mirror of
https://github.com/reactos/reactos.git
synced 2025-01-07 06:45:24 +00:00
[USERENV]
- Simplify AcquireRemoveRestorePrivilege. Improve clean-up & acquire privilege before unloading hive in CreateUserProfileW. Patch by Hermes Belusca See issue #7160 for more details. svn path=/trunk/; revision=56843
This commit is contained in:
parent
6c424f7832
commit
52beb8508b
1 changed files with 52 additions and 63 deletions
|
@ -104,60 +104,46 @@ static
|
||||||
BOOL
|
BOOL
|
||||||
AcquireRemoveRestorePrivilege(IN BOOL bAcquire)
|
AcquireRemoveRestorePrivilege(IN BOOL bAcquire)
|
||||||
{
|
{
|
||||||
HANDLE Process;
|
BOOL bRet = FALSE;
|
||||||
HANDLE Token;
|
HANDLE Token;
|
||||||
PTOKEN_PRIVILEGES TokenPriv;
|
TOKEN_PRIVILEGES TokenPriv;
|
||||||
BOOL bRet;
|
|
||||||
|
|
||||||
DPRINT("AcquireRemoveRestorePrivilege(%d)\n", bAcquire);
|
DPRINT("AcquireRemoveRestorePrivilege(%d)\n", bAcquire);
|
||||||
|
|
||||||
Process = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId());
|
if (OpenProcessToken(GetCurrentProcess(),
|
||||||
if (!Process)
|
TOKEN_ADJUST_PRIVILEGES,
|
||||||
|
&Token))
|
||||||
{
|
{
|
||||||
DPRINT1("OpenProcess() failed with error %lu\n", GetLastError());
|
TokenPriv.PrivilegeCount = 1;
|
||||||
return FALSE;
|
TokenPriv.Privileges[0].Attributes = (bAcquire ? SE_PRIVILEGE_ENABLED : 0);
|
||||||
}
|
|
||||||
bRet = OpenProcessToken(Process, TOKEN_ADJUST_PRIVILEGES, &Token);
|
if (LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &TokenPriv.Privileges[0].Luid))
|
||||||
CloseHandle(Process);
|
|
||||||
if (!bRet)
|
|
||||||
{
|
{
|
||||||
DPRINT1("OpenProcessToken() failed with error %lu\n", GetLastError());
|
bRet = AdjustTokenPrivileges(Token, FALSE, &TokenPriv, 0, NULL, NULL);
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
TokenPriv = HeapAlloc(GetProcessHeap(), 0, FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges) + sizeof(LUID_AND_ATTRIBUTES));
|
|
||||||
if (!TokenPriv)
|
|
||||||
{
|
|
||||||
DPRINT1("Failed to allocate mem for token privileges\n");
|
|
||||||
CloseHandle(Token);
|
|
||||||
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
TokenPriv->PrivilegeCount = 1;
|
|
||||||
TokenPriv->Privileges[0].Attributes = bAcquire ? SE_PRIVILEGE_ENABLED : 0;
|
|
||||||
if (!LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &TokenPriv->Privileges[0].Luid))
|
|
||||||
{
|
|
||||||
DPRINT1("LookupPrivilegeValue() failed with error %lu\n", GetLastError());
|
|
||||||
HeapFree(GetProcessHeap(), 0, TokenPriv);
|
|
||||||
CloseHandle(Token);
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
bRet = AdjustTokenPrivileges(
|
|
||||||
Token,
|
|
||||||
FALSE,
|
|
||||||
TokenPriv,
|
|
||||||
0,
|
|
||||||
NULL,
|
|
||||||
NULL);
|
|
||||||
HeapFree(GetProcessHeap(), 0, TokenPriv);
|
|
||||||
CloseHandle(Token);
|
|
||||||
|
|
||||||
if (!bRet)
|
if (!bRet)
|
||||||
{
|
{
|
||||||
DPRINT1("AdjustTokenPrivileges() failed with error %lu\n", GetLastError());
|
DPRINT1("AdjustTokenPrivileges() failed with error %lu\n", GetLastError());
|
||||||
return FALSE;
|
}
|
||||||
|
else if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
|
||||||
|
{
|
||||||
|
DPRINT1("AdjustTokenPrivileges() succeeded, but with not all privileges assigned\n");
|
||||||
|
bRet = FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DPRINT1("LookupPrivilegeValue() failed with error %lu\n", GetLastError());
|
||||||
}
|
}
|
||||||
|
|
||||||
return TRUE;
|
CloseHandle(Token);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DPRINT1("OpenProcessToken() failed with error %lu\n", GetLastError());
|
||||||
|
}
|
||||||
|
|
||||||
|
return bRet;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -177,6 +163,7 @@ CreateUserProfileW(PSID Sid,
