- Add security function for file and registry key objects.

author Eric Kohl <eric.kohl@reactos.org>

Thu, 22 Jul 2004 18:38:08 +0000 (18:38 +0000)

committer Eric Kohl <eric.kohl@reactos.org>

Thu, 22 Jul 2004 18:38:08 +0000 (18:38 +0000)
author Eric Kohl <eric.kohl@reactos.org>
Thu, 22 Jul 2004 18:38:08 +0000 (18:38 +0000)
committer Eric Kohl <eric.kohl@reactos.org>
Thu, 22 Jul 2004 18:38:08 +0000 (18:38 +0000)
diff --git a/reactos/ntoskrnl/cm/regobj.c b/reactos/ntoskrnl/cm/regobj.c

index 0bfd37c..336adea 100644 (file)
--- a/reactos/ntoskrnl/cm/regobj.c
+++ b/reactos/ntoskrnl/cm/regobj.c
@@ -327,9 +327,28 @@ CmiObjectSecurity(PVOID ObjectBody,
                   PSECURITY_DESCRIPTOR SecurityDescriptor,
                   PULONG BufferLength)
  {
                   PSECURITY_DESCRIPTOR SecurityDescriptor,
                   PULONG BufferLength)
  {
-  DPRINT1 ("CmiObjectSecurity() called\n");
+  DPRINT("CmiObjectSecurity() called\n");
  
  
-  return STATUS_SUCCESS;
+  switch (OperationCode)
+    {
+      case SetSecurityDescriptor:
+        DPRINT("Set security descriptor\n");
+        return STATUS_SUCCESS;
+
+      case QuerySecurityDescriptor:
+        DPRINT("Query security descriptor\n");
+        return STATUS_UNSUCCESSFUL;
+
+      case DeleteSecurityDescriptor:
+        DPRINT("Delete security descriptor\n");
+        return STATUS_SUCCESS;
+
+      case AssignSecurityDescriptor:
+        DPRINT("Assign security descriptor\n");
+        return STATUS_SUCCESS;
+    }
+
+  return STATUS_UNSUCCESSFUL;
  }
  
  
  }
  
  
diff --git a/reactos/ntoskrnl/io/iomgr.c b/reactos/ntoskrnl/io/iomgr.c

index 38e50ee..46a39a2 100644 (file)
--- a/reactos/ntoskrnl/io/iomgr.c
+++ b/reactos/ntoskrnl/io/iomgr.c
@@ -1,4 +1,4 @@
-/* $Id: iomgr.c,v 1.48 2004/05/09 15:02:07 hbirr Exp $
+/* $Id: iomgr.c,v 1.49 2004/07/22 18:36:35 ekohl Exp $
   *
   * COPYRIGHT:            See COPYING in the top level directory
   * PROJECT:              ReactOS kernel
   *
   * COPYRIGHT:            See COPYING in the top level directory
   * PROJECT:              ReactOS kernel
@@ -138,6 +138,38 @@ IopDeleteFile(PVOID ObjectBody)
  }
  
  
  }
  
  
+NTSTATUS STDCALL
+IopSecurityFile(PVOID ObjectBody,
+               SECURITY_OPERATION_CODE OperationCode,
+               SECURITY_INFORMATION SecurityInformation,
+               PSECURITY_DESCRIPTOR SecurityDescriptor,
+               PULONG BufferLength)
+{
+  DPRINT("IopSecurityFile() called\n");
+
+  switch (OperationCode)
+    {
+      case SetSecurityDescriptor:
+       DPRINT("Set security descriptor\n");
+       return STATUS_SUCCESS;
+
+      case QuerySecurityDescriptor:
+       DPRINT("Query security descriptor\n");
+       return STATUS_UNSUCCESSFUL;
+
+      case DeleteSecurityDescriptor:
+       DPRINT("Delete security descriptor\n");
+       return STATUS_SUCCESS;
+
+      case AssignSecurityDescriptor:
+       DPRINT("Assign security descriptor\n");
+       return STATUS_SUCCESS;
+    }
+
+  return STATUS_UNSUCCESSFUL;
+}
+
+
  NTSTATUS STDCALL
  IopQueryNameFile(PVOID ObjectBody,
                  POBJECT_NAME_INFORMATION ObjectNameInfo,
  NTSTATUS STDCALL
  IopQueryNameFile(PVOID ObjectBody,
                  POBJECT_NAME_INFORMATION ObjectNameInfo,
@@ -261,7 +293,7 @@ IoInit (VOID)
    IoFileObjectType->Close = IopCloseFile;
    IoFileObjectType->Delete = IopDeleteFile;
    IoFileObjectType->Parse = NULL;
    IoFileObjectType->Close = IopCloseFile;
    IoFileObjectType->Delete = IopDeleteFile;
    IoFileObjectType->Parse = NULL;
-  IoFileObjectType->Security = NULL;
+  IoFileObjectType->Security = IopSecurityFile;
    IoFileObjectType->QueryName = IopQueryNameFile;
    IoFileObjectType->OkayToClose = NULL;
    IoFileObjectType->Create = IopCreateFile;
    IoFileObjectType->QueryName = IopQueryNameFile;
    IoFileObjectType->OkayToClose = NULL;
    IoFileObjectType->Create = IopCreateFile;
diff --git a/reactos/ntoskrnl/ob/object.c b/reactos/ntoskrnl/ob/object.c

