- Use SeQuerySecurityDescriptorInfo() to retrieve an objects security descriptor.

author Eric Kohl <eric.kohl@reactos.org>

Thu, 9 Sep 2004 12:20:48 +0000 (12:20 +0000)

committer Eric Kohl <eric.kohl@reactos.org>

Thu, 9 Sep 2004 12:20:48 +0000 (12:20 +0000)
author Eric Kohl <eric.kohl@reactos.org>
Thu, 9 Sep 2004 12:20:48 +0000 (12:20 +0000)
committer Eric Kohl <eric.kohl@reactos.org>
Thu, 9 Sep 2004 12:20:48 +0000 (12:20 +0000)
diff --git a/reactos/ntoskrnl/ob/security.c b/reactos/ntoskrnl/ob/security.c

index a77f0a1..f6eadd6 100644 (file)
--- a/reactos/ntoskrnl/ob/security.c
+++ b/reactos/ntoskrnl/ob/security.c
@@ -11,6 +11,7 @@
  /* INCLUDES *****************************************************************/
  
  #include <ntoskrnl.h>
+#define NDEBUG
  #include <internal/debug.h>
  
  /* FUNCTIONS ***************************************************************/
@@ -154,19 +155,10 @@ NtQuerySecurityObject(IN HANDLE Handle,
  {
    POBJECT_HEADER Header;
    PVOID Object;
-  PSECURITY_DESCRIPTOR ObjectSd;
-  PSID Owner = 0;
-  PSID Group = 0;
-  PACL Dacl = 0;
-  PACL Sacl = 0;
-  ULONG OwnerLength = 0;
-  ULONG GroupLength = 0;
-  ULONG DaclLength = 0;
-  ULONG SaclLength = 0;
-  ULONG Control = 0;
-  ULONG_PTR Current;
    NTSTATUS Status;
  
+  DPRINT("NtQuerySecurityObject() called\n");
+
    Status = ObReferenceObjectByHandle(Handle,
                                      (SecurityInformation & SACL_SECURITY_INFORMATION) ? ACCESS_SYSTEM_SECURITY : 0,
                                      NULL,
@@ -175,128 +167,34 @@ NtQuerySecurityObject(IN HANDLE Handle,
                                      NULL);
    if (!NT_SUCCESS(Status))
      {
+      DPRINT1("ObReferenceObjectByHandle() failed (Status %lx)\n", Status);
        return Status;
      }
  
    Header = BODY_TO_HEADER(Object);
    if (Header->ObjectType == NULL)
      {
+      DPRINT1("Invalid object type\n");
        ObDereferenceObject(Object);
        return STATUS_UNSUCCESSFUL;
      }
  
