diff options
Diffstat (limited to 'driver/wintun.c')
| -rw-r--r-- | driver/wintun.c | 87 |
1 files changed, 5 insertions, 82 deletions
diff --git a/driver/wintun.c b/driver/wintun.c index d7e3ef4..d3f2bd9 100644 --- a/driver/wintun.c +++ b/driver/wintun.c @@ -844,86 +844,9 @@ static NTSTATUS TunInitializeDispatchSecurityDescriptor(VOID); _Use_decl_annotations_ static NTSTATUS TunInitializeDispatchSecurityDescriptor(VOID) { - NTSTATUS Status; - struct - { - SID Sid; - } LocalSystem; - struct - { - SID Sid; - ULONG ExtraAuthority; - } BuiltinAdministrators; - struct - { - SID Sid; - } HighLabel; - ULONG SidSize = sizeof(LocalSystem); - if (!NT_SUCCESS(Status = SecLookupWellKnownSid(WinLocalSystemSid, &LocalSystem.Sid, SidSize, &SidSize))) - return Status; - SidSize = sizeof(BuiltinAdministrators); - if (!NT_SUCCESS( - Status = SecLookupWellKnownSid(WinBuiltinAdministratorsSid, &BuiltinAdministrators.Sid, SidSize, &SidSize))) - return Status; - SidSize = sizeof(HighLabel); - if (!NT_SUCCESS(Status = SecLookupWellKnownSid(WinHighLabelSid, &HighLabel.Sid, SidSize, &SidSize))) - return Status; - struct - { - ACL Dacl; - ACCESS_ALLOWED_ACE Ace1; - SID Sid1; - ACCESS_ALLOWED_ACE Ace2; - SID Sid2; - } DaclStorage = { 0 }; - struct - { - ACL Sacl; - SYSTEM_MANDATORY_LABEL_ACE Ace; - SID Sid; - } SaclStorage = { 0 }; - if (!NT_SUCCESS(Status = RtlCreateAcl(&DaclStorage.Dacl, sizeof(DaclStorage), ACL_REVISION))) - return Status; - if (!NT_SUCCESS(Status = RtlCreateAcl(&SaclStorage.Sacl, sizeof(SaclStorage), ACL_REVISION))) - return Status; - ACCESS_MASK AccessMask = GENERIC_ALL; - RtlMapGenericMask(&AccessMask, IoGetFileObjectGenericMapping()); - if (!NT_SUCCESS(Status = RtlAddAccessAllowedAce(&DaclStorage.Dacl, ACL_REVISION, AccessMask, &LocalSystem.Sid))) - return Status; - if (!NT_SUCCESS( - Status = RtlAddAccessAllowedAce(&DaclStorage.Dacl, ACL_REVISION, AccessMask, &BuiltinAdministrators.Sid))) - return Status; - if (!NT_SUCCESS(RtlAddMandatoryAce( - &SaclStorage.Sacl, - ACL_REVISION, - 0, - &HighLabel.Sid, - SYSTEM_MANDATORY_LABEL_ACE_TYPE, - SYSTEM_MANDATORY_LABEL_NO_READ_UP | SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | - SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP))) - return Status; - SECURITY_DESCRIPTOR SecurityDescriptor = { 0 }; - if (!NT_SUCCESS(Status = RtlCreateSecurityDescriptor(&SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))) - return Status; - if (!NT_SUCCESS(Status = RtlSetDaclSecurityDescriptor(&SecurityDescriptor, TRUE, &DaclStorage.Dacl, FALSE))) - return Status; - if (!NT_SUCCESS(Status = RtlSetSaclSecurityDescriptor(&SecurityDescriptor, TRUE, &SaclStorage.Sacl, FALSE))) - return Status; - SecurityDescriptor.Control |= SE_DACL_PROTECTED; - ULONG RequiredBytes = 0; - Status = RtlAbsoluteToSelfRelativeSD(&SecurityDescriptor, NULL, &RequiredBytes); - if (Status != STATUS_BUFFER_TOO_SMALL) - return NT_SUCCESS(Status) ? STATUS_INSUFFICIENT_RESOURCES : Status; - TunDispatchSecurityDescriptor = ExAllocatePoolWithTag(NonPagedPoolNx, RequiredBytes, TUN_MEMORY_TAG); - if (!TunDispatchSecurityDescriptor) - return STATUS_INSUFFICIENT_RESOURCES; - Status = RtlAbsoluteToSelfRelativeSD(&SecurityDescriptor, TunDispatchSecurityDescriptor, &RequiredBytes); - if (!NT_SUCCESS(Status)) - { - ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG); - return Status; - } - return STATUS_SUCCESS; + UNICODE_STRING Sddl; + RtlInitUnicodeString(&Sddl, L"O:SYD:P(A;;FA;;;SY)(A;;FA;;;BA)S:(ML;;NWNRNX;;;HI)"); + return SeSddlSecurityDescriptorFromSDDL(&Sddl, FALSE, &TunDispatchSecurityDescriptor); } _IRQL_requires_max_(PASSIVE_LEVEL) @@ -1493,7 +1416,7 @@ TunUnload(PDRIVER_OBJECT DriverObject) NdisMDeregisterMiniportDriver(NdisMiniportDriverHandle); ExDeleteResourceLite(&TunDispatchCtxGuard); ExDeleteResourceLite(&TunDispatchDeviceListLock); - ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG); + ExFreePool(TunDispatchSecurityDescriptor); } DRIVER_INITIALIZE DriverEntry; @@ -1569,6 +1492,6 @@ cleanupNotifier: cleanupResources: ExDeleteResourceLite(&TunDispatchCtxGuard); ExDeleteResourceLite(&TunDispatchDeviceListLock); - ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG); + ExFreePool(TunDispatchSecurityDescriptor); return Status; } |