2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: Security descriptor functions
6 * PROGRAMER: David Welch <welch@cwcom.net>
9 /* INCLUDES *****************************************************************/
16 /* FUNCTIONS ***************************************************************/
20 RtlpQuerySecurityDescriptorPointers(IN PISECURITY_DESCRIPTOR SecurityDescriptor
,
21 OUT PSID
*Owner OPTIONAL
,
22 OUT PSID
*Group OPTIONAL
,
23 OUT PACL
*Sacl OPTIONAL
,
24 OUT PACL
*Dacl OPTIONAL
)
26 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
28 PISECURITY_DESCRIPTOR_RELATIVE RelSD
= (PISECURITY_DESCRIPTOR_RELATIVE
)SecurityDescriptor
;
31 *Owner
= ((RelSD
->Owner
!= 0) ? (PSID
)((ULONG_PTR
)RelSD
+ RelSD
->Owner
) : NULL
);
35 *Group
= ((RelSD
->Group
!= 0) ? (PSID
)((ULONG_PTR
)RelSD
+ RelSD
->Group
) : NULL
);
39 *Sacl
= (((RelSD
->Control
& SE_SACL_PRESENT
) && (RelSD
->Sacl
!= 0)) ?
40 (PSID
)((ULONG_PTR
)RelSD
+ RelSD
->Sacl
) : NULL
);
44 *Dacl
= (((RelSD
->Control
& SE_DACL_PRESENT
) && (RelSD
->Dacl
!= 0)) ?
45 (PSID
)((ULONG_PTR
)RelSD
+ RelSD
->Dacl
) : NULL
);
52 *Owner
= SecurityDescriptor
->Owner
;
56 *Group
= SecurityDescriptor
->Group
;
60 *Sacl
= ((SecurityDescriptor
->Control
& SE_SACL_PRESENT
) ? SecurityDescriptor
->Sacl
: NULL
);
64 *Dacl
= ((SecurityDescriptor
->Control
& SE_DACL_PRESENT
) ? SecurityDescriptor
->Dacl
: NULL
);
70 RtlpQuerySecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
80 RtlpQuerySecurityDescriptorPointers(SecurityDescriptor
,
88 *OwnerLength
= ((*Owner
!= NULL
) ? ROUND_UP(RtlLengthSid(*Owner
), 4) : 0);
93 *GroupLength
= ((*Group
!= NULL
) ? ROUND_UP(RtlLengthSid(*Group
), 4) : 0);
98 *DaclLength
= ((*Dacl
!= NULL
) ? ROUND_UP((*Dacl
)->AclSize
, 4) : 0);
103 *SaclLength
= ((*Sacl
!= NULL
) ? ROUND_UP((*Sacl
)->AclSize
, 4) : 0);
111 RtlCreateSecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
,
116 if (Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
118 return STATUS_UNKNOWN_REVISION
;
121 SecurityDescriptor
->Revision
= Revision
;
122 SecurityDescriptor
->Sbz1
= 0;
123 SecurityDescriptor
->Control
= 0;
124 SecurityDescriptor
->Owner
= NULL
;
125 SecurityDescriptor
->Group
= NULL
;
126 SecurityDescriptor
->Sacl
= NULL
;
127 SecurityDescriptor
->Dacl
= NULL
;
129 return STATUS_SUCCESS
;
134 RtlCreateSecurityDescriptorRelative (PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor
,
139 if (Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
141 return STATUS_UNKNOWN_REVISION
;
144 SecurityDescriptor
->Revision
= Revision
;
145 SecurityDescriptor
->Sbz1
= 0;
146 SecurityDescriptor
->Control
= SE_SELF_RELATIVE
;
147 SecurityDescriptor
->Owner
= 0;
148 SecurityDescriptor
->Group
= 0;
149 SecurityDescriptor
->Sacl
= 0;
150 SecurityDescriptor
->Dacl
= 0;
152 return STATUS_SUCCESS
;
160 RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
)
