Author: ekohl
Date: Sun Jun 26 20:09:37 2016
New Revision: 71679
URL: http://svn.reactos.org/svn/reactos?rev=71679&view=rev
Log:
[SERVICES]
Create an individual security descriptor for each service. We cannot use a
common default security descriptor because RtlSetSecurityObject will free the
old security descriptor when we try to set a new one.
Modified:
trunk/reactos/base/system/services/config.c
trunk/reactos/base/system/services/database.c
trunk/reactos/base/system/services/rpcserver.c
trunk/reactos/base/system/services/security.c
trunk/reactos/base/system/services/services.h
Modified: trunk/reactos/base/system/services/config.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/config.c?rev=71679&r1=71678&r2=71679&view=diff
==============================================================================
--- trunk/reactos/base/system/services/config.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/services/config.c [iso-8859-1] Sun Jun 26
20:09:37 2016
@@ -513,9 +513,8 @@
DWORD dwDisposition;
DWORD dwError;
- DPRINT1("ScmWriteSecurityDescriptor(%p %p)\n", hServiceKey,
pSecurityDescriptor);
-
-DPRINT1("\n");
+ DPRINT("ScmWriteSecurityDescriptor(%p %p)\n", hServiceKey,
pSecurityDescriptor);
+
dwError = RegCreateKeyExW(hServiceKey,
L"Security",
0,
@@ -526,23 +525,16 @@
&hSecurityKey,
&dwDisposition);
if (dwError != ERROR_SUCCESS)
- {
-DPRINT1("\n");
- goto done;
- }
-
-DPRINT1("\n");
+ return dwError;
+
dwError = RegSetValueExW(hSecurityKey,
L"Security",
0,
REG_BINARY,
(LPBYTE)pSecurityDescriptor,
RtlLengthSecurityDescriptor(pSecurityDescriptor));
-DPRINT1("\n");
-
-done:
- if (hSecurityKey != NULL)
- RegCloseKey(hSecurityKey);
+
+ RegCloseKey(hSecurityKey);
return dwError;
}
@@ -559,7 +551,7 @@
DWORD dwType;
DWORD dwError;
- DPRINT("ScmReadSecurityDescriptor()\n");
+ DPRINT("ScmReadSecurityDescriptor(%p %p)\n", hServiceKey,
ppSecurityDescriptor);
*ppSecurityDescriptor = NULL;
Modified: trunk/reactos/base/system/services/database.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/database.c?rev=71679&r1=71678&r2=71679&view=diff
==============================================================================
--- trunk/reactos/base/system/services/database.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/services/database.c [iso-8859-1] Sun Jun 26
20:09:37 2016
@@ -555,8 +555,7 @@
ScmSetServiceGroup(lpService, NULL);
/* Release the SecurityDescriptor */
- if ((lpService->pSecurityDescriptor != NULL) &&
- (lpService->pSecurityDescriptor != pDefaultServiceSD))
+ if (lpService->pSecurityDescriptor != NULL)
HeapFree(GetProcessHeap(), 0, lpService->pSecurityDescriptor);
/* Remove the Service from the List */
@@ -706,7 +705,9 @@
if (lpService->pSecurityDescriptor == NULL)
{
DPRINT("No security descriptor found! Assign default security
descriptor!\n");
- lpService->pSecurityDescriptor = pDefaultServiceSD;
+ dwError =
ScmCreateDefaultServiceSD(&lpService->pSecurityDescriptor);
+ if (dwError != ERROR_SUCCESS)
+ goto done;
dwError = ScmWriteSecurityDescriptor(hServiceKey,
lpService->pSecurityDescriptor);
Modified: trunk/reactos/base/system/services/rpcserver.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/rpcserver.c?rev=71679&r1=71678&r2=71679&view=diff
==============================================================================
--- trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] Sun Jun 26
20:09:37 2016
@@ -2255,7 +2255,9 @@
/* Assign the default security descriptor */
if (dwServiceType & SERVICE_WIN32)
{
- lpService->pSecurityDescriptor = pDefaultServiceSD;
+ dwError = ScmCreateDefaultServiceSD(&lpService->pSecurityDescriptor);
+ if (dwError != ERROR_SUCCESS)
+ goto done;
}
/* Write service data to the registry */
Modified: trunk/reactos/base/system/services/security.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/security.c?rev=71679&r1=71678&r2=71679&view=diff
==============================================================================
--- trunk/reactos/base/system/services/security.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/services/security.c [iso-8859-1] Sun Jun 26
20:09:37 2016
@@ -13,8 +13,6 @@
#define NDEBUG
#include <debug.h>
-PSECURITY_DESCRIPTOR pDefaultServiceSD = NULL; /* Self-relative SD */
-
static PSID pNullSid = NULL;
static PSID pLocalSystemSid = NULL;
static PSID pAuthenticatedUserSid = NULL;
@@ -102,11 +100,12 @@
}
-static
DWORD
-ScmCreateDefaultServiceSD(VOID)
+ScmCreateDefaultServiceSD(
+ PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
{
PSECURITY_DESCRIPTOR pServiceSD = NULL;
+ PSECURITY_DESCRIPTOR pRelativeSD = NULL;
PACL pDacl = NULL;
PACL pSacl = NULL;
ULONG ulLength;
@@ -234,32 +233,32 @@
DPRINT("BufferLength %lu\n", dwBufferLength);
- pDefaultServiceSD = RtlAllocateHeap(RtlGetProcessHeap(),
- HEAP_ZERO_MEMORY,
- dwBufferLength);
- if (pDefaultServiceSD == NULL)
- {
- dwError = ERROR_OUTOFMEMORY;
- goto done;
- }
- DPRINT("pDefaultServiceSD %p\n", pDefaultServiceSD);
+ pRelativeSD = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ dwBufferLength);
+ if (pRelativeSD == NULL)
+ {
+ dwError = ERROR_OUTOFMEMORY;
+ goto done;
+ }
+ DPRINT("pRelativeSD %p\n", pRelativeSD);
Status = RtlAbsoluteToSelfRelativeSD(pServiceSD,
- pDefaultServiceSD,
+ pRelativeSD,
&dwBufferLength);
if (!NT_SUCCESS(Status))
{
dwError = RtlNtStatusToDosError(Status);
- }
+ goto done;
+ }
+
+ *ppSecurityDescriptor = pRelativeSD;
done:
if (dwError != ERROR_SUCCESS)
{
- if (pDefaultServiceSD != NULL)
- {
- RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultServiceSD);
- pDefaultServiceSD = NULL;
- }
+ if (pRelativeSD != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, pRelativeSD);
}
if (pServiceSD != NULL)
@@ -284,10 +283,6 @@
if (dwError != ERROR_SUCCESS)
return dwError;
- dwError = ScmCreateDefaultServiceSD();
- if (dwError != ERROR_SUCCESS)
- return dwError;
-
return ERROR_SUCCESS;
}
Modified: trunk/reactos/base/system/services/services.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/services.h?rev=71679&r1=71678&r2=71679&view=diff
==============================================================================
--- trunk/reactos/base/system/services/services.h [iso-8859-1] (original)
+++ trunk/reactos/base/system/services/services.h [iso-8859-1] Sun Jun 26
20:09:37 2016
@@ -98,8 +98,6 @@
extern BOOL ScmInitialize;
extern BOOL ScmShutdown;
-extern PSECURITY_DESCRIPTOR pDefaultServiceSD;
-
/* FUNCTIONS ***************************************************************/
@@ -215,6 +213,10 @@
DWORD ScmInitializeSecurity(VOID);
VOID ScmShutdownSecurity(VOID);
+DWORD
+ScmCreateDefaultServiceSD(
+ PSECURITY_DESCRIPTOR *ppSecurityDescriptor);
+
/* services.c */
