[ros-diffs] [weiden] 14197: - correctly deny access to handles when rights requested can't be granted

- correctly deny access to handles when rights requested can't be granted - map generic rights correctly - various fixes where handles with inappropriate access rights were created Modified: trunk/reactos/include/ddk/cmtypes.h Modified: trunk/reactos/lib/advapi32/reg/reg.c Modified: trunk/reactos/lib/kernel32/file/dir.c Modified: trunk/reactos/lib/ntdll/ldr/utils.c Modified: trunk/reactos/lib/ntdll/rtl/path.c Modified: trunk/reactos/lib/syssetup/wizard.c Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c Modified: trunk/reactos/ntoskrnl/cm/registry.c Modified: trunk/reactos/ntoskrnl/io/create.c Modified: trunk/reactos/ntoskrnl/io/device.c Modified: trunk/reactos/ntoskrnl/io/driver.c Modified: trunk/reactos/ntoskrnl/io/file.c Modified: trunk/reactos/ntoskrnl/io/iomgr.c Modified: trunk/reactos/ntoskrnl/io/vpb.c Modified: trunk/reactos/ntoskrnl/ke/i386/exp.c Modified: trunk/reactos/ntoskrnl/ldr/sysdll.c Modified: trunk/reactos/ntoskrnl/ob/handle.c Modified: trunk/reactos/ntoskrnl/ob/object.c Modified: trunk/reactos/ntoskrnl/se/token.c Modified: trunk/reactos/subsys/smss/initwkdll.c Modified: trunk/reactos/subsys/system/services/database.c Modified: trunk/reactos/subsys/system/winlogon/setup.c _____ Modified: trunk/reactos/include/ddk/cmtypes.h --- trunk/reactos/include/ddk/cmtypes.h 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/include/ddk/cmtypes.h 2005-03-19 19:13:01 UTC (rev 14197) @@ -10,7 +10,10 @@ { KeyBasicInformation, KeyNodeInformation, - KeyFullInformation + KeyFullInformation, + KeyNameInformation, + KeyCachedInformation, + KeyFlagsInformation } KEY_INFORMATION_CLASS; typedef struct _KEY_BASIC_INFORMATION _____ Modified: trunk/reactos/lib/advapi32/reg/reg.c --- trunk/reactos/lib/advapi32/reg/reg.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/lib/advapi32/reg/reg.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -222,7 +222,7 @@ NULL, NULL); return NtOpenKey (KeyHandle, - KEY_ALL_ACCESS, + MAXIMUM_ALLOWED, &Attributes); } _____ Modified: trunk/reactos/lib/kernel32/file/dir.c --- trunk/reactos/lib/kernel32/file/dir.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/lib/kernel32/file/dir.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -221,7 +221,7 @@ DPRINT("NtPathU '%S'\n", NtPathU.Buffer); Status = NtCreateFile (&DirectoryHandle, - FILE_WRITE_ATTRIBUTES, /* 0x110080 */ + DELETE, &ObjectAttributes, &IoStatusBlock, NULL, _____ Modified: trunk/reactos/lib/ntdll/ldr/utils.c --- trunk/reactos/lib/ntdll/ldr/utils.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/lib/ntdll/ldr/utils.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -682,7 +682,7 @@ SECTION_ALL_ACCESS, NULL, NULL, - PAGE_READWRITE, + PAGE_READONLY, SEC_COMMIT | (MapAsDataFile ? 