Windows: Assign AuthGroup during Process Create

As the process is being created, assign the AuthGroup so that
the must up to date information is used to assign AuthGroup
inheritance from Impersonation states and to prevent the parent
process from being destroyed before the AuthGroup is determined.

Change-Id: I176360a589d7f2bcf4b1ededad069424e3ce5393
Reviewed-on: http://gerrit.openafs.org/6927
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>

diff --git a/src/WINNT/afsrdr/kernel/fs/AFSAuthGroupSupport.cpp b/src/WINNT/afsrdr/kernel/fs/AFSAuthGroupSupport.cpp
index 4eb31a11605a73ff70e8d93245e2bf749b04413a..105bf09b9b255cfbc2000bd2d06b9e96ce7b28fc 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/AFSAuthGroupSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSAuthGroupSupport.cpp
@@ -224,7 +224,7 @@ AFSRetrieveAuthGroup( IN ULONGLONG ProcessId,
                           ProcessId,
                           ThreadId);
 
-            pAuthGroup = AFSValidateProcessEntry();
+            pAuthGroup = AFSValidateProcessEntry( PsGetCurrentProcessId());
 
             if( pAuthGroup != NULL)
             {

diff --git a/src/WINNT/afsrdr/kernel/fs/AFSCreate.cpp b/src/WINNT/afsrdr/kernel/fs/AFSCreate.cpp
index 55d741855fff34bcc7878c93a3e88d282992376f..547c58be286f23f5d5f956e416bc55e047864d1a 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/AFSCreate.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSCreate.cpp
@@ -118,7 +118,7 @@ AFSCommonCreate( IN PDEVICE_OBJECT DeviceObject,
         // Validate the process entry
         //
 
-        pAuthGroup = AFSValidateProcessEntry();
+        pAuthGroup = AFSValidateProcessEntry( PsGetCurrentProcessId());
 
         if( pAuthGroup != NULL)
         {

diff --git a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
index c30b8685f7c50a822621b713c21a8a46dbbd8959..20740c9c8229348069662ec186a210ab84a13529 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
@@ -130,6 +130,12 @@ AFSProcessCreate( IN HANDLE ParentId,
             pProcessCB->CreatingThreadId = (ULONGLONG)CreatingThreadId;
         }
 
+        //
+        // Now assign the AuthGroup ACE
+        //
+
+        AFSValidateProcessEntry( ProcessId);
+
         AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
     }
 
@@ -230,14 +236,14 @@ AFSProcessDestroy( IN HANDLE ParentId,
 //
 
 GUID *
-AFSValidateProcessEntry( void)
+AFSValidateProcessEntry( IN HANDLE ProcessId)
 {
 
     GUID *pAuthGroup = NULL;
     NTSTATUS ntStatus = STATUS_SUCCESS;
     AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL;
     AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
-    ULONGLONG ullProcessID = (ULONGLONG)PsGetCurrentProcessId();
+    ULONGLONG ullProcessID = (ULONGLONG)ProcessId;
     UNICODE_STRING uniSIDString;
     ULONG ulSIDHash = 0;
     AFSSIDEntryCB *pSIDEntryCB = NULL;

diff --git a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
index 311fea0b58f9fb08ad3aac299b9d096542f1f720..15f1befe72ba4639f56c1f2c8b0519a3e708f79e 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
+++ b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
@@ -812,7 +812,7 @@ AFSProcessDestroy( IN HANDLE ParentId,
                    IN HANDLE ProcessId);
 
 GUID *
-AFSValidateProcessEntry( void);
+AFSValidateProcessEntry( IN HANDLE ProcessId);
 
 BOOLEAN
 AFSIs64BitProcess( IN ULONGLONG ProcessId);