164 ULONG Length
= sizeof(SECURITY_DESCRIPTOR
);
168 RtlpQuerySecurityDescriptorPointers(SecurityDescriptor
,
176 Length
+= ROUND_UP(RtlLengthSid(Owner
), 4);
181 Length
+= ROUND_UP(RtlLengthSid(Group
), 4);
186 Length
+= ROUND_UP(Dacl
->AclSize
, 4);
191 Length
+= ROUND_UP(Sacl
->AclSize
, 4);
202 RtlGetDaclSecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
,
203 PBOOLEAN DaclPresent
,
205 PBOOLEAN DaclDefaulted
)
209 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
211 return STATUS_UNKNOWN_REVISION
;
214 if (!(SecurityDescriptor
->Control
& SE_DACL_PRESENT
))
216 *DaclPresent
= FALSE
;
217 return STATUS_SUCCESS
;
221 RtlpQuerySecurityDescriptorPointers(SecurityDescriptor
,
227 *DaclDefaulted
= ((SecurityDescriptor
->Control
& SE_DACL_DEFAULTED
) ? TRUE
: FALSE
);
229 return STATUS_SUCCESS
;
237 RtlSetDaclSecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
,
240 BOOLEAN DaclDefaulted
)
244 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
246 return STATUS_UNKNOWN_REVISION
;
249 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
251 return STATUS_BAD_DESCRIPTOR_FORMAT
;
256 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_DACL_PRESENT
);
257 return STATUS_SUCCESS
;
260 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_DACL_PRESENT
;
261 SecurityDescriptor
->Dacl
= Dacl
;
262 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_DACL_DEFAULTED
);
266 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_DACL_DEFAULTED
;
269 return STATUS_SUCCESS
;
277 RtlValidSecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
)
284 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
289 RtlpQuerySecurityDescriptorPointers(SecurityDescriptor
,
295 if ((Owner
!= NULL
&& !RtlValidSid(Owner
)) ||
296 (Group
!= NULL
&& !RtlValidSid(Group
)) ||
297 (Sacl
!= NULL
&& !RtlValidAcl(Sacl
)) ||
298 (Dacl
!= NULL
&& !RtlValidAcl(Dacl
)))
311 RtlSetOwnerSecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
,
313 BOOLEAN OwnerDefaulted
)
317 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
319 return STATUS_UNKNOWN_REVISION
;
322 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
324 return STATUS_BAD_DESCRIPTOR_FORMAT
;
327 SecurityDescriptor
->Owner
= Owner
;
328 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_OWNER_DEFAULTED
);
332 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_OWNER_DEFAULTED
;
335 return STATUS_SUCCESS
;
343 RtlGetOwnerSecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
,
345 PBOOLEAN OwnerDefaulted
)
349 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
351 return STATUS_UNKNOWN_REVISION
;
354 RtlpQuerySecurityDescriptorPointers(SecurityDescriptor
,
360 *OwnerDefaulted
= ((SecurityDescriptor
->Control
& SE_OWNER_DEFAULTED
) ? TRUE
: FALSE
);
362 return STATUS_SUCCESS
;
370 RtlSetGroupSecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
,
