https://git.reactos.org/?p=reactos.git;a=commitdiff;h=1b42731dca0df26788dd2…
commit 1b42731dca0df26788dd20cb709c216dbc422dc9
Author: Pierre Schweitzer <pierre(a)reactos.org>
AuthorDate: Sat Jun 1 13:51:40 2019 +0200
Commit: Pierre Schweitzer <pierre(a)reactos.org>
CommitDate: Sat Jun 1 13:51:40 2019 +0200
[NTOSKRNL] Add a few ASSERTs to ObpGetDosDevicesProtection for DBG builds
---
ntoskrnl/ob/obname.c | 118 ++++++++++++++++++++++++++++-----------------------
1 file changed, 66 insertions(+), 52 deletions(-)
diff --git a/ntoskrnl/ob/obname.c b/ntoskrnl/ob/obname.c
index 866ac748d84..d76ed10a919 100644
--- a/ntoskrnl/ob/obname.c
+++ b/ntoskrnl/ob/obname.c
@@ -41,9 +41,11 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR
SecurityDescriptor)
{
PACL Dacl;
ULONG AclSize;
+ NTSTATUS Status;
/* Initialize the SD */
- RtlCreateSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
+ Status = RtlCreateSecurityDescriptor(SecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION);
+ ASSERT(NT_SUCCESS(Status));
if (ObpProtectionMode & 1)
{
@@ -63,42 +65,49 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR
SecurityDescriptor)
}
/* Initialize the DACL */
- RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
+ Status = RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
+ ASSERT(NT_SUCCESS(Status));
/* Add the ACEs */
- RtlAddAccessAllowedAce(Dacl,
- ACL_REVISION,
- GENERIC_READ | GENERIC_EXECUTE,
- SeWorldSid);
-
- RtlAddAccessAllowedAce(Dacl,
- ACL_REVISION,
- GENERIC_ALL,
- SeLocalSystemSid);
-
- RtlAddAccessAllowedAceEx(Dacl,
- ACL_REVISION,
- INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE,
- GENERIC_EXECUTE,
- SeWorldSid);
-
- RtlAddAccessAllowedAceEx(Dacl,
- ACL_REVISION,
- INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE,
- GENERIC_ALL,
- SeAliasAdminsSid);
-
- RtlAddAccessAllowedAceEx(Dacl,
- ACL_REVISION,
- INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE,
- GENERIC_ALL,
- SeLocalSystemSid);
-
- RtlAddAccessAllowedAceEx(Dacl,
- ACL_REVISION,
- INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE,
- GENERIC_ALL,
- SeCreatorOwnerSid);
+ Status = RtlAddAccessAllowedAce(Dacl,
+ ACL_REVISION,
+ GENERIC_READ | GENERIC_EXECUTE,
+ SeWorldSid);
+ ASSERT(NT_SUCCESS(Status));
+
+ Status = RtlAddAccessAllowedAce(Dacl,
+ ACL_REVISION,
+ GENERIC_ALL,
+ SeLocalSystemSid);
+ ASSERT(NT_SUCCESS(Status));
+
+ Status = RtlAddAccessAllowedAceEx(Dacl,
+ ACL_REVISION,
+ INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE,
+ GENERIC_EXECUTE,
+ SeWorldSid);
+ ASSERT(NT_SUCCESS(Status));
+
+ Status = RtlAddAccessAllowedAceEx(Dacl,
+ ACL_REVISION,
+ INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE,
+ GENERIC_ALL,
+ SeAliasAdminsSid);
+ ASSERT(NT_SUCCESS(Status));
+
+ Status = RtlAddAccessAllowedAceEx(Dacl,
+ ACL_REVISION,
+ INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE,
+ GENERIC_ALL,
+ SeLocalSystemSid);
+ ASSERT(NT_SUCCESS(Status));
+
+ Status = RtlAddAccessAllowedAceEx(Dacl,
+ ACL_REVISION,
+ INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE,
+ GENERIC_ALL,
+ SeCreatorOwnerSid);
+ ASSERT(NT_SUCCESS(Status));
}
else
{
@@ -115,28 +124,33 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR
SecurityDescriptor)
}
/* Initialize the DACL */
- RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
+ Status = RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
+ ASSERT(NT_SUCCESS(Status));
/* Add the ACEs */
- RtlAddAccessAllowedAce(Dacl,
- ACL_REVISION,
- GENERIC_READ | GENERIC_EXECUTE | GENERIC_WRITE,
- SeWorldSid);
-
- RtlAddAccessAllowedAce(Dacl,
- ACL_REVISION,
- GENERIC_ALL,
- SeLocalSystemSid);
-
- RtlAddAccessAllowedAceEx(Dacl,
- ACL_REVISION,
- INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE,
- GENERIC_ALL,
- SeWorldSid);
+ Status = RtlAddAccessAllowedAce(Dacl,
+ ACL_REVISION,
+ GENERIC_READ | GENERIC_EXECUTE | GENERIC_WRITE,
+ SeWorldSid);
+ ASSERT(NT_SUCCESS(Status));
+
+ Status = RtlAddAccessAllowedAce(Dacl,
+ ACL_REVISION,
+ GENERIC_ALL,
+ SeLocalSystemSid);
+ ASSERT(NT_SUCCESS(Status));
+
+ Status = RtlAddAccessAllowedAceEx(Dacl,
+ ACL_REVISION,
+ INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE,
+ GENERIC_ALL,
+ SeWorldSid);
+ ASSERT(NT_SUCCESS(Status));
}
/* Attach the DACL to the SD */
- RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Dacl, FALSE);
+ Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Dacl, FALSE);
+ ASSERT(NT_SUCCESS(Status));
return STATUS_SUCCESS;
}