1 /* $Id: sid.c,v 1.11 2002/09/07 15:13:06 chorns Exp $
3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
6 * FILE: ntoskrnl/se/sid.c
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
17 #include <internal/debug.h>
20 #define TAG_SID TAG('S', 'I', 'D', 'T')
23 /* GLOBALS ******************************************************************/
25 SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
= {SECURITY_NULL_SID_AUTHORITY
};
26 SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
= {SECURITY_WORLD_SID_AUTHORITY
};
27 SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
= {SECURITY_LOCAL_SID_AUTHORITY
};
28 SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
= {SECURITY_CREATOR_SID_AUTHORITY
};
29 SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
= {SECURITY_NT_AUTHORITY
};
31 PSID SeNullSid
= NULL
;
32 PSID SeWorldSid
= NULL
;
33 PSID SeLocalSid
= NULL
;
34 PSID SeCreatorOwnerSid
= NULL
;
35 PSID SeCreatorGroupSid
= NULL
;
36 PSID SeCreatorOwnerServerSid
= NULL
;
37 PSID SeCreatorGroupServerSid
= NULL
;
38 PSID SeNtAuthoritySid
= NULL
;
39 PSID SeDialupSid
= NULL
;
40 PSID SeNetworkSid
= NULL
;
41 PSID SeBatchSid
= NULL
;
42 PSID SeInteractiveSid
= NULL
;
43 PSID SeServiceSid
= NULL
;
44 PSID SeAnonymousLogonSid
= NULL
;
45 PSID SePrincipalSelfSid
= NULL
;
46 PSID SeLocalSystemSid
= NULL
;
47 PSID SeAuthenticatedUserSid
= NULL
;
48 PSID SeRestrictedCodeSid
= NULL
;
49 PSID SeAliasAdminsSid
= NULL
;
50 PSID SeAliasUsersSid
= NULL
;
51 PSID SeAliasGuestsSid
= NULL
;
52 PSID SeAliasPowerUsersSid
= NULL
;
53 PSID SeAliasAccountOpsSid
= NULL
;
54 PSID SeAliasSystemOpsSid
= NULL
;
55 PSID SeAliasPrintOpsSid
= NULL
;
56 PSID SeAliasBackupOpsSid
= NULL
;
59 /* FUNCTIONS ****************************************************************/
63 SepInitSecurityIDs(VOID
)
70 SidLength0
= RtlLengthRequiredSid(0);
71 SidLength1
= RtlLengthRequiredSid(1);
72 SidLength2
= RtlLengthRequiredSid(2);
75 SeNullSid
= ExAllocatePoolWithTag(NonPagedPool
,
78 if (SeNullSid
== NULL
)
81 RtlInitializeSid(SeNullSid
,
84 SubAuthority
= RtlSubAuthoritySid(SeNullSid
,
86 *SubAuthority
= SECURITY_NULL_RID
;
89 SeWorldSid
= ExAllocatePoolWithTag(NonPagedPool
,
92 if (SeWorldSid
== NULL
)
95 RtlInitializeSid(SeWorldSid
,
98 SubAuthority
= RtlSubAuthoritySid(SeWorldSid
,
100 *SubAuthority
= SECURITY_WORLD_RID
;
102 /* create LocalSid */
103 SeLocalSid
= ExAllocatePoolWithTag(NonPagedPool
,
106 if (SeLocalSid
== NULL
)
109 RtlInitializeSid(SeLocalSid
,
110 &SeLocalSidAuthority
,
112 SubAuthority
= RtlSubAuthoritySid(SeLocalSid
,
114 *SubAuthority
= SECURITY_LOCAL_RID
;
116 /* create CreatorOwnerSid */
117 SeCreatorOwnerSid
= ExAllocatePoolWithTag(NonPagedPool
,
120 if (SeCreatorOwnerSid
== NULL
)
123 RtlInitializeSid(SeCreatorOwnerSid
,
124 &SeCreatorSidAuthority
,
126 SubAuthority
= RtlSubAuthoritySid(SeCreatorOwnerSid
,
128 *SubAuthority
= SECURITY_CREATOR_OWNER_RID
;
130 /* create CreatorGroupSid */
131 SeCreatorGroupSid
= ExAllocatePoolWithTag(NonPagedPool
,
134 if (SeCreatorGroupSid
== NULL
)
137 RtlInitializeSid(SeCreatorGroupSid
,
138 &SeCreatorSidAuthority
,
140 SubAuthority
= RtlSubAuthoritySid(SeCreatorGroupSid
,
142 *SubAuthority
= SECURITY_CREATOR_GROUP_RID
;
144 /* create CreatorOwnerServerSid */
145 SeCreatorOwnerServerSid
= ExAllocatePoolWithTag(NonPagedPool
,
148 if (SeCreatorOwnerServerSid
== NULL
)
151 RtlInitializeSid(SeCreatorOwnerServerSid
,
152 &SeCreatorSidAuthority
,
154 SubAuthority
= RtlSubAuthoritySid(SeCreatorOwnerServerSid
,
156 *SubAuthority
= SECURITY_CREATOR_OWNER_SERVER_RID
;
158 /* create CreatorGroupServerSid */
159 SeCreatorGroupServerSid
= ExAllocatePoolWithTag(NonPagedPool
,
162 if (SeCreatorGroupServerSid
== NULL
)
165 RtlInitializeSid(SeCreatorGroupServerSid
,
166 &SeCreatorSidAuthority
,
168 SubAuthority
= RtlSubAuthoritySid(SeCreatorGroupServerSid
,
170 *SubAuthority
= SECURITY_CREATOR_GROUP_SERVER_RID
;
173 /* create NtAuthoritySid */
174 SeNtAuthoritySid
= ExAllocatePoolWithTag(NonPagedPool
,
177 if (SeNtAuthoritySid
== NULL
)
180 RtlInitializeSid(SeNtAuthoritySid
,
184 /* create DialupSid */
185 SeDialupSid
= ExAllocatePoolWithTag(NonPagedPool
,
188 if (SeDialupSid
== NULL
)
191 RtlInitializeSid(SeDialupSid
,
194 SubAuthority
= RtlSubAuthoritySid(SeDialupSid
,
196 *SubAuthority
= SECURITY_DIALUP_RID
;
198 /* create NetworkSid */
199 SeNetworkSid
= ExAllocatePoolWithTag(NonPagedPool
,
202 if (SeNetworkSid
== NULL
)
205 RtlInitializeSid(SeNetworkSid
,
208 SubAuthority
= RtlSubAuthoritySid(SeNetworkSid
,
210 *SubAuthority
= SECURITY_NETWORK_RID
;
212 /* create BatchSid */
213 SeBatchSid
= ExAllocatePoolWithTag(NonPagedPool
,
216 if (SeBatchSid
== NULL
)
219 RtlInitializeSid(SeBatchSid
,
222 SubAuthority
= RtlSubAuthoritySid(SeBatchSid
,
224 *SubAuthority
= SECURITY_BATCH_RID
;
226 /* create InteractiveSid */
227 SeInteractiveSid
= ExAllocatePoolWithTag(NonPagedPool
,
230 if (SeInteractiveSid
== NULL
)
233 RtlInitializeSid(SeInteractiveSid
,
236 SubAuthority
= RtlSubAuthoritySid(SeInteractiveSid
,
238 *SubAuthority
= SECURITY_INTERACTIVE_RID
;
240 /* create ServiceSid */
241 SeServiceSid
= ExAllocatePoolWithTag(NonPagedPool
,
244 if (SeServiceSid
== NULL
)
247 RtlInitializeSid(SeServiceSid
,
250 SubAuthority
= RtlSubAuthoritySid(SeServiceSid
,
252 *SubAuthority
= SECURITY_SERVICE_RID
;
254 /* create AnonymousLogonSid */
255 SeAnonymousLogonSid