372 BOOLEAN GroupDefaulted
)
376 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
378 return STATUS_UNKNOWN_REVISION
;
381 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
383 return STATUS_BAD_DESCRIPTOR_FORMAT
;
386 SecurityDescriptor
->Group
= Group
;
387 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_GROUP_DEFAULTED
);
390 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_GROUP_DEFAULTED
;
393 return STATUS_SUCCESS
;
401 RtlGetGroupSecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
,
403 PBOOLEAN GroupDefaulted
)
407 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
409 return STATUS_UNKNOWN_REVISION
;
412 RtlpQuerySecurityDescriptorPointers(SecurityDescriptor
,
418 *GroupDefaulted
= ((SecurityDescriptor
->Control
& SE_GROUP_DEFAULTED
) ? TRUE
: FALSE
);
420 return STATUS_SUCCESS
;
428 RtlMakeSelfRelativeSD(PSECURITY_DESCRIPTOR _AbsSD
,
429 PSECURITY_DESCRIPTOR _RelSD
,
442 PISECURITY_DESCRIPTOR AbsSD
= (PISECURITY_DESCRIPTOR
)_AbsSD
;
443 PISECURITY_DESCRIPTOR_RELATIVE RelSD
= (PISECURITY_DESCRIPTOR_RELATIVE
)_RelSD
;
447 RtlpQuerySecurityDescriptor(AbsSD
,
457 TotalLength
= sizeof(SECURITY_DESCRIPTOR_RELATIVE
) + OwnerLength
+ GroupLength
+ SaclLength
+ DaclLength
;
458 if (*BufferLength
< TotalLength
)
460 *BufferLength
= TotalLength
;
461 return STATUS_BUFFER_TOO_SMALL
;
467 RelSD
->Revision
= AbsSD
->Revision
;
468 RelSD
->Sbz1
= AbsSD
->Sbz1
;
469 RelSD
->Control
= AbsSD
->Control
| SE_SELF_RELATIVE
;
471 Current
= (ULONG_PTR
)(RelSD
+ 1);
475 RtlCopyMemory((PVOID
)Current
,
478 RelSD
->Sacl
= (ULONG
)((ULONG_PTR
)Current
- (ULONG_PTR
)RelSD
);
479 Current
+= SaclLength
;
484 RtlCopyMemory((PVOID
)Current
,
487 RelSD
->Dacl
= (ULONG
)((ULONG_PTR
)Current
- (ULONG_PTR
)RelSD
);
488 Current
+= DaclLength
;
491 if (OwnerLength
!= 0)
493 RtlCopyMemory((PVOID
)Current
,
496 RelSD
->Owner
= (ULONG
)((ULONG_PTR
)Current
- (ULONG_PTR
)RelSD
);
497 Current
+= OwnerLength
;
500 if (GroupLength
!= 0)
502 RtlCopyMemory((PVOID
)Current
,
505 RelSD
->Group
= (ULONG
)((ULONG_PTR
)Current
- (ULONG_PTR
)RelSD
);
508 return STATUS_SUCCESS
;
516 RtlAbsoluteToSelfRelativeSD(PISECURITY_DESCRIPTOR AbsSD
,
517 PISECURITY_DESCRIPTOR RelSD
,
522 if (AbsSD
->Control
& SE_SELF_RELATIVE
)
524 return STATUS_BAD_DESCRIPTOR_FORMAT
;
527 return RtlMakeSelfRelativeSD(AbsSD
, (PSECURITY_DESCRIPTOR
)RelSD
, BufferLength
);
535 RtlGetControlSecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
,
536 PSECURITY_DESCRIPTOR_CONTROL Control
,
541 *Revision
= SecurityDescriptor
->Revision
;
543 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
545 return STATUS_UNKNOWN_REVISION
;
548 *Control
= SecurityDescriptor
->Control
;
550 return STATUS_SUCCESS
;
558 RtlSetControlSecurityDescriptor(IN PISECURITY_DESCRIPTOR SecurityDescriptor
,
559 IN SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest
,
