#define NDEBUG
#include <internal/debug.h>
-#define TAG_SXPT TAG('S', 'X', 'P', 'T')
-
-
/* GLOBALS ******************************************************************/
-PSE_EXPORTS EXPORTED SeExports = NULL;
+PSE_EXPORTS SeExports = NULL;
+SE_EXPORTS SepExports;
static ERESOURCE SepSubjectContextLock;
static BOOLEAN SepInitExports(VOID);
+#if defined (ALLOC_PRAGMA)
+#pragma alloc_text(INIT, SeInit1)
+#pragma alloc_text(INIT, SeInit2)
+#pragma alloc_text(INIT, SepInitExports)
+#endif
/* FUNCTIONS ****************************************************************/
-BOOLEAN INIT_FUNCTION
+BOOLEAN
+INIT_FUNCTION
+NTAPI
SeInit1(VOID)
{
SepInitLuid();
}
-BOOLEAN INIT_FUNCTION
+BOOLEAN
+INIT_FUNCTION
+NTAPI
SeInit2(VOID)
{
SepInitializeTokenImplementation();
BOOLEAN
+NTAPI
SeInitSRM(VOID)
{
OBJECT_ATTRIBUTES ObjectAttributes;
static BOOLEAN INIT_FUNCTION
SepInitExports(VOID)
{
- SeExports = ExAllocatePoolWithTag(NonPagedPool,
- sizeof(SE_EXPORTS),
- TAG_SXPT);
- if (SeExports == NULL)
- return FALSE;
-
- SeExports->SeCreateTokenPrivilege = SeCreateTokenPrivilege;
- SeExports->SeAssignPrimaryTokenPrivilege = SeAssignPrimaryTokenPrivilege;
- SeExports->SeLockMemoryPrivilege = SeLockMemoryPrivilege;
- SeExports->SeIncreaseQuotaPrivilege = SeIncreaseQuotaPrivilege;
- SeExports->SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege;
- SeExports->SeTcbPrivilege = SeTcbPrivilege;
- SeExports->SeSecurityPrivilege = SeSecurityPrivilege;
- SeExports->SeTakeOwnershipPrivilege = SeTakeOwnershipPrivilege;
- SeExports->SeLoadDriverPrivilege = SeLoadDriverPrivilege;
- SeExports->SeCreatePagefilePrivilege = SeCreatePagefilePrivilege;
- SeExports->SeIncreaseBasePriorityPrivilege = SeIncreaseBasePriorityPrivilege;
- SeExports->SeSystemProfilePrivilege = SeSystemProfilePrivilege;
- SeExports->SeSystemtimePrivilege = SeSystemtimePrivilege;
- SeExports->SeProfileSingleProcessPrivilege = SeProfileSingleProcessPrivilege;
- SeExports->SeCreatePermanentPrivilege = SeCreatePermanentPrivilege;
- SeExports->SeBackupPrivilege = SeBackupPrivilege;
- SeExports->SeRestorePrivilege = SeRestorePrivilege;
- SeExports->SeShutdownPrivilege = SeShutdownPrivilege;
- SeExports->SeDebugPrivilege = SeDebugPrivilege;
- SeExports->SeAuditPrivilege = SeAuditPrivilege;
- SeExports->SeSystemEnvironmentPrivilege = SeSystemEnvironmentPrivilege;
- SeExports->SeChangeNotifyPrivilege = SeChangeNotifyPrivilege;
- SeExports->SeRemoteShutdownPrivilege = SeRemoteShutdownPrivilege;
-
- SeExports->SeNullSid = SeNullSid;
- SeExports->SeWorldSid = SeWorldSid;
- SeExports->SeLocalSid = SeLocalSid;
- SeExports->SeCreatorOwnerSid = SeCreatorOwnerSid;
- SeExports->SeCreatorGroupSid = SeCreatorGroupSid;
- SeExports->SeNtAuthoritySid = SeNtAuthoritySid;
- SeExports->SeDialupSid = SeDialupSid;
- SeExports->SeNetworkSid = SeNetworkSid;
- SeExports->SeBatchSid = SeBatchSid;
- SeExports->SeInteractiveSid = SeInteractiveSid;
- SeExports->SeLocalSystemSid = SeLocalSystemSid;
- SeExports->SeAliasAdminsSid = SeAliasAdminsSid;
- SeExports->SeAliasUsersSid = SeAliasUsersSid;
- SeExports->SeAliasGuestsSid = SeAliasGuestsSid;
- SeExports->SeAliasPowerUsersSid = SeAliasPowerUsersSid;
- SeExports->SeAliasAccountOpsSid = SeAliasAccountOpsSid;