0 : SEC_IMAGE), FileHandle); NtClose(FileHandle); @@ -2048,7 +2048,7 @@ &ViewSize, 0, MEM_COMMIT, - PAGE_READWRITE); + PAGE_READONLY); if (!NT_SUCCESS(Status)) { DPRINT1("map view of section failed (Status %x)\n", Status); @@ -2875,10 +2875,10 @@ DPRINT ("LdrVerifyImageMatchesChecksum() called\n"); Status = NtCreateSection (&SectionHandle, - SECTION_MAP_EXECUTE, + SECTION_MAP_READ, NULL, NULL, - PAGE_EXECUTE, + PAGE_READONLY, SEC_COMMIT, FileHandle); if (!NT_SUCCESS(Status)) @@ -2898,7 +2898,7 @@ &ViewSize, ViewShare, 0, - PAGE_EXECUTE); + PAGE_READONLY); if (!NT_SUCCESS(Status)) { DPRINT1 ("NtMapViewOfSection() failed (Status %lx)\n", Status); _____ Modified: trunk/reactos/lib/ntdll/rtl/path.c --- trunk/reactos/lib/ntdll/rtl/path.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/lib/ntdll/rtl/path.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -290,8 +290,8 @@ } /* don't keep the directory handle open on removable media */ - if (!NtQueryVolumeInformationFile( handle, &iosb, &device_info, - sizeof(device_info), FileFsDeviceInformation ) && + if (NT_SUCCESS(NtQueryVolumeInformationFile( handle, &iosb, &device_info, + sizeof(device_info), FileFsDeviceInformation )) && (device_info.Characteristics & FILE_REMOVABLE_MEDIA)) { DPRINT1("don't keep the directory handle open on removable media\n"); _____ Modified: trunk/reactos/lib/syssetup/wizard.c --- trunk/reactos/lib/syssetup/wizard.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/lib/syssetup/wizard.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -1133,7 +1133,7 @@ */ if(OpenProcessToken(GetCurrentProcess(), - TOKEN_ADJUST_PRIVILEGES, + TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { priv.PrivilegeCount = 1; _____ Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c --- trunk/reactos/ntoskrnl/cm/ntfunc.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/cm/ntfunc.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -460,9 +460,12 @@ PKEY_FULL_INFORMATION FullInformation; PDATA_CELL ClassCell; ULONG NameSize, ClassSize; + KPROCESSOR_MODE PreviousMode; NTSTATUS Status; PAGED_CODE(); + + PreviousMode = ExGetPreviousMode(); DPRINT("KH %x I %d KIC %x KI %x L %d RL %x\n", KeyHandle, @@ -476,7 +479,7 @@ Status = ObReferenceObjectByHandle(KeyHandle, KEY_ENUMERATE_SUB_KEYS, CmiKeyType, - UserMode, + PreviousMode, (PVOID *) &KeyObject, NULL); if (!NT_SUCCESS(Status)) @@ -1056,7 +1059,7 @@ /* Verify that the handle is valid and is a registry key */ Status = ObReferenceObjectByHandle(KeyHandle, - KEY_QUERY_VALUE, + 0, CmiKeyType, PreviousMode, (PVOID *)&KeyObject, @@ -1218,7 +1221,7 @@ /* Verify that the handle is valid and is a registry key */ Status = ObReferenceObjectByHandle(KeyHandle, - KEY_READ, + (KeyInformationClass != KeyNameInformation ? KEY_QUERY_VALUE : 0), CmiKeyType, UserMode, (PVOID *) &KeyObject, @@ -1377,6 +1380,13 @@ } break; + case KeyNameInformation: + case KeyCachedInformation: + case KeyFlagsInformation: + DPRINT1("Key information class 0x%x not yet implemented!\n", KeyInformationClass); + Status = STATUS_NOT_IMPLEMENTED; + break; + default: DPRINT1("Not handling 0x%x\n", KeyInformationClass); Status = STATUS_INVALID_INFO_CLASS; @@ -1658,14 +1668,12 @@ KeyHandle, ValueName, Type); DesiredAccess = KEY_SET_VALUE; - if (Type == REG_LINK) - DesiredAccess |= KEY_CREATE_LINK; /* Verify that the handle is valid and is a registry key */ Status = ObReferenceObjectByHandle(KeyHandle, DesiredAccess, CmiKeyType, - UserMode, + ExGetPreviousMode(), (PVOID *)&KeyObject, NULL); if (!NT_SUCCESS(Status)) _____ Modified: trunk/reactos/ntoskrnl/cm/registry.c --- trunk/reactos/ntoskrnl/cm/registry.