3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
6 * FILE: ntoskrnl/se/sid.c
7 * PROGRAMER: David Welch <welch@cwcom.net>
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
14 #include <ddk/ntddk.h>
15 #include <internal/se.h>
17 #include <internal/debug.h>
19 #define TAG_SID TAG('S', 'I', 'D', 'T')
22 /* GLOBALS ******************************************************************/
24 SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
= {SECURITY_NULL_SID_AUTHORITY
};
25 SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
= {SECURITY_WORLD_SID_AUTHORITY
};
26 SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
= {SECURITY_LOCAL_SID_AUTHORITY
};
27 SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
= {SECURITY_CREATOR_SID_AUTHORITY
};
28 SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
= {SECURITY_NT_AUTHORITY
};
30 PSID SeNullSid
= NULL
;
31 PSID SeWorldSid
= NULL
;
32 PSID SeLocalSid
= NULL
;
33 PSID SeCreatorOwnerSid
= NULL
;
34 PSID SeCreatorGroupSid
= NULL
;
35 PSID SeCreatorOwnerServerSid
= NULL
;
36 PSID SeCreatorGroupServerSid
= NULL
;
37 PSID SeNtAuthoritySid
= NULL
;
38 PSID SeDialupSid
= NULL
;
39 PSID SeNetworkSid
= NULL
;
40 PSID SeBatchSid
= NULL
;
41 PSID SeInteractiveSid
= NULL
;
42 PSID SeServiceSid
= NULL
;
43 PSID SeAnonymousLogonSid
= NULL
;
44 PSID SePrincipalSelfSid
= NULL
;
45 PSID SeLocalSystemSid
= NULL
;
46 PSID SeAuthenticatedUserSid
= NULL
;
47 PSID SeRestrictedCodeSid
= NULL
;
48 PSID SeAliasAdminsSid
= NULL
;
49 PSID SeAliasUsersSid
= NULL
;
50 PSID SeAliasGuestsSid
= NULL
;
51 PSID SeAliasPowerUsersSid
= NULL
;
52 PSID SeAliasAccountOpsSid
= NULL
;
53 PSID SeAliasSystemOpsSid
= NULL
;
54 PSID SeAliasPrintOpsSid
= NULL
;
55 PSID SeAliasBackupOpsSid
= NULL
;
58 /* FUNCTIONS ****************************************************************/
62 SepInitSecurityIDs(VOID
)
69 SidLength0
= RtlLengthRequiredSid(0);
70 SidLength1
= RtlLengthRequiredSid(1);
71 SidLength2
= RtlLengthRequiredSid(2);
74 SeNullSid
= ExAllocatePoolWithTag(NonPagedPool
,
77 if (SeNullSid
== NULL
)
80 RtlInitializeSid(SeNullSid
,
83 SubAuthority
= RtlSubAuthoritySid(SeNullSid
,
85 *SubAuthority
= SECURITY_NULL_RID
;
88 SeWorldSid
= ExAllocatePoolWithTag(NonPagedPool
,
91 if (SeWorldSid
== NULL
)
94 RtlInitializeSid(SeWorldSid
,
97 SubAuthority
= RtlSubAuthoritySid(SeWorldSid
,
99 *SubAuthority
= SECURITY_WORLD_RID
;
101 /* create LocalSid */
102 SeLocalSid
= ExAllocatePoolWithTag(NonPagedPool
,
105 if (SeLocalSid
== NULL
)
108 RtlInitializeSid(SeLocalSid
,
109 &SeLocalSidAuthority
,
111 SubAuthority
= RtlSubAuthoritySid(SeLocalSid
,
113 *SubAuthority
= SECURITY_LOCAL_RID
