1 /* $Id: acl.c,v 1.17 2004/02/02 20:59:46 ekohl Exp $
3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
6 * FILE: kernel/se/acl.c
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
15 #include <internal/se.h>
17 #include <internal/debug.h>
19 #define TAG_ACL TAG('A', 'C', 'L', 'T')
22 /* GLOBALS ******************************************************************/
24 PACL EXPORTED SePublicDefaultDacl
= NULL
;
25 PACL EXPORTED SeSystemDefaultDacl
= NULL
;
27 PACL SePublicDefaultUnrestrictedDacl
= NULL
;
28 PACL SePublicOpenDacl
= NULL
;
29 PACL SePublicOpenUnrestrictedDacl
= NULL
;
30 PACL SeUnrestrictedDacl
= NULL
;
33 /* FUNCTIONS ****************************************************************/
42 AclLength2
= sizeof(ACL
) +
43 2 * (RtlLengthRequiredSid(1) + sizeof(ACE
));
44 AclLength3
= sizeof(ACL
) +
45 3 * (RtlLengthRequiredSid(1) + sizeof(ACE
));
46 AclLength4
= sizeof(ACL
) +
47 4 * (RtlLengthRequiredSid(1) + sizeof(ACE
));
49 /* create PublicDefaultDacl */
50 SePublicDefaultDacl
= ExAllocatePoolWithTag(NonPagedPool
,
53 if (SePublicDefaultDacl
== NULL
)
56 RtlCreateAcl(SePublicDefaultDacl
,
60 RtlAddAccessAllowedAce(SePublicDefaultDacl
,
65 RtlAddAccessAllowedAce(SePublicDefaultDacl
,
71 /* create PublicDefaultUnrestrictedDacl */
72 SePublicDefaultUnrestrictedDacl
= ExAllocatePoolWithTag(NonPagedPool
,
75 if (SePublicDefaultUnrestrictedDacl
== NULL
)
78 RtlCreateAcl(SePublicDefaultUnrestrictedDacl
,
82 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
87 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
92 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
97 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
99 GENERIC_READ
| GENERIC_EXECUTE
| STANDARD_RIGHTS_READ
,
100 SeRestrictedCodeSid
);
102 /* create PublicOpenDacl */
103 SePublicOpenDacl
= ExAllocatePoolWithTag(NonPagedPool
,
106 if (SePublicOpenDacl
== NULL
)
109 RtlCreateAcl(SePublicOpenDacl
,
113 RtlAddAccessAllowedAce(SePublicOpenDacl
,
115 GENERIC_READ
| GENERIC_WRITE
| GENERIC_EXECUTE
,
118 RtlAddAccessAllowedAce(SePublicOpenDacl
,
123 RtlAddAccessAllowedAce(SePublicOpenDacl
,
134 RtlFirstFreeAce(PACL Acl
,
141 Current
= (PACE
)(Acl
+ 1);
144 if (Acl
->AceCount
== 0)
150 AclEnd
= Acl
->AclSize
+ (char*)Acl
;
153 if ((PVOID
)Current
>= AclEnd
)
158 if (Current
->Header
.AceType
== ACCESS_ALLOWED_COMPOUND_ACE_TYPE
&&
159 Acl
->AclRevision
< ACL_REVISION3
)
163 Current
= (PACE
)((char*)Current
+ (ULONG
)Current
->Header
.AceSize
);
166 while (i
< Acl
->AceCount
);
168 if ((PVOID
)Current
< AclEnd
)
178 RtlpAddKnownAce(PACL Acl
,
180 ACCESS_MASK AccessMask
,
186 if (!RtlValidSid(Sid
))
188 return(STATUS_INVALID_SID
);
190 if (Acl
