[NTOS:OB]
authorEric Kohl <eric.kohl@reactos.org>
Mon, 13 Mar 2017 00:10:23 +0000 (00:10 +0000)
committerEric Kohl <eric.kohl@reactos.org>
Mon, 13 Mar 2017 00:10:23 +0000 (00:10 +0000)
- Allocate all of the kernel objects security descriptor and the dos devices security descriptor from the paged pool, instead of just the ACLs.
- Replace special security descriptor free routines by calls to ExFreePoolWithTag.
- Replace the TAG_OB_DIR_SD by TAG_SD.

svn path=/trunk/; revision=74157

reactos/ntoskrnl/include/internal/tag.h
reactos/ntoskrnl/ob/obinit.c
reactos/ntoskrnl/ob/obname.c

index 45ee8a5..eec8013 100644 (file)
 /* Object Manager Tags */
 #define OB_NAME_TAG             'mNbO'
 #define OB_DIR_TAG              'iDbO'
-#define TAG_OB_DIR_SD           'sDbO'
 
 
 /* formerly located in ps/cid.c */
index 8e3cd0b..dcda078 100644 (file)
@@ -58,32 +58,37 @@ static
 NTSTATUS
 NTAPI
 INIT_FUNCTION
-ObpCreateKernelObjectsSD(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
+ObpCreateKernelObjectsSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
 {
-    ULONG AclLength;
+    PSECURITY_DESCRIPTOR Sd = NULL;
     PACL Dacl;
+    ULONG AclSize, SdSize;
     NTSTATUS Status;
 
-    /* Initialize the SD */
-    Status = RtlCreateSecurityDescriptor(SecurityDescriptor,
-                                         SECURITY_DESCRIPTOR_REVISION);
-    if (!NT_SUCCESS(Status))
-        return Status;
+    AclSize = sizeof(ACL) +
+              sizeof(ACE) + RtlLengthSid(SeWorldSid) +
+              sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid) +
+              sizeof(ACE) + RtlLengthSid(SeLocalSystemSid);
 
-    /* Allocate the DACL */
-    AclLength = sizeof(ACL) +
-                sizeof(ACE) + RtlLengthSid(SeWorldSid) +
-                sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid) +
-                sizeof(ACE) + RtlLengthSid(SeLocalSystemSid);
+    SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
 
-    Dacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_OB_DIR_SD);
-    if (Dacl == NULL)
+    /* Allocate the SD and ACL */
+    Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
+    if (Sd == NULL)
     {
         return STATUS_INSUFFICIENT_RESOURCES;
     }
 
+    /* Initialize the SD */
+    Status = RtlCreateSecurityDescriptor(Sd,
+                                         SECURITY_DESCRIPTOR_REVISION);
+    if (!NT_SUCCESS(Status))
+        goto done;
+
+    Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
+
     /* Initialize the DACL */
-    RtlCreateAcl(Dacl, AclLength, ACL_REVISION);
+    RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
 
     /* Add the ACEs */
     RtlAddAccessAllowedAce(Dacl,
@@ -102,32 +107,23 @@ ObpCreateKernelObjectsSD(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
                            SeLocalSystemSid);
 
     /* Attach the DACL to the SD */
-    Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor,
+    Status = RtlSetDaclSecurityDescriptor(Sd,
                                           TRUE,
                                           Dacl,
                                           FALSE);
+    if (!NT_SUCCESS(Status))
+        goto done;
 
-    return Status;
-}
-
-static
-VOID
-NTAPI
-INIT_FUNCTION
-ObpFreeKernelObjectsSD(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
-{
-    PACL Dacl = NULL;
-    BOOLEAN DaclPresent, Defaulted;
-    NTSTATUS Status;
+    *SecurityDescriptor = Sd;
 
-    Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
-                                          &DaclPresent,
-                                          &Dacl,
-                                          &Defaulted);
-    if (NT_SUCCESS(Status) && Dacl != NULL)
+done:
+    if (!NT_SUCCESS(Status))
     {
-        ExFreePoolWithTag(Dacl, TAG_OB_DIR_SD);
+        if (Sd != NULL)
+            ExFreePoolWithTag(Sd, TAG_SD);
     }
+
+    return Status;
 }
 
 BOOLEAN
@@ -212,7 +208,7 @@ ObInitSystem(VOID)
     POBJECT_HEADER Header;
     POBJECT_HEADER_CREATOR_INFO CreatorInfo;
     POBJECT_HEADER_NAME_INFO NameInfo;
-    SECURITY_DESCRIPTOR KernelObjectsSD;
+    PSECURITY_DESCRIPTOR KernelObjectsSD = NULL;
     NTSTATUS Status;
 
     /* Check if this is actually Phase 1 initialization */
@@ -346,13 +342,13 @@ ObPostPhase0:
                                &Name,
                                OBJ_CASE_INSENSITIVE | OBJ_PERMANENT,
                                NULL,
-                               &KernelObjectsSD);
+                               KernelObjectsSD);
 
