Author: tfaber Date: Tue Jul 29 22:21:37 2014 New Revision: 63777

URL: http://svn.reactos.org/svn/reactos?rev=63777&view=rev Log: [NTOS:CM] - Return a valid security descriptor for keys, even though it's hacked. Based on code removed in r26704. CORE-8382 #resolve #comment Fixed, now we fail with E_FAIL instead. Hurray.

Modified: trunk/reactos/ntoskrnl/config/cmse.c

Modified: trunk/reactos/ntoskrnl/config/cmse.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmse.c?rev=... ============================================================================== --- trunk/reactos/ntoskrnl/config/cmse.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/config/cmse.c [iso-8859-1] Tue Jul 29 22:21:37 2014 @@ -138,6 +138,74 @@ }

NTSTATUS +CmpQuerySecurityDescriptor(IN PCM_KEY_BODY KeyBody, + IN SECURITY_INFORMATION SecurityInformation, + OUT PSECURITY_DESCRIPTOR SecurityDescriptor, + IN OUT PULONG BufferLength) +{ + PISECURITY_DESCRIPTOR_RELATIVE RelSd; + PUCHAR Current; + ULONG SidSize; + ULONG SdSize; + NTSTATUS Status; + + DBG_UNREFERENCED_PARAMETER(KeyBody); + + if (SecurityInformation == 0) + { + return STATUS_ACCESS_DENIED; + } + + SidSize = RtlLengthSid(SeWorldSid); + SdSize = sizeof(*RelSd) + 2 * SidSize; + RelSd = SecurityDescriptor; + + if (*BufferLength < SdSize) + { + *BufferLength = SdSize; + return STATUS_BUFFER_TOO_SMALL; + } + + *BufferLength = SdSize; + + Status = RtlCreateSecurityDescriptorRelative(RelSd, + SECURITY_DESCRIPTOR_REVISION); + if (!NT_SUCCESS(Status)) + return Status; + + Current = (PUCHAR)(RelSd + 1); + ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize); + + if (SecurityInformation & OWNER_SECURITY_INFORMATION) + { + RtlCopyMemory(Current, SeWorldSid, SidSize); + RelSd->Owner = Current - (PUCHAR)RelSd; + Current += SidSize; + ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize); + } + + if (SecurityInformation & GROUP_SECURITY_INFORMATION) + { + RtlCopyMemory(Current, SeWorldSid, SidSize); + RelSd->Group = Current - (PUCHAR)RelSd; + Current += SidSize; + ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize); + } + + if (SecurityInformation & DACL_SECURITY_INFORMATION) + { + RelSd->Control |= SE_DACL_PRESENT; + } + + if (SecurityInformation & SACL_SECURITY_INFORMATION) + { + RelSd->Control |= SE_SACL_PRESENT; + } + + return STATUS_SUCCESS; +} + +NTSTATUS NTAPI CmpSecurityMethod(IN PVOID ObjectBody, IN SECURITY_OPERATION_CODE OperationCode, @@ -148,6 +216,38 @@ IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping) { + DBG_UNREFERENCED_PARAMETER(OldSecurityDescriptor); + DBG_UNREFERENCED_PARAMETER(GenericMapping); + + switch (OperationCode) + { + case SetSecurityDescriptor: + DPRINT("Set security descriptor\n"); + ASSERT((PoolType == PagedPool) || (PoolType == NonPagedPool)); + /* HACK */ + break; + + case QuerySecurityDescriptor: + DPRINT("Query security descriptor\n"); + return CmpQuerySecurityDescriptor(ObjectBody, + *SecurityInformation, + SecurityDescriptor, + BufferLength); + + case DeleteSecurityDescriptor: + DPRINT("Delete security descriptor\n"); + /* HACK */ + break; + + case AssignSecurityDescriptor: + DPRINT("Assign security descriptor\n"); + /* HACK */ + break; + + default: + KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0); + } + /* HACK */ return STATUS_SUCCESS; }