3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security descriptor functions
6 * FILE: lib/ntdll/rtl/sd.c
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
16 #include <ntdll/ntdll.h>
18 /* FUNCTIONS ***************************************************************/
21 RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
26 return(STATUS_UNSUCCESSFUL);
29 SecurityDescriptor->Revision = 1;
30 SecurityDescriptor->Sbz1 = 0;
31 SecurityDescriptor->Control = 0;
32 SecurityDescriptor->Owner = NULL;
33 SecurityDescriptor->Group = NULL;
34 SecurityDescriptor->Sacl = NULL;
35 SecurityDescriptor->Dacl = NULL;
37 return(STATUS_SUCCESS);
44 RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
52 Length = sizeof(SECURITY_DESCRIPTOR);
54 if (SecurityDescriptor->Owner != NULL)
56 Owner = SecurityDescriptor->Owner;
57 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
59 Owner = (PSID)((ULONG)Owner +
60 (ULONG)SecurityDescriptor);
62 Length = Length + ((sizeof(SID) + (Owner->SubAuthorityCount - 1) *
63 sizeof(ULONG) + 3) & 0xfc);
66 if (SecurityDescriptor->Group != NULL)
68 Group = SecurityDescriptor->Group;
69 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
71 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
73 Length = Length + ((sizeof(SID) + (Group->SubAuthorityCount - 1) *
74 sizeof(ULONG) + 3) & 0xfc);
77 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
78 SecurityDescriptor->Dacl != NULL)
80 Dacl = SecurityDescriptor->Dacl;
81 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
83 Dacl = (PACL)((ULONG)Dacl + (PVOID)SecurityDescriptor);
85 Length = Length + ((Dacl->AclSize + 3) & 0xfc);
88 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
89 SecurityDescriptor->Sacl != NULL)
91 Sacl = SecurityDescriptor->Sacl;
92 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
94 Sacl = (PACL)((ULONG)Sacl + (PVOID)SecurityDescriptor);
96 Length = Length + ((Sacl->AclSize + 3) & 0xfc);
107 RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
108 PBOOLEAN DaclPresent,
110 PBOOLEAN DaclDefaulted)
112 if (SecurityDescriptor->Revision != 1)
114 return(STATUS_UNSUCCESSFUL);
116 if (!(SecurityDescriptor->Control & SE_DACL_PRESENT))
119 return(STATUS_SUCCESS);
122 if (SecurityDescriptor->Dacl == NULL)
128 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
130 *Dacl = (PACL)((ULONG)SecurityDescriptor->Dacl +
131 (PVOID)SecurityDescriptor);
135 *Dacl = SecurityDescriptor->Dacl;
138 if (SecurityDescriptor->Control & SE_DACL_DEFAULTED)
146 return(STATUS_SUCCESS);
154 RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
157 BOOLEAN DaclDefaulted)
159 if (SecurityDescriptor->Revision != 1)
161 return(STATUS_UNSUCCESSFUL);
163 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
165 return(STATUS_UNSUCCESSFUL);
169 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_PRESENT);
170 return(STATUS_SUCCESS);
172 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_PRESENT;
173 SecurityDescriptor->Dacl = Dacl;
174 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_DEFAULTED);
177 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_DEFAULTED;
179 return(STATUS_SUCCESS);
187 RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
194 if (SecurityDescriptor->Revision != 1)
199 Owner = SecurityDescriptor->Owner;
200 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
202 Owner = (PSID)((ULONG)Owner + (ULONG)SecurityDescriptor);
205 if (!RtlValidSid(Owner))
210 Group = SecurityDescriptor->Group;
211 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
213 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
216 if (!RtlValidSid(Group))
