
#define OBS_DEBUG_SHOW_REFERENCES ((ULONG) 0x00000020L)
#define OBS_DEBUG_SHOW_DEASSIGN ((ULONG) 0x00000040L)
#define OBS_DEBUG_STOP_INVALID_DESCRIPTOR ((ULONG) 0x00000080L)
#define OBS_DEBUG_SHOW_HEADER_FREE ((ULONG) 0x00000100L)
//
// Define struct of single hash clash chain
//
typedef struct _OB_SD_CACHE_LIST { EX_PUSH_LOCK PushLock; LIST_ENTRY Head;} OB_SD_CACHE_LIST, *POB_SD_CACHE_LIST;//
// Array of pointers to security descriptor entries
//
#ifdef ALLOC_DATA_PRAGMA
#pragma data_seg("PAGEDATA")
#endif
OB_SD_CACHE_LIST ObsSecurityDescriptorCache[SECURITY_DESCRIPTOR_CACHE_ENTRIES];
#if OB_DIAGNOSTICS_ENABLED
ULONG ObsTotalCacheEntries = 0;ULONG ObsDebugFlags = 0;
#endif
#ifdef ALLOC_DATA_PRAGMA
#pragma data_seg()
#endif
#if defined (ALLOC_PRAGMA)
#pragma alloc_text(INIT,ObpInitSecurityDescriptorCache)
#pragma alloc_text(PAGE,ObpHashSecurityDescriptor)
#pragma alloc_text(PAGE,ObpHashBuffer)
#pragma alloc_text(PAGE,ObLogSecurityDescriptor)
#pragma alloc_text(PAGE,ObpCreateCacheEntry)
#pragma alloc_text(PAGE,ObpReferenceSecurityDescriptor)
#pragma alloc_text(PAGE,ObDeassignSecurity)
#pragma alloc_text(PAGE,ObDereferenceSecurityDescriptor)
#pragma alloc_text(PAGE,ObpDestroySecurityDescriptorHeader)
#pragma alloc_text(PAGE,ObpCompareSecurityDescriptors)
#pragma alloc_text(PAGE,ObReferenceSecurityDescriptor)
#endif
�NTSTATUSObpInitSecurityDescriptorCache ( VOID )
/*++
Routine Description:
Allocates and initializes the globalSecurity Descriptor Cache
Arguments:
None
Return Value:
STATUS_SUCCESS on success, NTSTATUS on failure.
--*/
{ ULONG Size; NTSTATUS Status; ULONG i;
IF_OB_GLOBAL( BREAK_ON_INIT ) {
DbgBreakPoint(); }
//
// Initialize all the list heads and their associated locks.
//
for (i = 0; i < SECURITY_DESCRIPTOR_CACHE_ENTRIES; i++) { ExInitializePushLock (&ObsSecurityDescriptorCache[i].PushLock); InitializeListHead (&ObsSecurityDescriptorCache[i].Head); }
//
// And return to our caller
//
return( STATUS_SUCCESS );}
�ULONGObpHashSecurityDescriptor ( PSECURITY_DESCRIPTOR SecurityDescriptor )
/*++
Routine Description:
Hashes a security descriptor to a 32 bit value
Arguments:
SecurityDescriptor - Provides the security descriptor to be hashed
Return Value:
ULONG - a 32 bit hash value.
--*/
{ ULONG Length; ULONG Hash;
Length = RtlLengthSecurityDescriptor (SecurityDescriptor); Hash = ObpHashBuffer (SecurityDescriptor, Length);
return Hash;}
�ULONGObpHashBuffer ( PVOID Data, ULONG Length )
/*++
Routine Description:
Hashes a buffer into a 32 bit value
Arguments:
Data - Buffer containing the data to be hashed.
Length - The length in bytes of the buffer
Return Value:
ULONG - a 32 bit hash value.
