/* $Id$
*
- * COPYRIGHT: See COPYING in the top level directory
- * PROJECT: ReactOS kernel
- * PURPOSE: Security manager
- * FILE: kernel/se/sd.c
- * PROGRAMER: David Welch <welch@cwcom.net>
- * REVISION HISTORY:
- * 26/07/98: Added stubs for security functions
+ * COPYRIGHT: See COPYING in the top level directory
+ * PROJECT: ReactOS kernel
+ * FILE: ntoskrnl/se/sd.c
+ * PURPOSE: Security manager
+ *
+ * PROGRAMMERS: David Welch <welch@cwcom.net>
*/
/* INCLUDES *****************************************************************/
return TRUE;
}
+
+NTSTATUS
+SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN KPROCESSOR_MODE AccessMode,
+ IN POOL_TYPE PoolType,
+ IN BOOLEAN CaptureIfKernel,
+ OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
+ OUT PBOOLEAN Present)
+{
+ PSECURITY_QUALITY_OF_SERVICE CapturedQos;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ PAGED_CODE();
+
+ ASSERT(CapturedSecurityQualityOfService);
+ ASSERT(Present);
+
+ if(ObjectAttributes != NULL)
+ {
+ if(AccessMode != KernelMode)
+ {
+ SECURITY_QUALITY_OF_SERVICE SafeQos;
+
+ _SEH_TRY
+ {
+ ProbeForRead(ObjectAttributes,
+ sizeof(ObjectAttributes),
+ sizeof(ULONG));
+ if(ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
+ {
+ if(ObjectAttributes->SecurityQualityOfService != NULL)
+ {
+ ProbeForRead(ObjectAttributes->SecurityQualityOfService,
+ sizeof(SECURITY_QUALITY_OF_SERVICE),
+ sizeof(ULONG));
+
+ if(((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
+ sizeof(SECURITY_QUALITY_OF_SERVICE))
+ {
+ /* don't allocate memory here because ExAllocate should bugcheck
+ the system if it's buggy, SEH would catch that! So make a local
+ copy of the qos structure.*/
+ RtlCopyMemory(&SafeQos,
+ ObjectAttributes->SecurityQualityOfService,
+ sizeof(SECURITY_QUALITY_OF_SERVICE));
+ *Present = TRUE;
+ }
+ else
+ {
+ Status = STATUS_INVALID_PARAMETER;
+ }
+ }
+ else
+ {
+ *CapturedSecurityQualityOfService = NULL;
+ *Present = FALSE;
+ }
+ }
+ else
+ {
+ Status = STATUS_INVALID_PARAMETER;
+ }
+ }
+ _SEH_HANDLE
+ {
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
+
+ if(NT_SUCCESS(Status))
+ {
+ if(*Present)
+ {
+ CapturedQos = ExAllocatePool(PoolType,
+ sizeof(SECURITY_QUALITY_OF_SERVICE));
+ if(CapturedQos != NULL)
+ {
+ RtlCopyMemory(CapturedQos,
+ &SafeQos,
+ sizeof(SECURITY_QUALITY_OF_SERVICE));
+ *CapturedSecurityQualityOfService = CapturedQos;
+ }
+ else
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ }
+ }
+ else
+ {
+ *CapturedSecurityQualityOfService = NULL;
+ }
+ }
+ }
+ else
+ {
+ if(ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
+ {
+ if(CaptureIfKernel)
+ {
+ if(ObjectAttributes->SecurityQualityOfService != NULL)
+ {
+ if(((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
+ sizeof(SECURITY_QUALITY_OF_SERVICE))
+ {
+ CapturedQos = ExAllocatePool(PoolType,
+ sizeof(SECURITY_QUALITY_OF_SERVICE));
+ if(CapturedQos != NULL)
+ {
+ RtlCopyMemory(CapturedQos,
+ ObjectAttributes->SecurityQualityOfService,
+ sizeof(SECURITY_QUALITY_OF_SERVICE));
+ *CapturedSecurityQualityOfService = CapturedQos;
+ *Present = TRUE;
+ }
+ else
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ }
+ }
+ else
+ {
+ Status = STATUS_INVALID_PARAMETER;
+ }
+ }
+ else
+ {
+ *CapturedSecurityQualityOfService = NULL;
+ *Present = FALSE;
+ }
+ }
+ else
+ {
+ *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
+ *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
+ }