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/cm/registry.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -423,7 +423,7 @@ ASSERT(NT_SUCCESS(Status)); Status = ObInsertObject(RootKey, NULL, - STANDARD_RIGHTS_REQUIRED, + KEY_ALL_ACCESS, 0, NULL, &RootKeyHandle); @@ -462,7 +462,7 @@ RootKeyHandle, NULL); Status = ZwCreateKey(&KeyHandle, - STANDARD_RIGHTS_REQUIRED, + KEY_ALL_ACCESS, &ObjectAttributes, 0, NULL, @@ -479,7 +479,7 @@ RootKeyHandle, NULL); Status = ZwCreateKey(&KeyHandle, - STANDARD_RIGHTS_REQUIRED, + KEY_ALL_ACCESS, &ObjectAttributes, 0, NULL, _____ Modified: trunk/reactos/ntoskrnl/io/create.c --- trunk/reactos/ntoskrnl/io/create.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/io/create.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -448,9 +448,6 @@ return Status; } - RtlMapGenericMask(&DesiredAccess, - BODY_TO_HEADER(FileObject)->ObjectType->Mapping); - Status = ObInsertObject ((PVOID)FileObject, NULL, DesiredAccess, _____ Modified: trunk/reactos/ntoskrnl/io/device.c --- trunk/reactos/ntoskrnl/io/device.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/io/device.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -349,7 +349,10 @@ FILE_NON_DIRECTORY_FILE); if (!NT_SUCCESS(Status)) + { + DPRINT1("NtOpenFile failed, Status: 0x%x\n", Status); return Status; + } Status = ObReferenceObjectByHandle( FileHandle, _____ Modified: trunk/reactos/ntoskrnl/io/driver.c --- trunk/reactos/ntoskrnl/io/driver.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/io/driver.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -960,7 +960,7 @@ NULL); Status = ZwOpenKey(&KeyHandle, - 0x10001, + KEY_ENUMERATE_SUB_KEYS, &ObjectAttributes); if (!NT_SUCCESS(Status)) { _____ Modified: trunk/reactos/ntoskrnl/io/file.c --- trunk/reactos/ntoskrnl/io/file.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/io/file.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -50,7 +50,7 @@ PreviousMode = ExGetPreviousMode(); Status = ObReferenceObjectByHandle(FileHandle, - FILE_READ_ATTRIBUTES, + 0, /* FIXME - access depends on the information class! */ IoFileObjectType, PreviousMode, (PVOID *)&FileObject, @@ -402,7 +402,7 @@ /* Get the file object from the file handle */ Status = ObReferenceObjectByHandle(FileHandle, - FILE_WRITE_ATTRIBUTES, + 0, /* FIXME - depends on the information class */ IoFileObjectType, PreviousMode, (PVOID *)&FileObject, _____ Modified: trunk/reactos/ntoskrnl/io/iomgr.c --- trunk/reactos/ntoskrnl/io/iomgr.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/io/iomgr.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -34,9 +34,9 @@ ULONGLONG IoOtherTransferCount = 0; KSPIN_LOCK EXPORTED IoStatisticsLock = 0; -static GENERIC_MAPPING IopFileMapping = {FILE_GENERIC_READ, - FILE_GENERIC_WRITE, - FILE_GENERIC_EXECUTE, +static GENERIC_MAPPING IopFileMapping = {STANDARD_RIGHTS_READ | SYNCHRONIZE | FILE_READ_DATA | FILE_READ_PROPERTIES, + STANDARD_RIGHTS_WRITE | SYNCHRONIZE | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_WRITE_PROPERTIES, + STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE | FILE_EXECUTE | FILE_READ_ATTRIBUTES, FILE_ALL_ACCESS}; /* FUNCTIONS ****************************************************************/ _____ Modified: trunk/reactos/ntoskrnl/io/vpb.c --- trunk/reactos/ntoskrnl/io/vpb.