560 IN SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet
)
564 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
566 return STATUS_UNKNOWN_REVISION
;
569 /* Zero the 'bits of interest' */
570 SecurityDescriptor
->Control
&= ~ControlBitsOfInterest
;
572 /* Set the 'bits to set' */
573 SecurityDescriptor
->Control
|= (ControlBitsToSet
& ControlBitsOfInterest
);
575 return STATUS_SUCCESS
;
583 RtlGetSaclSecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
,
584 PBOOLEAN SaclPresent
,
586 PBOOLEAN SaclDefaulted
)
590 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
592 return STATUS_UNKNOWN_REVISION
;
595 if (!(SecurityDescriptor
->Control
& SE_SACL_PRESENT
))
597 *SaclPresent
= FALSE
;
598 return STATUS_SUCCESS
;
602 RtlpQuerySecurityDescriptorPointers(SecurityDescriptor
,
608 *SaclDefaulted
= ((SecurityDescriptor
->Control
& SE_SACL_DEFAULTED
) ? TRUE
: FALSE
);
610 return STATUS_SUCCESS
;
618 RtlSetSaclSecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
,
621 BOOLEAN SaclDefaulted
)
625 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
627 return STATUS_UNKNOWN_REVISION
;
630 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
632 return STATUS_BAD_DESCRIPTOR_FORMAT
;
637 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_SACL_PRESENT
);
638 return STATUS_SUCCESS
;
641 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_SACL_PRESENT
;
642 SecurityDescriptor
->Sacl
= Sacl
;
643 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_SACL_DEFAULTED
);
647 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_SACL_DEFAULTED
;
650 return STATUS_SUCCESS
;
658 RtlSelfRelativeToAbsoluteSD(PISECURITY_DESCRIPTOR RelSD
,
659 PISECURITY_DESCRIPTOR AbsSD
,
681 if (RelSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
683 return STATUS_UNKNOWN_REVISION
;
686 if (!(RelSD
->Control
& SE_SELF_RELATIVE
))
688 return STATUS_BAD_DESCRIPTOR_FORMAT
;
691 RtlpQuerySecurityDescriptor (RelSD
,
701 if (OwnerLength
> *OwnerSize
||
702 GroupLength
> *GroupSize
||
703 DaclLength
> *DaclSize
||
704 SaclLength
> *SaclSize
)
706 return STATUS_BUFFER_TOO_SMALL
;
709 RtlCopyMemory (Owner
, pOwner
, OwnerLength
);
710 RtlCopyMemory (Group
, pGroup
, GroupLength
);
711 RtlCopyMemory (Dacl
, pDacl
, DaclLength
);
712 RtlCopyMemory (Sacl
, pSacl
, SaclLength
);
714 AbsSD
->Revision
= RelSD
->Revision
;
715 AbsSD
->Sbz1
= RelSD
->Sbz1
;
716 AbsSD
->Control
= RelSD
->Control
& ~SE_SELF_RELATIVE
;
717 AbsSD
->Owner
= Owner
;
718 AbsSD
->Group
= Group
;
722 *OwnerSize
= OwnerLength
;
723 *GroupSize
= GroupLength
;
724 *DaclSize
= DaclLength
;
725 *SaclSize
= SaclLength
;
727 return STATUS_SUCCESS
;
735 RtlSelfRelativeToAbsoluteSD2(PISECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
738 PISECURITY_DESCRIPTOR AbsSD
= SelfRelativeSecurityDescriptor
;
739 PISECURITY_DESCRIPTOR_RELATIVE RelSD
= (PISECURITY_DESCRIPTOR_RELATIVE
