reactos/ntoskrnl/ob/security.c

   1 /* $Id$
   2  *
   3  * COPYRIGHT:       See COPYING in the top level directory
   4  * PROJECT:         ReactOS kernel
   5  * FILE:            ntoskrnl/ob/security.c
   6  * PURPOSE:         Security manager
   7  *
   8  * PROGRAMERS:      No programmer listed.
   9  */
  10
  11 /* INCLUDES *****************************************************************/
  12
  13 #include <ntoskrnl.h>
  14 #define NDEBUG
  15 #include <internal/debug.h>
  16
  17 /* FUNCTIONS ***************************************************************/
  18
  19 /*
  20  * @implemented
  21  */
  22 NTSTATUS STDCALL
  23 ObAssignSecurity(IN PACCESS_STATE AccessState,
  24                  IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  25                  IN PVOID Object,
  26                  IN POBJECT_TYPE Type)
  27 {
  28   PSECURITY_DESCRIPTOR NewDescriptor;
  29   NTSTATUS Status;
  30
  31   PAGED_CODE();
  32
  33   /* Build the new security descriptor */
  34   Status = SeAssignSecurity(SecurityDescriptor,
  35                             AccessState->SecurityDescriptor,
  36                             &NewDescriptor,
  37                             (Type == ObDirectoryType),
  38                             &AccessState->SubjectSecurityContext,
  39                             &Type->TypeInfo.GenericMapping,
  40                             PagedPool);
  41   if (!NT_SUCCESS(Status))
  42     return Status;
  43
  44       /* Call the security method */
  45       Status = Type->TypeInfo.SecurityProcedure(Object,
  46                               AssignSecurityDescriptor,
  47                               0,
  48                               NewDescriptor,
  49                               NULL,
  50                   NULL,
  51                   NonPagedPool,
  52                   NULL);
  53
  54   /* Release the new security descriptor */
  55   SeDeassignSecurity(&NewDescriptor);
  56
  57   return Status;
  58 }
  59
  60
  61 /*
  62  * @implemented
  63  */
  64 NTSTATUS STDCALL
  65 ObGetObjectSecurity(IN PVOID Object,
  66                     OUT PSECURITY_DESCRIPTOR *SecurityDescriptor,
  67                     OUT PBOOLEAN MemoryAllocated)
  68 {
  69   POBJECT_HEADER Header;
  70   ULONG Length;
  71   NTSTATUS Status;
  72
  73   PAGED_CODE();
  74
  75   Header = BODY_TO_HEADER(Object);
  76   if (Header->Type == NULL)
  77     return STATUS_UNSUCCESSFUL;
  78
  79   if (Header->Type->TypeInfo.SecurityProcedure == NULL)
  80     {
  81       ObpReferenceCachedSecurityDescriptor(Header->SecurityDescriptor);
  82       *SecurityDescriptor = Header->SecurityDescriptor;
  83       *MemoryAllocated = FALSE;
  84       return STATUS_SUCCESS;
  85     }
  86
  87   /* Get the security descriptor size */
  88   Length = 0;
  89   Status = Header->Type->TypeInfo.SecurityProcedure(Object,
  90                                         QuerySecurityDescriptor,
  91                                         OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
  92                                         DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION,
  93                                         NULL,
  94                                         &Length,
  95                     NULL,
  96                     NonPagedPool,
  97                     NULL);
  98   if (Status != STATUS_BUFFER_TOO_SMALL)
  99     return Status;
 100
 101   /* Allocate security descriptor */
 102   *SecurityDescriptor = ExAllocatePool(NonPagedPool,
 103                                        Length);
 104   if (*SecurityDescriptor == NULL)
 105     return STATUS_INSUFFICIENT_RESOURCES;
 106
 107   /* Query security descriptor */
 108   Status = Header->Type->TypeInfo.SecurityProcedure(Object,
 109                                         QuerySecurityDescriptor,
 110                                         OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
 111                                         DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION,
 112                                         *SecurityDescriptor,
 113                                         &Length,
 114                     NULL,
 115                     NonPagedPool,
 116                     NULL);
 117   if (!NT_SUCCESS(Status))
 118     {
 119       ExFreePool(*SecurityDescriptor);
 120       return Status;
 121     }
 122
 123   *MemoryAllocated = TRUE;
 124
 125   return STATUS_SUCCESS;
 126 }
 127
 128
 129 /*
 130  * @implemented
 131  */
 132 VOID STDCALL
 133 ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 134                         IN BOOLEAN MemoryAllocated)
 135 {
 136   PAGED_CODE();
 137
 138   if (SecurityDescriptor == NULL)
 139     return;
 140
