[ekohl] 71679: [SERVICES] Create an individual security descriptor for each service. We cannot use a common default security descriptor because RtlSetSecurityObject will free the old security descr... - Ros-diffs

26 Jun 2016

Author: ekohl
Date: Sun Jun 26 20:09:37 2016
New Revision: 71679

URL: http://svn.reactos.org/svn/reactos?rev=71679&view=rev
Log:
[SERVICES]
Create an individual security descriptor for each service. We cannot use a common default
security descriptor because RtlSetSecurityObject will free the old security descriptor
when we try to set a new one.

Modified:
    trunk/reactos/base/system/services/config.c
    trunk/reactos/base/system/services/database.c
    trunk/reactos/base/system/services/rpcserver.c
    trunk/reactos/base/system/services/security.c
    trunk/reactos/base/system/services/services.h

Modified: trunk/reactos/base/system/services/config.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/confi…
==============================================================================

--- trunk/reactos/base/system/services/config.c	[iso-8859-1] (original)
+++ trunk/reactos/base/system/services/config.c	[iso-8859-1] Sun Jun 26 20:09:37 2016
@@ -513,9 +513,8 @@
     DWORD dwDisposition;
     DWORD dwError;
 
-    DPRINT1("ScmWriteSecurityDescriptor(%p %p)\n", hServiceKey,
pSecurityDescriptor);
-
-DPRINT1("\n");
+    DPRINT("ScmWriteSecurityDescriptor(%p %p)\n", hServiceKey,
pSecurityDescriptor);
+
     dwError = RegCreateKeyExW(hServiceKey,
                               L"Security",
                               0,
@@ -526,23 +525,16 @@
                               &hSecurityKey,
                               &dwDisposition);
     if (dwError != ERROR_SUCCESS)
-    {
-DPRINT1("\n");
-        goto done;
-    }
-
-DPRINT1("\n");
+        return dwError;
+
     dwError = RegSetValueExW(hSecurityKey,
                              L"Security",
                              0,
                              REG_BINARY,
                              (LPBYTE)pSecurityDescriptor,
                              RtlLengthSecurityDescriptor(pSecurityDescriptor));
-DPRINT1("\n");
-
-done:
-    if (hSecurityKey != NULL)
-        RegCloseKey(hSecurityKey);
+
+    RegCloseKey(hSecurityKey);
 
     return dwError;
 }
@@ -559,7 +551,7 @@
     DWORD dwType;
     DWORD dwError;
 
-    DPRINT("ScmReadSecurityDescriptor()\n");
+    DPRINT("ScmReadSecurityDescriptor(%p %p)\n", hServiceKey,
ppSecurityDescriptor);
 
     *ppSecurityDescriptor = NULL;
 

Modified: trunk/reactos/base/system/services/database.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/datab…
==============================================================================
--- trunk/reactos/base/system/services/database.c	[iso-8859-1] (original)
+++ trunk/reactos/base/system/services/database.c	[iso-8859-1] Sun Jun 26 20:09:37 2016
@@ -555,8 +555,7 @@
     ScmSetServiceGroup(lpService, NULL);
 
     /* Release the SecurityDescriptor */
-    if ((lpService->pSecurityDescriptor != NULL) &&
-        (lpService->pSecurityDescriptor != pDefaultServiceSD))
+    if (lpService->pSecurityDescriptor != NULL)
         HeapFree(GetProcessHeap(), 0, lpService->pSecurityDescriptor);
 
     /* Remove the Service from the List */
@@ -706,7 +705,9 @@
         if (lpService->pSecurityDescriptor == NULL)
         {
             DPRINT("No security descriptor found! Assign default security
descriptor!\n");
-            lpService->pSecurityDescriptor = pDefaultServiceSD;
+            dwError = ScmCreateDefaultServiceSD(&lpService->pSecurityDescriptor);
+            if (dwError != ERROR_SUCCESS)
+                goto done;
 
             dwError = ScmWriteSecurityDescriptor(hServiceKey,
                                                  lpService->pSecurityDescriptor);

Modified: trunk/reactos/base/system/services/rpcserver.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/rpcse…
==============================================================================
--- trunk/reactos/base/system/services/rpcserver.c	[iso-8859-1] (original)
+++ trunk/reactos/base/system/services/rpcserver.c	[iso-8859-1] Sun Jun 26 20:09:37 2016
@@ -2255,7 +2255,9 @@
     /* Assign the default security descriptor */
     if (dwServiceType & SERVICE_WIN32)
     {
-        lpService->pSecurityDescriptor = pDefaultServiceSD;
+        dwError = ScmCreateDefaultServiceSD(&lpService->pSecurityDescriptor);
+        if (dwError != ERROR_SUCCESS)
+            goto done;
     }
 
