mirror of
https://github.com/reactos/reactos.git
synced 2024-12-28 10:04:49 +00:00
SeCaptureSecurityDescriptor() should only copy SIDs and ACLs when present
svn path=/trunk/; revision=13178
This commit is contained in:
Thomas Bluemel
parent
53ea2da74d
commit
d183d616d0
1 changed files with 25 additions and 29 deletions
|
|
@ -127,7 +127,7 @@ SeCaptureSecurityDescriptor(
|
||||||
ULONG OwnerSAC = 0, GroupSAC = 0;
|
ULONG OwnerSAC = 0, GroupSAC = 0;
|
||||||
ULONG OwnerSize = 0, GroupSize = 0;
|
ULONG OwnerSize = 0, GroupSize = 0;
|
||||||
ULONG SaclSize = 0, DaclSize = 0;
|
ULONG SaclSize = 0, DaclSize = 0;
|
||||||
ULONG DescriptorSize;
|
ULONG DescriptorSize = sizeof(SECURITY_DESCRIPTOR);
|
||||||
NTSTATUS Status = STATUS_SUCCESS;
|
NTSTATUS Status = STATUS_SUCCESS;
|
||||||
|
|
||||||
if(OriginalSecurityDescriptor != NULL)
|
if(OriginalSecurityDescriptor != NULL)
|
||||||
|
|
@ -212,6 +212,7 @@ SeCaptureSecurityDescriptor(
|
||||||
1); \
|
1); \
|
||||||
SidType##SAC = SidType->SubAuthorityCount; \
|
SidType##SAC = SidType->SubAuthorityCount; \
|
||||||
SidType##Size = RtlLengthRequiredSid(SidType##SAC); \
|
SidType##Size = RtlLengthRequiredSid(SidType##SAC); \
|
||||||
|
DescriptorSize += ROUND_UP(SidType##Size, sizeof(ULONG)); \
|
||||||
ProbeForRead(SidType, \
|
ProbeForRead(SidType, \
|
||||||
SidType##Size, \
|
SidType##Size, \
|
||||||
sizeof(ULONG)); \
|
sizeof(ULONG)); \
|
||||||
|
|
@ -235,6 +236,7 @@ SeCaptureSecurityDescriptor(
|
||||||
{ \
|
{ \
|
||||||
SidType##SAC = SidType->SubAuthorityCount; \
|
SidType##SAC = SidType->SubAuthorityCount; \
|
||||||
SidType##Size = RtlLengthRequiredSid(SidType##SAC); \
|
SidType##Size = RtlLengthRequiredSid(SidType##SAC); \
|
||||||
|
DescriptorSize += ROUND_UP(SidType##Size, sizeof(ULONG)); \
|
||||||
} \
|
} \
|
||||||
} \
|
} \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
@ -259,6 +261,7 @@ SeCaptureSecurityDescriptor(
|
||||||
sizeof(AclType->AclSize), \
|
sizeof(AclType->AclSize), \
|
||||||
1); \
|
1); \
|
||||||
AclType##Size = AclType->AclSize; \
|
AclType##Size = AclType->AclSize; \
|
||||||
|
DescriptorSize += ROUND_UP(AclType##Size, sizeof(ULONG)); \
|
||||||
ProbeForRead(AclType, \
|
ProbeForRead(AclType, \
|
||||||
AclType##Size, \
|
AclType##Size, \
|
||||||
sizeof(ULONG)); \
|
sizeof(ULONG)); \
|
||||||
|
|
@ -281,6 +284,7 @@ SeCaptureSecurityDescriptor(
|
||||||
else \
|
else \
|
||||||
{ \
|
{ \
|
||||||
AclType##Size = AclType->AclSize; \
|
AclType##Size = AclType->AclSize; \
|
||||||
|
DescriptorSize += ROUND_UP(AclType##Size, sizeof(ULONG)); \
|
||||||
} \
|
} \
|
||||||
} \
|
} \
|
||||||
else \
|
else \
|
||||||
|
|
@ -294,12 +298,6 @@ SeCaptureSecurityDescriptor(
|
||||||
|
|
||||||
/* allocate enough memory to store a complete copy of a self-relative
|
