archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/base/ntos/config/cmchek2.c

249 lines
7.5 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1991 Microsoft Corporation
  5. Module Name:
  7. cmchek2.c
  9. Abstract:
  11. This module implements consistency checking for the registry.
  14. Author:
  16. Bryan M. Willman (bryanwi) 27-Jan-92
  18. Environment:
  21. Revision History:
  23. --*/
  25. #include "cmp.h"
  27. #ifdef ALLOC_PRAGMA
  28. #pragma alloc_text(PAGE,CmpValidateHiveSecurityDescriptors)
  29. #endif
  31. extern ULONG CmpUsedStorage;
  33. #ifdef HIVE_SECURITY_STATS
  34. ULONG
  35. CmpCheckForSecurityDuplicates(
  36. IN OUT PCMHIVE CmHive
  37. );
  38. #endif
  40. BOOLEAN
  41. CmpValidateHiveSecurityDescriptors(
  42. IN PHHIVE Hive,
  43. OUT PBOOLEAN ResetSD
  44. )
  45. /*++
  47. Routine Description:
  49. Walks the list of security descriptors present in the hive and passes
  50. each security descriptor to RtlValidSecurityDescriptor.
  52. Only applies to descriptors in Stable store. Those in Volatile store
  53. cannot have come from disk and therefore do not need this treatment
  54. anyway.
  56. Arguments:
  58. Hive - Supplies pointer to the hive control structure
  60. Return Value:
  62. TRUE - All security descriptors are valid
  63. FALSE - At least one security descriptor is invalid
  65. --*/
  67. {
  68. PCM_KEY_NODE RootNode;
  69. PCM_KEY_SECURITY SecurityCell;
  70. HCELL_INDEX ListAnchor;
  71. HCELL_INDEX NextCell;
  72. HCELL_INDEX LastCell;
  73. BOOLEAN BuildSecurityCache;
  75. #ifdef HIVE_SECURITY_STATS
  76. UNICODE_STRING HiveName;
  77. ULONG NoOfCells = 0;
  78. ULONG SmallestSize = 0;
  79. ULONG BiggestSize = 0;
  80. ULONG TotalSecuritySize = 0;
  82. RtlInitUnicodeString(&HiveName, (PCWSTR)Hive->BaseBlock->FileName);
  83. #ifndef _CM_LDR_
  84. DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"Security stats for hive (%lx) (%.*S):\n",Hive,HiveName.Length / sizeof(WCHAR),HiveName.Buffer);
  85. #endif //_CM_LDR_
  87. #endif
  89. CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC,"CmpValidateHiveSecurityDescriptor: Hive = %p\n",(ULONG_PTR)Hive));
  91. ASSERT( Hive->ReleaseCellRoutine == NULL );
  93. *ResetSD = FALSE;
  95. if( ((PCMHIVE)Hive)->SecurityCount == 0 ) {
  96. BuildSecurityCache = TRUE;
  97. } else {
  98. BuildSecurityCache = FALSE;
  99. }
  100. if (!HvIsCellAllocated(Hive,Hive->BaseBlock->RootCell)) {
  101. //
  102. // root cell HCELL_INDEX is bogus
  103. //
  104. return(FALSE);
  105. }
  106. RootNode = (PCM_KEY_NODE) HvGetCell(Hive, Hive->BaseBlock->RootCell);
  107. if( RootNode == NULL ) {
  108. //
  109. // we couldn't map a view for the bin containing this cell
  110. //
  111. return FALSE;
  112. }
  114. if( FALSE ) {
  115. YankSD:
  116. if( CmDoSelfHeal() ) {
  117. //
  118. // reset all security for the entire hive to the root security. There is no reliable way to
  119. // patch the security list
  120. //
  121. SecurityCell = (PCM_KEY_SECURITY) HvGetCell(Hive, RootNode->Security);
  122. if( SecurityCell == NULL ) {
  123. return FALSE;
  124. }
  126. if( HvMarkCellDirty(Hive, RootNode->Security) ) {
  127. SecurityCell->Flink = SecurityCell->Blink = RootNode->Security;
  128. } else {
  129. return FALSE;
  130. }
  131. //
  132. // destroy existing cache and set up an empty one
  133. //
  134. CmpDestroySecurityCache((PCMHIVE)Hive);
  135. CmpInitSecurityCache((PCMHIVE)Hive);
  136. CmMarkSelfHeal(Hive);
  137. *ResetSD = TRUE;
  139. } else {
  140. return FALSE;
  141. }
  143. }
  145. LastCell = 0;
  146. ListAnchor = NextCell = RootNode->Security;
  148. do {
  149. if (!HvIsCellAllocated(Hive, NextCell)) {
  150. CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC,"CM: CmpValidateHiveSecurityDescriptors\n"));
  151. CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC," NextCell: %08lx is invalid HCELL_INDEX\n",NextCell));
