[ros-diffs] [reactos] 03/04: [NTOSKRNL] Simplify ObpCreateGlobalDosDevicesSD by using a SD on the stack Rename it to ObpGetDosDevicesProtection to reflect the two previous changes: its purpose is to return a DACL matching protection mode

Pierre Schweitzer Tue, 21 May 2019 11:09:49 -0700

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=95d303bf13087ba705748dd49d69f43c107a6cd2


commit 95d303bf13087ba705748dd49d69f43c107a6cd2
Author:     Pierre Schweitzer <[email protected]>
AuthorDate: Tue May 21 08:50:55 2019 +0200
Commit:     Pierre Schweitzer <[email protected]>
CommitDate: Tue May 21 19:28:16 2019 +0200

    [NTOSKRNL] Simplify ObpCreateGlobalDosDevicesSD by using a SD on the stack
    Rename it to ObpGetDosDevicesProtection to reflect the two previous changes:
    its purpose is to return a DACL matching protection mode
---
 ntoskrnl/ob/obname.c | 70 +++++++++++++++-------------------------------------
 1 file changed, 20 insertions(+), 50 deletions(-)

diff --git a/ntoskrnl/ob/obname.c b/ntoskrnl/ob/obname.c
index 5baa4b1a50d..3a967872028 100644
--- a/ntoskrnl/ob/obname.c
+++ b/ntoskrnl/ob/obname.c
@@ -37,12 +37,13 @@ ULONG ObpUnsecureGlobalNamesLength = 
sizeof(ObpUnsecureGlobalNamesBuffer);
 INIT_FUNCTION
 NTSTATUS
 NTAPI
-ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
+ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
 {
-    PSECURITY_DESCRIPTOR Sd = NULL;
     PACL Dacl;
-    ULONG AclSize, SdSize;
-    NTSTATUS Status;
+    ULONG AclSize;
+
+    /* Initialize the SD */
+    RtlCreateSecurityDescriptor(SecurityDescriptor, 
SECURITY_DESCRIPTOR_REVISION);
 
     if (ObpProtectionMode & 1)
     {
@@ -54,23 +55,13 @@ ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR 
*SecurityDescriptor)
                   sizeof(ACE) + RtlLengthSid(SeLocalSystemSid) +
                   sizeof(ACE) + RtlLengthSid(SeCreatorOwnerSid);
 
-        SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
-
-        /* Allocate the SD and ACL */
-        Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
-        if (Sd == NULL)
+        /* Allocate the ACL */
+        Dacl = ExAllocatePoolWithTag(PagedPool, AclSize, 'lcaD');
+        if (Dacl == NULL)
         {
             return STATUS_INSUFFICIENT_RESOURCES;
         }
 
-        /* Initialize the SD */
-        Status = RtlCreateSecurityDescriptor(Sd,
-                                             SECURITY_DESCRIPTOR_REVISION);
-        if (!NT_SUCCESS(Status))
-            return Status;
-
-        Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
-
         /* Initialize the DACL */
         RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
 
@@ -116,23 +107,13 @@ ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR 
*SecurityDescriptor)
                   sizeof(ACE) + RtlLengthSid(SeWorldSid) +
                   sizeof(ACE) + RtlLengthSid(SeLocalSystemSid);
 
-        SdSize = sizeof(SECURITY_DESCRIPTOR) + AclSize;
-
-        /* Allocate the SD and ACL */
-        Sd = ExAllocatePoolWithTag(PagedPool, SdSize, TAG_SD);
-        if (Sd == NULL)
+        /* Allocate the ACL */
+        Dacl = ExAllocatePoolWithTag(PagedPool, AclSize, 'lcaD');
+        if (Dacl == NULL)
         {
             return STATUS_INSUFFICIENT_RESOURCES;
         }
 
-        /* Initialize the SD */
-        Status = RtlCreateSecurityDescriptor(Sd,
-                                             SECURITY_DESCRIPTOR_REVISION);
-        if (!NT_SUCCESS(Status))
-            return Status;
-
-        Dacl = (PACL)((INT_PTR)Sd + sizeof(SECURITY_DESCRIPTOR));
-
         /* Initialize the DACL */
         RtlCreateAcl(Dacl, AclSize, ACL_REVISION);
 
@@ -155,23 +136,9 @@ ObpCreateGlobalDosDevicesSD(OUT PSECURITY_DESCRIPTOR 
*SecurityDescriptor)
     }
 
     /* Attach the DACL to the SD */
-    Status = RtlSetDaclSecurityDescriptor(Sd,
-                                          TRUE,
-                                          Dacl,
-                                          FALSE);
-    if (!NT_SUCCESS(Status))
-        goto done;
-
-    *SecurityDescriptor = Sd;
+    RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Dacl, FALSE);
 
-done:
-    if (!NT_SUCCESS(Status))
-    {
-        if (Sd != NULL)
-            ExFreePoolWithTag(Sd, TAG_SD);
-    }
-
-    return Status;
+    return STATUS_SUCCESS;
 }
 
 INIT_FUNCTION
@@ -182,11 +149,13 @@ ObpCreateDosDevicesDirectory(VOID)
     OBJECT_ATTRIBUTES ObjectAttributes;
     UNICODE_STRING RootName, TargetName, LinkName;
     HANDLE Handle, SymHandle;
-    PSECURITY_DESCRIPTOR DosDevicesSD = NULL;
+    SECURITY_DESCRIPTOR DosDevicesSD;
     NTSTATUS Status;
+    PACL Dacl;
+    BOOLEAN DaclPresent, DaclDefaulted;
 
     /* Create a custom security descriptor for the global DosDevices directory 
*/
-    Status = ObpCreateGlobalDosDevicesSD(&DosDevicesSD);
+    Status = ObpGetDosDevicesProtection(&DosDevicesSD);
     if (!NT_SUCCESS(Status))
         return Status;
 
@@ -196,11 +165,12 @@ ObpCreateDosDevicesDirectory(VOID)
                                &RootName,
                                OBJ_PERMANENT,
                                NULL,
-                               DosDevicesSD);
+                               &DosDevicesSD);
     Status = NtCreateDirectoryObject(&Handle,
                                      DIRECTORY_ALL_ACCESS,
                                      &ObjectAttributes);
-    ExFreePoolWithTag(DosDevicesSD, TAG_SD);
+    RtlGetDaclSecurityDescriptor(&DosDevicesSD, &DaclPresent, &Dacl, 
&DaclDefaulted);
+    ExFreePoolWithTag(Dacl, 'lcaD');
     if (!NT_SUCCESS(Status)) return Status;
 
     /* Create the system device map */

[ros-diffs] [reactos] 03/04: [NTOSKRNL] Simplify ObpCreateGlobalDosDevicesSD by using a SD on the stack Rename it to ObpGetDosDevicesProtection to reflect the two previous changes: its purpose is to return a DACL matching protection mode

Reply via email to