projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
move the rest of the alread defined tags to the private tag.h
[reactos.git] / reactos / ntoskrnl / se / sid.c
1 /* $Id$
2 *
3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * FILE: ntoskrnl/se/sid.c
6 * PURPOSE: Security manager
7 *
8 * PROGRAMMERS: David Welch <welch@cwcom.net>
9 */
10
11 /* INCLUDES *****************************************************************/
12
13 #include <ntoskrnl.h>
14
15 #define NDEBUG
16 #include <internal/debug.h>
17
18 /* GLOBALS ******************************************************************/
19
20 SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
21 SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
22 SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
23 SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
24 SID_IDENTIFIER_AUTHORITY SeNtSidAuthority = {SECURITY_NT_AUTHORITY};
25
26 PSID SeNullSid = NULL;
27 PSID SeWorldSid = NULL;
28 PSID SeLocalSid = NULL;
29 PSID SeCreatorOwnerSid = NULL;
30 PSID SeCreatorGroupSid = NULL;
31 PSID SeCreatorOwnerServerSid = NULL;
32 PSID SeCreatorGroupServerSid = NULL;
33 PSID SeNtAuthoritySid = NULL;
34 PSID SeDialupSid = NULL;
35 PSID SeNetworkSid = NULL;
36 PSID SeBatchSid = NULL;
37 PSID SeInteractiveSid = NULL;
38 PSID SeServiceSid = NULL;
39 PSID SeAnonymousLogonSid = NULL;
40 PSID SePrincipalSelfSid = NULL;
41 PSID SeLocalSystemSid = NULL;
42 PSID SeAuthenticatedUserSid = NULL;
43 PSID SeRestrictedCodeSid = NULL;
44 PSID SeAliasAdminsSid = NULL;
45 PSID SeAliasUsersSid = NULL;
46 PSID SeAliasGuestsSid = NULL;
47 PSID SeAliasPowerUsersSid = NULL;
48 PSID SeAliasAccountOpsSid = NULL;
49 PSID SeAliasSystemOpsSid = NULL;
50 PSID SeAliasPrintOpsSid = NULL;
51 PSID SeAliasBackupOpsSid = NULL;
52
53
54 /* FUNCTIONS ****************************************************************/
55
56
57 BOOLEAN INIT_FUNCTION
58 SepInitSecurityIDs(VOID)
59 {
60 ULONG SidLength0;
61 ULONG SidLength1;
62 ULONG SidLength2;
63 PULONG SubAuthority;
64
65 SidLength0 = RtlLengthRequiredSid(0);
66 SidLength1 = RtlLengthRequiredSid(1);
67 SidLength2 = RtlLengthRequiredSid(2);
68
69 /* create NullSid */
70 SeNullSid = ExAllocatePoolWithTag(NonPagedPool,
71 SidLength1,
72 TAG_SID);
73 if (SeNullSid == NULL)
74 return(FALSE);
75
76 RtlInitializeSid(SeNullSid,
77 &SeNullSidAuthority,
78 1);
79 SubAuthority = RtlSubAuthoritySid(SeNullSid,
80 0);
81 *SubAuthority = SECURITY_NULL_RID;
82
83 /* create WorldSid */
84 SeWorldSid = ExAllocatePoolWithTag(NonPagedPool,
85 SidLength1,
86 TAG_SID);
87 if (SeWorldSid == NULL)
88 return(FALSE);
89
90 RtlInitializeSid(SeWorldSid,
91 &SeWorldSidAuthority,
92 1);
93 SubAuthority = RtlSubAuthoritySid(SeWorldSid,
94 0);
95 *SubAuthority = SECURITY_WORLD_RID;
96
97 /* create LocalSid */
98 SeLocalSid = ExAllocatePoolWithTag(NonPagedPool,
99 SidLength1,
100 TAG_SID);
101 if (SeLocalSid == NULL)
102 return(FALSE);
103
104 RtlInitializeSid(SeLocalSid,
105 &SeLocalSidAuthority,
106 1);
107 SubAuthority = RtlSubAuthoritySid(SeLocalSid,
108 0);
109 *SubAuthority = SECURITY_LOCAL_RID;
110
111 /* create CreatorOwnerSid */
112 SeCreatorOwnerSid = ExAllocatePoolWithTag(NonPagedPool,
113 SidLength1,
114 TAG_SID);
115 if (SeCreatorOwnerSid == NULL)
116 return(FALSE);
117
118 RtlInitializeSid(SeCreatorOwnerSid,
119 &SeCreatorSidAuthority,
120 1);
121 SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid,
122 0);
123 *SubAuthority = SECURITY_CREATOR_OWNER_RID;
124
125 /* create CreatorGroupSid */
126 SeCreatorGroupSid = ExAllocatePoolWithTag(NonPagedPool,
127 SidLength1,
128 TAG_SID);
129 if (SeCreatorGroupSid == NULL)
130 return(FALSE);
131
