projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Some missing __stdcall declarations added in headers and in code.
[reactos.git] / reactos / ntoskrnl / se / semgr.c
1 /* $Id: semgr.c,v 1.13 1999/12/26 17:22:19 ea Exp $
2 *
3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
6 * FILE: kernel/se/semgr.c
7 * PROGRAMER: ?
8 * REVISION HISTORY:
9 * 26/07/98: Added stubs for security functions
10 */
11
12 /* INCLUDES *****************************************************************/
13
14 #include <ddk/ntddk.h>
15
16 #include <internal/debug.h>
17
18 /* FUNCTIONS ***************************************************************/
19
20
21
22 NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
23 IN PPRIVILEGE_SET RequiredPrivileges,
24 IN PBOOLEAN Result)
25 {
26 UNIMPLEMENTED;
27 }
28
29
30 NTSTATUS
31 STDCALL
32 NtPrivilegedServiceAuditAlarm (
33 IN PUNICODE_STRING SubsystemName,
34 IN PUNICODE_STRING ServiceName,
35 IN HANDLE ClientToken,
36 IN PPRIVILEGE_SET Privileges,
37 IN BOOLEAN AccessGranted
38 )
39 {
40 UNIMPLEMENTED;
41 }
42
43
44 NTSTATUS
45 STDCALL
46 NtPrivilegeObjectAuditAlarm (
47 IN PUNICODE_STRING SubsystemName,
48 IN PVOID HandleId,
49 IN HANDLE ClientToken,
50 IN ULONG DesiredAccess,
51 IN PPRIVILEGE_SET Privileges,
52 IN BOOLEAN AccessGranted
53 )
54 {
55 UNIMPLEMENTED;
56 }
57
58
59 NTSTATUS
60 STDCALL
61 NtOpenObjectAuditAlarm (
62 IN PUNICODE_STRING SubsystemName,
63 IN PVOID HandleId,
64 IN POBJECT_ATTRIBUTES ObjectAttributes,
65 IN HANDLE ClientToken,
66 IN ULONG DesiredAccess,
67 IN ULONG GrantedAccess,
68 IN PPRIVILEGE_SET Privileges,
69 IN BOOLEAN ObjectCreation,
70 IN BOOLEAN AccessGranted,
71 OUT PBOOLEAN GenerateOnClose
72 )
73 {
74 UNIMPLEMENTED;
75 }
76
77
78 NTSTATUS
79 STDCALL
80 NtOpenProcessToken (
81 IN HANDLE ProcessHandle,
82 IN ACCESS_MASK DesiredAccess,
83 OUT PHANDLE TokenHandle
84 )
85 {
86 UNIMPLEMENTED;
87 }
88
89
90 NTSTATUS
91 STDCALL
92 NtOpenThreadToken (
93 IN HANDLE ThreadHandle,
94 IN ACCESS_MASK DesiredAccess,
95 IN BOOLEAN OpenAsSelf,
96 OUT PHANDLE TokenHandle
97 )
98 {
99 UNIMPLEMENTED;
100 }
101
102
103
104
105 NTSTATUS STDCALL NtImpersonateThread (IN HANDLE ThreadHandle,
106 IN HANDLE ThreadToImpersonate,
107 IN PSECURITY_QUALITY_OF_SERVICE
108 SecurityQualityOfService)
109 {
110 UNIMPLEMENTED;
111 }
112
113
114
115 NTSTATUS
116 STDCALL
117 NtAccessCheckAndAuditAlarm (
118 IN PUNICODE_STRING SubsystemName,
119 IN PHANDLE ObjectHandle,
120 IN POBJECT_ATTRIBUTES ObjectAttributes,
121 IN ACCESS_MASK DesiredAccess,
122 IN PGENERIC_MAPPING GenericMapping,
123 IN BOOLEAN ObjectCreation,
124 OUT PULONG GrantedAccess,
125 OUT PBOOLEAN AccessStatus,
126 OUT PBOOLEAN GenerateOnClose
127 )
128 {
129 UNIMPLEMENTED;
130 }
131
132
133 NTSTATUS
134 STDCALL
135 NtAdjustGroupsToken (
136 IN HANDLE TokenHandle,
137 IN BOOLEAN ResetToDefault,
138 IN PTOKEN_GROUPS NewState,
139 IN ULONG BufferLength,
140 OUT PTOKEN_GROUPS PreviousState OPTIONAL,
141 OUT PULONG ReturnLength
142 )
