Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-05-31 15:08:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOSKRNL] Add a few ASSERTs to ObpGetDosDevicesProtection for DBG builds

Browse source
This commit is contained in:
Pierre Schweitzer 2019-06-01 13:51:40 +02:00
parent 8f655f9466
commit 1b42731dca
No known key found for this signature in database
GPG key ID: 7545556C3D585B0B
1 changed files with 59 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

104
ntoskrnl/ob/obname.c
View file

@ -41,9 +41,11 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
{
PACL Dacl;
ULONG AclSize;
NTSTATUS Status;
/* Initialize the SD */
RtlCreateSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
Status = RtlCreateSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
ASSERT(NT_SUCCESS(Status));
if (ObpProtectionMode & 1)
{
@ -63,42 +65,49 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
}
/* Initialize the DACL */
RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
Status = RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
ASSERT(NT_SUCCESS(Status));
/* Add the ACEs */
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE,
SeWorldSid);
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE,
SeWorldSid);
ASSERT(NT_SUCCESS(Status));
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
ASSERT(NT_SUCCESS(Status));
RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_EXECUTE,
SeWorldSid);
Status = RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_EXECUTE,
SeWorldSid);
ASSERT(NT_SUCCESS(Status));
RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_ALL,
SeAliasAdminsSid);
Status = RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_ALL,
SeAliasAdminsSid);
ASSERT(NT_SUCCESS(Status));
RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_ALL,
SeLocalSystemSid);
Status = RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_ALL,
SeLocalSystemSid);
ASSERT(NT_SUCCESS(Status));
RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_ALL,
SeCreatorOwnerSid);
Status = RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_ALL,
SeCreatorOwnerSid);
ASSERT(NT_SUCCESS(Status));
}
else
{
@ -115,28 +124,33 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
}
/* Initialize the DACL */
RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
Status = RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
ASSERT(NT_SUCCESS(Status));
/* Add the ACEs */
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE | GENERIC_WRITE,
SeWorldSid);
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE | GENERIC_WRITE,
SeWorldSid);
ASSERT(NT_SUCCESS(Status));
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
ASSERT(NT_SUCCESS(Status));
RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_ALL,
SeWorldSid);
Status = RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_ALL,
SeWorldSid);
ASSERT(NT_SUCCESS(Status));
}
/* Attach the DACL to the SD */
RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Dacl, FALSE);
Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Dacl, FALSE);
ASSERT(NT_SUCCESS(Status));
return STATUS_SUCCESS;
}