[mnordell] 29545: Just some more notes about what (likely) is required to make it possible for users to cleanly shut down ROS. - Ros-diffs

13 Oct 2007

Author: mnordell
Date: Sat Oct 13 07:34:56 2007
New Revision: 29545
URL: http://svn.reactos.org/svn/reactos?rev=29545&view=rev
Log:
Just some more notes about what (likely) is required to make it possible for users to cleanly shut down ROS.
Modified:
    trunk/reactos/base/system/winlogon/sas.c
Modified: trunk/reactos/base/system/winlogon/sas.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/sas.c?...
==============================================================================

--- trunk/reactos/base/system/winlogon/sas.c (original)
+++ trunk/reactos/base/system/winlogon/sas.c Sat Oct 13 07:34:56 2007
@@ -318,7 +318,7 @@
    OUT PSECURITY_ATTRIBUTES* ppsa)
 {
 #if 1
-	DPRINT1("CreateSecurityAttributes needs implementation!\n");
+	DPRINT1("CreateLogoffSecurityAttributes needs implementation!\n");
    *ppsa = 0;
    return STATUS_UNSUCCESSFUL;
 #else
@@ -329,21 +329,55 @@
    /* Specifically THREAD_SET_THREAD_TOKEN is required. */
    PSECURITY_DESCRIPTOR psd = 0;
    PSECURITY_ATTRIBUTES psa = 0;
-	ACL rgAcls[2];
+	BYTE* pMem;
+	PACL pACL;
    EXPLICIT_ACCESS ea[2];
+	*ppsa = NULL;
+
+	// Let's first try to enumerate what kind of data we need for this to ever work:
+	// 1.  The Winlogon SID, to be able to give it THREAD_SET_THREAD_TOKEN.
+	// 2.  The users SID (the user trying to logoff, or rather shut down the system).
+	// 3.  At least two EXPLICIT_ACCESS instances:
+	// 3.1 One for Winlogon itself, giving it the rights
+	//     required to THREAD_SET_THREAD_TOKEN (as it's needed to successfully call
+	//     ImpersonateLoggedOnUser).
+	// 3.2 One for the user, to allow *that* thread to perform its work.
+	// 4.  An ACL to hold the these EXPLICIT_ACCESS ACE's.
+	// 5.  A SECURITY_DESCRIPTOR to hold the ACL, and finally.
+	// 6.  A SECURITY_ATTRIBUTES instance to pull all of this required stuff
+	//     together, to hand it to CreateThread.
+	//
+	// However, it seems struct LOGOFF_SHUTDOWN_DATA doesn't contain
+	// these required SID's, why they'd have to be added.
+	// The Winlogon's own SID should probably only be created once,
+	// while the user's SID obviously must be created for each new user.
+	// Might as well store it when the user logs on?
+
    /* set up the required security attributes to be able to shut down */
-	psd = HeapAlloc(GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH);
-	psa = HeapAlloc(GetProcessHeap(), 0, sizeof(SECURITY_ATTRIBUTES));
-	if (!psd || !psa)
-	{
-		DPRINT("Failed to allocate memory for a security descriptor!\n");
+	/* To save space and time, allocate a single block of memory holding */
+	/* both SECURITY_ATTRIBUTES and SECURITY_DESCRIPTOR */
+	pMem = HeapAlloc(GetProcessHeap(),
+	                 0,
+	                 sizeof(SECURITY_ATTRIBUTES) +
+	                 SECURITY_DESCRIPTOR_MIN_LENGTH +
+	                 sizeof(ACL));
+	if (!pMem)
+	{
+		DPRINT("Failed to allocate memory for logoff security descriptor!\n");
    	return STATUS_NO_MEMORY;
    }
+	/* Note that the security descriptor needs to be in _absolute_ format, */
+	/* meaning its members must be pointers to other structures, rather */
+	/* than the relative format using offsets */
+	psa = (PSECURITY_ATTRIBUTES)pMem;
+	psd = (PSECURITY_DESCRIPTOR)(pMem + sizeof(SECURITY_ATTRIBUTES));
+	pACL = (PACL)(((PBYTE)psd) + SECURITY_DESCRIPTOR_MIN_LENGTH);
+
    if (!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
    {
-		HeapFree(GetProcessHeap(), 0, psd);
+		HeapFree(GetProcessHeap(), 0, pMem);
    	DPRINT("Failed to initialize security descriptor for logoff thread!\n");
    	return STATUS_UNSUCCESSFUL;
    }
@@ -351,11 +385,11 @@
    // Initialize an EXPLICIT_ACCESS structure for an ACE.
    // The ACE will allow this thread to log off (and shut down the system, currently).
    ZeroMemory(ea, sizeof(ea));
-	ea[0].grfAccessPermissions = KEY_READ;
-	ea[0].grfAccessMode = SET_ACCESS;
+	ea[0].grfAccessPermissions = THREAD_SET_THREAD_TOKEN;
+	ea[0].grfAccessMode = SET_ACCESS; // GRANT_ACCESS?
    ea[0].grfInheritance= NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-	ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
+	ea[0].Trustee.TrusteeType = TRUSTEE_IS_USER;
    ea[0].Trustee.ptstrName  = (LPTSTR) pEveryoneSID;
if (!SetSecurityDescriptorDacl(pSD, 
@@ -364,7 +398,7 @@
            FALSE))   // not a default DACL 
    {
    	DPRINT("SetSecurityDescriptorDacl Error %u\n", GetLastError());
-		HeapFree(GetProcessHeap(), 0, psd);
+		HeapFree(GetProcessHeap(), 0, pMem);
    	return STATUS_UNSUCCESSFUL;
    }
@@ -378,13 +412,12 @@
 #endif
 }
-static void
+static VOID
 DestroyLogoffSecurityAttributes(
    IN PSECURITY_ATTRIBUTES psa)
 {
    if (psa)
    {
-		HeapFree(GetProcessHeap(), 0, psa->lpSecurityDescriptor);
    	HeapFree(GetProcessHeap(), 0, psa);
    }
 }

    