[SERVICES]

Create an individual security descriptor for each service. We cannot use a common default security descriptor because RtlSetSecurityObject will free the old security descriptor when we try to set a new one.

svn path=/trunk/; revision=71679

reactos/base/system/services/config.c

@@ -513,9 +513,8 @@ ScmWriteSecurityDescriptor(
     DWORD dwDisposition;
     DWORD dwError;
 
-    DPRINT1("ScmWriteSecurityDescriptor(%p %p)\n", hServiceKey, pSecurityDescriptor);
+    DPRINT("ScmWriteSecurityDescriptor(%p %p)\n", hServiceKey, pSecurityDescriptor);
 
-DPRINT1("\n");
     dwError = RegCreateKeyExW(hServiceKey,
                               L"Security",
                               0,
@@ -526,23 +525,16 @@ DPRINT1("\n");
                               &hSecurityKey,
                               &dwDisposition);
     if (dwError != ERROR_SUCCESS)
-    {
-DPRINT1("\n");
-        goto done;
-    }
+        return dwError;
 
-DPRINT1("\n");
     dwError = RegSetValueExW(hSecurityKey,
                              L"Security",
                              0,
                              REG_BINARY,
                              (LPBYTE)pSecurityDescriptor,
                              RtlLengthSecurityDescriptor(pSecurityDescriptor));
-DPRINT1("\n");
 
-done:
-    if (hSecurityKey != NULL)
-        RegCloseKey(hSecurityKey);
+    RegCloseKey(hSecurityKey);
 
     return dwError;
 }
@@ -559,7 +551,7 @@ ScmReadSecurityDescriptor(
     DWORD dwType;
     DWORD dwError;
 
-    DPRINT("ScmReadSecurityDescriptor()\n");
+    DPRINT("ScmReadSecurityDescriptor(%p %p)\n", hServiceKey, ppSecurityDescriptor);
 
     *ppSecurityDescriptor = NULL;
 

reactos/base/system/services/database.c

@@ -555,8 +555,7 @@ ScmDeleteServiceRecord(PSERVICE lpService)
     ScmSetServiceGroup(lpService, NULL);
 
     /* Release the SecurityDescriptor */
-    if ((lpService->pSecurityDescriptor != NULL) &&
-        (lpService->pSecurityDescriptor != pDefaultServiceSD))
+    if (lpService->pSecurityDescriptor != NULL)
         HeapFree(GetProcessHeap(), 0, lpService->pSecurityDescriptor);
 
     /* Remove the Service from the List */
@@ -706,7 +705,9 @@ CreateServiceListEntry(LPCWSTR lpServiceName,
         if (lpService->pSecurityDescriptor == NULL)
         {
             DPRINT("No security descriptor found! Assign default security descriptor!\n");
-            lpService->pSecurityDescriptor = pDefaultServiceSD;
+            dwError = ScmCreateDefaultServiceSD(&lpService->pSecurityDescriptor);
+            if (dwError != ERROR_SUCCESS)
+                goto done;
 
             dwError = ScmWriteSecurityDescriptor(hServiceKey,
                                                  lpService->pSecurityDescriptor);

reactos/base/system/services/rpcserver.c

@@ -2255,7 +2255,9 @@ DWORD RCreateServiceW(
     /* Assign the default security descriptor */
     if (dwServiceType & SERVICE_WIN32)
     {
-        lpService->pSecurityDescriptor = pDefaultServiceSD;
+        dwError = ScmCreateDefaultServiceSD(&lpService->pSecurityDescriptor);
+        if (dwError != ERROR_SUCCESS)
+            goto done;
     }
 
     /* Write service data to the registry */

reactos/base/system/services/security.c

@@ -13,8 +13,6 @@
 #define NDEBUG
 #include <debug.h>
 
-PSECURITY_DESCRIPTOR pDefaultServiceSD = NULL; /* Self-relative SD */
-
 static PSID pNullSid = NULL;
 static PSID pLocalSystemSid = NULL;
 static PSID pAuthenticatedUserSid = NULL;
@@ -102,11 +100,12 @@ ScmCreateSids(VOID)
 }
 
 
-static
 DWORD
-ScmCreateDefaultServiceSD(VOID)
+ScmCreateDefaultServiceSD(
+    PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
 {
     PSECURITY_DESCRIPTOR pServiceSD = NULL;
+    PSECURITY_DESCRIPTOR pRelativeSD = NULL;
     PACL pDacl = NULL;
     PACL pSacl = NULL;
     ULONG ulLength;
@@ -234,32 +233,32 @@ ScmCreateDefaultServiceSD(VOID)
 
     DPRINT("BufferLength %lu\n", dwBufferLength);
 
-    pDefaultServiceSD = RtlAllocateHeap(RtlGetProcessHeap(),
-                                        HEAP_ZERO_MEMORY,
-                                        dwBufferLength);
-    if (pDefaultServiceSD == NULL)
+    pRelativeSD = RtlAllocateHeap(RtlGetProcessHeap(),
+                                  HEAP_ZERO_MEMORY,
+                                  dwBufferLength);
+    if (pRelativeSD == NULL)
     {
         dwError = ERROR_OUTOFMEMORY;
         goto done;
     }
-    DPRINT("pDefaultServiceSD %p\n", pDefaultServiceSD);
+    DPRINT("pRelativeSD %p\n", pRelativeSD);
 
     Status = RtlAbsoluteToSelfRelativeSD(pServiceSD,
-                                         pDefaultServiceSD,
+                                         pRelativeSD,
                                          &dwBufferLength);
     if (!NT_SUCCESS(Status))
     {
         dwError = RtlNtStatusToDosError(Status);
+        goto done;
     }
 
+    *ppSecurityDescriptor = pRelativeSD;
+
 done:
     if (dwError != ERROR_SUCCESS)
     {
-        if (pDefaultServiceSD != NULL)
-        {
-            RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultServiceSD);
-            pDefaultServiceSD = NULL;
-        }
+        if (pRelativeSD != NULL)
+            RtlFreeHeap(RtlGetProcessHeap(), 0, pRelativeSD);
     }
 
     if (pServiceSD != NULL)
@@ -284,10 +283,6 @@ ScmInitializeSecurity(VOID)
     if (dwError != ERROR_SUCCESS)
         return dwError;
 
-    dwError = ScmCreateDefaultServiceSD();
-    if (dwError != ERROR_SUCCESS)
-        return dwError;
-
     return ERROR_SUCCESS;
 }
 

reactos/base/system/services/services.h

@@ -98,8 +98,6 @@ extern LIST_ENTRY ImageListHead;
 extern BOOL ScmInitialize;
 extern BOOL ScmShutdown;
 
-extern PSECURITY_DESCRIPTOR pDefaultServiceSD;
-
 
 /* FUNCTIONS ***************************************************************/
 
@@ -215,6 +213,10 @@ VOID ScmStartRpcServer(VOID);
 DWORD ScmInitializeSecurity(VOID);
 VOID ScmShutdownSecurity(VOID);
 
+DWORD
+ScmCreateDefaultServiceSD(
+    PSECURITY_DESCRIPTOR *ppSecurityDescriptor);
+
 
 /* services.c */