 141   if (MemoryAllocated)
 142     {
 143       ExFreePool(SecurityDescriptor);
 144     }
 145   else
 146     {
 147       ObpDereferenceCachedSecurityDescriptor(SecurityDescriptor);
 148     }
 149 }
 150
 151
 152 /*
 153  * @implemented
 154  */
 155 NTSTATUS STDCALL
 156 NtQuerySecurityObject(IN HANDLE Handle,
 157                       IN SECURITY_INFORMATION SecurityInformation,
 158                       OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
 159                       IN ULONG Length,
 160                       OUT PULONG ResultLength)
 161 {
 162   POBJECT_HEADER Header;
 163   PVOID Object;
 164   NTSTATUS Status;
 165
 166   PAGED_CODE();
 167
 168   DPRINT("NtQuerySecurityObject() called\n");
 169
 170   Status = ObReferenceObjectByHandle(Handle,
 171                                      (SecurityInformation & SACL_SECURITY_INFORMATION) ? ACCESS_SYSTEM_SECURITY : 0,
 172                                      NULL,
 173                                      KeGetPreviousMode(),
 174                                      &Object,
 175                                      NULL);
 176   if (!NT_SUCCESS(Status))
 177     {
 178       DPRINT1("ObReferenceObjectByHandle() failed (Status %lx)\n", Status);
 179       return Status;
 180     }
 181
 182   Header = BODY_TO_HEADER(Object);
 183   if (Header->Type == NULL)
 184     {
 185       DPRINT1("Invalid object type\n");
 186       ObDereferenceObject(Object);
 187       return STATUS_UNSUCCESSFUL;
 188     }
 189
 190       *ResultLength = Length;
 191       Status = Header->Type->TypeInfo.SecurityProcedure(Object,
 192                                             QuerySecurityDescriptor,
 193                                             SecurityInformation,
 194                                             SecurityDescriptor,
 195                                             ResultLength,
 196                         NULL,
 197                         NonPagedPool,
 198                         NULL);
 199
 200   ObDereferenceObject(Object);
 201
 202   return Status;
 203 }
 204
 205
 206 /*
 207  * @implemented
 208  */
 209 NTSTATUS STDCALL
 210 NtSetSecurityObject(IN HANDLE Handle,
 211                     IN SECURITY_INFORMATION SecurityInformation,
 212                     IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 213 {
 214   POBJECT_HEADER Header;
 215   PVOID Object;
 216   NTSTATUS Status;
 217
 218   PAGED_CODE();
 219
 220   DPRINT("NtSetSecurityObject() called\n");
 221
 222   Status = ObReferenceObjectByHandle(Handle,
 223                                      (SecurityInformation & SACL_SECURITY_INFORMATION) ? ACCESS_SYSTEM_SECURITY : 0,
 224                                      NULL,
 225                                      KeGetPreviousMode(),
 226                                      &Object,
 227                                      NULL);
 228   if (!NT_SUCCESS(Status))
 229     {
 230       DPRINT1("ObReferenceObjectByHandle() failed (Status %lx)\n", Status);
 231       return Status;
 232     }
 233
 234   Header = BODY_TO_HEADER(Object);
 235   if (Header->Type == NULL)
 236     {
 237       DPRINT1("Invalid object type\n");
 238       ObDereferenceObject(Object);
 239       return STATUS_UNSUCCESSFUL;
 240     }
 241
 242       Status = Header->Type->TypeInfo.SecurityProcedure(Object,
 243                                             SetSecurityDescriptor,
 244                                             SecurityInformation,
 245                                             SecurityDescriptor,
 246                                             NULL,
 247                         NULL,
 248                         NonPagedPool,
 249                         NULL);
 250
 251   ObDereferenceObject(Object);
 252
 253   return Status;
 254 }
 255
 256
 257 /*
 258  * @unimplemented
 259  */
 260 NTSTATUS STDCALL
 261 ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor,
 262                         OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor,
 263                         IN ULONG RefBias)
 264 {
 265     /* HACK: Return the same descriptor back */
 266     PISECURITY_DESCRIPTOR SdCopy;
 267     DPRINT1("ObLogSecurityDescriptor is not implemented!\n", InputSecurityDescriptor);
 268
 269     SdCopy = ExAllocatePool(PagedPool, sizeof(*SdCopy));
 270     RtlMoveMemory(SdCopy, InputSecurityDescriptor, sizeof(*SdCopy));
 271     *OutputSecurityDescriptor = SdCopy;
 272     return STATUS_SUCCESS;
 273 }
 274
 275
 276 /*
 277  * @unimplemented
 278  */
 279 VOID STDCALL
 280 ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 281                                 IN ULONG Count)
 282 {
 283     DPRINT1("ObDereferenceSecurityDescriptor is not implemented!\n");
 284 }
 285
 286 /* EOF */