Author: ekohl
Date: Sun Jun 26 15:02:48 2016
New Revision: 71676
URL: http://svn.reactos.org/svn/reactos?rev=71676&view=rev
Log:
[SERVICES]
Use self-relative security descriptors only:
- Convert the default service security descriptor to the self-relative format.
- Remove security descriptor format conversions from ScmReadSecurityDescriptor
and ScmWriteSecurityDescriptor.
Modified:
trunk/reactos/base/system/services/config.c
trunk/reactos/base/system/services/security.c
Modified: trunk/reactos/base/system/services/config.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/config.c?rev=71676&r1=71675&r2=71676&view=diff
==============================================================================
--- trunk/reactos/base/system/services/config.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/services/config.c [iso-8859-1] Sun Jun 26
15:02:48 2016
@@ -14,6 +14,11 @@
#define NDEBUG
#include <debug.h>
+
+ULONG
+NTAPI
+RtlLengthSecurityDescriptor(
+ _In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
/* FUNCTIONS *****************************************************************/
@@ -504,45 +509,11 @@
_In_ HKEY hServiceKey,
_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor)
{
- PSECURITY_DESCRIPTOR pRelativeSD = NULL;
HKEY hSecurityKey = NULL;
- DWORD dwBufferLength = 0;
DWORD dwDisposition;
DWORD dwError;
- NTSTATUS Status;
DPRINT1("ScmWriteSecurityDescriptor(%p %p)\n", hServiceKey,
pSecurityDescriptor);
-
- Status = RtlAbsoluteToSelfRelativeSD(pSecurityDescriptor,
- NULL,
- &dwBufferLength);
- if (Status != STATUS_BUFFER_TOO_SMALL)
- {
-DPRINT1("\n");
- return RtlNtStatusToDosError(Status);
- }
-
- DPRINT1("BufferLength %lu\n", dwBufferLength);
-
- pRelativeSD = RtlAllocateHeap(RtlGetProcessHeap(),
- HEAP_ZERO_MEMORY,
- dwBufferLength);
- if (pRelativeSD == NULL)
- {
-DPRINT1("\n");
- return ERROR_OUTOFMEMORY;
- }
-
-DPRINT1("\n");
- Status = RtlAbsoluteToSelfRelativeSD(pSecurityDescriptor,
- pRelativeSD,
- &dwBufferLength);
- if (!NT_SUCCESS(Status))
- {
-DPRINT1("\n");
- dwError = RtlNtStatusToDosError(Status);
- goto done;
- }
DPRINT1("\n");
dwError = RegCreateKeyExW(hServiceKey,
@@ -565,17 +536,14 @@
L"Security",
0,
REG_BINARY,
- (LPBYTE)pRelativeSD,
- dwBufferLength);
+ (LPBYTE)pSecurityDescriptor,
+ RtlLengthSecurityDescriptor(pSecurityDescriptor));
DPRINT1("\n");
done:
if (hSecurityKey != NULL)
RegCloseKey(hSecurityKey);
- if (pRelativeSD != NULL)
- RtlFreeHeap(RtlGetProcessHeap(), 0, pRelativeSD);
-
return dwError;
}
@@ -586,13 +554,10 @@
_Out_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
{
PSECURITY_DESCRIPTOR pRelativeSD = NULL;
- PSECURITY_DESCRIPTOR pResizedBuffer = NULL;
HKEY hSecurityKey = NULL;
DWORD dwBufferLength = 0;
- DWORD dwAbsoluteSDSize = 0;
DWORD dwType;
DWORD dwError;
- NTSTATUS Status;
DPRINT("ScmReadSecurityDescriptor()\n");
@@ -650,36 +615,6 @@
goto done;
}
- Status = RtlSelfRelativeToAbsoluteSD2(pRelativeSD,
- &dwAbsoluteSDSize);
- if (Status == STATUS_BUFFER_TOO_SMALL)
- {
- pResizedBuffer = RtlReAllocateHeap(RtlGetProcessHeap(),
- 0,
- pRelativeSD,
- dwAbsoluteSDSize);
- if (pResizedBuffer == NULL)
