1 /* $Id: acl.c,v 1.8 2002/09/07 15:13:06 chorns Exp $
3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
6 * FILE: kernel/se/acl.c
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
17 #include <internal/debug.h>
20 #define TAG_ACL TAG('A', 'C', 'L', 'T')
23 /* GLOBALS ******************************************************************/
25 PACL SePublicDefaultDacl
= NULL
;
26 PACL SeSystemDefaultDacl
= NULL
;
28 PACL SePublicDefaultUnrestrictedDacl
= NULL
;
29 PACL SePublicOpenDacl
= NULL
;
30 PACL SePublicOpenUnrestrictedDacl
= NULL
;
31 PACL SeUnrestrictedDacl
= NULL
;
34 /* FUNCTIONS ****************************************************************/
43 AclLength2
= sizeof(ACL
) +
44 2 * (RtlLengthRequiredSid(1) + sizeof(ROS_ACE_HEADER
));
45 AclLength3
= sizeof(ACL
) +
46 3 * (RtlLengthRequiredSid(1) + sizeof(ROS_ACE_HEADER
));
47 AclLength4
= sizeof(ACL
) +
48 4 * (RtlLengthRequiredSid(1) + sizeof(ROS_ACE_HEADER
));
50 /* create PublicDefaultDacl */
51 SePublicDefaultDacl
= ExAllocatePoolWithTag(NonPagedPool
,
54 if (SePublicDefaultDacl
== NULL
)
57 RtlCreateAcl(SePublicDefaultDacl
,
61 RtlAddAccessAllowedAce(SePublicDefaultDacl
,
66 RtlAddAccessAllowedAce(SePublicDefaultDacl
,
72 /* create PublicDefaultUnrestrictedDacl */
73 SePublicDefaultUnrestrictedDacl
= ExAllocatePoolWithTag(NonPagedPool
,
76 if (SePublicDefaultUnrestrictedDacl
== NULL
)
79 RtlCreateAcl(SePublicDefaultUnrestrictedDacl
,
83 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
88 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
93 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
98 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
100 GENERIC_READ
| GENERIC_EXECUTE
| STANDARD_RIGHTS_READ
,
101 SeRestrictedCodeSid
);
103 /* create PublicOpenDacl */
104 SePublicOpenDacl
= ExAllocatePoolWithTag(NonPagedPool
,
107 if (SePublicOpenDacl
== NULL
)
110 RtlCreateAcl(SePublicOpenDacl
,
114 RtlAddAccessAllowedAce(SePublicOpenDacl
,
116 GENERIC_READ
| GENERIC_WRITE
| GENERIC_EXECUTE
,
119 RtlAddAccessAllowedAce(SePublicOpenDacl
,
124 RtlAddAccessAllowedAce(SePublicOpenDacl
,
135 RtlFirstFreeAce(PACL Acl
,
142 Current
= (PACE
)(Acl
+ 1);
145 if (Acl
->AceCount
== 0)
150 AclEnd
= Acl
->AclSize
+ Acl
;
153 if ((PVOID
)Current
>= AclEnd
)
157 if (Current
->Header
.AceType
== 4)
159 if (Acl
->AclRevision
< 3)
164 Current
= (PACE
)((PVOID
)Current
+ (ULONG
)Current
->Header
.AceSize
);
166 } while (i
< Acl
->AceCount
);
167 if ((PVOID
)Current
>= AclEnd
)
177 RtlpAddKnownAce(PACL Acl
,
179 ACCESS_MASK AccessMask
,
185 if (!RtlValidSid(Sid
))
187 return(STATUS_INVALID_SID
);
189 if (Acl
->AclRevision
> 3 ||
192 return(STATUS_UNKNOWN_REVISION
);
194 if (Revision
< Acl
->AclRevision
)
196 Revision
= Acl
->AclRevision
;
198 if (!RtlFirstFreeAce(Acl
, (PACE
*)&Ace
))
200 return(STATUS_BUFFER_TOO_SMALL
);
204 return(STATUS_UNSUCCESSFUL
);
206 if (((PVOID
)Ace
+ RtlLengthSid(Sid
) + sizeof(ROS_ACE
)) >=
207 ((PVOID
)Acl
+ Acl
->AclSize
))
209 return(STATUS_BUFFER_TOO_SMALL
);
211 Ace
->Header
.AceFlags
= 0;
212 Ace
->Header
.AceType
= Type
;
213 Ace
->Header
.AceSize
= RtlLengthSid(Sid
) + sizeof(ROS_ACE
);
214 Ace
->Header
.AccessMask
= AccessMask
;
215 RtlCopySid(RtlLengthSid(Sid
), (PSID
)(Ace
+ 1), Sid
);
217 Acl
->AclRevision
= Revision
;
218 return(STATUS_SUCCESS
);
223 RtlAddAccessAllowedAce(PACL Acl
,
225 ACCESS_MASK AccessMask
,
228 return(RtlpAddKnownAce(Acl
, Revision
, AccessMask
, Sid
, 0));
244 if (Acl
->AclRevision
!= 2 &&
245 Acl
->AclRevision
!= 3)
247 return(STATUS_UNSUCCESSFUL
);
249 if (!RtlFirstFreeAce(Acl
,&Ace
))
251 return(STATUS_UNSUCCESSFUL
);
253 if (Acl
->AclRevision
<= AclRevision
)
255 AclRevision
= Acl
->AclRevision
;
257 if (((PVOID
)AceList
+ AceListLength
) <= (PVOID
)AceList
)
259 return(STATUS_UNSUCCESSFUL
);
262 Current
= (PACE
)(Acl
+ 1);
263 while ((PVOID
)Current
< ((PVOID
)AceList
+ AceListLength
))
265 if (AceList
->Header
.AceType
== 4 &&
268 return(STATUS_UNSUCCESSFUL
);
270 Current
= (PACE
)((PVOID
)Current
+ Current
->Header
.AceSize
);
274 return(STATUS_UNSUCCESSFUL
);
276 if (((PVOID
)Ace
+ AceListLength
) >= ((PVOID
)Acl
+ Acl
->AclSize
))
278 return(STATUS_UNSUCCESSFUL
);
280 if (StartingIndex
!= 0)
282 if (Acl
->AceCount
> 0)
284 Current
= (PACE
)(Acl
+ 1);
285 for (j
= 0; j
< StartingIndex
; j
++)
287 Current
= (PACE
)((PVOID
)Current
+ Current
->Header
.AceSize
);
291 /* RtlpAddData(AceList, AceListLength, Current, (PVOID)Ace - Current)); */
292 memcpy(Current
, AceList
, AceListLength
);
293 Acl
->AceCount
= Acl
->AceCount
+ i
;
294 Acl
->AclRevision
= AclRevision
;
300 RtlCreateAcl(PACL Acl
,
306 return(STATUS_BUFFER_TOO_SMALL
);
308 if (AclRevision
!= 2 &&
311 return(STATUS_UNKNOWN_REVISION
);
313 if (AclSize
> 0xffff)
315 return(STATUS_UNSUCCESSFUL
);
317 AclSize
= AclSize
& ~(0x3);
318 Acl
->AclSize
= AclSize
;
319 Acl
->AclRevision
= AclRevision
;
323 return(STATUS_SUCCESS
);