-/*
- * COPYRIGHT: See COPYING in the top level directory
- * PROJECT: ReactOS kernel
- * PURPOSE: Security manager
- * FILE: ntoskrnl/ob/security.c
- * PROGRAMER: ?
- * REVISION HISTORY:
- * 26/07/98: Added stubs for security functions
+/* $Id$
+ *
+ * COPYRIGHT: See COPYING in the top level directory
+ * PROJECT: ReactOS kernel
+ * FILE: ntoskrnl/ob/security.c
+ * PURPOSE: Security manager
+ *
+ * PROGRAMERS: No programmer listed.
*/
/* INCLUDES *****************************************************************/
-#include <ddk/ntddk.h>
-#include <internal/ob.h>
-
+#include <ntoskrnl.h>
+#define NDEBUG
#include <internal/debug.h>
/* FUNCTIONS ***************************************************************/
PSECURITY_DESCRIPTOR NewDescriptor;
NTSTATUS Status;
+ PAGED_CODE();
+
/* Build the new security descriptor */
Status = SeAssignSecurity(SecurityDescriptor,
AccessState->SecurityDescriptor,
&NewDescriptor,
(Type == ObDirectoryType),
&AccessState->SubjectSecurityContext,
- Type->Mapping,
+ &Type->TypeInfo.GenericMapping,
PagedPool);
if (!NT_SUCCESS(Status))
return Status;
- if (Type->Security != NULL)
- {
/* Call the security method */
- Status = Type->Security(Object,
+ Status = Type->TypeInfo.SecurityProcedure(Object,
AssignSecurityDescriptor,
0,
NewDescriptor,
- NULL);
- }
- else
- {
- /* Assign the security descriptor to the object header */
- Status = ObpAddSecurityDescriptor(NewDescriptor,
- &(BODY_TO_HEADER(Object)->SecurityDescriptor));
- }
+ NULL,
+ NULL,
+ NonPagedPool,
+ NULL);
/* Release the new security descriptor */
SeDeassignSecurity(&NewDescriptor);
ULONG Length;
NTSTATUS Status;
+ PAGED_CODE();
+
Header = BODY_TO_HEADER(Object);
- if (Header->ObjectType == NULL)
+ if (Header->Type == NULL)
return STATUS_UNSUCCESSFUL;
- if (Header->ObjectType->Security == NULL)
+ if (Header->Type->TypeInfo.SecurityProcedure == NULL)
{
ObpReferenceCachedSecurityDescriptor(Header->SecurityDescriptor);
*SecurityDescriptor = Header->SecurityDescriptor;
/* Get the security descriptor size */
Length = 0;
- Status = Header->ObjectType->Security(Object,
+ Status = Header->Type->TypeInfo.SecurityProcedure(Object,
QuerySecurityDescriptor,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION,
NULL,
- &Length);
+ &Length,
+ NULL,
+ NonPagedPool,
+ NULL);
if (Status != STATUS_BUFFER_TOO_SMALL)
return Status;
return STATUS_INSUFFICIENT_RESOURCES;
/* Query security descriptor */
- Status = Header->ObjectType->Security(Object,
+ Status = Header->Type->TypeInfo.SecurityProcedure(Object,
QuerySecurityDescriptor,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION,
*SecurityDescriptor,
- &Length);
+ &Length,
+ NULL,
+ NonPagedPool,
+ NULL);
if (!NT_SUCCESS(Status))
{
ExFreePool(*SecurityDescriptor);
ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN MemoryAllocated)
{
+ PAGED_CODE();
+
if (SecurityDescriptor == NULL)
return;
{
POBJECT_HEADER Header;
PVOID Object;
- PSECURITY_DESCRIPTOR ObjectSd;
- PSID Owner = 0;
- PSID Group = 0;
- PACL Dacl = 0;
- PACL Sacl = 0;
- ULONG OwnerLength = 0;
- ULONG GroupLength = 0;
- ULONG DaclLength = 0;
- ULONG SaclLength = 0;
- ULONG Control = 0;
- ULONG_PTR Current;
NTSTATUS Status;
+ PAGED_CODE();
+
+ DPRINT("NtQuerySecurityObject() called\n");
+
Status = ObReferenceObjectByHandle(Handle,
(SecurityInformation & SACL_SECURITY_INFORMATION) ? ACCESS_SYSTEM_SECURITY : 0,
NULL,
NULL);
if (!NT_SUCCESS(Status))
{
+ DPRINT1("ObReferenceObjectByHandle() failed (Status %lx)\n", Status);
return Status;
}
Header = BODY_TO_HEADER(Object);
- if (Header->ObjectType == NULL)
+ if (Header->Type == NULL)
{
+ DPRINT1("Invalid object type\n");
ObDereferenceObject(Object);
return STATUS_UNSUCCESSFUL;
}
- if (Header->ObjectType->Security != NULL)
- {
- Status = Header->ObjectType->Security(Object,
+ *ResultLength = Length;
+ Status = Header->Type->TypeInfo.SecurityProcedure(Object,
QuerySecurityDescriptor,
SecurityInformation,
SecurityDescriptor,
- &Length);
- *ResultLength = Length;
- }
- else
- {
- ObjectSd = Header->SecurityDescriptor;
-
- if (ObjectSd != NULL)
- {
- Control = SE_SELF_RELATIVE;
- if ((SecurityInformation & OWNER_SECURITY_INFORMATION) &&
- (ObjectSd->Owner != NULL))
