Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-19 12:08:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:OB]

Browse source 
- Allocate all of the kernel objects security descriptor and the dos devices security descriptor from the paged pool, instead of just the ACLs.
- Replace special security descriptor free routines by calls to ExFreePoolWithTag.
- Replace the TAG_OB_DIR_SD by TAG_SD.

svn path=/trunk/; revision=74157
This commit is contained in:
Eric Kohl 2017-03-13 00:10:23 +00:00
parent 89e9101a9b
commit 7fee8ebabe
3 changed files with 73 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
reactos/ntoskrnl/include/internal/tag.h
View file

@ -150,7 +150,6 @@
/* Object Manager Tags */
#define OB_NAME_TAG 'mNbO'
#define OB_DIR_TAG 'iDbO'
#define TAG_OB_DIR_SD 'sDbO'
/* formerly located in ps/cid.c */

70
reactos/ntoskrnl/ob/obinit.c
View file

@ -58,32 +58,37 @@ static
NTSTATUS
NTAPI
INIT_FUNCTION
ObpCreateKernelObjectsSD(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
ObpCreateKernelObjectsSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
{
ULONG AclLength;
PSECURITY_DESCRIPTOR Sd = NULL;
PACL Dacl;
ULONG AclSize, SdSize;
NTSTATUS Status;
/* Initialize the SD */
Status = RtlCreateSecurityDescriptor(SecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(Status))
return Status;
/* Allocate the DACL */
AclLength = sizeof(ACL) +
AclSize = sizeof(ACL) +
sizeof(ACE) + RtlLengthSid(SeWorldSid) +
sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid) +
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid);
Dacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_OB_DIR_SD);
if (Dacl == NULL)
SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
/* Allocate the SD and ACL */
Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
if (Sd == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
/* Initialize the SD */
Status = RtlCreateSecurityDescriptor(Sd,
SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(Status))
goto done;
Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
/* Initialize the DACL */
RtlCreateAcl(Dacl, AclLength, ACL_REVISION);
RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
/* Add the ACEs */
RtlAddAccessAllowedAce(Dacl,
@ -102,34 +107,25 @@ ObpCreateKernelObjectsSD(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
SeLocalSystemSid);
/* Attach the DACL to the SD */
Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor,
Status = RtlSetDaclSecurityDescriptor(Sd,
TRUE,
Dacl,
FALSE);
if (!NT_SUCCESS(Status))
goto done;
*SecurityDescriptor = Sd;
done:
if (!NT_SUCCESS(Status))
{
if (Sd != NULL)
ExFreePoolWithTag(Sd, TAG_SD);
}
return Status;
}
static
VOID
NTAPI
INIT_FUNCTION
ObpFreeKernelObjectsSD(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
{
PACL Dacl = NULL;
BOOLEAN DaclPresent, Defaulted;
NTSTATUS Status;
Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
&DaclPresent,
&Dacl,
&Defaulted);
if (NT_SUCCESS(Status) && Dacl != NULL)
{
ExFreePoolWithTag(Dacl, TAG_OB_DIR_SD);
}
}
BOOLEAN
INIT_FUNCTION
NTAPI
@ -212,7 +208,7 @@ ObInitSystem(VOID)
POBJECT_HEADER Header;
POBJECT_HEADER_CREATOR_INFO CreatorInfo;
POBJECT_HEADER_NAME_INFO NameInfo;
SECURITY_DESCRIPTOR KernelObjectsSD;
PSECURITY_DESCRIPTOR KernelObjectsSD = NULL;
NTSTATUS Status;
/* Check if this is actually Phase 1 initialization */
@ -346,13 +342,13 @@ ObPostPhase0:
&Name,
OBJ_CASE_INSENSITIVE | OBJ_PERMANENT,
NULL,
&KernelObjectsSD);
KernelObjectsSD);
/* Create the directory */
Status = NtCreateDirectoryObject(&Handle,
DIRECTORY_ALL_ACCESS,
&ObjectAttributes);
ObpFreeKernelObjectsSD(&KernelObjectsSD);
ExFreePoolWithTag(KernelObjectsSD, TAG_SD);
if (!NT_SUCCESS(Status)) return FALSE;
/* Close the extra handle */

69
reactos/ntoskrnl/ob/obname.c
View file

@ -34,20 +34,14 @@ UNICODE_STRING ObpDosDevicesShortName =
NTSTATUS
NTAPI
INIT_FUNCTION
ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
{
ULONG AclLength;
PSECURITY_DESCRIPTOR Sd = NULL;
PACL Dacl;
ULONG AclSize, SdSize;
NTSTATUS Status;
/* Initialize the SD */
Status = RtlCreateSecurityDescriptor(SecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(Status))
return Status;
/* Allocate the DACL */
AclLength = sizeof(ACL) +
AclSize = sizeof(ACL) +
sizeof(ACE) + RtlLengthSid(SeWorldSid) +
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
sizeof(ACE) + RtlLengthSid(SeWorldSid) +
@ -55,14 +49,25 @@ ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
sizeof(ACE) + RtlLengthSid(SeCreatorOwnerSid);
Dacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_OB_DIR_SD);
if (Dacl == NULL)
SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
/* Allocate the SD and ACL */
Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
if (Sd == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
/* Initialize the SD */
Status = RtlCreateSecurityDescriptor(Sd,
SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(Status))
return Status;
Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
/* Initialize the DACL */
RtlCreateAcl(Dacl, AclLength, ACL_REVISION);
RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
/* Add the ACEs */
RtlAddAccessAllowedAce(Dacl,
@ -100,33 +105,25 @@ ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
SeCreatorOwnerSid);
/* Attach the DACL to the SD */
Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor,
Status = RtlSetDaclSecurityDescriptor(Sd,
TRUE,
Dacl,
FALSE);
if (!NT_SUCCESS(Status))
goto done;
*SecurityDescriptor = Sd;
done:
if (!NT_SUCCESS(Status))
{
if (Sd != NULL)
ExFreePoolWithTag(Sd, TAG_SD);
}
return Status;
}
VOID
NTAPI
INIT_FUNCTION
ObpFreeGlobalDosDevicesSD(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
{
PACL Dacl = NULL;
BOOLEAN DaclPresent, Defaulted;
NTSTATUS Status;
Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
&DaclPresent,
&Dacl,
&Defaulted);
if (NT_SUCCESS(Status) && Dacl != NULL)
{
ExFreePoolWithTag(Dacl, TAG_OB_DIR_SD);
}
}
NTSTATUS
NTAPI
INIT_FUNCTION
@ -135,7 +132,7 @@ ObpCreateDosDevicesDirectory(VOID)
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING RootName, TargetName, LinkName;
HANDLE Handle, SymHandle;
SECURITY_DESCRIPTOR DosDevicesSD;
PSECURITY_DESCRIPTOR DosDevicesSD = NULL;
NTSTATUS Status;
/* Create a custom security descriptor for the global DosDevices directory */
@ -149,11 +146,11 @@ ObpCreateDosDevicesDirectory(VOID)
&RootName,
OBJ_PERMANENT,
NULL,
&DosDevicesSD);
DosDevicesSD);
Status = NtCreateDirectoryObject(&Handle,
DIRECTORY_ALL_ACCESS,
&ObjectAttributes);
ObpFreeGlobalDosDevicesSD(&DosDevicesSD);
ExFreePoolWithTag(DosDevicesSD, TAG_SD);
if (!NT_SUCCESS(Status)) return Status;
/*********************************************\