Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-29 10:35:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOSKRNL] Create a security descriptor for the \security directory object

Browse source
This commit is contained in:
Pierre Schweitzer 2018-11-10 23:23:59 +01:00
parent 501145e27b
commit 6747dacf10
No known key found for this signature in database
GPG key ID: 7545556C3D585B0B
1 changed files with 45 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
ntoskrnl/se/semgr.c
View file

@ -134,6 +134,9 @@ SepInitializationPhase1(VOID)
HANDLE SecurityHandle; HANDLE SecurityHandle;
HANDLE EventHandle; HANDLE EventHandle;
NTSTATUS Status; NTSTATUS Status;
SECURITY_DESCRIPTOR SecurityDescriptor;
PACL Dacl;
ULONG DaclLength;
PAGED_CODE(); PAGED_CODE();
@ -147,7 +150,47 @@ SepInitializationPhase1(VOID)
NULL); NULL);
ASSERT(NT_SUCCESS(Status)); ASSERT(NT_SUCCESS(Status));
/* TODO: Create a security desscriptor for the directory */ /* Create a security descriptor for the directory */
RtlCreateSecurityDescriptor(&SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
/* Setup the ACL */
DaclLength = sizeof(ACL) + 3 * sizeof(ACCESS_ALLOWED_ACE) +
RtlLengthSid(SeLocalSystemSid) +
RtlLengthSid(SeAliasAdminsSid) +
RtlLengthSid(SeWorldSid);
Dacl = ExAllocatePoolWithTag(NonPagedPool, DaclLength, TAG_SE);
if (Dacl == NULL)
{
return FALSE;
}
Status = RtlCreateAcl(Dacl, DaclLength, ACL_REVISION);
ASSERT(NT_SUCCESS(Status));
/* Grant full access to SYSTEM */
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
DIRECTORY_ALL_ACCESS,
SeLocalSystemSid);
ASSERT(NT_SUCCESS(Status));
/* Allow admins to traverse and query */
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
READ_CONTROL | DIRECTORY_TRAVERSE | DIRECTORY_QUERY,
SeAliasAdminsSid);
ASSERT(NT_SUCCESS(Status));
/* Allow anyone to traverse */
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
DIRECTORY_TRAVERSE,
SeWorldSid);
ASSERT(NT_SUCCESS(Status));
/* And link ACL and SD */
Status = RtlSetDaclSecurityDescriptor(&SecurityDescriptor, TRUE, Dacl, FALSE);
ASSERT(NT_SUCCESS(Status));
/* Create '\Security' directory */ /* Create '\Security' directory */
RtlInitUnicodeString(&Name, L"\\Security"); RtlInitUnicodeString(&Name, L"\\Security");
@ -155,7 +198,7 @@ SepInitializationPhase1(VOID)
&Name, &Name,
OBJ_PERMANENT | OBJ_CASE_INSENSITIVE, OBJ_PERMANENT | OBJ_CASE_INSENSITIVE,
0, 0,
NULL); &SecurityDescriptor);
Status = ZwCreateDirectoryObject(&SecurityHandle, Status = ZwCreateDirectoryObject(&SecurityHandle,
DIRECTORY_ALL_ACCESS, DIRECTORY_ALL_ACCESS,