- {
- Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
- OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
- Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
- }
-
- if ((SecurityInformation & GROUP_SECURITY_INFORMATION) &&
- (ObjectSd->Group != NULL))
- {
- Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
- GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
- Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
- }
-
- if ((SecurityInformation & DACL_SECURITY_INFORMATION) &&
- (ObjectSd->Control & SE_DACL_PRESENT))
- {
- if (ObjectSd->Dacl != NULL)
- {
- Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
- DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
- }
- Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
- }
-
- if ((SecurityInformation & SACL_SECURITY_INFORMATION) &&
- (ObjectSd->Control & SE_SACL_PRESENT))
- {
- if (ObjectSd->Sacl != NULL)
- {
- Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
- SaclLength = ROUND_UP(Sacl->AclSize, 4);
- }
- Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
- }
-
- *ResultLength = OwnerLength + GroupLength +
- DaclLength + SaclLength + sizeof(SECURITY_DESCRIPTOR);
- if (Length >= *ResultLength)
- {
- RtlCreateSecurityDescriptor(SecurityDescriptor,
- SECURITY_DESCRIPTOR_REVISION1);
- SecurityDescriptor->Control = Control;
-
- Current = (ULONG_PTR)SecurityDescriptor + sizeof(SECURITY_DESCRIPTOR);
-
- if (OwnerLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Owner,
- OwnerLength);
- SecurityDescriptor->Owner = (PSID)(Current - (ULONG_PTR)SecurityDescriptor);
- Current += OwnerLength;
- }
-
- if (GroupLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Group,
- GroupLength);
- SecurityDescriptor->Group = (PSID)(Current - (ULONG_PTR)SecurityDescriptor);
- Current += GroupLength;
- }
-
- if (DaclLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Dacl,
- DaclLength);
- SecurityDescriptor->Dacl = (PACL)(Current - (ULONG_PTR)SecurityDescriptor);
- Current += DaclLength;
- }
-
- if (SaclLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Sacl,
- SaclLength);
- SecurityDescriptor->Sacl = (PACL)(Current - (ULONG_PTR)SecurityDescriptor);
- Current += SaclLength;
- }
-
- Status = STATUS_SUCCESS;
- }
- else
- {
- Status = STATUS_BUFFER_TOO_SMALL;
- }
- }
- else
- {
- *ResultLength = 0;
- Status = STATUS_UNSUCCESSFUL;
- }
- }
+ ResultLength,
+ NULL,
+ NonPagedPool,
+ NULL);
ObDereferenceObject(Object);
IN SECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
{
- PSECURITY_DESCRIPTOR ObjectSd;
- PSECURITY_DESCRIPTOR NewSd;
POBJECT_HEADER Header;
PVOID Object;
- PSID Owner = 0;
- PSID Group = 0;
- PACL Dacl = 0;
- PACL Sacl = 0;
- ULONG OwnerLength = 0;
- ULONG GroupLength = 0;
- ULONG DaclLength = 0;
- ULONG SaclLength = 0;
- ULONG Control = 0;
- ULONG_PTR Current;
NTSTATUS Status;
+ PAGED_CODE();
+
+ DPRINT("NtSetSecurityObject() called\n");
+
Status = ObReferenceObjectByHandle(Handle,
(SecurityInformation & SACL_SECURITY_INFORMATION) ? ACCESS_SYSTEM_SECURITY : 0,
NULL,
NULL);
if (!NT_SUCCESS(Status))
{
+ DPRINT1("ObReferenceObjectByHandle() failed (Status %lx)\n", Status);
return Status;
}
Header = BODY_TO_HEADER(Object);
- if (Header->ObjectType != NULL)
+ if (Header->Type == NULL)
{
+ DPRINT1("Invalid object type\n");
ObDereferenceObject(Object);
return STATUS_UNSUCCESSFUL;
}
- if (Header->ObjectType->Security != NULL)
- {
- Status = Header->ObjectType->Security(Object,
+ Status = Header->Type->TypeInfo.SecurityProcedure(Object,
SetSecurityDescriptor,
SecurityInformation,
SecurityDescriptor,
- NULL);
- }
- else
- {
- ObjectSd = Header->SecurityDescriptor;
-
- /* Get owner and owner size */
- if (SecurityInformation & OWNER_SECURITY_INFORMATION)
- {
- if (SecurityDescriptor->Owner != NULL)
- {
- Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner + (ULONG_PTR)SecurityDescriptor);
- OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
- }
- Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED);
- }
- else
- {
- if (ObjectSd->Owner != NULL)
- {
- Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
- OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
- }
- Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
