3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
15 #include <internal/se.h>
17 #include <internal/debug.h>
19 /* GLOBALS ******************************************************************/
22 PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL;
23 PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL;
24 PSECURITY_DESCRIPTOR SePublicOpenSd = NULL;
25 PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL;
26 PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL;
27 PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL;
28 #endif /* LIBCAPTIVE */
30 /* FUNCTIONS ***************************************************************/
36 /* Create PublicDefaultSd */
37 SePublicDefaultSd = ExAllocatePool(NonPagedPool,
38 sizeof(SECURITY_DESCRIPTOR));
39 if (SePublicDefaultSd == NULL)
42 RtlCreateSecurityDescriptor(SePublicDefaultSd,
43 SECURITY_DESCRIPTOR_REVISION);
44 RtlSetDaclSecurityDescriptor(SePublicDefaultSd,
49 /* Create PublicDefaultUnrestrictedSd */
50 SePublicDefaultUnrestrictedSd = ExAllocatePool(NonPagedPool,
51 sizeof(SECURITY_DESCRIPTOR));
52 if (SePublicDefaultUnrestrictedSd == NULL)
55 RtlCreateSecurityDescriptor(SePublicDefaultUnrestrictedSd,
56 SECURITY_DESCRIPTOR_REVISION);
57 RtlSetDaclSecurityDescriptor(SePublicDefaultUnrestrictedSd,
59 SePublicDefaultUnrestrictedDacl,
62 /* Create PublicOpenSd */
63 SePublicOpenSd = ExAllocatePool(NonPagedPool,
64 sizeof(SECURITY_DESCRIPTOR));
65 if (SePublicOpenSd == NULL)
68 RtlCreateSecurityDescriptor(SePublicOpenSd,
69 SECURITY_DESCRIPTOR_REVISION);
70 RtlSetDaclSecurityDescriptor(SePublicOpenSd,
75 /* Create PublicOpenUnrestrictedSd */
76 SePublicOpenUnrestrictedSd = ExAllocatePool(NonPagedPool,
77 sizeof(SECURITY_DESCRIPTOR));
78 if (SePublicOpenUnrestrictedSd == NULL)
81 RtlCreateSecurityDescriptor(SePublicOpenUnrestrictedSd,
82 SECURITY_DESCRIPTOR_REVISION);
83 RtlSetDaclSecurityDescriptor(SePublicOpenUnrestrictedSd,
85 SePublicOpenUnrestrictedDacl,
88 /* Create SystemDefaultSd */
89 SeSystemDefaultSd = ExAllocatePool(NonPagedPool,
90 sizeof(SECURITY_DESCRIPTOR));
91 if (SeSystemDefaultSd == NULL)
94 RtlCreateSecurityDescriptor(SeSystemDefaultSd,
95 SECURITY_DESCRIPTOR_REVISION);
96 RtlSetDaclSecurityDescriptor(SeSystemDefaultSd,
101 /* Create UnrestrictedSd */
102 SeUnrestrictedSd = ExAllocatePool(NonPagedPool,
103 sizeof(SECURITY_DESCRIPTOR));
104 if (SeUnrestrictedSd == NULL)
107 RtlCreateSecurityDescriptor(SeUnrestrictedSd,
108 SECURITY_DESCRIPTOR_REVISION);
109 RtlSetDaclSecurityDescriptor(SeUnrestrictedSd,
113 #endif /* LIBCAPTIVE */
123 RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
126 if (Revision != SECURITY_DESCRIPTOR_REVISION)
127 return(STATUS_UNSUCCESSFUL);
129 SecurityDescriptor->Revision = SECURITY_DESCRIPTOR_REVISION;
130 SecurityDescriptor->Sbz1 = 0;
131 SecurityDescriptor->Control = 0;
132 SecurityDescriptor->Owner = NULL;
133 SecurityDescriptor->Group = NULL;
134 SecurityDescriptor->Sacl = NULL;
135 SecurityDescriptor->Dacl = NULL;
137 return(STATUS_SUCCESS);
142 /* FIXME: This function is somehow buggy, at least it uses '0xfc' mask
143 * instead of '0xFFFFFFFC' mask as sometimes there are PAGE_SIZE sized structures.