/* allocate enough memory to store a complete copy of a self-relative
|
||||||
security descriptor */
|
security descriptor */
|
||||||
DescriptorSize = sizeof(SECURITY_DESCRIPTOR) +
|
|
||||||
ROUND_UP(OwnerSize, sizeof(ULONG)) +
|
|
||||||
ROUND_UP(GroupSize, sizeof(ULONG)) +
|
|
||||||
ROUND_UP(SaclSize, sizeof(ULONG)) +
|
|
||||||
ROUND_UP(DaclSize, sizeof(ULONG));
|
|
||||||
|
|
||||||
NewDescriptor = ExAllocatePool(PoolType,
|
NewDescriptor = ExAllocatePool(PoolType,
|
||||||
DescriptorSize);
|
DescriptorSize);
|
||||||
if(NewDescriptor != NULL)
|
if(NewDescriptor != NULL)
|
||||||
|
|
@ -310,30 +308,28 @@ SeCaptureSecurityDescriptor(
|
||||||
NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
|
NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
|
||||||
NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
|
NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
|
||||||
|
|
||||||
/* setup the offsets to the SIDs and ACLs */
|
|
||||||
NewDescriptor->Owner = (PVOID)Offset;
|
|
||||||
Offset += ROUND_UP(OwnerSize, sizeof(ULONG));
|
|
||||||
NewDescriptor->Group = (PVOID)Offset;
|
|
||||||
Offset += ROUND_UP(GroupSize, sizeof(ULONG));
|
|
||||||
NewDescriptor->Sacl = (PVOID)Offset;
|
|
||||||
Offset += ROUND_UP(SaclSize, sizeof(ULONG));
|
|
||||||
NewDescriptor->Dacl = (PVOID)Offset;
|
|
||||||
|
|
||||||
_SEH_TRY
|
_SEH_TRY
|
||||||
{
|
{
|
||||||
/* copy the SIDs and ACLs to the new self-relative security descriptor */
|
/* setup the offsets and copy the SIDs and ACLs to the new
|
||||||
RtlCopyMemory((PVOID)((ULONG_PTR)NewDescriptor + (ULONG_PTR)NewDescriptor->Owner),
|
self-relative security descriptor. Probing the pointers is not
|
||||||
DescriptorCopy.Owner,
|
neccessary anymore as we did that when collecting the sizes! */
|
||||||
OwnerSize);
|
#define CopySIDOrACL(Type) \
|
||||||
RtlCopyMemory((PVOID)((ULONG_PTR)NewDescriptor + (ULONG_PTR)NewDescriptor->Group),
|
do { \
|
||||||
DescriptorCopy.Group,
|
if(DescriptorCopy.Type != NULL) \
|
||||||
GroupSize);
|
{ \
|
||||||
RtlCopyMemory((PVOID)((ULONG_PTR)NewDescriptor + (ULONG_PTR)NewDescriptor->Sacl),
|
NewDescriptor->Type = (PVOID)Offset; \
|
||||||
DescriptorCopy.Sacl,
|
RtlCopyMemory((PVOID)((ULONG_PTR)NewDescriptor + \
|
||||||
SaclSize);
|
(ULONG_PTR)NewDescriptor->Type), \
|
||||||
RtlCopyMemory((PVOID)((ULONG_PTR)NewDescriptor + (ULONG_PTR)NewDescriptor->Dacl),
|
DescriptorCopy.Type, \
|
||||||
DescriptorCopy.Dacl,
|
Type##Size); \
|
||||||
DaclSize);
|
Offset += ROUND_UP(Type##Size, sizeof(ULONG)); \
|
||||||
|
} \
|
||||||
|
} while(0)
|
||||||
|
|
||||||
|
CopySIDOrACL(Owner);
|
||||||
|
CopySIDOrACL(Group);
|
||||||
|
CopySIDOrACL(Sacl);
|
||||||
|
CopySIDOrACL(Dacl);
|
||||||
}
|
}
|
||||||
_SEH_HANDLE
|
_SEH_HANDLE
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue