[mnordell] 29545: Just some more notes about what (likely) is required to make it possible for users to cleanly shut down ROS. - Ros-diffs

13 Oct 2007

Author: mnordell
Date: Sat Oct 13 07:34:56 2007
New Revision: 29545
URL: http://svn.reactos.org/svn/reactos?rev=29545&view=rev
Log:
Just some more notes about what (likely) is required to make it possible for users to
cleanly shut down ROS.
Modified:
    trunk/reactos/base/system/winlogon/sas.c
Modified: trunk/reactos/base/system/winlogon/sas.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/sas.c…
==============================================================================

--- trunk/reactos/base/system/winlogon/sas.c (original)
+++ trunk/reactos/base/system/winlogon/sas.c Sat Oct 13 07:34:56 2007
@@ -318,7 +318,7 @@
        OUT PSECURITY_ATTRIBUTES* ppsa)
 {
 #if 1
-       DPRINT1("CreateSecurityAttributes needs implementation!\n");
+       DPRINT1("CreateLogoffSecurityAttributes needs implementation!\n");
        *ppsa = 0;
        return STATUS_UNSUCCESSFUL;
 #else
@@ -329,21 +329,55 @@
        /* Specifically THREAD_SET_THREAD_TOKEN is required. */
        PSECURITY_DESCRIPTOR psd = 0;
        PSECURITY_ATTRIBUTES psa = 0;
-       ACL rgAcls[2];
+       BYTE* pMem;
+       PACL pACL;
        EXPLICIT_ACCESS ea[2];
+       *ppsa = NULL;
+
+       // Let's first try to enumerate what kind of data we need for this to ever
work:
+       // 1.  The Winlogon SID, to be able to give it THREAD_SET_THREAD_TOKEN.
+       // 2.  The users SID (the user trying to logoff, or rather shut down the system).
+       // 3.  At least two EXPLICIT_ACCESS instances:
+       // 3.1 One for Winlogon itself, giving it the rights
+       //     required to THREAD_SET_THREAD_TOKEN (as it's needed to successfully
call
+       //     ImpersonateLoggedOnUser).
+       // 3.2 One for the user, to allow *that* thread to perform its work.
+       // 4.  An ACL to hold the these EXPLICIT_ACCESS ACE's.
+       // 5.  A SECURITY_DESCRIPTOR to hold the ACL, and finally.
+       // 6.  A SECURITY_ATTRIBUTES instance to pull all of this required stuff
+       //     together, to hand it to CreateThread.
+       //
+       // However, it seems struct LOGOFF_SHUTDOWN_DATA doesn't contain
+       // these required SID's, why they'd have to be added.
+       // The Winlogon's own SID should probably only be created once,
+       // while the user's SID obviously must be created for each new user.
+       // Might as well store it when the user logs on?
+
        /* set up the required security attributes to be able to shut down */
-       psd = HeapAlloc(GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH);
-       psa = HeapAlloc(GetProcessHeap(), 0, sizeof(SECURITY_ATTRIBUTES));
-       if (!psd || !psa)
-       {
-               DPRINT("Failed to allocate memory for a security
descriptor!\n");
+       /* To save space and time, allocate a single block of memory holding */
+       /* both SECURITY_ATTRIBUTES and SECURITY_DESCRIPTOR */
+       pMem = HeapAlloc(GetProcessHeap(),
+                        0,
+                        sizeof(SECURITY_ATTRIBUTES) +
+                        SECURITY_DESCRIPTOR_MIN_LENGTH +
+                        sizeof(ACL));
+       if (!pMem)
+       {
+               DPRINT("Failed to allocate memory for logoff security
descriptor!\n");
                return STATUS_NO_MEMORY;
        }
+       /* Note that the security descriptor needs to be in _absolute_ format, */
+       /* meaning its members must be pointers to other structures, rather */
+       /* than the relative format using offsets */
+       psa = (PSECURITY_ATTRIBUTES)pMem;
+       psd = (PSECURITY_DESCRIPTOR)(pMem + sizeof(SECURITY_ATTRIBUTES));
+       pACL = (PACL)(((PBYTE)psd) + SECURITY_DESCRIPTOR_MIN_LENGTH);
+
        if (!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
        {
-               HeapFree(GetProcessHeap(), 0, psd);
+               HeapFree(GetProcessHeap(), 0, pMem);
                DPRINT("Failed to initialize security descriptor for logoff
thread!\n");
                return STATUS_UNSUCCESSFUL;
        }
@@ -351,11 +385,11 @@
        // Initialize an EXPLICIT_ACCESS structure for an ACE.
        // The ACE will allow this thread to log off (and shut down the system,
currently).
        ZeroMemory(ea, sizeof(ea));
-       ea[0].grfAccessPermissions = KEY_READ;
-       ea[0].grfAccessMode = SET_ACCESS;
+       ea[0].grfAccessPermissions = THREAD_SET_THREAD_TOKEN;
+       ea[0].grfAccessMode = SET_ACCESS; // GRANT_ACCESS?
        ea[0].grfInheritance= NO_INHERITANCE;
        ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-       ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
+       ea[0].Trustee.TrusteeType = TRUSTEE_IS_USER;
        ea[0].Trustee.ptstrName  = (LPTSTR) pEveryoneSID;
        if (!SetSecurityDescriptorDacl(pSD,
@@ -364,7 +398,7 @@
                FALSE))   // not a default DACL
        {
                DPRINT("SetSecurityDescriptorDacl Error %u\n", GetLastError());
-               HeapFree(GetProcessHeap(), 0, psd);
+               HeapFree(GetProcessHeap(), 0, pMem);
                return STATUS_UNSUCCESSFUL;
        }
@@ -378,13 +412,12 @@
 #endif
 }
-static void
+static VOID
 DestroyLogoffSecurityAttributes(
        IN PSECURITY_ATTRIBUTES psa)
 {
        if (psa)
        {
-               HeapFree(GetProcessHeap(), 0, psa->lpSecurityDescriptor);
                HeapFree(GetProcessHeap(), 0, psa);
        }
 }
    