[reactos] 03/05: [NTOSKRNL] Add a few ASSERTs to ObpGetDosDevicesProtection for DBG builds - Ros-diffs

1 Jun 2019

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=1b42731dca0df26788dd20...
commit 1b42731dca0df26788dd20cb709c216dbc422dc9
Author:     Pierre Schweitzer pierre@reactos.org
AuthorDate: Sat Jun 1 13:51:40 2019 +0200
Commit:     Pierre Schweitzer pierre@reactos.org
CommitDate: Sat Jun 1 13:51:40 2019 +0200
[NTOSKRNL] Add a few ASSERTs to ObpGetDosDevicesProtection for DBG builds
---
 ntoskrnl/ob/obname.c | 118 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 66 insertions(+), 52 deletions(-)

diff --git a/ntoskrnl/ob/obname.c b/ntoskrnl/ob/obname.c
index 866ac748d84..d76ed10a919 100644
--- a/ntoskrnl/ob/obname.c
+++ b/ntoskrnl/ob/obname.c
@@ -41,9 +41,11 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
 {
     PACL Dacl;
     ULONG AclSize;
+    NTSTATUS Status;
/* Initialize the SD */
-    RtlCreateSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
+    Status = RtlCreateSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
+    ASSERT(NT_SUCCESS(Status));
if (ObpProtectionMode & 1)
     {
@@ -63,42 +65,49 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
         }
/* Initialize the DACL */
-        RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
+        Status = RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
+        ASSERT(NT_SUCCESS(Status));
/* Add the ACEs */
-        RtlAddAccessAllowedAce(Dacl,
-                               ACL_REVISION,
-                               GENERIC_READ | GENERIC_EXECUTE,
-                               SeWorldSid);
-
-        RtlAddAccessAllowedAce(Dacl,
-                               ACL_REVISION,
-                               GENERIC_ALL,
-                               SeLocalSystemSid);
-
-        RtlAddAccessAllowedAceEx(Dacl,
-                                 ACL_REVISION,
-                                 INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
-                                 GENERIC_EXECUTE,
-                                 SeWorldSid);
-
-        RtlAddAccessAllowedAceEx(Dacl,
-                                 ACL_REVISION,
-                                 INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
-                                 GENERIC_ALL,
-                                 SeAliasAdminsSid);
-
-        RtlAddAccessAllowedAceEx(Dacl,
-                                 ACL_REVISION,
-                                 INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
-                                 GENERIC_ALL,
-                                 SeLocalSystemSid);
-
-        RtlAddAccessAllowedAceEx(Dacl,
-                                 ACL_REVISION,
-                                 INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
-                                 GENERIC_ALL,
-                                 SeCreatorOwnerSid);
+        Status = RtlAddAccessAllowedAce(Dacl,
+                                        ACL_REVISION,
+                                        GENERIC_READ | GENERIC_EXECUTE,
+                                        SeWorldSid);
+        ASSERT(NT_SUCCESS(Status));
+
+        Status = RtlAddAccessAllowedAce(Dacl,
+                                        ACL_REVISION,
+                                        GENERIC_ALL,
+                                        SeLocalSystemSid);
+        ASSERT(NT_SUCCESS(Status));
+
+        Status = RtlAddAccessAllowedAceEx(Dacl,
+                                          ACL_REVISION,
+                                          INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+                                          GENERIC_EXECUTE,
+                                          SeWorldSid);
+        ASSERT(NT_SUCCESS(Status));
+
+        Status = RtlAddAccessAllowedAceEx(Dacl,
+                                          ACL_REVISION,
+                                          INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+                                          GENERIC_ALL,
+                                          SeAliasAdminsSid);
+        ASSERT(NT_SUCCESS(Status));
+
+        Status = RtlAddAccessAllowedAceEx(Dacl,
+                                          ACL_REVISION,
+                                          INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+                                          GENERIC_ALL,
+                                          SeLocalSystemSid);
+        ASSERT(NT_SUCCESS(Status));
+
+        Status = RtlAddAccessAllowedAceEx(Dacl,
+                                          ACL_REVISION,
+                                          INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+                                          GENERIC_ALL,
+                                          SeCreatorOwnerSid);
+        ASSERT(NT_SUCCESS(Status));
     }
     else
     {
@@ -115,28 +124,33 @@ ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
         }
/* Initialize the DACL */
-        RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
+        Status = RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
+        ASSERT(NT_SUCCESS(Status));
/* Add the ACEs */
-        RtlAddAccessAllowedAce(Dacl,
-                               ACL_REVISION,
-                               GENERIC_READ | GENERIC_EXECUTE | GENERIC_WRITE,
-                               SeWorldSid);
-
-        RtlAddAccessAllowedAce(Dacl,
-                               ACL_REVISION,
-                               GENERIC_ALL,
-                               SeLocalSystemSid);
-
-        RtlAddAccessAllowedAceEx(Dacl,
-                                 ACL_REVISION,
-                                 INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
-                                 GENERIC_ALL,
-                                 SeWorldSid);
+        Status = RtlAddAccessAllowedAce(Dacl,
+                                        ACL_REVISION,
+                                        GENERIC_READ | GENERIC_EXECUTE | GENERIC_WRITE,
+                                        SeWorldSid);
+        ASSERT(NT_SUCCESS(Status));
+
+        Status = RtlAddAccessAllowedAce(Dacl,
+                                        ACL_REVISION,
+                                        GENERIC_ALL,
+                                        SeLocalSystemSid);
+        ASSERT(NT_SUCCESS(Status));
+
+        Status = RtlAddAccessAllowedAceEx(Dacl,
+                                          ACL_REVISION,
+                                          INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+                                          GENERIC_ALL,
+                                          SeWorldSid);
+        ASSERT(NT_SUCCESS(Status));
     }
/* Attach the DACL to the SD */
-    RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Dacl, FALSE);
+    Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Dacl, FALSE);
+    ASSERT(NT_SUCCESS(Status));
return STATUS_SUCCESS;
 }

    