Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-22 16:36:33 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOSKRNL] Simplify ObpCreateGlobalDosDevicesSD by using a SD on the stack

Browse source 
Rename it to ObpGetDosDevicesProtection to reflect the two previous changes:
its purpose is to return a DACL matching protection mode
This commit is contained in:
Pierre Schweitzer 2019-05-21 08:50:55 +02:00
parent 33f524c625
commit 95d303bf13
No known key found for this signature in database
GPG key ID: 7545556C3D585B0B
1 changed files with 20 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
ntoskrnl/ob/obname.c
View file

@ -37,12 +37,13 @@ ULONG ObpUnsecureGlobalNamesLength = sizeof(ObpUnsecureGlobalNamesBuffer);
INIT_FUNCTION
NTSTATUS
NTAPI
ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
{
PSECURITY_DESCRIPTOR Sd = NULL;
PACL Dacl;
ULONG AclSize, SdSize;
NTSTATUS Status;
ULONG AclSize;
/* Initialize the SD */
RtlCreateSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
if (ObpProtectionMode & 1)
{
@ -54,23 +55,13 @@ ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
sizeof(ACE) + RtlLengthSid(SeCreatorOwnerSid);
SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
/* Allocate the SD and ACL */
Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
if (Sd == NULL)
/* Allocate the ACL */
Dacl = ExAllocatePoolWithTag(PagedPool, AclSize, 'lcaD');
if (Dacl == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
/* Initialize the SD */
Status = RtlCreateSecurityDescriptor(Sd,
SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(Status))
return Status;
Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
/* Initialize the DACL */
RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
@ -116,23 +107,13 @@ ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
sizeof(ACE) + RtlLengthSid(SeWorldSid) +
sizeof(ACE) + RtlLengthSid(SeLocalSystemSid);
SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
/* Allocate the SD and ACL */
Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
if (Sd == NULL)
/* Allocate the ACL */
Dacl = ExAllocatePoolWithTag(PagedPool, AclSize, 'lcaD');
if (Dacl == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
/* Initialize the SD */
Status = RtlCreateSecurityDescriptor(Sd,
SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(Status))
return Status;
Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
/* Initialize the DACL */
RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
@ -155,23 +136,9 @@ ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
}
/* Attach the DACL to the SD */
Status = RtlSetDaclSecurityDescriptor(Sd,
TRUE,
Dacl,
FALSE);
if (!NT_SUCCESS(Status))
goto done;
RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Dacl, FALSE);
*SecurityDescriptor = Sd;
done:
if (!NT_SUCCESS(Status))
{
if (Sd != NULL)
ExFreePoolWithTag(Sd, TAG_SD);
}
return Status;
return STATUS_SUCCESS;
}
INIT_FUNCTION
@ -182,11 +149,13 @@ ObpCreateDosDevicesDirectory(VOID)
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING RootName, TargetName, LinkName;
HANDLE Handle, SymHandle;
PSECURITY_DESCRIPTOR DosDevicesSD = NULL;
SECURITY_DESCRIPTOR DosDevicesSD;
NTSTATUS Status;
PACL Dacl;
BOOLEAN DaclPresent, DaclDefaulted;
/* Create a custom security descriptor for the global DosDevices directory */
Status = ObpCreateGlobalDosDevicesSD(&DosDevicesSD);
Status = ObpGetDosDevicesProtection(&DosDevicesSD);
if (!NT_SUCCESS(Status))
return Status;
@ -196,11 +165,12 @@ ObpCreateDosDevicesDirectory(VOID)
&RootName,
OBJ_PERMANENT,
NULL,
DosDevicesSD);
&DosDevicesSD);
Status = NtCreateDirectoryObject(&Handle,
DIRECTORY_ALL_ACCESS,
&ObjectAttributes);
ExFreePoolWithTag(DosDevicesSD, TAG_SD);
RtlGetDaclSecurityDescriptor(&DosDevicesSD, &DaclPresent, &Dacl, &DaclDefaulted);
ExFreePoolWithTag(Dacl, 'lcaD');
if (!NT_SUCCESS(Status)) return Status;
/* Create the system device map */