143 {
144 UNIMPLEMENTED;
145 }
146
147
148 NTSTATUS
149 STDCALL
150 NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
151 IN BOOLEAN DisableAllPrivileges,
152 IN PTOKEN_PRIVILEGES NewState,
153 IN ULONG BufferLength,
154 OUT PTOKEN_PRIVILEGES PreviousState,
155 OUT PULONG ReturnLength)
156 {
157 UNIMPLEMENTED;
158 }
159
160 NTSTATUS
161 STDCALL
162 NtAllocateUuids (
163 PLARGE_INTEGER Time,
164 PULONG Version, // ???
165 PULONG ClockCycle
166 )
167 {
168 UNIMPLEMENTED;
169 }
170
171
172 NTSTATUS STDCALL NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
173 IN PVOID HandleId,
174 IN BOOLEAN GenerateOnClose)
175 {
176 UNIMPLEMENTED;
177 }
178
179 NTSTATUS STDCALL NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
180 IN HANDLE ClientToken,
181 IN ACCESS_MASK DesiredAccess,
182 IN PGENERIC_MAPPING GenericMapping,
183 OUT PPRIVILEGE_SET PrivilegeSet,
184 OUT PULONG ReturnLength,
185 OUT PULONG GrantedAccess,
186 OUT PBOOLEAN AccessStatus)
187 {
188 UNIMPLEMENTED;
189 }
190
191
192 NTSTATUS
193 STDCALL
194 NtDeleteObjectAuditAlarm (
195 IN PUNICODE_STRING SubsystemName,
196 IN PVOID HandleId,
197 IN BOOLEAN GenerateOnClose
198 )
199 {
200 UNIMPLEMENTED;
201 }
202
203 VOID STDCALL SeReleaseSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
204 {
205
206 }
207
208 VOID STDCALL SeCaptureSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
209 {
210 PEPROCESS Process;
211 ULONG a;
212 ULONG b;
213
214 Process = PsGetCurrentThread()->ThreadsProcess;
215
216 SubjectContext->ProcessAuditId = Process;
217 SubjectContext->ClientToken =
218 PsReferenceImpersonationToken(PsGetCurrentThread(),
219 &a,
220 &b,
221 &SubjectContext->ImpersonationLevel);
222 SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
223 }
224
225 BOOLEAN SepPrivilegeCheck(PACCESS_TOKEN Token,
226 PLUID_AND_ATTRIBUTES Privileges,
227 ULONG PrivilegeCount,
228 ULONG PrivilegeControl,
229 KPROCESSOR_MODE PreviousMode)
230 {
231 ULONG i;
232 PLUID_AND_ATTRIBUTES Current;
233 ULONG j;
234 ULONG k;
235
236 if (PreviousMode == KernelMode)
237 {
238 return(TRUE);
239 }
240
241 j = 0;
242 if (PrivilegeCount != 0)
243 {
244 k = PrivilegeCount;
245 do
246 {
247 i = Token->PrivilegeCount;
248 Current = Token->Privileges;
249 for (i = 0; i < Token->PrivilegeCount; i++)
250 {
251 if (!(Current[i].Attributes & 2) &&
252 Privileges[i].Luid.u.LowPart ==
253 Current[i].Luid.u.LowPart &&
254 Privileges[i].Luid.u.HighPart ==
255 Current[i].Luid.u.HighPart)
256 {
257 Privileges[i].Attributes =
258 Privileges[i].Attributes | 0x80;
259 j++;
260 break;
261 }
262 }
263 k--;
264 } while (k > 0);
265 }
266
267 if ((PrivilegeControl & 0x2) && PrivilegeCount == j)
268 {
269 return(TRUE);
270 }
271
272 if (j > 0 && !(PrivilegeControl & 0x2))
273 {
274 return(TRUE);
275 }
276
277 return(FALSE);
278 }
279
280 BOOLEAN STDCALL SePrivilegeCheck(PPRIVILEGE_SET Privileges,
281 PSECURITY_SUBJECT_CONTEXT SubjectContext,
282 KPROCESSOR_MODE PreviousMode)
283 {
284 PACCESS_TOKEN Token = NULL;
285
286 if (SubjectContext->ClientToken == NULL)
287 {
288 Token = SubjectContext->PrimaryToken;
289 }
290 else
291 {
292 Token = SubjectContext->ClientToken;
293 if (SubjectContext->ImpersonationLevel < 2)
294 {
295 return(FALSE);
296 }
297 }
298
299 return(SepPrivilegeCheck(Token,
300 Privileges->Privilege,
301 Privileges->PrivilegeCount,
302 Privileges->Control,
303 PreviousMode));
304 }
305
306 BOOLEAN STDCALL SeSinglePrivilegeCheck(LUID PrivilegeValue,
307 KPROCESSOR_MODE PreviousMode)
308 {
309 SECURITY_SUBJECT_CONTEXT SubjectContext;