    if (Header->ObjectType->Security != NULL)
      {
+      *ResultLength = Length;
        Status = Header->ObjectType->Security(Object,
                                             QuerySecurityDescriptor,
                                             SecurityInformation,
                                             SecurityDescriptor,
-                                           &Length);
-      *ResultLength = Length;
+                                           ResultLength);
      }
    else
      {
-      ObjectSd = Header->SecurityDescriptor;
-
-      if (ObjectSd != NULL)
-       {
-         Control = SE_SELF_RELATIVE;
-         if ((SecurityInformation & OWNER_SECURITY_INFORMATION) &&
-             (ObjectSd->Owner != NULL))
-           {
-             Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
-             OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
-             Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
-           }
-
-         if ((SecurityInformation & GROUP_SECURITY_INFORMATION) &&
-             (ObjectSd->Group != NULL))
-           {
-             Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
-             GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
-             Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
-           }
-
-         if ((SecurityInformation & DACL_SECURITY_INFORMATION) &&
-             (ObjectSd->Control & SE_DACL_PRESENT))
-           {
-             if (ObjectSd->Dacl != NULL)
-               {
-                 Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
-                 DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
-               }
-             Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
-           }
-
-         if ((SecurityInformation & SACL_SECURITY_INFORMATION) &&
-             (ObjectSd->Control & SE_SACL_PRESENT))
-           {
-             if (ObjectSd->Sacl != NULL)
-               {
-                 Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
-                 SaclLength = ROUND_UP(Sacl->AclSize, 4);
-               }
-             Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
-           }
-
-         *ResultLength = OwnerLength + GroupLength +
-                         DaclLength + SaclLength + sizeof(SECURITY_DESCRIPTOR);
-         if (Length >= *ResultLength)
-           {
-             RtlCreateSecurityDescriptor(SecurityDescriptor,
-                                         SECURITY_DESCRIPTOR_REVISION1);
-             SecurityDescriptor->Control = Control;
-
-             Current = (ULONG_PTR)SecurityDescriptor + sizeof(SECURITY_DESCRIPTOR);
-
-             if (OwnerLength != 0)
-               {
-                 RtlCopyMemory((PVOID)Current,
-                               Owner,
-                               OwnerLength);
-                 SecurityDescriptor->Owner = (PSID)(Current - (ULONG_PTR)SecurityDescriptor);
-                 Current += OwnerLength;
-               }
-
-             if (GroupLength != 0)
-               {
-                 RtlCopyMemory((PVOID)Current,
-                               Group,
-                               GroupLength);
-                 SecurityDescriptor->Group = (PSID)(Current - (ULONG_PTR)SecurityDescriptor);
-                 Current += GroupLength;
-               }
-
-             if (DaclLength != 0)
-               {
-                 RtlCopyMemory((PVOID)Current,
-                               Dacl,
-                               DaclLength);
-                 SecurityDescriptor->Dacl = (PACL)(Current - (ULONG_PTR)SecurityDescriptor);
-                 Current += DaclLength;
-               }
-
-             if (SaclLength != 0)
-               {
-                 RtlCopyMemory((PVOID)Current,
-                               Sacl,
-                               SaclLength);
-                 SecurityDescriptor->Sacl = (PACL)(Current - (ULONG_PTR)SecurityDescriptor);
-                 Current += SaclLength;
-               }
-
-             Status = STATUS_SUCCESS;
-           }
-         else
-           {
-             Status = STATUS_BUFFER_TOO_SMALL;
-           }
-       }
-      else
-       {
-         *ResultLength = 0;
-         Status = STATUS_UNSUCCESSFUL;
-       }
+      *ResultLength = Length;
+      Status = SeQuerySecurityDescriptorInfo(&SecurityInformation,
+                                            SecurityDescriptor,
+                                            ResultLength,
+                                            &Header->SecurityDescriptor);
      }
  
    ObDereferenceObject(Object);
@@ -329,6 +227,8 @@ NtSetSecurityObject(IN HANDLE Handle,
    ULONG_PTR Current;
    NTSTATUS Status;
  
+  DPRINT("NtSetSecurityObject() called\n");
+
    Status = ObReferenceObjectByHandle(Handle,
                                      (SecurityInformation & SACL_SECURITY_INFORMATION) ? ACCESS_SYSTEM_SECURITY : 0,
                                      NULL,
@@ -337,12 +237,14 @@ NtSetSecurityObject(IN HANDLE Handle,
                                      NULL);
    if (!NT_SUCCESS(Status))
      {
+      DPRINT1("ObReferenceObjectByHandle() failed (Status %lx)\n", Status);
        return Status;
      }
  
    Header = BODY_TO_HEADER(Object);
-  if (Header->ObjectType != NULL)
+  if (Header->ObjectType == NULL)
      {
+      DPRINT1("Invalid object type\n");
        ObDereferenceObject(Object);
        return STATUS_UNSUCCESSFUL;
      }
author	Eric Kohl <eric.kohl@reactos.org>
	Thu, 9 Sep 2004 12:20:48 +0000 (12:20 +0000)
committer	Eric Kohl <eric.kohl@reactos.org>
	Thu, 9 Sep 2004 12:20:48 +0000 (12:20 +0000)