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/io/vpb.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -107,7 +107,7 @@ PreviousMode = ExGetPreviousMode(); Status = ObReferenceObjectByHandle(FileHandle, - FILE_READ_ATTRIBUTES, + 0, /* FIXME - depends on the information class! */ IoFileObjectType, PreviousMode, (PVOID*)&FileObject, _____ Modified: trunk/reactos/ntoskrnl/ke/i386/exp.c --- trunk/reactos/ntoskrnl/ke/i386/exp.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/ke/i386/exp.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -1,9 +1,9 @@ -/* +/* * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel * FILE: ntoskrnl/ke/i386/exp.c * PURPOSE: Handling exceptions - * + * * PROGRAMMERS: David Welch (welch(a)cwcom.net) * Skywing (skywing(a)valhallalegends.com) */ @@ -120,24 +120,31 @@ MODULE_TEXT_SECTION* current; extern LIST_ENTRY ModuleTextListHead; ULONG_PTR RelativeAddress; + ULONG i = 0; - current_entry = ModuleTextListHead.Flink; + do + { + current_entry = ModuleTextListHead.Flink; - while (current_entry != &ModuleTextListHead && - current_entry != NULL) - { - current = - CONTAINING_RECORD(current_entry, MODULE_TEXT_SECTION, ListEntry); + while (current_entry != &ModuleTextListHead && + current_entry != NULL) + { + current = + CONTAINING_RECORD(current_entry, MODULE_TEXT_SECTION, ListEntry); - if (address >= (PVOID)current->Base && - address < (PVOID)(current->Base + current->Length)) - { - RelativeAddress = (ULONG_PTR) address - current->Base; - DbgPrint("<%ws: %x>", current->Name, RelativeAddress); - return(TRUE); - } - current_entry = current_entry->Flink; - } + if (address >= (PVOID)current->Base && + address < (PVOID)(current->Base + current->Length)) + { + RelativeAddress = (ULONG_PTR) address - current->Base; + DbgPrint("<%ws: %x>", current->Name, RelativeAddress); + return(TRUE); + } + current_entry = current_entry->Flink; + } + + address = (PVOID)((ULONG_PTR)address & ~0xC0000000); + } while(++i <= 1); + return(FALSE); } #endif /* KDBG */ @@ -511,9 +518,9 @@ if (ExceptionNr == 15) { - /* + /* * FIXME: - * This exception should never occur. The P6 has a bug, which does sometimes deliver + * This exception should never occur. The P6 has a bug, which does sometimes deliver * the apic spurious interrupt as exception 15. On an athlon64, I get one exception * in the early boot phase in apic mode (using the smp build). I've looked to the linux * sources. Linux does ignore this exception. @@ -941,7 +948,7 @@ } _SEH_HANDLE { return(ExceptionCode); } _SEH_END; - + OldEip = Thread->TrapFrame->Eip; Thread->TrapFrame->Eip = (ULONG_PTR)LdrpGetSystemDllRaiseExceptionDispatcher(); return((NTSTATUS)OldEip); @@ -972,7 +979,7 @@ /* Restore the user context */ Thread->TrapFrame = PrevTrapFrame; __asm__("mov %%ebx, %%esp;\n" "jmp _KiServiceExit": : "b" (TrapFrame)); - + /* We never get here */ return(STATUS_SUCCESS); } _____ Modified: trunk/reactos/ntoskrnl/ldr/sysdll.c --- trunk/reactos/ntoskrnl/ldr/sysdll.