https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f340524ea4d103221a7fd… commit f340524ea4d103221a7fd2eaca51787ea02461c7 Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Mon Feb 21 11:12:48 2022 +0100 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:51 2022 +0200 [SERVICES] Grant ReactOS Setup component SYSTEM access ReactOS Setup is an integral component that is part of the operating system responsible for the installation of ROS during 2nd installation stage. The situation with current master branch is like this -- the Services component always tries to create the process on behalf of the logged in user with its own security context. That user doesn't have the privileges and access rights like SYSTEM thus the Services component tries to create the process but it fails to do so because of lacking of required access right, TOKEN_DUPLICATE, in order for the calling thread to impersonate as self. --- base/system/services/database.c | 2 +- base/system/services/services.c | 24 ++++++++++++++++++++++++ base/system/services/services.h | 1 + 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/base/system/services/database.c b/base/system/services/database.c index d773a44e102..8dbf148d43a 100644 --- a/base/system/services/database.c +++ b/base/system/services/database.c @@ -370,7 +370,7 @@ ScmLogonService( DPRINT("ScmLogonService(%p %p)\n", pService, pImage); DPRINT("Service %S\n", pService->lpServiceName); - if (ScmIsLocalSystemAccount(pImage->pszAccountName) || ScmLiveSetup) + if (ScmIsLocalSystemAccount(pImage->pszAccountName) || ScmLiveSetup || ScmSetupInProgress) return ERROR_SUCCESS; /* Get the user and domain names */ diff --git a/base/system/services/services.c b/base/system/services/services.c index b45ac07b745..fec54827b87 100644 --- a/base/system/services/services.c +++ b/base/system/services/services.c @@ -28,6 +28,7 @@ int WINAPI RegisterServicesProcess(DWORD ServicesProcessId); BOOL ScmInitialize = FALSE; BOOL ScmShutdown = FALSE; BOOL ScmLiveSetup = FALSE; +BOOL ScmSetupInProgress = FALSE; static HANDLE hScmShutdownEvent = NULL; static HANDLE hScmSecurityServicesEvent = NULL; @@ -55,6 +56,7 @@ CheckForLiveCD(VOID) WCHAR CommandLine[MAX_PATH]; HKEY hSetupKey; DWORD dwSetupType; + DWORD dwSetupInProgress; DWORD dwType; DWORD dwSize; DWORD dwError; @@ -107,6 +109,28 @@ CheckForLiveCD(VOID) ScmLiveSetup = TRUE; } + /* Read the SystemSetupInProgress value */ + dwSize = sizeof(DWORD); + dwError = RegQueryValueExW(hSetupKey, + L"SystemSetupInProgress", + NULL, + &dwType, + (LPBYTE)&dwSetupInProgress, + &dwSize); + if (dwError != ERROR_SUCCESS || + dwType != REG_DWORD || + dwSize != sizeof(DWORD) || + dwSetupType == 0) + { + goto done; + } + + if (dwSetupInProgress == 1) + { + DPRINT1("ReactOS Setup currently in progress!\n"); + ScmSetupInProgress = TRUE; + } + done: RegCloseKey(hSetupKey); diff --git a/base/system/services/services.h b/base/system/services/services.h index cbaa4a93329..204375c17c6 100644 --- a/base/system/services/services.h +++ b/base/system/services/services.h @@ -102,6 +102,7 @@ extern LIST_ENTRY ImageListHead; extern BOOL ScmInitialize; extern BOOL ScmShutdown; extern BOOL ScmLiveSetup; +extern BOOL ScmSetupInProgress; extern PSECURITY_DESCRIPTOR pPipeSD;