310 BOOLEAN r;
311 PRIVILEGE_SET Priv;
312
313 SeCaptureSubjectContext(&SubjectContext);
314
315 Priv.PrivilegeCount = 1;
316 Priv.Control = 1;
317 Priv.Privilege[0].Luid = PrivilegeValue;
318 Priv.Privilege[0].Attributes = 0;
319
320 r = SePrivilegeCheck(&Priv,
321 &SubjectContext,
322 PreviousMode);
323
324 if (PreviousMode != KernelMode)
325 {
326 /* SePrivilegeServiceAuditAlarm(0,
327 &SubjectContext,
328 &PrivilegeValue);*/
329 }
330 SeReleaseSubjectContext(&SubjectContext);
331 return(r);
332 }
333
334 NTSTATUS STDCALL SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor)
335 {
336 UNIMPLEMENTED;
337 }
338
339 NTSTATUS STDCALL SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
340 PSECURITY_DESCRIPTOR ExplicitDescriptor,
341 BOOLEAN IsDirectoryObject,
342 PSECURITY_SUBJECT_CONTEXT SubjectContext,
343 PGENERIC_MAPPING GenericMapping,
344 POOL_TYPE PoolType)
345 {
346 UNIMPLEMENTED;
347 }
348
349 BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
350 IN PSECURITY_DESCRIPTOR_CONTEXT SubjectSecurityContext,
351 IN BOOLEAN SubjectContextLocked,
352 IN ACCESS_MASK DesiredAccess,
353 IN ACCESS_MASK PreviouslyGrantedAccess,
354 OUT PPRIVILEGE_SET* Privileges,
355 IN PGENERIC_MAPPING GenericMapping,
356 IN KPROCESSOR_MODE AccessMode,
357 OUT PACCESS_MODE GrantedAccess,
358 OUT PNTSTATUS AccessStatus)
359 /*
360 * FUNCTION: Determines whether the requested access rights can be granted
361 * to an object protected by a security descriptor and an object owner
362 * ARGUMENTS:
363 * SecurityDescriptor = Security descriptor protecting the object
364 * SubjectSecurityContext = Subject's captured security context
365 * SubjectContextLocked = Indicates the user's subject context is locked
366 * DesiredAccess = Access rights the caller is trying to acquire
367 * PreviouslyGrantedAccess = Specified the access rights already granted
368 * Privileges = ?
369 * GenericMapping = Generic mapping associated with the object
370 * AccessMode = Access mode used for the check
371 * GrantedAccess (OUT) = On return specifies the access granted
372 * AccessStatus (OUT) = Status indicating why access was denied
373 * RETURNS: If access was granted, returns TRUE
374 */
375 {
376 ULONG i;
377 PACL Dacl;
378 BOOLEAN Present;
379 BOOLEAN Defaulted;
380 NTSTATUS Status;
381 PACE CurrentAce;
382 PSID Sid;
383 ACCESS_MASK CurrentAccess;
384
385 CurrentAccess = PreviouslyGrantedAccess;
386
387 /*
388 * Ignore the SACL for now
389 */
390
391 /*
392 * Check the DACL
393 */
394 Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
395 &Present,
396 &Dacl,
397 &Defaulted);
398 if (!NT_SUCCESS(Status))
399 {
400 return(Status);
401 }
402
403 CurrentAce = (PACE)(Dacl + 1);
404 for (i = 0; i < Dacl->AceCount; i++)
405 {
406 Sid = (PSID)(CurrentAce + 1);
407 if (CurrentAce->Header.AceType == ACCESS_DENIED_ACE_TYPE)
408 {
409 if (RtlEqualSid(Sid, NULL))
410 {
411 *AccessStatus = STATUS_ACCESS_DENIED;
412 *GrantedAccess = 0;
413 return(STATUS_SUCCESS);
414 }
415 }
416 if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
417 {
418 if (RtlEqualSid(Sid, NULL))
419 {
420 CurrentAccess = CurrentAccess |
421 CurrentAce->Header.AccessMask;
422 }
423 }
424 }
425 if (!(CurrentAccess & DesiredAccess) &&
426 !((~CurrentAccess) & DesiredAccess))
427 {
428 *AccessStatus = STATUS_ACCESS_DENIED;
429 }
430 else
431 {
432 *AccessStatus = STATUS_SUCCESS;
433 }
434 *GrantedAccess = CurrentAccess;
435
436 return(STATUS_SUCCESS);
437 }
438
439
440 /* EOF */
A free Windows-compatible Operating System