     /* Write service data to the registry */

Modified: trunk/reactos/base/system/services/security.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/secur…
==============================================================================
--- trunk/reactos/base/system/services/security.c	[iso-8859-1] (original)
+++ trunk/reactos/base/system/services/security.c	[iso-8859-1] Sun Jun 26 20:09:37 2016
@@ -13,8 +13,6 @@
 #define NDEBUG
 #include <debug.h>
 
-PSECURITY_DESCRIPTOR pDefaultServiceSD = NULL; /* Self-relative SD */
-
 static PSID pNullSid = NULL;
 static PSID pLocalSystemSid = NULL;
 static PSID pAuthenticatedUserSid = NULL;
@@ -102,11 +100,12 @@
 }
 
 
-static
 DWORD
-ScmCreateDefaultServiceSD(VOID)
+ScmCreateDefaultServiceSD(
+    PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
 {
     PSECURITY_DESCRIPTOR pServiceSD = NULL;
+    PSECURITY_DESCRIPTOR pRelativeSD = NULL;
     PACL pDacl = NULL;
     PACL pSacl = NULL;
     ULONG ulLength;
@@ -234,32 +233,32 @@
 
     DPRINT("BufferLength %lu\n", dwBufferLength);
 
-    pDefaultServiceSD = RtlAllocateHeap(RtlGetProcessHeap(),
-                                        HEAP_ZERO_MEMORY,
-                                        dwBufferLength);
-    if (pDefaultServiceSD == NULL)
-    {
-        dwError = ERROR_OUTOFMEMORY;
-        goto done;
-    }
-    DPRINT("pDefaultServiceSD %p\n", pDefaultServiceSD);
+    pRelativeSD = RtlAllocateHeap(RtlGetProcessHeap(),
+                                  HEAP_ZERO_MEMORY,
+                                  dwBufferLength);
+    if (pRelativeSD == NULL)
+    {
+        dwError = ERROR_OUTOFMEMORY;
+        goto done;
+    }
+    DPRINT("pRelativeSD %p\n", pRelativeSD);
 
     Status = RtlAbsoluteToSelfRelativeSD(pServiceSD,
-                                         pDefaultServiceSD,
+                                         pRelativeSD,
                                          &dwBufferLength);
     if (!NT_SUCCESS(Status))
     {
         dwError = RtlNtStatusToDosError(Status);
-    }
+        goto done;
+    }
+
+    *ppSecurityDescriptor = pRelativeSD;
 
 done:
     if (dwError != ERROR_SUCCESS)
     {
-        if (pDefaultServiceSD != NULL)
-        {
-            RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultServiceSD);
-            pDefaultServiceSD = NULL;
-        }
+        if (pRelativeSD != NULL)
+            RtlFreeHeap(RtlGetProcessHeap(), 0, pRelativeSD);
     }
 
     if (pServiceSD != NULL)
@@ -284,10 +283,6 @@
     if (dwError != ERROR_SUCCESS)
         return dwError;
 
-    dwError = ScmCreateDefaultServiceSD();
-    if (dwError != ERROR_SUCCESS)
-        return dwError;
-
     return ERROR_SUCCESS;
 }
 

Modified: trunk/reactos/base/system/services/services.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/servi…
==============================================================================
--- trunk/reactos/base/system/services/services.h	[iso-8859-1] (original)
+++ trunk/reactos/base/system/services/services.h	[iso-8859-1] Sun Jun 26 20:09:37 2016
@@ -98,8 +98,6 @@
 extern BOOL ScmInitialize;
 extern BOOL ScmShutdown;
 
-extern PSECURITY_DESCRIPTOR pDefaultServiceSD;
-
 
 /* FUNCTIONS ***************************************************************/
 
@@ -215,6 +213,10 @@
 DWORD ScmInitializeSecurity(VOID);
 VOID ScmShutdownSecurity(VOID);
 
+DWORD
+ScmCreateDefaultServiceSD(
+    PSECURITY_DESCRIPTOR *ppSecurityDescriptor);
+
 
 /* services.c */
 



    