mirror of
https://github.com/reactos/reactos.git
synced 2024-10-15 05:37:44 +00:00
Fix CreateLogoffSecurityAttributes. It does still not work because SetEntriesInAcl is not implemented yet.
svn path=/trunk/; revision=30331
This commit is contained in:
parent
5800eb6a82
commit
9e1aa0ccb4
|
@ -319,7 +319,7 @@ static NTSTATUS
|
||||||
CreateLogoffSecurityAttributes(
|
CreateLogoffSecurityAttributes(
|
||||||
OUT PSECURITY_ATTRIBUTES* ppsa)
|
OUT PSECURITY_ATTRIBUTES* ppsa)
|
||||||
{
|
{
|
||||||
/* The following code is no only incomplete, it's a mess and uncompilable */
|
/* The following code is not working yet and messy */
|
||||||
/* Still, it gives some ideas about data types and functions involved and */
|
/* Still, it gives some ideas about data types and functions involved and */
|
||||||
/* required to set up a SECURITY_DESCRIPTOR for a SECURITY_ATTRIBUTES */
|
/* required to set up a SECURITY_DESCRIPTOR for a SECURITY_ATTRIBUTES */
|
||||||
/* instance for a thread, to allow that thread to ImpersonateLoggedOnUser(). */
|
/* instance for a thread, to allow that thread to ImpersonateLoggedOnUser(). */
|
||||||
|
@ -328,7 +328,9 @@ CreateLogoffSecurityAttributes(
|
||||||
PSECURITY_ATTRIBUTES psa = 0;
|
PSECURITY_ATTRIBUTES psa = 0;
|
||||||
BYTE* pMem;
|
BYTE* pMem;
|
||||||
PACL pACL;
|
PACL pACL;
|
||||||
//EXPLICIT_ACCESS ea[2];
|
EXPLICIT_ACCESS Access;
|
||||||
|
PSID pEveryoneSID = NULL;
|
||||||
|
static SID_IDENTIFIER_AUTHORITY WorldAuthority = { SECURITY_WORLD_SID_AUTHORITY };
|
||||||
|
|
||||||
*ppsa = NULL;
|
*ppsa = NULL;
|
||||||
|
|
||||||
|
@ -351,6 +353,16 @@ CreateLogoffSecurityAttributes(
|
||||||
// while the user's SID obviously must be created for each new user.
|
// while the user's SID obviously must be created for each new user.
|
||||||
// Might as well store it when the user logs on?
|
// Might as well store it when the user logs on?
|
||||||
|
|
||||||
|
if(!AllocateAndInitializeSid(&WorldAuthority,
|
||||||
|
1,
|
||||||
|
SECURITY_WORLD_RID,
|
||||||
|
0, 0, 0, 0, 0, 0, 0,
|
||||||
|
&pEveryoneSID))
|
||||||
|
{
|
||||||
|
DPRINT("Failed to initialize security descriptor for logoff thread!\n");
|
||||||
|
return STATUS_UNSUCCESSFUL;
|
||||||
|
}
|
||||||
|
|
||||||
/* set up the required security attributes to be able to shut down */
|
/* set up the required security attributes to be able to shut down */
|
||||||
/* To save space and time, allocate a single block of memory holding */
|
/* To save space and time, allocate a single block of memory holding */
|
||||||
/* both SECURITY_ATTRIBUTES and SECURITY_DESCRIPTOR */
|
/* both SECURITY_ATTRIBUTES and SECURITY_DESCRIPTOR */
|
||||||
|
@ -372,6 +384,25 @@ CreateLogoffSecurityAttributes(
|
||||||
SecurityDescriptor = (PSECURITY_DESCRIPTOR)(pMem + sizeof(SECURITY_ATTRIBUTES));
|
SecurityDescriptor = (PSECURITY_DESCRIPTOR)(pMem + sizeof(SECURITY_ATTRIBUTES));
|
||||||
pACL = (PACL)(((PBYTE)SecurityDescriptor) + SECURITY_DESCRIPTOR_MIN_LENGTH);
|
pACL = (PACL)(((PBYTE)SecurityDescriptor) + SECURITY_DESCRIPTOR_MIN_LENGTH);
|
||||||
|
|
||||||
|
// Initialize an EXPLICIT_ACCESS structure for an ACE.
|
||||||
|
// The ACE will allow this thread to log off (and shut down the system, currently).
|
||||||
|
ZeroMemory(&Access, sizeof(Access));
|
||||||
|
Access.grfAccessPermissions = THREAD_SET_THREAD_TOKEN;
|
||||||
|
Access.grfAccessMode = SET_ACCESS; // GRANT_ACCESS?