)SelfRelativeSecurityDescriptor
;
741 PVOID DataStart
, DataEnd
;
756 if (SelfRelativeSecurityDescriptor
== NULL
)
758 return STATUS_INVALID_PARAMETER_1
;
760 if (BufferSize
== NULL
)
762 return STATUS_INVALID_PARAMETER_2
;
765 if (RelSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
767 return STATUS_UNKNOWN_REVISION
;
769 if (!(RelSD
->Control
& SE_SELF_RELATIVE
))
771 return STATUS_BAD_DESCRIPTOR_FORMAT
;
774 ASSERT(FIELD_OFFSET(SECURITY_DESCRIPTOR
, Owner
) ==
775 FIELD_OFFSET(SECURITY_DESCRIPTOR_RELATIVE
, Owner
));
779 RtlpQuerySecurityDescriptor(SelfRelativeSecurityDescriptor
,
789 ASSERT(sizeof(SECURITY_DESCRIPTOR
) > sizeof(SECURITY_DESCRIPTOR_RELATIVE
));
791 /* calculate the start and end of the data area, we simply just move the
792 data by the difference between the size of the relative and absolute
793 security descriptor structure */
795 DataEnd
= (PVOID
)((ULONG_PTR
)pOwner
+ OwnerLength
);
798 if (((ULONG_PTR
)pGroup
< (ULONG_PTR
)DataStart
) || DataStart
== NULL
)
800 if (((ULONG_PTR
)pGroup
+ GroupLength
> (ULONG_PTR
)DataEnd
) || DataEnd
== NULL
)
801 DataEnd
= (PVOID
)((ULONG_PTR
)pGroup
+ GroupLength
);
805 if (((ULONG_PTR
)pDacl
< (ULONG_PTR
)DataStart
) || DataStart
== NULL
)
807 if (((ULONG_PTR
)pDacl
+ DaclLength
> (ULONG_PTR
)DataEnd
) || DataEnd
== NULL
)
808 DataEnd
= (PVOID
)((ULONG_PTR
)pDacl
+ DaclLength
);
812 if (((ULONG_PTR
)pSacl
< (ULONG_PTR
)DataStart
) || DataStart
== NULL
)
814 if (((ULONG_PTR
)pSacl
+ DaclLength
> (ULONG_PTR
)DataEnd
) || DataEnd
== NULL
)
815 DataEnd
= (PVOID
)((ULONG_PTR
)pSacl
+ SaclLength
);
818 ASSERT((ULONG_PTR
)DataEnd
>= (ULONG_PTR
)DataStart
);
820 DataSize
= (ULONG
)((ULONG_PTR
)DataEnd
- (ULONG_PTR
)DataStart
);
822 if (*BufferSize
< sizeof(SECURITY_DESCRIPTOR
) + DataSize
)
824 *BufferSize
= sizeof(SECURITY_DESCRIPTOR
) + DataSize
;
825 return STATUS_BUFFER_TOO_SMALL
;
830 /* if DataSize != 0 ther must be at least one SID or ACL in the security
831 descriptor! Also the data area must be located somewhere after the
832 end of the SECURITY_DESCRIPTOR_RELATIVE structure */
833 ASSERT(DataStart
!= NULL
);
834 ASSERT((ULONG_PTR
)DataStart
>= (ULONG_PTR
)(RelSD
+ 1));
836 /* it's time to move the data */
837 RtlMoveMemory((PVOID
)(AbsSD
+ 1),
841 MoveDelta
= (LONG
)((LONG_PTR
)(AbsSD
+ 1) - (LONG_PTR
)DataStart
);
843 /* adjust the pointers if neccessary */
845 AbsSD
->Owner
= (PSID
)((LONG_PTR
)pOwner
+ MoveDelta
);
850 AbsSD
->Group
= (PSID
)((LONG_PTR
)pGroup
+ MoveDelta
);
855 AbsSD
->Sacl
= (PACL
)((LONG_PTR
)pSacl
+ MoveDelta
);
860 AbsSD
->Dacl
= (PACL
)((LONG_PTR
)pDacl
+ MoveDelta
);
866 /* all pointers must be NULL! */
867 ASSERT(pOwner
== NULL
);
868 ASSERT(pGroup
== NULL
);
869 ASSERT(pSacl
== NULL
);
870 ASSERT(pDacl
== NULL
);
878 /* clear the self-relative flag */
879 AbsSD
->Control
&= ~SE_SELF_RELATIVE
;
