mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
519 lines
14 KiB
519 lines
14 KiB
/*++
|
|
|
|
Copyright (c) 1989 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
obinsert.c
|
|
|
|
Abstract:
|
|
|
|
Object instantiation API
|
|
|
|
Author:
|
|
|
|
Steve Wood (stevewo) 31-Mar-1989
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#include "obp.h"
|
|
|
|
#ifdef ALLOC_PRAGMA
|
|
#pragma alloc_text(PAGE,ObInsertObject)
|
|
#endif
|
|
|
|
|
|
NTSTATUS
|
|
ObInsertObject (
|
|
IN PVOID Object,
|
|
IN PACCESS_STATE AccessState OPTIONAL,
|
|
IN ACCESS_MASK DesiredAccess OPTIONAL,
|
|
IN ULONG ObjectPointerBias,
|
|
OUT PVOID *NewObject OPTIONAL,
|
|
OUT PHANDLE Handle OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine inserts an object into the current processes handle table.
|
|
|
|
The Object header includes a pointer to a SecurityDescriptor passed in
|
|
an object creation call. This SecurityDescriptor is not assumed to have
|
|
been captured. This routine is responsible for making an appropriate
|
|
SecurityDescriptor and removing the reference in the object header.
|
|
|
|
Arguments:
|
|
|
|
Object - Supplies a pointer to the new object body
|
|
|
|
AccessState - Optionally supplies the access state for the new
|
|
handle
|
|
|
|
DesiredAccess - Optionally supplies the desired access we want for the
|
|
new handle
|
|
|
|
ObjectPointerBias - Supplies a bias to apply for the pointer count for the
|
|
object
|
|
|
|
NewObject - Optionally receives the pointer to the new object that we've
|
|
created a handle for
|
|
|
|
Handle - Receives the new handle, If NULL then no handle is created.
|
|
Objects that don't have handles created must be unnamed and
|
|
have an object bias of zero.
|
|
|
|
Return Value:
|
|
|
|
An appropriate NTSTATUS value.
|
|
|
|
--*/
|
|
|
|
{
|
|
POBJECT_CREATE_INFORMATION ObjectCreateInfo;
|
|
POBJECT_HEADER ObjectHeader;
|
|
PUNICODE_STRING ObjectName;
|
|
POBJECT_TYPE ObjectType;
|
|
POBJECT_HEADER_NAME_INFO NameInfo;
|
|
PSECURITY_DESCRIPTOR ParentDescriptor = NULL;
|
|
PVOID InsertObject;
|
|
HANDLE NewHandle;
|
|
OB_OPEN_REASON OpenReason;
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
ACCESS_STATE LocalAccessState;
|
|
AUX_ACCESS_DATA AuxData;
|
|
BOOLEAN SecurityDescriptorAllocated;
|
|
KPROCESSOR_MODE PreviousMode;
|
|
NTSTATUS ReturnStatus;
|
|
PVOID DirObject = NULL;
|
|
OBP_LOOKUP_CONTEXT LookupContext;
|
|
|
|
PAGED_CODE();
|
|
|
|
ObpValidateIrql("ObInsertObject");
|
|
|
|
//
|
|
// Get the address of the object header, the object create information,
|
|
// the object type, and the address of the object name descriptor, if
|
|
// specified.
