[ekohl] 74060: [NTOS:CM] CmpSecurityMethod: - Lock and unlock the Hive and the KCB. - Fail, if we try to access a key that has been marked for deletion.
Author: ekohl Date: Sat Mar 4 19:48:27 2017 New Revision: 74060
URL: http://svn.reactos.org/svn/reactos?rev=74060&view=rev Log: [NTOS:CM] CmpSecurityMethod: - Lock and unlock the Hive and the KCB. - Fail, if we try to access a key that has been marked for deletion.
Modified: trunk/reactos/ntoskrnl/config/cmse.c
Modified: trunk/reactos/ntoskrnl/config/cmse.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmse.c?rev=... ============================================================================== --- trunk/reactos/ntoskrnl/config/cmse.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/config/cmse.c [iso-8859-1] Sat Mar 4 19:48:27 2017 @@ -138,7 +138,7 @@ }
NTSTATUS -CmpQuerySecurityDescriptor(IN PCM_KEY_BODY KeyBody, +CmpQuerySecurityDescriptor(IN PCM_KEY_CONTROL_BLOCK Kcb, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG BufferLength) @@ -153,7 +153,9 @@ ULONG Group = 0; ULONG Dacl = 0;
- DBG_UNREFERENCED_PARAMETER(KeyBody); + DBG_UNREFERENCED_PARAMETER(Kcb); + + DPRINT("CmpQuerySecurityDescriptor()\n");
if (SecurityInformation == 0) { @@ -233,6 +235,17 @@
ASSERT(Status == STATUS_SUCCESS); return Status; +} + +NTSTATUS +CmpSetSecurityDescriptor(IN PCM_KEY_CONTROL_BLOCK Kcb, + IN PSECURITY_INFORMATION SecurityInformation, + IN PSECURITY_DESCRIPTOR SecurityDescriptor, + IN POOL_TYPE PoolType, + IN PGENERIC_MAPPING GenericMapping) +{ + DPRINT("CmpSetSecurityDescriptor()\n"); + return STATUS_SUCCESS; }
NTSTATUS @@ -246,23 +259,57 @@ IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping) { + PCM_KEY_CONTROL_BLOCK Kcb; + NTSTATUS Status = STATUS_SUCCESS; + DBG_UNREFERENCED_PARAMETER(OldSecurityDescriptor); DBG_UNREFERENCED_PARAMETER(GenericMapping); + + Kcb = ((PCM_KEY_BODY)ObjectBody)->KeyControlBlock; + + /* Acquire hive lock */ + CmpLockRegistry(); + + /* Acquire the KCB lock */ + if (OperationCode == QuerySecurityDescriptor) + { + CmpAcquireKcbLockShared(Kcb); + } + else + { + CmpAcquireKcbLockExclusive(Kcb); + } + + /* Don't touch deleted keys */ + if (Kcb->Delete) + { + /* Unlock the KCB */ + CmpReleaseKcbLock(Kcb); + + /* Unlock the HIVE */ + CmpUnlockRegistry(); + return STATUS_KEY_DELETED; + }
switch (OperationCode) { case SetSecurityDescriptor: DPRINT("Set security descriptor\n"); ASSERT((PoolType == PagedPool) || (PoolType == NonPagedPool)); - /* HACK */ + Status = CmpSetSecurityDescriptor(Kcb, + SecurityInformation, + SecurityDescriptor, + PoolType, + GenericMapping); break;
case QuerySecurityDescriptor: DPRINT("Query security descriptor\n"); - return CmpQuerySecurityDescriptor(ObjectBody, - *SecurityInformation, - SecurityDescriptor, - BufferLength); + Status = CmpQuerySecurityDescriptor(Kcb, + *SecurityInformation, + SecurityDescriptor, + BufferLength); + break;
case DeleteSecurityDescriptor: DPRINT("Delete security descriptor\n"); @@ -278,6 +325,11 @@ KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0); }
- /* HACK */ - return STATUS_SUCCESS; + /* Unlock the KCB */ + CmpReleaseKcbLock(Kcb); + + /* Unlock the hive */ + CmpUnlockRegistry(); + + return Status; }
-
ekohl@svn.reactos.org