[pschweitzer] 65862: [NTOSKRNL] - In case of AssignSecurityDescriptor operation in IopGetSetSecurityObject(), put the security descriptor in cache before attempting the assignement - In IopUnloadDe... - Ros-diffs

28 Dec 2014

Author: pschweitzer
Date: Sun Dec 28 18:31:06 2014
New Revision: 65862
URL: http://svn.reactos.org/svn/reactos?rev=65862&view=rev
Log:
[NTOSKRNL]
- In case of AssignSecurityDescriptor operation in IopGetSetSecurityObject(), put the security descriptor in cache before attempting the assignement
- In IopUnloadDevice(), don't attempt to free the security descriptor, let this to Ob by just derefencing it. Spotted & fixed by Thomas.
This unregresses VMware Tools installation.
CORE-7991
Modified:
    trunk/reactos/ntoskrnl/io/iomgr/device.c
    trunk/reactos/ntoskrnl/io/iomgr/file.c
Modified: trunk/reactos/ntoskrnl/io/iomgr/device.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/device.c?...
==============================================================================

--- trunk/reactos/ntoskrnl/io/iomgr/device.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/device.c	[iso-8859-1] Sun Dec 28 18:31:06 2014
@@ -396,8 +396,8 @@
         /* Check if we have a Security Descriptor */
         if (DeviceObject->SecurityDescriptor)
         {
-            /* Free it */
-            ExFreePoolWithTag(DeviceObject->SecurityDescriptor, TAG_SD);
+            /* Dereference it */
+            ObDereferenceSecurityDescriptor(DeviceObject->SecurityDescriptor, 1);
         }
/* Remove the device from the list */
Modified: trunk/reactos/ntoskrnl/io/iomgr/file.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/file.c?re...
==============================================================================
--- trunk/reactos/ntoskrnl/io/iomgr/file.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/file.c	[iso-8859-1] Sun Dec 28 18:31:06 2014
@@ -1551,15 +1551,30 @@
         }
         else if (OperationCode == AssignSecurityDescriptor)
         {
+            Status = STATUS_SUCCESS;
+
             /* Make absolutely sure this is a device object */
             if (!(FileObject) || !(FileObject->Flags & FO_STREAM_FILE))
             {
-                /* Assign the Security Descriptor */
-                DeviceObject->SecurityDescriptor = SecurityDescriptor;
-            }
-
-            /* Return success */
-            return STATUS_SUCCESS;
+                PSECURITY_DESCRIPTOR CachedSecurityDescriptor;
+
+                /* Add the security descriptor in cache */
+                Status = ObLogSecurityDescriptor(SecurityDescriptor, &CachedSecurityDescriptor, 1);
+                if (NT_SUCCESS(Status))
+                {
+                    KeEnterCriticalRegion();
+                    ExAcquireResourceExclusiveLite(&IopSecurityResource, TRUE);
+
+                    /* Assign the Security Descriptor */
+                    DeviceObject->SecurityDescriptor = CachedSecurityDescriptor;
+
+                    ExReleaseResourceLite(&IopSecurityResource);
+                    KeLeaveCriticalRegion();
+                }
+            }
+
+            /* Return status */
+            return Status;
         }
         else if (OperationCode == SetSecurityDescriptor)
         {

    