- }
-
- /* Get group and group size */
- if (SecurityInformation & GROUP_SECURITY_INFORMATION)
- {
- if (SecurityDescriptor->Group != NULL)
- {
- Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group + (ULONG_PTR)SecurityDescriptor);
- GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
- }
- Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED);
- }
- else
- {
- if (ObjectSd->Group != NULL)
- {
- Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
- GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
- }
- Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
- }
-
- /* Get DACL and DACL size */
- if (SecurityInformation & DACL_SECURITY_INFORMATION)
- {
- if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
- (SecurityDescriptor->Dacl != NULL))
- {
- Dacl = (PACL)((ULONG_PTR)SecurityDescriptor->Dacl + (ULONG_PTR)SecurityDescriptor);
- DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
- }
- Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
- }
- else
- {
- if ((ObjectSd->Control & SE_DACL_PRESENT) &&
- (ObjectSd->Dacl != NULL))
- {
- Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
- DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
- }
- Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
- }
-
- /* Get SACL and SACL size */
- if (SecurityInformation & SACL_SECURITY_INFORMATION)
- {
- if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
- (SecurityDescriptor->Sacl != NULL))
- {
- Sacl = (PACL)((ULONG_PTR)SecurityDescriptor->Sacl + (ULONG_PTR)SecurityDescriptor);
- SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
- }
- Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
- }
- else
- {
- if ((ObjectSd->Control & SE_SACL_PRESENT) &&
- (ObjectSd->Sacl != NULL))
- {
- Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
- SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
- }
- Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
- }
-
- NewSd = ExAllocatePool(NonPagedPool,
- sizeof(SECURITY_DESCRIPTOR) + OwnerLength + GroupLength +
- DaclLength + SaclLength);
- if (NewSd == NULL)
- {
- ObDereferenceObject(Object);
- return STATUS_INSUFFICIENT_RESOURCES;
- }
-
- RtlCreateSecurityDescriptor(NewSd,
- SECURITY_DESCRIPTOR_REVISION1);
- NewSd->Control = Control;
-
- Current = (ULONG_PTR)NewSd + sizeof(SECURITY_DESCRIPTOR);
-
- if (OwnerLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Owner,
- OwnerLength);
- NewSd->Owner = (PSID)(Current - (ULONG_PTR)NewSd);
- Current += OwnerLength;
- }
-
- if (GroupLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Group,
- GroupLength);
- NewSd->Group = (PSID)(Current - (ULONG_PTR)NewSd);
- Current += GroupLength;
- }
-
- if (DaclLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Dacl,
- DaclLength);
- NewSd->Dacl = (PACL)(Current - (ULONG_PTR)NewSd);
- Current += DaclLength;
- }
-
- if (SaclLength != 0)
- {
- RtlCopyMemory((PVOID)Current,
- Sacl,
- SaclLength);
- NewSd->Sacl = (PACL)(Current - (ULONG_PTR)NewSd);
- Current += SaclLength;
- }
-
- /* Add the new SD */
- Status = ObpAddSecurityDescriptor(NewSd,
- &Header->SecurityDescriptor);
- if (NT_SUCCESS(Status))
- {
- /* Remove the old security descriptor */
- ObpRemoveSecurityDescriptor(ObjectSd);
- }
- else
- {
- /* Restore the old security descriptor */
- Header->SecurityDescriptor = ObjectSd;
- }
-
- ExFreePool(NewSd);
- }
+ NULL,
+ NULL,
+ NonPagedPool,
+ NULL);
ObDereferenceObject(Object);
return Status;
}
+
+/*
+ * @unimplemented
+ */
+NTSTATUS STDCALL
+ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor,
+ OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor,
+ IN ULONG RefBias)
+{
+ /* HACK: Return the same descriptor back */
+ PISECURITY_DESCRIPTOR SdCopy;
+ DPRINT1("ObLogSecurityDescriptor is not implemented!\n", InputSecurityDescriptor);
+
+ SdCopy = ExAllocatePool(PagedPool, sizeof(*SdCopy));
+ RtlMoveMemory(SdCopy, InputSecurityDescriptor, sizeof(*SdCopy));
+ *OutputSecurityDescriptor = SdCopy;
+ return STATUS_SUCCESS;
+}
+
+
+/*
+ * @unimplemented
+ */
+VOID STDCALL
+ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ULONG Count)
+{
+ DPRINT1("ObDereferenceSecurityDescriptor is not implemented!\n");
+}
+
/* EOF */