2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: Security descriptor functions
6 * PROGRAMER: David Welch <welch@cwcom.net>
9 /* INCLUDES *****************************************************************/
16 /* FUNCTIONS ***************************************************************/
20 RtlpQuerySecurityDescriptorPointers(IN PISECURITY_DESCRIPTOR SecurityDescriptor
,
21 OUT PSID
*Owner OPTIONAL
,
22 OUT PSID
*Group OPTIONAL
,
23 OUT PACL
*Sacl OPTIONAL
,
24 OUT PACL
*Dacl OPTIONAL
)
26 if (SecurityDescriptor
->Control
& SE_SELF_RELATIVE
)
28 PISECURITY_DESCRIPTOR_RELATIVE RelSD
= (PISECURITY_DESCRIPTOR_RELATIVE
)SecurityDescriptor
;
31 *Owner
= ((RelSD
->Owner
!= 0) ? (PSID
)((ULONG_PTR
)RelSD
+ RelSD
->Owner
) : NULL
);
35 *Group
= ((RelSD
->Group
!= 0) ? (PSID
)((ULONG_PTR
)RelSD
+ RelSD
->Group
) : NULL
);
39 *Sacl
= (((RelSD
->Control
& SE_SACL_PRESENT
) && (RelSD
->Sacl
!= 0)) ?
40 (PSID
)((ULONG_PTR
)RelSD
+ RelSD
->Sacl
) : NULL
);
44 *Dacl
= (((RelSD
->Control
& SE_DACL_PRESENT
) && (RelSD
->Dacl
!= 0)) ?
45 (PSID
)((ULONG_PTR
)RelSD
+ RelSD
->Dacl
) : NULL
);
52 *Owner
= SecurityDescriptor
->Owner
;
56 *Group
= SecurityDescriptor
->Group
;
60 *Sacl
= ((SecurityDescriptor
->Control
& SE_SACL_PRESENT
) ? SecurityDescriptor
->Sacl
: NULL
);
64 *Dacl
= ((SecurityDescriptor
->Control
& SE_DACL_PRESENT
) ? SecurityDescriptor
->Dacl
: NULL
);
70 RtlpQuerySecurityDescriptor(PISECURITY_DESCRIPTOR SecurityDescriptor
,
80 RtlpQuerySecurityDescriptorPointers(SecurityDescriptor
,
88 *OwnerLength
= ((*Owner
!= NULL
) ? ROUND_UP(RtlLengthSid(*Owner
), 4) : 0);
93 *GroupLength
= ((*Group
!= NULL
) ? ROUND_UP(RtlLengthSid(*Group
), 4) : 0);
98 *DaclLength
= ((*Dacl
!= NULL
) ? ROUND_UP((*Dacl
)->AclSize
, 4) : 0);
103 *SaclLength
= ((*Sacl
!= NULL
) ? ROUND_UP((*Sacl
)->AclSize
, 4) : 0);
111 RtlCreateSecurityDescriptor(OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
114 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
118 if (Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
120 return STATUS_UNKNOWN_REVISION
;
123 pSD
->Revision
= SECURITY_DESCRIPTOR_REVISION1
;
131 return STATUS_SUCCESS
;
138 RtlCopySecurityDescriptor(IN PSECURITY_DESCRIPTOR pSourceSecurityDescriptor
,
139 OUT PSECURITY_DESCRIPTOR pDestinationSecurityDescriptor
)
141 PSID Owner
= NULL
, Group
= NULL
;
142 PACL Dacl
= NULL
, Sacl
= NULL
;
143 BOOLEAN Defaulted
, Present
;
144 DWORD OwnerLength
, GroupLength
;
145 PISECURITY_DESCRIPTOR srcSD
= pSourceSecurityDescriptor
;
146 PISECURITY_DESCRIPTOR destSD
= pDestinationSecurityDescriptor
;
148 if (srcSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION
)
149 return STATUS_UNKNOWN_REVISION
;
151 /* Copy non relative dependent data */
152 destSD
->Revision
= srcSD
->Revision
;
153 destSD
->Sbz1
= srcSD
->Sbz1
;
154 destSD
->Control
= srcSD
->Control
;
156 /* Read relative data */
