2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * FILE: lib/rtl/security.c
5 * PURPOSE: Security related functions and Security Objects
6 * PROGRAMMER: Eric Kohl
9 /* INCLUDES *****************************************************************/
16 /* FUNCTIONS ***************************************************************/
22 RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
)
25 HANDLE ImpersonationToken
;
27 OBJECT_ATTRIBUTES ObjAttr
;
28 SECURITY_QUALITY_OF_SERVICE Sqos
;
32 Status
= ZwOpenProcessToken(NtCurrentProcess(),
35 if (!NT_SUCCESS(Status
))
37 DPRINT1("NtOpenProcessToken() failed (Status %lx)\n", Status
);
41 Sqos
.Length
= sizeof(SECURITY_QUALITY_OF_SERVICE
);
42 Sqos
.ImpersonationLevel
= ImpersonationLevel
;
43 Sqos
.ContextTrackingMode
= 0;
44 Sqos
.EffectiveOnly
= FALSE
;
46 InitializeObjectAttributes(
54 ObjAttr
.SecurityQualityOfService
= &Sqos
;
56 Status
= ZwDuplicateToken(ProcessToken
,
59 Sqos
.EffectiveOnly
, /* why both here _and_ in Sqos? */
62 if (!NT_SUCCESS(Status
))
64 DPRINT1("NtDuplicateToken() failed (Status %lx)\n", Status
);
65 NtClose(ProcessToken
);
69 Status
= ZwSetInformationThread(NtCurrentThread(),
70 ThreadImpersonationToken
,
73 if (!NT_SUCCESS(Status
))
75 DPRINT1("NtSetInformationThread() failed (Status %lx)\n", Status
);
78 ZwClose(ImpersonationToken
);
79 ZwClose(ProcessToken
);
89 RtlAcquirePrivilege(IN PULONG Privilege
,
92 OUT PVOID
*ReturnedState
)
95 return STATUS_NOT_IMPLEMENTED
;
103 RtlReleasePrivilege(IN PVOID ReturnedState
)
112 RtlAdjustPrivilege(IN ULONG Privilege
,
114 IN BOOLEAN CurrentThread
,
115 OUT PBOOLEAN Enabled
)
117 TOKEN_PRIVILEGES NewState
;
118 TOKEN_PRIVILEGES OldState
;
125 DPRINT ("RtlAdjustPrivilege() called\n");
129 Status
= ZwOpenThreadToken (NtCurrentThread (),
130 TOKEN_ADJUST_PRIVILEGES
| TOKEN_QUERY
,
136 Status
= ZwOpenProcessToken (NtCurrentProcess (),
137 TOKEN_ADJUST_PRIVILEGES
| TOKEN_QUERY
,
141 if (!NT_SUCCESS (Status
))
143 DPRINT1 ("Retrieving token handle failed (Status %lx)\n", Status
);
147 OldState
.PrivilegeCount
= 1;
149 NewState
.PrivilegeCount
= 1;
150 NewState
.Privileges
[0].Luid
.LowPart
= Privilege
;
151 NewState
.Privileges
[0].Luid
.HighPart
= 0;
152 NewState
.Privileges
[0].Attributes
= (Enable
) ? SE_PRIVILEGE_ENABLED
: 0;
154 Status
= ZwAdjustPrivilegesToken (TokenHandle
,
157 sizeof(TOKEN_PRIVILEGES
),
160 ZwClose (TokenHandle
);
161 if (Status
== STATUS_NOT_ALL_ASSIGNED
)
163 DPRINT1 ("Failed to assign all privileges\n");
164 return STATUS_PRIVILEGE_NOT_HELD
;
166 if (!NT_SUCCESS(Status
))
168 DPRINT1 ("NtAdjustPrivilegesToken() failed (Status %lx)\n", Status
);
172 if (OldState
.PrivilegeCount
== 0)
178 *Enabled
= (OldState
.Privileges
[0].Attributes
& SE_PRIVILEGE_ENABLED
);
181 DPRINT ("RtlAdjustPrivilege() done\n");
183 return STATUS_SUCCESS
;
191 RtlDeleteSecurityObject(IN PSECURITY_DESCRIPTOR
*ObjectDescriptor
)
193 DPRINT("RtlDeleteSecurityObject(%p)\n", ObjectDescriptor
);
195 RtlFreeHeap(RtlGetProcessHeap(),
199 return STATUS_SUCCESS
;
208 RtlNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor
,
209 IN PSECURITY_DESCRIPTOR CreatorDescriptor
,
210 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
,
211 IN BOOLEAN IsDirectoryObject
,
213 IN PGENERIC_MAPPING GenericMapping
)
216 return STATUS_NOT_IMPLEMENTED
;
225 RtlQuerySecurityObject(IN PSECURITY_DESCRIPTOR ObjectDescriptor
,
226 IN SECURITY_INFORMATION SecurityInformation
,
227 OUT PSECURITY_DESCRIPTOR ResultantDescriptor
,
228 IN ULONG DescriptorLength
,
229 OUT PULONG ReturnLength
)
232 SECURITY_DESCRIPTOR desc
;
233 BOOLEAN defaulted
, present
;
237 Status
= RtlCreateSecurityDescriptor(&desc
, SECURITY_DESCRIPTOR_REVISION
);
238 if (!NT_SUCCESS(Status
)) return Status
;
240 if (SecurityInformation
& OWNER_SECURITY_INFORMATION
)
242 Status
= RtlGetOwnerSecurityDescriptor(ObjectDescriptor
, &psid
, &defaulted
);
243 if (!NT_SUCCESS(Status
)) return Status
;
244 Status
= RtlSetOwnerSecurityDescriptor(&desc
, psid
, defaulted
);
245 if (!NT_SUCCESS(Status
)) return Status
;
248 if (SecurityInformation
& GROUP_SECURITY_INFORMATION
)
250 Status
= RtlGetGroupSecurityDescriptor(ObjectDescriptor
, &psid
, &defaulted
);
251 if (!NT_SUCCESS(Status
)) return Status
;
252 Status
= RtlSetGroupSecurityDescriptor(&desc
, psid
, defaulted
);
253 if (!NT_SUCCESS(Status
)) return Status
;
256 if (SecurityInformation
& DACL_SECURITY_INFORMATION
)
258 Status
= RtlGetDaclSecurityDescriptor(ObjectDescriptor
, &present
, &pacl
, &defaulted
);
259 if (!NT_SUCCESS(Status
)) return Status
;
260 Status
= RtlSetDaclSecurityDescriptor(&desc
, present
, pacl
, defaulted
);
261 if (!NT_SUCCESS(Status
)) return Status
;
264 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
266 Status
= RtlGetSaclSecurityDescriptor(ObjectDescriptor
, &present
, &pacl
, &defaulted
);
267 if (!NT_SUCCESS(Status
)) return Status
;
268 Status
= RtlSetSaclSecurityDescriptor(&desc
, present
, pacl
, defaulted
);
269 if (!NT_SUCCESS(Status
)) return Status
;
272 *ReturnLength
= DescriptorLength
;
273 return RtlAbsoluteToSelfRelativeSD(&desc
, ResultantDescriptor
, ReturnLength
);
282 RtlSetSecurityObject(IN SECURITY_INFORMATION SecurityInformation
,
283 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
284 OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
285 IN PGENERIC_MAPPING GenericMapping
,
289 return STATUS_NOT_IMPLEMENTED
;
297 RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback
)
300 return STATUS_NOT_IMPLEMENTED
;
308 RtlFlushSecureMemoryCache(IN PVOID MemoryCache
,
309 IN OPTIONAL SIZE_T MemoryLength
)