3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
15 #include <internal/debug.h>
17 /* GLOBALS ******************************************************************/
19 PSECURITY_DESCRIPTOR SePublicDefaultSd
= NULL
;
20 PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
= NULL
;
21 PSECURITY_DESCRIPTOR SePublicOpenSd
= NULL
;
22 PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
= NULL
;
23 PSECURITY_DESCRIPTOR SeSystemDefaultSd
= NULL
;
24 PSECURITY_DESCRIPTOR SeUnrestrictedSd
= NULL
;
26 /* FUNCTIONS ***************************************************************/
31 /* Create PublicDefaultSd */
32 SePublicDefaultSd
= ExAllocatePool(NonPagedPool
,
33 sizeof(SECURITY_DESCRIPTOR
));
34 if (SePublicDefaultSd
== NULL
)
37 RtlCreateSecurityDescriptor(SePublicDefaultSd
,
38 SECURITY_DESCRIPTOR_REVISION
);
39 RtlSetDaclSecurityDescriptor(SePublicDefaultSd
,
44 /* Create PublicDefaultUnrestrictedSd */
45 SePublicDefaultUnrestrictedSd
= ExAllocatePool(NonPagedPool
,
46 sizeof(SECURITY_DESCRIPTOR
));
47 if (SePublicDefaultUnrestrictedSd
== NULL
)
50 RtlCreateSecurityDescriptor(SePublicDefaultUnrestrictedSd
,
51 SECURITY_DESCRIPTOR_REVISION
);
52 RtlSetDaclSecurityDescriptor(SePublicDefaultUnrestrictedSd
,
54 SePublicDefaultUnrestrictedDacl
,
57 /* Create PublicOpenSd */
58 SePublicOpenSd
= ExAllocatePool(NonPagedPool
,
59 sizeof(SECURITY_DESCRIPTOR
));
60 if (SePublicOpenSd
== NULL
)
63 RtlCreateSecurityDescriptor(SePublicOpenSd
,
64 SECURITY_DESCRIPTOR_REVISION
);
65 RtlSetDaclSecurityDescriptor(SePublicOpenSd
,
70 /* Create PublicOpenUnrestrictedSd */
71 SePublicOpenUnrestrictedSd
= ExAllocatePool(NonPagedPool
,
72 sizeof(SECURITY_DESCRIPTOR
));
73 if (SePublicOpenUnrestrictedSd
== NULL
)
76 RtlCreateSecurityDescriptor(SePublicOpenUnrestrictedSd
,
77 SECURITY_DESCRIPTOR_REVISION
);
78 RtlSetDaclSecurityDescriptor(SePublicOpenUnrestrictedSd
,
80 SePublicOpenUnrestrictedDacl
,
83 /* Create SystemDefaultSd */
84 SeSystemDefaultSd
= ExAllocatePool(NonPagedPool
,
85 sizeof(SECURITY_DESCRIPTOR
));
86 if (SeSystemDefaultSd
== NULL
)
89 RtlCreateSecurityDescriptor(SeSystemDefaultSd
,
90 SECURITY_DESCRIPTOR_REVISION
);
91 RtlSetDaclSecurityDescriptor(SeSystemDefaultSd
,
96 /* Create UnrestrictedSd */
97 SeUnrestrictedSd
= ExAllocatePool(NonPagedPool
,
98 sizeof(SECURITY_DESCRIPTOR
));
99 if (SeUnrestrictedSd
== NULL
)
102 RtlCreateSecurityDescriptor(SeUnrestrictedSd
,
103 SECURITY_DESCRIPTOR_REVISION
);
104 RtlSetDaclSecurityDescriptor(SeUnrestrictedSd
,
117 SeCaptureSecurityDescriptor(
118 IN PSECURITY_DESCRIPTOR OriginalSecurityDescriptor
,
119 IN KPROCESSOR_MODE CurrentMode
,
120 IN POOL_TYPE PoolType
,
121 IN BOOLEAN CaptureIfKernel
,
122 OUT PSECURITY_DESCRIPTOR
*CapturedSecurityDescriptor
126 return STATUS_NOT_IMPLEMENTED
;
133 SeQuerySecurityDescriptorInfo(IN PSECURITY_INFORMATION SecurityInformation
,
134 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
135 IN OUT PULONG Length
,
136 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor OPTIONAL
)
138 PSECURITY_DESCRIPTOR ObjectSd
;
143 ULONG OwnerLength
= 0;
144 ULONG GroupLength
= 0;
145 ULONG DaclLength
= 0;
146 ULONG SaclLength
= 0;
151 if (*ObjectsSecurityDescriptor
== NULL
)
153 if (*Length
< sizeof(SECURITY_DESCRIPTOR
))
155 *Length
= sizeof(SECURITY_DESCRIPTOR
);
156 return STATUS_BUFFER_TOO_SMALL
;
159 *Length
= sizeof(SECURITY_DESCRIPTOR
);
160 RtlCreateSecurityDescriptor(SecurityDescriptor
,
161 SECURITY_DESCRIPTOR_REVISION
);
162 SecurityDescriptor
->Control
|= SE_SELF_RELATIVE
;
163 return STATUS_SUCCESS
;
166 ObjectSd
= *ObjectsSecurityDescriptor
;
168 /* Calculate the required security descriptor length */
169 Control
= SE_SELF_RELATIVE
;
170 if ((*SecurityInformation
& OWNER_SECURITY_INFORMATION
) &&
171 (ObjectSd
->Owner
!= NULL
))
173 Owner
= (PSID
)((ULONG_PTR
)ObjectSd
->Owner
+ (ULONG_PTR
)ObjectSd
);
174 OwnerLength
= ROUND_UP(RtlLengthSid(Owner
), 4);
175 Control
|= (ObjectSd
->Control
& SE_OWNER_DEFAULTED
);
178 if ((*SecurityInformation
& GROUP_SECURITY_INFORMATION
) &&
179 (ObjectSd
->Group
!= NULL
))
181 Group
= (PSID
)((ULONG_PTR
)ObjectSd
->Group
+ (ULONG_PTR
)ObjectSd
);
182 GroupLength
= ROUND_UP(RtlLengthSid(Group
), 4);
183 Control
|= (ObjectSd
->Control
& SE_GROUP_DEFAULTED
);
186 if ((*SecurityInformation
& DACL_SECURITY_INFORMATION
) &&
187 (ObjectSd
->Control
& SE_DACL_PRESENT
))
189 if (ObjectSd
->Dacl
!= NULL
)
191 Dacl
= (PACL
)((ULONG_PTR
)ObjectSd
->Dacl
+ (ULONG_PTR
)ObjectSd
);
192 DaclLength
= ROUND_UP((ULONG
)Dacl
->AclSize
, 4);
194 Control
|= (ObjectSd
->Control
& (SE_DACL_DEFAULTED
| SE_DACL_PRESENT
));
197 if ((*SecurityInformation
& SACL_SECURITY_INFORMATION
) &&
198 (ObjectSd
->Control
& SE_SACL_PRESENT
))
200 if (ObjectSd
->Sacl
!= NULL
)
202 Sacl
= (PACL
)((ULONG_PTR
)ObjectSd
->Sacl
+ (ULONG_PTR
)ObjectSd
);
203 SaclLength
= ROUND_UP(Sacl
->AclSize
, 4);
205 Control
|= (ObjectSd
->Control
& (SE_SACL_DEFAULTED
| SE_SACL_PRESENT
));
208 SdLength
= OwnerLength
+ GroupLength
+ DaclLength
+
209 SaclLength
+ sizeof(SECURITY_DESCRIPTOR
);
210 if (*Length
< sizeof(SECURITY_DESCRIPTOR
))
213 return STATUS_BUFFER_TOO_SMALL
;
216 /* Build the new security descrtiptor */
217 RtlCreateSecurityDescriptor(SecurityDescriptor
,
218 SECURITY_DESCRIPTOR_REVISION
);
219 SecurityDescriptor
->Control
= Control
;
221 Current
= (ULONG_PTR
)SecurityDescriptor
+ sizeof(SECURITY_DESCRIPTOR
);
223 if (OwnerLength
!= 0)
225 RtlCopyMemory((PVOID
)Current
,
228 SecurityDescriptor
->Owner
= (PSID
)(Current
- (ULONG_PTR
)SecurityDescriptor
);
229 Current
+= OwnerLength
;
232 if (GroupLength
!= 0)
234 RtlCopyMemory((PVOID
)Current
,
237 SecurityDescriptor
->Group
= (PSID
)(Current
- (ULONG_PTR
)SecurityDescriptor
);
238 Current
+= GroupLength
;
243 RtlCopyMemory((PVOID
)Current
,
246 SecurityDescriptor
->Dacl
= (PACL
)(Current
- (ULONG_PTR
)SecurityDescriptor
);
247 Current
+= DaclLength
;
252 RtlCopyMemory((PVOID
)Current
,
255 SecurityDescriptor
->Sacl
= (PACL
)(Current
- (ULONG_PTR
)SecurityDescriptor
);
256 Current
+= SaclLength
;
261 return STATUS_SUCCESS
;
269 SeReleaseSecurityDescriptor(
270 IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor
,
271 IN KPROCESSOR_MODE CurrentMode
,
272 IN BOOLEAN CaptureIfKernelMode
276 return STATUS_NOT_IMPLEMENTED
;
283 SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL
,
284 IN PSECURITY_INFORMATION SecurityInformation
,
285 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
286 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
287 IN POOL_TYPE PoolType
,
288 IN PGENERIC_MAPPING GenericMapping
)
291 return STATUS_NOT_IMPLEMENTED
;
299 SeSetSecurityDescriptorInfoEx(
300 IN PVOID Object OPTIONAL
,
301 IN PSECURITY_INFORMATION SecurityInformation
,
302 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
303 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
304 IN ULONG AutoInheritFlags
,
305 IN POOL_TYPE PoolType
,
306 IN PGENERIC_MAPPING GenericMapping
310 return STATUS_NOT_IMPLEMENTED
;
318 SeValidSecurityDescriptor(IN ULONG Length
,
319 IN PSECURITY_DESCRIPTOR SecurityDescriptor
)
325 if (Length
< SECURITY_DESCRIPTOR_MIN_LENGTH
)
327 DPRINT1("Invalid Security Descriptor revision\n");
331 if (SecurityDescriptor
->Revision
!= SECURITY_DESCRIPTOR_REVISION1
)
333 DPRINT1("Invalid Security Descriptor revision\n");
337 if (!(SecurityDescriptor
->Control
& SE_SELF_RELATIVE
))
339 DPRINT1("No self-relative Security Descriptor\n");
343 SdLength
= sizeof(SECURITY_DESCRIPTOR
);
345 /* Check Owner SID */
346 if (SecurityDescriptor
->Owner
== NULL
)
348 DPRINT1("No Owner SID\n");
352 if ((ULONG_PTR
)SecurityDescriptor
->Owner
% sizeof(ULONG
))
354 DPRINT1("Invalid Owner SID alignment\n");
358 Sid
= (PSID
)((ULONG_PTR
)SecurityDescriptor
+ (ULONG_PTR
)SecurityDescriptor
->Owner
);
359 if (Sid
->Revision
!= SID_REVISION
)
361 DPRINT1("Invalid Owner SID revision\n");
365 SdLength
+= (sizeof(SID
) + (Sid
->SubAuthorityCount
- 1) * sizeof(ULONG
));
366 if (Length
< SdLength
)
368 DPRINT1("Invalid Owner SID size\n");
372 /* Check Group SID */
373 if (SecurityDescriptor
->Group
!= NULL
)
375 if ((ULONG_PTR
)SecurityDescriptor
->Group
% sizeof(ULONG
))
377 DPRINT1("Invalid Group SID alignment\n");
381 Sid
= (PSID
)((ULONG_PTR
)SecurityDescriptor
+ (ULONG_PTR
)SecurityDescriptor
->Group
);
382 if (Sid
->Revision
!= SID_REVISION
)
384 DPRINT1("Invalid Group SID revision\n");
388 SdLength
+= (sizeof(SID
) + (Sid
->SubAuthorityCount
- 1) * sizeof(ULONG
));
389 if (Length
< SdLength
)
391 DPRINT1("Invalid Group SID size\n");
397 if (SecurityDescriptor
->Dacl
!= NULL
)
399 if ((ULONG_PTR
)SecurityDescriptor
->Dacl
% sizeof(ULONG
))
401 DPRINT1("Invalid DACL alignment\n");
405 Acl
= (PACL
)((ULONG_PTR
)SecurityDescriptor
+ (ULONG_PTR
)SecurityDescriptor
->Dacl
);
406 if ((Acl
->AclRevision
< MIN_ACL_REVISION
) &&
407 (Acl
->AclRevision
> MAX_ACL_REVISION
))
409 DPRINT1("Invalid DACL revision\n");
413 SdLength
+= Acl
->AclSize
;
414 if (Length
< SdLength
)
416 DPRINT1("Invalid DACL size\n");
422 if (SecurityDescriptor
->Sacl
!= NULL
)
424 if ((ULONG_PTR
)SecurityDescriptor
->Sacl
% sizeof(ULONG
))
426 DPRINT1("Invalid SACL alignment\n");
430 Acl
= (PACL
)((ULONG_PTR
)SecurityDescriptor
+ (ULONG_PTR
)SecurityDescriptor
->Sacl
);
431 if ((Acl
->AclRevision
< MIN_ACL_REVISION
) ||
432 (Acl
->AclRevision
> MAX_ACL_REVISION
))
434 DPRINT1("Invalid SACL revision\n");
438 SdLength
+= Acl
->AclSize
;
439 if (Length
< SdLength
)
441 DPRINT1("Invalid SACL size\n");