Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

287 lines
9.1 KiB

/*++
Copyright (c) 1991 Microsoft Corporation
Module Name:
cmchek2.c
Abstract:
This module implements consistency checking for the registry.
Author:
Bryan M. Willman (bryanwi) 27-Jan-92
Environment:
Revision History:
--*/
#include "cmp.h"
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE,CmpValidateHiveSecurityDescriptors)
#endif
extern ULONG CmpUsedStorage;
#ifdef HIVE_SECURITY_STATS
ULONG
CmpCheckForSecurityDuplicates(
IN OUT PCMHIVE CmHive
);
#endif
BOOLEAN
CmpValidateHiveSecurityDescriptors(
IN PHHIVE Hive,
OUT PBOOLEAN ResetSD
)
/*++
Routine Description:
Walks the list of security descriptors present in the hive and passes
each security descriptor to RtlValidSecurityDescriptor.
Only applies to descriptors in Stable store. Those in Volatile store
cannot have come from disk and therefore do not need this treatment
anyway.
Arguments:
Hive - Supplies pointer to the hive control structure
Return Value:
TRUE - All security descriptors are valid
FALSE - At least one security descriptor is invalid
--*/
{
PCM_KEY_NODE RootNode;
PCM_KEY_SECURITY SecurityCell;
HCELL_INDEX ListAnchor;
HCELL_INDEX NextCell;
HCELL_INDEX LastCell;
BOOLEAN BuildSecurityCache;
#ifdef HIVE_SECURITY_STATS
UNICODE_STRING HiveName;
ULONG NoOfCells = 0;
ULONG SmallestSize = 0;
ULONG BiggestSize = 0;
ULONG TotalSecuritySize = 0;
RtlInitUnicodeString(&HiveName, (PCWSTR)Hive->BaseBlock->FileName);
#ifndef _CM_LDR_
DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"Security stats for hive (%lx) (%.*S):\n",Hive,HiveName.Length / sizeof(WCHAR),HiveName.Buffer);
#endif //_CM_LDR_
#endif
CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC,"CmpValidateHiveSecurityDescriptor: Hive = %p\n",(ULONG_PTR)Hive));
ASSERT( Hive->ReleaseCellRoutine == NULL );
*ResetSD = FALSE;
if( ((PCMHIVE)Hive)->SecurityCount == 0 ) {
BuildSecurityCache = TRUE;
} else {
BuildSecurityCache = FALSE;
}
if (!HvIsCellAllocated(Hive,Hive->BaseBlock->RootCell)) {
//
// root cell HCELL_INDEX is bogus
//
return(FALSE);
}
RootNode = (PCM_KEY_NODE) HvGetCell(Hive, Hive->BaseBlock->RootCell);
if( RootNode == NULL ) {
//
// we couldn't map a view for the bin containing this cell
//
return FALSE;
}
if( FALSE ) {
YankSD:
if( CmDoSelfHeal() ) {
//
// reset all security for the entire hive to the root security. There is no reliable way to
// patch the security list
//
SecurityCell = (PCM_KEY_SECURITY) HvGetCell(Hive, RootNode->Security);
if( SecurityCell == NULL ) {
return FALSE;
}
if( HvMarkCellDirty(Hive, RootNode->Security) ) {
SecurityCell->Flink = SecurityCell->Blink = RootNode->Security;
} else {
return FALSE;
}
//
// destroy existing cache and set up an empty one
//
CmpDestroySecurityCache((PCMHIVE)Hive);
CmpInitSecurityCache((PCMHIVE)Hive);
CmMarkSelfHeal(Hive);
*ResetSD = TRUE;
#if 0
//
// remove this security cell from the list and restart iteration
//
if(HvIsCellAllocated(Hive, NextCell)) {
//
// we come this path when the SD is invalid; we need to free the cell so
// cmpcheckregistry2 detects and fixes it
//
if( HvMarkCellDirty(Hive, NextCell) ) {
HvFreeCell(Hive, NextCell);
} else {
return FALSE;
}
}
LastCell = SecurityCell->Blink;
NextCell = SecurityCell->Flink;
SecurityCell = (PCM_KEY_SECURITY) HvGetCell(Hive, LastCell);
if( SecurityCell == NULL ) {
return FALSE;
}
if( HvMarkCellDirty(Hive, LastCell) ) {
SecurityCell->Flink = NextCell;
} else {
return FALSE;
}
SecurityCell = (PCM_KEY_SECURITY) HvGetCell(Hive, NextCell);
if( SecurityCell == NULL ) {
return FALSE;
}
if( HvMarkCellDirty(Hive, NextCell) ) {
SecurityCell->Blink = LastCell;