|
|
//
|
|
|
|
ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
|
|
|
|
#if DBG
|
|
|
|
if ((ObjectHeader->Flags & OB_FLAG_NEW_OBJECT) == 0) {
|
|
|
|
KdPrint(("OB: Attempting to insert existing object %08x\n", Object));
|
|
KdBreakPoint();
|
|
|
|
ObDereferenceObject(Object);
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
#endif
|
|
|
|
ObjectCreateInfo = ObjectHeader->ObjectCreateInfo;
|
|
|
|
ObjectType = ObjectHeader->Type;
|
|
|
|
NameInfo = ObpReferenceNameInfo( ObjectHeader );
|
|
|
|
ObjectName = NULL;
|
|
|
|
if ((NameInfo != NULL) && (NameInfo->Name.Buffer != NULL)) {
|
|
|
|
ObjectName = &NameInfo->Name;
|
|
}
|
|
|
|
ASSERT (ARGUMENT_PRESENT (Handle) || (ObjectPointerBias == 0 && ObjectName == NULL &&
|
|
ObjectType->TypeInfo.SecurityRequired && NewObject == NULL));
|
|
|
|
//
|
|
// If security checks are not required and an object name is not
|
|
// specified, insert an unnamed object, biasing the count
|
|
// by one, dereference the bias, and return to our caller
|
|
//
|
|
|
|
PreviousMode = KeGetPreviousMode();
|
|
|
|
if (!ObjectType->TypeInfo.SecurityRequired && (ObjectName == NULL)) {
|
|
|
|
ObjectHeader->ObjectCreateInfo = NULL;
|
|
|
|
*Handle = NULL;
|
|
|
|
Status = ObpCreateUnnamedHandle( Object,
|
|
DesiredAccess,
|
|
1 + ObjectPointerBias,
|
|
ObjectCreateInfo->Attributes,
|
|
PreviousMode,
|
|
NewObject,
|
|
Handle );
|
|
//
|
|
// Free the object creation information and dereference the object.
|
|
//
|
|
|
|
ObpFreeObjectCreateInformation(ObjectCreateInfo);
|
|
|
|
ObpDereferenceNameInfo( NameInfo );
|
|
ObDereferenceObject(Object);
|
|
|
|
return Status;
|
|
}
|
|
|
|
//
|
|
// The object is either named or requires full security checks. If the
|
|
// caller hasn't specified an access state then dummy up a local one
|
|
// using the requested desired access
|
|
//
|
|
|
|
if (!ARGUMENT_PRESENT(AccessState)) {
|
|
|
|
AccessState = &LocalAccessState;
|
|
|
|
Status = SeCreateAccessState( &LocalAccessState,
|
|
&AuxData,
|
|
DesiredAccess,
|
|
&ObjectType->TypeInfo.GenericMapping );
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
|
|
ObpDereferenceNameInfo( NameInfo );
|
|
ObDereferenceObject(Object);
|
|
|
|
return Status;
|
|
}
|
|
}
|
|
|
|
AccessState->SecurityDescriptor = ObjectCreateInfo->SecurityDescriptor;
|
|
|
|
//
|
|
// Check the desired access mask against the security descriptor
|
|
//
|
|
|
|
Status = ObpValidateAccessMask( AccessState );
|
|
|
|
if (!NT_SUCCESS( Status )) {
|
|
|
|
ObpDereferenceNameInfo( NameInfo );
|
|
ObDereferenceObject(Object);
|
|
|
|
return( Status );
|
|
}
|
|
|
|
//
|
|
// Set some local state variables
|
|
//
|
|
|
|
ObpInitializeLookupContext(&LookupContext);
|
|
|
|
InsertObject = Object;
|
|
OpenReason = ObCreateHandle;
|
|
|
|
//
|
|
// Check if we have an object name. If so then
|
|
// lookup the name
|
|
//
|
|
|
|
if (ObjectName != NULL) {
|
|
|
|
Status = ObpLookupObjectName( ObjectCreateInfo->RootDirectory,
|
|
ObjectName,
|
|
ObjectCreateInfo->Attributes,
|
|
ObjectType,
|
|
(KPROCESSOR_MODE)(ObjectHeader->Flags & OB_FLAG_KERNEL_OBJECT
|
|
? KernelMode : UserMode),
|
|
ObjectCreateInfo->ParseContext,
|
|
ObjectCreateInfo->SecurityQos,
|
|
Object,
|
|
AccessState,
|
|
&LookupContext,
|
|
&InsertObject );
|
|
|
|
//
|
|
// We found the name and it is not the object we have as our input.