= ExAllocatePoolWithTag(NonPagedPool
,
258 if (SeAnonymousLogonSid
== NULL
)
261 RtlInitializeSid(SeAnonymousLogonSid
,
264 SubAuthority
= RtlSubAuthoritySid(SeAnonymousLogonSid
,
266 *SubAuthority
= SECURITY_ANONYMOUS_LOGON_RID
;
268 /* create PrincipalSelfSid */
269 SePrincipalSelfSid
= ExAllocatePoolWithTag(NonPagedPool
,
272 if (SePrincipalSelfSid
== NULL
)
275 RtlInitializeSid(SePrincipalSelfSid
,
278 SubAuthority
= RtlSubAuthoritySid(SePrincipalSelfSid
,
280 *SubAuthority
= SECURITY_PRINCIPAL_SELF_RID
;
282 /* create LocalSystemSid */
283 SeLocalSystemSid
= ExAllocatePoolWithTag(NonPagedPool
,
286 if (SeLocalSystemSid
== NULL
)
289 RtlInitializeSid(SeLocalSystemSid
,
292 SubAuthority
= RtlSubAuthoritySid(SeLocalSystemSid
,
294 *SubAuthority
= SECURITY_LOCAL_SYSTEM_RID
;
296 /* create AuthenticatedUserSid */
297 SeAuthenticatedUserSid
= ExAllocatePoolWithTag(NonPagedPool
,
300 if (SeAuthenticatedUserSid
== NULL
)
303 RtlInitializeSid(SeAuthenticatedUserSid
,
306 SubAuthority
= RtlSubAuthoritySid(SeAuthenticatedUserSid
,
308 *SubAuthority
= SECURITY_AUTHENTICATED_USER_RID
;
310 /* create RestrictedCodeSid */
311 SeRestrictedCodeSid
= ExAllocatePoolWithTag(NonPagedPool
,
314 if (SeRestrictedCodeSid
== NULL
)
317 RtlInitializeSid(SeRestrictedCodeSid
,
320 SubAuthority
= RtlSubAuthoritySid(SeRestrictedCodeSid
,
322 *SubAuthority
= SECURITY_RESTRICTED_CODE_RID
;
324 /* create AliasAdminsSid */
325 SeAliasAdminsSid
= ExAllocatePoolWithTag(NonPagedPool
,
328 if (SeAliasAdminsSid
== NULL
)
331 RtlInitializeSid(SeAliasAdminsSid
,
334 SubAuthority
= RtlSubAuthoritySid(SeAliasAdminsSid
,
336 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
338 SubAuthority
= RtlSubAuthoritySid(SeAliasAdminsSid
,
340 *SubAuthority
= DOMAIN_ALIAS_RID_ADMINS
;
342 /* create AliasUsersSid */
343 SeAliasUsersSid
= ExAllocatePoolWithTag(NonPagedPool
,
346 if (SeAliasUsersSid
== NULL
)
349 RtlInitializeSid(SeAliasUsersSid
,
352 SubAuthority
= RtlSubAuthoritySid(SeAliasUsersSid
,
354 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
356 SubAuthority
= RtlSubAuthoritySid(SeAliasUsersSid
,
358 *SubAuthority
= DOMAIN_ALIAS_RID_USERS
;
360 /* create AliasGuestsSid */
361 SeAliasGuestsSid
= ExAllocatePoolWithTag(NonPagedPool
,
364 if (SeAliasGuestsSid
== NULL
)
367 RtlInitializeSid(SeAliasGuestsSid
,
370 SubAuthority
= RtlSubAuthoritySid(SeAliasGuestsSid
,
372 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
374 SubAuthority
= RtlSubAuthoritySid(SeAliasGuestsSid
,
376 *SubAuthority
= DOMAIN_ALIAS_RID_GUESTS
;
378 /* create AliasPowerUsersSid */
379 SeAliasPowerUsersSid
= ExAllocatePoolWithTag(NonPagedPool
,
382 if (SeAliasPowerUsersSid
== NULL
)
