3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
6 * FILE: ntoskrnl/se/sid.c
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
15 #include <internal/se.h>
17 #include <internal/debug.h>
19 #define TAG_SID TAG('S', 'I', 'D', 'T')
22 /* GLOBALS ******************************************************************/
24 SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
25 SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
26 SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
27 SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
28 SID_IDENTIFIER_AUTHORITY SeNtSidAuthority = {SECURITY_NT_AUTHORITY};
30 PSID SeNullSid = NULL;
31 PSID SeWorldSid = NULL;
32 PSID SeLocalSid = NULL;
33 PSID SeCreatorOwnerSid = NULL;
34 PSID SeCreatorGroupSid = NULL;
35 PSID SeCreatorOwnerServerSid = NULL;
36 PSID SeCreatorGroupServerSid = NULL;
37 PSID SeNtAuthoritySid = NULL;
38 PSID SeDialupSid = NULL;
39 PSID SeNetworkSid = NULL;
40 PSID SeBatchSid = NULL;
41 PSID SeInteractiveSid = NULL;
42 PSID SeServiceSid = NULL;
43 PSID SeAnonymousLogonSid = NULL;
44 PSID SePrincipalSelfSid = NULL;
45 PSID SeLocalSystemSid = NULL;
46 PSID SeAuthenticatedUserSid = NULL;
47 PSID SeRestrictedCodeSid = NULL;
48 PSID SeAliasAdminsSid = NULL;
49 PSID SeAliasUsersSid = NULL;
50 PSID SeAliasGuestsSid = NULL;
51 PSID SeAliasPowerUsersSid = NULL;
52 PSID SeAliasAccountOpsSid = NULL;
53 PSID SeAliasSystemOpsSid = NULL;
54 PSID SeAliasPrintOpsSid = NULL;
55 PSID SeAliasBackupOpsSid = NULL;
58 /* FUNCTIONS ****************************************************************/
62 SepInitSecurityIDs(VOID)
69 SidLength0 = RtlLengthRequiredSid(0);
70 SidLength1 = RtlLengthRequiredSid(1);
71 SidLength2 = RtlLengthRequiredSid(2);
74 SeNullSid = ExAllocatePoolWithTag(NonPagedPool,
77 if (SeNullSid == NULL)
80 RtlInitializeSid(SeNullSid,
83 SubAuthority = RtlSubAuthoritySid(SeNullSid,
85 *SubAuthority = SECURITY_NULL_RID;
88 SeWorldSid = ExAllocatePoolWithTag(NonPagedPool,
91 if (SeWorldSid == NULL)
94 RtlInitializeSid(SeWorldSid,
97 SubAuthority = RtlSubAuthoritySid(SeWorldSid,
99 *SubAuthority = SECURITY_WORLD_RID;
101 /* create LocalSid */
102 SeLocalSid = ExAllocatePoolWithTag(NonPagedPool,
105 if (SeLocalSid == NULL)
108 RtlInitializeSid(SeLocalSid,
109 &SeLocalSidAuthority,
111 SubAuthority = RtlSubAuthoritySid(SeLocalSid,
113 *SubAuthority = SECURITY_LOCAL_RID;
115 /* create CreatorOwnerSid */
116 SeCreatorOwnerSid = ExAllocatePoolWithTag(NonPagedPool,
119 if (SeCreatorOwnerSid == NULL)
122 RtlInitializeSid(SeCreatorOwnerSid,
123 &SeCreatorSidAuthority,
125 SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid,
127 *SubAuthority = SECURITY_CREATOR_OWNER_RID;
129 /* create CreatorGroupSid */
130 SeCreatorGroupSid = ExAllocatePoolWithTag(NonPagedPool,
133 if (SeCreatorGroupSid == NULL)
136 RtlInitializeSid(SeCreatorGroupSid,
137 &SeCreatorSidAuthority,
139 SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid,
141 *SubAuthority = SECURITY_CREATOR_GROUP_RID;
143 /* create CreatorOwnerServerSid */
144 SeCreatorOwnerServerSid = ExAllocatePoolWithTag(NonPagedPool,
147 if (SeCreatorOwnerServerSid == NULL)
150 RtlInitializeSid(SeCreatorOwnerServerSid,
151 &SeCreatorSidAuthority,
153 SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid,
155 *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
157 /* create CreatorGroupServerSid */
158 SeCreatorGroupServerSid = ExAllocatePoolWithTag(NonPagedPool,
161 if (SeCreatorGroupServerSid == NULL)
164 RtlInitializeSid(SeCreatorGroupServerSid,
165 &SeCreatorSidAuthority,
167 SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid,
169 *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
172 /* create NtAuthoritySid */
173 SeNtAuthoritySid = ExAllocatePoolWithTag(NonPagedPool,
176 if (SeNtAuthoritySid == NULL)
179 RtlInitializeSid(SeNtAuthoritySid,
183 /* create DialupSid */
184 SeDialupSid = ExAllocatePoolWithTag(NonPagedPool,
187 if (SeDialupSid == NULL)
190 RtlInitializeSid(SeDialupSid,
193 SubAuthority = RtlSubAuthoritySid(SeDialupSid,
195 *SubAuthority = SECURITY_DIALUP_RID;
197 /* create NetworkSid */
198 SeNetworkSid = ExAllocatePoolWithTag(NonPagedPool,
201 if (SeNetworkSid == NULL)
204 RtlInitializeSid(SeNetworkSid,
207 SubAuthority = RtlSubAuthoritySid(SeNetworkSid,
