3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
15 #include <internal/se.h>
17 #include <internal/debug.h>
19 /* GLOBALS ******************************************************************/
21 PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL;
22 PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL;
23 PSECURITY_DESCRIPTOR SePublicOpenSd = NULL;
24 PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL;
25 PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL;
26 PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL;
28 /* FUNCTIONS ***************************************************************/
33 /* Create PublicDefaultSd */
34 SePublicDefaultSd = ExAllocatePool(NonPagedPool,
35 sizeof(SECURITY_DESCRIPTOR));
36 if (SePublicDefaultSd == NULL)
39 RtlCreateSecurityDescriptor(SePublicDefaultSd,
40 SECURITY_DESCRIPTOR_REVISION);
41 RtlSetDaclSecurityDescriptor(SePublicDefaultSd,
46 /* Create PublicDefaultUnrestrictedSd */
47 SePublicDefaultUnrestrictedSd = ExAllocatePool(NonPagedPool,
48 sizeof(SECURITY_DESCRIPTOR));
49 if (SePublicDefaultUnrestrictedSd == NULL)
52 RtlCreateSecurityDescriptor(SePublicDefaultUnrestrictedSd,
53 SECURITY_DESCRIPTOR_REVISION);
54 RtlSetDaclSecurityDescriptor(SePublicDefaultUnrestrictedSd,
56 SePublicDefaultUnrestrictedDacl,
59 /* Create PublicOpenSd */
60 SePublicOpenSd = ExAllocatePool(NonPagedPool,
61 sizeof(SECURITY_DESCRIPTOR));
62 if (SePublicOpenSd == NULL)
65 RtlCreateSecurityDescriptor(SePublicOpenSd,
66 SECURITY_DESCRIPTOR_REVISION);
67 RtlSetDaclSecurityDescriptor(SePublicOpenSd,
72 /* Create PublicOpenUnrestrictedSd */
73 SePublicOpenUnrestrictedSd = ExAllocatePool(NonPagedPool,
74 sizeof(SECURITY_DESCRIPTOR));
75 if (SePublicOpenUnrestrictedSd == NULL)
78 RtlCreateSecurityDescriptor(SePublicOpenUnrestrictedSd,
79 SECURITY_DESCRIPTOR_REVISION);
80 RtlSetDaclSecurityDescriptor(SePublicOpenUnrestrictedSd,
82 SePublicOpenUnrestrictedDacl,
85 /* Create SystemDefaultSd */
86 SeSystemDefaultSd = ExAllocatePool(NonPagedPool,
87 sizeof(SECURITY_DESCRIPTOR));
88 if (SeSystemDefaultSd == NULL)
91 RtlCreateSecurityDescriptor(SeSystemDefaultSd,
92 SECURITY_DESCRIPTOR_REVISION);
93 RtlSetDaclSecurityDescriptor(SeSystemDefaultSd,
98 /* Create UnrestrictedSd */
99 SeUnrestrictedSd = ExAllocatePool(NonPagedPool,
100 sizeof(SECURITY_DESCRIPTOR));
101 if (SeUnrestrictedSd == NULL)
104 RtlCreateSecurityDescriptor(SeUnrestrictedSd,
105 SECURITY_DESCRIPTOR_REVISION);
106 RtlSetDaclSecurityDescriptor(SeUnrestrictedSd,
116 RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
119 if (Revision != SECURITY_DESCRIPTOR_REVISION)
120 return(STATUS_UNSUCCESSFUL);
122 SecurityDescriptor->Revision = SECURITY_DESCRIPTOR_REVISION;
123 SecurityDescriptor->Sbz1 = 0;
124 SecurityDescriptor->Control = 0;
125 SecurityDescriptor->Owner = NULL;
126 SecurityDescriptor->Group = NULL;
127 SecurityDescriptor->Sacl = NULL;
128 SecurityDescriptor->Dacl = NULL;
130 return(STATUS_SUCCESS);
135 RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
143 Length = sizeof(SECURITY_DESCRIPTOR);
145 if (SecurityDescriptor->Owner != NULL)
147 Owner = SecurityDescriptor->Owner;
148 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
150 Owner = (PSID)((ULONG)Owner +
151 (ULONG)SecurityDescriptor);
153 Length = Length + ((sizeof(SID) + (Owner->SubAuthorityCount - 1) *
154 sizeof(ULONG) + 3) & 0xfc);
157 if (SecurityDescriptor->Group != NULL)
159 Group = SecurityDescriptor->Group;
160 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
162 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
164 Length = Length + ((sizeof(SID) + (Group->SubAuthorityCount - 1) *
165 sizeof(ULONG) + 3) & 0xfc);
168 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
169 SecurityDescriptor->Dacl != NULL)
171 Dacl = SecurityDescriptor->Dacl;
172 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
174 Dacl = (PACL)((ULONG)Dacl + (PVOID)SecurityDescriptor);
176 Length = Length + ((Dacl->AclSize + 3) & 0xfc);
179 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
180 SecurityDescriptor->Sacl != NULL)