385 RtlInitializeSid(SeAliasPowerUsersSid
,
388 SubAuthority
= RtlSubAuthoritySid(SeAliasPowerUsersSid
,
390 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
392 SubAuthority
= RtlSubAuthoritySid(SeAliasPowerUsersSid
,
394 *SubAuthority
= DOMAIN_ALIAS_RID_POWER_USERS
;
396 /* create AliasAccountOpsSid */
397 SeAliasAccountOpsSid
= ExAllocatePoolWithTag(NonPagedPool
,
400 if (SeAliasAccountOpsSid
== NULL
)
403 RtlInitializeSid(SeAliasAccountOpsSid
,
406 SubAuthority
= RtlSubAuthoritySid(SeAliasAccountOpsSid
,
408 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
410 SubAuthority
= RtlSubAuthoritySid(SeAliasAccountOpsSid
,
412 *SubAuthority
= DOMAIN_ALIAS_RID_ACCOUNT_OPS
;
414 /* create AliasSystemOpsSid */
415 SeAliasSystemOpsSid
= ExAllocatePoolWithTag(NonPagedPool
,
418 if (SeAliasSystemOpsSid
== NULL
)
421 RtlInitializeSid(SeAliasSystemOpsSid
,
424 SubAuthority
= RtlSubAuthoritySid(SeAliasSystemOpsSid
,
426 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
428 SubAuthority
= RtlSubAuthoritySid(SeAliasSystemOpsSid
,
430 *SubAuthority
= DOMAIN_ALIAS_RID_SYSTEM_OPS
;
432 /* create AliasPrintOpsSid */
433 SeAliasPrintOpsSid
= ExAllocatePoolWithTag(NonPagedPool
,
436 if (SeAliasPrintOpsSid
== NULL
)
439 RtlInitializeSid(SeAliasPrintOpsSid
,
442 SubAuthority
= RtlSubAuthoritySid(SeAliasPrintOpsSid
,
444 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
446 SubAuthority
= RtlSubAuthoritySid(SeAliasPrintOpsSid
,
448 *SubAuthority
= DOMAIN_ALIAS_RID_PRINT_OPS
;
450 /* create AliasBackupOpsSid */
451 SeAliasBackupOpsSid
= ExAllocatePoolWithTag(NonPagedPool
,
454 if (SeAliasBackupOpsSid
== NULL
)
457 RtlInitializeSid(SeAliasBackupOpsSid
,
460 SubAuthority
= RtlSubAuthoritySid(SeAliasBackupOpsSid
,
462 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
464 SubAuthority
= RtlSubAuthoritySid(SeAliasBackupOpsSid
,
466 *SubAuthority
= DOMAIN_ALIAS_RID_BACKUP_OPS
;
473 RtlValidSid(PSID Sid
)
475 PISID iSid
= (PISID
)Sid
;
477 if ((iSid
->Revision
& 0xf) != 1)
481 if (iSid
->SubAuthorityCount
> 15)
490 RtlLengthRequiredSid(UCHAR SubAuthorityCount
)
492 return(sizeof(SID
) + (SubAuthorityCount
- 1) * sizeof(ULONG
));
497 RtlInitializeSid(PSID Sid
,
498 PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
499 UCHAR SubAuthorityCount
)
501 PISID iSid
= (PISID
)Sid
;
504 iSid
->SubAuthorityCount
= SubAuthorityCount
;
505 RtlCopyMemory(&iSid
->IdentifierAuthority
,
507 sizeof(SID_IDENTIFIER_AUTHORITY
));
508 return(STATUS_SUCCESS
);
513 RtlSubAuthoritySid(PSID Sid
,
516 PISID iSid
= (PISID
)Sid
;
518 return(&iSid
->SubAuthority
[SubAuthority
]);
523 RtlSubAuthorityCountSid(PSID Sid
)
525 PISID iSid
= (PISID
)Sid
;
527 return(&iSid
->SubAuthorityCount