209 *SubAuthority = SECURITY_NETWORK_RID;
211 /* create BatchSid */
212 SeBatchSid = ExAllocatePoolWithTag(NonPagedPool,
215 if (SeBatchSid == NULL)
218 RtlInitializeSid(SeBatchSid,
221 SubAuthority = RtlSubAuthoritySid(SeBatchSid,
223 *SubAuthority = SECURITY_BATCH_RID;
225 /* create InteractiveSid */
226 SeInteractiveSid = ExAllocatePoolWithTag(NonPagedPool,
229 if (SeInteractiveSid == NULL)
232 RtlInitializeSid(SeInteractiveSid,
235 SubAuthority = RtlSubAuthoritySid(SeInteractiveSid,
237 *SubAuthority = SECURITY_INTERACTIVE_RID;
239 /* create ServiceSid */
240 SeServiceSid = ExAllocatePoolWithTag(NonPagedPool,
243 if (SeServiceSid == NULL)
246 RtlInitializeSid(SeServiceSid,
249 SubAuthority = RtlSubAuthoritySid(SeServiceSid,
251 *SubAuthority = SECURITY_SERVICE_RID;
253 /* create AnonymousLogonSid */
254 SeAnonymousLogonSid = ExAllocatePoolWithTag(NonPagedPool,
257 if (SeAnonymousLogonSid == NULL)
260 RtlInitializeSid(SeAnonymousLogonSid,
263 SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid,
265 *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
267 /* create PrincipalSelfSid */
268 SePrincipalSelfSid = ExAllocatePoolWithTag(NonPagedPool,
271 if (SePrincipalSelfSid == NULL)
274 RtlInitializeSid(SePrincipalSelfSid,
277 SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid,
279 *SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
281 /* create LocalSystemSid */
282 SeLocalSystemSid = ExAllocatePoolWithTag(NonPagedPool,
285 if (SeLocalSystemSid == NULL)
288 RtlInitializeSid(SeLocalSystemSid,
291 SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid,
293 *SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
295 /* create AuthenticatedUserSid */
296 SeAuthenticatedUserSid = ExAllocatePoolWithTag(NonPagedPool,
299 if (SeAuthenticatedUserSid == NULL)
302 RtlInitializeSid(SeAuthenticatedUserSid,
305 SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid,
307 *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
309 /* create RestrictedCodeSid */
310 SeRestrictedCodeSid = ExAllocatePoolWithTag(NonPagedPool,
313 if (SeRestrictedCodeSid == NULL)
316 RtlInitializeSid(SeRestrictedCodeSid,
319 SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid,
321 *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
323 /* create AliasAdminsSid */
324 SeAliasAdminsSid = ExAllocatePoolWithTag(NonPagedPool,
327 if (SeAliasAdminsSid == NULL)
330 RtlInitializeSid(SeAliasAdminsSid,
333 SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
335 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
337 SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
339 *SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
341 /* create AliasUsersSid */
342 SeAliasUsersSid = ExAllocatePoolWithTag(NonPagedPool,
345 if (SeAliasUsersSid == NULL)
348 RtlInitializeSid(SeAliasUsersSid,
351 SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
353 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
355 SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
357 *SubAuthority = DOMAIN_ALIAS_RID_USERS;
359 /* create AliasGuestsSid */
360 SeAliasGuestsSid = ExAllocatePoolWithTag(NonPagedPool,
363 if (SeAliasGuestsSid == NULL)
366 RtlInitializeSid(SeAliasGuestsSid,
369 SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
371 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
373 SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
375 *SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
377 /* create AliasPowerUsersSid */
378 SeAliasPowerUsersSid = ExAllocatePoolWithTag(NonPagedPool,
381 if (SeAliasPowerUsersSid == NULL)
384 RtlInitializeSid(SeAliasPowerUsersSid,
387 SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
389 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
391 SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
393 *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
395 /* create AliasAccountOpsSid */
396 SeAliasAccountOpsSid = ExAllocatePoolWithTag(NonPagedPool,
399 if (SeAliasAccountOpsSid == NULL)
402 RtlInitializeSid(SeAliasAccountOpsSid,
405 SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
407 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
409 SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
411 *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