221 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
222 SecurityDescriptor->Dacl != NULL)
224 Dacl = SecurityDescriptor->Dacl;
225 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
227 Dacl = (PACL)((ULONG)Dacl + (ULONG)SecurityDescriptor);
230 if (!RtlValidAcl(Dacl))
236 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
237 SecurityDescriptor->Sacl != NULL)
239 Sacl = SecurityDescriptor->Sacl;
240 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
242 Sacl = (PACL)((ULONG)Sacl + (ULONG)SecurityDescriptor);
245 if (!RtlValidAcl(Sacl))
259 RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
261 BOOLEAN OwnerDefaulted)
263 if (SecurityDescriptor->Revision != 1)
265 return(STATUS_UNSUCCESSFUL);
267 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
269 return(STATUS_UNSUCCESSFUL);
271 SecurityDescriptor->Owner = Owner;
272 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_OWNER_DEFAULTED);
275 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_OWNER_DEFAULTED;
277 return(STATUS_SUCCESS);
284 RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
286 PBOOLEAN OwnerDefaulted)
288 if (SecurityDescriptor->Revision != 1)
290 return(STATUS_UNSUCCESSFUL);
292 if (SecurityDescriptor->Owner != NULL)
294 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
296 *Owner = (PSID)((ULONG)SecurityDescriptor->Owner +
297 (PVOID)SecurityDescriptor);
301 *Owner = SecurityDescriptor->Owner;
308 if (SecurityDescriptor->Control & SE_OWNER_DEFAULTED)
316 return(STATUS_SUCCESS);
323 RtlSetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
325 BOOLEAN GroupDefaulted)
327 if (SecurityDescriptor->Revision != 1)
329 return(STATUS_UNSUCCESSFUL);
331 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
333 return(STATUS_UNSUCCESSFUL);
335 SecurityDescriptor->Group = Group;
336 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_GROUP_DEFAULTED);
339 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_GROUP_DEFAULTED;
341 return(STATUS_SUCCESS);
348 RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
350 PBOOLEAN GroupDefaulted)
352 if (SecurityDescriptor->Revision != 1)
354 return(STATUS_UNSUCCESSFUL);
356 if (SecurityDescriptor->Group != NULL)
358 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
360 *Group = (PSID)((ULONG)SecurityDescriptor->Group +
361 (PVOID)SecurityDescriptor);
365 *Group = SecurityDescriptor->Group;
372 if (SecurityDescriptor->Control & SE_GROUP_DEFAULTED)
380 return(STATUS_SUCCESS);
385 RtlpQuerySecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
395 if (SecurityDescriptor->Owner == NULL)
401 *Owner = SecurityDescriptor->Owner;
402 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
404 *Owner = (PSID)((ULONG)*Owner + (ULONG)SecurityDescriptor);
410 *OwnerLength = (RtlLengthSid(*Owner) + 3) & ~3;
417 if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
418 SecurityDescriptor->Dacl != NULL)
420 *Dacl = SecurityDescriptor->Dacl;
421 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
423 *Dacl = (PACL)((ULONG)*Dacl + (ULONG)SecurityDescriptor);
433 *DaclLength = ((*Dacl)->AclSize + 3) & ~3;
440 if (SecurityDescriptor->Group != NULL)
446 *Group = SecurityDescriptor->Group;
447 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
449 *Group = (PSID)((ULONG)*Group + (ULONG)SecurityDescriptor);
455 *GroupLength = (RtlLengthSid(*Group) + 3) & ~3;
462 if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
463 SecurityDescriptor->Sacl != NULL)
465 *Sacl = SecurityDescriptor->Sacl;
466 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
468 *Sacl = (PACL)((ULONG)*Sacl + (ULONG)SecurityDescriptor);