+ }
+ else
+ {
+ Status = STATUS_INVALID_PARAMETER;
+ }
+ }
+ }
+ else
+ {
+ *CapturedSecurityQualityOfService = NULL;
+ *Present = FALSE;
+ }
+
+ return Status;
+}
+
+
+VOID
+SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL,
+ IN KPROCESSOR_MODE AccessMode,
+ IN BOOLEAN CaptureIfKernel)
+{
+ PAGED_CODE();
+
+ if(CapturedSecurityQualityOfService != NULL &&
+ (AccessMode == UserMode ||
+ (AccessMode == KernelMode && CaptureIfKernel)))
+ {
+ ExFreePool(CapturedSecurityQualityOfService);
+ }
+}
+
+
/*
- * @unimplemented
+ * @implemented
*/
NTSTATUS
STDCALL
OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor
)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ SECURITY_DESCRIPTOR DescriptorCopy;
+ PSECURITY_DESCRIPTOR NewDescriptor;
+ ULONG OwnerSAC = 0, GroupSAC = 0;
+ ULONG OwnerSize = 0, GroupSize = 0;
+ ULONG SaclSize = 0, DaclSize = 0;
+ ULONG DescriptorSize = 0;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ if(OriginalSecurityDescriptor != NULL)
+ {
+ if(CurrentMode != KernelMode)
+ {
+ _SEH_TRY
+ {
+ /* first only probe and copy until the control field of the descriptor
+ to determine whether it's a self-relative descriptor */
+ DescriptorSize = (ULONG)((ULONG_PTR)&OriginalSecurityDescriptor->Control -
+ (ULONG_PTR)OriginalSecurityDescriptor) +
+ sizeof(OriginalSecurityDescriptor->Control);
+ ProbeForRead(OriginalSecurityDescriptor,
+ DescriptorSize,
+ sizeof(ULONG));
+
+ if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
+ {
+ Status = STATUS_UNKNOWN_REVISION;
+ _SEH_LEAVE;
+ }
+
+ /* make a copy on the stack */
+ DescriptorCopy.Revision = OriginalSecurityDescriptor->Revision;
+ DescriptorCopy.Sbz1 = OriginalSecurityDescriptor->Sbz1;
+ DescriptorCopy.Control = OriginalSecurityDescriptor->Control;
+ DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ?
+ sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR));
+
+ /* probe and copy the entire security descriptor structure. The SIDs
+ and ACLs will be probed and copied later though */
+ ProbeForRead(OriginalSecurityDescriptor,
+ DescriptorSize,
+ sizeof(ULONG));
+ if(DescriptorCopy.Control & SE_SELF_RELATIVE)
+ {
+ PSECURITY_DESCRIPTOR_RELATIVE RelSD = (PSECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
+
+ DescriptorCopy.Owner = (PSID)RelSD->Owner;
+ DescriptorCopy.Group = (PSID)RelSD->Group;
+ DescriptorCopy.Sacl = (PACL)RelSD->Sacl;
+ DescriptorCopy.Dacl = (PACL)RelSD->Dacl;
+ }
+ else
+ {
+ DescriptorCopy.Owner = OriginalSecurityDescriptor->Owner;
+ DescriptorCopy.Group = OriginalSecurityDescriptor->Group;
+ DescriptorCopy.Sacl = OriginalSecurityDescriptor->Sacl;
+ DescriptorCopy.Dacl = OriginalSecurityDescriptor->Dacl;
+ }
+ }
+ _SEH_HANDLE
+ {
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
+
+ if(!NT_SUCCESS(Status))
+ {
+ return Status;
+ }
+ }
+ else if(!CaptureIfKernel)
+ {
+ if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
+ {
+ return STATUS_UNKNOWN_REVISION;
+ }
+
+ *CapturedSecurityDescriptor = OriginalSecurityDescriptor;
+ return STATUS_SUCCESS;
+ }
+ else
+ {
+ if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
+ {
+ return STATUS_UNKNOWN_REVISION;
+ }
+
+ /* make a copy on the stack */
+ DescriptorCopy.Revision = OriginalSecurityDescriptor->Revision;
+ DescriptorCopy.Sbz1 = OriginalSecurityDescriptor->Sbz1;
+ DescriptorCopy.Control = OriginalSecurityDescriptor->Control;
+ DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ?
+ sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR));
+ if(DescriptorCopy.Control & SE_SELF_RELATIVE)
+ {
+ PSECURITY_DESCRIPTOR_RELATIVE RelSD = (PSECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
+
+ DescriptorCopy.Owner = (PSID)RelSD->Owner;
+ DescriptorCopy.Group = (PSID)RelSD->Group;
+ DescriptorCopy.Sacl = (PACL)RelSD->Sacl;
+ DescriptorCopy.Dacl = (PACL)RelSD->Dacl;
+ }
+ else
+ {
+ DescriptorCopy.Owner = OriginalSecurityDescriptor->Owner;
+ DescriptorCopy.Group = OriginalSecurityDescriptor->Group;
+ DescriptorCopy.Sacl = OriginalSecurityDescriptor->Sacl;
+ DescriptorCopy.Dacl = OriginalSecurityDescriptor->Dacl;
+ }
+ }
+
+ if(DescriptorCopy.Control & SE_SELF_RELATIVE)
+ {
+ /* in case we're dealing with a self-relative descriptor, do a basic convert
+ to an absolute descriptor. We do this so we can simply access the data
+ using the pointers without calculating them again. */
+ DescriptorCopy.Control &= ~SE_SELF_RELATIVE;
+ if(DescriptorCopy.Owner != NULL)
+ {
+ DescriptorCopy.Owner = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Owner);
+ }
+ if(DescriptorCopy.Group != NULL)
+ {
+ DescriptorCopy.Group = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Group);
+ }
+ if(DescriptorCopy.Dacl != NULL)
+ {
+ DescriptorCopy.Dacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Dacl);
+ }
+ if(DescriptorCopy.Sacl != NULL)
+ {
+ DescriptorCopy.Sacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Sacl);
+ }
+ }
+
+ /* determine the size of the SIDs */
+#define DetermineSIDSize(SidType) \
+ do { \
+ if(DescriptorCopy.SidType != NULL) \
+ { \
+ SID *SidType = (SID*)DescriptorCopy.SidType; \
+ \
+ if(CurrentMode != KernelMode) \
+ { \
+ /* securely access the buffers! */ \
+ _SEH_TRY \
+ { \
+ ProbeForRead(&SidType->SubAuthorityCount, \
+ sizeof(SidType->SubAuthorityCount), \
+ 1); \
+ SidType##SAC = SidType->SubAuthorityCount; \
+ SidType##Size = RtlLengthRequiredSid(SidType##SAC); \
+ DescriptorSize += ROUND_UP(SidType##Size, sizeof(ULONG)); \
+ ProbeForRead(SidType, \
+ SidType##Size, \
+ sizeof(ULONG)); \
+ if(!RtlValidSid(SidType)) \
+ { \
+ Status = STATUS_INVALID_SID; \
+ } \
+ } \
+ _SEH_HANDLE \
+ { \
+ Status = _SEH_GetExceptionCode(); \
+ } \
+ _SEH_END; \
+ \
+ if(!NT_SUCCESS(Status)) \
+ { \
+ return Status; \
+ } \
+ } \
+ else \
+ { \
+ SidType##SAC = SidType->SubAuthorityCount; \
+ SidType##Size = RtlLengthRequiredSid(SidType##SAC); \
+ DescriptorSize += ROUND_UP(SidType##Size, sizeof(ULONG)); \
+ } \
+ } \
+ } while(0)
+
+ DetermineSIDSize(Owner);
+ DetermineSIDSize(Group);
+
+ /* determine the size of the ACLs */
+#define DetermineACLSize(AclType, AclFlag) \
+ do { \
+ if((DescriptorCopy.Control & SE_##AclFlag##_PRESENT) && \
+ DescriptorCopy.AclType != NULL) \
+ { \
+ PACL AclType = (PACL)DescriptorCopy.AclType; \
+ \
+ if(CurrentMode != KernelMode) \