413 /* create AliasSystemOpsSid */
414 SeAliasSystemOpsSid = ExAllocatePoolWithTag(NonPagedPool,
417 if (SeAliasSystemOpsSid == NULL)
420 RtlInitializeSid(SeAliasSystemOpsSid,
423 SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
425 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
427 SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
429 *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
431 /* create AliasPrintOpsSid */
432 SeAliasPrintOpsSid = ExAllocatePoolWithTag(NonPagedPool,
435 if (SeAliasPrintOpsSid == NULL)
438 RtlInitializeSid(SeAliasPrintOpsSid,
441 SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
443 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
445 SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
447 *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
449 /* create AliasBackupOpsSid */
450 SeAliasBackupOpsSid = ExAllocatePoolWithTag(NonPagedPool,
453 if (SeAliasBackupOpsSid == NULL)
456 RtlInitializeSid(SeAliasBackupOpsSid,
459 SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
461 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
463 SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
465 *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
472 RtlValidSid(PSID Sid)
474 if ((Sid->Revision & 0xf) != 1)
478 if (Sid->SubAuthorityCount > 15)
487 RtlLengthRequiredSid(UCHAR SubAuthorityCount)
489 return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG));
494 RtlInitializeSid(PSID Sid,
495 PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
496 UCHAR SubAuthorityCount)
499 Sid->SubAuthorityCount = SubAuthorityCount;
500 RtlCopyMemory(&Sid->IdentifierAuthority,
502 sizeof(SID_IDENTIFIER_AUTHORITY));
503 return(STATUS_SUCCESS);
508 RtlSubAuthoritySid(PSID Sid,
511 return(&Sid->SubAuthority[SubAuthority]);
516 RtlSubAuthorityCountSid(PSID Sid)
518 return(&Sid->SubAuthorityCount);
523 RtlEqualSid(PSID Sid1,
526 if (Sid1->Revision != Sid2->Revision)
530 if ((*RtlSubAuthorityCountSid(Sid1)) !=
531 (*RtlSubAuthorityCountSid(Sid2)))
535 if (memcmp(Sid1, Sid2, RtlLengthSid(Sid1)) != 0)
544 RtlLengthSid(PSID Sid)
546 return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
551 RtlCopySid(ULONG BufferLength,
555 if (BufferLength < RtlLengthSid(Src))
557 return(STATUS_UNSUCCESSFUL);
559 memmove(Dest, Src, RtlLengthSid(Src));
560 return(STATUS_SUCCESS);
565 RtlCopySidAndAttributesArray(ULONG Count,
566 PSID_AND_ATTRIBUTES Src,
568 PSID_AND_ATTRIBUTES Dest,
570 PVOID* RemainingSidArea,
571 PULONG RemainingSidAreaSize)
576 Length = SidAreaSize;
578 for (i=0; i<Count; i++)
580 if (RtlLengthSid(Src[i].Sid) > Length)
582 return(STATUS_BUFFER_TOO_SMALL);
584 Length = Length - RtlLengthSid(Src[i].Sid);
585 Dest[i].Sid = SidArea;
586 Dest[i].Attributes = Src[i].Attributes;
587 RtlCopySid(RtlLengthSid(Src[i].Sid), SidArea, Src[i].Sid);
588 SidArea = SidArea + RtlLengthSid(Src[i].Sid);
590 *RemainingSidArea = SidArea;
591 *RemainingSidAreaSize = Length;
592 return(STATUS_SUCCESS);
597 RtlConvertSidToUnicodeString(PUNICODE_STRING String,
599 BOOLEAN AllocateString)
606 if (!RtlValidSid(Sid))
607 return STATUS_INVALID_SID;
610 Ptr += swprintf (Ptr,
614 if(!Sid->IdentifierAuthority.Value[0] &&
615 !Sid->IdentifierAuthority.Value[1])
619 (ULONG)Sid->IdentifierAuthority.Value[2] << 24 |
620 (ULONG)Sid->IdentifierAuthority.Value[3] << 16 |
621 (ULONG)Sid->IdentifierAuthority.Value[4] << 8 |
622 (ULONG)Sid->IdentifierAuthority.Value[5]);
627 L"0x%02hx%02hx%02hx%02hx%02hx%02hx",
628 Sid->IdentifierAuthority.Value[0],
629 Sid->IdentifierAuthority.Value[1],
630 Sid->IdentifierAuthority.Value[2],
631 Sid->IdentifierAuthority.Value[3],
632 Sid->IdentifierAuthority.Value[4],
633 Sid->IdentifierAuthority.Value[5]);
636 for (i = 0; i < Sid->SubAuthorityCount; i++)
640 Sid->SubAuthority[i]);
643 Length = (Ptr - Buffer) * sizeof(WCHAR);
647 String->Buffer = ExAllocatePool(NonPagedPool,
648 Length + sizeof(WCHAR));
649 if (String->Buffer == NULL)
650 return STATUS_NO_MEMORY;
652 String->MaximumLength = Length + sizeof(WCHAR);
656 if (Length > String->MaximumLength)
657 return STATUS_BUFFER_TOO_SMALL;
659 String->Length = Length;
660 memmove(String->Buffer,
663 if (Length < String->MaximumLength)
664 String->Buffer[Length] = 0;
666 return STATUS_SUCCESS;