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/ldr/sysdll.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -144,7 +144,7 @@ SECTION_ALL_ACCESS, NULL, NULL, - PAGE_READWRITE, + PAGE_READONLY, SEC_IMAGE | SEC_COMMIT, FileHandle); if (!NT_SUCCESS(Status)) _____ Modified: trunk/reactos/ntoskrnl/ob/handle.c --- trunk/reactos/ntoskrnl/ob/handle.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/ob/handle.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -40,6 +40,8 @@ ~(EX_HANDLE_ENTRY_PROTECTFROMCLOSE | EX_HANDLE_ENTRY_INHERITABLE | \ EX_HANDLE_ENTRY_AUDITONCLOSE))) +#define GENERIC_ANY (GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL) + /* FUNCTIONS ***************************************************************/ VOID @@ -548,7 +550,19 @@ ObjectHeader = BODY_TO_HEADER(ObjectBody); ASSERT((ULONG_PTR)ObjectHeader & EX_HANDLE_ENTRY_LOCKED); + + if (GrantedAccess & MAXIMUM_ALLOWED) + { + GrantedAccess &= ~MAXIMUM_ALLOWED; + GrantedAccess |= GENERIC_ALL; + } + if (GrantedAccess & GENERIC_ANY) + { + RtlMapGenericMask(&GrantedAccess, + ObjectHeader->ObjectType->Mapping); + } + NewEntry.u1.Object = ObjectHeader; if(Inherit) NewEntry.u1.ObAttributes |= EX_HANDLE_ENTRY_INHERITABLE; @@ -644,7 +658,6 @@ POBJECT_HEADER ObjectHeader; PVOID ObjectBody; ACCESS_MASK GrantedAccess; - PGENERIC_MAPPING GenericMapping; ULONG Attributes; NTSTATUS Status; LONG ExHandle = HANDLE_TO_EX_HANDLE(Handle); @@ -714,6 +727,13 @@ return(STATUS_OBJECT_TYPE_MISMATCH); } + /* desire as much access rights as possible */ + if (DesiredAccess & MAXIMUM_ALLOWED) + { + DesiredAccess &= ~MAXIMUM_ALLOWED; + DesiredAccess |= GENERIC_ALL; + } + KeEnterCriticalRegion(); HandleEntry = ExMapHandleToPointer(PsGetCurrentProcess()->ObjectTable, @@ -729,48 +749,53 @@ ObjectBody = HEADER_TO_BODY(ObjectHeader); DPRINT("locked1: ObjectHeader: 0x%x [HT:0x%x]\n", ObjectHeader, PsGetCurrentProcess()->ObjectTable); - - ObReferenceObjectByPointer(ObjectBody, - 0, - NULL, - UserMode); - Attributes = HandleEntry->u1.ObAttributes & (EX_HANDLE_ENTRY_PROTECTFROMCLOSE | - EX_HANDLE_ENTRY_INHERITABLE | - EX_HANDLE_ENTRY_AUDITONCLOSE); - GrantedAccess = HandleEntry->u2.GrantedAccess; - GenericMapping = ObjectHeader->ObjectType->Mapping; - + if (ObjectType != NULL && ObjectType != ObjectHeader->ObjectType) { DPRINT("ObjectType mismatch: %wZ vs %wZ (handle 0x%x)\n", &ObjectType->TypeName, ObjectHeader->ObjectType ? &ObjectHeader->ObjectType->TypeName : NULL, Handle); - + ExUnlockHandleTableEntry(PsGetCurrentProcess()->ObjectTable, HandleEntry); KeLeaveCriticalRegion(); - ObDereferenceObject(ObjectBody); - + return(STATUS_OBJECT_TYPE_MISMATCH); } - ExUnlockHandleTableEntry(PsGetCurrentProcess()->ObjectTable, - HandleEntry); + /* map the generic access masks if the caller asks for generic access */ + if (DesiredAccess & GENERIC_ANY) + { + RtlMapGenericMask(&DesiredAccess, + BODY_TO_HEADER(ObjectBody)->ObjectType->Mapping); + } - KeLeaveCriticalRegion(); + GrantedAccess = HandleEntry->u2.GrantedAccess; - if (DesiredAccess && AccessMode != KernelMode) + /* Unless running as KernelMode, deny access if caller desires more access + rights than the handle can grant */ + if(AccessMode != KernelMode && (~GrantedAccess & DesiredAccess)) { - RtlMapGenericMask(&DesiredAccess, GenericMapping); + ExUnlockHandleTableEntry(PsGetCurrentProcess()->ObjectTable, + HandleEntry); - if (!