[weiden] 20805: use a default security descriptor for the group policy events - Ros-diffs

12 Jan 2006

use a default security descriptor for the group policy events
Modified: trunk/reactos/lib/userenv/gpolicy.c
Modified: trunk/reactos/lib/userenv/internal.h
Modified: trunk/reactos/lib/userenv/misc.c
  _____
Modified: trunk/reactos/lib/userenv/gpolicy.c

--- trunk/reactos/lib/userenv/gpolicy.c	2006-01-12 06:15:21 UTC (rev
20804)
+++ trunk/reactos/lib/userenv/gpolicy.c	2006-01-12 17:30:27 UTC (rev
20805)
@@ -249,7 +249,7 @@
static HANDLE
 CreateGPEvent(IN BOOL bMachine,
-              IN PVOID lpSecurityDescriptor)
+              IN PSECURITY_DESCRIPTOR lpSecurityDescriptor)
 {
     HANDLE hEvent;
     SECURITY_ATTRIBUTES SecurityAttributes;
@@ -258,7 +258,7 @@
     SecurityAttributes.lpSecurityDescriptor = lpSecurityDescriptor;
     SecurityAttributes.bInheritHandle = FALSE;
-    hEvent = CreateEventW((lpSecurityDescriptor != NULL ?
&SecurityAttributes : NULL),
+    hEvent = CreateEventW(&SecurityAttributes,
                           TRUE,
                           FALSE,
                           (bMachine ? szMachineGPApplied :
szLocalGPApplied));
@@ -271,7 +271,7 @@
                        IN BOOL bMachine)
 {
     PGP_NOTIFY Notify;
-    PVOID lpSecurityDescriptor = NULL;
+    PSECURITY_DESCRIPTOR lpSecurityDescriptor = NULL;
     BOOL Ret = FALSE;
EnterCriticalSection(&GPNotifyLock);
@@ -292,7 +292,11 @@
     /* create or open the machine group policy event */
     if (hMachineGPAppliedEvent == NULL)
     {
-        lpSecurityDescriptor = CreateDefaultSD();
+        lpSecurityDescriptor = CreateDefaultSecurityDescriptor();
+        if (lpSecurityDescriptor == NULL)
+        {
+            goto Cleanup;
+        }
hMachineGPAppliedEvent = CreateGPEvent(TRUE,
                                                lpSecurityDescriptor);
@@ -307,7 +311,11 @@
     {
         if (lpSecurityDescriptor == NULL)
         {
-            lpSecurityDescriptor = CreateDefaultSD();
+            lpSecurityDescriptor = CreateDefaultSecurityDescriptor();
+            if (lpSecurityDescriptor == NULL)
+            {
+                goto Cleanup;
+            }
         }
hLocalGPAppliedEvent = CreateGPEvent(FALSE,
  _____
Modified: trunk/reactos/lib/userenv/internal.h
--- trunk/reactos/lib/userenv/internal.h	2006-01-12 06:15:21 UTC
(rev 20804)
+++ trunk/reactos/lib/userenv/internal.h	2006-01-12 17:30:27 UTC
(rev 20805)
@@ -77,8 +77,8 @@
GetUserSidFromToken (HANDLE hToken,
    	     PUNICODE_STRING SidString);
-PVOID
-CreateDefaultSD(VOID);
+PSECURITY_DESCRIPTOR
+CreateDefaultSecurityDescriptor(VOID);
/* profile.c */
 BOOL
  _____
Modified: trunk/reactos/lib/userenv/misc.c
--- trunk/reactos/lib/userenv/misc.c	2006-01-12 06:15:21 UTC (rev
20804)
+++ trunk/reactos/lib/userenv/misc.c	2006-01-12 17:30:27 UTC (rev
20805)
@@ -30,6 +30,8 @@
#define NDEBUG
 #include <debug.h>
+static SID_IDENTIFIER_AUTHORITY LocalSystemAuthority =
{SECURITY_NT_AUTHORITY};
+static SID_IDENTIFIER_AUTHORITY WorldAuthority =
{SECURITY_WORLD_SID_AUTHORITY};
/* FUNCTIONS
***************************************************************/
@@ -116,11 +118,149 @@
   return TRUE;
 }
-PVOID
-CreateDefaultSD(VOID)
+PSECURITY_DESCRIPTOR
+CreateDefaultSecurityDescriptor(VOID)
 {
-    /* FIXME - create a default security descriptor */
-    return NULL;
+    PSID LocalSystemSid = NULL;
+    PSID AdministratorsSid = NULL;
+    PSID EveryoneSid = NULL;
+    PACL Dacl;
+    DWORD DaclSize;
+    PSECURITY_DESCRIPTOR pSD = NULL;
+
+    /* create the SYSTEM, Administrators and Everyone SIDs */
+    if (!AllocateAndInitializeSid(&LocalSystemAuthority,
+                                  1,
+                                  SECURITY_LOCAL_SYSTEM_RID,
+                                  0,
+                                  0,
+                                  0,
+                                  0,
+                                  0,
+                                  0,
+                                  0,
+                                  &LocalSystemSid) ||