182 Sacl = SecurityDescriptor->Sacl;
183 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
185 Sacl = (PACL)((ULONG)Sacl + (PVOID)SecurityDescriptor);
187 Length = Length + ((Sacl->AclSize + 3) & 0xfc);
195 RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
196 PBOOLEAN DaclPresent,
198 PBOOLEAN DaclDefaulted)
200 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
202 return(STATUS_UNSUCCESSFUL);
205 if (!(SecurityDescriptor->Control & SE_DACL_PRESENT))
207 *DaclPresent = FALSE;
208 return(STATUS_SUCCESS);
212 if (SecurityDescriptor->Dacl == NULL)
218 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
220 *Dacl = (PACL)((ULONG)SecurityDescriptor->Dacl +
221 (PVOID)SecurityDescriptor);
225 *Dacl = SecurityDescriptor->Dacl;
229 if (SecurityDescriptor->Control & SE_DACL_DEFAULTED)
231 *DaclDefaulted = TRUE;
235 *DaclDefaulted = FALSE;
238 return(STATUS_SUCCESS);
243 RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
246 BOOLEAN DaclDefaulted)
248 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
250 return(STATUS_UNSUCCESSFUL);
253 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
255 return(STATUS_UNSUCCESSFUL);
260 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_PRESENT);
261 return(STATUS_SUCCESS);
264 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_PRESENT;
265 SecurityDescriptor->Dacl = Dacl;
266 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_DEFAULTED);
270 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_DEFAULTED;
273 return(STATUS_SUCCESS);
278 RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
285 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
290 Owner = SecurityDescriptor->Owner;
291 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
293 Owner = (PSID)((ULONG)Owner + (ULONG)SecurityDescriptor);
296 if (!RtlValidSid(Owner))
301 Group = SecurityDescriptor->Group;
302 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
304 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
307 if (!RtlValidSid(Group))
312 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
313 SecurityDescriptor->Dacl != NULL)
315 Dacl = SecurityDescriptor->Dacl;
316 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
318 Dacl = (PACL)((ULONG)Dacl + (ULONG)SecurityDescriptor);
321 if (!RtlValidAcl(Dacl))
327 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
328 SecurityDescriptor->Sacl != NULL)
330 Sacl = SecurityDescriptor->Sacl;
331 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
333 Sacl = (PACL)((ULONG)Sacl + (ULONG)SecurityDescriptor);
336 if (!RtlValidAcl(Sacl))
347 RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
349 BOOLEAN OwnerDefaulted)
351 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
353 return(STATUS_UNSUCCESSFUL);
356 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
358 return(STATUS_UNSUCCESSFUL);
361 SecurityDescriptor->Owner = Owner;
362 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_OWNER_DEFAULTED);
366 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_OWNER_DEFAULTED;
369 return(STATUS_SUCCESS);
374 RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
376 PBOOLEAN OwnerDefaulted)
378 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
380 return(STATUS_UNSUCCESSFUL);
383 if (SecurityDescriptor->Owner != NULL)
385 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
387 *Owner = (PSID)((ULONG)SecurityDescriptor->Owner +
388 (PVOID)SecurityDescriptor);
392 *Owner = SecurityDescriptor->Owner;
399 if (SecurityDescriptor->Control & SE_OWNER_DEFAULTED)
407 return(STATUS_SUCCESS);
412 RtlSetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
414 BOOLEAN GroupDefaulted)
416 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
418 return(STATUS_UNSUCCESSFUL);
421 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
423 return(STATUS_UNSUCCESSFUL);
426 SecurityDescriptor->Group = Group;
427 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_GROUP_DEFAULTED);
431 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_GROUP_DEFAULTED;
434 return(STATUS_SUCCESS);