|
|
// So we cannot insert the object again so we'll return an
|
|
// appropriate status
|
|
//
|
|
|
|
if (NT_SUCCESS(Status) &&
|
|
(InsertObject != NULL) &&
|
|
(InsertObject != Object)) {
|
|
|
|
OpenReason = ObOpenHandle;
|
|
|
|
if (ObjectCreateInfo->Attributes & OBJ_OPENIF) {
|
|
|
|
if (ObjectType != OBJECT_TO_OBJECT_HEADER(InsertObject)->Type) {
|
|
|
|
Status = STATUS_OBJECT_TYPE_MISMATCH;
|
|
|
|
} else {
|
|
|
|
Status = STATUS_OBJECT_NAME_EXISTS; // Warning only
|
|
}
|
|
|
|
} else {
|
|
|
|
Status = STATUS_OBJECT_NAME_COLLISION;
|
|
}
|
|
}
|
|
|
|
//
|
|
// We did not find the name so we'll cleanup after ourselves
|
|
// and return to our caller
|
|
//
|
|
|
|
if (!NT_SUCCESS( Status )) {
|
|
|
|
ObpReleaseLookupContext( &LookupContext );
|
|
|
|
ObpDereferenceNameInfo( NameInfo );
|
|
ObDereferenceObject( Object );
|
|
|
|
//
|
|
// Free security information if we allocated it
|
|
//
|
|
|
|
if (AccessState == &LocalAccessState) {
|
|
|
|
SeDeleteAccessState( AccessState );
|
|
}
|
|
|
|
return( Status );
|
|
|
|
} else {
|
|
|
|
//
|
|
// Otherwise we did locate the object name
|
|
//
|
|
// If we just created a named symbolic link then call out to
|
|
// handle any Dos Device name semanatics.
|
|
//
|
|
|
|
if (ObjectType == ObpSymbolicLinkObjectType) {
|
|
|
|
ObpCreateSymbolicLinkName( (POBJECT_SYMBOLIC_LINK)InsertObject );
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// If we are creating a new object, then we need assign security
|
|
// to it. A pointer to the captured caller-proposed security
|
|
// descriptor is contained in the AccessState structure. The
|
|
// SecurityDescriptor field in the object header must point to
|
|
// the final security descriptor, or to NULL if no security is
|
|
// to be assigned to the object.
|
|
//
|
|
|
|
if (InsertObject == Object) {
|
|
|
|
//
|
|
// Only the following objects have security descriptors:
|
|
//
|
|
// - Named Objects
|
|
// - Unnamed objects whose object-type information explicitly
|
|
// indicates a security descriptor is required.
|
|
//
|
|
|
|
if ((ObjectName != NULL) || ObjectType->TypeInfo.SecurityRequired) {
|
|
|
|
//
|
|
// Get the parent's descriptor, if there is one...
|
|
//
|
|
|
|
if ((NameInfo != NULL) && (NameInfo->Directory != NULL)) {
|
|
|
|
//
|
|
// This will allocate a block of memory and copy
|
|
// the parent's security descriptor into it, and
|
|
// return the pointer to the block.
|
|
//
|
|
// Call ObReleaseObjectSecurity to free up this
|
|
// memory.
|
|
//
|
|
|
|
ObGetObjectSecurity( NameInfo->Directory,
|
|
&ParentDescriptor,
|
|
&SecurityDescriptorAllocated );
|
|
}
|
|
|
|
//
|
|
// Take the captured security descriptor in the AccessState,
|
|
// put it into the proper format, and call the object's
|
|
// security method to assign the new security descriptor to
|
|
// the new object.
|
|
//
|
|
|
|
Status = ObAssignSecurity( AccessState,
|
|
ParentDescriptor,
|
|
Object,
|
|
ObjectType );
|
|
|
|
if (ParentDescriptor != NULL) {
|
|
|
|
ObReleaseObjectSecurity( ParentDescriptor,
|
|
SecurityDescriptorAllocated );
|
|
|
|
} else if (NT_SUCCESS( Status )) {
|
|
|
|
SeReleaseSecurityDescriptor( ObjectCreateInfo->SecurityDescriptor,
|
|
ObjectCreateInfo->ProbeMode,
|
|
TRUE );
|
|
|
|
ObjectCreateInfo->SecurityDescriptor = NULL;
|
|
AccessState->SecurityDescriptor = NULL;
|
|
}
|
|
}
|
|
|
|
if (!NT_SUCCESS( Status )) {
|
|
|
|
//
|
|
// The attempt to assign the security descriptor to
|
|
// the object failed.
