[USERENV]

- Simplify AcquireRemoveRestorePrivilege. Improve clean-up & acquire privilege before unloading hive in CreateUserProfileW. Patch by Hermes Belusca
See issue #7160 for more details.

svn path=/trunk/; revision=56843
This commit is contained in:
Thomas Faber 2012-07-07 10:11:21 +00:00
parent 6c424f7832
commit 52beb8508b

View file

@ -104,60 +104,46 @@ static
BOOL BOOL
AcquireRemoveRestorePrivilege(IN BOOL bAcquire) AcquireRemoveRestorePrivilege(IN BOOL bAcquire)
{ {
HANDLE Process; BOOL bRet = FALSE;
HANDLE Token; HANDLE Token;
PTOKEN_PRIVILEGES TokenPriv; TOKEN_PRIVILEGES TokenPriv;
BOOL bRet;
DPRINT("AcquireRemoveRestorePrivilege(%d)\n", bAcquire); DPRINT("AcquireRemoveRestorePrivilege(%d)\n", bAcquire);
Process = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId()); if (OpenProcessToken(GetCurrentProcess(),
if (!Process) TOKEN_ADJUST_PRIVILEGES,
&Token))
{ {
DPRINT1("OpenProcess() failed with error %lu\n", GetLastError()); TokenPriv.PrivilegeCount = 1;
return FALSE; TokenPriv.Privileges[0].Attributes = (bAcquire ? SE_PRIVILEGE_ENABLED : 0);
}
bRet = OpenProcessToken(Process, TOKEN_ADJUST_PRIVILEGES, &Token); if (LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &TokenPriv.Privileges[0].Luid))
CloseHandle(Process);
if (!bRet)
{ {
DPRINT1("OpenProcessToken() failed with error %lu\n", GetLastError()); bRet = AdjustTokenPrivileges(Token, FALSE, &TokenPriv, 0, NULL, NULL);
return FALSE;
}
TokenPriv = HeapAlloc(GetProcessHeap(), 0, FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges) + sizeof(LUID_AND_ATTRIBUTES));
if (!TokenPriv)
{
DPRINT1("Failed to allocate mem for token privileges\n");
CloseHandle(Token);
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
return FALSE;
}
TokenPriv->PrivilegeCount = 1;
TokenPriv->Privileges[0].Attributes = bAcquire ? SE_PRIVILEGE_ENABLED : 0;
if (!LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &TokenPriv->Privileges[0].Luid))
{
DPRINT1("LookupPrivilegeValue() failed with error %lu\n", GetLastError());
HeapFree(GetProcessHeap(), 0, TokenPriv);
CloseHandle(Token);
return FALSE;
}
bRet = AdjustTokenPrivileges(
Token,
FALSE,
TokenPriv,
0,
NULL,
NULL);
HeapFree(GetProcessHeap(), 0, TokenPriv);
CloseHandle(Token);
if (!bRet) if (!bRet)
{ {
DPRINT1("AdjustTokenPrivileges() failed with error %lu\n", GetLastError()); DPRINT1("AdjustTokenPrivileges() failed with error %lu\n", GetLastError());
return FALSE; }
else if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
DPRINT1("AdjustTokenPrivileges() succeeded, but with not all privileges assigned\n");
bRet = FALSE;
}
}
else
{
DPRINT1("LookupPrivilegeValue() failed with error %lu\n", GetLastError());
} }
return TRUE; CloseHandle(Token);
}
else
{
DPRINT1("OpenProcessToken() failed with error %lu\n", GetLastError());
}
return bRet;
} }
@ -177,6 +163,7 @@ CreateUserProfileW(PSID Sid,
DWORD dwDisposition; DWORD dwDisposition;
UINT i; UINT i;
HKEY hKey; HKEY hKey;
BOOL bRet = TRUE;
LONG Error; LONG Error;
DPRINT("CreateUserProfileW() called\n"); DPRINT("CreateUserProfileW() called\n");
@ -317,9 +304,8 @@ CreateUserProfileW(PSID Sid,
if (Error != ERROR_SUCCESS) if (Error != ERROR_SUCCESS)
{ {
DPRINT1("Error: %lu\n", Error); DPRINT1("Error: %lu\n", Error);
LocalFree((HLOCAL)SidString); bRet = FALSE;
SetLastError((DWORD)Error); goto Done;
return FALSE;
} }
/* Create non-expanded user profile path */ /* Create non-expanded user profile path */
@ -337,10 +323,9 @@ CreateUserProfileW(PSID Sid,
if (Error != ERROR_SUCCESS) if (Error != ERROR_SUCCESS)
{ {
DPRINT1("Error: %lu\n", Error); DPRINT1("Error: %lu\n", Error);
LocalFree((HLOCAL)SidString);
RegCloseKey(hKey); RegCloseKey(hKey);
SetLastError((DWORD)Error); bRet = FALSE;
return FALSE; goto Done;
} }
/* Set 'Sid' value */ /* Set 'Sid' value */
@ -353,10 +338,9 @@ CreateUserProfileW(PSID Sid,
if (Error != ERROR_SUCCESS) if (Error != ERROR_SUCCESS)
{ {
DPRINT1("Error: %lu\n", Error); DPRINT1("Error: %lu\n", Error);
LocalFree((HLOCAL)SidString);
RegCloseKey(hKey); RegCloseKey(hKey);
SetLastError((DWORD)Error); bRet = FALSE;
return FALSE; goto Done;
} }
RegCloseKey(hKey); RegCloseKey(hKey);
@ -368,9 +352,10 @@ CreateUserProfileW(PSID Sid,
/* Acquire restore privilege */ /* Acquire restore privilege */
if (!AcquireRemoveRestorePrivilege(TRUE)) if (!AcquireRemoveRestorePrivilege(TRUE))
{ {
Error = GetLastError();
DPRINT1("Error: %lu\n", Error); DPRINT1("Error: %lu\n", Error);
LocalFree((HLOCAL)SidString); bRet = FALSE;
return FALSE; goto Done;
} }
/* Create new user hive */ /* Create new user hive */
@ -381,26 +366,30 @@ CreateUserProfileW(PSID Sid,
if (Error != ERROR_SUCCESS) if (Error != ERROR_SUCCESS)
{ {
DPRINT1("Error: %lu\n", Error); DPRINT1("Error: %lu\n", Error);
LocalFree((HLOCAL)SidString); bRet = FALSE;
SetLastError((DWORD)Error); goto Done;
return FALSE;
} }
/* Initialize user hive */ /* Initialize user hive */
if (!CreateUserHive(SidString, szUserProfilePath)) if (!CreateUserHive(SidString, szUserProfilePath))
{ {
DPRINT1("Error: %lu\n", GetLastError()); Error = GetLastError();
LocalFree((HLOCAL)SidString); DPRINT1("Error: %lu\n", Error);
return FALSE; bRet = FALSE;
} }
/* Unload the hive */
AcquireRemoveRestorePrivilege(TRUE);
RegUnLoadKeyW(HKEY_USERS, SidString); RegUnLoadKeyW(HKEY_USERS, SidString);
AcquireRemoveRestorePrivilege(FALSE);
Done:
LocalFree((HLOCAL)SidString); LocalFree((HLOCAL)SidString);
SetLastError((DWORD)Error);
DPRINT("CreateUserProfileW() done\n"); DPRINT("CreateUserProfileW() done\n");
return TRUE; return bRet;
} }