} else {
return FALSE;
}
CmMarkSelfHeal(Hive);
#endif
} else {
return FALSE;
}
}
LastCell = 0;
ListAnchor = NextCell = RootNode->Security;
do {
if (!HvIsCellAllocated(Hive, NextCell)) {
CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC,"CM: CmpValidateHiveSecurityDescriptors\n"));
CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC," NextCell: %08lx is invalid HCELL_INDEX\n",NextCell));
goto YankSD;
}
SecurityCell = (PCM_KEY_SECURITY) HvGetCell(Hive, NextCell);
if( SecurityCell == NULL ) {
//
// we couldn't map a view for the bin containing this cell
//
return FALSE;
}
#ifdef HIVE_SECURITY_STATS
NoOfCells++;
if( (SmallestSize == 0) || ((SecurityCell->DescriptorLength + FIELD_OFFSET(CM_KEY_SECURITY, Descriptor)) < SmallestSize) ) {
SmallestSize = SecurityCell->DescriptorLength + FIELD_OFFSET(CM_KEY_SECURITY, Descriptor);
}
if( (BiggestSize == 0) || ((SecurityCell->DescriptorLength + FIELD_OFFSET(CM_KEY_SECURITY, Descriptor)) > BiggestSize) ) {
BiggestSize = SecurityCell->DescriptorLength + FIELD_OFFSET(CM_KEY_SECURITY, Descriptor);
}
TotalSecuritySize += (SecurityCell->DescriptorLength + FIELD_OFFSET(CM_KEY_SECURITY, Descriptor));
#endif
if (NextCell != ListAnchor) {
//
// Check to make sure that our Blink points to where we just
// came from.
//
if (SecurityCell->Blink != LastCell) {
CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC," Invalid Blink (%08lx) on security cell %08lx\n",SecurityCell->Blink, NextCell));
CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC," should point to %08lx\n", LastCell));
return(FALSE);
}
}
CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC,"CmpValidSD: SD shared by %d nodes\n",SecurityCell->ReferenceCount));
if (!SeValidSecurityDescriptor(SecurityCell->DescriptorLength, &SecurityCell->Descriptor)) {
#if DBG
CmpDumpSecurityDescriptor(&SecurityCell->Descriptor,"INVALID DESCRIPTOR");
#endif
goto YankSD;
}
//
// cache this security cell; now that we know it is valid
//
if( BuildSecurityCache == TRUE ) {
if( !NT_SUCCESS(CmpAddSecurityCellToCache ( (PCMHIVE)Hive,NextCell,TRUE,NULL) ) ) {
return FALSE;
}
} else {
//
// just check this cell is there
//
ULONG Index;
if( CmpFindSecurityCellCacheIndex ((PCMHIVE)Hive,NextCell,&Index) == FALSE ) {
//
// bad things happened; maybe an error in our caching code?
//
return FALSE;
}
}
LastCell = NextCell;
NextCell = SecurityCell->Flink;
} while ( NextCell != ListAnchor );
#ifdef HIVE_SECURITY_STATS
#ifndef _CM_LDR_
DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\t NumberOfCells \t = %20lu (%8lx) \n",NoOfCells,NoOfCells);
DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\t SmallestCellSize \t = %20lu (%8lx) \n",SmallestSize,SmallestSize);
DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\t BiggestCellSize \t = %20lu (%8lx) \n",BiggestSize,BiggestSize);
DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\t TotalSecuritySize\t = %20lu (%8lx) \n",TotalSecuritySize,TotalSecuritySize);
DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\t HiveLength \t = %20lu (%8lx) \n",Hive->BaseBlock->Length,Hive->BaseBlock->Length);
DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\n");
#endif //_CM_LDR_
#endif
if( BuildSecurityCache == TRUE ) {
//
// adjust the size of the cache in case we allocated too much
//
CmpAdjustSecurityCacheSize ( (PCMHIVE)Hive );
#ifdef HIVE_SECURITY_STATS
{
ULONG Duplicates;
Duplicates = CmpCheckForSecurityDuplicates((PCMHIVE)Hive);
if( Duplicates ) {
#ifndef _CM_LDR_
DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"Hive %p %lu security cells duplicated !!!\n",Hive,Duplicates);
#endif //_CM_LDR_
}
}
#endif
}
return(TRUE);
}