157 RtlGetOwnerSecurityDescriptor(srcSD
, &Owner
, &Defaulted
);
158 OwnerLength
= RtlLengthSid(Owner
);
159 RtlGetGroupSecurityDescriptor(srcSD
, &Group
, &Defaulted
);
160 GroupLength
= RtlLengthSid(Group
);
161 RtlGetDaclSecurityDescriptor(srcSD
, &Present
, &Dacl
, &Defaulted
);
162 RtlGetSaclSecurityDescriptor(srcSD
, &Present
, &Sacl
, &Defaulted
);
164 if (srcSD
->Control
& SE_SELF_RELATIVE
)
166 destSD
->Owner
= srcSD
->Owner
;
167 RtlCopySid(OwnerLength
, (LPBYTE
)destSD
+ (DWORD_PTR
)destSD
->Owner
, Owner
);
169 destSD
->Group
= srcSD
->Group
;
170 RtlCopySid(GroupLength
, (LPBYTE
)destSD
+ (DWORD_PTR
)destSD
->Group
, Group
);
172 if (srcSD
->Control
& SE_DACL_PRESENT
)
174 destSD
->Dacl
= srcSD
->Dacl
;
176 if(srcSD
->Dacl
!= NULL
&& RtlValidAcl(srcSD
->Dacl
))
178 RtlCopyMemory(((LPBYTE
)destSD
+ (DWORD_PTR
)destSD
->Dacl
), Dacl
, Dacl
->AclSize
);
182 if (srcSD
->Control
& SE_SACL_PRESENT
)
184 destSD
->Sacl
= srcSD
->Sacl
;
186 if(srcSD
->Sacl
!= NULL
&& RtlValidAcl(srcSD
->Sacl
))
188 RtlCopyMemory(((LPBYTE
)destSD
+ (DWORD_PTR
)destSD
->Sacl
), Sacl
, Sacl
->AclSize
);
194 RtlCopySid(OwnerLength
, destSD
->Owner
, Owner
);
195 RtlCopySid(GroupLength
, destSD
->Group
, Group
);
197 if (srcSD
->Control
& SE_DACL_PRESENT
)
199 destSD
->Dacl
= RtlAllocateHeap(RtlGetProcessHeap(), 0, Dacl
->AclSize
);
201 if(srcSD
->Dacl
!= NULL
&& RtlValidAcl(srcSD
->Dacl
))
203 RtlCopyMemory(destSD
->Dacl
, Dacl
, Dacl
->AclSize
);
207 if (srcSD
->Control
& SE_SACL_PRESENT
)
209 destSD
->Sacl
= RtlAllocateHeap(RtlGetProcessHeap(), 0, Sacl
->AclSize
);
211 if(srcSD
->Sacl
!= NULL
&& RtlValidAcl(srcSD
->Sacl
))
213 RtlCopyMemory(destSD
->Sacl
, Sacl
, Sacl
->AclSize
);
218 return STATUS_SUCCESS
;
223 RtlCreateSecurityDescriptorRelative (OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor
,
228 if (Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
230 return STATUS_UNKNOWN_REVISION
;
233 SecurityDescriptor
->Revision
= SECURITY_DESCRIPTOR_REVISION1
;
234 SecurityDescriptor
->Sbz1
= 0;
235 SecurityDescriptor
->Control
= SE_SELF_RELATIVE
;
236 SecurityDescriptor
->Owner
= 0;
237 SecurityDescriptor
->Group
= 0;
238 SecurityDescriptor
->Sacl
= 0;
239 SecurityDescriptor
->Dacl
= 0;
241 return STATUS_SUCCESS
;
249 RtlLengthSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor
)
253 ULONG Length
= sizeof(SECURITY_DESCRIPTOR
);
257 RtlpQuerySecurityDescriptorPointers((PISECURITY_DESCRIPTOR
)SecurityDescriptor
,
265 Length
+= ROUND_UP(RtlLengthSid(Owner
), 4);
270 Length
+= ROUND_UP(RtlLengthSid(Group
), 4);
275 Length
+= ROUND_UP(Dacl
->AclSize
, 4);
280 Length
+= ROUND_UP(Sacl
->AclSize
, 4);
291 RtlGetDaclSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
292 OUT PBOOLEAN DaclPresent
,
294 OUT PBOOLEAN DaclDefaulted
)
296 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
300 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