132 RtlInitializeSid(SeCreatorGroupSid,
133 &SeCreatorSidAuthority,
134 1);
135 SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid,
136 0);
137 *SubAuthority = SECURITY_CREATOR_GROUP_RID;
138
139 /* create CreatorOwnerServerSid */
140 SeCreatorOwnerServerSid = ExAllocatePoolWithTag(NonPagedPool,
141 SidLength1,
142 TAG_SID);
143 if (SeCreatorOwnerServerSid == NULL)
144 return(FALSE);
145
146 RtlInitializeSid(SeCreatorOwnerServerSid,
147 &SeCreatorSidAuthority,
148 1);
149 SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid,
150 0);
151 *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
152
153 /* create CreatorGroupServerSid */
154 SeCreatorGroupServerSid = ExAllocatePoolWithTag(NonPagedPool,
155 SidLength1,
156 TAG_SID);
157 if (SeCreatorGroupServerSid == NULL)
158 return(FALSE);
159
160 RtlInitializeSid(SeCreatorGroupServerSid,
161 &SeCreatorSidAuthority,
162 1);
163 SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid,
164 0);
165 *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
166
167
168 /* create NtAuthoritySid */
169 SeNtAuthoritySid = ExAllocatePoolWithTag(NonPagedPool,
170 SidLength0,
171 TAG_SID);
172 if (SeNtAuthoritySid == NULL)
173 return(FALSE);
174
175 RtlInitializeSid(SeNtAuthoritySid,
176 &SeNtSidAuthority,
177 0);
178
179 /* create DialupSid */
180 SeDialupSid = ExAllocatePoolWithTag(NonPagedPool,
181 SidLength1,
182 TAG_SID);
183 if (SeDialupSid == NULL)
184 return(FALSE);
185
186 RtlInitializeSid(SeDialupSid,
187 &SeNtSidAuthority,
188 1);
189 SubAuthority = RtlSubAuthoritySid(SeDialupSid,
190 0);
191 *SubAuthority = SECURITY_DIALUP_RID;
192
193 /* create NetworkSid */
194 SeNetworkSid = ExAllocatePoolWithTag(NonPagedPool,
195 SidLength1,
196 TAG_SID);
197 if (SeNetworkSid == NULL)
198 return(FALSE);
199
200 RtlInitializeSid(SeNetworkSid,
201 &SeNtSidAuthority,
202 1);
203 SubAuthority = RtlSubAuthoritySid(SeNetworkSid,
204 0);
205 *SubAuthority = SECURITY_NETWORK_RID;
206
207 /* create BatchSid */
208 SeBatchSid = ExAllocatePoolWithTag(NonPagedPool,
209 SidLength1,
210 TAG_SID);
211 if (SeBatchSid == NULL)
212 return(FALSE);
213
214 RtlInitializeSid(SeBatchSid,
215 &SeNtSidAuthority,
216 1);
217 SubAuthority = RtlSubAuthoritySid(SeBatchSid,
218 0);
219 *SubAuthority = SECURITY_BATCH_RID;
220
221 /* create InteractiveSid */
222 SeInteractiveSid = ExAllocatePoolWithTag(NonPagedPool,
223 SidLength1,
224 TAG_SID);
225 if (SeInteractiveSid == NULL)
226 return(FALSE);
227
228 RtlInitializeSid(SeInteractiveSid,
229 &SeNtSidAuthority,
230 1);
231 SubAuthority = RtlSubAuthoritySid(SeInteractiveSid,
232 0);
233 *SubAuthority = SECURITY_INTERACTIVE_RID;
234
235 /* create ServiceSid */
236 SeServiceSid = ExAllocatePoolWithTag(NonPagedPool,
237 SidLength1,
238 TAG_SID);
239 if (SeServiceSid == NULL)
240 return(FALSE);
241
242 RtlInitializeSid(SeServiceSid,
243 &SeNtSidAuthority,
244 1);
245 SubAuthority = RtlSubAuthoritySid(SeServiceSid,
246 0);
247 *SubAuthority = SECURITY_SERVICE_RID;
248
249 /* create AnonymousLogonSid */
250 SeAnonymousLogonSid = ExAllocatePoolWithTag(NonPagedPool,
251 SidLength1,
252 TAG_SID);
253 if (SeAnonymousLogonSid == NULL)
254 return(FALSE);
255
256 RtlInitializeSid(SeAnonymousLogonSid,
257 &SeNtSidAuthority,
258 1);
259 SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid,
260 0);
261 *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
262
263 /* create PrincipalSelfSid */
264 SePrincipalSelfSid = ExAllocatePoolWithTag(NonPagedPool,
265 SidLength1,
266 TAG_SID);
267 if (SePrincipalSelfSid == NULL)
268 return(FALSE);
269
270 RtlInitializeSid(SePrincipalSelfSid,
271 &SeNtSidAuthority,
272 1);
273 SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid,