439 RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
441 PBOOLEAN GroupDefaulted)
443 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
445 return(STATUS_UNSUCCESSFUL);
448 if (SecurityDescriptor->Group != NULL)
450 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
452 *Group = (PSID)((ULONG)SecurityDescriptor->Group +
453 (PVOID)SecurityDescriptor);
457 *Group = SecurityDescriptor->Group;
465 if (SecurityDescriptor->Control & SE_GROUP_DEFAULTED)
467 *GroupDefaulted = TRUE;
471 *GroupDefaulted = FALSE;
474 return(STATUS_SUCCESS);
479 RtlGetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
480 PBOOLEAN SaclPresent,
482 PBOOLEAN SaclDefaulted)
484 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
486 return(STATUS_UNSUCCESSFUL);
489 if (!(SecurityDescriptor->Control & SE_SACL_PRESENT))
491 *SaclPresent = FALSE;
492 return(STATUS_SUCCESS);
496 if (SecurityDescriptor->Sacl == NULL)
502 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
504 *Sacl = (PACL)((ULONG)SecurityDescriptor->Sacl +
505 (PVOID)SecurityDescriptor);
509 *Sacl = SecurityDescriptor->Sacl;
513 if (SecurityDescriptor->Control & SE_SACL_DEFAULTED)
515 *SaclDefaulted = TRUE;
519 *SaclDefaulted = FALSE;
522 return(STATUS_SUCCESS);
527 RtlSetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
530 BOOLEAN SaclDefaulted)
532 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
534 return(STATUS_UNSUCCESSFUL);
536 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
538 return(STATUS_UNSUCCESSFUL);
543 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_PRESENT);
544 return(STATUS_SUCCESS);
547 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_PRESENT;
548 SecurityDescriptor->Sacl = Sacl;
549 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_DEFAULTED);
553 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_DEFAULTED;
556 return(STATUS_SUCCESS);
561 RtlpQuerySecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
571 if (SecurityDescriptor->Owner == NULL)
577 *Owner = SecurityDescriptor->Owner;
578 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
580 *Owner = (PSID)((ULONG)*Owner + (ULONG)SecurityDescriptor);
586 *OwnerLength = (RtlLengthSid(*Owner) + 3) & ~3;
593 if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
594 SecurityDescriptor->Dacl != NULL)
596 *Dacl = SecurityDescriptor->Dacl;
597 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
599 *Dacl = (PACL)((ULONG)*Dacl + (ULONG)SecurityDescriptor);
609 *DaclLength = ((*Dacl)->AclSize + 3) & ~3;
616 if (SecurityDescriptor->Group != NULL)
622 *Group = SecurityDescriptor->Group;
623 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
625 *Group = (PSID)((ULONG)*Group + (ULONG)SecurityDescriptor);
631 *GroupLength = (RtlLengthSid(*Group) + 3) & ~3;
638 if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
639 SecurityDescriptor->Sacl != NULL)
641 *Sacl = SecurityDescriptor->Sacl;
642 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
644 *Sacl = (PACL)((ULONG)*Sacl + (ULONG)SecurityDescriptor);
654 *SaclLength = ((*Sacl)->AclSize + 3) & ~3;
660 RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
661 PSECURITY_DESCRIPTOR RelSD,
675 if (AbsSD->Control & SE_SELF_RELATIVE)
677 return(STATUS_BAD_DESCRIPTOR_FORMAT);
680 RtlpQuerySecurityDescriptor(AbsSD,
690 TotalLength = OwnerLength + GroupLength + SaclLength +
691 DaclLength + sizeof(SECURITY_DESCRIPTOR);
692 if (*BufferLength < TotalLength)
694 return(STATUS_BUFFER_TOO_SMALL);
701 sizeof(SECURITY_DESCRIPTOR));
702 Current = (ULONG)RelSD + sizeof(SECURITY_DESCRIPTOR);
706 memmove((PVOID)Current,
709 RelSD->Sacl = (PACL)((ULONG)Current - (ULONG)RelSD);
710 Current += SaclLength;
715 memmove((PVOID)Current,
718 RelSD->Dacl = (PACL)((ULONG)Current - (ULONG)RelSD);
719 Current += DaclLength;
722 if (OwnerLength != 0)
724 memmove((PVOID)Current,
727 RelSD->Owner = (PSID)((ULONG)Current - (ULONG)RelSD);
728 Current += OwnerLength;
731 if (GroupLength != 0)
733 memmove((PVOID)Current,
736 RelSD->Group = (PSID)((ULONG)Current - (ULONG)RelSD);
739 RelSD->Control |= SE_SELF_RELATIVE;
741 return(STATUS_SUCCESS);