- {
- dwError = ERROR_OUTOFMEMORY;
- goto done;
- }
-
- pRelativeSD = pResizedBuffer;
- Status = RtlSelfRelativeToAbsoluteSD2(pRelativeSD,
- &dwAbsoluteSDSize);
- if (!NT_SUCCESS(Status))
- {
- dwError = RtlNtStatusToDosError(Status);
- goto done;
- }
- }
- else if (!NT_SUCCESS(Status))
- {
-
- dwError = RtlNtStatusToDosError(Status);
- goto done;
- }
-
*ppSecurityDescriptor = pRelativeSD;
done:
Modified: trunk/reactos/base/system/services/security.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/security.c?rev=71676&r1=71675&r2=71676&view=diff
==============================================================================
--- trunk/reactos/base/system/services/security.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/services/security.c [iso-8859-1] Sun Jun 26
15:02:48 2016
@@ -13,7 +13,7 @@
#define NDEBUG
#include <debug.h>
-PSECURITY_DESCRIPTOR pDefaultServiceSD = NULL;
+PSECURITY_DESCRIPTOR pDefaultServiceSD = NULL; /* Self-relative SD */
static PSID pNullSid = NULL;
static PSID pLocalSystemSid = NULL;
@@ -110,6 +110,7 @@
PACL pDacl = NULL;
PACL pSacl = NULL;
ULONG ulLength;
+ DWORD dwBufferLength = 0;
NTSTATUS Status;
DWORD dwError = ERROR_SUCCESS;
@@ -166,14 +167,14 @@
FALSE,
TRUE);
-
+ /* Create the absolute security descriptor */
pServiceSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY,
sizeof(SECURITY_DESCRIPTOR));
if (pServiceSD == NULL)
{
dwError = ERROR_OUTOFMEMORY;
goto done;
}
-DPRINT1("pServiceSD %p\n", pServiceSD);
+ DPRINT("pServiceSD %p\n", pServiceSD);
Status = RtlCreateSecurityDescriptor(pServiceSD,
SECURITY_DESCRIPTOR_REVISION);
@@ -221,22 +222,54 @@
goto done;
}
-
- pDefaultServiceSD = pServiceSD;
-DPRINT1("pDefaultServiceSD %p\n", pDefaultServiceSD);
+ /* Convert the absolute SD to a self-relative SD */
+ Status = RtlAbsoluteToSelfRelativeSD(pServiceSD,
+ NULL,
+ &dwBufferLength);
+ if (Status != STATUS_BUFFER_TOO_SMALL)
+ {
+ dwError = RtlNtStatusToDosError(Status);
+ goto done;
+ }
+
+ DPRINT("BufferLength %lu\n", dwBufferLength);
+
+ pDefaultServiceSD = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ dwBufferLength);
+ if (pDefaultServiceSD == NULL)
+ {
+ dwError = ERROR_OUTOFMEMORY;
+ goto done;
+ }
+ DPRINT("pDefaultServiceSD %p\n", pDefaultServiceSD);
+
+ Status = RtlAbsoluteToSelfRelativeSD(pServiceSD,
+ pDefaultServiceSD,
+ &dwBufferLength);
+ if (!NT_SUCCESS(Status))
+ {
+ dwError = RtlNtStatusToDosError(Status);
+ }
done:
if (dwError != ERROR_SUCCESS)
{
- if (pDacl != NULL)
- RtlFreeHeap(RtlGetProcessHeap(), 0, pDacl);
-
- if (pSacl != NULL)
- RtlFreeHeap(RtlGetProcessHeap(), 0, pSacl);
-
- if (pServiceSD != NULL)
- RtlFreeHeap(RtlGetProcessHeap(), 0, pServiceSD);
- }
+ if (pDefaultServiceSD != NULL)
+ {
+ RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultServiceSD);
+ pDefaultServiceSD = NULL;
+ }
+ }
+
+ if (pServiceSD != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, pServiceSD);
+
+ if (pSacl != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, pSacl);
+
+ if (pDacl != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, pDacl);
return dwError;
}
