Author: ekohl Date: Sun Jun 26 15:02:48 2016 New Revision: 71676 URL: http://svn.reactos.org/svn/reactos?rev=71676&view=rev Log: [SERVICES] Use self-relative security descriptors only: - Convert the default service security descriptor to the self-relative format. - Remove security descriptor format conversions from ScmReadSecurityDescriptor and ScmWriteSecurityDescriptor.
Modified: trunk/reactos/base/system/services/config.c trunk/reactos/base/system/services/security.c Modified: trunk/reactos/base/system/services/config.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/config.c?rev=71676&r1=71675&r2=71676&view=diff ============================================================================== --- trunk/reactos/base/system/services/config.c [iso-8859-1] (original) +++ trunk/reactos/base/system/services/config.c [iso-8859-1] Sun Jun 26 15:02:48 2016 @@ -14,6 +14,11 @@ #define NDEBUG #include <debug.h> + +ULONG +NTAPI +RtlLengthSecurityDescriptor( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); /* FUNCTIONS *****************************************************************/ @@ -504,45 +509,11 @@ _In_ HKEY hServiceKey, _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor) { - PSECURITY_DESCRIPTOR pRelativeSD = NULL; HKEY hSecurityKey = NULL; - DWORD dwBufferLength = 0; DWORD dwDisposition; DWORD dwError; - NTSTATUS Status; DPRINT1("ScmWriteSecurityDescriptor(%p %p)\n", hServiceKey, pSecurityDescriptor); - - Status = RtlAbsoluteToSelfRelativeSD(pSecurityDescriptor, - NULL, - &dwBufferLength); - if (Status != STATUS_BUFFER_TOO_SMALL) - { -DPRINT1("\n"); - return RtlNtStatusToDosError(Status); - } - - DPRINT1("BufferLength %lu\n", dwBufferLength); - - pRelativeSD = RtlAllocateHeap(RtlGetProcessHeap(), - HEAP_ZERO_MEMORY, - dwBufferLength); - if (pRelativeSD == NULL) - { -DPRINT1("\n"); - return ERROR_OUTOFMEMORY; - } - -DPRINT1("\n"); - Status = RtlAbsoluteToSelfRelativeSD(pSecurityDescriptor, - pRelativeSD, - &dwBufferLength); - if (!NT_SUCCESS(Status)) - { -DPRINT1("\n"); - dwError = RtlNtStatusToDosError(Status); - goto done; - } DPRINT1("\n"); dwError = RegCreateKeyExW(hServiceKey, @@ -565,17 +536,14 @@ L"Security", 0, REG_BINARY, - (LPBYTE)pRelativeSD, - dwBufferLength); + (LPBYTE)pSecurityDescriptor, + RtlLengthSecurityDescriptor(pSecurityDescriptor)); DPRINT1("\n"); done: if (hSecurityKey != NULL) RegCloseKey(hSecurityKey); - if (pRelativeSD != NULL) - RtlFreeHeap(RtlGetProcessHeap(), 0, pRelativeSD); - return dwError; } @@ -586,13 +554,10 @@ _Out_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor) { PSECURITY_DESCRIPTOR pRelativeSD = NULL; - PSECURITY_DESCRIPTOR pResizedBuffer = NULL; HKEY hSecurityKey = NULL; DWORD dwBufferLength = 0; - DWORD dwAbsoluteSDSize = 0; DWORD dwType; DWORD dwError; - NTSTATUS Status; DPRINT("ScmReadSecurityDescriptor()\n"); @@ -650,36 +615,6 @@ goto done; } - Status = RtlSelfRelativeToAbsoluteSD2(pRelativeSD, - &dwAbsoluteSDSize); - if (Status == STATUS_BUFFER_TOO_SMALL) - { - pResizedBuffer = RtlReAllocateHeap(RtlGetProcessHeap(), - 0, - pRelativeSD, - dwAbsoluteSDSize); - if (pResizedBuffer == NULL) - { - dwError = ERROR_OUTOFMEMORY; - goto done; - } - - pRelativeSD = pResizedBuffer; - Status = RtlSelfRelativeToAbsoluteSD2(pRelativeSD, - &dwAbsoluteSDSize); - if (!NT_SUCCESS(Status)) - { - dwError = RtlNtStatusToDosError(Status); - goto done; - } - } - else if (!NT_SUCCESS(Status)) - { - - dwError = RtlNtStatusToDosError(Status); - goto done; - } - *ppSecurityDescriptor = pRelativeSD; done: Modified: trunk/reactos/base/system/services/security.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/security.c?rev=71676&r1=71675&r2=71676&view=diff ============================================================================== --- trunk/reactos/base/system/services/security.c [iso-8859-1] (original) +++ trunk/reactos/base/system/services/security.c [iso-8859-1] Sun Jun 26 15:02:48 2016 @@ -13,7 +13,7 @@ #define NDEBUG #include <debug.h> -PSECURITY_DESCRIPTOR pDefaultServiceSD = NULL; +PSECURITY_DESCRIPTOR pDefaultServiceSD = NULL; /* Self-relative SD */ static PSID pNullSid = NULL; static PSID pLocalSystemSid = NULL; @@ -110,6 +110,7 @@ PACL pDacl = NULL; PACL pSacl = NULL; ULONG ulLength; + DWORD dwBufferLength = 0; NTSTATUS Status; DWORD dwError = ERROR_SUCCESS; @@ -166,14 +167,14 @@ FALSE, TRUE); - + /* Create the absolute security descriptor */ pServiceSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR)); if (pServiceSD == NULL) { dwError = ERROR_OUTOFMEMORY; goto done; } -DPRINT1("pServiceSD %p\n", pServiceSD); + DPRINT("pServiceSD %p\n", pServiceSD); Status = RtlCreateSecurityDescriptor(pServiceSD, SECURITY_DESCRIPTOR_REVISION); @@ -221,22 +222,54 @@ goto done; } - - pDefaultServiceSD = pServiceSD; -DPRINT1("pDefaultServiceSD %p\n", pDefaultServiceSD); + /* Convert the absolute SD to a self-relative SD */ + Status = RtlAbsoluteToSelfRelativeSD(pServiceSD, + NULL, + &dwBufferLength); + if (Status != STATUS_BUFFER_TOO_SMALL) + { + dwError = RtlNtStatusToDosError(Status); + goto done; + } + + DPRINT("BufferLength %lu\n", dwBufferLength); + + pDefaultServiceSD = RtlAllocateHeap(RtlGetProcessHeap(), + HEAP_ZERO_MEMORY, + dwBufferLength); + if (pDefaultServiceSD == NULL) + { + dwError = ERROR_OUTOFMEMORY; + goto done; + } + DPRINT("pDefaultServiceSD %p\n", pDefaultServiceSD); + + Status = RtlAbsoluteToSelfRelativeSD(pServiceSD, + pDefaultServiceSD, + &dwBufferLength); + if (!NT_SUCCESS(Status)) + { + dwError = RtlNtStatusToDosError(Status); + } done: if (dwError != ERROR_SUCCESS) { - if (pDacl != NULL) - RtlFreeHeap(RtlGetProcessHeap(), 0, pDacl); - - if (pSacl != NULL) - RtlFreeHeap(RtlGetProcessHeap(), 0, pSacl); - - if (pServiceSD != NULL) - RtlFreeHeap(RtlGetProcessHeap(), 0, pServiceSD); - } + if (pDefaultServiceSD != NULL) + { + RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultServiceSD); + pDefaultServiceSD = NULL; + } + } + + if (pServiceSD != NULL) + RtlFreeHeap(RtlGetProcessHeap(), 0, pServiceSD); + + if (pSacl != NULL) + RtlFreeHeap(RtlGetProcessHeap(), 0, pSacl); + + if (pDacl != NULL) + RtlFreeHeap(RtlGetProcessHeap(), 0, pDacl); return dwError; }