Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-01-01 03:54:02 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:CM]

Browse source 
- Improve the hack from r63777 to return an allow-Everyone DACL. Fixes crash in advapi32:security.
CORE-8383 #resolve

svn path=/trunk/; revision=63779
This commit is contained in:
Thomas Faber 2014-07-30 10:08:30 +00:00
parent fd1986de3a
commit 4a5e1b6f4e
1 changed files with 58 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
reactos/ntoskrnl/config/cmse.c
View file

@ -144,10 +144,14 @@ CmpQuerySecurityDescriptor(IN PCM_KEY_BODY KeyBody,
IN OUT PULONG BufferLength) IN OUT PULONG BufferLength)
{ {
PISECURITY_DESCRIPTOR_RELATIVE RelSd; PISECURITY_DESCRIPTOR_RELATIVE RelSd;
PUCHAR Current;
ULONG SidSize; ULONG SidSize;
ULONG AclSize;
ULONG SdSize; ULONG SdSize;
NTSTATUS Status; NTSTATUS Status;
SECURITY_DESCRIPTOR_CONTROL Control = 0;
ULONG Owner = 0;
ULONG Group = 0;
ULONG Dacl = 0;
DBG_UNREFERENCED_PARAMETER(KeyBody); DBG_UNREFERENCED_PARAMETER(KeyBody);
@ -157,8 +161,33 @@ CmpQuerySecurityDescriptor(IN PCM_KEY_BODY KeyBody,
} }
SidSize = RtlLengthSid(SeWorldSid); SidSize = RtlLengthSid(SeWorldSid);
SdSize = sizeof(*RelSd) + 2 * SidSize;
RelSd = SecurityDescriptor; RelSd = SecurityDescriptor;
SdSize = sizeof(*RelSd);
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
{
Owner = SdSize;
SdSize += SidSize;
}
if (SecurityInformation & GROUP_SECURITY_INFORMATION)
{
Group = SdSize;
SdSize += SidSize;
}
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
Control |= SE_DACL_PRESENT;
Dacl = SdSize;
AclSize = sizeof(ACL) + sizeof(ACE) + SidSize;
SdSize += AclSize;
}
if (SecurityInformation & SACL_SECURITY_INFORMATION)
{
Control |= SE_SACL_PRESENT;
}
if (*BufferLength < SdSize) if (*BufferLength < SdSize)
{ {
@ -173,36 +202,37 @@ CmpQuerySecurityDescriptor(IN PCM_KEY_BODY KeyBody,
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
return Status; return Status;
Current = (PUCHAR)(RelSd + 1); RelSd->Control |= Control;
ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize); RelSd->Owner = Owner;
RelSd->Group = Group;
RelSd->Dacl = Dacl;
if (SecurityInformation & OWNER_SECURITY_INFORMATION) if (Owner)
RtlCopyMemory((PUCHAR)RelSd + Owner,
SeWorldSid,
SidSize);
if (Group)
RtlCopyMemory((PUCHAR)RelSd + Group,
SeWorldSid,
SidSize);
if (Dacl)
{ {
RtlCopyMemory(Current, SeWorldSid, SidSize); Status = RtlCreateAcl((PACL)((PUCHAR)RelSd + Dacl),
RelSd->Owner = Current - (PUCHAR)RelSd; AclSize,
Current += SidSize; ACL_REVISION);
ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize); if (NT_SUCCESS(Status))
{
Status = RtlAddAccessAllowedAce((PACL)((PUCHAR)RelSd + Dacl),
ACL_REVISION,
GENERIC_ALL,
SeWorldSid);
}
} }
if (SecurityInformation & GROUP_SECURITY_INFORMATION) ASSERT(Status == STATUS_SUCCESS);
{ return Status;
RtlCopyMemory(Current, SeWorldSid, SidSize);
RelSd->Group = Current - (PUCHAR)RelSd;
Current += SidSize;
ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize);
}
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
RelSd->Control |= SE_DACL_PRESENT;
}
if (SecurityInformation & SACL_SECURITY_INFORMATION)
{
RelSd->Control |= SE_SACL_PRESENT;
}
return STATUS_SUCCESS;
} }
NTSTATUS NTSTATUS