3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * FILE: ntoskrnl/ob/security.c
6 * PURPOSE: Security manager
8 * PROGRAMERS: No programmer listed.
11 /* INCLUDES *****************************************************************/
15 #include <internal/debug.h>
17 /* FUNCTIONS ***************************************************************/
23 ObAssignSecurity(IN PACCESS_STATE AccessState
,
24 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
28 PSECURITY_DESCRIPTOR NewDescriptor
;
33 /* Build the new security descriptor */
34 Status
= SeAssignSecurity(SecurityDescriptor
,
35 AccessState
->SecurityDescriptor
,
37 (Type
== ObDirectoryType
),
38 &AccessState
->SubjectSecurityContext
,
39 &Type
->TypeInfo
.GenericMapping
,
41 if (!NT_SUCCESS(Status
))
44 /* Call the security method */
45 Status
= Type
->TypeInfo
.SecurityProcedure(Object
,
46 AssignSecurityDescriptor
,
54 /* Release the new security descriptor */
55 SeDeassignSecurity(&NewDescriptor
);
65 ObGetObjectSecurity(IN PVOID Object
,
66 OUT PSECURITY_DESCRIPTOR
*SecurityDescriptor
,
67 OUT PBOOLEAN MemoryAllocated
)
69 POBJECT_HEADER Header
;
75 Header
= BODY_TO_HEADER(Object
);
76 if (Header
->Type
== NULL
)
77 return STATUS_UNSUCCESSFUL
;
79 if (Header
->Type
->TypeInfo
.SecurityProcedure
== NULL
)
81 ObpReferenceCachedSecurityDescriptor(Header
->SecurityDescriptor
);
82 *SecurityDescriptor
= Header
->SecurityDescriptor
;
83 *MemoryAllocated
= FALSE
;
84 return STATUS_SUCCESS
;
87 /* Get the security descriptor size */
89 Status
= Header
->Type
->TypeInfo
.SecurityProcedure(Object
,
90 QuerySecurityDescriptor
,
91 OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
|
92 DACL_SECURITY_INFORMATION
| SACL_SECURITY_INFORMATION
,
98 if (Status
!= STATUS_BUFFER_TOO_SMALL
)
101 /* Allocate security descriptor */
102 *SecurityDescriptor
= ExAllocatePool(NonPagedPool
,
104 if (*SecurityDescriptor
== NULL
)
105 return STATUS_INSUFFICIENT_RESOURCES
;
107 /* Query security descriptor */
108 Status
= Header
->Type
->TypeInfo
.SecurityProcedure(Object
,
109 QuerySecurityDescriptor
,
110 OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
|
111 DACL_SECURITY_INFORMATION
| SACL_SECURITY_INFORMATION
,
117 if (!NT_SUCCESS(Status
))
119 ExFreePool(*SecurityDescriptor
);
123 *MemoryAllocated
= TRUE
;
125 return STATUS_SUCCESS
;
133 ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
134 IN BOOLEAN MemoryAllocated
)
138 if (SecurityDescriptor
== NULL
)
143 ExFreePool(SecurityDescriptor
);
147 ObpDereferenceCachedSecurityDescriptor(SecurityDescriptor
);
156 NtQuerySecurityObject(IN HANDLE Handle
,
157 IN SECURITY_INFORMATION SecurityInformation
,
158 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
160 OUT PULONG ResultLength
)
162 POBJECT_HEADER Header
;
168 DPRINT("NtQuerySecurityObject() called\n");
170 Status
= ObReferenceObjectByHandle(Handle
,
171 (SecurityInformation
& SACL_SECURITY_INFORMATION
) ? ACCESS_SYSTEM_SECURITY
: 0,
176 if (!NT_SUCCESS(Status
))
178 DPRINT1("ObReferenceObjectByHandle() failed (Status %lx)\n", Status
);
182 Header
= BODY_TO_HEADER(Object
);
183 if (Header
->Type
== NULL
)
185 DPRINT1("Invalid object type\n");
186 ObDereferenceObject(Object
);
187 return STATUS_UNSUCCESSFUL
;
190 *ResultLength
= Length
;
191 Status
= Header
->Type
->TypeInfo
.SecurityProcedure(Object
,
192 QuerySecurityDescriptor
,
200 ObDereferenceObject(Object
);
210 NtSetSecurityObject(IN HANDLE Handle
,
211 IN SECURITY_INFORMATION SecurityInformation
,
212 IN PSECURITY_DESCRIPTOR SecurityDescriptor
)
214 POBJECT_HEADER Header
;
220 DPRINT("NtSetSecurityObject() called\n");
222 Status
= ObReferenceObjectByHandle(Handle
,
223 (SecurityInformation
& SACL_SECURITY_INFORMATION
) ? ACCESS_SYSTEM_SECURITY
: 0,
228 if (!NT_SUCCESS(Status
))
230 DPRINT1("ObReferenceObjectByHandle() failed (Status %lx)\n", Status
);
234 Header
= BODY_TO_HEADER(Object
);
235 if (Header
->Type
== NULL
)
237 DPRINT1("Invalid object type\n");
238 ObDereferenceObject(Object
);
239 return STATUS_UNSUCCESSFUL
;
242 Status
= Header
->Type
->TypeInfo
.SecurityProcedure(Object
,
243 SetSecurityDescriptor
,
251 ObDereferenceObject(Object
);
261 ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor
,
262 OUT PSECURITY_DESCRIPTOR
*OutputSecurityDescriptor
,
265 /* HACK: Return the same descriptor back */
266 PISECURITY_DESCRIPTOR SdCopy
;
267 DPRINT1("ObLogSecurityDescriptor is not implemented!\n", InputSecurityDescriptor
);
269 SdCopy
= ExAllocatePool(PagedPool
, sizeof(*SdCopy
));
270 RtlMoveMemory(SdCopy
, InputSecurityDescriptor
, sizeof(*SdCopy
));
271 *OutputSecurityDescriptor
= SdCopy
;
272 return STATUS_SUCCESS
;
280 ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
283 DPRINT1("ObDereferenceSecurityDescriptor is not implemented!\n");