302 return STATUS_UNKNOWN_REVISION
;
305 if (!(pSD
->Control
& SE_DACL_PRESENT
))
307 *DaclPresent
= FALSE
;
308 return STATUS_SUCCESS
;
312 RtlpQuerySecurityDescriptorPointers(pSD
,
318 *DaclDefaulted
= ((pSD
->Control
& SE_DACL_DEFAULTED
) ? TRUE
: FALSE
);
320 return STATUS_SUCCESS
;
328 RtlSetDaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
329 IN BOOLEAN DaclPresent
,
331 IN BOOLEAN DaclDefaulted
)
333 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
337 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
339 return STATUS_UNKNOWN_REVISION
;
342 if (pSD
->Control
& SE_SELF_RELATIVE
)
344 return STATUS_BAD_DESCRIPTOR_FORMAT
;
349 pSD
->Control
= pSD
->Control
& ~(SE_DACL_PRESENT
);
350 return STATUS_SUCCESS
;
354 pSD
->Control
|= SE_DACL_PRESENT
;
355 pSD
->Control
&= ~(SE_DACL_DEFAULTED
);
359 pSD
->Control
|= SE_DACL_DEFAULTED
;
362 return STATUS_SUCCESS
;
370 RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor
)
372 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
378 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
383 RtlpQuerySecurityDescriptorPointers(pSD
,
389 if ((Owner
!= NULL
&& !RtlValidSid(Owner
)) ||
390 (Group
!= NULL
&& !RtlValidSid(Group
)) ||
391 (Sacl
!= NULL
&& !RtlValidAcl(Sacl
)) ||
392 (Dacl
!= NULL
&& !RtlValidAcl(Dacl
)))
405 RtlSetOwnerSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
407 IN BOOLEAN OwnerDefaulted
)
409 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
413 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
415 return STATUS_UNKNOWN_REVISION
;
418 if (pSD
->Control
& SE_SELF_RELATIVE
)
420 return STATUS_BAD_DESCRIPTOR_FORMAT
;
424 pSD
->Control
&= ~(SE_OWNER_DEFAULTED
);
428 pSD
->Control
|= SE_OWNER_DEFAULTED
;
431 return STATUS_SUCCESS
;
439 RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
441 OUT PBOOLEAN OwnerDefaulted
)
443 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
447 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
449 return STATUS_UNKNOWN_REVISION
;
452 RtlpQuerySecurityDescriptorPointers(pSD
,
458 *OwnerDefaulted
= ((pSD
->Control
& SE_OWNER_DEFAULTED
) ? TRUE
: FALSE
);
460 return STATUS_SUCCESS
;
468 RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
470 IN BOOLEAN GroupDefaulted
)
472 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
476 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
478 return STATUS_UNKNOWN_REVISION
;
481 if (pSD
->Control
& SE_SELF_RELATIVE
)
483 return STATUS_BAD_DESCRIPTOR_FORMAT
;
487 pSD
->Control
&= ~(SE_GROUP_DEFAULTED
);
490 pSD
->Control
|= SE_GROUP_DEFAULTED
;
493 return STATUS_SUCCESS
;
501 RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
503 OUT PBOOLEAN GroupDefaulted
)
505 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
509 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
511 return STATUS_UNKNOWN_REVISION
;
514 RtlpQuerySecurityDescriptorPointers(pSD
,
