Author: ekohl Date: Sun Aug 14 15:42:40 2016 New Revision: 72220 URL: http://svn.reactos.org/svn/reactos?rev=72220&view=rev Log: [LSASRV] LsarQuerySecurityObject: Build a new SD that conatains requested information only and return it to the caller. Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sun Aug 14 15:42:40 2016 @@ -136,13 +136,20 @@ { PLSA_DB_OBJECT DbObject = NULL; PSECURITY_DESCRIPTOR RelativeSd = NULL; + PSECURITY_DESCRIPTOR ResultSd = NULL; PLSAPR_SR_SECURITY_DESCRIPTOR SdData = NULL; ACCESS_MASK DesiredAccess = 0; ULONG RelativeSdSize = 0; + ULONG ResultSdSize = 0; NTSTATUS Status; + + TRACE("LsarQuerySecurityObject(%p %lx %p)\n", + ObjectHandle, SecurityInformation, SecurityDescriptor); if (SecurityDescriptor == NULL) return STATUS_INVALID_PARAMETER; + + *SecurityDescriptor = NULL; if ((SecurityInformation & OWNER_SECURITY_INFORMATION) || (SecurityInformation & GROUP_SECURITY_INFORMATION) || @@ -181,10 +188,40 @@ if (!NT_SUCCESS(Status)) goto done; - /* - * FIXME: Invalidate the SD information that was not requested. - * (see SecurityInformation) - */ + /* Invalidate the SD information that was not requested */ + if (!(SecurityInformation & OWNER_SECURITY_INFORMATION)) + ((PISECURITY_DESCRIPTOR)RelativeSd)->Owner = NULL; + + if (!(SecurityInformation & GROUP_SECURITY_INFORMATION)) + ((PISECURITY_DESCRIPTOR)RelativeSd)->Group = NULL; + + if (!(SecurityInformation & DACL_SECURITY_INFORMATION)) + ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_DACL_PRESENT; + + if (!(SecurityInformation & SACL_SECURITY_INFORMATION)) + ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_SACL_PRESENT; + + /* Calculate the required SD size */ + Status = RtlMakeSelfRelativeSD(RelativeSd, + NULL, + &ResultSdSize); + if (Status != STATUS_BUFFER_TOO_SMALL) + goto done; + + /* Allocate a buffer for the new SD */ + ResultSd = MIDL_user_allocate(ResultSdSize); + if (ResultSd == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + /* Build the new SD */ + Status = RtlMakeSelfRelativeSD(RelativeSd, + ResultSd, + &ResultSdSize); + if (!NT_SUCCESS(Status)) + goto done; /* Allocate the SD data buffer */ SdData = MIDL_user_allocate(sizeof(LSAPR_SR_SECURITY_DESCRIPTOR)); @@ -196,16 +233,19 @@ /* Fill the SD data buffer and return it to the caller */ SdData->Length = RelativeSdSize; - SdData->SecurityDescriptor = (PBYTE)RelativeSd; + SdData->SecurityDescriptor = (PBYTE)ResultSd; *SecurityDescriptor = SdData; done: if (!NT_SUCCESS(Status)) { - if (RelativeSd != NULL) - MIDL_user_free(RelativeSd); - } + if (ResultSd != NULL) + MIDL_user_free(ResultSd); + } + + if (RelativeSd != NULL) + MIDL_user_free(RelativeSd); return Status; } @@ -2174,7 +2214,7 @@ PLSA_DB_OBJECT DbObject; NTSTATUS Status; - TRACE("(%p)\n", ObjectHandle); + TRACE("LsarDeleteObject(%p)\n", ObjectHandle); if (ObjectHandle == NULL) return STATUS_INVALID_PARAMETER;