Author: tfaber
Date: Wed Jul 30 10:08:30 2014
New Revision: 63779
URL:
http://svn.reactos.org/svn/reactos?rev=63779&view=rev
Log:
[NTOS:CM]
- Improve the hack from r63777 to return an allow-Everyone DACL. Fixes crash in
advapi32:security.
CORE-8383 #resolve
Modified:
trunk/reactos/ntoskrnl/config/cmse.c
Modified: trunk/reactos/ntoskrnl/config/cmse.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmse.c?rev…
==============================================================================
--- trunk/reactos/ntoskrnl/config/cmse.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/config/cmse.c [iso-8859-1] Wed Jul 30 10:08:30 2014
@@ -144,10 +144,14 @@
IN OUT PULONG BufferLength)
{
PISECURITY_DESCRIPTOR_RELATIVE RelSd;
- PUCHAR Current;
ULONG SidSize;
+ ULONG AclSize;
ULONG SdSize;
NTSTATUS Status;
+ SECURITY_DESCRIPTOR_CONTROL Control = 0;
+ ULONG Owner = 0;
+ ULONG Group = 0;
+ ULONG Dacl = 0;
DBG_UNREFERENCED_PARAMETER(KeyBody);
@@ -157,8 +161,33 @@
}
SidSize = RtlLengthSid(SeWorldSid);
- SdSize = sizeof(*RelSd) + 2 * SidSize;
RelSd = SecurityDescriptor;
+ SdSize = sizeof(*RelSd);
+
+ if (SecurityInformation & OWNER_SECURITY_INFORMATION)
+ {
+ Owner = SdSize;
+ SdSize += SidSize;
+ }
+
+ if (SecurityInformation & GROUP_SECURITY_INFORMATION)
+ {
+ Group = SdSize;
+ SdSize += SidSize;
+ }
+
+ if (SecurityInformation & DACL_SECURITY_INFORMATION)
+ {
+ Control |= SE_DACL_PRESENT;
+ Dacl = SdSize;
+ AclSize = sizeof(ACL) + sizeof(ACE) + SidSize;
+ SdSize += AclSize;
+ }
+
+ if (SecurityInformation & SACL_SECURITY_INFORMATION)
+ {
+ Control |= SE_SACL_PRESENT;
+ }
if (*BufferLength < SdSize)
{
@@ -173,36 +202,37 @@
if (!NT_SUCCESS(Status))
return Status;
- Current = (PUCHAR)(RelSd + 1);
- ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize);
-
- if (SecurityInformation & OWNER_SECURITY_INFORMATION)
- {
- RtlCopyMemory(Current, SeWorldSid, SidSize);
- RelSd->Owner = Current - (PUCHAR)RelSd;
- Current += SidSize;
- ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize);
- }
-
- if (SecurityInformation & GROUP_SECURITY_INFORMATION)
- {
- RtlCopyMemory(Current, SeWorldSid, SidSize);
- RelSd->Group = Current - (PUCHAR)RelSd;
- Current += SidSize;
- ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize);
- }
-
- if (SecurityInformation & DACL_SECURITY_INFORMATION)
- {
- RelSd->Control |= SE_DACL_PRESENT;
- }
-
- if (SecurityInformation & SACL_SECURITY_INFORMATION)
- {
- RelSd->Control |= SE_SACL_PRESENT;
- }
-
- return STATUS_SUCCESS;
+ RelSd->Control |= Control;
+ RelSd->Owner = Owner;
+ RelSd->Group = Group;
+ RelSd->Dacl = Dacl;
+
+ if (Owner)
+ RtlCopyMemory((PUCHAR)RelSd + Owner,
+ SeWorldSid,
+ SidSize);
+
+ if (Group)
+ RtlCopyMemory((PUCHAR)RelSd + Group,
+ SeWorldSid,
+ SidSize);
+
+ if (Dacl)
+ {
+ Status = RtlCreateAcl((PACL)((PUCHAR)RelSd + Dacl),
+ AclSize,
+ ACL_REVISION);
+ if (NT_SUCCESS(Status))
+ {
+ Status = RtlAddAccessAllowedAce((PACL)((PUCHAR)RelSd + Dacl),
+ ACL_REVISION,
+ GENERIC_ALL,
+ SeWorldSid);
+ }
+ }
+
+ ASSERT(Status == STATUS_SUCCESS);
+ return Status;
}
NTSTATUS