https://git.reactos.org/?p=reactos.git;a=commitdiff;h=df053d4e4339b5bb1151ea...
commit df053d4e4339b5bb1151ea3d3986c22e42ac7e8f Author: Timo Kreuzer timo.kreuzer@reactos.org AuthorDate: Sat Sep 23 17:49:27 2023 +0300 Commit: Timo Kreuzer timo.kreuzer@reactos.org CommitDate: Tue Sep 26 18:01:45 2023 +0300
[RTL] Improve usage of absolte vs self-relative security descriptors
- RtlpQuerySecurityDescriptor: Change argument type of first parameter from PISECURITY_DESCRIPTOR to PSECURITY_DESCRIPTOR, since it handles both absolute and self-relative SDs. - RtlMakeSelfRelativeSD: rename first parameter from AbsoluteSD to SecurityDescriptor, since it handles both absolute and self-relative SDs. - SepGetGroupFromDescriptor/SepGetOwnerFromDescriptor/SepGetDaclFromDescriptor/SepGetSaclFromDescriptor: Change parameter type from PVOID to PSECURITY_DESCRIPTOR for clarity. --- ntoskrnl/include/internal/se.h | 8 ++++---- sdk/lib/rtl/sd.c | 9 ++++----- 2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/ntoskrnl/include/internal/se.h b/ntoskrnl/include/internal/se.h index 1679d2fe86a..c7cbdda046a 100644 --- a/ntoskrnl/include/internal/se.h +++ b/ntoskrnl/include/internal/se.h @@ -87,7 +87,7 @@ typedef struct _TOKEN_AUDIT_POLICY_INFORMATION FORCEINLINE PSID SepGetGroupFromDescriptor( - _Inout_ PVOID _Descriptor) + _Inout_ PSECURITY_DESCRIPTOR _Descriptor) { PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; PISECURITY_DESCRIPTOR_RELATIVE SdRel; @@ -107,7 +107,7 @@ SepGetGroupFromDescriptor( FORCEINLINE PSID SepGetOwnerFromDescriptor( - _Inout_ PVOID _Descriptor) + _Inout_ PSECURITY_DESCRIPTOR _Descriptor) { PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; PISECURITY_DESCRIPTOR_RELATIVE SdRel; @@ -127,7 +127,7 @@ SepGetOwnerFromDescriptor( FORCEINLINE PACL SepGetDaclFromDescriptor( - _Inout_ PVOID _Descriptor) + _Inout_ PSECURITY_DESCRIPTOR _Descriptor) { PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; PISECURITY_DESCRIPTOR_RELATIVE SdRel; @@ -149,7 +149,7 @@ SepGetDaclFromDescriptor( FORCEINLINE PACL SepGetSaclFromDescriptor( - _Inout_ PVOID _Descriptor) + _Inout_ PSECURITY_DESCRIPTOR _Descriptor) { PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; PISECURITY_DESCRIPTOR_RELATIVE SdRel; diff --git a/sdk/lib/rtl/sd.c b/sdk/lib/rtl/sd.c index ea7e3bb44f5..d4ff245c3d8 100644 --- a/sdk/lib/rtl/sd.c +++ b/sdk/lib/rtl/sd.c @@ -42,7 +42,7 @@ RtlpValidateSDOffsetAndSize(IN ULONG Offset,
VOID NTAPI -RtlpQuerySecurityDescriptor(IN PISECURITY_DESCRIPTOR SecurityDescriptor, +RtlpQuerySecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PULONG OwnerSize, OUT PSID *PrimaryGroup, @@ -644,7 +644,7 @@ RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, */ NTSTATUS NTAPI -RtlMakeSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSD, +RtlMakeSelfRelativeSD(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSECURITY_DESCRIPTOR SelfRelativeSD, IN OUT PULONG BufferLength) { @@ -652,12 +652,11 @@ RtlMakeSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSD, PACL Sacl, Dacl; ULONG OwnerLength, GroupLength, SaclLength, DaclLength, TotalLength; ULONG_PTR Current; - PISECURITY_DESCRIPTOR Sd = (PISECURITY_DESCRIPTOR)AbsoluteSD; PISECURITY_DESCRIPTOR_RELATIVE RelSd = (PISECURITY_DESCRIPTOR_RELATIVE)SelfRelativeSD; PAGED_CODE_RTL();
/* Query all components */ - RtlpQuerySecurityDescriptor(Sd, + RtlpQuerySecurityDescriptor(SecurityDescriptor, &Owner, &OwnerLength, &Group, @@ -687,7 +686,7 @@ RtlMakeSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSD,
/* Copy the header fields */ RtlCopyMemory(RelSd, - Sd, + SecurityDescriptor, FIELD_OFFSET(SECURITY_DESCRIPTOR_RELATIVE, Owner));
/* Set the current copy pointer */
-
Timo Kreuzer