1 /* $Id: sd.c,v 1.3 2004/08/07 19:13:25 ion Exp $
3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security descriptor functions
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
16 #include <ntdll/ntdll.h>
18 /* FUNCTIONS ***************************************************************/
24 RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
29 return(STATUS_UNSUCCESSFUL
);
32 SecurityDescriptor
->Revision
= 1;
33 SecurityDescriptor
->Sbz1
= 0;
34 SecurityDescriptor
->Control
= 0;
35 SecurityDescriptor
->Owner
= NULL
;
36 SecurityDescriptor
->Group
= NULL
;
37 SecurityDescriptor
->Sacl
= NULL
;
38 SecurityDescriptor
->Dacl
= NULL
;
40 return(STATUS_SUCCESS
);
47 RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
)
55 Length
= sizeof(SECURITY_DESCRIPTOR
);
57 if (SecurityDescriptor
->Owner
!= NULL
)
59 Owner
= SecurityDescriptor
->Owner
;
60 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
62 Owner
= (PSID
)((ULONG
)Owner
+
63 (ULONG
)SecurityDescriptor
);
65 Length
= Length
+ ((sizeof(SID
) + (Owner
->SubAuthorityCount
- 1) *
66 sizeof(ULONG
) + 3) & 0xfc);
69 if (SecurityDescriptor
->Group
!= NULL
)
71 Group
= SecurityDescriptor
->Group
;
72 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
74 Group
= (PSID
)((ULONG
)Group
+ (ULONG
)SecurityDescriptor
);
76 Length
= Length
+ ((sizeof(SID
) + (Group
->SubAuthorityCount
- 1) *
77 sizeof(ULONG
) + 3) & 0xfc);
80 if (SecurityDescriptor
->Control
& SE_DACL_PRESENT
&&
81 SecurityDescriptor
->Dacl
!= NULL
)
83 Dacl
= SecurityDescriptor
->Dacl
;
84 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
86 Dacl
= (PACL
)((ULONG
)Dacl
+ (PVOID
)SecurityDescriptor
);
88 Length
= Length
+ ((Dacl
->AclSize
+ 3) & 0xfc);
91 if (SecurityDescriptor
->Control
& SE_SACL_PRESENT
&&
92 SecurityDescriptor
->Sacl
!= NULL
)
94 Sacl
= SecurityDescriptor
->Sacl
;
95 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
97 Sacl
= (PACL
)((ULONG
)Sacl
+ (PVOID
)SecurityDescriptor
);
99 Length
= Length
+ ((Sacl
->AclSize
+ 3) & 0xfc);
110 RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
111 PBOOLEAN DaclPresent
,
113 PBOOLEAN DaclDefaulted
)
115 if (SecurityDescriptor
->Revision
!= 1)
117 return(STATUS_UNSUCCESSFUL
);
119 if (!(SecurityDescriptor
->Control
& SE_DACL_PRESENT
))
122 return(STATUS_SUCCESS
);
125 if (SecurityDescriptor
->Dacl
== NULL
)
131 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
133 *Dacl
= (PACL
)((ULONG
)SecurityDescriptor
->Dacl
+
134 (PVOID
)SecurityDescriptor
);
138 *Dacl
= SecurityDescriptor
->Dacl
;
141 if (SecurityDescriptor
->Control
& SE_DACL_DEFAULTED
)
149 return(STATUS_SUCCESS
);
157 RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
160 BOOLEAN DaclDefaulted
)
162 if (SecurityDescriptor
->Revision
!= 1)
164 return(STATUS_UNSUCCESSFUL
);
166 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
168 return(STATUS_UNSUCCESSFUL
);
172 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_DACL_PRESENT
);
173 return(STATUS_SUCCESS
);
175 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_DACL_PRESENT
;
176 SecurityDescriptor
->Dacl
= Dacl
;
177 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_DACL_DEFAULTED
);
180 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_DACL_DEFAULTED
;
182 return(STATUS_SUCCESS
);
190 RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
)
197 if (SecurityDescriptor
->Revision
!= 1)
202 Owner
= SecurityDescriptor
->Owner
;
203 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
205 Owner
= (PSID
)((ULONG
)Owner
+ (ULONG
)SecurityDescriptor
);
208 if (!RtlValidSid(Owner
))
213 Group
= SecurityDescriptor
->Group
;
214 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
216 Group
= (PSID
)((ULONG
)Group
+ (ULONG
)SecurityDescriptor
);
219 if (!RtlValidSid(Group
))
224 if (SecurityDescriptor
->Control
& SE_DACL_PRESENT
&&
225 SecurityDescriptor
->Dacl
