- Add security function for file and registry key objects.

- Implement ObAssignSecurity(). svn path=/trunk/; revision=10253
2025-02-24 09:25:10 +00:00 · 2004-07-22 18:38:08 +00:00 · 2004-07-22 18:38:08 +00:00 · ec5f846d4c
commit ec5f846d4c
parent b6e1dfaded
4 changed files with 102 additions and 12 deletions
--- a/reactos/ntoskrnl/cm/regobj.c
+++ b/reactos/ntoskrnl/cm/regobj.c
@ -327,9 +327,28 @@ CmiObjectSecurity(PVOID ObjectBody,
 		  PSECURITY_DESCRIPTOR SecurityDescriptor,
 		  PULONG BufferLength)
 {
-  DPRINT1 ("CmiObjectSecurity() called\n");
+  DPRINT("CmiObjectSecurity() called\n");

-  return STATUS_SUCCESS;
+  switch (OperationCode)
+    {
+      case SetSecurityDescriptor:
+        DPRINT("Set security descriptor\n");
+        return STATUS_SUCCESS;
+
+      case QuerySecurityDescriptor:
+        DPRINT("Query security descriptor\n");
+        return STATUS_UNSUCCESSFUL;
+
+      case DeleteSecurityDescriptor:
+        DPRINT("Delete security descriptor\n");
+        return STATUS_SUCCESS;
+
+      case AssignSecurityDescriptor:
+        DPRINT("Assign security descriptor\n");
+        return STATUS_SUCCESS;
+    }
+
+  return STATUS_UNSUCCESSFUL;
 }


--- a/reactos/ntoskrnl/io/iomgr.c
+++ b/reactos/ntoskrnl/io/iomgr.c
@ -1,4 +1,4 @@
-/* $Id: iomgr.c,v 1.48 2004/05/09 15:02:07 hbirr Exp $
+/* $Id: iomgr.c,v 1.49 2004/07/22 18:36:35 ekohl Exp $
 *
 * COPYRIGHT:            See COPYING in the top level directory
 * PROJECT:              ReactOS kernel
@ -138,6 +138,38 @@ IopDeleteFile(PVOID ObjectBody)
 }


+NTSTATUS STDCALL
+IopSecurityFile(PVOID ObjectBody,
+		SECURITY_OPERATION_CODE OperationCode,
+		SECURITY_INFORMATION SecurityInformation,
+		PSECURITY_DESCRIPTOR SecurityDescriptor,
+		PULONG BufferLength)
+{
+  DPRINT("IopSecurityFile() called\n");
+
+  switch (OperationCode)
+    {
+      case SetSecurityDescriptor:
+	DPRINT("Set security descriptor\n");
+	return STATUS_SUCCESS;
+
+      case QuerySecurityDescriptor:
+	DPRINT("Query security descriptor\n");
+	return STATUS_UNSUCCESSFUL;
+
+      case DeleteSecurityDescriptor:
+	DPRINT("Delete security descriptor\n");
+	return STATUS_SUCCESS;
+
+      case AssignSecurityDescriptor:
+	DPRINT("Assign security descriptor\n");
+	return STATUS_SUCCESS;
+    }
+
+  return STATUS_UNSUCCESSFUL;
+}
+
+
 NTSTATUS STDCALL
 IopQueryNameFile(PVOID ObjectBody,
 		 POBJECT_NAME_INFORMATION ObjectNameInfo,
@ -261,7 +293,7 @@ IoInit (VOID)
  IoFileObjectType->Close = IopCloseFile;
  IoFileObjectType->Delete = IopDeleteFile;
  IoFileObjectType->Parse = NULL;
-  IoFileObjectType->Security = NULL;
+  IoFileObjectType->Security = IopSecurityFile;
  IoFileObjectType->QueryName = IopQueryNameFile;
  IoFileObjectType->OkayToClose = NULL;
  IoFileObjectType->Create = IopCreateFile;
--- a/reactos/ntoskrnl/ob/object.c
+++ b/reactos/ntoskrnl/ob/object.c
@ -1,4 +1,4 @@
-/* $Id: object.c,v 1.80 2004/07/19 12:48:59 ekohl Exp $
+/* $Id: object.c,v 1.81 2004/07/22 18:38:08 ekohl Exp $
 * 
 * COPYRIGHT:     See COPYING in the top level directory
 * PROJECT:       ReactOS kernel
@ -372,7 +372,7 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
      if (!NT_SUCCESS(Status))
 	{
 	  DPRINT("ObFindObject() failed! (Status 0x%x)\n", Status);
-	  return(Status);
+	  return Status;
 	}
    }
  else
@ -453,7 +453,7 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
 	  RtlFreeUnicodeString(&Header->Name);
 	  RtlFreeUnicodeString(&RemainingPath);
 	  ExFreePool(Header);
-	  return(Status);
+	  return Status;
 	}
    }
  RtlFreeUnicodeString(&RemainingPath);
@ -474,8 +474,15 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,

      if (Header->ObjectType->Security != NULL)
 	{
-	  /* FIXME: Call the security method */
+	  /* Call the security method */
+	  Status = Header->ObjectType->Security(HEADER_TO_BODY(Header),
+						AssignSecurityDescriptor,
+						0,
+						NewSecurityDescriptor,
+						NULL);
+#if 0
 	  Status = STATUS_SUCCESS;
+#endif
 	}
      else
 	{
@ -496,7 +503,7 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
      *Object = HEADER_TO_BODY(Header);
    }

-  return(STATUS_SUCCESS);
+  return STATUS_SUCCESS;
 }


--- a/reactos/ntoskrnl/ob/security.c
+++ b/reactos/ntoskrnl/ob/security.c
@ -18,7 +18,7 @@
 /* FUNCTIONS ***************************************************************/

 /*
- * @unimplemented
+ * @implemented
 */
 NTSTATUS STDCALL
 ObAssignSecurity(IN PACCESS_STATE AccessState,
@ -26,8 +26,40 @@ ObAssignSecurity(IN PACCESS_STATE AccessState,
 		 IN PVOID Object,
 		 IN POBJECT_TYPE Type)
 {
-  UNIMPLEMENTED;
-  return(STATUS_NOT_IMPLEMENTED);
+  PSECURITY_DESCRIPTOR NewDescriptor;
+  NTSTATUS Status;
+
+  /* Build the new security descriptor */
+  Status = SeAssignSecurity(SecurityDescriptor,
+			    AccessState->SecurityDescriptor,
+			    &NewDescriptor,
+			    (Type == ObDirectoryType),
+			    &AccessState->SubjectSecurityContext,
+			    Type->Mapping,
+			    PagedPool);
+  if (!NT_SUCCESS(Status))
+    return Status;
+
+  if (Type->Security != NULL)
+    {
+      /* Call the security method */
+      Status = Type->Security(Object,
+			      AssignSecurityDescriptor,
+			      0,
+			      NewDescriptor,
+			      NULL);
+    }
+  else
+    {
+      /* Assign the security descriptor to the object header */
+      Status = ObpAddSecurityDescriptor(NewDescriptor,
+					&(BODY_TO_HEADER(Object)->SecurityDescriptor));
+    }
+
+  /* Release the new security descriptor */
+  SeDeassignSecurity(&NewDescriptor);
+
+  return Status;
 }