274 0);
275 *SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
276
277 /* create LocalSystemSid */
278 SeLocalSystemSid = ExAllocatePoolWithTag(NonPagedPool,
279 SidLength1,
280 TAG_SID);
281 if (SeLocalSystemSid == NULL)
282 return(FALSE);
283
284 RtlInitializeSid(SeLocalSystemSid,
285 &SeNtSidAuthority,
286 1);
287 SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid,
288 0);
289 *SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
290
291 /* create AuthenticatedUserSid */
292 SeAuthenticatedUserSid = ExAllocatePoolWithTag(NonPagedPool,
293 SidLength1,
294 TAG_SID);
295 if (SeAuthenticatedUserSid == NULL)
296 return(FALSE);
297
298 RtlInitializeSid(SeAuthenticatedUserSid,
299 &SeNtSidAuthority,
300 1);
301 SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid,
302 0);
303 *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
304
305 /* create RestrictedCodeSid */
306 SeRestrictedCodeSid = ExAllocatePoolWithTag(NonPagedPool,
307 SidLength1,
308 TAG_SID);
309 if (SeRestrictedCodeSid == NULL)
310 return(FALSE);
311
312 RtlInitializeSid(SeRestrictedCodeSid,
313 &SeNtSidAuthority,
314 1);
315 SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid,
316 0);
317 *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
318
319 /* create AliasAdminsSid */
320 SeAliasAdminsSid = ExAllocatePoolWithTag(NonPagedPool,
321 SidLength2,
322 TAG_SID);
323 if (SeAliasAdminsSid == NULL)
324 return(FALSE);
325
326 RtlInitializeSid(SeAliasAdminsSid,
327 &SeNtSidAuthority,
328 2);
329 SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
330 0);
331 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
332
333 SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
334 1);
335 *SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
336
337 /* create AliasUsersSid */
338 SeAliasUsersSid = ExAllocatePoolWithTag(NonPagedPool,
339 SidLength2,
340 TAG_SID);
341 if (SeAliasUsersSid == NULL)
342 return(FALSE);
343
344 RtlInitializeSid(SeAliasUsersSid,
345 &SeNtSidAuthority,
346 2);
347 SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
348 0);
349 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
350
351 SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
352 1);
353 *SubAuthority = DOMAIN_ALIAS_RID_USERS;
354
355 /* create AliasGuestsSid */
356 SeAliasGuestsSid = ExAllocatePoolWithTag(NonPagedPool,
357 SidLength2,
358 TAG_SID);
359 if (SeAliasGuestsSid == NULL)
360 return(FALSE);
361
362 RtlInitializeSid(SeAliasGuestsSid,
363 &SeNtSidAuthority,
364 2);
365 SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
366 0);
367 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
368
369 SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
370 1);
371 *SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
372
373 /* create AliasPowerUsersSid */
374 SeAliasPowerUsersSid = ExAllocatePoolWithTag(NonPagedPool,
375 SidLength2,
376 TAG_SID);
377 if (SeAliasPowerUsersSid == NULL)
378 return(FALSE);
379
380 RtlInitializeSid(SeAliasPowerUsersSid,
381 &SeNtSidAuthority,
382 2);
383 SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
384 0);
385 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
386
387 SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
388 1);
389 *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
390
391 /* create AliasAccountOpsSid */
392 SeAliasAccountOpsSid = ExAllocatePoolWithTag(NonPagedPool,
393 SidLength2,
394 TAG_SID);
395 if (SeAliasAccountOpsSid == NULL)
396 return(FALSE);
397
398 RtlInitializeSid(SeAliasAccountOpsSid,
399 &SeNtSidAuthority,
400 2);
401 SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
402 0);
403 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