- SeExports->SeAliasSystemOpsSid = SeAliasSystemOpsSid;
- SeExports->SeAliasPrintOpsSid = SeAliasPrintOpsSid;
- SeExports->SeAliasBackupOpsSid = SeAliasBackupOpsSid;
-
+ SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege;
+ SepExports.SeAssignPrimaryTokenPrivilege = SeAssignPrimaryTokenPrivilege;
+ SepExports.SeLockMemoryPrivilege = SeLockMemoryPrivilege;
+ SepExports.SeIncreaseQuotaPrivilege = SeIncreaseQuotaPrivilege;
+ SepExports.SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege;
+ SepExports.SeTcbPrivilege = SeTcbPrivilege;
+ SepExports.SeSecurityPrivilege = SeSecurityPrivilege;
+ SepExports.SeTakeOwnershipPrivilege = SeTakeOwnershipPrivilege;
+ SepExports.SeLoadDriverPrivilege = SeLoadDriverPrivilege;
+ SepExports.SeCreatePagefilePrivilege = SeCreatePagefilePrivilege;
+ SepExports.SeIncreaseBasePriorityPrivilege = SeIncreaseBasePriorityPrivilege;
+ SepExports.SeSystemProfilePrivilege = SeSystemProfilePrivilege;
+ SepExports.SeSystemtimePrivilege = SeSystemtimePrivilege;
+ SepExports.SeProfileSingleProcessPrivilege = SeProfileSingleProcessPrivilege;
+ SepExports.SeCreatePermanentPrivilege = SeCreatePermanentPrivilege;
+ SepExports.SeBackupPrivilege = SeBackupPrivilege;
+ SepExports.SeRestorePrivilege = SeRestorePrivilege;
+ SepExports.SeShutdownPrivilege = SeShutdownPrivilege;
+ SepExports.SeDebugPrivilege = SeDebugPrivilege;
+ SepExports.SeAuditPrivilege = SeAuditPrivilege;
+ SepExports.SeSystemEnvironmentPrivilege = SeSystemEnvironmentPrivilege;
+ SepExports.SeChangeNotifyPrivilege = SeChangeNotifyPrivilege;
+ SepExports.SeRemoteShutdownPrivilege = SeRemoteShutdownPrivilege;
+
+ SepExports.SeNullSid = SeNullSid;
+ SepExports.SeWorldSid = SeWorldSid;
+ SepExports.SeLocalSid = SeLocalSid;
+ SepExports.SeCreatorOwnerSid = SeCreatorOwnerSid;
+ SepExports.SeCreatorGroupSid = SeCreatorGroupSid;
+ SepExports.SeNtAuthoritySid = SeNtAuthoritySid;
+ SepExports.SeDialupSid = SeDialupSid;
+ SepExports.SeNetworkSid = SeNetworkSid;
+ SepExports.SeBatchSid = SeBatchSid;
+ SepExports.SeInteractiveSid = SeInteractiveSid;
+ SepExports.SeLocalSystemSid = SeLocalSystemSid;
+ SepExports.SeAliasAdminsSid = SeAliasAdminsSid;
+ SepExports.SeAliasUsersSid = SeAliasUsersSid;
+ SepExports.SeAliasGuestsSid = SeAliasGuestsSid;
+ SepExports.SeAliasPowerUsersSid = SeAliasPowerUsersSid;
+ SepExports.SeAliasAccountOpsSid = SeAliasAccountOpsSid;
+ SepExports.SeAliasSystemOpsSid = SeAliasSystemOpsSid;
+ SepExports.SeAliasPrintOpsSid = SeAliasPrintOpsSid;
+ SepExports.SeAliasBackupOpsSid = SeAliasBackupOpsSid;
+ SepExports.SeAuthenticatedUsersSid = SeAuthenticatedUsersSid;
+ SepExports.SeRestrictedSid = SeRestrictedSid;
+ SepExports.SeAnonymousLogonSid = SeAnonymousLogonSid;
+
+ SepExports.SeUndockPrivilege = SeUndockPrivilege;
+ SepExports.SeSyncAgentPrivilege = SeSyncAgentPrivilege;
+ SepExports.SeEnableDelegationPrivilege = SeEnableDelegationPrivilege;
+
+ SeExports = &SepExports;
return TRUE;
}
UNIMPLEMENTED;
}
+NTSTATUS
+STDCALL
+SeDefaultObjectMethod(PVOID Object,
+ SECURITY_OPERATION_CODE OperationType,
+ SECURITY_INFORMATION SecurityInformation,
+ PSECURITY_DESCRIPTOR _SecurityDescriptor,
+ PULONG ReturnLength,
+ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
+ POOL_TYPE PoolType,
