3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security descriptor functions
6 * FILE: lib/ntdll/rtl/sd.c
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
16 #include <ntdll/ntdll.h>
18 /* FUNCTIONS ***************************************************************/
21 RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
26 return(STATUS_UNSUCCESSFUL);
29 SecurityDescriptor->Revision = 1;
30 SecurityDescriptor->Sbz1 = 0;
31 SecurityDescriptor->Control = 0;
32 SecurityDescriptor->Owner = NULL;
33 SecurityDescriptor->Group = NULL;
34 SecurityDescriptor->Sacl = NULL;
35 SecurityDescriptor->Dacl = NULL;
37 return(STATUS_SUCCESS);
41 RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
49 Length = sizeof(SECURITY_DESCRIPTOR);
51 if (SecurityDescriptor->Owner != NULL)
53 Owner = SecurityDescriptor->Owner;
54 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
56 Owner = (PSID)((ULONG)Owner +
57 (ULONG)SecurityDescriptor);
59 Length = Length + ((sizeof(SID) + (Owner->SubAuthorityCount - 1) *
60 sizeof(ULONG) + 3) & 0xfc);
63 if (SecurityDescriptor->Group != NULL)
65 Group = SecurityDescriptor->Group;
66 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
68 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
70 Length = Length + ((sizeof(SID) + (Group->SubAuthorityCount - 1) *
71 sizeof(ULONG) + 3) & 0xfc);
74 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
75 SecurityDescriptor->Dacl != NULL)
77 Dacl = SecurityDescriptor->Dacl;
78 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
80 Dacl = (PACL)((ULONG)Dacl + (PVOID)SecurityDescriptor);
82 Length = Length + ((Dacl->AclSize + 3) & 0xfc);
85 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
86 SecurityDescriptor->Sacl != NULL)
88 Sacl = SecurityDescriptor->Sacl;
89 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
91 Sacl = (PACL)((ULONG)Sacl + (PVOID)SecurityDescriptor);
93 Length = Length + ((Sacl->AclSize + 3) & 0xfc);
101 RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
102 PBOOLEAN DaclPresent,
104 PBOOLEAN DaclDefaulted)
106 if (SecurityDescriptor->Revision != 1)
108 return(STATUS_UNSUCCESSFUL);
110 if (!(SecurityDescriptor->Control & SE_DACL_PRESENT))
113 return(STATUS_SUCCESS);
116 if (SecurityDescriptor->Dacl == NULL)
122 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
124 *Dacl = (PACL)((ULONG)SecurityDescriptor->Dacl +
125 (PVOID)SecurityDescriptor);
129 *Dacl = SecurityDescriptor->Dacl;
132 if (SecurityDescriptor->Control & SE_DACL_DEFAULTED)
140 return(STATUS_SUCCESS);
145 RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
148 BOOLEAN DaclDefaulted)
150 if (SecurityDescriptor->Revision != 1)
152 return(STATUS_UNSUCCESSFUL);
154 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
156 return(STATUS_UNSUCCESSFUL);
160 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_PRESENT);
161 return(STATUS_SUCCESS);
163 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_PRESENT;
164 SecurityDescriptor->Dacl = Dacl;
165 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_DACL_DEFAULTED);
168 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_DACL_DEFAULTED;
170 return(STATUS_SUCCESS);
175 RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
182 if (SecurityDescriptor->Revision != 1)
187 Owner = SecurityDescriptor->Owner;
188 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
190 Owner = (PSID)((ULONG)Owner + (ULONG)SecurityDescriptor);
193 if (!RtlValidSid(Owner))
198 Group = SecurityDescriptor->Group;
199 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
201 Group = (PSID)((ULONG)Group + (ULONG)SecurityDescriptor);
204 if (!RtlValidSid(Group))
209 if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
210 SecurityDescriptor->Dacl != NULL)
212 Dacl = SecurityDescriptor->Dacl;
213 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
215 Dacl = (PACL)((ULONG)Dacl + (ULONG)SecurityDescriptor);
218 if (!RtlValidAcl(Dacl))
224 if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
225 SecurityDescriptor->Sacl != NULL)
227 Sacl = SecurityDescriptor->Sacl;
228 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
230 Sacl = (PACL)((ULONG)Sacl + (ULONG)SecurityDescriptor);
233 if (!RtlValidAcl(Sacl))
244 RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
246 BOOLEAN OwnerDefaulted)
248 if (SecurityDescriptor->Revision != 1)
250 return(STATUS_UNSUCCESSFUL);
252 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
254 return(STATUS_UNSUCCESSFUL);
256 SecurityDescriptor->Owner = Owner;
257 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_OWNER_DEFAULTED);
260 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_OWNER_DEFAULTED;
262 return(STATUS_SUCCESS);
266 RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
268 PBOOLEAN OwnerDefaulted)
270 if (SecurityDescriptor->Revision != 1)
272 return(STATUS_UNSUCCESSFUL);
274 if (SecurityDescriptor->Owner != NULL)
276 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
278 *Owner = (PSID)((ULONG)SecurityDescriptor->Owner +
279 (PVOID)SecurityDescriptor);
283 *Owner = SecurityDescriptor->Owner;