;
115 /* create CreatorOwnerSid */
116 SeCreatorOwnerSid
= ExAllocatePoolWithTag(NonPagedPool
,
119 if (SeCreatorOwnerSid
== NULL
)
122 RtlInitializeSid(SeCreatorOwnerSid
,
123 &SeCreatorSidAuthority
,
125 SubAuthority
= RtlSubAuthoritySid(SeCreatorOwnerSid
,
127 *SubAuthority
= SECURITY_CREATOR_OWNER_RID
;
129 /* create CreatorGroupSid */
130 SeCreatorGroupSid
= ExAllocatePoolWithTag(NonPagedPool
,
133 if (SeCreatorGroupSid
== NULL
)
136 RtlInitializeSid(SeCreatorGroupSid
,
137 &SeCreatorSidAuthority
,
139 SubAuthority
= RtlSubAuthoritySid(SeCreatorGroupSid
,
141 *SubAuthority
= SECURITY_CREATOR_GROUP_RID
;
143 /* create CreatorOwnerServerSid */
144 SeCreatorOwnerServerSid
= ExAllocatePoolWithTag(NonPagedPool
,
147 if (SeCreatorOwnerServerSid
== NULL
)
150 RtlInitializeSid(SeCreatorOwnerServerSid
,
151 &SeCreatorSidAuthority
,
153 SubAuthority
= RtlSubAuthoritySid(SeCreatorOwnerServerSid
,
155 *SubAuthority
= SECURITY_CREATOR_OWNER_SERVER_RID
;
157 /* create CreatorGroupServerSid */
158 SeCreatorGroupServerSid
= ExAllocatePoolWithTag(NonPagedPool
,
161 if (SeCreatorGroupServerSid
== NULL
)
164 RtlInitializeSid(SeCreatorGroupServerSid
,
165 &SeCreatorSidAuthority
,
167 SubAuthority
= RtlSubAuthoritySid(SeCreatorGroupServerSid
,
169 *SubAuthority
= SECURITY_CREATOR_GROUP_SERVER_RID
;
172 /* create NtAuthoritySid */
173 SeNtAuthoritySid
= ExAllocatePoolWithTag(NonPagedPool
,
176 if (SeNtAuthoritySid
== NULL
)
179 RtlInitializeSid(SeNtAuthoritySid
,
183 /* create DialupSid */
184 SeDialupSid
= ExAllocatePoolWithTag(NonPagedPool
,
187 if (SeDialupSid
== NULL
)
190 RtlInitializeSid(SeDialupSid
,
193 SubAuthority
= RtlSubAuthoritySid(SeDialupSid
,
195 *SubAuthority
= SECURITY_DIALUP_RID
;
197 /* create NetworkSid */
198 SeNetworkSid
= ExAllocatePoolWithTag(NonPagedPool
,
201 if (SeNetworkSid
== NULL
)
204 RtlInitializeSid(SeNetworkSid
,
207 SubAuthority
= RtlSubAuthoritySid(SeNetworkSid
,
209 *SubAuthority
= SECURITY_NETWORK_RID
;
211 /* create BatchSid */
212 SeBatchSid
= ExAllocatePoolWithTag(NonPagedPool
,
215 if (SeBatchSid
== NULL
)
218 RtlInitializeSid(SeBatchSid
,
221 SubAuthority
= RtlSubAuthoritySid(SeBatchSid
,
223 *SubAuthority
= SECURITY_BATCH_RID
;
225 /* create InteractiveSid */
226 SeInteractiveSid
= ExAllocatePoolWithTag(NonPagedPool
,
229 if (SeInteractiveSid
== NULL
)
232 RtlInitializeSid(SeInteractiveSid
,
235 SubAuthority
= RtlSubAuthoritySid(SeInteractiveSid
,
237 *SubAuthority
= SECURITY_INTERACTIVE_RID
;
239 /* create ServiceSid */
240 SeServiceSid
= ExAllocatePoolWithTag(NonPagedPool
,
243 if (SeServiceSid
== NULL
)
246 RtlInitializeSid(SeServiceSid
,
249 SubAuthority