+ PGENERIC_MAPPING GenericMapping)
+{
+ PISECURITY_DESCRIPTOR ObjectSd;
+ PISECURITY_DESCRIPTOR NewSd;
+ PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
+ POBJECT_HEADER Header = BODY_TO_HEADER(Object);
+ PSID Owner = 0;
+ PSID Group = 0;
+ PACL Dacl = 0;
+ PACL Sacl = 0;
+ ULONG OwnerLength = 0;
+ ULONG GroupLength = 0;
+ ULONG DaclLength = 0;
+ ULONG SaclLength = 0;
+ ULONG Control = 0;
+ ULONG_PTR Current;
+ NTSTATUS Status;
+
+ if (OperationType == SetSecurityDescriptor)
+ {
+ ObjectSd = Header->SecurityDescriptor;
+
+ /* Get owner and owner size */
+ if (SecurityInformation & OWNER_SECURITY_INFORMATION)
+ {
+ if (SecurityDescriptor->Owner != NULL)
+ {
+ if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
+ Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
+ (ULONG_PTR)SecurityDescriptor);
+ else
+ Owner = (PSID)SecurityDescriptor->Owner;
+ OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
+ }
+ Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED);
+ }
+ else
+ {
+ if (ObjectSd->Owner != NULL)
+ {
+ Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
+ OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
+ }
+ Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
+ }
+
+ /* Get group and group size */
+ if (SecurityInformation & GROUP_SECURITY_INFORMATION)
+ {
+ if (SecurityDescriptor->Group != NULL)
+ {
+ if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
+ Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group +
+ (ULONG_PTR)SecurityDescriptor);
+ else
+ Group = (PSID)SecurityDescriptor->Group;
+ GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
+ }
+ Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED);
+ }
+ else
+ {
+ if (ObjectSd->Group != NULL)
+ {
+ Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
+ GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
+ }
+ Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
+ }
+
+ /* Get DACL and DACL size */
+ if (SecurityInformation & DACL_SECURITY_INFORMATION)
+ {
+ if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
+ (SecurityDescriptor->Dacl != NULL))
+ {
+ if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
+ Dacl = (PACL)((ULONG_PTR)SecurityDescriptor->Dacl +
+ (ULONG_PTR)SecurityDescriptor);
+ else
+ Dacl = (PACL)SecurityDescriptor->Dacl;
+
+ DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
+ }
+ Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
+ }
+ else
+ {
+ if ((ObjectSd->Control & SE_DACL_PRESENT) &&
+ (ObjectSd->Dacl != NULL))
+ {
+ Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
+ DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
+ }
+ Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
+ }
+
+ /* Get SACL and SACL size */
+ if (SecurityInformation & SACL_SECURITY_INFORMATION)
+ {
+ if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
+ (SecurityDescriptor->Sacl != NULL))
+ {
+ if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
+ Sacl = (PACL)((ULONG_PTR)SecurityDescriptor->Sacl +
+ (ULONG_PTR)SecurityDescriptor);
+ else
+ Sacl = (PACL)SecurityDescriptor->Sacl;
+ SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
+ }
+ Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
+ }
+ else
+ {
+ if ((ObjectSd->Control & SE_SACL_PRESENT) &&