520 *GroupDefaulted
= ((pSD
->Control
& SE_GROUP_DEFAULTED
) ? TRUE
: FALSE
);
522 return STATUS_SUCCESS
;
530 RtlMakeSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSD
,
531 OUT PSECURITY_DESCRIPTOR SelfRelativeSD
,
532 IN OUT PULONG BufferLength
)
544 PISECURITY_DESCRIPTOR pAbsSD
= (PISECURITY_DESCRIPTOR
)AbsoluteSD
;
545 PISECURITY_DESCRIPTOR_RELATIVE pRelSD
= (PISECURITY_DESCRIPTOR_RELATIVE
)SelfRelativeSD
;
549 RtlpQuerySecurityDescriptor(pAbsSD
,
559 TotalLength
= sizeof(SECURITY_DESCRIPTOR_RELATIVE
) + OwnerLength
+ GroupLength
+ SaclLength
+ DaclLength
;
560 if (*BufferLength
< TotalLength
)
562 *BufferLength
= TotalLength
;
563 return STATUS_BUFFER_TOO_SMALL
;
566 RtlZeroMemory(pRelSD
,
569 pRelSD
->Revision
= pAbsSD
->Revision
;
570 pRelSD
->Sbz1
= pAbsSD
->Sbz1
;
571 pRelSD
->Control
= pAbsSD
->Control
| SE_SELF_RELATIVE
;
573 Current
= (ULONG_PTR
)(pRelSD
+ 1);
577 RtlCopyMemory((PVOID
)Current
,
580 pRelSD
->Sacl
= (ULONG
)((ULONG_PTR
)Current
- (ULONG_PTR
)pRelSD
);
581 Current
+= SaclLength
;
586 RtlCopyMemory((PVOID
)Current
,
589 pRelSD
->Dacl
= (ULONG
)((ULONG_PTR
)Current
- (ULONG_PTR
)pRelSD
);
590 Current
+= DaclLength
;
593 if (OwnerLength
!= 0)
595 RtlCopyMemory((PVOID
)Current
,
598 pRelSD
->Owner
= (ULONG
)((ULONG_PTR
)Current
- (ULONG_PTR
)pRelSD
);
599 Current
+= OwnerLength
;
602 if (GroupLength
!= 0)
604 RtlCopyMemory((PVOID
)Current
,
607 pRelSD
->Group
= (ULONG
)((ULONG_PTR
)Current
- (ULONG_PTR
)pRelSD
);
610 return STATUS_SUCCESS
;
618 RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
619 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
620 IN PULONG BufferLength
)
622 PISECURITY_DESCRIPTOR pAbsSD
= (PISECURITY_DESCRIPTOR
)AbsoluteSecurityDescriptor
;
626 if (pAbsSD
->Control
& SE_SELF_RELATIVE
)
628 return STATUS_BAD_DESCRIPTOR_FORMAT
;
631 return RtlMakeSelfRelativeSD(AbsoluteSecurityDescriptor
,
632 SelfRelativeSecurityDescriptor
,
641 RtlGetControlSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
642 OUT PSECURITY_DESCRIPTOR_CONTROL Control
,
645 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
649 *Revision
= pSD
->Revision
;
651 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
653 return STATUS_UNKNOWN_REVISION
;
656 *Control
= pSD
->Control
;
658 return STATUS_SUCCESS
;
666 RtlSetControlSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
667 IN SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest
,
668 IN SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet
)
670 SECURITY_DESCRIPTOR_CONTROL
const immutable
671 = SE_OWNER_DEFAULTED
| SE_GROUP_DEFAULTED
672 | SE_DACL_PRESENT
| SE_DACL_DEFAULTED
673 | SE_SACL_PRESENT
| SE_SACL_DEFAULTED
674 | SE_RM_CONTROL_VALID
| SE_SELF_RELATIVE
677 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
681 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
683 return STATUS_UNKNOWN_REVISION
;
686 if ((ControlBitsOfInterest
