3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
6 * FILE: kernel/se/acl.c
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
15 #include <internal/se.h>
17 #include <internal/debug.h>
19 #define TAG_ACL TAG('A', 'C', 'L', 'T')
22 /* GLOBALS ******************************************************************/
25 PACL EXPORTED SePublicDefaultDacl = NULL;
26 PACL EXPORTED SeSystemDefaultDacl = NULL;
28 PACL SePublicDefaultUnrestrictedDacl = NULL;
29 PACL SePublicOpenDacl = NULL;
30 PACL SePublicOpenUnrestrictedDacl = NULL;
31 PACL SeUnrestrictedDacl = NULL;
32 #endif /* LIBCAPTIVE */
35 /* FUNCTIONS ****************************************************************/
46 AclLength2 = sizeof(ACL) +
47 2 * (RtlLengthRequiredSid(1) + sizeof(ACE));
48 AclLength3 = sizeof(ACL) +
49 3 * (RtlLengthRequiredSid(1) + sizeof(ACE));
50 AclLength4 = sizeof(ACL) +
51 4 * (RtlLengthRequiredSid(1) + sizeof(ACE));
53 /* create PublicDefaultDacl */
54 SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
57 if (SePublicDefaultDacl == NULL)
60 RtlCreateAcl(SePublicDefaultDacl,
64 RtlAddAccessAllowedAce(SePublicDefaultDacl,
69 RtlAddAccessAllowedAce(SePublicDefaultDacl,
75 /* create PublicDefaultUnrestrictedDacl */
76 SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
79 if (SePublicDefaultUnrestrictedDacl == NULL)
82 RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
86 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
91 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
96 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
101 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
103 GENERIC_READ | GENERIC_EXECUTE | STANDARD_RIGHTS_READ,
104 SeRestrictedCodeSid);
106 /* create PublicOpenDacl */
107 SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,
110 if (SePublicOpenDacl == NULL)
113 RtlCreateAcl(SePublicOpenDacl,
117 RtlAddAccessAllowedAce(SePublicOpenDacl,
119 GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
122 RtlAddAccessAllowedAce(SePublicOpenDacl,
127 RtlAddAccessAllowedAce(SePublicOpenDacl,
136 #endif /* LIBCAPTIVE */
139 RtlFirstFreeAce(PACL Acl,
146 Current = (PACE)(Acl + 1);
149 if (Acl->AceCount == 0)
154 AclEnd = Acl->AclSize + Acl;
157 if ((PVOID)Current >= AclEnd)
161 if (Current->Header.AceType == 4)
163 if (Acl->AclRevision < 3)
168 Current = (PACE)((PVOID)Current + (ULONG)Current->Header.AceSize);
170 } while (i < Acl->AceCount);
171 if ((PVOID)Current >= AclEnd)
181 RtlpAddKnownAce(PACL Acl,
183 ACCESS_MASK AccessMask,
189 if (!RtlValidSid(Sid))
191 return(STATUS_INVALID_SID);
193 if (Acl->AclRevision > 3 ||
196 return(STATUS_UNKNOWN_REVISION);
198 if (Revision < Acl->AclRevision)
200 Revision = Acl->AclRevision;
202 if (!RtlFirstFreeAce(Acl, &Ace))
204 return(STATUS_BUFFER_TOO_SMALL);
208 return(STATUS_UNSUCCESSFUL);
210 if (((PVOID)Ace + RtlLengthSid(Sid) + sizeof(ACE)) >=
211 ((PVOID)Acl + Acl->AclSize))
213 return(STATUS_BUFFER_TOO_SMALL);
215 Ace->Header.AceFlags = 0;
216 Ace->Header.AceType = Type;
217 Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
218 Ace->AccessMask = AccessMask;
219 RtlCopySid(RtlLengthSid(Sid), (PSID)(Ace + 1), Sid);
221 Acl->AclRevision = Revision;
222 return(STATUS_SUCCESS);
227 RtlAddAccessAllowedAce(PACL Acl,
229 ACCESS_MASK AccessMask,
232 return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 0));
249 if (Acl->AclRevision != 2 &&
250 Acl->AclRevision != 3)
252 return(STATUS_UNSUCCESSFUL);
254 if (!RtlFirstFreeAce(Acl,&Ace))
256 return(STATUS_UNSUCCESSFUL);
258 if (Acl->AclRevision <= AclRevision)
260 AclRevision = Acl->AclRevision;
262 if (((PVOID)AceList + AceListLength) <= (PVOID)AceList)
264 return(STATUS_UNSUCCESSFUL);
267 Current = (PACE)(Acl + 1);
268 while ((PVOID)Current < ((PVOID)AceList + AceListLength))
270 if (AceList->Header.AceType == 4 &&
273 return(STATUS_UNSUCCESSFUL);
275 Current = (PACE)((PVOID)Current + Current->Header.AceSize);
279 return(STATUS_UNSUCCESSFUL);
281 if (((PVOID)Ace + AceListLength) >= ((PVOID)Acl + Acl->AclSize))
283 return(STATUS_UNSUCCESSFUL);
285 if (StartingIndex != 0)
287 if (Acl->AceCount > 0)
289 Current = (PACE)(Acl + 1);
290 for (j = 0; j < StartingIndex; j++)
292 Current = (PACE)((PVOID)Current + Current->Header.AceSize);
296 /* RtlpAddData(AceList, AceListLength, Current, (PVOID)Ace - Current)); */
297 memcpy(Current, AceList, AceListLength);
298 Acl->AceCount = Acl->AceCount + i;
299 Acl->AclRevision = AclRevision;
303 #endif /* LIBCAPTIVE */
306 RtlCreateAcl(PACL Acl,
312 return(STATUS_BUFFER_TOO_SMALL);
314 if (AclRevision != 2 &&
317 return(STATUS_UNKNOWN_REVISION);
319 if (AclSize > 0xffff)
321 return(STATUS_UNSUCCESSFUL);
323 AclSize = AclSize & ~(0x3);
324 Acl->AclSize = AclSize;
325 Acl->AclRevision = AclRevision;
329 return(STATUS_SUCCESS);