-/* $Id: sid.c,v 1.10 2002/07/29 15:34:22 ekohl Exp $
+/* $Id$
*
- * COPYRIGHT: See COPYING in the top level directory
- * PROJECT: ReactOS kernel
- * PURPOSE: Security manager
- * FILE: ntoskrnl/se/sid.c
- * PROGRAMER: David Welch <welch@cwcom.net>
- * REVISION HISTORY:
- * 26/07/98: Added stubs for security functions
+ * COPYRIGHT: See COPYING in the top level directory
+ * PROJECT: ReactOS kernel
+ * FILE: ntoskrnl/se/sid.c
+ * PURPOSE: Security manager
+ *
+ * PROGRAMMERS: David Welch <welch@cwcom.net>
*/
/* INCLUDES *****************************************************************/
-#include <ddk/ntddk.h>
-#include <internal/se.h>
+#include <ntoskrnl.h>
+#define NDEBUG
#include <internal/debug.h>
#define TAG_SID TAG('S', 'I', 'D', 'T')
/* FUNCTIONS ****************************************************************/
-BOOLEAN
+BOOLEAN INIT_FUNCTION
SepInitSecurityIDs(VOID)
{
ULONG SidLength0;
return(TRUE);
}
-
-BOOLEAN STDCALL
-RtlValidSid(PSID Sid)
-{
- if ((Sid->Revision & 0xf) != 1)
- {
- return(FALSE);
- }
- if (Sid->SubAuthorityCount > 15)
- {
- return(FALSE);
- }
- return(TRUE);
-}
-
-
-ULONG STDCALL
-RtlLengthRequiredSid(UCHAR SubAuthorityCount)
-{
- return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG));
-}
-
-
-NTSTATUS STDCALL
-RtlInitializeSid(PSID Sid,
- PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
- UCHAR SubAuthorityCount)
-{
- Sid->Revision = 1;
- Sid->SubAuthorityCount = SubAuthorityCount;
- RtlCopyMemory(&Sid->IdentifierAuthority,
- IdentifierAuthority,
- sizeof(SID_IDENTIFIER_AUTHORITY));
- return(STATUS_SUCCESS);
-}
-
-
-PULONG STDCALL
-RtlSubAuthoritySid(PSID Sid,
- ULONG SubAuthority)
-{
- return(&Sid->SubAuthority[SubAuthority]);
-}
-
-
-PUCHAR STDCALL
-RtlSubAuthorityCountSid(PSID Sid)
-{
- return(&Sid->SubAuthorityCount);
-}
-
-
-BOOLEAN STDCALL
-RtlEqualSid(PSID Sid1,
- PSID Sid2)
-{
- if (Sid1->Revision != Sid2->Revision)
- {
- return(FALSE);
- }
- if ((*RtlSubAuthorityCountSid(Sid1)) !=
- (*RtlSubAuthorityCountSid(Sid2)))
- {
- return(FALSE);
- }
- if (memcmp(Sid1, Sid2, RtlLengthSid(Sid1)) != 0)
- {
- return(FALSE);
- }
- return(TRUE);
-}
-
-
-ULONG STDCALL
-RtlLengthSid(PSID Sid)
+NTSTATUS
+SepCaptureSid(IN PSID InputSid,
+ IN KPROCESSOR_MODE AccessMode,
+ IN POOL_TYPE PoolType,
+ IN BOOLEAN CaptureIfKernel,
+ OUT PSID *CapturedSid)
{
- return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
-}
-
-
-NTSTATUS STDCALL
-RtlCopySid(ULONG BufferLength,
- PSID Dest,
- PSID Src)
-{
- if (BufferLength < RtlLengthSid(Src))
- {
- return(STATUS_UNSUCCESSFUL);
- }
- memmove(Dest, Src, RtlLengthSid(Src));
- return(STATUS_SUCCESS);
-}
-
-
-NTSTATUS STDCALL
-RtlCopySidAndAttributesArray(ULONG Count,
- PSID_AND_ATTRIBUTES Src,
- ULONG SidAreaSize,
- PSID_AND_ATTRIBUTES Dest,
- PVOID SidArea,
- PVOID* RemainingSidArea,
- PULONG RemainingSidAreaSize)
-{
- ULONG Length;
- ULONG i;
-
- Length = SidAreaSize;
+ ULONG SidSize = 0;
+ PISID NewSid, Sid = (PISID)InputSid;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ PAGED_CODE();
+
+ if(AccessMode != KernelMode)
+ {
+ _SEH_TRY
+ {
+ ProbeForRead(Sid,
+ sizeof(*Sid) - sizeof(Sid->SubAuthority),
+ sizeof(UCHAR));
+ SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