| ControlBitsToSet
) & immutable
)
687 return STATUS_INVALID_PARAMETER
;
689 /* Zero the 'bits of interest' */
690 pSD
->Control
&= ~ControlBitsOfInterest
;
692 /* Set the 'bits to set' */
693 pSD
->Control
|= (ControlBitsToSet
& ControlBitsOfInterest
);
695 return STATUS_SUCCESS
;
703 RtlGetSaclSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
704 OUT PBOOLEAN SaclPresent
,
706 OUT PBOOLEAN SaclDefaulted
)
708 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
712 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
714 return STATUS_UNKNOWN_REVISION
;
717 if (!(pSD
->Control
& SE_SACL_PRESENT
))
719 *SaclPresent
= FALSE
;
720 return STATUS_SUCCESS
;
724 RtlpQuerySecurityDescriptorPointers(pSD
,
730 *SaclDefaulted
= ((pSD
->Control
& SE_SACL_DEFAULTED
) ? TRUE
: FALSE
);
732 return STATUS_SUCCESS
;
740 RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
741 IN BOOLEAN SaclPresent
,
743 IN BOOLEAN SaclDefaulted
)
745 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
749 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
751 return STATUS_UNKNOWN_REVISION
;
754 if (pSD
->Control
& SE_SELF_RELATIVE
)
756 return STATUS_BAD_DESCRIPTOR_FORMAT
;
761 pSD
->Control
&= ~(SE_SACL_PRESENT
);
762 return STATUS_SUCCESS
;
766 pSD
->Control
|= SE_SACL_PRESENT
;
767 pSD
->Control
&= ~(SE_SACL_DEFAULTED
);
771 pSD
->Control
|= SE_SACL_DEFAULTED
;
774 return STATUS_SUCCESS
;
782 RtlSelfRelativeToAbsoluteSD(IN PSECURITY_DESCRIPTOR SelfRelativeSD
,
783 OUT PSECURITY_DESCRIPTOR AbsoluteSD
,
784 IN PULONG AbsoluteSDSize
,
791 IN PSID PrimaryGroup
,
792 IN PULONG PrimaryGroupSize
)
794 PISECURITY_DESCRIPTOR pAbsSD
= (PISECURITY_DESCRIPTOR
)AbsoluteSD
;
795 PISECURITY_DESCRIPTOR pRelSD
= (PISECURITY_DESCRIPTOR
)SelfRelativeSD
;
807 if (pRelSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
809 return STATUS_UNKNOWN_REVISION
;
812 if (!(pRelSD
->Control
& SE_SELF_RELATIVE
))
814 return STATUS_BAD_DESCRIPTOR_FORMAT
;
817 RtlpQuerySecurityDescriptor (pRelSD
,
827 if (OwnerLength
> *OwnerSize
||
828 GroupLength
> *PrimaryGroupSize
||
829 DaclLength
> *DaclSize
||
830 SaclLength
> *SaclSize
)
832 *OwnerSize
= OwnerLength
;
833 *PrimaryGroupSize
= GroupLength
;
834 *DaclSize
= DaclLength
;
835 *SaclSize
= SaclLength
;
836 return STATUS_BUFFER_TOO_SMALL
;
839 RtlCopyMemory (Owner
, pOwner
, OwnerLength
);
840 RtlCopyMemory (PrimaryGroup
, pGroup
, GroupLength
);
841 RtlCopyMemory (Dacl
, pDacl
, DaclLength
);
842 RtlCopyMemory (Sacl
, pSacl
, SaclLength
);
844 pAbsSD
->Revision
= pRelSD
->Revision
;
845 pAbsSD
->Sbz1
= pRelSD
->Sbz1
;
846 pAbsSD
->Control
= pRelSD
->Control
& ~SE_SELF_RELATIVE
;
847 pAbsSD
->Owner
= Owner
;
848 pAbsSD
->Group
= PrimaryGroup
;
852 *OwnerSize
= OwnerLength
;
853 *PrimaryGroupSize
= GroupLength
;
854 *DaclSize
= DaclLength
;
855 *SaclSize
= SaclLength
;
857 return STATUS_SUCCESS
;