= RtlSubAuthoritySid(SeServiceSid
,
251 *SubAuthority
= SECURITY_SERVICE_RID
;
253 /* create AnonymousLogonSid */
254 SeAnonymousLogonSid
= ExAllocatePoolWithTag(NonPagedPool
,
257 if (SeAnonymousLogonSid
== NULL
)
260 RtlInitializeSid(SeAnonymousLogonSid
,
263 SubAuthority
= RtlSubAuthoritySid(SeAnonymousLogonSid
,
265 *SubAuthority
= SECURITY_ANONYMOUS_LOGON_RID
;
267 /* create PrincipalSelfSid */
268 SePrincipalSelfSid
= ExAllocatePoolWithTag(NonPagedPool
,
271 if (SePrincipalSelfSid
== NULL
)
274 RtlInitializeSid(SePrincipalSelfSid
,
277 SubAuthority
= RtlSubAuthoritySid(SePrincipalSelfSid
,
279 *SubAuthority
= SECURITY_PRINCIPAL_SELF_RID
;
281 /* create LocalSystemSid */
282 SeLocalSystemSid
= ExAllocatePoolWithTag(NonPagedPool
,
285 if (SeLocalSystemSid
== NULL
)
288 RtlInitializeSid(SeLocalSystemSid
,
291 SubAuthority
= RtlSubAuthoritySid(SeLocalSystemSid
,
293 *SubAuthority
= SECURITY_LOCAL_SYSTEM_RID
;
295 /* create AuthenticatedUserSid */
296 SeAuthenticatedUserSid
= ExAllocatePoolWithTag(NonPagedPool
,
299 if (SeAuthenticatedUserSid
== NULL
)
302 RtlInitializeSid(SeAuthenticatedUserSid
,
305 SubAuthority
= RtlSubAuthoritySid(SeAuthenticatedUserSid
,
307 *SubAuthority
= SECURITY_AUTHENTICATED_USER_RID
;
309 /* create RestrictedCodeSid */
310 SeRestrictedCodeSid
= ExAllocatePoolWithTag(NonPagedPool
,
313 if (SeRestrictedCodeSid
== NULL
)
316 RtlInitializeSid(SeRestrictedCodeSid
,
319 SubAuthority
= RtlSubAuthoritySid(SeRestrictedCodeSid
,
321 *SubAuthority
= SECURITY_RESTRICTED_CODE_RID
;
323 /* create AliasAdminsSid */
324 SeAliasAdminsSid
= ExAllocatePoolWithTag(NonPagedPool
,
327 if (SeAliasAdminsSid
== NULL
)
330 RtlInitializeSid(SeAliasAdminsSid
,
333 SubAuthority
= RtlSubAuthoritySid(SeAliasAdminsSid
,
335 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
337 SubAuthority
= RtlSubAuthoritySid(SeAliasAdminsSid
,
339 *SubAuthority
= DOMAIN_ALIAS_RID_ADMINS
;
341 /* create AliasUsersSid */
342 SeAliasUsersSid
= ExAllocatePoolWithTag(NonPagedPool
,
345 if (SeAliasUsersSid
== NULL
)
348 RtlInitializeSid(SeAliasUsersSid
,
351 SubAuthority
= RtlSubAuthoritySid(SeAliasUsersSid
,
353 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
355 SubAuthority
= RtlSubAuthoritySid(SeAliasUsersSid
,
357 *SubAuthority
= DOMAIN_ALIAS_RID_USERS
;
359 /* create AliasGuestsSid */
360 SeAliasGuestsSid
= ExAllocatePoolWithTag(NonPagedPool
,
363 if (SeAliasGuestsSid
== NULL
)
366 RtlInitializeSid(SeAliasGuestsSid
,
369 SubAuthority
= RtlSubAuthoritySid(SeAliasGuestsSid
,
371 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
373 SubAuthority
= RtlSubAuthoritySid(SeAliasGuestsSid
,
375 *SubAuthority
