[ros-diffs] [reactos] 08/11: [NTOS:CM] Do not call CmpSecurityMethod when assigning a security descriptor

1 Oct 2023

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=8cb56e77a60ec7d0b7730…

commit 8cb56e77a60ec7d0b7730abdc691ed74c36b6de8
Author:     George Bișoc &lt;george.bisoc(a)reactos.org&gt;
AuthorDate: Fri Feb 24 14:06:22 2023 +0100
Commit:     George Bișoc &lt;george.bisoc(a)reactos.org&gt;
CommitDate: Sun Oct 1 20:06:02 2023 +0200

    [NTOS:CM] Do not call CmpSecurityMethod when assigning a security descriptor
    
    CmpSecurityMethod is a method used by the Object Manager and called by this
    subsystem whenever a security operation has to be done against a key object.
    
    As CmpSecurityMethod is a specific OB construct we should not make any direct
    call attempts to CmpSecurityMethod, only OB is responsible for that. This fixes
    a deadlock where CmpSecurityMethod acquires a push lock for exclusive access
    even though such lock is already acquired by the same calling thread in
    CmpDoCreateChild.
---
 ntoskrnl/config/cmparse.c      | 16 ++++++++--------
 ntoskrnl/include/internal/cm.h |  9 +++++++++
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/ntoskrnl/config/cmparse.c b/ntoskrnl/config/cmparse.c
index 53f2d3adbab..38346c2501d 100644
--- a/ntoskrnl/config/cmparse.c
+++ b/ntoskrnl/config/cmparse.c
@@ -367,14 +367,14 @@ CmpDoCreateChild(IN PHHIVE Hive,
                               CmpKeyObjectType->TypeInfo.PoolType);
     if (NT_SUCCESS(Status))
     {
-        Status = CmpSecurityMethod(*Object,
-                                   AssignSecurityDescriptor,
-                                   NULL,
-                                   NewDescriptor,
-                                   NULL,
-                                   NULL,
-                                   CmpKeyObjectType->TypeInfo.PoolType,
-                                   &CmpKeyObjectType->TypeInfo.GenericMapping);
+        /*
+         * FIXME: We must acquire a security lock when assigning
+         * a security descriptor to this hive but since the
+         * CmpAssignSecurityDescriptor function does nothing
+         * (we lack the necessary security management implementations
+         * anyway), do not do anything for now.
+         */
+        Status = CmpAssignSecurityDescriptor(Kcb, NewDescriptor);
     }
 
     /* Now that the security descriptor is copied in the hive, we can free the original
*/
diff --git a/ntoskrnl/include/internal/cm.h b/ntoskrnl/include/internal/cm.h
index a0921e4eb3b..eab9a1c9b61 100644
--- a/ntoskrnl/include/internal/cm.h
+++ b/ntoskrnl/include/internal/cm.h
@@ -510,6 +510,15 @@ CmpDestroyHiveViewList(
     IN PCMHIVE Hive
 );
 
+//
+// Security Management Functions
+//
+NTSTATUS
+CmpAssignSecurityDescriptor(
+    IN PCM_KEY_CONTROL_BLOCK Kcb,
+    IN PSECURITY_DESCRIPTOR SecurityDescriptor
+);
+
 //
 // Security Cache Functions
 //

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [reactos] 08/11: [NTOS:CM] Do not call CmpSecurityMethod when assigning a security descriptor