149 RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
157 Length = sizeof(SECURITY_DESCRIPTOR);
159 if (SecurityDescriptor->Owner != NULL)
161 Owner = SecurityDescriptor->Owner;
162 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
164 Owner = (PSID)((ULONG)Owner +
165 (ULONG)SecurityDescriptor);
167 Length = Length + ((sizeof(SID) + (Owner->SubAuthorityCount - 1) *
168 sizeof(ULONG) + 3) & 0xfc);
171 if (SecurityDescriptor->Group != NULL)
173 Group = SecurityDescriptor->Group;
174 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
176 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
178 Length = Length + ((sizeof(SID) + (Group->SubAuthorityCount - 1) *
179 sizeof(ULONG) + 3) & 0xfc);
182 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
183 SecurityDescriptor->Dacl != NULL)
185 Dacl = SecurityDescriptor->Dacl;
186 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
188 Dacl = (PACL)((ULONG)Dacl + (PVOID)SecurityDescriptor);
190 Length = Length + ((Dacl->AclSize + 3) & 0xfc);
193 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
194 SecurityDescriptor->Sacl != NULL)
196 Sacl = SecurityDescriptor->Sacl;
197 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
199 Sacl = (PACL)((ULONG)Sacl + (PVOID)SecurityDescriptor);
201 Length = Length + ((Sacl->AclSize + 3) & 0xfc);
212 RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
213 PBOOLEAN DaclPresent,
215 PBOOLEAN DaclDefaulted)
217 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
219 return(STATUS_UNSUCCESSFUL);
222 if (!(SecurityDescriptor->Control & SE_DACL_PRESENT))
224 *DaclPresent = FALSE;
225 return(STATUS_SUCCESS);
229 if (SecurityDescriptor->Dacl == NULL)
235 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
237 *Dacl = (PACL)((ULONG)SecurityDescriptor->Dacl +
238 (PVOID)SecurityDescriptor);
242 *Dacl = SecurityDescriptor->Dacl;
246 if (SecurityDescriptor->Control & SE_DACL_DEFAULTED)
248 *DaclDefaulted = TRUE;
252 *DaclDefaulted = FALSE;
255 return(STATUS_SUCCESS);
258 #endif /* LIBCAPTIVE */
264 RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
267 BOOLEAN DaclDefaulted)
269 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
271 return(STATUS_UNSUCCESSFUL);
274 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
276 return(STATUS_UNSUCCESSFUL);
281 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_PRESENT);
282 return(STATUS_SUCCESS);
285 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_PRESENT;
286 SecurityDescriptor->Dacl = Dacl;
287 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_DEFAULTED);
291 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_DEFAULTED;
294 return(STATUS_SUCCESS);
303 RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
310 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
315 Owner = SecurityDescriptor->Owner;
316 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
318 Owner = (PSID)((ULONG)Owner + (ULONG)SecurityDescriptor);
321 if (!RtlValidSid(Owner))
326 Group = SecurityDescriptor->Group;
327 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
329 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
332 if (!RtlValidSid(Group))
337 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
338 SecurityDescriptor->Dacl != NULL)
340 Dacl = SecurityDescriptor->Dacl;
341 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
343 Dacl = (PACL)((ULONG)Dacl + (ULONG)SecurityDescriptor);
346 if (!RtlValidAcl(Dacl))
352 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
353 SecurityDescriptor->Sacl != NULL)
355 Sacl = SecurityDescriptor->Sacl;
356 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
358 Sacl = (PACL)((ULONG)Sacl + (ULONG)SecurityDescriptor);
361 if (!RtlValidAcl(Sacl))
375 RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
377 BOOLEAN OwnerDefaulted)
379 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
381 return(STATUS_UNSUCCESSFUL);
384 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
386 return(STATUS_UNSUCCESSFUL);
389 SecurityDescriptor->Owner = Owner;
390 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_OWNER_DEFAULTED);
394 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_OWNER_DEFAULTED;
397 return(STATUS_SUCCESS);
405 RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
407 PBOOLEAN OwnerDefaulted)
409 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
411 return(STATUS_UNSUCCESSFUL);
414 if (SecurityDescriptor->Owner != NULL)
416 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
418 *Owner = (PSID)((ULONG)SecurityDescriptor->Owner +
419 (PVOID)SecurityDescriptor);
423 *Owner = SecurityDescriptor->Owner;
430 if (SecurityDescriptor->Control & SE_OWNER_DEFAULTED)