+ { \
+ /* securely access the buffers! */ \
+ _SEH_TRY \
+ { \
+ ProbeForRead(&AclType->AclSize, \
+ sizeof(AclType->AclSize), \
+ 1); \
+ AclType##Size = AclType->AclSize; \
+ DescriptorSize += ROUND_UP(AclType##Size, sizeof(ULONG)); \
+ ProbeForRead(AclType, \
+ AclType##Size, \
+ sizeof(ULONG)); \
+ if(!RtlValidAcl(AclType)) \
+ { \
+ Status = STATUS_INVALID_ACL; \
+ } \
+ } \
+ _SEH_HANDLE \
+ { \
+ Status = _SEH_GetExceptionCode(); \
+ } \
+ _SEH_END; \
+ \
+ if(!NT_SUCCESS(Status)) \
+ { \
+ return Status; \
+ } \
+ } \
+ else \
+ { \
+ AclType##Size = AclType->AclSize; \
+ DescriptorSize += ROUND_UP(AclType##Size, sizeof(ULONG)); \
+ } \
+ } \
+ else \
+ { \
+ DescriptorCopy.AclType = NULL; \
+ } \
+ } while(0)
+
+ DetermineACLSize(Sacl, SACL);
+ DetermineACLSize(Dacl, DACL);
+
+ /* allocate enough memory to store a complete copy of a self-relative
+ security descriptor */
+ NewDescriptor = ExAllocatePool(PoolType,
+ DescriptorSize);
+ if(NewDescriptor != NULL)
+ {
+ ULONG_PTR Offset = sizeof(SECURITY_DESCRIPTOR);
+
+ NewDescriptor->Revision = DescriptorCopy.Revision;
+ NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
+ NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
+
+ _SEH_TRY
+ {
+ /* setup the offsets and copy the SIDs and ACLs to the new
+ self-relative security descriptor. Probing the pointers is not
+ neccessary anymore as we did that when collecting the sizes! */
+#define CopySIDOrACL(Type) \
+ do { \
+ if(DescriptorCopy.Type != NULL) \
+ { \
+ NewDescriptor->Type = (PVOID)Offset; \
+ RtlCopyMemory((PVOID)((ULONG_PTR)NewDescriptor + \
+ (ULONG_PTR)NewDescriptor->Type), \
+ DescriptorCopy.Type, \
+ Type##Size); \
+ Offset += ROUND_UP(Type##Size, sizeof(ULONG)); \
+ } \
+ } while(0)
+
+ CopySIDOrACL(Owner);
+ CopySIDOrACL(Group);
+ CopySIDOrACL(Sacl);
+ CopySIDOrACL(Dacl);
+ }
+ _SEH_HANDLE
+ {
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
+
+ if(NT_SUCCESS(Status))
+ {
+ /* we're finally done! copy the pointer to the captured descriptor to
+ to the caller */
+ *CapturedSecurityDescriptor = NewDescriptor;
+ return STATUS_SUCCESS;
+ }
+ else
+ {
+ /* we failed to copy the data to the new descriptor */
+ ExFreePool(NewDescriptor);
+ }
+ }
+ else
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ }
+ }
+ else
+ {
+ /* nothing to do... */
+ *CapturedSecurityDescriptor = NULL;
+ }
+
+ return Status;
}
/*
IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor OPTIONAL)
{
PSECURITY_DESCRIPTOR ObjectSd;
- PSID Owner = 0;
- PSID Group = 0;
- PACL Dacl = 0;
- PACL Sacl = 0;
+ PSECURITY_DESCRIPTOR_RELATIVE RelSD;
+ PSID Owner = NULL;
+ PSID Group = NULL;
+ PACL Dacl = NULL;
+ PACL Sacl = NULL;
ULONG OwnerLength = 0;
ULONG GroupLength = 0;
ULONG DaclLength = 0;
ULONG Control = 0;
ULONG_PTR Current;
ULONG SdLength;
+
+ RelSD = (PSECURITY_DESCRIPTOR_RELATIVE)SecurityDescriptor;