index 1e1ff02..a3fb5aa 100644 (file)
--- a/reactos/ntoskrnl/ob/object.c
+++ b/reactos/ntoskrnl/ob/object.c
@@ -1,4 +1,4 @@
-/* $Id: object.c,v 1.80 2004/07/19 12:48:59 ekohl Exp $
+/* $Id: object.c,v 1.81 2004/07/22 18:38:08 ekohl Exp $
   * 
   * COPYRIGHT:     See COPYING in the top level directory
   * PROJECT:       ReactOS kernel
   * 
   * COPYRIGHT:     See COPYING in the top level directory
   * PROJECT:       ReactOS kernel
@@ -372,7 +372,7 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
        if (!NT_SUCCESS(Status))
         {
           DPRINT("ObFindObject() failed! (Status 0x%x)\n", Status);
        if (!NT_SUCCESS(Status))
         {
           DPRINT("ObFindObject() failed! (Status 0x%x)\n", Status);
-         return(Status);
+         return Status;
         }
      }
    else
         }
      }
    else
@@ -453,7 +453,7 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
           RtlFreeUnicodeString(&Header->Name);
           RtlFreeUnicodeString(&RemainingPath);
           ExFreePool(Header);
           RtlFreeUnicodeString(&Header->Name);
           RtlFreeUnicodeString(&RemainingPath);
           ExFreePool(Header);
-         return(Status);
+         return Status;
         }
      }
    RtlFreeUnicodeString(&RemainingPath);
         }
      }
    RtlFreeUnicodeString(&RemainingPath);
@@ -474,8 +474,15 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
  
        if (Header->ObjectType->Security != NULL)
         {
  
        if (Header->ObjectType->Security != NULL)
         {
-         /* FIXME: Call the security method */
+         /* Call the security method */
+         Status = Header->ObjectType->Security(HEADER_TO_BODY(Header),
+                                               AssignSecurityDescriptor,
+                                               0,
+                                               NewSecurityDescriptor,
+                                               NULL);
+#if 0
           Status = STATUS_SUCCESS;
           Status = STATUS_SUCCESS;
+#endif
         }
        else
         {
         }
        else
         {
@@ -496,7 +503,7 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
        *Object = HEADER_TO_BODY(Header);
      }
  
        *Object = HEADER_TO_BODY(Header);
      }
  
-  return(STATUS_SUCCESS);
+  return STATUS_SUCCESS;
  }
  
  
  }
  
  
diff --git a/reactos/ntoskrnl/ob/security.c b/reactos/ntoskrnl/ob/security.c

index b5c00da..1aeff4d 100644 (file)
--- a/reactos/ntoskrnl/ob/security.c
+++ b/reactos/ntoskrnl/ob/security.c
@@ -18,7 +18,7 @@
  /* FUNCTIONS ***************************************************************/
  
  /*
  /* FUNCTIONS ***************************************************************/
  
  /*
- * @unimplemented
+ * @implemented
   */
  NTSTATUS STDCALL
  ObAssignSecurity(IN PACCESS_STATE AccessState,
   */
  NTSTATUS STDCALL
  ObAssignSecurity(IN PACCESS_STATE AccessState,
@@ -26,8 +26,40 @@ ObAssignSecurity(IN PACCESS_STATE AccessState,
                  IN PVOID Object,
                  IN POBJECT_TYPE Type)
  {
                  IN PVOID Object,
                  IN POBJECT_TYPE Type)
  {
-  UNIMPLEMENTED;
-  return(STATUS_NOT_IMPLEMENTED);
+  PSECURITY_DESCRIPTOR NewDescriptor;
+  NTSTATUS Status;
+
+  /* Build the new security descriptor */
+  Status = SeAssignSecurity(SecurityDescriptor,
+                           AccessState->SecurityDescriptor,
+                           &NewDescriptor,
+                           (Type == ObDirectoryType),
+                           &AccessState->SubjectSecurityContext,
+                           Type->Mapping,
+                           PagedPool);
+  if (!NT_SUCCESS(Status))
+    return Status;
+
+  if (Type->Security != NULL)
+    {
+      /* Call the security method */
+      Status = Type->Security(Object,
+                             AssignSecurityDescriptor,
+                             0,
+                             NewDescriptor,
+                             NULL);
+    }
+  else
+    {
+      /* Assign the security descriptor to the object header */
+      Status = ObpAddSecurityDescriptor(NewDescriptor,
+                                       &(BODY_TO_HEADER(Object)->SecurityDescriptor));
+    }
+
+  /* Release the new security descriptor */
+  SeDeassignSecurity(&NewDescriptor);
+
+  return Status;
  }
  
  
  }
author	Eric Kohl <eric.kohl@reactos.org>
	Thu, 22 Jul 2004 18:38:08 +0000 (18:38 +0000)
committer	Eric Kohl <eric.kohl@reactos.org>
	Thu, 22 Jul 2004 18:38:08 +0000 (18:38 +0000)
reactos/ntoskrnl/cm/regobj.c		patch \| blob \| history
reactos/ntoskrnl/io/iomgr.c		patch \| blob \| history
reactos/ntoskrnl/ob/object.c		patch \| blob \| history
reactos/ntoskrnl/ob/security.c		patch \| blob \| history