883 RtlpQuerySecurityDescriptorPointers(SelfRelativeSecurityDescriptor
,
889 ASSERT(sizeof(SECURITY_DESCRIPTOR
) == sizeof(SECURITY_DESCRIPTOR_RELATIVE
));
891 /* clear the self-relative flag and simply convert the offsets to pointers */
892 AbsSD
->Control
&= ~SE_SELF_RELATIVE
;
893 AbsSD
->Owner
= pOwner
;
894 AbsSD
->Group
= pGroup
;
900 return STATUS_SUCCESS
;
908 RtlValidRelativeSecurityDescriptor(IN PISECURITY_DESCRIPTOR SecurityDescriptorInput
,
909 IN ULONG SecurityDescriptorLength
,
910 IN SECURITY_INFORMATION RequiredInformation
)
914 if (SecurityDescriptorLength
< sizeof(SECURITY_DESCRIPTOR_RELATIVE
) ||
915 SecurityDescriptorInput
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
||
916 !(SecurityDescriptorInput
->Control
& SE_SELF_RELATIVE
))
921 if (SecurityDescriptorInput
->Owner
!= 0)
923 PSID Owner
= (PSID
)((ULONG_PTR
)SecurityDescriptorInput
->Owner
+ (ULONG_PTR
)SecurityDescriptorInput
);
924 if (!RtlValidSid(Owner
))
929 else if (RequiredInformation
& OWNER_SECURITY_INFORMATION
)
934 if (SecurityDescriptorInput
->Group
!= 0)
936 PSID Group
= (PSID
)((ULONG_PTR
)SecurityDescriptorInput
->Group
+ (ULONG_PTR
)SecurityDescriptorInput
);
937 if (!RtlValidSid(Group
))
942 else if (RequiredInformation
& GROUP_SECURITY_INFORMATION
)
947 if (SecurityDescriptorInput
->Control
& SE_DACL_PRESENT
)
949 if (SecurityDescriptorInput
->Dacl
!= 0 &&
950 !RtlValidAcl((PACL
)((ULONG_PTR
)SecurityDescriptorInput
->Dacl
+ (ULONG_PTR
)SecurityDescriptorInput
)))
955 else if (RequiredInformation
& DACL_SECURITY_INFORMATION
)
960 if (SecurityDescriptorInput
->Control
& SE_SACL_PRESENT
)
962 if (SecurityDescriptorInput
->Sacl
!= 0 &&
963 !RtlValidAcl((PACL
)((ULONG_PTR
)SecurityDescriptorInput
->Sacl
+ (ULONG_PTR
)SecurityDescriptorInput
)))
968 else if (RequiredInformation
& SACL_SECURITY_INFORMATION
)
981 RtlGetSecurityDescriptorRMControl(PISECURITY_DESCRIPTOR SecurityDescriptor
,
986 if (!(SecurityDescriptor
->Control
& SE_RM_CONTROL_VALID
))
992 *RMControl
= SecurityDescriptor
->Sbz1
;
1002 RtlSetSecurityDescriptorRMControl(PISECURITY_DESCRIPTOR SecurityDescriptor
,
1007 if (RMControl
== NULL
)
1009 SecurityDescriptor
->Control
&= ~SE_RM_CONTROL_VALID
;
1010 SecurityDescriptor
->Sbz1
= 0;
1014 SecurityDescriptor
->Control
|= SE_RM_CONTROL_VALID
;
1015 SecurityDescriptor
->Sbz1
= *RMControl
;
1024 RtlSetAttributesSecurityDescriptor(IN PISECURITY_DESCRIPTOR SecurityDescriptor
,
1025 IN SECURITY_DESCRIPTOR_CONTROL Control
,
1026 OUT PULONG Revision
)
1030 *Revision
= SecurityDescriptor
->Revision
;
1032 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
1033 return STATUS_UNKNOWN_REVISION
;
1036 ~(SE_OWNER_DEFAULTED
| SE_GROUP_DEFAULTED
| SE_DACL_PRESENT
|
1037 SE_DACL_DEFAULTED
| SE_SACL_PRESENT
| SE_SACL_DEFAULTED
|
1038 SE_RM_CONTROL_VALID
| SE_SELF_RELATIVE
);
1040 return RtlSetControlSecurityDescriptor(SecurityDescriptor
,