);
532 RtlEqualSid(PSID Sid1
,
535 PISID iSid1
= (PISID
)Sid1
;
536 PISID iSid2
= (PISID
)Sid2
;
538 if (iSid1
->Revision
!= iSid2
->Revision
)
542 if ((*RtlSubAuthorityCountSid(Sid1
)) !=
543 (*RtlSubAuthorityCountSid(Sid2
)))
547 if (memcmp(Sid1
, Sid2
, RtlLengthSid(Sid1
)) != 0)
556 RtlLengthSid(PSID Sid
)
558 PISID iSid
= (PISID
)Sid
;
560 return(sizeof(SID
) + (iSid
->SubAuthorityCount
-1)*4);
565 RtlCopySid(ULONG BufferLength
,
569 if (BufferLength
< RtlLengthSid(Src
))
571 return(STATUS_UNSUCCESSFUL
);
573 memmove(Dest
, Src
, RtlLengthSid(Src
));
574 return(STATUS_SUCCESS
);
579 RtlCopySidAndAttributesArray(ULONG Count
,
580 PSID_AND_ATTRIBUTES_ARRAY Src
,
582 PSID_AND_ATTRIBUTES_ARRAY Dest
,
584 PVOID
* RemainingSidArea
,
585 PULONG RemainingSidAreaSize
)
590 Length
= SidAreaSize
;
592 for (i
=0; i
<Count
; i
++)
594 if (RtlLengthSid(Src
[i
]->Sid
) > Length
)
596 return(STATUS_BUFFER_TOO_SMALL
);
598 Length
= Length
- RtlLengthSid(Src
[i
]->Sid
);
599 Dest
[i
]->Sid
= SidArea
;
600 Dest
[i
]->Attributes
= Src
[i
]->Attributes
;
601 RtlCopySid(RtlLengthSid(Src
[i
]->Sid
), SidArea
, Src
[i
]->Sid
);
602 SidArea
= SidArea
+ RtlLengthSid(Src
[i
]->Sid
);
604 *RemainingSidArea
= SidArea
;
605 *RemainingSidAreaSize
= Length
;
606 return(STATUS_SUCCESS
);
611 RtlConvertSidToUnicodeString(PUNICODE_STRING String
,
613 BOOLEAN AllocateString
)
615 PISID iSid
= (PISID
)Sid
;
621 if (!RtlValidSid(Sid
))
622 return STATUS_INVALID_SID
;
625 Ptr
+= swprintf (Ptr
,
629 if(!iSid
->IdentifierAuthority
.Value
[0] &&
630 !iSid
->IdentifierAuthority
.Value
[1])
634 (ULONG
)iSid
->IdentifierAuthority
.Value
[2] << 24 |
635 (ULONG
)iSid
->IdentifierAuthority
.Value
[3] << 16 |
636 (ULONG
)iSid
->IdentifierAuthority
.Value
[4] << 8 |
637 (ULONG
)iSid
->IdentifierAuthority
.Value
[5]);
642 L
"0x%02hx%02hx%02hx%02hx%02hx%02hx",
643 iSid
->IdentifierAuthority
.Value
[0],
644 iSid
->IdentifierAuthority
.Value
[1],
645 iSid
->IdentifierAuthority
.Value
[2],
646 iSid
->IdentifierAuthority
.Value
[3],
647 iSid
->IdentifierAuthority
.Value
[4],
648 iSid
->IdentifierAuthority
.Value
[5]);
651 for (i
= 0; i
< iSid
->SubAuthorityCount
; i
++)
655 iSid
->SubAuthority
[i
]);
658 Length
= (Ptr
- Buffer
) * sizeof(WCHAR
);
662 String
->Buffer
= ExAllocatePool(NonPagedPool
,
663 Length
+ sizeof(WCHAR
));
664 if (String
->Buffer
== NULL
)
665 return STATUS_NO_MEMORY
;
667 String
->MaximumLength
= Length
+ sizeof(WCHAR
);
671 if (Length
> String
->MaximumLength
)
672 return STATUS_BUFFER_TOO_SMALL
;
674 String
->Length
= Length
;
675 memmove(String
->Buffer
,
678 if (Length
< String
->MaximumLength
)
679 String
->Buffer
[Length
] = 0;
681 return STATUS_SUCCESS
;