478 *SaclLength = ((*Sacl)->AclSize + 3) & ~3;
487 RtlMakeSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
488 PSECURITY_DESCRIPTOR RelSD,
502 RtlpQuerySecurityDescriptor(AbsSD,
512 TotalLength = OwnerLength + GroupLength + SaclLength + DaclLength + sizeof(SECURITY_DESCRIPTOR);
513 if (*BufferLength < TotalLength)
515 return(STATUS_BUFFER_TOO_SMALL);
522 sizeof(SECURITY_DESCRIPTOR));
523 Current = (ULONG)RelSD + sizeof(SECURITY_DESCRIPTOR);
527 memmove((PVOID)Current,
530 RelSD->Sacl = (PACL)((ULONG)Current - (ULONG)RelSD);
531 Current += SaclLength;
536 memmove((PVOID)Current,
539 RelSD->Dacl = (PACL)((ULONG)Current - (ULONG)RelSD);
540 Current += DaclLength;
543 if (OwnerLength != 0)
545 memmove((PVOID)Current,
548 RelSD->Owner = (PSID)((ULONG)Current - (ULONG)RelSD);
549 Current += OwnerLength;
552 if (GroupLength != 0)
554 memmove((PVOID)Current,
557 RelSD->Group = (PSID)((ULONG)Current - (ULONG)RelSD);
560 RelSD->Control |= SE_SELF_RELATIVE;
562 return(STATUS_SUCCESS);
570 RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
571 PSECURITY_DESCRIPTOR RelSD,
575 if (AbsSD->Control & SE_SELF_RELATIVE)
577 return(STATUS_BAD_DESCRIPTOR_FORMAT);
580 return(RtlMakeSelfRelativeSD(AbsSD, RelSD, BufferLength));
588 RtlGetControlSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
589 PSECURITY_DESCRIPTOR_CONTROL Control,
592 *Revision = SecurityDescriptor->Revision;
594 if (SecurityDescriptor->Revision != 1)
596 return(STATUS_UNKNOWN_REVISION);
599 *Control = SecurityDescriptor->Control;
601 return(STATUS_SUCCESS);
609 RtlGetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
610 PBOOLEAN SaclPresent,
612 PBOOLEAN SaclDefaulted)
614 if (SecurityDescriptor->Revision != 1)
616 return(STATUS_UNSUCCESSFUL);
618 if (!(SecurityDescriptor->Control & SE_SACL_PRESENT))
621 return(STATUS_SUCCESS);
624 if (SecurityDescriptor->Sacl == NULL)
630 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
632 *Sacl = (PACL)((ULONG)SecurityDescriptor->Sacl +
633 (PVOID)SecurityDescriptor);
637 *Sacl = SecurityDescriptor->Sacl;
640 if (SecurityDescriptor->Control & SE_SACL_DEFAULTED)
648 return(STATUS_SUCCESS);
655 RtlSetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
658 BOOLEAN SaclDefaulted)
660 if (SecurityDescriptor->Revision != 1)
662 return(STATUS_UNSUCCESSFUL);
664 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
666 return(STATUS_UNSUCCESSFUL);
670 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_PRESENT);
671 return(STATUS_SUCCESS);
673 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_PRESENT;
674 SecurityDescriptor->Sacl = Sacl;
675 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_DEFAULTED);
678 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_DEFAULTED;
680 return(STATUS_SUCCESS);
688 RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR RelSD,
689 PSECURITY_DESCRIPTOR AbsSD,
709 if (!(RelSD->Control & SE_SELF_RELATIVE))
710 return STATUS_BAD_DESCRIPTOR_FORMAT;
712 RtlpQuerySecurityDescriptor (RelSD,
722 if (OwnerLength > *OwnerSize ||
723 GroupLength > *GroupSize ||
724 DaclLength > *DaclSize ||
725 SaclLength > *SaclSize)
726 return STATUS_BUFFER_TOO_SMALL;
728 memmove (Owner, pOwner, OwnerLength);
729 memmove (Group, pGroup, GroupLength);
730 memmove (Dacl, pDacl, DaclLength);
731 memmove (Sacl, pSacl, SaclLength);
733 memmove (AbsSD, RelSD, sizeof (SECURITY_DESCRIPTOR));
735 AbsSD->Control &= ~SE_SELF_RELATIVE;
736 AbsSD->Owner = Owner;
737 AbsSD->Group = Group;
741 *OwnerSize = OwnerLength;
742 *GroupSize = GroupLength;
743 *DaclSize = DaclLength;
744 *SaclSize = SaclLength;
746 return STATUS_SUCCESS;