(GrantedAccess & DesiredAccess) && - !((~GrantedAccess) & DesiredAccess)) - { - ObDereferenceObject(ObjectBody); - CHECKPOINT; - return(STATUS_ACCESS_DENIED); - } + KeLeaveCriticalRegion(); + + return(STATUS_ACCESS_DENIED); } + ObReferenceObjectByPointer(ObjectBody, + 0, + NULL, + UserMode); + Attributes = HandleEntry->u1.ObAttributes & (EX_HANDLE_ENTRY_PROTECTFROMCLOSE | + EX_HANDLE_ENTRY_INHERITABLE | + EX_HANDLE_ENTRY_AUDITONCLOSE); + + ExUnlockHandleTableEntry(PsGetCurrentProcess()->ObjectTable, + HandleEntry); + + KeLeaveCriticalRegion(); + if (HandleInformation != NULL) { HandleInformation->HandleAttributes = Attributes; @@ -838,9 +863,6 @@ Access = DesiredAccess; ObjectHeader = BODY_TO_HEADER(Object); - RtlMapGenericMask(&Access, - ObjectHeader->ObjectType->Mapping); - return(ObCreateHandle(PsGetCurrentProcess(), Object, Access, _____ Modified: trunk/reactos/ntoskrnl/ob/object.c --- trunk/reactos/ntoskrnl/ob/object.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/ob/object.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -412,7 +412,7 @@ else { Status = ObReferenceObjectByHandle(ObjectAttributes->RootDirectory, - DIRECTORY_TRAVERSE, + 0, NULL, UserMode, &CurrentObject, _____ Modified: trunk/reactos/ntoskrnl/se/token.c --- trunk/reactos/ntoskrnl/se/token.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/ntoskrnl/se/token.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -1663,7 +1663,7 @@ // &Length); Status = ObReferenceObjectByHandle (TokenHandle, - TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, + TOKEN_ADJUST_PRIVILEGES | (PreviousState != NULL ? TOKEN_QUERY : 0), SepTokenObjectType, PreviousMode, (PVOID*)&Token, _____ Modified: trunk/reactos/subsys/smss/initwkdll.c --- trunk/reactos/subsys/smss/initwkdll.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/subsys/smss/initwkdll.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -60,7 +60,7 @@ (HANDLE)Context, NULL); Status = NtOpenFile(&FileHandle, - SYNCHRONIZE | FILE_EXECUTE, + SYNCHRONIZE | FILE_EXECUTE | FILE_READ_DATA, &ObjectAttributes, &IoStatusBlock, FILE_SHARE_READ, _____ Modified: trunk/reactos/subsys/system/services/database.c --- trunk/reactos/subsys/system/services/database.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/subsys/system/services/database.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -327,7 +327,7 @@ NULL); Status = RtlpNtOpenKey(&ServicesKey, - 0x10001, + KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS, &ObjectAttributes, 0); if (!NT_SUCCESS(Status)) _____ Modified: trunk/reactos/subsys/system/winlogon/setup.c --- trunk/reactos/subsys/system/winlogon/setup.c 2005-03-19 18:31:14 UTC (rev 14196) +++ trunk/reactos/subsys/system/winlogon/setup.c 2005-03-19 19:13:01 UTC (rev 14197) @@ -84,7 +84,7 @@ dwError = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"SYSTEM\\Setup", //TEXT("SYSTEM\\Setup"), 0, - KEY_QUERY_VALUE, + KEY_SET_VALUE, &hKey); if (dwError != ERROR_SUCCESS) {