865 RtlSelfRelativeToAbsoluteSD2(IN OUT PSECURITY_DESCRIPTOR SelfRelativeSD
,
866 OUT PULONG BufferSize
)
868 PISECURITY_DESCRIPTOR pAbsSD
= (PISECURITY_DESCRIPTOR
)SelfRelativeSD
;
869 PISECURITY_DESCRIPTOR_RELATIVE pRelSD
= (PISECURITY_DESCRIPTOR_RELATIVE
)SelfRelativeSD
;
871 PVOID DataStart
, DataEnd
;
886 if (SelfRelativeSD
== NULL
)
888 return STATUS_INVALID_PARAMETER_1
;
890 if (BufferSize
== NULL
)
892 return STATUS_INVALID_PARAMETER_2
;
895 if (pRelSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
897 return STATUS_UNKNOWN_REVISION
;
899 if (!(pRelSD
->Control
& SE_SELF_RELATIVE
))
901 return STATUS_BAD_DESCRIPTOR_FORMAT
;
906 RtlpQuerySecurityDescriptor((PISECURITY_DESCRIPTOR
)pRelSD
,
916 /* calculate the start and end of the data area, we simply just move the
917 data by the difference between the size of the relative and absolute
918 security descriptor structure */
920 DataEnd
= (PVOID
)((ULONG_PTR
)pOwner
+ OwnerLength
);
923 if (((ULONG_PTR
)pGroup
< (ULONG_PTR
)DataStart
) || DataStart
== NULL
)
925 if (((ULONG_PTR
)pGroup
+ GroupLength
> (ULONG_PTR
)DataEnd
) || DataEnd
== NULL
)
926 DataEnd
= (PVOID
)((ULONG_PTR
)pGroup
+ GroupLength
);
930 if (((ULONG_PTR
)pDacl
< (ULONG_PTR
)DataStart
) || DataStart
== NULL
)
932 if (((ULONG_PTR
)pDacl
+ DaclLength
> (ULONG_PTR
)DataEnd
) || DataEnd
== NULL
)
933 DataEnd
= (PVOID
)((ULONG_PTR
)pDacl
+ DaclLength
);
937 if (((ULONG_PTR
)pSacl
< (ULONG_PTR
)DataStart
) || DataStart
== NULL
)
939 if (((ULONG_PTR
)pSacl
+ SaclLength
> (ULONG_PTR
)DataEnd
) || DataEnd
== NULL
)
940 DataEnd
= (PVOID
)((ULONG_PTR
)pSacl
+ SaclLength
);
943 ASSERT((ULONG_PTR
)DataEnd
>= (ULONG_PTR
)DataStart
);
945 DataSize
= (ULONG
)((ULONG_PTR
)DataEnd
- (ULONG_PTR
)DataStart
);
947 if (*BufferSize
< sizeof(SECURITY_DESCRIPTOR
) + DataSize
)
949 *BufferSize
= sizeof(SECURITY_DESCRIPTOR
) + DataSize
;
950 return STATUS_BUFFER_TOO_SMALL
;
955 /* if DataSize != 0 ther must be at least one SID or ACL in the security
956 descriptor! Also the data area must be located somewhere after the
957 end of the SECURITY_DESCRIPTOR_RELATIVE structure */
958 ASSERT(DataStart
!= NULL
);
959 ASSERT((ULONG_PTR
)DataStart
>= (ULONG_PTR
)(pRelSD
+ 1));
961 /* it's time to move the data */
962 RtlMoveMemory((PVOID
)(pAbsSD
+ 1),
966 MoveDelta
= (LONG
)((LONG_PTR
)(pAbsSD
+ 1) - (LONG_PTR
)DataStart
);
968 /* adjust the pointers if neccessary */
970 pAbsSD
->Owner
= (PSID
)((LONG_PTR
)pOwner
+ MoveDelta
);
972 pAbsSD
->Owner
= NULL
;
975 pAbsSD
->Group
= (PSID
)((LONG_PTR
)pGroup
+ MoveDelta
);
977 pAbsSD
->Group
= NULL
;
980 pAbsSD
->Sacl
= (PACL
)((LONG_PTR
)pSacl
+ MoveDelta
);
985 pAbsSD
->Dacl
= (PACL
)((LONG_PTR
)pDacl
+ MoveDelta
);
991 /* all pointers must be NULL! */
992 ASSERT(pOwner
== NULL
);
993 ASSERT(pGroup
== NULL
);
994 ASSERT(pSacl
== NULL
);
995 ASSERT(pDacl
== NULL
);
997 pAbsSD
->Owner
= NULL
;
998 pAbsSD
->Group
= NULL
;
1000 pAbsSD
->Dacl
= NULL
;
1003 /* clear the self-relative flag */
1004 pAbsSD
->Control
&= ~SE_SELF_RELATIVE
;
1008 RtlpQuerySecurityDescriptorPointers((PISECURITY_DESCRIPTOR
)pRelSD
,
1014 /* clear the self-relative flag and simply convert the offsets to pointers */
1015 pAbsSD
->Control
&= ~SE_SELF_RELATIVE
;
1016 pAbsSD
->Owner
= pOwner
;
1017 pAbsSD
->Group
= pGroup
;
1018 pAbsSD
->Sacl
= pSacl
;
1019 pAbsSD
->Dacl
= pDacl
;
1023 return STATUS_SUCCESS
;
1031 RtlValidRelativeSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptorInput
,
1032 IN ULONG SecurityDescriptorLength
,
1033 IN SECURITY_INFORMATION RequiredInformation
)
1035 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptorInput
;
1039 if (SecurityDescriptorLength
< sizeof(SECURITY_DESCRIPTOR_RELATIVE
) ||
1040 pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
||
1041 !(pSD
->Control
& SE_SELF_RELATIVE
))
1046 if (pSD
->Owner
!= 0)
1048 PSID Owner
= (PSID
)((ULONG_PTR
)pSD
->Owner
+ (ULONG_PTR
)pSD
);
1049 if (!RtlValidSid(Owner
))
1054 else if (RequiredInformation
& OWNER_SECURITY_INFORMATION
)
1059 if (pSD
->Group
!= 0)
1061 PSID Group
= (PSID
)((ULONG_PTR
)pSD
->Group
+ (ULONG_PTR
)pSD
);
1062 if (!RtlValidSid(Group
))
1067 else if (RequiredInformation
& GROUP_SECURITY_INFORMATION
)
1072 if (pSD
->Control
& SE_DACL_PRESENT
)
1074 if (pSD
->Dacl
!= 0 &&
1075 !RtlValidAcl((PACL
)((ULONG_PTR
)pSD
->Dacl
+ (ULONG_PTR
)pSD
)))
1080 else if (RequiredInformation
& DACL_SECURITY_INFORMATION
)
1085 if (pSD
->Control
& SE_SACL_PRESENT
)
1087 if (pSD
->Sacl
!= 0 &&
1088 !RtlValidAcl((PACL
)((ULONG_PTR
)pSD
->Sacl
+ (ULONG_PTR
)pSD
)))
1093 else if (RequiredInformation
& SACL_SECURITY_INFORMATION
)
1106 RtlGetSecurityDescriptorRMControl(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1107 OUT PUCHAR RMControl
)
1109 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
1113 if (!(pSD
->Control
& SE_RM_CONTROL_VALID
))
1119 *RMControl
= pSD
->Sbz1
;
1129 RtlSetSecurityDescriptorRMControl(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
1130 IN PUCHAR RMControl
)
1132 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
1136 if (RMControl
== NULL
)
1138 pSD
->Control
&= ~SE_RM_CONTROL_VALID
;
1143 pSD
->Control
|= SE_RM_CONTROL_VALID
;
1144 pSD
->Sbz1
= *RMControl
;
1153 RtlSetAttributesSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
1154 IN SECURITY_DESCRIPTOR_CONTROL Control
,
1155 OUT PULONG Revision
)
1157 PISECURITY_DESCRIPTOR pSD
= (PISECURITY_DESCRIPTOR
)SecurityDescriptor
;
1161 *Revision
= pSD
->Revision
;
1163 if (pSD
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
1164 return STATUS_UNKNOWN_REVISION
;
1167 ~(SE_OWNER_DEFAULTED
| SE_GROUP_DEFAULTED
| SE_DACL_PRESENT
|
1168 SE_DACL_DEFAULTED
| SE_SACL_PRESENT
| SE_SACL_DEFAULTED
|
1169 SE_RM_CONTROL_VALID
| SE_SELF_RELATIVE
);
1171 return RtlSetControlSecurityDescriptor(SecurityDescriptor
,