3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
6 * FILE: kernel/se/acl.c
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
15 #include <internal/se.h>
17 #include <internal/debug.h>
19 #define TAG_ACL TAG('A', 'C', 'L', 'T')
22 /* GLOBALS ******************************************************************/
24 PACL EXPORTED SePublicDefaultDacl = NULL;
25 PACL EXPORTED SeSystemDefaultDacl = NULL;
27 PACL SePublicDefaultUnrestrictedDacl = NULL;
28 PACL SePublicOpenDacl = NULL;
29 PACL SePublicOpenUnrestrictedDacl = NULL;
30 PACL SeUnrestrictedDacl = NULL;
33 /* FUNCTIONS ****************************************************************/
42 AclLength2 = sizeof(ACL) +
43 2 * (RtlLengthRequiredSid(1) + sizeof(ACE));
44 AclLength3 = sizeof(ACL) +
45 3 * (RtlLengthRequiredSid(1) + sizeof(ACE));
46 AclLength4 = sizeof(ACL) +
47 4 * (RtlLengthRequiredSid(1) + sizeof(ACE));
49 /* create PublicDefaultDacl */
50 SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
53 if (SePublicDefaultDacl == NULL)
56 RtlCreateAcl(SePublicDefaultDacl,
60 RtlAddAccessAllowedAce(SePublicDefaultDacl,
65 RtlAddAccessAllowedAce(SePublicDefaultDacl,
71 /* create PublicDefaultUnrestrictedDacl */
72 SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
75 if (SePublicDefaultUnrestrictedDacl == NULL)
78 RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
82 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
87 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
92 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
97 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
99 GENERIC_READ | GENERIC_EXECUTE | STANDARD_RIGHTS_READ,
100 SeRestrictedCodeSid);
102 /* create PublicOpenDacl */
103 SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,
106 if (SePublicOpenDacl == NULL)
109 RtlCreateAcl(SePublicOpenDacl,
113 RtlAddAccessAllowedAce(SePublicOpenDacl,
115 GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
118 RtlAddAccessAllowedAce(SePublicOpenDacl,
123 RtlAddAccessAllowedAce(SePublicOpenDacl,
134 RtlFirstFreeAce(PACL Acl,
141 Current = (PACE)(Acl + 1);
144 if (Acl->AceCount == 0)
149 AclEnd = Acl->AclSize + Acl;
152 if ((PVOID)Current >= AclEnd)
156 if (Current->Header.AceType == 4)
158 if (Acl->AclRevision < 3)
163 Current = (PACE)((PVOID)Current + (ULONG)Current->Header.AceSize);
165 } while (i < Acl->AceCount);
166 if ((PVOID)Current >= AclEnd)
176 RtlpAddKnownAce(PACL Acl,
178 ACCESS_MASK AccessMask,
184 if (!RtlValidSid(Sid))
186 return(STATUS_INVALID_SID);
188 if (Acl->AclRevision > 3 ||
191 return(STATUS_UNKNOWN_REVISION);
193 if (Revision < Acl->AclRevision)
195 Revision = Acl->AclRevision;
197 if (!RtlFirstFreeAce(Acl, &Ace))
199 return(STATUS_BUFFER_TOO_SMALL);
203 return(STATUS_UNSUCCESSFUL);
205 if (((PVOID)Ace + RtlLengthSid(Sid) + sizeof(ACE)) >=
206 ((PVOID)Acl + Acl->AclSize))
208 return(STATUS_BUFFER_TOO_SMALL);
210 Ace->Header.AceFlags = 0;
211 Ace->Header.AceType = Type;
212 Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
213 Ace->AccessMask = AccessMask;
214 RtlCopySid(RtlLengthSid(Sid), (PSID)(Ace + 1), Sid);
216 Acl->AclRevision = Revision;
217 return(STATUS_SUCCESS);
222 RtlAddAccessAllowedAce(PACL Acl,
224 ACCESS_MASK AccessMask,
227 return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 0));
243 if (Acl->AclRevision != 2 &&
244 Acl->AclRevision != 3)
246 return(STATUS_UNSUCCESSFUL);
248 if (!RtlFirstFreeAce(Acl,&Ace))
250 return(STATUS_UNSUCCESSFUL);
252 if (Acl->AclRevision <= AclRevision)
254 AclRevision = Acl->AclRevision;
256 if (((PVOID)AceList + AceListLength) <= (PVOID)AceList)
258 return(STATUS_UNSUCCESSFUL);
261 Current = (PACE)(Acl + 1);
262 while ((PVOID)Current < ((PVOID)AceList + AceListLength))
264 if (AceList->Header.AceType == 4 &&
267 return(STATUS_UNSUCCESSFUL);
269 Current = (PACE)((PVOID)Current + Current->Header.AceSize);
273 return(STATUS_UNSUCCESSFUL);
275 if (((PVOID)Ace + AceListLength) >= ((PVOID)Acl + Acl->AclSize))
277 return(STATUS_UNSUCCESSFUL);
279 if (StartingIndex != 0)
281 if (Acl->AceCount > 0)
283 Current = (PACE)(Acl + 1);
284 for (j = 0; j < StartingIndex; j++)
286 Current = (PACE)((PVOID)Current + Current->Header.AceSize);
290 /* RtlpAddData(AceList, AceListLength, Current, (PVOID)Ace - Current)); */
291 memcpy(Current, AceList, AceListLength);
292 Acl->AceCount = Acl->AceCount + i;
293 Acl->AclRevision = AclRevision;
299 RtlCreateAcl(PACL Acl,
305 return(STATUS_BUFFER_TOO_SMALL);
307 if (AclRevision != 2 &&
310 return(STATUS_UNKNOWN_REVISION);
312 if (AclSize > 0xffff)
314 return(STATUS_UNSUCCESSFUL);
316 AclSize = AclSize & ~(0x3);
317 Acl->AclSize = AclSize;
318 Acl->AclRevision = AclRevision;
322 return(STATUS_SUCCESS);