mirror of
https://github.com/reactos/reactos.git
synced 2024-07-03 03:04:22 +00:00
[NTOSKRNL] Use relaxed ACLs in ObpCreateGlobalDosDevicesSD when protection mode is not set
This commit is contained in:
parent
1c4e44592c
commit
33f524c625
|
@ -44,68 +44,115 @@ ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
|
||||||
ULONG AclSize, SdSize;
|
ULONG AclSize, SdSize;
|
||||||
NTSTATUS Status;
|
NTSTATUS Status;
|
||||||
|
|
||||||
AclSize = sizeof(ACL) +
|
if (ObpProtectionMode & 1)
|
||||||
sizeof(ACE) + RtlLengthSid(SeWorldSid) +
|
|
||||||
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
|
|
||||||
sizeof(ACE) + RtlLengthSid(SeWorldSid) +
|
|
||||||
sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid) +
|
|
||||||
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
|
|
||||||
sizeof(ACE) + RtlLengthSid(SeCreatorOwnerSid);
|
|
||||||
|
|
||||||
SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
|
|
||||||
|
|
||||||
/* Allocate the SD and ACL */
|
|
||||||
Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
|
|
||||||
if (Sd == NULL)
|
|
||||||
{
|
{
|
||||||
return STATUS_INSUFFICIENT_RESOURCES;
|
AclSize = sizeof(ACL) +
|
||||||
|
sizeof(ACE) + RtlLengthSid(SeWorldSid) +
|
||||||
|
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
|
||||||
|
sizeof(ACE) + RtlLengthSid(SeWorldSid) +
|
||||||
|
sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid) +
|
||||||
|
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
|
||||||
|
sizeof(ACE) + RtlLengthSid(SeCreatorOwnerSid);
|
||||||
|
|
||||||
|
SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
|
||||||
|
|
||||||
|
/* Allocate the SD and ACL */
|
||||||
|
Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
|
||||||
|
if (Sd == NULL)
|
||||||
|
{
|
||||||
|
return STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Initialize the SD */
|
||||||
|
Status = RtlCreateSecurityDescriptor(Sd,
|
||||||
|
SECURITY_DESCRIPTOR_REVISION);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
return Status;
|
||||||
|
|
||||||
|
Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
|
||||||
|
|
||||||
|
/* Initialize the DACL */
|
||||||
|
RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
|
||||||
|
|
||||||
|
/* Add the ACEs */
|
||||||
|
RtlAddAccessAllowedAce(Dacl,
|
||||||
|
ACL_REVISION,
|
||||||
|
GENERIC_READ | GENERIC_EXECUTE,
|
||||||
|
SeWorldSid);
|
||||||
|
|
||||||
|
RtlAddAccessAllowedAce(Dacl,
|
||||||
|
ACL_REVISION,
|
||||||
|
GENERIC_ALL,
|
||||||
|
SeLocalSystemSid);
|
||||||
|
|
||||||
|
RtlAddAccessAllowedAceEx(Dacl,
|
||||||
|
ACL_REVISION,
|
||||||
|
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
||||||
|
GENERIC_EXECUTE,
|
||||||
|
SeWorldSid);
|
||||||
|
|
||||||
|
RtlAddAccessAllowedAceEx(Dacl,
|
||||||
|
ACL_REVISION,
|
||||||
|
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
||||||
|
GENERIC_ALL,
|
||||||
|
SeAliasAdminsSid);
|
||||||
|
|
||||||
|
RtlAddAccessAllowedAceEx(Dacl,
|
||||||
|
ACL_REVISION,
|
||||||
|
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
||||||
|
GENERIC_ALL,
|
||||||
|
SeLocalSystemSid);
|
||||||
|
|
||||||
|
RtlAddAccessAllowedAceEx(Dacl,
|
||||||
|
ACL_REVISION,
|
||||||
|
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
||||||
|
GENERIC_ALL,
|
||||||
|
SeCreatorOwnerSid);
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
AclSize = sizeof(ACL) +
|
||||||
|
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
|
||||||
|
sizeof(ACE) + RtlLengthSid(SeWorldSid) +
|
||||||
|
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid);
|
||||||
|
|
||||||
/* Initialize the SD */
|
SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
|
||||||
Status = RtlCreateSecurityDescriptor(Sd,
|
|
||||||
SECURITY_DESCRIPTOR_REVISION);
|
|
||||||
if (!NT_SUCCESS(Status))
|
|
||||||
return Status;
|
|
||||||
|
|
||||||
Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
|
/* Allocate the SD and ACL */
|
||||||
|
Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
|
||||||
|
if (Sd == NULL)
|
||||||
|
{
|
||||||
|
return STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
}
|
||||||
|
|
||||||
/* Initialize the DACL */
|
/* Initialize the SD */
|
||||||
RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
|
Status = RtlCreateSecurityDescriptor(Sd,
|
||||||
|
SECURITY_DESCRIPTOR_REVISION);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
return Status;
|
||||||
|
|
||||||
/* Add the ACEs */
|
Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
|
||||||
RtlAddAccessAllowedAce(Dacl,
|
|
||||||
ACL_REVISION,
|
|
||||||
GENERIC_READ | GENERIC_EXECUTE,
|
|
||||||
SeWorldSid);
|
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(Dacl,
|
/* Initialize the DACL */
|
||||||
ACL_REVISION,
|
RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
|
||||||
GENERIC_ALL,
|
|
||||||
SeLocalSystemSid);
|
|
||||||
|
|
||||||
RtlAddAccessAllowedAceEx(Dacl,
|
/* Add the ACEs */
|
||||||
ACL_REVISION,
|
RtlAddAccessAllowedAce(Dacl,
|
||||||
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
ACL_REVISION,
|
||||||
GENERIC_EXECUTE,
|
GENERIC_READ | GENERIC_EXECUTE | GENERIC_WRITE,
|
||||||
SeWorldSid);
|
SeWorldSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAceEx(Dacl,
|
RtlAddAccessAllowedAce(Dacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
GENERIC_ALL,
|
||||||
GENERIC_ALL,
|
SeLocalSystemSid);
|
||||||
SeAliasAdminsSid);
|
|
||||||
|
|
||||||
RtlAddAccessAllowedAceEx(Dacl,
|
RtlAddAccessAllowedAceEx(Dacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeLocalSystemSid);
|
SeWorldSid);
|
||||||
|
}
|
||||||
RtlAddAccessAllowedAceEx(Dacl,
|
|
||||||
ACL_REVISION,
|
|
||||||
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
|
||||||
GENERIC_ALL,
|
|
||||||
SeCreatorOwnerSid);
|
|
||||||
|
|
||||||
/* Attach the DACL to the SD */
|
/* Attach the DACL to the SD */
|
||||||
Status = RtlSetDaclSecurityDescriptor(Sd,
|
Status = RtlSetDaclSecurityDescriptor(Sd,
|
||||||
|
|
Loading…
Reference in a new issue