Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-30 18:01:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SERVICES]

Browse source 
Use self-relative security descriptors only:
- Convert the default service security descriptor to the self-relative format.
- Remove security descriptor format conversions from ScmReadSecurityDescriptor and ScmWriteSecurityDescriptor.

svn path=/trunk/; revision=71676
This commit is contained in:
Eric Kohl 2016-06-26 15:02:48 +00:00
parent 6f6f0dfc4e
commit d8eb428154
2 changed files with 53 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

79
reactos/base/system/services/config.c
View file

@ -15,6 +15,11 @@
#define NDEBUG
#include <debug.h>
ULONG
NTAPI
RtlLengthSecurityDescriptor(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
/* FUNCTIONS *****************************************************************/
@ -504,46 +509,12 @@ ScmWriteSecurityDescriptor(
_In_ HKEY hServiceKey,
_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor)
{
PSECURITY_DESCRIPTOR pRelativeSD = NULL;
HKEY hSecurityKey = NULL;
DWORD dwBufferLength = 0;
DWORD dwDisposition;
DWORD dwError;
NTSTATUS Status;
DPRINT1("ScmWriteSecurityDescriptor(%p %p)\n", hServiceKey, pSecurityDescriptor);
Status = RtlAbsoluteToSelfRelativeSD(pSecurityDescriptor,
NULL,
&dwBufferLength);
if (Status != STATUS_BUFFER_TOO_SMALL)
{
DPRINT1("\n");
return RtlNtStatusToDosError(Status);
}
DPRINT1("BufferLength %lu\n", dwBufferLength);
pRelativeSD = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
dwBufferLength);
if (pRelativeSD == NULL)
{
DPRINT1("\n");
return ERROR_OUTOFMEMORY;
}
DPRINT1("\n");
Status = RtlAbsoluteToSelfRelativeSD(pSecurityDescriptor,
pRelativeSD,
&dwBufferLength);
if (!NT_SUCCESS(Status))
{
DPRINT1("\n");
dwError = RtlNtStatusToDosError(Status);
goto done;
}
DPRINT1("\n");
dwError = RegCreateKeyExW(hServiceKey,
L"Security",
@ -565,17 +536,14 @@ DPRINT1("\n");
L"Security",
0,
REG_BINARY,
(LPBYTE)pRelativeSD,
dwBufferLength);
(LPBYTE)pSecurityDescriptor,
RtlLengthSecurityDescriptor(pSecurityDescriptor));
DPRINT1("\n");
done:
if (hSecurityKey != NULL)
RegCloseKey(hSecurityKey);
if (pRelativeSD != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pRelativeSD);
return dwError;
}
@ -586,13 +554,10 @@ ScmReadSecurityDescriptor(
_Out_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
{
PSECURITY_DESCRIPTOR pRelativeSD = NULL;
PSECURITY_DESCRIPTOR pResizedBuffer = NULL;
HKEY hSecurityKey = NULL;
DWORD dwBufferLength = 0;
DWORD dwAbsoluteSDSize = 0;
DWORD dwType;
DWORD dwError;
NTSTATUS Status;
DPRINT("ScmReadSecurityDescriptor()\n");
@ -650,36 +615,6 @@ ScmReadSecurityDescriptor(
goto done;
}
Status = RtlSelfRelativeToAbsoluteSD2(pRelativeSD,
&dwAbsoluteSDSize);
if (Status == STATUS_BUFFER_TOO_SMALL)
{
pResizedBuffer = RtlReAllocateHeap(RtlGetProcessHeap(),
0,
pRelativeSD,
dwAbsoluteSDSize);
if (pResizedBuffer == NULL)
{
dwError = ERROR_OUTOFMEMORY;
goto done;
}
pRelativeSD = pResizedBuffer;
Status = RtlSelfRelativeToAbsoluteSD2(pRelativeSD,
&dwAbsoluteSDSize);
if (!NT_SUCCESS(Status))
{
dwError = RtlNtStatusToDosError(Status);
goto done;
}
}
else if (!NT_SUCCESS(Status))
{
dwError = RtlNtStatusToDosError(Status);
goto done;
}
*ppSecurityDescriptor = pRelativeSD;
done:

59
reactos/base/system/services/security.c
View file

@ -13,7 +13,7 @@
#define NDEBUG
#include <debug.h>
PSECURITY_DESCRIPTOR pDefaultServiceSD = NULL;
PSECURITY_DESCRIPTOR pDefaultServiceSD = NULL; /* Self-relative SD */
static PSID pNullSid = NULL;
static PSID pLocalSystemSid = NULL;
@ -110,6 +110,7 @@ ScmCreateDefaultServiceSD(VOID)
PACL pDacl = NULL;
PACL pSacl = NULL;
ULONG ulLength;
DWORD dwBufferLength = 0;
NTSTATUS Status;
DWORD dwError = ERROR_SUCCESS;
@ -166,14 +167,14 @@ ScmCreateDefaultServiceSD(VOID)
FALSE,
TRUE);
/* Create the absolute security descriptor */
pServiceSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR));
if (pServiceSD == NULL)
{
dwError = ERROR_OUTOFMEMORY;
goto done;
}
DPRINT1("pServiceSD %p\n", pServiceSD);
DPRINT("pServiceSD %p\n", pServiceSD);
Status = RtlCreateSecurityDescriptor(pServiceSD,
SECURITY_DESCRIPTOR_REVISION);
@ -221,23 +222,55 @@ DPRINT1("pServiceSD %p\n", pServiceSD);
goto done;
}
/* Convert the absolute SD to a self-relative SD */
Status = RtlAbsoluteToSelfRelativeSD(pServiceSD,
NULL,
&dwBufferLength);
if (Status != STATUS_BUFFER_TOO_SMALL)
{
dwError = RtlNtStatusToDosError(Status);
goto done;
}
pDefaultServiceSD = pServiceSD;
DPRINT1("pDefaultServiceSD %p\n", pDefaultServiceSD);
DPRINT("BufferLength %lu\n", dwBufferLength);
pDefaultServiceSD = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
dwBufferLength);
if (pDefaultServiceSD == NULL)
{
dwError = ERROR_OUTOFMEMORY;
goto done;
}
DPRINT("pDefaultServiceSD %p\n", pDefaultServiceSD);
Status = RtlAbsoluteToSelfRelativeSD(pServiceSD,
pDefaultServiceSD,
&dwBufferLength);
if (!NT_SUCCESS(Status))
{
dwError = RtlNtStatusToDosError(Status);
}
done:
if (dwError != ERROR_SUCCESS)
{
if (pDacl != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pDacl);
if (pSacl != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pSacl);
if (pServiceSD != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pServiceSD);
if (pDefaultServiceSD != NULL)
{
RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultServiceSD);
pDefaultServiceSD = NULL;
}
}
if (pServiceSD != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pServiceSD);
if (pSacl != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pSacl);
if (pDacl != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pDacl);
return dwError;
}