--*/
{ PULONG Buffer, BufferEnd; PUCHAR Bufferp, BufferEndp;
ULONG Result = 0;
//
// Calculate buffer bounds as byte pointers
//
Bufferp = Data; BufferEndp = Bufferp + Length;
//
// Calculate buffer bounds as rounded down ULONG pointers
//
Buffer = Data; BufferEnd = (PULONG)(Bufferp + (Length&~(sizeof (ULONG) - 1)));
//
// Loop over a whole number of ULONGs
//
while (Buffer < BufferEnd) { Result ^= *Buffer++; Result = _rotl (Result, 3); }
//
// Pull in the remaining bytes
//
Bufferp = (PUCHAR) Buffer; while (Bufferp < BufferEndp) { Result ^= *Bufferp++; Result = _rotl (Result, 3); }
return Result;}
�NTSTATUSObLogSecurityDescriptor ( IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN ULONG RefBias )
/*++
Routine Description:
Takes a passed security descriptor and registers it into the security descriptor database.
Arguments:
InputSecurityDescriptor - The new security descriptor to be logged into the database. On a successful return this memory will have been freed back to pool.
OutputSecurityDescriptor - Output security descriptor to be used by the caller.
RefBias - Amount to bias the security descriptor reference count by. Typicaly either 1 or ExFastRefGetAdditionalReferenceCount () + 1,
Return Value:
An appropriate status value
--*/
{ ULONG FullHash; ULONG Slot; PSECURITY_DESCRIPTOR_HEADER NewDescriptor; PLIST_ENTRY Front; PSECURITY_DESCRIPTOR_HEADER Header; BOOLEAN Match; POB_SD_CACHE_LIST Chain; PETHREAD CurrentThread;
FullHash = ObpHashSecurityDescriptor (InputSecurityDescriptor); Slot = FullHash % SECURITY_DESCRIPTOR_CACHE_ENTRIES;
NewDescriptor = NULL;
//
// First lock the table for read access. We will change this to write if we have to insert later
//
Chain = &ObsSecurityDescriptorCache[Slot];
CurrentThread = PsGetCurrentThread (); KeEnterCriticalRegionThread (&CurrentThread->Tcb); ExAcquirePushLockShared (&Chain->PushLock);
do { //
// See if the list for this slot is in use.
// Lock the table first, unlock if if we don't need it.
//
Match = FALSE;
//
// Zoom down the hash bucket looking for a full hash match
//
for (Front = Chain->Head.Flink; Front != &Chain->Head; Front = Front->Flink) {
Header = LINK_TO_SD_HEADER (Front);
//
// The list is ordered by full hash value and is maintained this way by virtue
// of the fact that we use the 'Back' variable for the insert.
//
if (Header->FullHash > FullHash) { break; }
if (Header->FullHash == FullHash) {
Match = ObpCompareSecurityDescriptors (InputSecurityDescriptor, &Header->SecurityDescriptor);
if (Match) {
break; }
ObPrint (SHOW_COLLISIONS, ("Got a collision on %d, no match\n", Slot)); } }
//
// If we have a match then we'll get the caller to use the old
// cached descriptor, but bumping its ref count, freeing what
// the caller supplied and returning the old one to our caller
//
if (Match) {
InterlockedExchangeAdd (&Header->RefCount, RefBias);
ObPrint (SHOW_REFERENCES, ("Reference Hash = 0x%lX, New RefCount = %d\n", Header->FullHash, Header->RefCount));
ExReleasePushLock (&Chain->PushLock); KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
*OutputSecurityDescriptor = &Header->SecurityDescriptor;
if (NewDescriptor != NULL) { ExFreePool (NewDescriptor); }
return STATUS_SUCCESS; }
if (NewDescriptor == NULL) { ExReleasePushLockShared (&Chain->PushLock); KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
//
// Can't use an existing one, create a new entry
// and insert it into the list.
//
NewDescriptor = ObpCreateCacheEntry (InputSecurityDescriptor, FullHash, RefBias);
if (NewDescriptor == NULL) { return STATUS_INSUFFICIENT_RESOURCES; } //
// Reacquire the lock in write mode. We will probably have to insert now
//
KeEnterCriticalRegionThread (&CurrentThread->Tcb); ExAcquirePushLockExclusive (&Chain->PushLock); } else { break; } } while (1);
#if OB_DIAGNOSTICS_ENABLED
InterlockedIncrement (&ObsTotalCacheEntries);
#endif
ObPrint (SHOW_STATISTICS, ("ObsTotalCacheEntries = %d \n", ObsTotalCacheEntries)); ObPrint (SHOW_COLLISIONS, ("Adding new entry for index #%d \n", Slot));
//
// Insert the entry before the 'Front' entry. If there is no 'Front' entry then this
// is just inserting at the head
//
InsertTailList (Front, &NewDescriptor->Link);
ExReleasePushLockExclusive (&Chain->PushLock); KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
//
// Set the output security descriptor and return to our caller
//
*OutputSecurityDescriptor = &NewDescriptor->SecurityDescriptor;
return( STATUS_SUCCESS );}
�PSECURITY_DESCRIPTOR_HEADERObpCreateCacheEntry ( PSECURITY_DESCRIPTOR InputSecurityDescriptor, ULONG FullHash, ULONG RefBias )
/*++
Routine Description:
Allocates and initializes a new cache entry.
Arguments:
InputSecurityDescriptor - The security descriptor to be cached.
FullHash - Full 32 bit hash of the security descriptor.
RefBias - Amount to bias the security descriptor reference count by. Typicaly either 1 or ExFastRefGetAdditionalReferenceCount () + 1,
Return Value:
A pointer to the newly allocated cache entry, or NULL
--*/
{
ULONG SecurityDescriptorLength; ULONG CacheEntrySize; PSECURITY_DESCRIPTOR_HEADER NewDescriptor;
//
// Compute the size that we'll need to allocate. We need space for
// the security descriptor cache minus the funny quad at the end and the
// security descriptor itself.
//
SecurityDescriptorLength = RtlLengthSecurityDescriptor (InputSecurityDescriptor); CacheEntrySize = SecurityDescriptorLength + (sizeof (SECURITY_DESCRIPTOR_HEADER) - sizeof(QUAD));
//
// Now allocate space for the cached entry
//
NewDescriptor = ExAllocatePoolWithTag (PagedPool, CacheEntrySize, 'cSbO');
if (NewDescriptor == NULL) {
return NULL; }
//
// Fill the header, copy over the descriptor data, and return to our
// caller
//
NewDescriptor->RefCount = RefBias; NewDescriptor->FullHash = FullHash;
RtlCopyMemory (&NewDescriptor->SecurityDescriptor, InputSecurityDescriptor, SecurityDescriptorLength);
return NewDescriptor;}
VOIDObReferenceSecurityDescriptor ( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count )/*++
Routine Description:
References the security descriptor.
Arguments:
SecurityDescriptor - Security descriptor inside the cache to reference. Count - Amount to reference by
Return Value:
None.
--*/{ PSECURITY_DESCRIPTOR_HEADER SecurityDescriptorHeader;
SecurityDescriptorHeader = SD_TO_SD_HEADER( SecurityDescriptor ); ObPrint( SHOW_REFERENCES, ("Referencing Hash %lX, Refcount = %d \n",SecurityDescriptorHeader->FullHash, SecurityDescriptorHeader->RefCount));
//
// Increment the reference count
//
InterlockedExchangeAdd (&SecurityDescriptorHeader->RefCount, Count);}
�PSECURITY_DESCRIPTORObpReferenceSecurityDescriptor ( POBJECT_HEADER ObjectHeader )
/*++
Routine Description:
References the security descriptor of the passed object.
Arguments:
Object - Object being access validated.
Return Value:
The security descriptor of the object.
--*/
{ PSECURITY_DESCRIPTOR_HEADER SecurityDescriptorHeader; PSECURITY_DESCRIPTOR SecurityDescriptor; PEX_FAST_REF FastRef; EX_FAST_REF OldRef; ULONG RefsToAdd, Unused;
//
// Attempt the fast reference
//
FastRef = (PEX_FAST_REF) &ObjectHeader->SecurityDescriptor;
OldRef = ExFastReference (FastRef);
SecurityDescriptor = ExFastRefGetObject (OldRef);
//
// See if we can fast reference this security descriptor. Return NULL if there wasn't one
// and go the slow way if there are no more cached references left.
//
Unused = ExFastRefGetUnusedReferences (OldRef);
if (Unused >= 1 || SecurityDescriptor == NULL) { if (Unused == 1) { //
// If we took the counter to zero then attempt to make life easier for
// the next referencer by resetting the counter to its max. Since we now
// have a reference to the security descriptor we can do this.
//
RefsToAdd = ExFastRefGetAdditionalReferenceCount (); SecurityDescriptorHeader = SD_TO_SD_HEADER( SecurityDescriptor ); InterlockedExchangeAdd (&SecurityDescriptorHeader->RefCount, RefsToAdd);
//
// Try to add the added references to the cache. If we fail then just
// release them. This dereference can not take the reference count to zero.
//
if (!ExFastRefAddAdditionalReferenceCounts (FastRef, SecurityDescriptor, RefsToAdd)) { InterlockedExchangeAdd (&SecurityDescriptorHeader->RefCount, -(LONG)RefsToAdd); } } return SecurityDescriptor; }
ObpLockObjectShared( ObjectHeader );
SecurityDescriptor = ExFastRefGetObject (*FastRef);
IF_OB_GLOBAL( STOP_INVALID_DESCRIPTOR ) {
if(!RtlValidSecurityDescriptor ( SecurityDescriptor )) {
DbgBreakPoint(); } }
//
// The obejcts security descriptor is not allowed to go fron NON-NULL to NULL.
//
SecurityDescriptorHeader = SD_TO_SD_HEADER( SecurityDescriptor ); ObPrint( SHOW_REFERENCES, ("Referencing Hash %lX, Refcount = %d \n",SecurityDescriptorHeader->FullHash, SecurityDescriptorHeader->RefCount));
//
// Increment the reference count
//
InterlockedIncrement (&SecurityDescriptorHeader->RefCount);
ObpUnlockObject( ObjectHeader );
return( SecurityDescriptor );}
�NTSTATUSObDeassignSecurity ( IN OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor )
/*++
Routine Description:
This routine dereferences the input security descriptor
Arguments:
SecurityDescriptor - Supplies the security descriptor being modified
Return Value:
Only returns STATUS_SUCCESS
--*/
{ PSECURITY_DESCRIPTOR SecurityDescriptor; EX_FAST_REF FastRef;
ObPrint( SHOW_DEASSIGN,("Deassigning security descriptor %x\n",*pSecurityDescriptor));
//
// NULL out the SecurityDescriptor in the object's
// header so we don't try to free it again.
//
FastRef = *(PEX_FAST_REF) pSecurityDescriptor; *pSecurityDescriptor = NULL;
SecurityDescriptor = ExFastRefGetObject (FastRef); ObDereferenceSecurityDescriptor (SecurityDescriptor, ExFastRefGetUnusedReferences (FastRef) + 1); return STATUS_SUCCESS;}
�VOIDObDereferenceSecurityDescriptor ( PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG Count )
/*++
Routine Description:
Decrements the refcount of a cached security descriptor
Arguments:
SecurityDescriptor - Points to a cached security descriptor
Return Value:
None.
--*/
{ PSECURITY_DESCRIPTOR_HEADER SecurityDescriptorHeader; PVOID PoolToFree; LONG OldValue, NewValue; POB_SD_CACHE_LIST Chain; PETHREAD CurrentThread; ULONG Slot;
SecurityDescriptorHeader = SD_TO_SD_HEADER( SecurityDescriptor );
//
// First see if its possible to do a non-zero transition lock free.
//
OldValue = SecurityDescriptorHeader->RefCount;
//
// If the old value is equal to the decrement then we will be the deleter of this block. We need the lock for that
//
while (OldValue != Count) {
NewValue = InterlockedCompareExchange (&SecurityDescriptorHeader->RefCount, OldValue - Count, OldValue); if (NewValue == OldValue) { return; } OldValue = NewValue; }
//
// Lock the security descriptor cache and get a pointer
// to the security descriptor header
//
Slot = SecurityDescriptorHeader->FullHash % SECURITY_DESCRIPTOR_CACHE_ENTRIES;
Chain = &ObsSecurityDescriptorCache[Slot];
CurrentThread = PsGetCurrentThread (); KeEnterCriticalRegionThread (&CurrentThread->Tcb); ExAcquirePushLockExclusive (&Chain->PushLock);
//
// Do some debug work
//
ObPrint( SHOW_REFERENCES, ("Dereferencing SecurityDescriptor %x, hash %lx, refcount = %d \n", SecurityDescriptor, SecurityDescriptorHeader->FullHash, SecurityDescriptorHeader->RefCount));
ASSERT(SecurityDescriptorHeader->RefCount != 0);
//
// Decrement the ref count and if it is now zero then
// we can completely remove this entry from the cache
//
if (InterlockedExchangeAdd (&SecurityDescriptorHeader->RefCount, -(LONG)Count) == Count) {
PoolToFree = ObpDestroySecurityDescriptorHeader (SecurityDescriptorHeader); //
// Unlock the security descriptor cache and free the pool
//
ExReleasePushLockExclusive (&Chain->PushLock); KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
ExFreePool (PoolToFree); } else {
//
// Unlock the security descriptor cache and return to our caller
//
ExReleasePushLockExclusive (&Chain->PushLock); KeLeaveCriticalRegionThread (&CurrentThread->Tcb); }
}
�PVOIDObpDestroySecurityDescriptorHeader ( IN PSECURITY_DESCRIPTOR_HEADER Header )
/*++
Routine Description:
Frees a cached security descriptor and unlinks it from the chain.
Arguments:
Header - Pointer to a security descriptor header (cached security descriptor)
Return Value:
None.
--*/
{ ASSERT ( Header->RefCount == 0 );
#if OB_DIAGNOSTICS_ENABLED
InterlockedDecrement (&ObsTotalCacheEntries);
#endif
ObPrint( SHOW_STATISTICS, ("ObsTotalCacheEntries = %d \n",ObsTotalCacheEntries));
//
// Unlink the cached security descriptor from its linked list
//
RemoveEntryList (&Header->Link);
ObPrint( SHOW_HEADER_FREE, ("Freeing memory at %x \n",Header));
//
// Now return the cached descriptor to our caller to free
//
return Header;}
�BOOLEANObpCompareSecurityDescriptors ( IN PSECURITY_DESCRIPTOR SD1, IN PSECURITY_DESCRIPTOR SD2 )
/*++
Routine Description:
Performs a byte by byte comparison of two self relative security descriptors to determine if they are identical.
Arguments:
SD1, SD2 - Security descriptors to be compared.
Return Value:
TRUE - They are the same.
FALSE - They are different.
--*/
{ ULONG Length1; ULONG Length2; ULONG Compare;
//
// Calculating the length is pretty fast, see if we
// can get away with doing only that.
//
Length1 = RtlLengthSecurityDescriptor ( SD1 ); Length2 = RtlLengthSecurityDescriptor ( SD2 );
if (Length1 != Length2) {
return( FALSE ); }
return (BOOLEAN)RtlEqualMemory ( SD1, SD2, Length1 );}
|