438 return(STATUS_SUCCESS);
446 RtlSetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
448 BOOLEAN GroupDefaulted)
450 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
452 return(STATUS_UNSUCCESSFUL);
455 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
457 return(STATUS_UNSUCCESSFUL);
460 SecurityDescriptor->Group = Group;
461 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_GROUP_DEFAULTED);
465 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_GROUP_DEFAULTED;
468 return(STATUS_SUCCESS);
476 RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
478 PBOOLEAN GroupDefaulted)
480 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
482 return(STATUS_UNSUCCESSFUL);
485 if (SecurityDescriptor->Group != NULL)
487 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
489 *Group = (PSID)((ULONG)SecurityDescriptor->Group +
490 (PVOID)SecurityDescriptor);
494 *Group = SecurityDescriptor->Group;
502 if (SecurityDescriptor->Control & SE_GROUP_DEFAULTED)
504 *GroupDefaulted = TRUE;
508 *GroupDefaulted = FALSE;
511 return(STATUS_SUCCESS);
519 RtlGetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
520 PBOOLEAN SaclPresent,
522 PBOOLEAN SaclDefaulted)
524 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
526 return(STATUS_UNSUCCESSFUL);
529 if (!(SecurityDescriptor->Control & SE_SACL_PRESENT))
531 *SaclPresent = FALSE;
532 return(STATUS_SUCCESS);
536 if (SecurityDescriptor->Sacl == NULL)
542 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
544 *Sacl = (PACL)((ULONG)SecurityDescriptor->Sacl +
545 (PVOID)SecurityDescriptor);
549 *Sacl = SecurityDescriptor->Sacl;
553 if (SecurityDescriptor->Control & SE_SACL_DEFAULTED)
555 *SaclDefaulted = TRUE;
559 *SaclDefaulted = FALSE;
562 return(STATUS_SUCCESS);
570 RtlSetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
573 BOOLEAN SaclDefaulted)
575 if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
577 return(STATUS_UNSUCCESSFUL);
579 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
581 return(STATUS_UNSUCCESSFUL);
586 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_PRESENT);
587 return(STATUS_SUCCESS);
590 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_PRESENT;
591 SecurityDescriptor->Sacl = Sacl;
592 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_DEFAULTED);
596 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_DEFAULTED;
599 return(STATUS_SUCCESS);
604 RtlpQuerySecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
614 if (SecurityDescriptor->Owner == NULL)
620 *Owner = SecurityDescriptor->Owner;
621 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
623 *Owner = (PSID)((ULONG)*Owner + (ULONG)SecurityDescriptor);
629 *OwnerLength = (RtlLengthSid(*Owner) + 3) & ~3;
636 if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
637 SecurityDescriptor->Dacl != NULL)
639 *Dacl = SecurityDescriptor->Dacl;
640 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
642 *Dacl = (PACL)((ULONG)*Dacl + (ULONG)SecurityDescriptor);
652 *DaclLength = ((*Dacl)->AclSize + 3) & ~3;
659 if (SecurityDescriptor->Group != NULL)
665 *Group = SecurityDescriptor->Group;
666 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
668 *Group = (PSID)((ULONG)*Group + (ULONG)SecurityDescriptor);
674 *GroupLength = (RtlLengthSid(*Group) + 3) & ~3;
681 if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
682 SecurityDescriptor->Sacl != NULL)
684 *Sacl = SecurityDescriptor->Sacl;
685 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
687 *Sacl = (PACL)((ULONG)*Sacl + (ULONG)SecurityDescriptor);
697 *SaclLength = ((*Sacl)->AclSize + 3) & ~3;
706 RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
707 PSECURITY_DESCRIPTOR RelSD,
721 if (AbsSD->Control & SE_SELF_RELATIVE)
723 return(STATUS_BAD_DESCRIPTOR_FORMAT);
726 RtlpQuerySecurityDescriptor(AbsSD,
736 TotalLength = OwnerLength + GroupLength + SaclLength +
737 DaclLength + sizeof(SECURITY_DESCRIPTOR);
738 if (*BufferLength < TotalLength)
740 return(STATUS_BUFFER_TOO_SMALL);
747 sizeof(SECURITY_DESCRIPTOR));
748 Current = (ULONG)RelSD + sizeof(SECURITY_DESCRIPTOR);
752 memmove((PVOID)Current,
755 RelSD->Sacl = (PACL)((ULONG)Current - (ULONG)RelSD);
756 Current += SaclLength;
761 memmove((PVOID)Current,
764 RelSD->Dacl = (PACL)((ULONG)Current - (ULONG)RelSD);
765 Current += DaclLength;
768 if (OwnerLength != 0)
770 memmove((PVOID)Current,
773 RelSD->Owner = (PSID)((ULONG)Current - (ULONG)RelSD);
774 Current += OwnerLength;
777 if (GroupLength != 0)
779 memmove((PVOID)Current,
782 RelSD->Group = (PSID)((ULONG)Current - (ULONG)RelSD);
785 RelSD->Control |= SE_SELF_RELATIVE;
787 return(STATUS_SUCCESS);
790 #endif /* LIBCAPTIVE */