->AclRevision
> MAX_ACL_REVISION
||
191 Revision
> MAX_ACL_REVISION
)
193 return(STATUS_UNKNOWN_REVISION
);
195 if (Revision
< Acl
->AclRevision
)
197 Revision
= Acl
->AclRevision
;
199 if (!RtlFirstFreeAce(Acl
, &Ace
))
201 return(STATUS_BUFFER_TOO_SMALL
);
205 return(STATUS_UNSUCCESSFUL
);
207 if (((char*)Ace
+ RtlLengthSid(Sid
) + sizeof(ACE
)) >=
208 ((char*)Acl
+ Acl
->AclSize
))
210 return(STATUS_BUFFER_TOO_SMALL
);
212 Ace
->Header
.AceFlags
= 0;
213 Ace
->Header
.AceType
= Type
;
214 Ace
->Header
.AceSize
= RtlLengthSid(Sid
) + sizeof(ACE
);
215 Ace
->AccessMask
= AccessMask
;
216 RtlCopySid(RtlLengthSid(Sid
), (PSID
)(Ace
+ 1), Sid
);
218 Acl
->AclRevision
= Revision
;
219 return(STATUS_SUCCESS
);
227 RtlAddAccessAllowedAce (PACL Acl
,
229 ACCESS_MASK AccessMask
,
232 return RtlpAddKnownAce (Acl
,
236 ACCESS_ALLOWED_ACE_TYPE
);
255 if (Acl
->AclRevision
< MIN_ACL_REVISION
||
256 Acl
->AclRevision
> MAX_ACL_REVISION
)
258 return(STATUS_UNSUCCESSFUL
);
260 if (!RtlFirstFreeAce(Acl
,&Ace
))
262 return(STATUS_UNSUCCESSFUL
);
264 if (Acl
->AclRevision
<= AclRevision
)
266 AclRevision
= Acl
->AclRevision
;
268 if (((char*)AceList
+ AceListLength
) <= (char*)AceList
)
270 return(STATUS_UNSUCCESSFUL
);
273 Current
= (PACE
)(Acl
+ 1);
274 while ((char*)Current
< ((char*)AceList
+ AceListLength
))
276 if (AceList
->Header
.AceType
== ACCESS_ALLOWED_COMPOUND_ACE_TYPE
&&
277 AclRevision
< ACL_REVISION3
)
279 return(STATUS_UNSUCCESSFUL
);
281 Current
= (PACE
)((char*)Current
+ Current
->Header
.AceSize
);
285 return(STATUS_UNSUCCESSFUL
);
287 if (((char*)Ace
+ AceListLength
) >= ((char*)Acl
+ Acl
->AclSize
))
289 return(STATUS_UNSUCCESSFUL
);
291 if (StartingIndex
!= 0)
293 if (Acl
->AceCount
> 0)
295 Current
= (PACE
)(Acl
+ 1);
296 for (j
= 0; j
< StartingIndex
; j
++)
298 Current
= (PACE
)((char*)Current
+ Current
->Header
.AceSize
);
302 /* RtlpAddData(AceList, AceListLength, Current, (PVOID)Ace - Current)); */
303 memcpy(Current
, AceList
, AceListLength
);
304 Acl
->AceCount
= Acl
->AceCount
+ i
;
305 Acl
->AclRevision
= AclRevision
;
314 RtlCreateAcl(PACL Acl
,
320 return(STATUS_BUFFER_TOO_SMALL
);
322 if (AclRevision
< MIN_ACL_REVISION
||
323 AclRevision
> MAX_ACL_REVISION
)
325 return(STATUS_UNKNOWN_REVISION
);
327 if (AclSize
> 0xffff)
329 return(STATUS_UNSUCCESSFUL
);
331 AclSize
= AclSize
& ~(0x3);
332 Acl
->AclSize
= AclSize
;
333 Acl
->AclRevision
= AclRevision
;
337 return(STATUS_SUCCESS
);
342 RtlValidAcl(PACL Acl
)
347 if (Acl
->AclRevision
< MIN_ACL_REVISION
||
348 Acl
->AclRevision
> MAX_ACL_REVISION
)
353 Size
= (Acl
->AclSize
+ 3) & ~3;
354 if (Size
!= Acl
->AclSize
)
359 return(RtlFirstFreeAce(Acl
, &Ace
));