|
||||||
|
Access.grfInheritance = NO_INHERITANCE;
|
||||||
|
Access.Trustee.TrusteeForm = TRUSTEE_IS_SID;
|
||||||
|
Access.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
|
||||||
|
Access.Trustee.ptstrName = pEveryoneSID;
|
||||||
|
|
||||||
|
if (SetEntriesInAcl(1, &Access, NULL, &pACL) != ERROR_SUCCESS)
|
||||||
|
{
|
||||||
|
// SetEntriesInAcl is not implemented yet
|
||||||
|
DPRINT1 ("Failed to set Access Rights for logoff thread. Logging out will most likely fail.\n");
|
||||||
|
|
||||||
|
HeapFree(GetProcessHeap(), 0, pMem);
|
||||||
|
return STATUS_UNSUCCESSFUL;
|
||||||
|
}
|
||||||
|
|
||||||
if (!InitializeSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
|
if (!InitializeSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
|
||||||
{
|
{
|
||||||
HeapFree(GetProcessHeap(), 0, pMem);
|
HeapFree(GetProcessHeap(), 0, pMem);
|
||||||
|
@ -379,18 +410,7 @@ CreateLogoffSecurityAttributes(
|
||||||
return STATUS_UNSUCCESSFUL;
|
return STATUS_UNSUCCESSFUL;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Initialize an EXPLICIT_ACCESS structure for an ACE.
|
if (!SetSecurityDescriptorDacl(SecurityDescriptor,
|
||||||
// The ACE will allow this thread to log off (and shut down the system, currently).
|
|
||||||
#if 0
|
|
||||||
ZeroMemory(ea, sizeof(ea));
|
|
||||||
ea[0].grfAccessPermissions = THREAD_SET_THREAD_TOKEN;
|
|
||||||
ea[0].grfAccessMode = SET_ACCESS; // GRANT_ACCESS?
|
|
||||||
ea[0].grfInheritance= NO_INHERITANCE;
|
|
||||||
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
|
|
||||||
ea[0].Trustee.TrusteeType = TRUSTEE_IS_USER;
|
|
||||||
ea[0].Trustee.ptstrName = (LPTSTR) pEveryoneSID;
|
|
||||||
|
|
||||||
if (!SetSecurityDescriptorDacl(pSD,
|
|
||||||
TRUE, // bDaclPresent flag
|
TRUE, // bDaclPresent flag
|
||||||
pACL,
|
pACL,
|
||||||
FALSE)) // not a default DACL
|
FALSE)) // not a default DACL
|
||||||
|
@ -399,7 +419,6 @@ CreateLogoffSecurityAttributes(
|
||||||
HeapFree(GetProcessHeap(), 0, pMem);
|
HeapFree(GetProcessHeap(), 0, pMem);
|
||||||
return STATUS_UNSUCCESSFUL;
|
return STATUS_UNSUCCESSFUL;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
psa->nLength = sizeof(SECURITY_ATTRIBUTES);
|
psa->nLength = sizeof(SECURITY_ATTRIBUTES);
|
||||||
psa->lpSecurityDescriptor = SecurityDescriptor;
|
psa->lpSecurityDescriptor = SecurityDescriptor;
|
||||||
|
@ -447,14 +466,9 @@ HandleLogoff(
|
||||||
Status = CreateLogoffSecurityAttributes(&psa);
|
Status = CreateLogoffSecurityAttributes(&psa);
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
WARN("Failed to create a required security descriptor. Status 0x%08x\n", Status);
|
ERR("Failed to create a required security descriptor. Status 0x%08x\n", Status);
|
||||||
#if 1
|
|
||||||
WARN("Attempting to continue without it.\n");
|
|
||||||
#else
|
|
||||||
ERR("Aborting logoff\n");
|
|
||||||
HeapFree(GetProcessHeap(), 0, LSData);
|
HeapFree(GetProcessHeap(), 0, LSData);
|
||||||
return Status;
|
return Status;
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Run logoff thread */
|
/* Run logoff thread */
|
||||||
|
|
|
@ -36,6 +36,8 @@
|
||||||
#include <exfuncs.h>
|
#include <exfuncs.h>
|
||||||
#include <setypes.h>
|
#include <setypes.h>
|
||||||
#include <ntsecapi.h>
|
#include <ntsecapi.h>
|
||||||
|
#include <accctrl.h>
|
||||||
|
#include <aclapi.h>
|
||||||
|
|
||||||
#include <reactos/winlogon.h>
|
#include <reactos/winlogon.h>
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue