mirror of
https://github.com/reactos/reactos.git
synced 2024-10-02 07:26:47 +00:00
fixed SeSetWorldSecurityDescriptor() so it creates a security descriptor that is at least valid
svn path=/trunk/; revision=20851
This commit is contained in:
parent
7c8174e7ee
commit
e1fd1adbfa
|
@ -125,6 +125,7 @@ SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
|
||||||
ULONG SidSize;
|
ULONG SidSize;
|
||||||
ULONG SdSize;
|
ULONG SdSize;
|
||||||
NTSTATUS Status;
|
NTSTATUS Status;
|
||||||
|
PISECURITY_DESCRIPTOR_RELATIVE SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)SecurityDescriptor;
|
||||||
|
|
||||||
DPRINT("SeSetWorldSecurityDescriptor() called\n");
|
DPRINT("SeSetWorldSecurityDescriptor() called\n");
|
||||||
|
|
||||||
|
@ -133,8 +134,17 @@ SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
|
||||||
return STATUS_ACCESS_DENIED;
|
return STATUS_ACCESS_DENIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* calculate the minimum size of the buffer */
|
||||||
SidSize = RtlLengthSid(SeWorldSid);
|
SidSize = RtlLengthSid(SeWorldSid);
|
||||||
SdSize = sizeof(SECURITY_DESCRIPTOR) + (2 * SidSize);
|
SdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
|
||||||
|
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
|
||||||
|
SdSize += SidSize;
|
||||||
|
if (SecurityInformation & GROUP_SECURITY_INFORMATION)
|
||||||
|
SdSize += SidSize;
|
||||||
|
if (SecurityInformation & DACL_SECURITY_INFORMATION)
|
||||||
|
{
|
||||||
|
SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
|
||||||
|
}
|
||||||
|
|
||||||
if (*BufferLength < SdSize)
|
if (*BufferLength < SdSize)
|
||||||
{
|
{
|
||||||
|
@ -144,22 +154,21 @@ SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
|
||||||
|
|
||||||
*BufferLength = SdSize;
|
*BufferLength = SdSize;
|
||||||
|
|
||||||
Status = RtlCreateSecurityDescriptor(SecurityDescriptor,
|
Status = RtlCreateSecurityDescriptorRelative(SdRel,
|
||||||
SECURITY_DESCRIPTOR_REVISION);
|
SECURITY_DESCRIPTOR_REVISION);
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
SecurityDescriptor->Control |= SE_SELF_RELATIVE;
|
Current = (ULONG_PTR)(SdRel + 1);
|
||||||
Current = (ULONG_PTR)SecurityDescriptor + sizeof(SECURITY_DESCRIPTOR);
|
|
||||||
|
|
||||||
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
|
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
|
||||||
{
|
{
|
||||||
RtlCopyMemory((PVOID)Current,
|
RtlCopyMemory((PVOID)Current,
|
||||||
SeWorldSid,
|
SeWorldSid,
|
||||||
SidSize);
|
SidSize);
|
||||||
SecurityDescriptor->Owner = (PSID)((ULONG_PTR)Current - (ULONG_PTR)SecurityDescriptor);
|
SdRel->Owner = (DWORD)((ULONG_PTR)Current - (ULONG_PTR)SdRel);
|
||||||
Current += SidSize;
|
Current += SidSize;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -168,18 +177,34 @@ SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
|
||||||
RtlCopyMemory((PVOID)Current,
|
RtlCopyMemory((PVOID)Current,
|
||||||
SeWorldSid,
|
SeWorldSid,
|
||||||
SidSize);
|
SidSize);
|
||||||
SecurityDescriptor->Group = (PSID)((ULONG_PTR)Current - (ULONG_PTR)SecurityDescriptor);
|
SdRel->Group = (DWORD)((ULONG_PTR)Current - (ULONG_PTR)SdRel);
|
||||||
Current += SidSize;
|
Current += SidSize;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (SecurityInformation & DACL_SECURITY_INFORMATION)
|
if (SecurityInformation & DACL_SECURITY_INFORMATION)
|
||||||
{
|
{
|
||||||
SecurityDescriptor->Control |= SE_DACL_PRESENT;
|
PACL Dacl = (PACL)Current;
|
||||||
|
SdRel->Control |= SE_DACL_PRESENT;
|
||||||
|
|
||||||
|
Status = RtlCreateAcl(Dacl,
|
||||||
|
sizeof(ACL) + sizeof(ACE) + SidSize,
|
||||||
|
ACL_REVISION);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
return Status;
|
||||||
|
|
||||||
|
Status = RtlAddAccessAllowedAce(Dacl,
|
||||||
|
ACL_REVISION,
|
||||||
|
GENERIC_ALL,
|
||||||
|
SeWorldSid);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
return Status;
|
||||||
|
|
||||||
|
SdRel->Dacl = (DWORD)((ULONG_PTR)Current - (ULONG_PTR)SdRel);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
||||||
{
|
{
|
||||||
SecurityDescriptor->Control |= SE_SACL_PRESENT;
|
/* FIXME - SdRel->Control |= SE_SACL_PRESENT; */
|
||||||
}
|
}
|
||||||
|
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
|
|
Loading…
Reference in a new issue