+ ProbeForRead(Sid,
+ SidSize,
+ sizeof(UCHAR));
+ }
+ _SEH_HANDLE
+ {
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
+
+ if(NT_SUCCESS(Status))
+ {
+ /* allocate a SID and copy it */
+ NewSid = ExAllocatePool(PoolType,
+ SidSize);
+ if(NewSid != NULL)
+ {
+ _SEH_TRY
+ {
+ RtlCopyMemory(NewSid,
+ Sid,
+ SidSize);
+
+ *CapturedSid = NewSid;
+ }
+ _SEH_HANDLE
+ {
+ ExFreePool(NewSid);
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
+ }
+ else
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ }
+ }
+ }
+ else if(!CaptureIfKernel)
+ {
+ *CapturedSid = InputSid;
+ return STATUS_SUCCESS;
+ }
+ else
+ {
+ SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
+
+ /* allocate a SID and copy it */
+ NewSid = ExAllocatePool(PoolType,
+ SidSize);
+ if(NewSid != NULL)
+ {
+ RtlCopyMemory(NewSid,
+ Sid,
+ SidSize);
- for (i=0; i<Count; i++)
+ *CapturedSid = NewSid;
+ }
+ else
{
- if (RtlLengthSid(Src[i].Sid) > Length)
- {
- return(STATUS_BUFFER_TOO_SMALL);
- }
- Length = Length - RtlLengthSid(Src[i].Sid);
- Dest[i].Sid = SidArea;
- Dest[i].Attributes = Src[i].Attributes;
- RtlCopySid(RtlLengthSid(Src[i].Sid), SidArea, Src[i].Sid);
- SidArea = SidArea + RtlLengthSid(Src[i].Sid);
+ Status = STATUS_INSUFFICIENT_RESOURCES;
}
- *RemainingSidArea = SidArea;
- *RemainingSidAreaSize = Length;
- return(STATUS_SUCCESS);
-}
+ }
+ return Status;
+}
-NTSTATUS STDCALL
-RtlConvertSidToUnicodeString(PUNICODE_STRING String,
- PSID Sid,
- BOOLEAN AllocateString)
+VOID
+SepReleaseSid(IN PSID CapturedSid,
+ IN KPROCESSOR_MODE AccessMode,
+ IN BOOLEAN CaptureIfKernel)
{
- WCHAR Buffer[256];
- PWSTR Ptr;
- ULONG Length;
- ULONG i;
-
- if (!RtlValidSid(Sid))
- return STATUS_INVALID_SID;
-
- Ptr = Buffer;
- Ptr += swprintf (Ptr,
- L"S-%u-",
- Sid->Revision);
-
- if(!Sid->IdentifierAuthority.Value[0] &&
- !Sid->IdentifierAuthority.Value[1])
- {
- Ptr += swprintf(Ptr,
- L"%u",
- (ULONG)Sid->IdentifierAuthority.Value[2] << 24 |
- (ULONG)Sid->IdentifierAuthority.Value[3] << 16 |
- (ULONG)Sid->IdentifierAuthority.Value[4] << 8 |
- (ULONG)Sid->IdentifierAuthority.Value[5]);
- }
- else
- {
- Ptr += swprintf(Ptr,
- L"0x%02hx%02hx%02hx%02hx%02hx%02hx",
- Sid->IdentifierAuthority.Value[0],
- Sid->IdentifierAuthority.Value[1],
- Sid->IdentifierAuthority.Value[2],
- Sid->IdentifierAuthority.Value[3],
- Sid->IdentifierAuthority.Value[4],
- Sid->IdentifierAuthority.Value[5]);
- }
-
- for (i = 0; i < Sid->SubAuthorityCount; i++)
- {
- Ptr += swprintf(Ptr,
- L"-%u",
- Sid->SubAuthority[i]);
- }
-
- Length = (Ptr - Buffer) * sizeof(WCHAR);
-
- if (AllocateString)
- {
- String->Buffer = ExAllocatePool(NonPagedPool,
- Length + sizeof(WCHAR));
- if (String->Buffer == NULL)
- return STATUS_NO_MEMORY;
-
- String->MaximumLength = Length + sizeof(WCHAR);
- }
- else
- {
- if (Length > String->MaximumLength)
- return STATUS_BUFFER_TOO_SMALL;
- }
- String->Length = Length;
- memmove(String->Buffer,
- Buffer,
- Length);
- if (Length < String->MaximumLength)
- String->Buffer[Length] = 0;
-
- return STATUS_SUCCESS;
+ PAGED_CODE();
+
+ if(CapturedSid != NULL &&
+ (AccessMode == UserMode ||
+ (AccessMode == KernelMode && CaptureIfKernel)))
+ {
+ ExFreePool(CapturedSid);
+ }
}
/* EOF */