reactos/ntoskrnl/se/acl.c

   1 /* $Id: acl.c,v 1.20 2004/08/15 16:39:11 chorns Exp $
   2  *
   3  * COPYRIGHT:         See COPYING in the top level directory
   4  * PROJECT:           ReactOS kernel
   5  * PURPOSE:           Security manager
   6  * FILE:              kernel/se/acl.c
   7  * PROGRAMER:         David Welch <welch@cwcom.net>
   8  * REVISION HISTORY:
   9  *                 26/07/98: Added stubs for security functions
  10  */
  11
  12 /* INCLUDES *****************************************************************/
  13
  14 #include <ntoskrnl.h>
  15 #include <internal/debug.h>
  16
  17 #define TAG_ACL    TAG('A', 'C', 'L', 'T')
  18
  19
  20 /* GLOBALS ******************************************************************/
  21
  22 PACL EXPORTED SePublicDefaultDacl = NULL;
  23 PACL EXPORTED SeSystemDefaultDacl = NULL;
  24
  25 PACL SePublicDefaultUnrestrictedDacl = NULL;
  26 PACL SePublicOpenDacl = NULL;
  27 PACL SePublicOpenUnrestrictedDacl = NULL;
  28 PACL SeUnrestrictedDacl = NULL;
  29
  30
  31 /* FUNCTIONS ****************************************************************/
  32
  33 BOOLEAN INIT_FUNCTION
  34 SepInitDACLs(VOID)
  35 {
  36   ULONG AclLength2;
  37   ULONG AclLength3;
  38   ULONG AclLength4;
  39
  40   AclLength2 = sizeof(ACL) +
  41                2 * (RtlLengthRequiredSid(1) + sizeof(ACE));
  42   AclLength3 = sizeof(ACL) +
  43                3 * (RtlLengthRequiredSid(1) + sizeof(ACE));
  44   AclLength4 = sizeof(ACL) +
  45                4 * (RtlLengthRequiredSid(1) + sizeof(ACE));
  46
  47   /* create PublicDefaultDacl */
  48   SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
  49                                               AclLength2,
  50                                               TAG_ACL);
  51   if (SePublicDefaultDacl == NULL)
  52     return FALSE;
  53
  54   RtlCreateAcl(SePublicDefaultDacl,
  55                AclLength2,
  56                ACL_REVISION);
  57
  58   RtlAddAccessAllowedAce(SePublicDefaultDacl,
  59                          ACL_REVISION,
  60                          GENERIC_EXECUTE,
  61                          SeWorldSid);
  62
  63   RtlAddAccessAllowedAce(SePublicDefaultDacl,
  64                          ACL_REVISION,
  65                          GENERIC_ALL,
  66                          SeLocalSystemSid);
  67
  68
  69   /* create PublicDefaultUnrestrictedDacl */
  70   SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
  71                                                           AclLength4,
  72                                                           TAG_ACL);
  73   if (SePublicDefaultUnrestrictedDacl == NULL)
  74     return FALSE;
  75
  76   RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
  77                AclLength4,
  78                ACL_REVISION);
  79
  80   RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
  81                          ACL_REVISION,
  82                          GENERIC_EXECUTE,
  83                          SeWorldSid);
  84
  85   RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
  86                          ACL_REVISION,
  87                          GENERIC_ALL,
  88                          SeLocalSystemSid);
  89
  90   RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
  91                          ACL_REVISION,
  92                          GENERIC_ALL,
  93                          SeAliasAdminsSid);
  94
  95   RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
  96                          ACL_REVISION,
  97                          GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
  98                          SeRestrictedCodeSid);
  99
 100   /* create PublicOpenDacl */
 101   SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,
 102                                            AclLength3,
 103                                            TAG_ACL);
 104   if (SePublicOpenDacl == NULL)
 105     return FALSE;
 106
 107   RtlCreateAcl(SePublicOpenDacl,
 108                AclLength3,
 109                ACL_REVISION);
 110
 111   RtlAddAccessAllowedAce(SePublicOpenDacl,
 112                          ACL_REVISION,
 113                          GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
 114                          SeWorldSid);
 115
 116   RtlAddAccessAllowedAce(SePublicOpenDacl,
 117                          ACL_REVISION,
 118                          GENERIC_ALL,
 119                          SeLocalSystemSid);
 120
 121   RtlAddAccessAllowedAce(SePublicOpenDacl,
 122                          ACL_REVISION,
 123                          GENERIC_ALL,
 124                          SeAliasAdminsSid);
 125
 126   /* create PublicOpenUnrestrictedDacl */
 127   SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
 128                                                        AclLength4,
 129                                                        TAG_ACL);
 130   if (SePublicOpenUnrestrictedDacl == NULL)
 131     return FALSE;
 132
 133   RtlCreateAcl(SePublicOpenUnrestrictedDacl,
 134                AclLength4,
 135                ACL_REVISION);
 136
 137   RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
 138                          ACL_REVISION,
 139                          GENERIC_ALL,
 140                          SeWorldSid);
 141
 142   RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
 143                          ACL_REVISION,
 144                          GENERIC_ALL,
 145                          SeLocalSystemSid);
 146
 147   RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
 148                          ACL_REVISION,
 149                          GENERIC_ALL,
 150                          SeAliasAdminsSid);
 151
 152   RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
 153                          ACL_REVISION,
 154                          GENERIC_READ | GENERIC_EXECUTE,
 155                          SeRestrictedCodeSid);
 156
 157   /* create SystemDefaultDacl */
 158   SeSystemDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
 159                                               AclLength2,
 160                                               TAG_ACL);
 161   if (SeSystemDefaultDacl == NULL)
 162     return FALSE;
 163
 164   RtlCreateAcl(SeSystemDefaultDacl,
 165                AclLength2,
 166                ACL_REVISION);
 167
 168   RtlAddAccessAllowedAce(SeSystemDefaultDacl,
 169                          ACL_REVISION,
 170                          GENERIC_ALL,
 171                          SeLocalSystemSid);
 172
 173   RtlAddAccessAllowedAce(SeSystemDefaultDacl,
 174                          ACL_REVISION,
 175                          GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
 176                          SeAliasAdminsSid);
 177
 178   /* create UnrestrictedDacl */
 179   SeUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
 180                                              AclLength2,
 181                                              TAG_ACL);
 182   if (SeUnrestrictedDacl == NULL)
 183     return FALSE;
 184
 185   RtlCreateAcl(SeUnrestrictedDacl,
 186                AclLength2,
 187                ACL_REVISION);
 188
 189   RtlAddAccessAllowedAce(SeUnrestrictedDacl,
 190                          ACL_REVISION,
 191                          GENERIC_ALL,
 192                          SeWorldSid);
 193
 194   RtlAddAccessAllowedAce(SeUnrestrictedDacl,
 195                          ACL_REVISION,
 196                          GENERIC_READ | GENERIC_EXECUTE,
 197                          SeRestrictedCodeSid);
 198
 199   return(TRUE);
 200 }
 201
 202 /* EOF */