+ (ObjectSd->Sacl != NULL))
+ {
+ Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
+ SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
+ }
+ Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
+ }
+
+ NewSd = ExAllocatePool(NonPagedPool,
+ sizeof(SECURITY_DESCRIPTOR) + OwnerLength + GroupLength +
+ DaclLength + SaclLength);
+ if (NewSd == NULL)
+ {
+ ObDereferenceObject(Object);
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ RtlCreateSecurityDescriptor(NewSd,
+ SECURITY_DESCRIPTOR_REVISION1);
+ /* We always build a self-relative descriptor */
+ NewSd->Control = Control | SE_SELF_RELATIVE;
+
+ Current = (ULONG_PTR)NewSd + sizeof(SECURITY_DESCRIPTOR);
+
+ if (OwnerLength != 0)
+ {
+ RtlCopyMemory((PVOID)Current,
+ Owner,
+ OwnerLength);
+ NewSd->Owner = (PSID)(Current - (ULONG_PTR)NewSd);
+ Current += OwnerLength;
+ }
+
+ if (GroupLength != 0)
+ {
+ RtlCopyMemory((PVOID)Current,
+ Group,
+ GroupLength);
+ NewSd->Group = (PSID)(Current - (ULONG_PTR)NewSd);
+ Current += GroupLength;
+ }
+
+ if (DaclLength != 0)
+ {
+ RtlCopyMemory((PVOID)Current,
+ Dacl,
+ DaclLength);
+ NewSd->Dacl = (PACL)(Current - (ULONG_PTR)NewSd);
+ Current += DaclLength;
+ }
+
+ if (SaclLength != 0)
+ {
+ RtlCopyMemory((PVOID)Current,
+ Sacl,
+ SaclLength);
+ NewSd->Sacl = (PACL)(Current - (ULONG_PTR)NewSd);
+ Current += SaclLength;
+ }
+
+ /* Add the new SD */
+ Status = ObpAddSecurityDescriptor(NewSd,
+ &Header->SecurityDescriptor);
+ if (NT_SUCCESS(Status))
+ {
+ /* Remove the old security descriptor */
+ ObpRemoveSecurityDescriptor(ObjectSd);
+ }
+ else
+ {
+ /* Restore the old security descriptor */
+ Header->SecurityDescriptor = ObjectSd;
+ }
+
+ ExFreePool(NewSd);
+ }
+ else if (OperationType == QuerySecurityDescriptor)
+ {
+ Status = SeQuerySecurityDescriptorInfo(&SecurityInformation,
+ SecurityDescriptor,
+ ReturnLength,
+ &Header->SecurityDescriptor);
+ }
+ else if (OperationType == AssignSecurityDescriptor)
+ {
+ /* Assign the security descriptor to the object header */
+ Status = ObpAddSecurityDescriptor(SecurityDescriptor,
+ &Header->SecurityDescriptor);
+ }
+
+
+ return STATUS_SUCCESS;
+}
/*
* @implemented
* @implemented
*/
NTSTATUS STDCALL
-SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
- PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
+SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
+ PSECURITY_DESCRIPTOR _ExplicitDescriptor OPTIONAL,
PSECURITY_DESCRIPTOR *NewDescriptor,
BOOLEAN IsDirectoryObject,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
PGENERIC_MAPPING GenericMapping,
POOL_TYPE PoolType)
{
- PSECURITY_DESCRIPTOR Descriptor;
+ PISECURITY_DESCRIPTOR ParentDescriptor = _ParentDescriptor;
+ PISECURITY_DESCRIPTOR ExplicitDescriptor = _ExplicitDescriptor;
+ PISECURITY_DESCRIPTOR Descriptor;
PTOKEN Token;
ULONG OwnerLength = 0;
ULONG GroupLength = 0;
DaclLength,
SaclLength);
- Descriptor = ExAllocatePool(NonPagedPool,
+ Descriptor = ExAllocatePool(PagedPool,
Length);
- RtlZeroMemory( Descriptor, Length );
-
if (Descriptor == NULL)
{
DPRINT1("ExAlloctePool() failed\n");
return STATUS_INSUFFICIENT_RESOURCES;
}
+ RtlZeroMemory( Descriptor, Length );
RtlCreateSecurityDescriptor(Descriptor,
SECURITY_DESCRIPTOR_REVISION);
projects / reactos.git / blobdiff