if (*ObjectsSecurityDescriptor == NULL)
{
- if (*Length < sizeof(SECURITY_DESCRIPTOR))
+ if (*Length < sizeof(SECURITY_DESCRIPTOR_RELATIVE))
{
- *Length = sizeof(SECURITY_DESCRIPTOR);
+ *Length = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
return STATUS_BUFFER_TOO_SMALL;
}
- *Length = sizeof(SECURITY_DESCRIPTOR);
- RtlCreateSecurityDescriptor(SecurityDescriptor,
- SECURITY_DESCRIPTOR_REVISION);
- SecurityDescriptor->Control |= SE_SELF_RELATIVE;
+ *Length = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
+ RtlCreateSecurityDescriptorRelative(RelSD,
+ SECURITY_DESCRIPTOR_REVISION);
return STATUS_SUCCESS;
}
}
SdLength = OwnerLength + GroupLength + DaclLength +
- SaclLength + sizeof(SECURITY_DESCRIPTOR);
- if (*Length < sizeof(SECURITY_DESCRIPTOR))
+ SaclLength + sizeof(SECURITY_DESCRIPTOR_RELATIVE);
+ if (*Length < SdLength)
{
*Length = SdLength;
return STATUS_BUFFER_TOO_SMALL;
}
/* Build the new security descrtiptor */
- RtlCreateSecurityDescriptor(SecurityDescriptor,
- SECURITY_DESCRIPTOR_REVISION);
- SecurityDescriptor->Control = Control;
+ RtlCreateSecurityDescriptorRelative(RelSD,
+ SECURITY_DESCRIPTOR_REVISION);
+ RelSD->Control = Control;
- Current = (ULONG_PTR)SecurityDescriptor + sizeof(SECURITY_DESCRIPTOR);
+ Current = (ULONG_PTR)(RelSD + 1);
if (OwnerLength != 0)
{
RtlCopyMemory((PVOID)Current,
Owner,
OwnerLength);
- SecurityDescriptor->Owner = (PSID)(Current - (ULONG_PTR)SecurityDescriptor);
+ RelSD->Owner = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += OwnerLength;
}
RtlCopyMemory((PVOID)Current,
Group,
GroupLength);
- SecurityDescriptor->Group = (PSID)(Current - (ULONG_PTR)SecurityDescriptor);
+ RelSD->Group = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += GroupLength;
}
RtlCopyMemory((PVOID)Current,
Dacl,
DaclLength);
- SecurityDescriptor->Dacl = (PACL)(Current - (ULONG_PTR)SecurityDescriptor);
+ RelSD->Dacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += DaclLength;
}
RtlCopyMemory((PVOID)Current,
Sacl,
SaclLength);
- SecurityDescriptor->Sacl = (PACL)(Current - (ULONG_PTR)SecurityDescriptor);
+ RelSD->Sacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += SaclLength;
}
}
/*
- * @unimplemented
+ * @implemented
*/
NTSTATUS
STDCALL
IN BOOLEAN CaptureIfKernelMode
)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PAGED_CODE();
+
+ /* WARNING! You need to call this function with the same value for CurrentMode
+ and CaptureIfKernelMode that you previously passed to
+ SeCaptureSecurityDescriptor() in order to avoid memory leaks! */
+ if(CapturedSecurityDescriptor != NULL &&
+ (CurrentMode == UserMode ||
+ (CurrentMode == KernelMode && CaptureIfKernelMode)))
+ {
+ /* only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
+ ExFreePool(CapturedSecurityDescriptor);
+ }
+
+ return STATUS_SUCCESS;
}
/*
projects / reactos.git / blobdiff