[ekohl] 71686: [SERVICES] RSetServiceObjectSecurity: Modify and store a service security descriptor. - Ros-diffs

27 Jun 2016

Author: ekohl
Date: Mon Jun 27 22:35:54 2016
New Revision: 71686
URL: http://svn.reactos.org/svn/reactos?rev=71686&view=rev
Log:
[SERVICES]
RSetServiceObjectSecurity: Modify and store a service security descriptor.
Modified:
    trunk/reactos/base/system/services/rpcserver.c
Modified: trunk/reactos/base/system/services/rpcserver.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/rpcser...
==============================================================================

--- trunk/reactos/base/system/services/rpcserver.c	[iso-8859-1] (original)
+++ trunk/reactos/base/system/services/rpcserver.c	[iso-8859-1] Mon Jun 27 22:35:54 2016
@@ -1441,9 +1441,10 @@
     PSERVICE_HANDLE hSvc;
     PSERVICE lpService;
     ULONG DesiredAccess = 0;
-    /* HANDLE hToken = NULL; */
-    HKEY hServiceKey;
-    /* NTSTATUS Status; */
+    HANDLE hToken = NULL;
+    HKEY hServiceKey = NULL;
+    BOOL bDatabaseLocked = FALSE;
+    NTSTATUS Status;
     DWORD dwError;
DPRINT("RSetServiceObjectSecurity() called\n");
@@ -1483,14 +1484,14 @@
     if (!RtlAreAllAccessesGranted(hSvc->Handle.DesiredAccess,
                                   DesiredAccess))
     {
-        DPRINT("Insufficient access rights! 0x%lx\n", hSvc->Handle.DesiredAccess);
+        DPRINT1("Insufficient access rights! 0x%lx\n", hSvc->Handle.DesiredAccess);
         return ERROR_ACCESS_DENIED;
     }
lpService = hSvc->ServiceEntry;
     if (lpService == NULL)
     {
-        DPRINT("lpService == NULL!\n");
+        DPRINT1("lpService == NULL!\n");
         return ERROR_INVALID_HANDLE;
     }
@@ -1510,13 +1511,10 @@
     RpcRevertToSelf();
 #endif
-    /* Lock the service database exclusive */
-    ScmLockDatabaseExclusive();
-
-#if 0
+    /* Build the new security descriptor */
     Status = RtlSetSecurityObject(dwSecurityInformation,
                                   (PSECURITY_DESCRIPTOR)lpSecurityDescriptor,
-                                  &lpService->lpSecurityDescriptor,
+                                  &lpService->pSecurityDescriptor,
                                   &ScmServiceMapping,
                                   hToken);
     if (!NT_SUCCESS(Status))
@@ -1524,31 +1522,34 @@
         dwError = RtlNtStatusToDosError(Status);
         goto Done;
     }
-#endif
-
+
+    /* Lock the service database exclusive */
+    ScmLockDatabaseExclusive();
+    bDatabaseLocked = TRUE;
+
+    /* Open the service key */
     dwError = ScmOpenServiceKey(lpService->lpServiceName,
                                 READ_CONTROL | KEY_CREATE_SUB_KEY | KEY_SET_VALUE,
                                 &hServiceKey);
     if (dwError != ERROR_SUCCESS)
         goto Done;
-    UNIMPLEMENTED;
-    dwError = ERROR_SUCCESS;
-//    dwError = ScmWriteSecurityDescriptor(hServiceKey,
-//                                         lpService->lpSecurityDescriptor);
+    /* Store the new security descriptor */
+    dwError = ScmWriteSecurityDescriptor(hServiceKey,
+                                         lpService->pSecurityDescriptor);
RegFlushKey(hServiceKey);
-    RegCloseKey(hServiceKey);
Done:
-
-#if 0
+    if (hServiceKey != NULL)
+        RegCloseKey(hServiceKey);
+
+    /* Unlock service database */
+    if (bDatabaseLocked == TRUE)
+        ScmUnlockDatabase();
+
     if (hToken != NULL)
         NtClose(hToken);
-#endif
-
-    /* Unlock service database */
-    ScmUnlockDatabase();
DPRINT("RSetServiceObjectSecurity() done (Error %lu)\n", dwError);

    