reactos/ntoskrnl/se/access.c

   1 /*
   2  * COPYRIGHT:       See COPYING in the top level directory
   3  * PROJECT:         ReactOS kernel
   4  * FILE:            ntoskrnl/se/access.c
   5  * PURPOSE:         Access state functions
   6  *
   7  * PROGRAMMERS:     Alex Ionescu (alex@relsoft.net) -
   8  *                               Based on patch by Javier M. Mellid
   9  */
  10
  11 /* INCLUDES *****************************************************************/
  12
  13 #include <ntoskrnl.h>
  14 #define NDEBUG
  15 #include <internal/debug.h>
  16
  17 #define GENERIC_ACCESS (GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | \
  18                         GENERIC_ALL)
  19
  20 /* FUNCTIONS ***************************************************************/
  21
  22 /*
  23  * @implemented
  24  */
  25 NTSTATUS
  26 STDCALL
  27 SeCreateAccessState(PACCESS_STATE AccessState,
  28                     PAUX_DATA AuxData,
  29                     ACCESS_MASK Access,
  30                     PGENERIC_MAPPING GenericMapping)
  31 {
  32     ACCESS_MASK AccessMask = Access;
  33     PTOKEN Token;
  34
  35     PAGED_CODE();
  36
  37     /* Map the Generic Acess to Specific Access if we have a Mapping */
  38     if ((Access & GENERIC_ACCESS) && (GenericMapping))
  39     {
  40         RtlMapGenericMask(&AccessMask, GenericMapping);
  41     }
  42
  43     /* Initialize the Access State */
  44     RtlZeroMemory(AccessState, sizeof(ACCESS_STATE));
  45
  46     /* Capture the Subject Context */
  47     SeCaptureSubjectContext(&AccessState->SubjectSecurityContext);
  48
  49     /* Set Access State Data */
  50     AccessState->AuxData = AuxData;
  51     AccessState->RemainingDesiredAccess  = AccessMask;
  52     AccessState->OriginallyDesiredAccess = AccessMask;
  53     ExpAllocateLocallyUniqueId(&AccessState->OperationID);
  54
  55     /* Get the Token to use */
  56     Token =  AccessState->SubjectSecurityContext.ClientToken ?
  57              (PTOKEN)&AccessState->SubjectSecurityContext.ClientToken :
  58              (PTOKEN)&AccessState->SubjectSecurityContext.PrimaryToken;
  59
  60     /* Check for Travers Privilege */
  61     if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
  62     {
  63         /* Preserve the Traverse Privilege */
  64         AccessState->Flags = TOKEN_HAS_TRAVERSE_PRIVILEGE;
  65     }
  66
  67     /* Set the Auxiliary Data */
  68     AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
  69                                              FIELD_OFFSET(ACCESS_STATE,
  70                                                           Privileges));
  71     if (GenericMapping) AuxData->GenericMapping = *GenericMapping;
  72
  73     /* Return Sucess */
  74     return STATUS_SUCCESS;
  75 }
  76
  77 /*
  78  * @implemented
  79  */
  80 VOID
  81 STDCALL
  82 SeDeleteAccessState(IN PACCESS_STATE AccessState)
  83 {
  84     PAUX_DATA AuxData;
  85     PAGED_CODE();
  86
  87     /* Get the Auxiliary Data */
  88     AuxData = AccessState->AuxData;
  89
  90     /* Deallocate Privileges */
  91     if (AccessState->PrivilegesAllocated) ExFreePool(AuxData->PrivilegeSet);
  92
  93     /* Deallocate Name and Type Name */
  94     if (AccessState->ObjectName.Buffer)
  95     {
  96         ExFreePool(AccessState->ObjectName.Buffer);
  97     }
  98     if (AccessState->ObjectTypeName.Buffer)
  99     {
 100         ExFreePool(AccessState->ObjectTypeName.Buffer);
 101     }
 102
 103     /* Release the Subject Context */
 104     SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
 105 }
 106
 107 /*
 108  * @implemented
 109  */
 110 VOID
 111 STDCALL
 112 SeSetAccessStateGenericMapping(PACCESS_STATE AccessState,
 113                                PGENERIC_MAPPING GenericMapping)
 114 {
 115     PAGED_CODE();
 116
 117     /* Set the Generic Mapping */
 118     ((PAUX_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
 119 }
 120
 121 /* EOF */