[ekohl] 74060: [NTOS:CM] CmpSecurityMethod: - Lock and unlock the Hive and the KCB. - Fail, if we try to access a key that has been marked for deletion.
4 Mar
2017
4 Mar
'17
7:48 p.m.
Author: ekohl
Date: Sat Mar 4 19:48:27 2017
New Revision: 74060
URL: http://svn.reactos.org/svn/reactos?rev=74060&view=rev
Log:
[NTOS:CM]
CmpSecurityMethod:
- Lock and unlock the Hive and the KCB.
- Fail, if we try to access a key that has been marked for deletion.
Modified:
trunk/reactos/ntoskrnl/config/cmse.c
Modified: trunk/reactos/ntoskrnl/config/cmse.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmse.c?rev…
==============================================================================
--- trunk/reactos/ntoskrnl/config/cmse.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/config/cmse.c [iso-8859-1] Sat Mar 4 19:48:27 2017
@@ -138,7 +138,7 @@
}
NTSTATUS
-CmpQuerySecurityDescriptor(IN PCM_KEY_BODY KeyBody,
+CmpQuerySecurityDescriptor(IN PCM_KEY_CONTROL_BLOCK Kcb,
IN SECURITY_INFORMATION SecurityInformation,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PULONG BufferLength)
@@ -153,7 +153,9 @@
ULONG Group = 0;
ULONG Dacl = 0;
- DBG_UNREFERENCED_PARAMETER(KeyBody);
+ DBG_UNREFERENCED_PARAMETER(Kcb);
+
+ DPRINT("CmpQuerySecurityDescriptor()\n");
if (SecurityInformation == 0)
{
@@ -233,6 +235,17 @@
ASSERT(Status == STATUS_SUCCESS);
return Status;
+}
+
+NTSTATUS
+CmpSetSecurityDescriptor(IN PCM_KEY_CONTROL_BLOCK Kcb,
+ IN PSECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN POOL_TYPE PoolType,
+ IN PGENERIC_MAPPING GenericMapping)
+{
+ DPRINT("CmpSetSecurityDescriptor()\n");
+ return STATUS_SUCCESS;
}
NTSTATUS
@@ -246,23 +259,57 @@
IN POOL_TYPE PoolType,
IN PGENERIC_MAPPING GenericMapping)
{
+ PCM_KEY_CONTROL_BLOCK Kcb;
+ NTSTATUS Status = STATUS_SUCCESS;
+
DBG_UNREFERENCED_PARAMETER(OldSecurityDescriptor);
DBG_UNREFERENCED_PARAMETER(GenericMapping);
+
+ Kcb = ((PCM_KEY_BODY)ObjectBody)->KeyControlBlock;
+
+ /* Acquire hive lock */
+ CmpLockRegistry();
+
+ /* Acquire the KCB lock */
+ if (OperationCode == QuerySecurityDescriptor)
+ {
+ CmpAcquireKcbLockShared(Kcb);
+ }
+ else
+ {
+ CmpAcquireKcbLockExclusive(Kcb);
+ }
+
+ /* Don't touch deleted keys */
+ if (Kcb->Delete)
+ {
+ /* Unlock the KCB */
+ CmpReleaseKcbLock(Kcb);
+
+ /* Unlock the HIVE */
+ CmpUnlockRegistry();
+ return STATUS_KEY_DELETED;
+ }
switch (OperationCode)
{
case SetSecurityDescriptor:
DPRINT("Set security descriptor\n");
ASSERT((PoolType == PagedPool) || (PoolType == NonPagedPool));
- /* HACK */
+ Status = CmpSetSecurityDescriptor(Kcb,
+ SecurityInformation,
+ SecurityDescriptor,
+ PoolType,
+ GenericMapping);
break;
case QuerySecurityDescriptor:
DPRINT("Query security descriptor\n");
- return CmpQuerySecurityDescriptor(ObjectBody,
- *SecurityInformation,
- SecurityDescriptor,
- BufferLength);
+ Status = CmpQuerySecurityDescriptor(Kcb,
+ *SecurityInformation,
+ SecurityDescriptor,
+ BufferLength);
+ break;
case DeleteSecurityDescriptor:
DPRINT("Delete security descriptor\n");
@@ -278,6 +325,11 @@
KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0);
}
- /* HACK */
- return STATUS_SUCCESS;
+ /* Unlock the KCB */
+ CmpReleaseKcbLock(Kcb);
+
+ /* Unlock the hive */
+ CmpUnlockRegistry();
+
+ return Status;
}
2757
days inactive
2757
days old
0 comments
1 participants
participants (1)
-
ekohl@svn.reactos.org