Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-05-23 19:14:48 +00:00
Code Issues Projects Releases Packages Wiki Activity

[SERVICES]

Browse source 
Use self-relative security descriptors only:
- Convert the default service security descriptor to the self-relative format.
- Remove security descriptor format conversions from ScmReadSecurityDescriptor and ScmWriteSecurityDescriptor.

svn path=/trunk/; revision=71676
This commit is contained in:
Eric Kohl 2016-06-26 15:02:48 +00:00
parent 6f6f0dfc4e
commit d8eb428154
2 changed files with 53 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

79
reactos/base/system/services/config.c
View file

@ -15,6 +15,11 @@
#define NDEBUG #define NDEBUG
#include <debug.h> #include <debug.h>
ULONG
NTAPI
RtlLengthSecurityDescriptor(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
/* FUNCTIONS *****************************************************************/ /* FUNCTIONS *****************************************************************/
@ -504,46 +509,12 @@ ScmWriteSecurityDescriptor(
_In_ HKEY hServiceKey, _In_ HKEY hServiceKey,
_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor) _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor)
{ {
PSECURITY_DESCRIPTOR pRelativeSD = NULL;
HKEY hSecurityKey = NULL; HKEY hSecurityKey = NULL;
DWORD dwBufferLength = 0;
DWORD dwDisposition; DWORD dwDisposition;
DWORD dwError; DWORD dwError;
NTSTATUS Status;
DPRINT1("ScmWriteSecurityDescriptor(%p %p)\n", hServiceKey, pSecurityDescriptor); DPRINT1("ScmWriteSecurityDescriptor(%p %p)\n", hServiceKey, pSecurityDescriptor);
Status = RtlAbsoluteToSelfRelativeSD(pSecurityDescriptor,
NULL,
&dwBufferLength);
if (Status != STATUS_BUFFER_TOO_SMALL)
{
DPRINT1("\n");
return RtlNtStatusToDosError(Status);
}
DPRINT1("BufferLength %lu\n", dwBufferLength);
pRelativeSD = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
dwBufferLength);
if (pRelativeSD == NULL)
{
DPRINT1("\n");
return ERROR_OUTOFMEMORY;
}
DPRINT1("\n");
Status = RtlAbsoluteToSelfRelativeSD(pSecurityDescriptor,
pRelativeSD,
&dwBufferLength);
if (!NT_SUCCESS(Status))
{
DPRINT1("\n");
dwError = RtlNtStatusToDosError(Status);
goto done;
}
DPRINT1("\n"); DPRINT1("\n");
dwError = RegCreateKeyExW(hServiceKey, dwError = RegCreateKeyExW(hServiceKey,
L"Security", L"Security",
@ -565,17 +536,14 @@ DPRINT1("\n");
L"Security", L"Security",
0, 0,
REG_BINARY, REG_BINARY,
(LPBYTE)pRelativeSD, (LPBYTE)pSecurityDescriptor,
dwBufferLength); RtlLengthSecurityDescriptor(pSecurityDescriptor));
DPRINT1("\n"); DPRINT1("\n");
done: done:
if (hSecurityKey != NULL) if (hSecurityKey != NULL)
RegCloseKey(hSecurityKey); RegCloseKey(hSecurityKey);
if (pRelativeSD != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pRelativeSD);
return dwError; return dwError;
} }
@ -586,13 +554,10 @@ ScmReadSecurityDescriptor(
_Out_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor) _Out_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
{ {
PSECURITY_DESCRIPTOR pRelativeSD = NULL; PSECURITY_DESCRIPTOR pRelativeSD = NULL;
PSECURITY_DESCRIPTOR pResizedBuffer = NULL;
HKEY hSecurityKey = NULL; HKEY hSecurityKey = NULL;
DWORD dwBufferLength = 0; DWORD dwBufferLength = 0;
DWORD dwAbsoluteSDSize = 0;
DWORD dwType; DWORD dwType;
DWORD dwError; DWORD dwError;
NTSTATUS Status;
DPRINT("ScmReadSecurityDescriptor()\n"); DPRINT("ScmReadSecurityDescriptor()\n");
@ -650,36 +615,6 @@ ScmReadSecurityDescriptor(
goto done; goto done;
} }
Status = RtlSelfRelativeToAbsoluteSD2(pRelativeSD,
&dwAbsoluteSDSize);
if (Status == STATUS_BUFFER_TOO_SMALL)
{
pResizedBuffer = RtlReAllocateHeap(RtlGetProcessHeap(),
0,
pRelativeSD,
dwAbsoluteSDSize);
if (pResizedBuffer == NULL)
{
dwError = ERROR_OUTOFMEMORY;
goto done;
}
pRelativeSD = pResizedBuffer;
Status = RtlSelfRelativeToAbsoluteSD2(pRelativeSD,
&dwAbsoluteSDSize);
if (!NT_SUCCESS(Status))
{
dwError = RtlNtStatusToDosError(Status);
goto done;
}
}
else if (!NT_SUCCESS(Status))
{
dwError = RtlNtStatusToDosError(Status);
goto done;
}
*ppSecurityDescriptor = pRelativeSD; *ppSecurityDescriptor = pRelativeSD;
done: done:

53
reactos/base/system/services/security.c
View file

@ -13,7 +13,7 @@
#define NDEBUG #define NDEBUG
#include <debug.h> #include <debug.h>
PSECURITY_DESCRIPTOR pDefaultServiceSD = NULL; PSECURITY_DESCRIPTOR pDefaultServiceSD = NULL; /* Self-relative SD */
static PSID pNullSid = NULL; static PSID pNullSid = NULL;
static PSID pLocalSystemSid = NULL; static PSID pLocalSystemSid = NULL;
@ -110,6 +110,7 @@ ScmCreateDefaultServiceSD(VOID)
PACL pDacl = NULL; PACL pDacl = NULL;
PACL pSacl = NULL; PACL pSacl = NULL;
ULONG ulLength; ULONG ulLength;
DWORD dwBufferLength = 0;
NTSTATUS Status; NTSTATUS Status;
DWORD dwError = ERROR_SUCCESS; DWORD dwError = ERROR_SUCCESS;
@ -166,14 +167,14 @@ ScmCreateDefaultServiceSD(VOID)
FALSE, FALSE,
TRUE); TRUE);
/* Create the absolute security descriptor */
pServiceSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR)); pServiceSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR));
if (pServiceSD == NULL) if (pServiceSD == NULL)
{ {
dwError = ERROR_OUTOFMEMORY; dwError = ERROR_OUTOFMEMORY;
goto done; goto done;
} }
DPRINT1("pServiceSD %p\n", pServiceSD); DPRINT("pServiceSD %p\n", pServiceSD);
Status = RtlCreateSecurityDescriptor(pServiceSD, Status = RtlCreateSecurityDescriptor(pServiceSD,
SECURITY_DESCRIPTOR_REVISION); SECURITY_DESCRIPTOR_REVISION);
@ -221,22 +222,54 @@ DPRINT1("pServiceSD %p\n", pServiceSD);
goto done; goto done;
} }
/* Convert the absolute SD to a self-relative SD */
Status = RtlAbsoluteToSelfRelativeSD(pServiceSD,
NULL,
&dwBufferLength);
if (Status != STATUS_BUFFER_TOO_SMALL)
{
dwError = RtlNtStatusToDosError(Status);
goto done;
}
pDefaultServiceSD = pServiceSD; DPRINT("BufferLength %lu\n", dwBufferLength);
DPRINT1("pDefaultServiceSD %p\n", pDefaultServiceSD);
pDefaultServiceSD = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
dwBufferLength);
if (pDefaultServiceSD == NULL)
{
dwError = ERROR_OUTOFMEMORY;
goto done;
}
DPRINT("pDefaultServiceSD %p\n", pDefaultServiceSD);
Status = RtlAbsoluteToSelfRelativeSD(pServiceSD,
pDefaultServiceSD,
&dwBufferLength);
if (!NT_SUCCESS(Status))
{
dwError = RtlNtStatusToDosError(Status);
}
done: done:
if (dwError != ERROR_SUCCESS) if (dwError != ERROR_SUCCESS)
{ {
if (pDacl != NULL) if (pDefaultServiceSD != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pDacl); {
RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultServiceSD);
pDefaultServiceSD = NULL;
}
}
if (pServiceSD != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pServiceSD);
if (pSacl != NULL) if (pSacl != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pSacl); RtlFreeHeap(RtlGetProcessHeap(), 0, pSacl);
if (pServiceSD != NULL) if (pDacl != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pServiceSD); RtlFreeHeap(RtlGetProcessHeap(), 0, pDacl);
}
return dwError; return dwError;
} }