     /* Create the directory */
     Status = NtCreateDirectoryObject(&Handle,
                                      DIRECTORY_ALL_ACCESS,
                                      &ObjectAttributes);
-    ObpFreeKernelObjectsSD(&KernelObjectsSD);
+    ExFreePoolWithTag(KernelObjectsSD, TAG_SD);
     if (!NT_SUCCESS(Status)) return FALSE;
 
     /* Close the extra handle */
index 83cf5a3..0a104bf 100644 (file)
@@ -34,35 +34,40 @@ UNICODE_STRING ObpDosDevicesShortName =
 NTSTATUS
 NTAPI
 INIT_FUNCTION
-ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
+ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
 {
-    ULONG AclLength;
+    PSECURITY_DESCRIPTOR Sd = NULL;
     PACL Dacl;
+    ULONG AclSize, SdSize;
     NTSTATUS Status;
 
+    AclSize = sizeof(ACL) +
+              sizeof(ACE) + RtlLengthSid(SeWorldSid) +
+              sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
+              sizeof(ACE) + RtlLengthSid(SeWorldSid) +
+              sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid) +
+              sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
+              sizeof(ACE) + RtlLengthSid(SeCreatorOwnerSid);
+
+    SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
+
+    /* Allocate the SD and ACL */
+    Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
+    if (Sd == NULL)
+    {
+        return STATUS_INSUFFICIENT_RESOURCES;
+    }
+
     /* Initialize the SD */
-    Status = RtlCreateSecurityDescriptor(SecurityDescriptor,
+    Status = RtlCreateSecurityDescriptor(Sd,
                                          SECURITY_DESCRIPTOR_REVISION);
     if (!NT_SUCCESS(Status))
         return Status;
 
-    /* Allocate the DACL */
-    AclLength = sizeof(ACL) +
-                sizeof(ACE) + RtlLengthSid(SeWorldSid) +
-                sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
-                sizeof(ACE) + RtlLengthSid(SeWorldSid) +
-                sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid) +
-                sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
-                sizeof(ACE) + RtlLengthSid(SeCreatorOwnerSid);
-
-    Dacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_OB_DIR_SD);
-    if (Dacl == NULL)
-    {
-        return STATUS_INSUFFICIENT_RESOURCES;
-    }
+    Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
 
     /* Initialize the DACL */
-    RtlCreateAcl(Dacl, AclLength, ACL_REVISION);
+    RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
 
     /* Add the ACEs */
     RtlAddAccessAllowedAce(Dacl,
@@ -100,31 +105,23 @@ ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
                              SeCreatorOwnerSid);
 
     /* Attach the DACL to the SD */
-    Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor,
+    Status = RtlSetDaclSecurityDescriptor(Sd,
                                           TRUE,
                                           Dacl,
                                           FALSE);
+    if (!NT_SUCCESS(Status))
+        goto done;
 
-    return Status;
-}
-
-VOID
-NTAPI
-INIT_FUNCTION
-ObpFreeGlobalDosDevicesSD(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
-{
-    PACL Dacl = NULL;
-    BOOLEAN DaclPresent, Defaulted;
-    NTSTATUS Status;
+    *SecurityDescriptor = Sd;
 
-    Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
-                                          &DaclPresent,
-                                          &Dacl,
-                                          &Defaulted);
-    if (NT_SUCCESS(Status) && Dacl != NULL)
+done:
+    if (!NT_SUCCESS(Status))
     {
-        ExFreePoolWithTag(Dacl, TAG_OB_DIR_SD);
+        if (Sd != NULL)
+            ExFreePoolWithTag(Sd, TAG_SD);
     }
+
+    return Status;
 }
 
 NTSTATUS
@@ -135,7 +132,7 @@ ObpCreateDosDevicesDirectory(VOID)
     OBJECT_ATTRIBUTES ObjectAttributes;
     UNICODE_STRING RootName, TargetName, LinkName;
     HANDLE Handle, SymHandle;
-    SECURITY_DESCRIPTOR DosDevicesSD;
+    PSECURITY_DESCRIPTOR DosDevicesSD = NULL;
     NTSTATUS Status;
 
     /* Create a custom security descriptor for the global DosDevices directory */
@@ -149,11 +146,11 @@ ObpCreateDosDevicesDirectory(VOID)
                                &RootName,
                                OBJ_PERMANENT,
                                NULL,
-                               &DosDevicesSD);
+                               DosDevicesSD);
     Status = NtCreateDirectoryObject(&Handle,
                                      DIRECTORY_ALL_ACCESS,
                                      &ObjectAttributes);
-    ObpFreeGlobalDosDevicesSD(&DosDevicesSD);
+    ExFreePoolWithTag(DosDevicesSD, TAG_SD);
     if (!NT_SUCCESS(Status)) return Status;
 
     /*********************************************\