|
|
//
|
|
|
|
if (LookupContext.DirectoryLocked) {
|
|
|
|
//
|
|
// If ObpLookupObjectName already inserted the
|
|
// object into the directory we have to backup this
|
|
//
|
|
|
|
//
|
|
// Capture the object Directory
|
|
//
|
|
|
|
DirObject = NameInfo->Directory;
|
|
|
|
ObpDeleteDirectoryEntry( &LookupContext );
|
|
}
|
|
|
|
ObpReleaseLookupContext( &LookupContext );
|
|
|
|
//
|
|
// If ObpLookupObjectName inserted the object into the directory
|
|
// it added a reference to the object and to its directory
|
|
// object. We should remove the extra-references
|
|
//
|
|
|
|
if (DirObject) {
|
|
|
|
ObDereferenceObject( Object );
|
|
ObDereferenceObject( DirObject );
|
|
}
|
|
|
|
//
|
|
// The first backout logic used ObpDeleteNameCheck
|
|
// which is wrong because the security descriptor for
|
|
// the object is not initialized. Actually ObpDeleteNameCheck
|
|
// had no effect because the object was removed before from
|
|
// the directory
|
|
//
|
|
|
|
ObpDereferenceNameInfo( NameInfo );
|
|
ObDereferenceObject( Object );
|
|
|
|
//
|
|
// Free security information if we allocated it
|
|
//
|
|
|
|
if (AccessState == &LocalAccessState) {
|
|
|
|
SeDeleteAccessState( AccessState );
|
|
}
|
|
|
|
return( Status );
|
|
}
|
|
}
|
|
|
|
ReturnStatus = Status;
|
|
|
|
ObjectHeader->ObjectCreateInfo = NULL;
|
|
|
|
//
|
|
// Create a named handle for the object with a pointer bias
|
|
// This call also will unlock the directory lock is necessary
|
|
// on return
|
|
//
|
|
|
|
if (ARGUMENT_PRESENT (Handle)) {
|
|
|
|
Status = ObpCreateHandle( OpenReason,
|
|
InsertObject,
|
|
NULL,
|
|
AccessState,
|
|
1 + ObjectPointerBias,
|
|
ObjectCreateInfo->Attributes,
|
|
&LookupContext,
|
|
PreviousMode,
|
|
NewObject,
|
|
&NewHandle );
|
|
|
|
//
|
|
// If the insertion failed, the following dereference will cause
|
|
// the newly created object to be deallocated.
|
|
//
|
|
|
|
if (!NT_SUCCESS( Status )) {
|
|
|
|
//
|
|
// Make the name reference go away if an error.
|
|
//
|
|
|
|
if (ObjectName != NULL) {
|
|
|
|
ObpDeleteNameCheck( Object );
|
|
}
|
|
|
|
*Handle = NULL;
|
|
|
|
ReturnStatus = Status;
|
|
|
|
} else {
|
|
*Handle = NewHandle;
|
|
}
|
|
|
|
ObpDereferenceNameInfo( NameInfo );
|
|
|
|
ObDereferenceObject( Object );
|
|
|
|
|
|
} else {
|
|
|
|
BOOLEAN IsNewObject;
|
|
|
|
//
|
|
// Charge the user quota for the object.
|
|
//
|
|
|
|
ObpLockObject( ObjectHeader );
|
|
|
|
ReturnStatus = ObpChargeQuotaForObject( ObjectHeader, ObjectType, &IsNewObject );
|
|
|
|
ObpUnlockObject( ObjectHeader );
|
|
|
|
if (!NT_SUCCESS (ReturnStatus)) {
|
|
ObDereferenceObject( Object );
|
|
}
|
|
}
|
|
|
|
ObpFreeObjectCreateInformation( ObjectCreateInfo );
|
|
|
|
//
|
|
// Free security information if we allocated it
|
|
//
|
|
|
|
if (AccessState == &LocalAccessState) {
|
|
|
|
SeDeleteAccessState( AccessState );
|
|
}
|
|
|
|
return( ReturnStatus );
|
|
}
|