1 /* $Id: acl.c,v 1.7 2002/06/15 10:09:17 ekohl Exp $
3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
6 * FILE: kernel/se/acl.c
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
15 #include <internal/se.h>
17 #include <internal/debug.h>
19 #define TAG_ACL TAG('A', 'C', 'L', 'T')
22 /* GLOBALS ******************************************************************/
24 PACL EXPORTED SePublicDefaultDacl
= NULL
;
25 PACL EXPORTED SeSystemDefaultDacl
= NULL
;
27 PACL SePublicDefaultUnrestrictedDacl
= NULL
;
28 PACL SePublicOpenDacl
= NULL
;
29 PACL SePublicOpenUnrestrictedDacl
= NULL
;
30 PACL SeUnrestrictedDacl
= NULL
;
33 /* FUNCTIONS ****************************************************************/
42 AclLength2
= sizeof(ACL
) +
43 2 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER
));
44 AclLength3
= sizeof(ACL
) +
45 3 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER
));
46 AclLength4
= sizeof(ACL
) +
47 4 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER
));
49 /* create PublicDefaultDacl */
50 SePublicDefaultDacl
= ExAllocatePoolWithTag(NonPagedPool
,
53 if (SePublicDefaultDacl
== NULL
)
56 RtlCreateAcl(SePublicDefaultDacl
,
60 RtlAddAccessAllowedAce(SePublicDefaultDacl
,
65 RtlAddAccessAllowedAce(SePublicDefaultDacl
,
71 /* create PublicDefaultUnrestrictedDacl */
72 SePublicDefaultUnrestrictedDacl
= ExAllocatePoolWithTag(NonPagedPool
,
75 if (SePublicDefaultUnrestrictedDacl
== NULL
)
78 RtlCreateAcl(SePublicDefaultUnrestrictedDacl
,
82 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
87 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
92 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
97 RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl
,
99 GENERIC_READ
| GENERIC_EXECUTE
| STANDARD_RIGHTS_READ
,
100 SeRestrictedCodeSid
);
102 /* create PublicOpenDacl */
103 SePublicOpenDacl
= ExAllocatePoolWithTag(NonPagedPool
,
106 if (SePublicOpenDacl
== NULL
)
109 RtlCreateAcl(SePublicOpenDacl
,
113 RtlAddAccessAllowedAce(SePublicOpenDacl
,
115 GENERIC_READ
| GENERIC_WRITE
| GENERIC_EXECUTE
,
118 RtlAddAccessAllowedAce(SePublicOpenDacl
,
123 RtlAddAccessAllowedAce(SePublicOpenDacl
,
134 RtlFirstFreeAce(PACL Acl
,
141 Current
= (PACE
)(Acl
+ 1);
144 if (Acl
->AceCount
== 0)
149 AclEnd
= Acl
->AclSize
+ Acl
;
152 if ((PVOID
)Current
>= AclEnd
)
156 if (Current
->Header
.AceType
== 4)
158 if (Acl
->AclRevision
< 3)
163 Current
= (PACE
)((PVOID
)Current
+ (ULONG
)Current
->Header
.AceSize
);
165 } while (i
< Acl
->AceCount
);
166 if ((PVOID
)Current
>= AclEnd
)
176 RtlpAddKnownAce(PACL Acl
,
178 ACCESS_MASK AccessMask
,
184 if (!RtlValidSid(Sid
))
186 return(STATUS_INVALID_SID
);
188 if (Acl
->AclRevision
> 3 ||
191 return(STATUS_UNKNOWN_REVISION
);
193 if (Revision
< Acl
->AclRevision
)
195 Revision
= Acl
->AclRevision
;
197 if (!RtlFirstFreeAce(Acl
, &Ace
))
199 return(STATUS_BUFFER_TOO_SMALL
);
203 return(STATUS_UNSUCCESSFUL
);
205 if (((PVOID
)Ace
+ RtlLengthSid(Sid
) + sizeof(ACE
)) >=
206 ((PVOID
)Acl
+ Acl
->AclSize
))
208 return(STATUS_BUFFER_TOO_SMALL
);
210 Ace
->Header
.AceFlags
= 0;
211 Ace
->Header
.AceType
= Type
;
212 Ace
->Header
.AceSize
= RtlLengthSid(Sid
) + sizeof(ACE
);
213 Ace
->Header
.AccessMask
= AccessMask
;
214 RtlCopySid(RtlLengthSid(Sid
), (PSID
)(Ace
+ 1), Sid
);
216 Acl
->AclRevision
= Revision
;
217 return(STATUS_SUCCESS
);
222 RtlAddAccessAllowedAce(PACL Acl
,
224 ACCESS_MASK AccessMask
,
227 return(RtlpAddKnownAce(Acl
, Revision
, AccessMask
, Sid
, 0));
243 if (Acl
->AclRevision
!= 2 &&
244 Acl
->AclRevision
!= 3)
246 return(STATUS_UNSUCCESSFUL
);
248 if (!RtlFirstFreeAce(Acl
,&Ace
))
250 return(STATUS_UNSUCCESSFUL
);
252 if (Acl
->AclRevision
<= AclRevision
)
254 AclRevision
= Acl
->AclRevision
;
256 if (((PVOID
)AceList
+ AceListLength
) <= (PVOID
)AceList
)
258 return(STATUS_UNSUCCESSFUL
);
261 Current
= (PACE
)(Acl
+ 1);
262 while ((PVOID
)Current
< ((PVOID
)AceList
+ AceListLength
))
264 if (AceList
->Header
.AceType
== 4 &&
267 return(STATUS_UNSUCCESSFUL
);
269 Current
= (PACE
)((PVOID
)Current
+ Current
->Header
.AceSize
);
273 return(STATUS_UNSUCCESSFUL
);
275 if (((PVOID
)Ace
+ AceListLength
) >= ((PVOID
)Acl
+ Acl
->AclSize
))
277 return(STATUS_UNSUCCESSFUL
);
279 if (StartingIndex
!= 0)
281 if (Acl
->AceCount
> 0)
283 Current
= (PACE
)(Acl
+ 1);
284 for (j
= 0; j
< StartingIndex
; j
++)
286 Current
= (PACE
)((PVOID
)Current
+ Current
->Header
.AceSize
);
290 /* RtlpAddData(AceList, AceListLength, Current, (PVOID)Ace - Current)); */
291 memcpy(Current
, AceList
, AceListLength
);
292 Acl
->AceCount
= Acl
->AceCount
+ i
;
293 Acl
->AclRevision
= AclRevision
;
299 RtlCreateAcl(PACL Acl
,
305 return(STATUS_BUFFER_TOO_SMALL
);
307 if (AclRevision
!= 2 &&
310 return(STATUS_UNKNOWN_REVISION
);
312 if (AclSize
> 0xffff)
314 return(STATUS_UNSUCCESSFUL
);
316 AclSize
= AclSize
& ~(0x3);
317 Acl
->AclSize
= AclSize
;
318 Acl
->AclRevision
= AclRevision
;
322 return(STATUS_SUCCESS
);