projects / reactos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 291b697)
[ntoskrnl] Check if caller has valid access before opening a registry key
authorHervé Poussineau <hpoussin@reactos.org>
Sat, 29 Aug 2009 10:35:30 +0000 (10:35 +0000)
committerHervé Poussineau <hpoussin@reactos.org>
Sat, 29 Aug 2009 10:35:30 +0000 (10:35 +0000)
Assign security descriptor to new keys we're creating

svn path=/trunk/; revision=42960

reactos/ntoskrnl/config/cmparse.c patch | blob | history

diff --git a/reactos/ntoskrnl/config/cmparse.c b/reactos/ntoskrnl/config/cmparse.c
index 9e2944b..c03b139 100644 (file)
--- a/reactos/ntoskrnl/config/cmparse.c
+++ b/reactos/ntoskrnl/config/cmparse.c
@@ -224,6 +224,7 @@ CmpDoCreateChild(IN PHHIVE Hive,
     ULONG StorageType;
     LARGE_INTEGER SystemTime;
     PCM_KEY_CONTROL_BLOCK Kcb;
+    PSECURITY_DESCRIPTOR NewDescriptor;
 
     /* Get the storage type */
     StorageType = Stable;
@@ -360,6 +361,26 @@ CmpDoCreateChild(IN PHHIVE Hive,
     /* Link it with the KCB */
     EnlistKeyBodyWithKCB(KeyBody, 0);
 
+    /* Assign security */
+    Status = SeAssignSecurity(ParentDescriptor,
+                              AccessState->SecurityDescriptor,
+                              &NewDescriptor,
+                              TRUE,
+                              &AccessState->SubjectSecurityContext,
+                              &CmpKeyObjectType->TypeInfo.GenericMapping,
+                              CmpKeyObjectType->TypeInfo.PoolType);
+    if (NT_SUCCESS(Status))
+    {
+        Status = CmpSecurityMethod(*Object,
+                                   AssignSecurityDescriptor,
+                                   NULL,
+                                   NewDescriptor,
+                                   NULL,
+                                   NULL,
+                                   CmpKeyObjectType->TypeInfo.PoolType,
+                                   &CmpKeyObjectType->TypeInfo.GenericMapping);
+    }
+
 Quickie:
     /* Check if we got here because of failure */
     if (!NT_SUCCESS(Status))
@@ -686,6 +707,16 @@ CmpDoOpen(IN PHHIVE Hive,
         
         /* Link to the KCB */
         EnlistKeyBodyWithKCB(KeyBody, 0);
+
+        if (!ObCheckObjectAccess(*Object,
+                                 AccessState,
+                                 FALSE,
+                                 AccessMode,
+                                 &Status))
+        {
+            /* Access check failed */
+            ObDereferenceObject(*Object);
+        }
     }
     else
     {
A free Windows-compatible Operating System