* PROJECT: ReactOS kernel
* FILE: ntoskrnl/se/acl.c
* PURPOSE: Security manager
- *
+ *
* PROGRAMMERS: David Welch <welch@cwcom.net>
*/
#include <ntoskrnl.h>
#include <internal/debug.h>
-#define TAG_ACL TAG('A', 'C', 'L', 'T')
+#if defined (ALLOC_PRAGMA)
+#pragma alloc_text(INIT, SepInitDACLs)
+#endif
/* GLOBALS ******************************************************************/
-PACL EXPORTED SePublicDefaultDacl = NULL;
-PACL EXPORTED SeSystemDefaultDacl = NULL;
+PACL SePublicDefaultDacl = NULL;
+PACL SeSystemDefaultDacl = NULL;
PACL SePublicDefaultUnrestrictedDacl = NULL;
PACL SePublicOpenDacl = NULL;
/* FUNCTIONS ****************************************************************/
-BOOLEAN INIT_FUNCTION
+BOOLEAN
+INIT_FUNCTION
+NTAPI
SepInitDACLs(VOID)
{
ULONG AclLength;
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
- SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicDefaultDacl == NULL)
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
- SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicDefaultUnrestrictedDacl == NULL)
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
- SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SePublicOpenDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicOpenDacl == NULL)
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
- SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicOpenUnrestrictedDacl == NULL)
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
- SeSystemDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SeSystemDefaultDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SeSystemDefaultDacl == NULL)
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
- SeUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SeUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SeUnrestrictedDacl == NULL)
return(TRUE);
}
-NTSTATUS STDCALL
-SepCreateImpersonationTokenDacl(PTOKEN Token,
+NTSTATUS STDCALL
+SepCreateImpersonationTokenDacl(PTOKEN Token,
PTOKEN PrimaryToken,
PACL *Dacl)
{
ULONG AclLength;
PVOID TokenDacl;
-
+
PAGED_CODE();
AclLength = sizeof(ACL) +
}
NTSTATUS
+NTAPI
SepCaptureAcl(IN PACL InputAcl,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
}
VOID
+NTAPI
SepReleaseAcl(IN PACL CapturedAcl,
IN KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel)
PAGED_CODE();
if(CapturedAcl != NULL &&
- (AccessMode == UserMode ||
+ (AccessMode != KernelMode ||
(AccessMode == KernelMode && CaptureIfKernel)))
{
ExFreePool(CapturedAcl);