3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
15 #include <internal/se.h>
17 #include <internal/debug.h>
19 /* GLOBALS ******************************************************************/
22 PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL;
23 PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL;
24 PSECURITY_DESCRIPTOR SePublicOpenSd = NULL;
25 PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL;
26 PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL;
27 PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL;
28 #endif /* LIBCAPTIVE */
30 /* FUNCTIONS ***************************************************************/
36 /* Create PublicDefaultSd */
37 SePublicDefaultSd = ExAllocatePool(NonPagedPool,
38 sizeof(SECURITY_DESCRIPTOR));
39 if (SePublicDefaultSd == NULL)
42 RtlCreateSecurityDescriptor(SePublicDefaultSd,
43 SECURITY_DESCRIPTOR_REVISION);
44 RtlSetDaclSecurityDescriptor(SePublicDefaultSd,
49 /* Create PublicDefaultUnrestrictedSd */
50 SePublicDefaultUnrestrictedSd = ExAllocatePool(NonPagedPool,
51 sizeof(SECURITY_DESCRIPTOR));
52 if (SePublicDefaultUnrestrictedSd == NULL)
55 RtlCreateSecurityDescriptor(SePublicDefaultUnrestrictedSd,
56 SECURITY_DESCRIPTOR_REVISION);
57 RtlSetDaclSecurityDescriptor(SePublicDefaultUnrestrictedSd,
59 SePublicDefaultUnrestrictedDacl,
62 /* Create PublicOpenSd */
63 SePublicOpenSd = ExAllocatePool(NonPagedPool,
64 sizeof(SECURITY_DESCRIPTOR));
65 if (SePublicOpenSd == NULL)
68 RtlCreateSecurityDescriptor(SePublicOpenSd,
69 SECURITY_DESCRIPTOR_REVISION);
70 RtlSetDaclSecurityDescriptor(SePublicOpenSd,
75 /* Create PublicOpenUnrestrictedSd */
76 SePublicOpenUnrestrictedSd = ExAllocatePool(NonPagedPool,
77 sizeof(SECURITY_DESCRIPTOR));
78 if (SePublicOpenUnrestrictedSd == NULL)
81 RtlCreateSecurityDescriptor(SePublicOpenUnrestrictedSd,
82 SECURITY_DESCRIPTOR_REVISION);
83 RtlSetDaclSecurityDescriptor(SePublicOpenUnrestrictedSd,
85 SePublicOpenUnrestrictedDacl,
88 /* Create SystemDefaultSd */
89 SeSystemDefaultSd = ExAllocatePool(NonPagedPool,
90 sizeof(SECURITY_DESCRIPTOR));
91 if (SeSystemDefaultSd == NULL)
94 RtlCreateSecurityDescriptor(SeSystemDefaultSd,
95 SECURITY_DESCRIPTOR_REVISION);
96 RtlSetDaclSecurityDescriptor(SeSystemDefaultSd,
101 /* Create UnrestrictedSd */
102 SeUnrestrictedSd = ExAllocatePool(NonPagedPool,
103 sizeof(SECURITY_DESCRIPTOR));
104 if (SeUnrestrictedSd == NULL)
107 RtlCreateSecurityDescriptor(SeUnrestrictedSd,
108 SECURITY_DESCRIPTOR_REVISION);
109 RtlSetDaclSecurityDescriptor(SeUnrestrictedSd,
113 #endif /* LIBCAPTIVE */
120 RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
123 if (Revision != SECURITY_DESCRIPTOR_REVISION)
124 return(STATUS_UNSUCCESSFUL);
126 SecurityDescriptor->Revision = SECURITY_DESCRIPTOR_REVISION;
127 SecurityDescriptor->Sbz1 = 0;
128 SecurityDescriptor->Control = 0;
129 SecurityDescriptor->Owner = NULL;
130 SecurityDescriptor->Group = NULL;
131 SecurityDescriptor->Sacl = NULL;
132 SecurityDescriptor->Dacl = NULL;
134 return(STATUS_SUCCESS);
139 /* FIXME: This function is somehow buggy, at least it uses '0xfc' mask
140 * instead of '0xFFFFFFFC' mask as sometimes there are PAGE_SIZE sized structures.
143 RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
151 Length = sizeof(SECURITY_DESCRIPTOR);
153 if (SecurityDescriptor->Owner != NULL)
155 Owner = SecurityDescriptor->Owner;
156 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
158 Owner = (PSID)((ULONG)Owner +
159 (ULONG)SecurityDescriptor);
161 Length = Length + ((sizeof(SID) + (Owner->SubAuthorityCount - 1) *
162 sizeof(ULONG) + 3) & 0xfc);
165 if (SecurityDescriptor->Group != NULL)
167 Group = SecurityDescriptor->Group;
168 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
170 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
172 Length = Length + ((sizeof(SID) + (Group->SubAuthorityCount - 1) *
173 sizeof(ULONG) + 3) & 0xfc);
176 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
177 SecurityDescriptor->Dacl != NULL)
179 Dacl = SecurityDescriptor->Dacl;
180 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
182 Dacl = (PACL)((ULONG)Dacl + (PVOID)SecurityDescriptor);
184 Length = Length + ((Dacl->AclSize + 3) & 0xfc);
187 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
188 SecurityDescriptor->Sacl != NULL)
190 Sacl = SecurityDescriptor->Sacl;
191 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
193 Sacl = (PACL)((ULONG)Sacl + (PVOID)SecurityDescriptor);
195 Length = Length + ((Sacl->AclSize + 3) & 0xfc);
203 RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
204 PBOOLEAN DaclPresent,
206 PBOOLEAN DaclDefaulted)
208 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
210 return(STATUS_UNSUCCESSFUL);
213 if (!(SecurityDescriptor->Control & SE_DACL_PRESENT))
215 *DaclPresent = FALSE;
216 return(STATUS_SUCCESS);
220 if (SecurityDescriptor->Dacl == NULL)
226 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
228 *Dacl = (PACL)((ULONG)SecurityDescriptor->Dacl +
229 (PVOID)SecurityDescriptor);
233 *Dacl = SecurityDescriptor->Dacl;
237 if (SecurityDescriptor->Control & SE_DACL_DEFAULTED)
239 *DaclDefaulted = TRUE;
243 *DaclDefaulted = FALSE;
246 return(STATUS_SUCCESS);
249 #endif /* LIBCAPTIVE */
252 RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
255 BOOLEAN DaclDefaulted)
257 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
259 return(STATUS_UNSUCCESSFUL);
262 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
264 return(STATUS_UNSUCCESSFUL);
269 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_PRESENT);
270 return(STATUS_SUCCESS);
273 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_PRESENT;
274 SecurityDescriptor->Dacl = Dacl;
275 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_DEFAULTED);
279 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_DEFAULTED;
282 return(STATUS_SUCCESS);
288 RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
295 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
300 Owner = SecurityDescriptor->Owner;
301 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
303 Owner = (PSID)((ULONG)Owner + (ULONG)SecurityDescriptor);
306 if (!RtlValidSid(Owner))
311 Group = SecurityDescriptor->Group;
312 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
314 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
317 if (!RtlValidSid(Group))
322 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
323 SecurityDescriptor->Dacl != NULL)
325 Dacl = SecurityDescriptor->Dacl;
326 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
328 Dacl = (PACL)((ULONG)Dacl + (ULONG)SecurityDescriptor);
331 if (!RtlValidAcl(Dacl))
337 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
338 SecurityDescriptor->Sacl != NULL)
340 Sacl = SecurityDescriptor->Sacl;
341 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
343 Sacl = (PACL)((ULONG)Sacl + (ULONG)SecurityDescriptor);
346 if (!RtlValidAcl(Sacl))
357 RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
359 BOOLEAN OwnerDefaulted)
361 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
363 return(STATUS_UNSUCCESSFUL);
366 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
368 return(STATUS_UNSUCCESSFUL);
371 SecurityDescriptor->Owner = Owner;
372 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_OWNER_DEFAULTED);
376 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_OWNER_DEFAULTED;
379 return(STATUS_SUCCESS);
384 RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
386 PBOOLEAN OwnerDefaulted)
388 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
390 return(STATUS_UNSUCCESSFUL);
393 if (SecurityDescriptor->Owner != NULL)
395 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
397 *Owner = (PSID)((ULONG)SecurityDescriptor->Owner +
398 (PVOID)SecurityDescriptor);
402 *Owner = SecurityDescriptor->Owner;
409 if (SecurityDescriptor->Control & SE_OWNER_DEFAULTED)