290 if (SecurityDescriptor->Control & SE_OWNER_DEFAULTED)
298 return(STATUS_SUCCESS);
302 RtlSetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
304 BOOLEAN GroupDefaulted)
306 if (SecurityDescriptor->Revision != 1)
308 return(STATUS_UNSUCCESSFUL);
310 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
312 return(STATUS_UNSUCCESSFUL);
314 SecurityDescriptor->Group = Group;
315 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_GROUP_DEFAULTED);
318 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_GROUP_DEFAULTED;
320 return(STATUS_SUCCESS);
324 RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
326 PBOOLEAN GroupDefaulted)
328 if (SecurityDescriptor->Revision != 1)
330 return(STATUS_UNSUCCESSFUL);
332 if (SecurityDescriptor->Group != NULL)
334 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
336 *Group = (PSID)((ULONG)SecurityDescriptor->Group +
337 (PVOID)SecurityDescriptor);
341 *Group = SecurityDescriptor->Group;
348 if (SecurityDescriptor->Control & SE_GROUP_DEFAULTED)
356 return(STATUS_SUCCESS);
361 RtlpQuerySecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
371 if (SecurityDescriptor->Owner == NULL)
377 *Owner = SecurityDescriptor->Owner;
378 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
380 *Owner = (PSID)((ULONG)*Owner + (ULONG)SecurityDescriptor);
386 *OwnerLength = (RtlLengthSid(*Owner) + 3) & ~3;
393 if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
394 SecurityDescriptor->Dacl != NULL)
396 *Dacl = SecurityDescriptor->Dacl;
397 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
399 *Dacl = (PACL)((ULONG)*Dacl + (ULONG)SecurityDescriptor);
409 *DaclLength = ((*Dacl)->AclSize + 3) & ~3;
416 if (SecurityDescriptor->Group != NULL)
422 *Group = SecurityDescriptor->Group;
423 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
425 *Group = (PSID)((ULONG)*Group + (ULONG)SecurityDescriptor);
431 *GroupLength = (RtlLengthSid(*Group) + 3) & ~3;
438 if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
439 SecurityDescriptor->Sacl != NULL)
441 *Sacl = SecurityDescriptor->Sacl;
442 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
444 *Sacl = (PACL)((ULONG)*Sacl + (ULONG)SecurityDescriptor);
454 *SaclLength = ((*Sacl)->AclSize + 3) & ~3;
460 RtlMakeSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
461 PSECURITY_DESCRIPTOR RelSD,
475 RtlpQuerySecurityDescriptor(AbsSD,
485 TotalLength = OwnerLength + GroupLength + SaclLength + DaclLength + sizeof(SECURITY_DESCRIPTOR);
486 if (*BufferLength < TotalLength)
488 return(STATUS_BUFFER_TOO_SMALL);
495 sizeof(SECURITY_DESCRIPTOR));
496 Current = (ULONG)RelSD + sizeof(SECURITY_DESCRIPTOR);
500 memmove((PVOID)Current,
503 RelSD->Sacl = (PACL)((ULONG)Current - (ULONG)RelSD);
504 Current += SaclLength;
509 memmove((PVOID)Current,
512 RelSD->Dacl = (PACL)((ULONG)Current - (ULONG)RelSD);
513 Current += DaclLength;
516 if (OwnerLength != 0)
518 memmove((PVOID)Current,
521 RelSD->Owner = (PSID)((ULONG)Current - (ULONG)RelSD);
522 Current += OwnerLength;
525 if (GroupLength != 0)
527 memmove((PVOID)Current,
530 RelSD->Group = (PSID)((ULONG)Current - (ULONG)RelSD);
533 RelSD->Control |= SE_SELF_RELATIVE;
535 return(STATUS_SUCCESS);
540 RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
541 PSECURITY_DESCRIPTOR RelSD,
545 if (AbsSD->Control & SE_SELF_RELATIVE)
547 return(STATUS_BAD_DESCRIPTOR_FORMAT);
550 return(RtlMakeSelfRelativeSD(AbsSD, RelSD, BufferLength));
555 RtlGetControlSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
556 PSECURITY_DESCRIPTOR_CONTROL Control,
559 *Revision = SecurityDescriptor->Revision;
561 if (SecurityDescriptor->Revision != 1)
563 return(STATUS_UNKNOWN_REVISION);
566 *Control = SecurityDescriptor->Control;
568 return(STATUS_SUCCESS);
573 RtlGetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
574 PBOOLEAN SaclPresent,
576 PBOOLEAN SaclDefaulted)
578 if (SecurityDescriptor->Revision != 1)
580 return(STATUS_UNSUCCESSFUL);
582 if (!(SecurityDescriptor->Control & SE_SACL_PRESENT))
585 return(STATUS_SUCCESS);
588 if (SecurityDescriptor->Sacl == NULL)
594 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
596 *Sacl = (PACL)((ULONG)SecurityDescriptor->Sacl +
597 (PVOID)SecurityDescriptor);
601 *Sacl = SecurityDescriptor->Sacl;
604 if (SecurityDescriptor->Control & SE_SACL_DEFAULTED)
612 return(STATUS_SUCCESS);
616 RtlSetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
619 BOOLEAN SaclDefaulted)
621 if (SecurityDescriptor->Revision != 1)
623 return(STATUS_UNSUCCESSFUL);
625 if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
627 return(STATUS_UNSUCCESSFUL);
631 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_PRESENT);
632 return(STATUS_SUCCESS);
634 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_PRESENT;
635 SecurityDescriptor->Sacl = Sacl;
636 SecurityDescriptor->Control = SecurityDescriptor->Control & ~(SE_SACL_DEFAULTED);
639 SecurityDescriptor->Control = SecurityDescriptor->Control | SE_SACL_DEFAULTED;
641 return(STATUS_SUCCESS);
645 RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR RelSD,
646 PSECURITY_DESCRIPTOR AbsSD,