+        !AllocateAndInitializeSid(&LocalSystemAuthority,
+                                  2,
+                                  SECURITY_BUILTIN_DOMAIN_RID,
+                                  DOMAIN_ALIAS_RID_ADMINS,
+                                  0,
+                                  0,
+                                  0,
+                                  0,
+                                  0,
+                                  0,
+                                  &AdministratorsSid) ||
+        !AllocateAndInitializeSid(&WorldAuthority,
+                                  1,
+                                  SECURITY_WORLD_RID,
+                                  0,
+                                  0,
+                                  0,
+                                  0,
+                                  0,
+                                  0,
+                                  0,
+                                  &EveryoneSid))
+    {
+        DPRINT1("Failed initializing the SIDs for the default security
descriptor (0x%p, 0x%p, 0x%p)\n",
+                LocalSystemSid, AdministratorsSid, EveryoneSid);
+        goto Cleanup;
+    }
+
+    /* allocate the security descriptor and DACL */
+    DaclSize = sizeof(ACL) +
+               ((GetLengthSid(LocalSystemSid) +
+                 GetLengthSid(AdministratorsSid) +
+                 GetLengthSid(EveryoneSid)) +
+                (3 * FIELD_OFFSET(ACCESS_ALLOWED_ACE,
+                                  SidStart)));
+
+    pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LMEM_FIXED,
+                                           (SIZE_T)DaclSize +
sizeof(SECURITY_DESCRIPTOR));
+    if (pSD == NULL)
+    {
+        DPRINT1("Failed to allocate the default security descriptor and
ACL\n");
+        goto Cleanup;
+    }
+
+    if (!InitializeSecurityDescriptor(pSD,
+                                      SECURITY_DESCRIPTOR_REVISION))
+    {
+        DPRINT1("Failed to initialize the default security
descriptor\n");
+        goto Cleanup;
+    }
+
+    /* initialize and build the DACL */
+    Dacl = (PACL)((ULONG_PTR)pSD + sizeof(SECURITY_DESCRIPTOR));
+    if (!InitializeAcl(Dacl,
+                       (DWORD)DaclSize,
+                       ACL_REVISION))
+    {
+        DPRINT1("Failed to initialize the DACL of the default security
descriptor\n");
+        goto Cleanup;
+    }
+
+    /* add the SYSTEM Ace */
+    if (!AddAccessAllowedAce(Dacl,
+                             ACL_REVISION,
+                             GENERIC_ALL,
+                             LocalSystemSid))
+    {
+        DPRINT1("Failed to add the SYSTEM ACE\n");
+        goto Cleanup;
+    }
+
+    /* add the Administrators Ace */
+    if (!AddAccessAllowedAce(Dacl,
+                             ACL_REVISION,
+                             GENERIC_ALL,
+                             AdministratorsSid))
+    {
+        DPRINT1("Failed to add the Administrators ACE\n");
+        goto Cleanup;
+    }
+
+    /* add the Everyone Ace */
+    if (!AddAccessAllowedAce(Dacl,
+                             ACL_REVISION,
+                             GENERIC_EXECUTE,
+                             EveryoneSid))
+    {
+        DPRINT1("Failed to add the Everyone ACE\n");
+        goto Cleanup;
+    }
+
+    /* set the DACL */
+    if (!SetSecurityDescriptorDacl(pSD,
+                                   TRUE,
+                                   Dacl,
+                                   FALSE))
+    {
+        DPRINT1("Failed to set the DACL of the default security
descriptor\n");
+
+Cleanup:
+        if (pSD != NULL)
+        {
+            LocalFree((HLOCAL)pSD);
+            pSD = NULL;
+        }
+    }
+
+    if (LocalSystemSid != NULL)
+    {
+        FreeSid(LocalSystemSid);
+    }
+    if (AdministratorsSid != NULL)
+    {
+        FreeSid(AdministratorsSid);
+    }
+    if (EveryoneSid != NULL)
+    {
+        FreeSid(EveryoneSid);
+    }
+
+    return pSD;
 }
/* Dynamic DLL loading interface
**********************************************/

    