= DOMAIN_ALIAS_RID_GUESTS
;
377 /* create AliasPowerUsersSid */
378 SeAliasPowerUsersSid
= ExAllocatePoolWithTag(NonPagedPool
,
381 if (SeAliasPowerUsersSid
== NULL
)
384 RtlInitializeSid(SeAliasPowerUsersSid
,
387 SubAuthority
= RtlSubAuthoritySid(SeAliasPowerUsersSid
,
389 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
391 SubAuthority
= RtlSubAuthoritySid(SeAliasPowerUsersSid
,
393 *SubAuthority
= DOMAIN_ALIAS_RID_POWER_USERS
;
395 /* create AliasAccountOpsSid */
396 SeAliasAccountOpsSid
= ExAllocatePoolWithTag(NonPagedPool
,
399 if (SeAliasAccountOpsSid
== NULL
)
402 RtlInitializeSid(SeAliasAccountOpsSid
,
405 SubAuthority
= RtlSubAuthoritySid(SeAliasAccountOpsSid
,
407 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
409 SubAuthority
= RtlSubAuthoritySid(SeAliasAccountOpsSid
,
411 *SubAuthority
= DOMAIN_ALIAS_RID_ACCOUNT_OPS
;
413 /* create AliasSystemOpsSid */
414 SeAliasSystemOpsSid
= ExAllocatePoolWithTag(NonPagedPool
,
417 if (SeAliasSystemOpsSid
== NULL
)
420 RtlInitializeSid(SeAliasSystemOpsSid
,
423 SubAuthority
= RtlSubAuthoritySid(SeAliasSystemOpsSid
,
425 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
427 SubAuthority
= RtlSubAuthoritySid(SeAliasSystemOpsSid
,
429 *SubAuthority
= DOMAIN_ALIAS_RID_SYSTEM_OPS
;
431 /* create AliasPrintOpsSid */
432 SeAliasPrintOpsSid
= ExAllocatePoolWithTag(NonPagedPool
,
435 if (SeAliasPrintOpsSid
== NULL
)
438 RtlInitializeSid(SeAliasPrintOpsSid
,
441 SubAuthority
= RtlSubAuthoritySid(SeAliasPrintOpsSid
,
443 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
445 SubAuthority
= RtlSubAuthoritySid(SeAliasPrintOpsSid
,
447 *SubAuthority
= DOMAIN_ALIAS_RID_PRINT_OPS
;
449 /* create AliasBackupOpsSid */
450 SeAliasBackupOpsSid
= ExAllocatePoolWithTag(NonPagedPool
,
453 if (SeAliasBackupOpsSid
== NULL
)
456 RtlInitializeSid(SeAliasBackupOpsSid
,
459 SubAuthority
= RtlSubAuthoritySid(SeAliasBackupOpsSid
,
461 *SubAuthority
= SECURITY_BUILTIN_DOMAIN_RID
;
463 SubAuthority
= RtlSubAuthoritySid(SeAliasBackupOpsSid
,
465 *SubAuthority
= DOMAIN_ALIAS_RID_BACKUP_OPS
;
475 RtlValidSid(PSID Sid
)
477 if ((Sid
->Revision
& 0xf) != 1)
481 if (Sid
->SubAuthorityCount
> 15)
493 RtlLengthRequiredSid(UCHAR SubAuthorityCount
)
495 return(sizeof(SID
) + (SubAuthorityCount
- 1) * sizeof(ULONG
));
503 RtlInitializeSid(PSID Sid
,
504 PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
505 UCHAR SubAuthorityCount
)
508 Sid
->SubAuthorityCount
= SubAuthorityCount
;
509 RtlCopyMemory(&Sid
->IdentifierAuthority
,
511 sizeof(SID_IDENTIFIER_AUTHORITY
));
512 return(STATUS_SUCCESS
);
520 RtlSubAuthoritySid(PSID Sid
,
523 return(&Sid
->SubAuthority