!= NULL
)
227 Dacl
= SecurityDescriptor
->Dacl
;
228 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
230 Dacl
= (PACL
)((ULONG
)Dacl
+ (ULONG
)SecurityDescriptor
);
233 if (!RtlValidAcl(Dacl
))
239 if (SecurityDescriptor
->Control
& SE_SACL_PRESENT
&&
240 SecurityDescriptor
->Sacl
!= NULL
)
242 Sacl
= SecurityDescriptor
->Sacl
;
243 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
245 Sacl
= (PACL
)((ULONG
)Sacl
+ (ULONG
)SecurityDescriptor
);
248 if (!RtlValidAcl(Sacl
))
262 RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
264 BOOLEAN OwnerDefaulted
)
266 if (SecurityDescriptor
->Revision
!= 1)
268 return(STATUS_UNSUCCESSFUL
);
270 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
272 return(STATUS_UNSUCCESSFUL
);
274 SecurityDescriptor
->Owner
= Owner
;
275 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_OWNER_DEFAULTED
);
278 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_OWNER_DEFAULTED
;
280 return(STATUS_SUCCESS
);
287 RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
289 PBOOLEAN OwnerDefaulted
)
291 if (SecurityDescriptor
->Revision
!= 1)
293 return(STATUS_UNSUCCESSFUL
);
295 if (SecurityDescriptor
->Owner
!= NULL
)
297 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
299 *Owner
= (PSID
)((ULONG
)SecurityDescriptor
->Owner
+
300 (PVOID
)SecurityDescriptor
);
304 *Owner
= SecurityDescriptor
->Owner
;
311 if (SecurityDescriptor
->Control
& SE_OWNER_DEFAULTED
)
319 return(STATUS_SUCCESS
);
326 RtlSetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
328 BOOLEAN GroupDefaulted
)
330 if (SecurityDescriptor
->Revision
!= 1)
332 return(STATUS_UNSUCCESSFUL
);
334 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
336 return(STATUS_UNSUCCESSFUL
);
338 SecurityDescriptor
->Group
= Group
;
339 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_GROUP_DEFAULTED
);
342 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_GROUP_DEFAULTED
;
344 return(STATUS_SUCCESS
);
351 RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
353 PBOOLEAN GroupDefaulted
)
355 if (SecurityDescriptor
->Revision
!= 1)
357 return(STATUS_UNSUCCESSFUL
);
359 if (SecurityDescriptor
->Group
!= NULL
)
361 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
363 *Group
= (PSID
)((ULONG
)SecurityDescriptor
->Group
+
364 (PVOID
)SecurityDescriptor
);
368 *Group
= SecurityDescriptor
->Group
;
375 if (SecurityDescriptor
->Control
& SE_GROUP_DEFAULTED
)
383 return(STATUS_SUCCESS
);
388 RtlpQuerySecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
398 if (SecurityDescriptor
->Owner
!= NULL
)
400 *Owner
= SecurityDescriptor
->Owner
;
401 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
403 *Owner
= (PSID
)((ULONG
)*Owner
+ (ULONG
)SecurityDescriptor
);
413 *OwnerLength
= (RtlLengthSid(*Owner
) + 3) & ~3;
420 if ((SecurityDescriptor
->Control
& SE_DACL_PRESENT
) &&
421 SecurityDescriptor
->Dacl
!= NULL
)
423 *Dacl
= SecurityDescriptor
->Dacl
;
424 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
426 *Dacl
= (PACL
)((ULONG
)*Dacl
+ (ULONG
)SecurityDescriptor
);
436 *DaclLength
= ((*Dacl
)->AclSize
+ 3) & ~3;
443 if (SecurityDescriptor
->Group
!= NULL
)
445 *Group
= SecurityDescriptor
->Group
;
446 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
448 *Group
= (PSID
)((ULONG
)*Group
+ (ULONG
)SecurityDescriptor
);
458 *GroupLength
= (RtlLengthSid(*Group
) + 3) & ~3;
465 if ((SecurityDescriptor
->Control
& SE_SACL_PRESENT
) &&
466 SecurityDescriptor
->Sacl
!= NULL
)
468 *Sacl
= SecurityDescriptor
->Sacl
;
469 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
471 *Sacl
= (PACL
)((ULONG
)*Sacl
+ (ULONG
)SecurityDescriptor
);
481 *SaclLength
= ((*Sacl
)->AclSize
+ 3) & ~3;
494 RtlMakeSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD
,
495 PSECURITY_DESCRIPTOR RelSD
,
509 RtlpQuerySecurityDescriptor(AbsSD
,
519 TotalLength
= OwnerLength
+ GroupLength
