Author: pschweitzer
Date: Sun Dec 28 18:31:06 2014
New Revision: 65862
URL: http://svn.reactos.org/svn/reactos?rev=65862&view=rev
Log:
[NTOSKRNL]
- In case of AssignSecurityDescriptor operation in IopGetSetSecurityObject(), put the security descriptor in cache before attempting the assignement
- In IopUnloadDevice(), don't attempt to free the security descriptor, let this to Ob by just derefencing it. Spotted & fixed by Thomas.
This unregresses VMware Tools installation.
CORE-7991
Modified:
trunk/reactos/ntoskrnl/io/iomgr/device.c
trunk/reactos/ntoskrnl/io/iomgr/file.c
Modified: trunk/reactos/ntoskrnl/io/iomgr/device.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/device.c…
==============================================================================
--- trunk/reactos/ntoskrnl/io/iomgr/device.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/device.c [iso-8859-1] Sun Dec 28 18:31:06 2014
@@ -396,8 +396,8 @@
/* Check if we have a Security Descriptor */
if (DeviceObject->SecurityDescriptor)
{
- /* Free it */
- ExFreePoolWithTag(DeviceObject->SecurityDescriptor, TAG_SD);
+ /* Dereference it */
+ ObDereferenceSecurityDescriptor(DeviceObject->SecurityDescriptor, 1);
}
/* Remove the device from the list */
Modified: trunk/reactos/ntoskrnl/io/iomgr/file.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/file.c?r…
==============================================================================
--- trunk/reactos/ntoskrnl/io/iomgr/file.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/file.c [iso-8859-1] Sun Dec 28 18:31:06 2014
@@ -1551,15 +1551,30 @@
}
else if (OperationCode == AssignSecurityDescriptor)
{
+ Status = STATUS_SUCCESS;
+
/* Make absolutely sure this is a device object */
if (!(FileObject) || !(FileObject->Flags & FO_STREAM_FILE))
{
- /* Assign the Security Descriptor */
- DeviceObject->SecurityDescriptor = SecurityDescriptor;
- }
-
- /* Return success */
- return STATUS_SUCCESS;
+ PSECURITY_DESCRIPTOR CachedSecurityDescriptor;
+
+ /* Add the security descriptor in cache */
+ Status = ObLogSecurityDescriptor(SecurityDescriptor, &CachedSecurityDescriptor, 1);
+ if (NT_SUCCESS(Status))
+ {
+ KeEnterCriticalRegion();
+ ExAcquireResourceExclusiveLite(&IopSecurityResource, TRUE);
+
+ /* Assign the Security Descriptor */
+ DeviceObject->SecurityDescriptor = CachedSecurityDescriptor;
+
+ ExReleaseResourceLite(&IopSecurityResource);
+ KeLeaveCriticalRegion();
+ }
+ }
+
+ /* Return status */
+ return Status;
}
else if (OperationCode == SetSecurityDescriptor)
{