[ros-diffs] [reactos] 01/01: [NTOSKRNL] Disable LUID mapping until it's properly implemented

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=7898b2eaa365b72cfb001… commit 7898b2eaa365b72cfb00186b165cff13d2990b40 Author: Pierre Schweitzer <pierre(a)reactos.org> AuthorDate: Sat Jun 1 14:40:24 2019 +0200 Commit: Pierre Schweitzer <pierre(a)reactos.org> CommitDate: Sat Jun 1 14:40:54 2019 +0200 [NTOSKRNL] Disable LUID mapping until it's properly implemented --- boot/bootdata/hivesys.inf | 1 + ntoskrnl/config/cmdata.c | 2 +- ntoskrnl/include/internal/ob.h | 1 + ntoskrnl/ob/obname.c | 10 ++++++++++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/boot/bootdata/hivesys.inf b/boot/bootdata/hivesys.inf index 0f2fc9369eb..d1e1f7d4d59 100644 --- a/boot/bootdata/hivesys.inf +++ b/boot/bootdata/hivesys.inf @@ -1445,6 +1445,7 @@ HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","ObjectDirectories",0x00 "\Windows", \ "\RPC Control" HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","ProtectionMode", 0x00010003, 0x00000001 +HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","LUIDDeviceMapsDisabled", 0x00010003, 0x00000001 ; DOS devices HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices","AUX",0x00000002,"\DosDevices\COM1" diff --git a/ntoskrnl/config/cmdata.c b/ntoskrnl/config/cmdata.c index 816dfd28c91..7a2c6af6c55 100644 --- a/ntoskrnl/config/cmdata.c +++ b/ntoskrnl/config/cmdata.c @@ -157,7 +157,7 @@ INIT_SECTION CM_SYSTEM_CONTROL_VECTOR CmControlVector[] = { L"Session Manager", L"LUIDDeviceMapsDisabled", - &DummyData, + &ObpLUIDDeviceMapsDisabled, NULL, NULL }, diff --git a/ntoskrnl/include/internal/ob.h b/ntoskrnl/include/internal/ob.h index b2d7037d9dc..ddbfeb42d92 100644 --- a/ntoskrnl/include/internal/ob.h +++ b/ntoskrnl/include/internal/ob.h @@ -620,6 +620,7 @@ extern WCHAR ObpUnsecureGlobalNamesBuffer[128]; extern ULONG ObpUnsecureGlobalNamesLength; extern ULONG ObpObjectSecurityMode; extern ULONG ObpProtectionMode; +extern ULONG ObpLUIDDeviceMapsDisabled; // // Inlined Functions diff --git a/ntoskrnl/ob/obname.c b/ntoskrnl/ob/obname.c index d76ed10a919..f05a06805d0 100644 --- a/ntoskrnl/ob/obname.c +++ b/ntoskrnl/ob/obname.c @@ -32,6 +32,9 @@ UNICODE_STRING ObpDosDevicesShortName = WCHAR ObpUnsecureGlobalNamesBuffer[128] = {0}; ULONG ObpUnsecureGlobalNamesLength = sizeof(ObpUnsecureGlobalNamesBuffer); +ULONG ObpLUIDDeviceMapsDisabled; +ULONG ObpLUIDDeviceMapsEnabled; + /* PRIVATE FUNCTIONS *********************************************************/ INIT_FUNCTION @@ -182,6 +185,13 @@ ObpCreateDosDevicesDirectory(VOID) SECURITY_DESCRIPTOR DosDevicesSD; NTSTATUS Status; + /* + * Enable LUID mappings only if not explicitely disabled + * and if protection mode is set + */ + if (ObpProtectionMode == 0 || ObpLUIDDeviceMapsDisabled != 0) + ObpLUIDDeviceMapsEnabled = 0; + /* Create a custom security descriptor for the global DosDevices directory */ Status = ObpGetDosDevicesProtection(&DosDevicesSD); if (!NT_SUCCESS(Status))