[ros-diffs] [reactos] 03/05: [NTOSKRNL] Add a few ASSERTs to ObpGetDosDevicesProtection for DBG builds

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=1b42731dca0df26788dd2… commit 1b42731dca0df26788dd20cb709c216dbc422dc9 Author: Pierre Schweitzer <pierre(a)reactos.org> AuthorDate: Sat Jun 1 13:51:40 2019 +0200 Commit: Pierre Schweitzer <pierre(a)reactos.org> CommitDate: Sat Jun 1 13:51:40 2019 +0200 [NTOSKRNL] Add a few ASSERTs to ObpGetDosDevicesProtection for DBG builds --- ntoskrnl/ob/obname.c | 118 ++++++++++++++++++++++++++++----------------------- 1 file changed, 66 insertions(+), 52 deletions(-) diff --git a/ntoskrnl/ob/obname.c b/ntoskrnl/ob/obname.c index 866ac748d84..d76ed10a919 100644 --- a/ntoskrnl/ob/obname.c +++ b/ntoskrnl/ob/obname.c @@ -41,9 +41,11 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor) { PACL Dacl; ULONG AclSize; + NTSTATUS Status; /* Initialize the SD */ - RtlCreateSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION); + Status = RtlCreateSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION); + ASSERT(NT_SUCCESS(Status)); if (ObpProtectionMode & 1) { @@ -63,42 +65,49 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor) } /* Initialize the DACL */ - RtlCreateAcl(Dacl, AclSize, ACL_REVISION); + Status = RtlCreateAcl(Dacl, AclSize, ACL_REVISION); + ASSERT(NT_SUCCESS(Status)); /* Add the ACEs */ - RtlAddAccessAllowedAce(Dacl, - ACL_REVISION, - GENERIC_READ | GENERIC_EXECUTE, - SeWorldSid); - - RtlAddAccessAllowedAce(Dacl, - ACL_REVISION, - GENERIC_ALL, - SeLocalSystemSid); - - RtlAddAccessAllowedAceEx(Dacl, - ACL_REVISION, - INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, - GENERIC_EXECUTE, - SeWorldSid); - - RtlAddAccessAllowedAceEx(Dacl, - ACL_REVISION, - INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, - GENERIC_ALL, - SeAliasAdminsSid); - - RtlAddAccessAllowedAceEx(Dacl, - ACL_REVISION, - INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, - GENERIC_ALL, - SeLocalSystemSid); - - RtlAddAccessAllowedAceEx(Dacl, - ACL_REVISION, - INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, - GENERIC_ALL, - SeCreatorOwnerSid); + Status = RtlAddAccessAllowedAce(Dacl, + ACL_REVISION, + GENERIC_READ | GENERIC_EXECUTE, + SeWorldSid); + ASSERT(NT_SUCCESS(Status)); + + Status = RtlAddAccessAllowedAce(Dacl, + ACL_REVISION, + GENERIC_ALL, + SeLocalSystemSid); + ASSERT(NT_SUCCESS(Status)); + + Status = RtlAddAccessAllowedAceEx(Dacl, + ACL_REVISION, + INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, + GENERIC_EXECUTE, + SeWorldSid); + ASSERT(NT_SUCCESS(Status)); + + Status = RtlAddAccessAllowedAceEx(Dacl, + ACL_REVISION, + INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, + GENERIC_ALL, + SeAliasAdminsSid); + ASSERT(NT_SUCCESS(Status)); + + Status = RtlAddAccessAllowedAceEx(Dacl, + ACL_REVISION, + INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, + GENERIC_ALL, + SeLocalSystemSid); + ASSERT(NT_SUCCESS(Status)); + + Status = RtlAddAccessAllowedAceEx(Dacl, + ACL_REVISION, + INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, + GENERIC_ALL, + SeCreatorOwnerSid); + ASSERT(NT_SUCCESS(Status)); } else { @@ -115,28 +124,33 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor) } /* Initialize the DACL */ - RtlCreateAcl(Dacl, AclSize, ACL_REVISION); + Status = RtlCreateAcl(Dacl, AclSize, ACL_REVISION); + ASSERT(NT_SUCCESS(Status)); /* Add the ACEs */ - RtlAddAccessAllowedAce(Dacl, - ACL_REVISION, - GENERIC_READ | GENERIC_EXECUTE | GENERIC_WRITE, - SeWorldSid); - - RtlAddAccessAllowedAce(Dacl, - ACL_REVISION, - GENERIC_ALL, - SeLocalSystemSid); - - RtlAddAccessAllowedAceEx(Dacl, - ACL_REVISION, - INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, - GENERIC_ALL, - SeWorldSid); + Status = RtlAddAccessAllowedAce(Dacl, + ACL_REVISION, + GENERIC_READ | GENERIC_EXECUTE | GENERIC_WRITE, + SeWorldSid); + ASSERT(NT_SUCCESS(Status)); + + Status = RtlAddAccessAllowedAce(Dacl, + ACL_REVISION, + GENERIC_ALL, + SeLocalSystemSid); + ASSERT(NT_SUCCESS(Status)); + + Status = RtlAddAccessAllowedAceEx(Dacl, + ACL_REVISION, + INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, + GENERIC_ALL, + SeWorldSid); + ASSERT(NT_SUCCESS(Status)); } /* Attach the DACL to the SD */ - RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Dacl, FALSE); + Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Dacl, FALSE); + ASSERT(NT_SUCCESS(Status)); return STATUS_SUCCESS; }