417 return(STATUS_SUCCESS);
422 RtlSetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
424 BOOLEAN GroupDefaulted)
426 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
428 return(STATUS_UNSUCCESSFUL);
431 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
433 return(STATUS_UNSUCCESSFUL);
436 SecurityDescriptor->Group = Group;
437 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_GROUP_DEFAULTED);
441 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_GROUP_DEFAULTED;
444 return(STATUS_SUCCESS);
449 RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
451 PBOOLEAN GroupDefaulted)
453 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
455 return(STATUS_UNSUCCESSFUL);
458 if (SecurityDescriptor->Group != NULL)
460 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
462 *Group = (PSID)((ULONG)SecurityDescriptor->Group +
463 (PVOID)SecurityDescriptor);
467 *Group = SecurityDescriptor->Group;
475 if (SecurityDescriptor->Control & SE_GROUP_DEFAULTED)
477 *GroupDefaulted = TRUE;
481 *GroupDefaulted = FALSE;
484 return(STATUS_SUCCESS);
489 RtlGetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
490 PBOOLEAN SaclPresent,
492 PBOOLEAN SaclDefaulted)
494 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
496 return(STATUS_UNSUCCESSFUL);
499 if (!(SecurityDescriptor->Control & SE_SACL_PRESENT))
501 *SaclPresent = FALSE;
502 return(STATUS_SUCCESS);
506 if (SecurityDescriptor->Sacl == NULL)
512 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
514 *Sacl = (PACL)((ULONG)SecurityDescriptor->Sacl +
515 (PVOID)SecurityDescriptor);
519 *Sacl = SecurityDescriptor->Sacl;
523 if (SecurityDescriptor->Control & SE_SACL_DEFAULTED)
525 *SaclDefaulted = TRUE;
529 *SaclDefaulted = FALSE;
532 return(STATUS_SUCCESS);
537 RtlSetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
540 BOOLEAN SaclDefaulted)
542 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
544 return(STATUS_UNSUCCESSFUL);
546 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
548 return(STATUS_UNSUCCESSFUL);
553 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_PRESENT);
554 return(STATUS_SUCCESS);
557 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_PRESENT;
558 SecurityDescriptor->Sacl = Sacl;
559 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_DEFAULTED);
563 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_DEFAULTED;
566 return(STATUS_SUCCESS);
571 RtlpQuerySecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
581 if (SecurityDescriptor->Owner == NULL)
587 *Owner = SecurityDescriptor->Owner;
588 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
590 *Owner = (PSID)((ULONG)*Owner + (ULONG)SecurityDescriptor);
596 *OwnerLength = (RtlLengthSid(*Owner) + 3) & ~3;
603 if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
604 SecurityDescriptor->Dacl != NULL)
606 *Dacl = SecurityDescriptor->Dacl;
607 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
609 *Dacl = (PACL)((ULONG)*Dacl + (ULONG)SecurityDescriptor);
619 *DaclLength = ((*Dacl)->AclSize + 3) & ~3;
626 if (SecurityDescriptor->Group != NULL)
632 *Group = SecurityDescriptor->Group;
633 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
635 *Group = (PSID)((ULONG)*Group + (ULONG)SecurityDescriptor);
641 *GroupLength = (RtlLengthSid(*Group) + 3) & ~3;
648 if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
649 SecurityDescriptor->Sacl != NULL)
651 *Sacl = SecurityDescriptor->Sacl;
652 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
654 *Sacl = (PACL)((ULONG)*Sacl + (ULONG)SecurityDescriptor);
664 *SaclLength = ((*Sacl)->AclSize + 3) & ~3;
670 RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
671 PSECURITY_DESCRIPTOR RelSD,
685 if (AbsSD->Control & SE_SELF_RELATIVE)
687 return(STATUS_BAD_DESCRIPTOR_FORMAT);
690 RtlpQuerySecurityDescriptor(AbsSD,
700 TotalLength = OwnerLength + GroupLength + SaclLength +
701 DaclLength + sizeof(SECURITY_DESCRIPTOR);
702 if (*BufferLength < TotalLength)
704 return(STATUS_BUFFER_TOO_SMALL);
711 sizeof(SECURITY_DESCRIPTOR));
712 Current = (ULONG)RelSD + sizeof(SECURITY_DESCRIPTOR);
716 memmove((PVOID)Current,
719 RelSD->Sacl = (PACL)((ULONG)Current - (ULONG)RelSD);
720 Current += SaclLength;
725 memmove((PVOID)Current,
728 RelSD->Dacl = (PACL)((ULONG)Current - (ULONG)RelSD);
729 Current += DaclLength;
732 if (OwnerLength != 0)
734 memmove((PVOID)Current,
737 RelSD->Owner = (PSID)((ULONG)Current - (ULONG)RelSD);
738 Current += OwnerLength;
741 if (GroupLength != 0)
743 memmove((PVOID)Current,
746 RelSD->Group = (PSID)((ULONG)Current - (ULONG)RelSD);
749 RelSD->Control |= SE_SELF_RELATIVE;
751 return(STATUS_SUCCESS);
754 #endif /* LIBCAPTIVE */