[SubAuthority
]);
531 RtlSubAuthorityCountSid(PSID Sid
)
533 return(&Sid
->SubAuthorityCount
);
541 RtlEqualSid(PSID Sid1
,
544 if (Sid1
->Revision
!= Sid2
->Revision
)
548 if ((*RtlSubAuthorityCountSid(Sid1
)) !=
549 (*RtlSubAuthorityCountSid(Sid2
)))
553 if (memcmp(Sid1
, Sid2
, RtlLengthSid(Sid1
)) != 0)
565 RtlLengthSid(PSID Sid
)
567 return(sizeof(SID
) + (Sid
->SubAuthorityCount
-1)*4);
575 RtlCopySid(ULONG BufferLength
,
579 if (BufferLength
< RtlLengthSid(Src
))
581 return(STATUS_UNSUCCESSFUL
);
583 memmove(Dest
, Src
, RtlLengthSid(Src
));
584 return(STATUS_SUCCESS
);
589 RtlCopySidAndAttributesArray(ULONG Count
,
590 PSID_AND_ATTRIBUTES Src
,
592 PSID_AND_ATTRIBUTES Dest
,
594 PVOID
* RemainingSidArea
,
595 PULONG RemainingSidAreaSize
)
600 Length
= SidAreaSize
;
602 for (i
=0; i
<Count
; i
++)
604 if (RtlLengthSid(Src
[i
].Sid
) > Length
)
606 return(STATUS_BUFFER_TOO_SMALL
);
608 Length
= Length
- RtlLengthSid(Src
[i
].Sid
);
609 Dest
[i
].Sid
= SidArea
;
610 Dest
[i
].Attributes
= Src
[i
].Attributes
;
611 RtlCopySid(RtlLengthSid(Src
[i
].Sid
), SidArea
, Src
[i
].Sid
);
612 SidArea
= (char*)SidArea
+ RtlLengthSid(Src
[i
].Sid
);
614 *RemainingSidArea
= SidArea
;
615 *RemainingSidAreaSize
= Length
;
616 return(STATUS_SUCCESS
);
624 RtlConvertSidToUnicodeString(PUNICODE_STRING String
,
626 BOOLEAN AllocateString
)
633 if (!RtlValidSid(Sid
))
634 return STATUS_INVALID_SID
;
637 Ptr
+= swprintf (Ptr
,
641 if(!Sid
->IdentifierAuthority
.Value
[0] &&
642 !Sid
->IdentifierAuthority
.Value
[1])
646 (ULONG
)Sid
->IdentifierAuthority
.Value
[2] << 24 |
647 (ULONG
)Sid
->IdentifierAuthority
.Value
[3] << 16 |
648 (ULONG
)Sid
->IdentifierAuthority
.Value
[4] << 8 |
649 (ULONG
)Sid
->IdentifierAuthority
.Value
[5]);
654 L
"0x%02hx%02hx%02hx%02hx%02hx%02hx",
655 Sid
->IdentifierAuthority
.Value
[0],
656 Sid
->IdentifierAuthority
.Value
[1],
657 Sid
->IdentifierAuthority
.Value
[2],
658 Sid
->IdentifierAuthority
.Value
[3],
659 Sid
->IdentifierAuthority
.Value
[4],
660 Sid
->IdentifierAuthority
.Value
[5]);
663 for (i
= 0; i
< Sid
->SubAuthorityCount
; i
++)
667 Sid
->SubAuthority
[i
]);
670 Length
= (Ptr
- Buffer
) * sizeof(WCHAR
);
674 String
->Buffer
= ExAllocatePool(NonPagedPool
,
675 Length
+ sizeof(WCHAR
));
676 if (String
->Buffer
== NULL
)
677 return STATUS_NO_MEMORY
;
679 String
->MaximumLength
= Length
+ sizeof(WCHAR
);
683 if (Length
> String
->MaximumLength
)
684 return STATUS_BUFFER_TOO_SMALL
;
686 String
->Length
= Length
;
687 memmove(String
->Buffer
,
690 if (Length
< String
->MaximumLength
)
691 String
->Buffer
[Length
/sizeof(WCHAR
)] = 0;
693 return STATUS_SUCCESS
;