Author: hbelusca Date: Wed Feb 10 22:28:12 2016 New Revision: 70707 URL: http://svn.reactos.org/svn/reactos?rev=70707&view=rev Log: [CMLIB]: Implement CmpFreeSecurityDescriptor. See r70609. CORE-10793 CORE-10796 Added: trunk/reactos/lib/cmlib/cmse.c (with props) Modified: trunk/reactos/lib/cmlib/CMakeLists.txt trunk/reactos/lib/cmlib/cmkeydel.c trunk/reactos/lib/cmlib/cmlib.h Modified: trunk/reactos/lib/cmlib/CMakeLists.txt URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/cmlib/CMakeLists.txt?r… ============================================================================== --- trunk/reactos/lib/cmlib/CMakeLists.txt [iso-8859-1] (original) +++ trunk/reactos/lib/cmlib/CMakeLists.txt [iso-8859-1] Wed Feb 10 22:28:12 2016 @@ -8,6 +8,7 @@ cmindex.c cmkeydel.c cmname.c + cmse.c cmvalue.c hivebin.c hivecell.c Modified: trunk/reactos/lib/cmlib/cmkeydel.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/cmlib/cmkeydel.c?rev=7… ============================================================================== --- trunk/reactos/lib/cmlib/cmkeydel.c [iso-8859-1] (original) +++ trunk/reactos/lib/cmlib/cmkeydel.c [iso-8859-1] Wed Feb 10 22:28:12 2016 @@ -220,8 +220,8 @@ HvFreeCell(Hive, CellData->ValueList.List); } - /* FIXME: This leaks the security desriptor! */ - DPRINT("Potentially leaking key security descriptor. Please call CmpFreeSecurityDescriptor\n"); + /* Free the key security descriptor */ + CmpFreeSecurityDescriptor(Hive, Cell); } /* Free the key body itself, and then return our status */ Modified: trunk/reactos/lib/cmlib/cmlib.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/cmlib/cmlib.h?rev=7070… ============================================================================== --- trunk/reactos/lib/cmlib/cmlib.h [iso-8859-1] (original) +++ trunk/reactos/lib/cmlib/cmlib.h [iso-8859-1] Wed Feb 10 22:28:12 2016 @@ -676,7 +676,21 @@ CmpFreeKeyByCell( IN PHHIVE Hive, IN HCELL_INDEX Cell, - IN BOOLEAN Unlink + IN BOOLEAN Unlink +); + +VOID +NTAPI +CmpRemoveSecurityCellList( + IN PHHIVE Hive, + IN HCELL_INDEX SecurityCell +); + +VOID +NTAPI +CmpFreeSecurityDescriptor( + IN PHHIVE Hive, + IN HCELL_INDEX Cell ); /******************************************************************************/ Added: trunk/reactos/lib/cmlib/cmse.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/cmlib/cmse.c?rev=70707 ============================================================================== --- trunk/reactos/lib/cmlib/cmse.c (added) +++ trunk/reactos/lib/cmlib/cmse.c [iso-8859-1] Wed Feb 10 22:28:12 2016 @@ -0,0 +1,114 @@ +/* + * PROJECT: ReactOS Kernel + * LICENSE: GPL - See COPYING in the top level directory + * FILE: lib/cmlib/cmse.c + * PURPOSE: Configuration Manager Library - Security Subsystem Interface + * PROGRAMMERS: Hermes Belusca-Maito (hermes.belusca(a)sfr.fr) + */ + +/* INCLUDES ******************************************************************/ + +#include "cmlib.h" +#define NDEBUG +#include "debug.h" + +/* FUNCTIONS *****************************************************************/ + +VOID +NTAPI +CmpRemoveSecurityCellList(IN PHHIVE Hive, + IN HCELL_INDEX SecurityCell) +{ + PCM_KEY_SECURITY SecurityData, FlinkCell, BlinkCell; + + PAGED_CODE(); + + // ASSERT( (((PCMHIVE)Hive)->HiveSecurityLockOwner == KeGetCurrentThread()) || (CmpTestRegistryLockExclusive() == TRUE) ); + + SecurityData = HvGetCell(Hive, SecurityCell); + if (!SecurityData) return; + + FlinkCell = HvGetCell(Hive, SecurityData->Flink); + if (!FlinkCell) + { + HvReleaseCell(Hive, SecurityCell); + return; + } + + BlinkCell = HvGetCell(Hive, SecurityData->Blink); + if (!BlinkCell) + { + HvReleaseCell(Hive, SecurityData->Flink); + HvReleaseCell(Hive, SecurityCell); + return; + } + + /* Sanity checks */ + ASSERT(FlinkCell->Blink == SecurityCell); + ASSERT(BlinkCell->Flink == SecurityCell); + + /* Unlink the security block and free it */ + FlinkCell->Blink = SecurityData->Blink; + BlinkCell->Flink = SecurityData->Flink; +#ifdef USE_CM_CACHE + CmpRemoveFromSecurityCache(Hive, SecurityCell); +#endif + + /* Release the cells */ + HvReleaseCell(Hive, SecurityData->Blink); + HvReleaseCell(Hive, SecurityData->Flink); + HvReleaseCell(Hive, SecurityCell); +} + +VOID +NTAPI +CmpFreeSecurityDescriptor(IN PHHIVE Hive, + IN HCELL_INDEX Cell) +{ + PCM_KEY_NODE CellData; + PCM_KEY_SECURITY SecurityData; + + PAGED_CODE(); + + // ASSERT( (((PCMHIVE)Hive)->HiveSecurityLockOwner == KeGetCurrentThread()) || (CmpTestRegistryLockExclusive() == TRUE) ); + + CellData = HvGetCell(Hive, Cell); + if (!CellData) return; + + ASSERT(CellData->Signature == CM_KEY_NODE_SIGNATURE); + + // FIXME: ReactOS-specific: check whether this key has a security block. + // On Windows there is no such check, all keys seem to have a valid + // security block. + // If we remove this check on ReactOS (and continue running) then we get + // a BSOD at the end... + if (CellData->Security == HCELL_NIL) + { + DPRINT1("Cell 0x%08x (data 0x%p) has no security block!\n", Cell, CellData); + HvReleaseCell(Hive, Cell); + return; + } + + SecurityData = HvGetCell(Hive, CellData->Security); + if (!SecurityData) + { + HvReleaseCell(Hive, Cell); + return; + } + + ASSERT(SecurityData->Signature == CM_KEY_SECURITY_SIGNATURE); + + if (SecurityData->ReferenceCount > 1) + { + SecurityData->ReferenceCount--; + } + else // if (SecurityData->ReferenceCount <= 1) + { + CmpRemoveSecurityCellList(Hive, CellData->Security); + HvFreeCell(Hive, CellData->Security); + } + + CellData->Security = HCELL_NIL; + HvReleaseCell(Hive, CellData->Security); + HvReleaseCell(Hive, Cell); +} Propchange: trunk/reactos/lib/cmlib/cmse.c ------------------------------------------------------------------------------ svn:eol-style = native