2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS kernel
4 * PURPOSE: Security manager
5 * FILE: ntoskrnl/ob/security.c
8 * 26/07/98: Added stubs for security functions
11 /* INCLUDES *****************************************************************/
13 #include <ddk/ntddk.h>
14 #include <internal/ob.h>
16 #include <internal/debug.h>
18 /* FUNCTIONS ***************************************************************/
24 ObAssignSecurity(IN PACCESS_STATE AccessState
,
25 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
29 PSECURITY_DESCRIPTOR NewDescriptor
;
32 /* Build the new security descriptor */
33 Status
= SeAssignSecurity(SecurityDescriptor
,
34 AccessState
->SecurityDescriptor
,
36 (Type
== ObDirectoryType
),
37 &AccessState
->SubjectSecurityContext
,
40 if (!NT_SUCCESS(Status
))
43 if (Type
->Security
!= NULL
)
45 /* Call the security method */
46 Status
= Type
->Security(Object
,
47 AssignSecurityDescriptor
,
54 /* Assign the security descriptor to the object header */
55 Status
= ObpAddSecurityDescriptor(NewDescriptor
,
56 &(BODY_TO_HEADER(Object
)->SecurityDescriptor
));
59 /* Release the new security descriptor */
60 SeDeassignSecurity(&NewDescriptor
);
70 ObGetObjectSecurity(IN PVOID Object
,
71 OUT PSECURITY_DESCRIPTOR
*SecurityDescriptor
,
72 OUT PBOOLEAN MemoryAllocated
)
74 POBJECT_HEADER Header
;
78 Header
= BODY_TO_HEADER(Object
);
79 if (Header
->ObjectType
== NULL
)
80 return STATUS_UNSUCCESSFUL
;
82 if (Header
->ObjectType
->Security
== NULL
)
84 ObpReferenceCachedSecurityDescriptor(Header
->SecurityDescriptor
);
85 *SecurityDescriptor
= Header
->SecurityDescriptor
;
86 *MemoryAllocated
= FALSE
;
87 return STATUS_SUCCESS
;
90 /* Get the security descriptor size */
92 Status
= Header
->ObjectType
->Security(Object
,
93 QuerySecurityDescriptor
,
94 OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
|
95 DACL_SECURITY_INFORMATION
| SACL_SECURITY_INFORMATION
,
98 if (Status
!= STATUS_BUFFER_TOO_SMALL
)
101 /* Allocate security descriptor */
102 *SecurityDescriptor
= ExAllocatePool(NonPagedPool
,
104 if (*SecurityDescriptor
== NULL
)
105 return STATUS_INSUFFICIENT_RESOURCES
;
107 /* Query security descriptor */
108 Status
= Header
->ObjectType
->Security(Object
,
109 QuerySecurityDescriptor
,
110 OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
|
111 DACL_SECURITY_INFORMATION
| SACL_SECURITY_INFORMATION
,
114 if (!NT_SUCCESS(Status
))
116 ExFreePool(*SecurityDescriptor
);
120 *MemoryAllocated
= TRUE
;
122 return STATUS_SUCCESS
;
130 ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
131 IN BOOLEAN MemoryAllocated
)
133 if (SecurityDescriptor
== NULL
)
138 ExFreePool(SecurityDescriptor
);
142 ObpDereferenceCachedSecurityDescriptor(SecurityDescriptor
);
151 NtQuerySecurityObject(IN HANDLE Handle
,
152 IN SECURITY_INFORMATION SecurityInformation
,
153 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
155 OUT PULONG ResultLength
)
157 POBJECT_HEADER Header
;
159 PSECURITY_DESCRIPTOR ObjectSd
;
164 ULONG OwnerLength
= 0;
165 ULONG GroupLength
= 0;
166 ULONG DaclLength
= 0;
167 ULONG SaclLength
= 0;
172 Status
= ObReferenceObjectByHandle(Handle
,
173 (SecurityInformation
& SACL_SECURITY_INFORMATION
) ? ACCESS_SYSTEM_SECURITY
: 0,
178 if (!NT_SUCCESS(Status
))
183 Header
= BODY_TO_HEADER(Object
);
184 if (Header
->ObjectType
== NULL
)
186 ObDereferenceObject(Object
);
187 return STATUS_UNSUCCESSFUL
;
190 if (Header
->ObjectType
->Security
!= NULL
)
192 Status
= Header
->ObjectType
->Security(Object
,
193 QuerySecurityDescriptor
,
197 *ResultLength
= Length
;
201 ObjectSd
= Header
->SecurityDescriptor
;
203 if (ObjectSd
!= NULL
)
205 Control
= SE_SELF_RELATIVE
;
206 if ((SecurityInformation
& OWNER_SECURITY_INFORMATION
) &&
207 (ObjectSd
->Owner
!= NULL
))
209 Owner
= (PSID
)((ULONG_PTR
)ObjectSd
->Owner
+ (ULONG_PTR
)ObjectSd
);
210 OwnerLength
= ROUND_UP(RtlLengthSid(Owner
), 4);
211 Control
|= (ObjectSd
->Control
& SE_OWNER_DEFAULTED
);
214 if ((SecurityInformation
& GROUP_SECURITY_INFORMATION
) &&
215 (ObjectSd
->Group
!= NULL
))
217 Group
= (PSID
)((ULONG_PTR
)ObjectSd
->Group
+ (ULONG_PTR
)ObjectSd
);
218 GroupLength
= ROUND_UP(RtlLengthSid(Group
), 4);
219 Control
|= (ObjectSd
->Control
& SE_GROUP_DEFAULTED
);
222 if ((SecurityInformation
& DACL_SECURITY_INFORMATION
) &&
223 (ObjectSd
->Control
& SE_DACL_PRESENT
))
225 if (ObjectSd
->Dacl
!= NULL
)
227 Dacl
= (PACL
)((ULONG_PTR
)ObjectSd
->Dacl
+ (ULONG_PTR
)ObjectSd
);
228 DaclLength
= ROUND_UP((ULONG
)Dacl
->AclSize
, 4);
230 Control
|= (ObjectSd
->Control
& (SE_DACL_DEFAULTED
| SE_DACL_PRESENT
));
233 if ((SecurityInformation
& SACL_SECURITY_INFORMATION
) &&
234 (ObjectSd
->Control
& SE_SACL_PRESENT
))
236 if (ObjectSd
->Sacl
!= NULL
)
238 Sacl
= (PACL
)((ULONG_PTR
)ObjectSd
->Sacl
+ (ULONG_PTR
)ObjectSd
);
239 SaclLength
= ROUND_UP(Sacl
->AclSize
, 4);
241 Control
|= (ObjectSd
->Control
& (SE_SACL_DEFAULTED
| SE_SACL_PRESENT
));
244 *ResultLength
= OwnerLength
+ GroupLength
+
245 DaclLength
+ SaclLength
+ sizeof(SECURITY_DESCRIPTOR
);
246 if (Length
>= *ResultLength
)
248 RtlCreateSecurityDescriptor(SecurityDescriptor
,
249 SECURITY_DESCRIPTOR_REVISION1
);
250 SecurityDescriptor
->Control
= Control
;
252 Current
= (ULONG_PTR
)SecurityDescriptor
+ sizeof(SECURITY_DESCRIPTOR
);
254 if (OwnerLength
!= 0)
256 RtlCopyMemory((PVOID
)Current
,
259 SecurityDescriptor
->Owner
= (PSID
)(Current
- (ULONG_PTR
)SecurityDescriptor
);
260 Current
+= OwnerLength
;
263 if (GroupLength
!= 0)
265 RtlCopyMemory((PVOID
)Current
,
268 SecurityDescriptor
->Group
= (PSID
)(Current
- (ULONG_PTR
)SecurityDescriptor
);
269 Current
+= GroupLength
;
274 RtlCopyMemory((PVOID
)Current
,
277 SecurityDescriptor
->Dacl
= (PACL
)(Current
- (ULONG_PTR
)SecurityDescriptor
);
278 Current
+= DaclLength
;
283 RtlCopyMemory((PVOID
)Current
,
286 SecurityDescriptor
->Sacl
= (PACL
)(Current
- (ULONG_PTR
)SecurityDescriptor
);
287 Current
+= SaclLength
;
290 Status
= STATUS_SUCCESS
;
294 Status
= STATUS_BUFFER_TOO_SMALL
;
300 Status
= STATUS_UNSUCCESSFUL
;
304 ObDereferenceObject(Object
);
314 NtSetSecurityObject(IN HANDLE Handle
,
315 IN SECURITY_INFORMATION SecurityInformation
,
316 IN PSECURITY_DESCRIPTOR SecurityDescriptor
)
318 POBJECT_HEADER Header
;
322 Status
= ObReferenceObjectByHandle(Handle
,
323 (SecurityInformation
& SACL_SECURITY_INFORMATION
) ? ACCESS_SYSTEM_SECURITY
: 0,
328 if (!NT_SUCCESS(Status
))
333 Header
= BODY_TO_HEADER(Object
);
334 if (Header
->ObjectType
!= NULL
)
336 ObDereferenceObject(Object
);
337 return STATUS_UNSUCCESSFUL
;
340 if (Header
->ObjectType
->Security
!= NULL
)
342 Status
= Header
->ObjectType
->Security(Object
,
343 SetSecurityDescriptor
,
350 Status
= STATUS_NOT_IMPLEMENTED
;
353 ObDereferenceObject(Object
);