Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-11-20 06:15:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:OB]

Browse source 
Create a custom security descriptor for the global DosDevices directory.

svn path=/trunk/; revision=74054
This commit is contained in:
Eric Kohl 2017-03-04 16:02:06 +00:00
parent 16b4b0a874
commit 3625064e10
1 changed files with 104 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

105
reactos/ntoskrnl/ob/obname.c
View file

@ -31,6 +31,102 @@ UNICODE_STRING ObpDosDevicesShortName =
/* PRIVATE FUNCTIONS *********************************************************/
NTSTATUS
NTAPI
INIT_FUNCTION
ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
{
ULONG AclLength;
PACL Dacl;
NTSTATUS Status;
/* Initialize the SD */
Status = RtlCreateSecurityDescriptor(SecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(Status))
return Status;
/* Allocate the DACL */
AclLength = sizeof(ACL) +
sizeof(ACE) + RtlLengthSid(SeWorldSid) +
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
sizeof(ACE) + RtlLengthSid(SeWorldSid) +
sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid) +
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
sizeof(ACE) + RtlLengthSid(SeCreatorOwnerSid);
Dacl = ExAllocatePool(PagedPool, AclLength);
if (Dacl == NULL)
{
return STATUS_NO_MEMORY;
}
/* Initialize the DACL */
RtlCreateAcl(Dacl, AclLength, ACL_REVISION);
/* Add the ACEs */
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE,
SeWorldSid);
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_EXECUTE,
SeWorldSid);
RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_ALL,
SeAliasAdminsSid);
RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_ALL,
SeLocalSystemSid);
RtlAddAccessAllowedAceEx(Dacl,
ACL_REVISION,
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
GENERIC_ALL,
SeCreatorOwnerSid);
/* Attach the DACL to the SD */
Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor,
TRUE,
Dacl,
FALSE);
return Status;
}
VOID
NTAPI
INIT_FUNCTION
ObpFreeGlobalDosDevicesSD(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
{
PACL Dacl = NULL;
BOOLEAN DaclPresent, Defaulted;
NTSTATUS Status;
Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
&DaclPresent,
&Dacl,
&Defaulted);
if (NT_SUCCESS(Status) && Dacl != NULL)
{
ExFreePool(Dacl);
}
}
NTSTATUS
NTAPI
INIT_FUNCTION
@ -39,18 +135,25 @@ ObpCreateDosDevicesDirectory(VOID)
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING RootName, TargetName, LinkName;
HANDLE Handle, SymHandle;
SECURITY_DESCRIPTOR DosDevicesSD;
NTSTATUS Status;
/* Create a custom security descriptor for the global DosDevices directory */
Status = ObpCreateGlobalDosDevicesSD(&DosDevicesSD);
if (!NT_SUCCESS(Status))
return Status;
/* Create the global DosDevices directory \?? */
RtlInitUnicodeString(&RootName, L"\\GLOBAL??");
InitializeObjectAttributes(&ObjectAttributes,
&RootName,
OBJ_PERMANENT,
NULL,
NULL);
&DosDevicesSD);
Status = NtCreateDirectoryObject(&Handle,
DIRECTORY_ALL_ACCESS,
&ObjectAttributes);
ObpFreeGlobalDosDevicesSD(&DosDevicesSD);
if (!NT_SUCCESS(Status)) return Status;
/*********************************************\