-/* $Id: semgr.c,v 1.37 2004/07/21 23:38:15 ekohl Exp $
+/* $Id: semgr.c,v 1.43 2004/09/08 11:39:59 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
/* INCLUDES *****************************************************************/
-#include <ddk/ntddk.h>
-#include <internal/ps.h>
-#include <internal/se.h>
-
+#include <ntoskrnl.h>
#define NDEBUG
#include <internal/debug.h>
* @unimplemented
*/
NTSTATUS STDCALL
+SeAssignSecurityEx(IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
+ IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
+ OUT PSECURITY_DESCRIPTOR *NewDescriptor,
+ IN GUID *ObjectType OPTIONAL,
+ IN BOOLEAN IsDirectoryObject,
+ IN ULONG AutoInheritFlags,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN POOL_TYPE PoolType)
+{
+ UNIMPLEMENTED;
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+
+/*
+ * FUNCTION: Creates a security descriptor for a new object.
+ * ARGUMENTS:
+ * ParentDescriptor =
+ * ExplicitDescriptor =
+ * NewDescriptor =
+ * IsDirectoryObject =
+ * SubjectContext =
+ * GeneralMapping =
+ * PoolType =
+ * RETURNS: Status
+ *
+ * @implemented
+ */
+NTSTATUS STDCALL
SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
PSECURITY_DESCRIPTOR *NewDescriptor,
ULONG SaclLength = 0;
ULONG Length = 0;
ULONG Control = 0;
- ULONG Current;
+ ULONG_PTR Current;
PSID Owner = NULL;
PSID Group = NULL;
PACL Dacl = NULL;
Control |= SE_OWNER_DEFAULTED;
}
- OwnerLength = RtlLengthSid(Owner);
+ OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
/* Inherit the Group SID */
Control |= SE_OWNER_DEFAULTED;
}
- GroupLength = RtlLengthSid(Group);
+ GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
/* Inherit the DACL */
{
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor);
}
- Control |= SE_DACL_PRESENT;
+ Control |= (SE_DACL_PRESENT & SE_DACL_DEFAULTED);
}
else if (Token != NULL && Token->DefaultDacl != NULL)
{
DPRINT("Use token default DACL!\n");
/* FIXME: Inherit */
Dacl = Token->DefaultDacl;
- Control |= SE_DACL_PRESENT;
+ Control |= (SE_DACL_PRESENT & SE_DACL_DEFAULTED);
}
else
{
DPRINT("Use NULL DACL!\n");
Dacl = NULL;
- Control |= SE_DACL_PRESENT;
+ Control |= (SE_DACL_PRESENT & SE_DACL_DEFAULTED);
}
- DaclLength = (Dacl != NULL) ? Dacl->AclSize : 0;
-
+ DaclLength = (Dacl != NULL) ? ROUND_UP(Dacl->AclSize, 4) : 0;
/* Inherit the SACL */
- /* FIXME */
-#if 0
- if (ExplicitDescriptor != NULL && (ExplicitDescriptor->Control & SE_SACL_PRESENT))
+ if (ExplicitDescriptor != NULL &&
+ (ExplicitDescriptor->Control & SE_SACL_PRESENT) &&
+ !(ExplicitDescriptor->Control & SE_SACL_DEFAULTED))
{
DPRINT("Use explicit SACL!\n");
Sacl = ExplicitDescriptor->Sacl;
}
Control |= SE_SACL_PRESENT;
- SaclLength = Sacl->AclSize;
}
- else
+ else if (ParentDescriptor != NULL &&
+ (ParentDescriptor->Control & SE_SACL_PRESENT))
{
- DPRINT("No SACL!\n");
- SaclLength = 0;
+ DPRINT("Use parent SACL!\n");
+ /* FIXME: Inherit */
+ Sacl = ParentDescriptor->Sacl;
+ if (Sacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE))
+ {
+ Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor);
+ }
+ Control |= (SE_SACL_PRESENT & SE_SACL_DEFAULTED);
}
-#endif
+
+ SaclLength = (Sacl != NULL) ? ROUND_UP(Sacl->AclSize, 4) : 0;
/* Allocate and initialize the new security descriptor */
Descriptor->Control = Control | SE_SELF_RELATIVE;
- Current = (ULONG)Descriptor + sizeof(SECURITY_DESCRIPTOR);
+ Current = (ULONG_PTR)Descriptor + sizeof(SECURITY_DESCRIPTOR);
if (SaclLength != 0)
{
RtlCopyMemory((PVOID)Current,
Sacl,
SaclLength);
- Descriptor->Sacl = (PACL)((ULONG)Current - (ULONG)Descriptor);
+ Descriptor->Sacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
Current += SaclLength;
}
RtlCopyMemory((PVOID)Current,
Dacl,
DaclLength);
- Descriptor->Dacl = (PACL)((ULONG)Current - (ULONG)Descriptor);
+ Descriptor->Dacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
Current += DaclLength;
}
RtlCopyMemory((PVOID)Current,
Owner,
OwnerLength);
- Descriptor->Owner = (PSID)((ULONG)Current - (ULONG)Descriptor);
+ Descriptor->Owner = (PSID)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
Current += OwnerLength;
}
memmove((PVOID)Current,
Group,
GroupLength);
- Descriptor->Group = (PSID)((ULONG)Current - (ULONG)Descriptor);
+ Descriptor->Group = (PSID)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
}
/* FIXME: Unlock subject context */
}
else
{
- Status = STATUS_SUCCESS;
+ Status = STATUS_ACCESS_DENIED;
}
/* FIXME: Unlock subject context */