  152. goto YankSD;
  153. }
  154. SecurityCell = (PCM_KEY_SECURITY) HvGetCell(Hive, NextCell);
  155. if( SecurityCell == NULL ) {
  156. //
  157. // we couldn't map a view for the bin containing this cell
  158. //
  159. return FALSE;
  160. }
  161. #ifdef HIVE_SECURITY_STATS
  162. NoOfCells++;
  163. if( (SmallestSize == 0) || ((SecurityCell->DescriptorLength + FIELD_OFFSET(CM_KEY_SECURITY, Descriptor)) < SmallestSize) ) {
  164. SmallestSize = SecurityCell->DescriptorLength + FIELD_OFFSET(CM_KEY_SECURITY, Descriptor);
  165. }
  166. if( (BiggestSize == 0) || ((SecurityCell->DescriptorLength + FIELD_OFFSET(CM_KEY_SECURITY, Descriptor)) > BiggestSize) ) {
  167. BiggestSize = SecurityCell->DescriptorLength + FIELD_OFFSET(CM_KEY_SECURITY, Descriptor);
  168. }
  169. TotalSecuritySize += (SecurityCell->DescriptorLength + FIELD_OFFSET(CM_KEY_SECURITY, Descriptor));
  171. #endif
  173. if (NextCell != ListAnchor) {
  174. //
  175. // Check to make sure that our Blink points to where we just
  176. // came from.
  177. //
  178. if (SecurityCell->Blink != LastCell) {
  179. CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC," Invalid Blink (%08lx) on security cell %08lx\n",SecurityCell->Blink, NextCell));
  180. CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC," should point to %08lx\n", LastCell));
  181. return(FALSE);
  182. }
  183. }
  185. CmKdPrintEx((DPFLTR_CONFIG_ID,CML_SEC,"CmpValidSD: SD shared by %d nodes\n",SecurityCell->ReferenceCount));
  186. if (!SeValidSecurityDescriptor(SecurityCell->DescriptorLength, &SecurityCell->Descriptor)) {
  187. #if DBG
  188. CmpDumpSecurityDescriptor(&SecurityCell->Descriptor,"INVALID DESCRIPTOR");
  189. #endif
  190. goto YankSD;
  191. }
  192. //
  193. // cache this security cell; now that we know it is valid
  194. //
  195. if( BuildSecurityCache == TRUE ) {
  196. if( !NT_SUCCESS(CmpAddSecurityCellToCache ( (PCMHIVE)Hive,NextCell,TRUE) ) ) {
  197. return FALSE;
  198. }
  199. } else {
  200. //
  201. // just check this cell is there
  202. //
  203. ULONG Index;
  204. if( CmpFindSecurityCellCacheIndex ((PCMHIVE)Hive,NextCell,&Index) == FALSE ) {
  205. //
  206. // bad things happened; maybe an error in our caching code?
  207. //
  208. return FALSE;
  209. }
  211. }
  213. LastCell = NextCell;
  214. NextCell = SecurityCell->Flink;
  215. } while ( NextCell != ListAnchor );
  216. #ifdef HIVE_SECURITY_STATS
  218. #ifndef _CM_LDR_
  219. DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\t NumberOfCells \t = %20lu (%8lx) \n",NoOfCells,NoOfCells);
  220. DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\t SmallestCellSize \t = %20lu (%8lx) \n",SmallestSize,SmallestSize);
  221. DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\t BiggestCellSize \t = %20lu (%8lx) \n",BiggestSize,BiggestSize);
  222. DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\t TotalSecuritySize\t = %20lu (%8lx) \n",TotalSecuritySize,TotalSecuritySize);
  223. DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\t HiveLength \t = %20lu (%8lx) \n",Hive->BaseBlock->Length,Hive->BaseBlock->Length);
  224. DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"\n");
  225. #endif //_CM_LDR_
  227. #endif
  229. if( BuildSecurityCache == TRUE ) {
  230. //
  231. // adjust the size of the cache in case we allocated too much
  232. //
  233. CmpAdjustSecurityCacheSize ( (PCMHIVE)Hive );
  234. #ifdef HIVE_SECURITY_STATS
  235. {
  236. ULONG Duplicates;
  238. Duplicates = CmpCheckForSecurityDuplicates((PCMHIVE)Hive);
  239. if( Duplicates ) {
  240. #ifndef _CM_LDR_
  241. DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_TRACE_LEVEL,"Hive %p %lu security cells duplicated !!!\n",Hive,Duplicates);
  242. #endif //_CM_LDR_
  243. }
  244. }
  245. #endif
  246. }
  248. return(TRUE);
  249. }