From a3105b78bf1385200ef46e928a9c383e92108075 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Thu, 9 Sep 2004 12:20:48 +0000 Subject: [PATCH] - Use SeQuerySecurityDescriptorInfo() to retrieve an objects security descriptor. - Disable debug messages. svn path=/trunk/; revision=10806 --- reactos/ntoskrnl/ob/security.c | 132 +++++---------------------------- 1 file changed, 17 insertions(+), 115 deletions(-) diff --git a/reactos/ntoskrnl/ob/security.c b/reactos/ntoskrnl/ob/security.c index a77f0a16dc0..f6eadd65fe8 100644 --- a/reactos/ntoskrnl/ob/security.c +++ b/reactos/ntoskrnl/ob/security.c @@ -11,6 +11,7 @@ /* INCLUDES *****************************************************************/ #include +#define NDEBUG #include /* FUNCTIONS ***************************************************************/ @@ -154,19 +155,10 @@ NtQuerySecurityObject(IN HANDLE Handle, { POBJECT_HEADER Header; PVOID Object; - PSECURITY_DESCRIPTOR ObjectSd; - PSID Owner = 0; - PSID Group = 0; - PACL Dacl = 0; - PACL Sacl = 0; - ULONG OwnerLength = 0; - ULONG GroupLength = 0; - ULONG DaclLength = 0; - ULONG SaclLength = 0; - ULONG Control = 0; - ULONG_PTR Current; NTSTATUS Status; + DPRINT("NtQuerySecurityObject() called\n"); + Status = ObReferenceObjectByHandle(Handle, (SecurityInformation & SACL_SECURITY_INFORMATION) ? ACCESS_SYSTEM_SECURITY : 0, NULL, @@ -175,128 +167,34 @@ NtQuerySecurityObject(IN HANDLE Handle, NULL); if (!NT_SUCCESS(Status)) { + DPRINT1("ObReferenceObjectByHandle() failed (Status %lx)\n", Status); return Status; } Header = BODY_TO_HEADER(Object); if (Header->ObjectType == NULL) { + DPRINT1("Invalid object type\n"); ObDereferenceObject(Object); return STATUS_UNSUCCESSFUL; } if (Header->ObjectType->Security != NULL) { + *ResultLength = Length; Status = Header->ObjectType->Security(Object, QuerySecurityDescriptor, SecurityInformation, SecurityDescriptor, - &Length); - *ResultLength = Length; + ResultLength); } else { - ObjectSd = Header->SecurityDescriptor; - - if (ObjectSd != NULL) - { - Control = SE_SELF_RELATIVE; - if ((SecurityInformation & OWNER_SECURITY_INFORMATION) && - (ObjectSd->Owner != NULL)) - { - Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd); - OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); - Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED); - } - - if ((SecurityInformation & GROUP_SECURITY_INFORMATION) && - (ObjectSd->Group != NULL)) - { - Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd); - GroupLength = ROUND_UP(RtlLengthSid(Group), 4); - Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED); - } - - if ((SecurityInformation & DACL_SECURITY_INFORMATION) && - (ObjectSd->Control & SE_DACL_PRESENT)) - { - if (ObjectSd->Dacl != NULL) - { - Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd); - DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4); - } - Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT)); - } - - if ((SecurityInformation & SACL_SECURITY_INFORMATION) && - (ObjectSd->Control & SE_SACL_PRESENT)) - { - if (ObjectSd->Sacl != NULL) - { - Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd); - SaclLength = ROUND_UP(Sacl->AclSize, 4); - } - Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT)); - } - - *ResultLength = OwnerLength + GroupLength + - DaclLength + SaclLength + sizeof(SECURITY_DESCRIPTOR); - if (Length >= *ResultLength) - { - RtlCreateSecurityDescriptor(SecurityDescriptor, - SECURITY_DESCRIPTOR_REVISION1); - SecurityDescriptor->Control = Control; - - Current = (ULONG_PTR)SecurityDescriptor + sizeof(SECURITY_DESCRIPTOR); - - if (OwnerLength != 0) - { - RtlCopyMemory((PVOID)Current, - Owner, - OwnerLength); - SecurityDescriptor->Owner = (PSID)(Current - (ULONG_PTR)SecurityDescriptor); - Current += OwnerLength; - } - - if (GroupLength != 0) - { - RtlCopyMemory((PVOID)Current, - Group, - GroupLength); - SecurityDescriptor->Group = (PSID)(Current - (ULONG_PTR)SecurityDescriptor); - Current += GroupLength; - } - - if (DaclLength != 0) - { - RtlCopyMemory((PVOID)Current, - Dacl, - DaclLength); - SecurityDescriptor->Dacl = (PACL)(Current - (ULONG_PTR)SecurityDescriptor); - Current += DaclLength; - } - - if (SaclLength != 0) - { - RtlCopyMemory((PVOID)Current, - Sacl, - SaclLength); - SecurityDescriptor->Sacl = (PACL)(Current - (ULONG_PTR)SecurityDescriptor); - Current += SaclLength; - } - - Status = STATUS_SUCCESS; - } - else - { - Status = STATUS_BUFFER_TOO_SMALL; - } - } - else - { - *ResultLength = 0; - Status = STATUS_UNSUCCESSFUL; - } + *ResultLength = Length; + Status = SeQuerySecurityDescriptorInfo(&SecurityInformation, + SecurityDescriptor, + ResultLength, + &Header->SecurityDescriptor); } ObDereferenceObject(Object); @@ -329,6 +227,8 @@ NtSetSecurityObject(IN HANDLE Handle, ULONG_PTR Current; NTSTATUS Status; + DPRINT("NtSetSecurityObject() called\n"); + Status = ObReferenceObjectByHandle(Handle, (SecurityInformation & SACL_SECURITY_INFORMATION) ? ACCESS_SYSTEM_SECURITY : 0, NULL, @@ -337,12 +237,14 @@ NtSetSecurityObject(IN HANDLE Handle, NULL); if (!NT_SUCCESS(Status)) { + DPRINT1("ObReferenceObjectByHandle() failed (Status %lx)\n", Status); return Status; } Header = BODY_TO_HEADER(Object); - if (Header->ObjectType != NULL) + if (Header->ObjectType == NULL) { + DPRINT1("Invalid object type\n"); ObDereferenceObject(Object); return STATUS_UNSUCCESSFUL; } -- 2.17.1