+ SaclLength
+ DaclLength
+ sizeof(SECURITY_DESCRIPTOR
);
520 if (*BufferLength
< TotalLength
)
522 return(STATUS_BUFFER_TOO_SMALL
);
529 sizeof(SECURITY_DESCRIPTOR
));
530 Current
= (ULONG
)RelSD
+ sizeof(SECURITY_DESCRIPTOR
);
534 memmove((PVOID
)Current
,
537 RelSD
->Sacl
= (PACL
)((ULONG
)Current
- (ULONG
)RelSD
);
538 Current
+= SaclLength
;
543 memmove((PVOID
)Current
,
546 RelSD
->Dacl
= (PACL
)((ULONG
)Current
- (ULONG
)RelSD
);
547 Current
+= DaclLength
;
550 if (OwnerLength
!= 0)
552 memmove((PVOID
)Current
,
555 RelSD
->Owner
= (PSID
)((ULONG
)Current
- (ULONG
)RelSD
);
556 Current
+= OwnerLength
;
559 if (GroupLength
!= 0)
561 memmove((PVOID
)Current
,
564 RelSD
->Group
= (PSID
)((ULONG
)Current
- (ULONG
)RelSD
);
567 RelSD
->Control
|= SE_SELF_RELATIVE
;
569 return(STATUS_SUCCESS
);
577 RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD
,
578 PSECURITY_DESCRIPTOR RelSD
,
582 if (AbsSD
->Control
& SE_SELF_RELATIVE
)
584 return(STATUS_BAD_DESCRIPTOR_FORMAT
);
587 return(RtlMakeSelfRelativeSD(AbsSD
, RelSD
, BufferLength
));
595 RtlGetControlSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
596 PSECURITY_DESCRIPTOR_CONTROL Control
,
599 *Revision
= SecurityDescriptor
->Revision
;
601 if (SecurityDescriptor
->Revision
!= 1)
603 return(STATUS_UNKNOWN_REVISION
);
606 *Control
= SecurityDescriptor
->Control
;
608 return(STATUS_SUCCESS
);
616 RtlGetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
617 PBOOLEAN SaclPresent
,
619 PBOOLEAN SaclDefaulted
)
621 if (SecurityDescriptor
->Revision
!= 1)
623 return(STATUS_UNSUCCESSFUL
);
625 if (!(SecurityDescriptor
->Control
& SE_SACL_PRESENT
))
628 return(STATUS_SUCCESS
);
631 if (SecurityDescriptor
->Sacl
== NULL
)
637 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
639 *Sacl
= (PACL
)((ULONG
)SecurityDescriptor
->Sacl
+
640 (PVOID
)SecurityDescriptor
);
644 *Sacl
= SecurityDescriptor
->Sacl
;
647 if (SecurityDescriptor
->Control
& SE_SACL_DEFAULTED
)
655 return(STATUS_SUCCESS
);
662 RtlSetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
665 BOOLEAN SaclDefaulted
)
667 if (SecurityDescriptor
->Revision
!= 1)
669 return(STATUS_UNSUCCESSFUL
);
671 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
673 return(STATUS_UNSUCCESSFUL
);
677 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_SACL_PRESENT
);
678 return(STATUS_SUCCESS
);
680 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_SACL_PRESENT
;
681 SecurityDescriptor
->Sacl
= Sacl
;
682 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
& ~(SE_SACL_DEFAULTED
);
685 SecurityDescriptor
->Control
= SecurityDescriptor
->Control
| SE_SACL_DEFAULTED
;
687 return(STATUS_SUCCESS
);
695 RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR RelSD
,
696 PSECURITY_DESCRIPTOR AbsSD
,
716 if (!(RelSD
->Control
& SE_SELF_RELATIVE
))
717 return STATUS_BAD_DESCRIPTOR_FORMAT
;
719 RtlpQuerySecurityDescriptor (RelSD
,
729 if (OwnerLength
> *OwnerSize
||
730 GroupLength
> *GroupSize
||
731 DaclLength
> *DaclSize
||
732 SaclLength
> *SaclSize
)
733 return STATUS_BUFFER_TOO_SMALL
;
735 memmove (Owner
, pOwner
, OwnerLength
);
736 memmove (Group
, pGroup
, GroupLength
);
737 memmove (Dacl
, pDacl
, DaclLength
);
738 memmove (Sacl
, pSacl
, SaclLength
);
740 memmove (AbsSD
, RelSD
, sizeof (SECURITY_DESCRIPTOR
));
742 AbsSD
->Control
&= ~SE_SELF_RELATIVE
;
743 AbsSD
->Owner
= Owner
;
744 AbsSD
->Group
= Group
;
748 *OwnerSize
= OwnerLength
;
749 *GroupSize
= GroupLength
;
750 *DaclSize
= DaclLength
;
751 *SaclSize
= SaclLength
;
753 return STATUS_SUCCESS
;
761 RtlSelfRelativeToAbsoluteSD2(
762 PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
767 return STATUS_NOT_IMPLEMENTED
;
775 RtlValidRelativeSecurityDescriptor (
776 IN PSECURITY_DESCRIPTOR SecurityDescriptorInput
,
777 IN ULONG SecurityDescriptorLength
,
778 IN SECURITY_INFORMATION RequiredInformation