404
405 SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
406 1);
407 *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
408
409 /* create AliasSystemOpsSid */
410 SeAliasSystemOpsSid = ExAllocatePoolWithTag(NonPagedPool,
411 SidLength2,
412 TAG_SID);
413 if (SeAliasSystemOpsSid == NULL)
414 return(FALSE);
415
416 RtlInitializeSid(SeAliasSystemOpsSid,
417 &SeNtSidAuthority,
418 2);
419 SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
420 0);
421 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
422
423 SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
424 1);
425 *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
426
427 /* create AliasPrintOpsSid */
428 SeAliasPrintOpsSid = ExAllocatePoolWithTag(NonPagedPool,
429 SidLength2,
430 TAG_SID);
431 if (SeAliasPrintOpsSid == NULL)
432 return(FALSE);
433
434 RtlInitializeSid(SeAliasPrintOpsSid,
435 &SeNtSidAuthority,
436 2);
437 SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
438 0);
439 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
440
441 SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
442 1);
443 *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
444
445 /* create AliasBackupOpsSid */
446 SeAliasBackupOpsSid = ExAllocatePoolWithTag(NonPagedPool,
447 SidLength2,
448 TAG_SID);
449 if (SeAliasBackupOpsSid == NULL)
450 return(FALSE);
451
452 RtlInitializeSid(SeAliasBackupOpsSid,
453 &SeNtSidAuthority,
454 2);
455 SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
456 0);
457 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
458
459 SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
460 1);
461 *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
462
463 return(TRUE);
464 }
465
466 NTSTATUS
467 SepCaptureSid(IN PSID InputSid,
468 IN KPROCESSOR_MODE AccessMode,
469 IN POOL_TYPE PoolType,
470 IN BOOLEAN CaptureIfKernel,
471 OUT PSID *CapturedSid)
472 {
473 ULONG SidSize = 0;
474 PISID NewSid, Sid = (PISID)InputSid;
475 NTSTATUS Status = STATUS_SUCCESS;
476
477 PAGED_CODE();
478
479 if(AccessMode != KernelMode)
480 {
481 _SEH_TRY
482 {
483 ProbeForRead(Sid,
484 sizeof(*Sid) - sizeof(Sid->SubAuthority),
485 sizeof(UCHAR));
486 SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
487 ProbeForRead(Sid,
488 SidSize,
489 sizeof(UCHAR));
490 }
491 _SEH_HANDLE
492 {
493 Status = _SEH_GetExceptionCode();
494 }
495 _SEH_END;
496
497 if(NT_SUCCESS(Status))
498 {
499 /* allocate a SID and copy it */
500 NewSid = ExAllocatePool(PoolType,
501 SidSize);
502 if(NewSid != NULL)
503 {
504 _SEH_TRY
505 {
506 RtlCopyMemory(NewSid,
507 Sid,
508 SidSize);
509
510 *CapturedSid = NewSid;
511 }
512 _SEH_HANDLE
513 {
514 ExFreePool(NewSid);
515 Status = _SEH_GetExceptionCode();
516 }
517 _SEH_END;
518 }
519 else
520 {
521 Status = STATUS_INSUFFICIENT_RESOURCES;
522 }
523 }
524 }
525 else if(!CaptureIfKernel)
526 {
527 *CapturedSid = InputSid;
528 return STATUS_SUCCESS;
529 }
530 else
531 {
532 SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
533
534 /* allocate a SID and copy it */
535 NewSid = ExAllocatePool(PoolType,
536 SidSize);
537 if(NewSid != NULL)
538 {
539 RtlCopyMemory(NewSid,
540 Sid,
541 SidSize);
542
543 *CapturedSid = NewSid;
544 }
545 else
546 {
547 Status = STATUS_INSUFFICIENT_RESOURCES;
548 }
549 }
550
551 return Status;
552 }
553
554 VOID
555 SepReleaseSid(IN PSID CapturedSid,
556 IN KPROCESSOR_MODE AccessMode,
557 IN BOOLEAN CaptureIfKernel)
558 {
559 PAGED_CODE();
560
561 if(CapturedSid != NULL &&
562 (AccessMode == UserMode ||
563 (AccessMode == KernelMode && CaptureIfKernel)))
564 {
565 ExFreePool(CapturedSid);
566 }
567 }
568
569 /* EOF */
A free Windows-compatible Operating System