/* $Id$
*
- * COPYRIGHT: See COPYING in the top level directory
- * PROJECT: ReactOS kernel
- * PURPOSE: Security manager
- * FILE: kernel/se/acl.c
- * PROGRAMER: David Welch <welch@cwcom.net>
- * REVISION HISTORY:
- * 26/07/98: Added stubs for security functions
+ * COPYRIGHT: See COPYING in the top level directory
+ * PROJECT: ReactOS kernel
+ * FILE: ntoskrnl/se/acl.c
+ * PURPOSE: Security manager
+ *
+ * PROGRAMMERS: David Welch <welch@cwcom.net>
*/
/* INCLUDES *****************************************************************/
#include <ntoskrnl.h>
#include <internal/debug.h>
-#define TAG_ACL TAG('A', 'C', 'L', 'T')
+#if defined (ALLOC_PRAGMA)
+#pragma alloc_text(INIT, SepInitDACLs)
+#endif
/* GLOBALS ******************************************************************/
-PACL EXPORTED SePublicDefaultDacl = NULL;
-PACL EXPORTED SeSystemDefaultDacl = NULL;
+PACL SePublicDefaultDacl = NULL;
+PACL SeSystemDefaultDacl = NULL;
PACL SePublicDefaultUnrestrictedDacl = NULL;
PACL SePublicOpenDacl = NULL;
/* FUNCTIONS ****************************************************************/
-BOOLEAN INIT_FUNCTION
+BOOLEAN
+INIT_FUNCTION
+NTAPI
SepInitDACLs(VOID)
{
ULONG AclLength;
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
- SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicDefaultDacl == NULL)
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
- SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicDefaultUnrestrictedDacl == NULL)
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
- SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SePublicOpenDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicOpenDacl == NULL)
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
- SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicOpenUnrestrictedDacl == NULL)
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
- SeSystemDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SeSystemDefaultDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SeSystemDefaultDacl == NULL)
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
- SeUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
+ SeUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SeUnrestrictedDacl == NULL)
return(TRUE);
}
-NTSTATUS STDCALL
-SepCreateImpersonationTokenDacl(PACCESS_TOKEN Token,
- PACCESS_TOKEN PrimaryToken,
+NTSTATUS STDCALL
+SepCreateImpersonationTokenDacl(PTOKEN Token,
+ PTOKEN PrimaryToken,
PACL *Dacl)
{
ULONG AclLength;
PVOID TokenDacl;
+ PAGED_CODE();
+
AclLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
return STATUS_SUCCESS;
}
+NTSTATUS
+NTAPI
+SepCaptureAcl(IN PACL InputAcl,
+ IN KPROCESSOR_MODE AccessMode,
+ IN POOL_TYPE PoolType,
+ IN BOOLEAN CaptureIfKernel,
+ OUT PACL *CapturedAcl)
+{
+ PACL NewAcl;
+ ULONG AclSize = 0;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ PAGED_CODE();
+
+ if(AccessMode != KernelMode)
+ {
+ _SEH_TRY
+ {
+ ProbeForRead(InputAcl,
+ sizeof(ACL),
+ sizeof(ULONG));
+ AclSize = InputAcl->AclSize;
+ ProbeForRead(InputAcl,
+ AclSize,
+ sizeof(ULONG));
+ }
+ _SEH_HANDLE
+ {
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
+
+ if(NT_SUCCESS(Status))
+ {
+ NewAcl = ExAllocatePool(PoolType,
+ AclSize);
+ if(NewAcl != NULL)
+ {
+ _SEH_TRY
+ {
+ RtlCopyMemory(NewAcl,
+ InputAcl,
+ AclSize);
+
+ *CapturedAcl = NewAcl;
+ }
+ _SEH_HANDLE
+ {
+ ExFreePool(NewAcl);
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
+ }
+ else
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ }
+ }
+ }
+ else if(!CaptureIfKernel)
+ {
+ *CapturedAcl = InputAcl;
+ }
+ else
+ {
+ AclSize = InputAcl->AclSize;
+
+ NewAcl = ExAllocatePool(PoolType,
+ AclSize);
+
+ if(NewAcl != NULL)
+ {
+ RtlCopyMemory(NewAcl,
+ InputAcl,
+ AclSize);
+
+ *CapturedAcl = NewAcl;
+ }
+ else
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ }
+ }
+
+ return Status;
+}
+
+VOID
+NTAPI
+SepReleaseAcl(IN PACL CapturedAcl,
+ IN KPROCESSOR_MODE AccessMode,
+ IN BOOLEAN CaptureIfKernel)
+{
+ PAGED_CODE();
+
+ if(CapturedAcl != NULL &&
+ (AccessMode != KernelMode ||
+ (AccessMode == KernelMode && CaptureIfKernel)))
+ {
+ ExFreePool(CapturedAcl);
+ }
+}
+
/* EOF */
projects / reactos.git / blobdiff