From 6c6813d7f7ded25015decb1f5c07f8f1c28779b9 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Sat, 3 Sep 2016 15:06:20 +0000 Subject: [PATCH] [SAMSRV] SamrQuerySecurityObject: Return security information according to the SecurityInformation parameter. svn path=/trunk/; revision=72547 --- reactos/dll/win32/samsrv/samrpc.c | 94 +++++++++++++++++++++---------- 1 file changed, 65 insertions(+), 29 deletions(-) diff --git a/reactos/dll/win32/samsrv/samrpc.c b/reactos/dll/win32/samsrv/samrpc.c index aa81c2f6d4c..9d957dbe0a2 100644 --- a/reactos/dll/win32/samsrv/samrpc.c +++ b/reactos/dll/win32/samsrv/samrpc.c @@ -218,10 +218,12 @@ SamrQuerySecurityObject(IN SAMPR_HANDLE ObjectHandle, OUT PSAMPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor) { PSAM_DB_OBJECT SamObject; - PSAMPR_SR_SECURITY_DESCRIPTOR SamSD = NULL; - PSECURITY_DESCRIPTOR SdBuffer = NULL; + PSAMPR_SR_SECURITY_DESCRIPTOR SdData = NULL; + PSECURITY_DESCRIPTOR RelativeSd = NULL; + PSECURITY_DESCRIPTOR ResultSd = NULL; ACCESS_MASK DesiredAccess = 0; - ULONG Length = 0; + ULONG RelativeSdSize = 0; + ULONG ResultSdSize = 0; NTSTATUS Status; TRACE("(%p %lx %p)\n", @@ -248,64 +250,98 @@ SamrQuerySecurityObject(IN SAMPR_HANDLE ObjectHandle, if (!NT_SUCCESS(Status)) goto done; - SamSD = midl_user_allocate(sizeof(SAMPR_SR_SECURITY_DESCRIPTOR)); - if (SamSD == NULL) - { - Status = STATUS_INSUFFICIENT_RESOURCES; - goto done; - } - + /* Get the size of the SD */ Status = SampGetObjectAttribute(SamObject, L"SecDesc", NULL, NULL, - &Length); + &RelativeSdSize); if (!NT_SUCCESS(Status) && Status != STATUS_BUFFER_OVERFLOW) { TRACE("Status 0x%08lx\n", Status); goto done; } - TRACE("SD Length: %lu\n", Length); - - SdBuffer = midl_user_allocate(Length); - if (SdBuffer == NULL) + /* Allocate a buffer for the SD */ + RelativeSd = midl_user_allocate(RelativeSdSize); + if (RelativeSd == NULL) { Status = STATUS_INSUFFICIENT_RESOURCES; goto done; } + /* Get the SD */ Status = SampGetObjectAttribute(SamObject, L"SecDesc", NULL, - SdBuffer, - &Length); + RelativeSd, + &RelativeSdSize); if (!NT_SUCCESS(Status)) { TRACE("Status 0x%08lx\n", Status); goto done; } - /* FIXME: Use SecurityInformation to return only the requested information */ + /* Invalidate the SD information that was not requested */ + if (!(SecurityInformation & OWNER_SECURITY_INFORMATION)) + ((PISECURITY_DESCRIPTOR)RelativeSd)->Owner = NULL; - SamSD->Length = Length; - SamSD->SecurityDescriptor = SdBuffer; + if (!(SecurityInformation & GROUP_SECURITY_INFORMATION)) + ((PISECURITY_DESCRIPTOR)RelativeSd)->Group = NULL; + + if (!(SecurityInformation & DACL_SECURITY_INFORMATION)) + ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_DACL_PRESENT; + + if (!(SecurityInformation & SACL_SECURITY_INFORMATION)) + ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_SACL_PRESENT; + + /* Calculate the required SD size */ + Status = RtlMakeSelfRelativeSD(RelativeSd, + NULL, + &ResultSdSize); + if (Status != STATUS_BUFFER_TOO_SMALL) + goto done; + + /* Allocate a buffer for the new SD */ + ResultSd = MIDL_user_allocate(ResultSdSize); + if (ResultSd == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + /* Build the new SD */ + Status = RtlMakeSelfRelativeSD(RelativeSd, + ResultSd, + &ResultSdSize); + if (!NT_SUCCESS(Status)) + goto done; + + /* Allocate the SD data buffer */ + SdData = midl_user_allocate(sizeof(SAMPR_SR_SECURITY_DESCRIPTOR)); + if (SdData == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + /* Fill the SD data buffer and return it to the caller */ + SdData->Length = RelativeSdSize; + SdData->SecurityDescriptor = (PBYTE)ResultSd; + + *SecurityDescriptor = SdData; done: RtlReleaseResource(&SampResource); - if (NT_SUCCESS(Status)) + if (!NT_SUCCESS(Status)) { - *SecurityDescriptor = SamSD; + if (ResultSd != NULL) + MIDL_user_free(ResultSd); } - else - { - if (SdBuffer != NULL) - midl_user_free(SdBuffer); - if (SamSD != NULL) - midl_user_free(SamSD); - } + if (RelativeSd != NULL) + MIDL_user_free(RelativeSd); return Status; }