reactos/ntoskrnl/se/access.c

   1 /*
   2  * COPYRIGHT:       See COPYING in the top level directory
   3  * PROJECT:         ReactOS kernel
   4  * FILE:            ntoskrnl/se/access.c
   5  * PURPOSE:         Access state functions
   6  *
   7  * PROGRAMMERS:     Alex Ionescu (alex@relsoft.net) -
   8  *                               Based on patch by Javier M. Mellid
   9  */
  10
  11 /* INCLUDES *****************************************************************/
  12
  13 #include <ntoskrnl.h>
  14 #define NDEBUG
  15 #include <internal/debug.h>
  16
  17 /* FUNCTIONS ***************************************************************/
  18
  19 NTSTATUS
  20 NTAPI
  21 SeCreateAccessStateEx(IN PETHREAD Thread,
  22                       IN PEPROCESS Process,
  23                       IN OUT PACCESS_STATE AccessState,
  24                       IN PAUX_DATA AuxData,
  25                       IN ACCESS_MASK Access,
  26                       IN PGENERIC_MAPPING GenericMapping)
  27 {
  28     ACCESS_MASK AccessMask = Access;
  29     PTOKEN Token;
  30     PAGED_CODE();
  31
  32     /* Map the Generic Acess to Specific Access if we have a Mapping */
  33     if ((Access & GENERIC_ACCESS) && (GenericMapping))
  34     {
  35         RtlMapGenericMask(&AccessMask, GenericMapping);
  36     }
  37
  38     /* Initialize the Access State */
  39     RtlZeroMemory(AccessState, sizeof(ACCESS_STATE));
  40
  41     /* Capture the Subject Context */
  42     SeCaptureSubjectContextEx(Thread,
  43                               Process,
  44                               &AccessState->SubjectSecurityContext);
  45
  46     /* Set Access State Data */
  47     AccessState->AuxData = AuxData;
  48     AccessState->RemainingDesiredAccess  = AccessMask;
  49     AccessState->OriginalDesiredAccess = AccessMask;
  50     ExpAllocateLocallyUniqueId(&AccessState->OperationID);
  51
  52     /* Get the Token to use */
  53     Token =  AccessState->SubjectSecurityContext.ClientToken ?
  54              (PTOKEN)&AccessState->SubjectSecurityContext.ClientToken :
  55              (PTOKEN)&AccessState->SubjectSecurityContext.PrimaryToken;
  56
  57     /* Check for Travers Privilege */
  58     if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
  59     {
  60         /* Preserve the Traverse Privilege */
  61         AccessState->Flags = TOKEN_HAS_TRAVERSE_PRIVILEGE;
  62     }
  63
  64     /* Set the Auxiliary Data */
  65     AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
  66                                              FIELD_OFFSET(ACCESS_STATE,
  67                                                           Privileges));
  68     if (GenericMapping) AuxData->GenericMapping = *GenericMapping;
  69
  70     /* Return Sucess */
  71     return STATUS_SUCCESS;
  72 }
  73
  74 /*
  75  * @implemented
  76  */
  77 NTSTATUS
  78 STDCALL
  79 SeCreateAccessState(IN OUT PACCESS_STATE AccessState,
  80                     IN PAUX_DATA AuxData,
  81                     IN ACCESS_MASK Access,
  82                     IN PGENERIC_MAPPING GenericMapping)
  83 {
  84     PAGED_CODE();
  85
  86     /* Call the internal API */
  87     return SeCreateAccessStateEx(PsGetCurrentThread(),
  88                                  PsGetCurrentProcess(),
  89                                  AccessState,
  90                                  AuxData,
  91                                  Access,
  92                                  GenericMapping);
  93 }
  94
  95 /*
  96  * @implemented
  97  */
  98 VOID
  99 STDCALL
 100 SeDeleteAccessState(IN PACCESS_STATE AccessState)
 101 {
 102     PAUX_DATA AuxData;
 103     PAGED_CODE();
 104
 105     /* Get the Auxiliary Data */
 106     AuxData = AccessState->AuxData;
 107
 108     /* Deallocate Privileges */
 109     if (AccessState->PrivilegesAllocated) ExFreePool(AuxData->PrivilegeSet);
 110
 111     /* Deallocate Name and Type Name */
 112     if (AccessState->ObjectName.Buffer)
 113     {
 114         ExFreePool(AccessState->ObjectName.Buffer);
 115     }
 116     if (AccessState->ObjectTypeName.Buffer)
 117     {
 118         ExFreePool(AccessState->ObjectTypeName.Buffer);
 119     }
 120
 121     /* Release the Subject Context */
 122     SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
 123 }
 124
 125 /*
 126  * @implemented
 127  */
 128 VOID
 129 STDCALL
 130 SeSetAccessStateGenericMapping(PACCESS_STATE AccessState,
 131                                PGENERIC_MAPPING GenericMapping)
 132 {
 133     PAGED_CODE();
 134
 135     /* Set the Generic Mapping */
 136     ((PAUX_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
 137 }
 138
 139 /* EOF */