|
||||||
DWORD dwDisposition;
|
DWORD dwDisposition;
|
||||||
UINT i;
|
UINT i;
|
||||||
HKEY hKey;
|
HKEY hKey;
|
||||||
|
BOOL bRet = TRUE;
|
||||||
LONG Error;
|
LONG Error;
|
||||||
|
|
||||||
DPRINT("CreateUserProfileW() called\n");
|
DPRINT("CreateUserProfileW() called\n");
|
||||||
|
@ -317,9 +304,8 @@ CreateUserProfileW(PSID Sid,
|
||||||
if (Error != ERROR_SUCCESS)
|
if (Error != ERROR_SUCCESS)
|
||||||
{
|
{
|
||||||
DPRINT1("Error: %lu\n", Error);
|
DPRINT1("Error: %lu\n", Error);
|
||||||
LocalFree((HLOCAL)SidString);
|
bRet = FALSE;
|
||||||
SetLastError((DWORD)Error);
|
goto Done;
|
||||||
return FALSE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Create non-expanded user profile path */
|
/* Create non-expanded user profile path */
|
||||||
|
@ -337,10 +323,9 @@ CreateUserProfileW(PSID Sid,
|
||||||
if (Error != ERROR_SUCCESS)
|
if (Error != ERROR_SUCCESS)
|
||||||
{
|
{
|
||||||
DPRINT1("Error: %lu\n", Error);
|
DPRINT1("Error: %lu\n", Error);
|
||||||
LocalFree((HLOCAL)SidString);
|
|
||||||
RegCloseKey(hKey);
|
RegCloseKey(hKey);
|
||||||
SetLastError((DWORD)Error);
|
bRet = FALSE;
|
||||||
return FALSE;
|
goto Done;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Set 'Sid' value */
|
/* Set 'Sid' value */
|
||||||
|
@ -353,10 +338,9 @@ CreateUserProfileW(PSID Sid,
|
||||||
if (Error != ERROR_SUCCESS)
|
if (Error != ERROR_SUCCESS)
|
||||||
{
|
{
|
||||||
DPRINT1("Error: %lu\n", Error);
|
DPRINT1("Error: %lu\n", Error);
|
||||||
LocalFree((HLOCAL)SidString);
|
|
||||||
RegCloseKey(hKey);
|
RegCloseKey(hKey);
|
||||||
SetLastError((DWORD)Error);
|
bRet = FALSE;
|
||||||
return FALSE;
|
goto Done;
|
||||||
}
|
}
|
||||||
|
|
||||||
RegCloseKey(hKey);
|
RegCloseKey(hKey);
|
||||||
|
@ -368,9 +352,10 @@ CreateUserProfileW(PSID Sid,
|
||||||
/* Acquire restore privilege */
|
/* Acquire restore privilege */
|
||||||
if (!AcquireRemoveRestorePrivilege(TRUE))
|
if (!AcquireRemoveRestorePrivilege(TRUE))
|
||||||
{
|
{
|
||||||
|
Error = GetLastError();
|
||||||
DPRINT1("Error: %lu\n", Error);
|
DPRINT1("Error: %lu\n", Error);
|
||||||
LocalFree((HLOCAL)SidString);
|
bRet = FALSE;
|
||||||
return FALSE;
|
goto Done;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Create new user hive */
|
/* Create new user hive */
|
||||||
|
@ -381,26 +366,30 @@ CreateUserProfileW(PSID Sid,
|
||||||
if (Error != ERROR_SUCCESS)
|
if (Error != ERROR_SUCCESS)
|
||||||
{
|
{
|
||||||
DPRINT1("Error: %lu\n", Error);
|
DPRINT1("Error: %lu\n", Error);
|
||||||
LocalFree((HLOCAL)SidString);
|
bRet = FALSE;
|
||||||
SetLastError((DWORD)Error);
|
goto Done;
|
||||||
return FALSE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Initialize user hive */
|
/* Initialize user hive */
|
||||||
if (!CreateUserHive(SidString, szUserProfilePath))
|
if (!CreateUserHive(SidString, szUserProfilePath))
|
||||||
{
|
{
|
||||||
DPRINT1("Error: %lu\n", GetLastError());
|
Error = GetLastError();
|
||||||
LocalFree((HLOCAL)SidString);
|
DPRINT1("Error: %lu\n", Error);
|
||||||
return FALSE;
|
bRet = FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Unload the hive */
|
||||||
|
AcquireRemoveRestorePrivilege(TRUE);
|
||||||
RegUnLoadKeyW(HKEY_USERS, SidString);
|
RegUnLoadKeyW(HKEY_USERS, SidString);
|
||||||
|
AcquireRemoveRestorePrivilege(FALSE);
|
||||||
|
|
||||||
|
Done:
|
||||||
LocalFree((HLOCAL)SidString);
|
LocalFree((HLOCAL)SidString);
|
||||||
|
SetLastError((DWORD)Error);
|
||||||
|
|
||||||
DPRINT("CreateUserProfileW() done\n");
|
DPRINT("CreateUserProfileW() done\n");
|
||||||
|
|
||||||
return TRUE;
|
return bRet;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue