3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
15 #include <internal/se.h>
17 #include <internal/debug.h>
19 /* GLOBALS ******************************************************************/
21 PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL;
22 PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL;
23 PSECURITY_DESCRIPTOR SePublicOpenSd = NULL;
24 PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL;
25 PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL;
26 PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL;
28 /* FUNCTIONS ***************************************************************/
33 /* Create PublicDefaultSd */
34 SePublicDefaultSd = ExAllocatePool(NonPagedPool,
35 sizeof(SECURITY_DESCRIPTOR));
36 if (SePublicDefaultSd == NULL)
39 RtlCreateSecurityDescriptor(SePublicDefaultSd,
40 SECURITY_DESCRIPTOR_REVISION);
41 RtlSetDaclSecurityDescriptor(SePublicDefaultSd,
46 /* Create PublicDefaultUnrestrictedSd */
47 SePublicDefaultUnrestrictedSd = ExAllocatePool(NonPagedPool,
48 sizeof(SECURITY_DESCRIPTOR));
49 if (SePublicDefaultUnrestrictedSd == NULL)
52 RtlCreateSecurityDescriptor(SePublicDefaultUnrestrictedSd,
53 SECURITY_DESCRIPTOR_REVISION);
54 RtlSetDaclSecurityDescriptor(SePublicDefaultUnrestrictedSd,
56 SePublicDefaultUnrestrictedDacl,
59 /* Create PublicOpenSd */
60 SePublicOpenSd = ExAllocatePool(NonPagedPool,
61 sizeof(SECURITY_DESCRIPTOR));
62 if (SePublicOpenSd == NULL)
65 RtlCreateSecurityDescriptor(SePublicOpenSd,
66 SECURITY_DESCRIPTOR_REVISION);
67 RtlSetDaclSecurityDescriptor(SePublicOpenSd,
72 /* Create PublicOpenUnrestrictedSd */
73 SePublicOpenUnrestrictedSd = ExAllocatePool(NonPagedPool,
74 sizeof(SECURITY_DESCRIPTOR));
75 if (SePublicOpenUnrestrictedSd == NULL)
78 RtlCreateSecurityDescriptor(SePublicOpenUnrestrictedSd,
79 SECURITY_DESCRIPTOR_REVISION);
80 RtlSetDaclSecurityDescriptor(SePublicOpenUnrestrictedSd,
82 SePublicOpenUnrestrictedDacl,
85 /* Create SystemDefaultSd */
86 SeSystemDefaultSd = ExAllocatePool(NonPagedPool,
87 sizeof(SECURITY_DESCRIPTOR));
88 if (SeSystemDefaultSd == NULL)
91 RtlCreateSecurityDescriptor(SeSystemDefaultSd,
92 SECURITY_DESCRIPTOR_REVISION);
93 RtlSetDaclSecurityDescriptor(SeSystemDefaultSd,
98 /* Create UnrestrictedSd */
99 SeUnrestrictedSd = ExAllocatePool(NonPagedPool,
100 sizeof(SECURITY_DESCRIPTOR));
101 if (SeUnrestrictedSd == NULL)
104 RtlCreateSecurityDescriptor(SeUnrestrictedSd,
105 SECURITY_DESCRIPTOR_REVISION);
106 RtlSetDaclSecurityDescriptor(SeUnrestrictedSd,
119 RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
122 if (Revision != SECURITY_DESCRIPTOR_REVISION)
123 return(STATUS_UNSUCCESSFUL);
125 SecurityDescriptor->Revision = SECURITY_DESCRIPTOR_REVISION;
126 SecurityDescriptor->Sbz1 = 0;
127 SecurityDescriptor->Control = 0;
128 SecurityDescriptor->Owner = NULL;
129 SecurityDescriptor->Group = NULL;
130 SecurityDescriptor->Sacl = NULL;
131 SecurityDescriptor->Dacl = NULL;
133 return(STATUS_SUCCESS);
141 RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
149 Length = sizeof(SECURITY_DESCRIPTOR);
151 if (SecurityDescriptor->Owner != NULL)
153 Owner = SecurityDescriptor->Owner;
154 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
156 Owner = (PSID)((ULONG)Owner +
157 (ULONG)SecurityDescriptor);
159 Length = Length + ((sizeof(SID) + (Owner->SubAuthorityCount - 1) *
160 sizeof(ULONG) + 3) & 0xfc);
163 if (SecurityDescriptor->Group != NULL)
165 Group = SecurityDescriptor->Group;
166 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
168 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
170 Length = Length + ((sizeof(SID) + (Group->SubAuthorityCount - 1) *
171 sizeof(ULONG) + 3) & 0xfc);
174 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
175 SecurityDescriptor->Dacl != NULL)
177 Dacl = SecurityDescriptor->Dacl;
178 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
180 Dacl = (PACL)((ULONG)Dacl + (PVOID)SecurityDescriptor);
182 Length = Length + ((Dacl->AclSize + 3) & 0xfc);
185 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
186 SecurityDescriptor->Sacl != NULL)
188 Sacl = SecurityDescriptor->Sacl;
189 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
191 Sacl = (PACL)((ULONG)Sacl + (PVOID)SecurityDescriptor);
193 Length = Length + ((Sacl->AclSize + 3) & 0xfc);
204 RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
205 PBOOLEAN DaclPresent,
207 PBOOLEAN DaclDefaulted)
209 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
211 return(STATUS_UNSUCCESSFUL);
214 if (!(SecurityDescriptor->Control & SE_DACL_PRESENT))
216 *DaclPresent = FALSE;
217 return(STATUS_SUCCESS);
221 if (SecurityDescriptor->Dacl == NULL)
227 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
229 *Dacl = (PACL)((ULONG)SecurityDescriptor->Dacl +
230 (PVOID)SecurityDescriptor);
234 *Dacl = SecurityDescriptor->Dacl;
238 if (SecurityDescriptor->Control & SE_DACL_DEFAULTED)
240 *DaclDefaulted = TRUE;
244 *DaclDefaulted = FALSE;
247 return(STATUS_SUCCESS);
255 RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
258 BOOLEAN DaclDefaulted)
260 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
262 return(STATUS_UNSUCCESSFUL);
265 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
267 return(STATUS_UNSUCCESSFUL);
272 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_PRESENT);
273 return(STATUS_SUCCESS);
276 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_PRESENT;
277 SecurityDescriptor->Dacl = Dacl;
278 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_DEFAULTED);
282 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_DEFAULTED;
285 return(STATUS_SUCCESS);
293 RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
300 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
305 Owner = SecurityDescriptor->Owner;
306 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
308 Owner = (PSID)((ULONG)Owner + (ULONG)SecurityDescriptor);
311 if (!RtlValidSid(Owner))
316 Group = SecurityDescriptor->Group;
317 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
319 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
322 if (!RtlValidSid(Group))
327 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
328 SecurityDescriptor->Dacl != NULL)
330 Dacl = SecurityDescriptor->Dacl;
331 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
333 Dacl = (PACL)((ULONG)Dacl + (ULONG)SecurityDescriptor);
336 if (!RtlValidAcl(Dacl))
342 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
343 SecurityDescriptor->Sacl != NULL)
345 Sacl = SecurityDescriptor->Sacl;
346 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
348 Sacl = (PACL)((ULONG)Sacl + (ULONG)SecurityDescriptor);
351 if (!RtlValidAcl(Sacl))
365 RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
367 BOOLEAN OwnerDefaulted)
369 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
371 return(STATUS_UNSUCCESSFUL);
374 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
376 return(STATUS_UNSUCCESSFUL);
379 SecurityDescriptor->Owner = Owner;
380 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_OWNER_DEFAULTED);
384 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_OWNER_DEFAULTED;
387 return(STATUS_SUCCESS);
395 RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
397 PBOOLEAN OwnerDefaulted)
399 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
401 return(STATUS_UNSUCCESSFUL);
404 if (SecurityDescriptor->Owner != NULL)
406 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
408 *Owner = (PSID)((ULONG)SecurityDescriptor->Owner +
409 (PVOID)SecurityDescriptor);
413 *Owner = SecurityDescriptor->Owner;
420 if (SecurityDescriptor->Control & SE_OWNER_DEFAULTED)
428 return(STATUS_SUCCESS);
436 RtlSetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
438 BOOLEAN GroupDefaulted)
440 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
442 return(STATUS_UNSUCCESSFUL);
445 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
447 return(STATUS_UNSUCCESSFUL);
450 SecurityDescriptor->Group = Group;
451 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_GROUP_DEFAULTED);
455 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_GROUP_DEFAULTED;
458 return(STATUS_SUCCESS);
466 RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
468 PBOOLEAN GroupDefaulted)
470 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
472 return(STATUS_UNSUCCESSFUL);
475 if (SecurityDescriptor->Group != NULL)
477 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
479 *Group = (PSID)((ULONG)SecurityDescriptor->Group +
480 (PVOID)SecurityDescriptor);
484 *Group = SecurityDescriptor->Group;
492 if (SecurityDescriptor->Control & SE_GROUP_DEFAULTED)
494 *GroupDefaulted = TRUE;
498 *GroupDefaulted = FALSE;
501 return(STATUS_SUCCESS);
509 RtlGetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
510 PBOOLEAN SaclPresent,
512 PBOOLEAN SaclDefaulted)
514 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
516 return(STATUS_UNSUCCESSFUL);
519 if (!(SecurityDescriptor->Control & SE_SACL_PRESENT))
521 *SaclPresent = FALSE;
522 return(STATUS_SUCCESS);
526 if (SecurityDescriptor->Sacl == NULL)
532 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
534 *Sacl = (PACL)((ULONG)SecurityDescriptor->Sacl +
535 (PVOID)SecurityDescriptor);
539 *Sacl = SecurityDescriptor->Sacl;
543 if (SecurityDescriptor->Control & SE_SACL_DEFAULTED)
545 *SaclDefaulted = TRUE;
549 *SaclDefaulted = FALSE;
552 return(STATUS_SUCCESS);
560 RtlSetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
563 BOOLEAN SaclDefaulted)
565 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
567 return(STATUS_UNSUCCESSFUL);
569 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
571 return(STATUS_UNSUCCESSFUL);
576 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_PRESENT);
577 return(STATUS_SUCCESS);
580 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_PRESENT;
581 SecurityDescriptor->Sacl = Sacl;
582 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_DEFAULTED);
586 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_DEFAULTED;
589 return(STATUS_SUCCESS);
594 RtlpQuerySecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
604 if (SecurityDescriptor->Owner == NULL)
610 *Owner = SecurityDescriptor->Owner;
611 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
613 *Owner = (PSID)((ULONG)*Owner + (ULONG)SecurityDescriptor);
619 *OwnerLength = (RtlLengthSid(*Owner) + 3) & ~3;
626 if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
627 SecurityDescriptor->Dacl != NULL)
629 *Dacl = SecurityDescriptor->Dacl;
630 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
632 *Dacl = (PACL)((ULONG)*Dacl + (ULONG)SecurityDescriptor);
642 *DaclLength = ((*Dacl)->AclSize + 3) & ~3;
649 if (SecurityDescriptor->Group != NULL)
655 *Group = SecurityDescriptor->Group;
656 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
658 *Group = (PSID)((ULONG)*Group + (ULONG)SecurityDescriptor);
664 *GroupLength = (RtlLengthSid(*Group) + 3) & ~3;
671 if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
672 SecurityDescriptor->Sacl != NULL)
674 *Sacl = SecurityDescriptor->Sacl;
675 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
677 *Sacl = (PACL)((ULONG)*Sacl + (ULONG)SecurityDescriptor);
687 *SaclLength = ((*Sacl)->AclSize + 3) & ~3;
696 RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
697 PSECURITY_DESCRIPTOR RelSD,
711 if (AbsSD->Control & SE_SELF_RELATIVE)
713 return(STATUS_BAD_DESCRIPTOR_FORMAT);
716 RtlpQuerySecurityDescriptor(AbsSD,
726 TotalLength = OwnerLength + GroupLength + SaclLength +
727 DaclLength + sizeof(SECURITY_DESCRIPTOR);
728 if (*BufferLength < TotalLength)
730 return(STATUS_BUFFER_TOO_SMALL);
737 sizeof(SECURITY_DESCRIPTOR));
738 Current = (ULONG)RelSD + sizeof(SECURITY_DESCRIPTOR);
742 memmove((PVOID)Current,
745 RelSD->Sacl = (PACL)((ULONG)Current - (ULONG)RelSD);
746 Current += SaclLength;
751 memmove((PVOID)Current,
754 RelSD->Dacl = (PACL)((ULONG)Current - (ULONG)RelSD);
755 Current += DaclLength;
758 if (OwnerLength != 0)
760 memmove((PVOID)Current,
763 RelSD->Owner = (PSID)((ULONG)Current - (ULONG)RelSD);
764 Current += OwnerLength;
767 if (GroupLength != 0)
769 memmove((PVOID)Current,
772 RelSD->Group = (PSID)((ULONG)Current - (ULONG)RelSD);
775 RelSD->Control |= SE_SELF_RELATIVE;
777 return(STATUS_SUCCESS);