From ec5f846d4ce40d99040e3c2f6722d81ca72927a5 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Thu, 22 Jul 2004 18:38:08 +0000 Subject: [PATCH] - Add security function for file and registry key objects. - Implement ObAssignSecurity(). svn path=/trunk/; revision=10253 --- reactos/ntoskrnl/cm/regobj.c | 23 ++++++++++++++++++-- reactos/ntoskrnl/io/iomgr.c | 36 ++++++++++++++++++++++++++++++-- reactos/ntoskrnl/ob/object.c | 17 ++++++++++----- reactos/ntoskrnl/ob/security.c | 38 +++++++++++++++++++++++++++++++--- 4 files changed, 102 insertions(+), 12 deletions(-) diff --git a/reactos/ntoskrnl/cm/regobj.c b/reactos/ntoskrnl/cm/regobj.c index 0bfd37ceba3..336adea3294 100644 --- a/reactos/ntoskrnl/cm/regobj.c +++ b/reactos/ntoskrnl/cm/regobj.c @@ -327,9 +327,28 @@ CmiObjectSecurity(PVOID ObjectBody, PSECURITY_DESCRIPTOR SecurityDescriptor, PULONG BufferLength) { - DPRINT1 ("CmiObjectSecurity() called\n"); + DPRINT("CmiObjectSecurity() called\n"); - return STATUS_SUCCESS; + switch (OperationCode) + { + case SetSecurityDescriptor: + DPRINT("Set security descriptor\n"); + return STATUS_SUCCESS; + + case QuerySecurityDescriptor: + DPRINT("Query security descriptor\n"); + return STATUS_UNSUCCESSFUL; + + case DeleteSecurityDescriptor: + DPRINT("Delete security descriptor\n"); + return STATUS_SUCCESS; + + case AssignSecurityDescriptor: + DPRINT("Assign security descriptor\n"); + return STATUS_SUCCESS; + } + + return STATUS_UNSUCCESSFUL; } diff --git a/reactos/ntoskrnl/io/iomgr.c b/reactos/ntoskrnl/io/iomgr.c index 38e50eed502..46a39a2a89c 100644 --- a/reactos/ntoskrnl/io/iomgr.c +++ b/reactos/ntoskrnl/io/iomgr.c @@ -1,4 +1,4 @@ -/* $Id: iomgr.c,v 1.48 2004/05/09 15:02:07 hbirr Exp $ +/* $Id: iomgr.c,v 1.49 2004/07/22 18:36:35 ekohl Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -138,6 +138,38 @@ IopDeleteFile(PVOID ObjectBody) } +NTSTATUS STDCALL +IopSecurityFile(PVOID ObjectBody, + SECURITY_OPERATION_CODE OperationCode, + SECURITY_INFORMATION SecurityInformation, + PSECURITY_DESCRIPTOR SecurityDescriptor, + PULONG BufferLength) +{ + DPRINT("IopSecurityFile() called\n"); + + switch (OperationCode) + { + case SetSecurityDescriptor: + DPRINT("Set security descriptor\n"); + return STATUS_SUCCESS; + + case QuerySecurityDescriptor: + DPRINT("Query security descriptor\n"); + return STATUS_UNSUCCESSFUL; + + case DeleteSecurityDescriptor: + DPRINT("Delete security descriptor\n"); + return STATUS_SUCCESS; + + case AssignSecurityDescriptor: + DPRINT("Assign security descriptor\n"); + return STATUS_SUCCESS; + } + + return STATUS_UNSUCCESSFUL; +} + + NTSTATUS STDCALL IopQueryNameFile(PVOID ObjectBody, POBJECT_NAME_INFORMATION ObjectNameInfo, @@ -261,7 +293,7 @@ IoInit (VOID) IoFileObjectType->Close = IopCloseFile; IoFileObjectType->Delete = IopDeleteFile; IoFileObjectType->Parse = NULL; - IoFileObjectType->Security = NULL; + IoFileObjectType->Security = IopSecurityFile; IoFileObjectType->QueryName = IopQueryNameFile; IoFileObjectType->OkayToClose = NULL; IoFileObjectType->Create = IopCreateFile; diff --git a/reactos/ntoskrnl/ob/object.c b/reactos/ntoskrnl/ob/object.c index 1e1ff028b72..a3fb5aaa81f 100644 --- a/reactos/ntoskrnl/ob/object.c +++ b/reactos/ntoskrnl/ob/object.c @@ -1,4 +1,4 @@ -/* $Id: object.c,v 1.80 2004/07/19 12:48:59 ekohl Exp $ +/* $Id: object.c,v 1.81 2004/07/22 18:38:08 ekohl Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -372,7 +372,7 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL, if (!NT_SUCCESS(Status)) { DPRINT("ObFindObject() failed! (Status 0x%x)\n", Status); - return(Status); + return Status; } } else @@ -453,7 +453,7 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL, RtlFreeUnicodeString(&Header->Name); RtlFreeUnicodeString(&RemainingPath); ExFreePool(Header); - return(Status); + return Status; } } RtlFreeUnicodeString(&RemainingPath); @@ -474,8 +474,15 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL, if (Header->ObjectType->Security != NULL) { - /* FIXME: Call the security method */ + /* Call the security method */ + Status = Header->ObjectType->Security(HEADER_TO_BODY(Header), + AssignSecurityDescriptor, + 0, + NewSecurityDescriptor, + NULL); +#if 0 Status = STATUS_SUCCESS; +#endif } else { @@ -496,7 +503,7 @@ ObCreateObject (IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL, *Object = HEADER_TO_BODY(Header); } - return(STATUS_SUCCESS); + return STATUS_SUCCESS; } diff --git a/reactos/ntoskrnl/ob/security.c b/reactos/ntoskrnl/ob/security.c index b5c00dab365..1aeff4d2612 100644 --- a/reactos/ntoskrnl/ob/security.c +++ b/reactos/ntoskrnl/ob/security.c @@ -18,7 +18,7 @@ /* FUNCTIONS ***************************************************************/ /* - * @unimplemented + * @implemented */ NTSTATUS STDCALL ObAssignSecurity(IN PACCESS_STATE AccessState, @@ -26,8 +26,40 @@ ObAssignSecurity(IN PACCESS_STATE AccessState, IN PVOID Object, IN POBJECT_TYPE Type) { - UNIMPLEMENTED; - return(STATUS_NOT_IMPLEMENTED); + PSECURITY_DESCRIPTOR NewDescriptor; + NTSTATUS Status; + + /* Build the new security descriptor */ + Status = SeAssignSecurity(SecurityDescriptor, + AccessState->SecurityDescriptor, + &NewDescriptor, + (Type == ObDirectoryType), + &AccessState->SubjectSecurityContext, + Type->Mapping, + PagedPool); + if (!NT_SUCCESS(Status)) + return Status; + + if (Type->Security != NULL) + { + /* Call the security method */ + Status = Type->Security(Object, + AssignSecurityDescriptor, + 0, + NewDescriptor, + NULL); + } + else + { + /* Assign the security descriptor to the object header */ + Status = ObpAddSecurityDescriptor(NewDescriptor, + &(BODY_TO_HEADER(Object)->SecurityDescriptor)); + } + + /* Release the new security descriptor */ + SeDeassignSecurity(&NewDescriptor); + + return Status; } -- 2.17.1