From a0a1ad06c2dd632e3e471e5f40ff3eda470bf71a Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Mon, 19 Mar 2012 22:38:06 -0400 Subject: [PATCH] Windows: Assign AuthGroup during Process Create As the process is being created, assign the AuthGroup so that the must up to date information is used to assign AuthGroup inheritance from Impersonation states and to prevent the parent process from being destroyed before the AuthGroup is determined. Change-Id: I176360a589d7f2bcf4b1ededad069424e3ce5393 Reviewed-on: http://gerrit.openafs.org/6927 Tested-by: BuildBot Reviewed-by: Peter Scott Tested-by: Jeffrey Altman Reviewed-by: Jeffrey Altman --- src/WINNT/afsrdr/kernel/fs/AFSAuthGroupSupport.cpp | 2 +- src/WINNT/afsrdr/kernel/fs/AFSCreate.cpp | 2 +- src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp | 10 ++++++++-- src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h | 2 +- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/WINNT/afsrdr/kernel/fs/AFSAuthGroupSupport.cpp b/src/WINNT/afsrdr/kernel/fs/AFSAuthGroupSupport.cpp index 4eb31a116..105bf09b9 100644 --- a/src/WINNT/afsrdr/kernel/fs/AFSAuthGroupSupport.cpp +++ b/src/WINNT/afsrdr/kernel/fs/AFSAuthGroupSupport.cpp @@ -224,7 +224,7 @@ AFSRetrieveAuthGroup( IN ULONGLONG ProcessId, ProcessId, ThreadId); - pAuthGroup = AFSValidateProcessEntry(); + pAuthGroup = AFSValidateProcessEntry( PsGetCurrentProcessId()); if( pAuthGroup != NULL) { diff --git a/src/WINNT/afsrdr/kernel/fs/AFSCreate.cpp b/src/WINNT/afsrdr/kernel/fs/AFSCreate.cpp index 55d741855..547c58be2 100644 --- a/src/WINNT/afsrdr/kernel/fs/AFSCreate.cpp +++ b/src/WINNT/afsrdr/kernel/fs/AFSCreate.cpp @@ -118,7 +118,7 @@ AFSCommonCreate( IN PDEVICE_OBJECT DeviceObject, // Validate the process entry // - pAuthGroup = AFSValidateProcessEntry(); + pAuthGroup = AFSValidateProcessEntry( PsGetCurrentProcessId()); if( pAuthGroup != NULL) { diff --git a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp index c30b8685f..20740c9c8 100644 --- a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp +++ b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp @@ -130,6 +130,12 @@ AFSProcessCreate( IN HANDLE ParentId, pProcessCB->CreatingThreadId = (ULONGLONG)CreatingThreadId; } + // + // Now assign the AuthGroup ACE + // + + AFSValidateProcessEntry( ProcessId); + AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock); } @@ -230,14 +236,14 @@ AFSProcessDestroy( IN HANDLE ParentId, // GUID * -AFSValidateProcessEntry( void) +AFSValidateProcessEntry( IN HANDLE ProcessId) { GUID *pAuthGroup = NULL; NTSTATUS ntStatus = STATUS_SUCCESS; AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL; AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension; - ULONGLONG ullProcessID = (ULONGLONG)PsGetCurrentProcessId(); + ULONGLONG ullProcessID = (ULONGLONG)ProcessId; UNICODE_STRING uniSIDString; ULONG ulSIDHash = 0; AFSSIDEntryCB *pSIDEntryCB = NULL; diff --git a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h index 311fea0b5..15f1befe7 100644 --- a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h +++ b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h @@ -812,7 +812,7 @@ AFSProcessDestroy( IN HANDLE ParentId, IN HANDLE ProcessId); GUID * -AFSValidateProcessEntry( void); +AFSValidateProcessEntry( IN HANDLE ProcessId); BOOLEAN AFSIs64BitProcess( IN ULONGLONG ProcessId); -- 2.39.5