ReactOS Development > Doxygen
cmse.c
Go to the documentation of this file.
00001 /* 00002 * PROJECT: ReactOS Kernel 00003 * LICENSE: GPL - See COPYING in the top level directory 00004 * FILE: ntoskrnl/config/cmse.c 00005 * PURPOSE: Configuration Manager - Security Subsystem Interface 00006 * PROGRAMMERS: Alex Ionescu (alex.ionescu@reactos.org) 00007 */ 00008 00009 /* INCLUDES ******************************************************************/ 00010 00011 #include "ntoskrnl.h" 00012 #define NDEBUG 00013 #include "debug.h" 00014 00015 /* GLOBALS *******************************************************************/ 00016 00017 /* FUNCTIONS *****************************************************************/ 00018 00019 PSECURITY_DESCRIPTOR 00020 NTAPI 00021 INIT_FUNCTION 00022 CmpHiveRootSecurityDescriptor(VOID) 00023 { 00024 NTSTATUS Status; 00025 PSECURITY_DESCRIPTOR SecurityDescriptor; 00026 PACL Acl, AclCopy; 00027 PSID Sid[4]; 00028 SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY}; 00029 SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}; 00030 ULONG AceLength, AclLength, SidLength; 00031 PACE_HEADER AceHeader; 00032 ULONG i; 00033 PAGED_CODE(); 00034 00035 /* Phase 1: Allocate SIDs */ 00036 SidLength = RtlLengthRequiredSid(1); 00037 Sid[0] = ExAllocatePoolWithTag(PagedPool, SidLength, TAG_CM); 00038 Sid[1] = ExAllocatePoolWithTag(PagedPool, SidLength, TAG_CM); 00039 Sid[2] = ExAllocatePoolWithTag(PagedPool, SidLength, TAG_CM); 00040 SidLength = RtlLengthRequiredSid(2); 00041 Sid[3] = ExAllocatePoolWithTag(PagedPool, SidLength, TAG_CM); 00042 00043 /* Make sure all SIDs were allocated */ 00044 if (!(Sid[0]) || !(Sid[1]) || !(Sid[2]) || !(Sid[3])) 00045 { 00046 /* Bugcheck */ 00047 KeBugCheckEx(REGISTRY_ERROR, 11, 1, 0, 0); 00048 } 00049 00050 /* Phase 2: Initialize all SIDs */ 00051 Status = RtlInitializeSid(Sid[0], &WorldAuthority, 1); 00052 Status |= RtlInitializeSid(Sid[1], &NtAuthority, 1); 00053 Status |= RtlInitializeSid(Sid[2], &NtAuthority, 1); 00054 Status |= RtlInitializeSid(Sid[3], &NtAuthority, 2); 00055 if (!NT_SUCCESS(Status)) KeBugCheckEx(REGISTRY_ERROR, 11, 2, 0, 0); 00056 00057 /* Phase 2: Setup SID Sub Authorities */ 00058 *RtlSubAuthoritySid(Sid[0], 0) = SECURITY_WORLD_RID; 00059 *RtlSubAuthoritySid(Sid[1], 0) = SECURITY_RESTRICTED_CODE_RID; 00060 *RtlSubAuthoritySid(Sid[2], 0) = SECURITY_LOCAL_SYSTEM_RID; 00061 *RtlSubAuthoritySid(Sid[3], 0) = SECURITY_BUILTIN_DOMAIN_RID; 00062 *RtlSubAuthoritySid(Sid[3], 1) = DOMAIN_ALIAS_RID_ADMINS; 00063 00064 /* Make sure all SIDs are valid */ 00065 ASSERT(RtlValidSid(Sid[0])); 00066 ASSERT(RtlValidSid(Sid[1])); 00067 ASSERT(RtlValidSid(Sid[2])); 00068 ASSERT(RtlValidSid(Sid[3])); 00069 00070 /* Phase 3: Calculate ACL Length */ 00071 AclLength = sizeof(ACL); 00072 for (i = 0; i < 4; i++) 00073 { 00074 /* This is what MSDN says to do */ 00075 AceLength = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart); 00076 AceLength += SeLengthSid(Sid[i]); 00077 AclLength += AceLength; 00078 } 00079 00080 /* Phase 3: Allocate the ACL */ 00081 Acl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_CM); 00082 if (!Acl) KeBugCheckEx(REGISTRY_ERROR, 11, 3, 0, 0); 00083 00084 /* Phase 4: Create the ACL */ 00085 Status = RtlCreateAcl(Acl, AclLength, ACL_REVISION); 00086 if (!NT_SUCCESS(Status)) KeBugCheckEx(REGISTRY_ERROR, 11, 4, Status, 0); 00087 00088 /* Phase 5: Build the ACL */ 00089 Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION, KEY_ALL_ACCESS, Sid[0]); 00090 Status |= RtlAddAccessAllowedAce(Acl, ACL_REVISION, KEY_ALL_ACCESS, Sid[1]); 00091 Status |= RtlAddAccessAllowedAce(Acl, ACL_REVISION, KEY_READ, Sid[2]); 00092 Status |= RtlAddAccessAllowedAce(Acl, ACL_REVISION, KEY_READ, Sid[3]); 00093 if (!NT_SUCCESS(Status)) KeBugCheckEx(REGISTRY_ERROR, 11, 5, Status, 0); 00094 00095 /* Phase 5: Make the ACEs inheritable */ 00096 Status = RtlGetAce(Acl, 0,( PVOID*)&AceHeader); 00097 ASSERT(NT_SUCCESS(Status)); 00098 AceHeader->AceFlags |= CONTAINER_INHERIT_ACE; 00099 Status = RtlGetAce(Acl, 1, (PVOID*)&AceHeader); 00100 ASSERT(NT_SUCCESS(Status)); 00101 AceHeader->AceFlags |= CONTAINER_INHERIT_ACE; 00102 Status = RtlGetAce(Acl, 2, (PVOID*)&AceHeader); 00103 ASSERT(NT_SUCCESS(Status)); 00104 AceHeader->AceFlags |= CONTAINER_INHERIT_ACE; 00105 Status = RtlGetAce(Acl, 3, (PVOID*)&AceHeader); 00106 ASSERT(NT_SUCCESS(Status)); 00107 AceHeader->AceFlags |= CONTAINER_INHERIT_ACE; 00108 00109 /* Phase 6: Allocate the security descriptor and make space for the ACL */ 00110 SecurityDescriptor = ExAllocatePoolWithTag(PagedPool, 00111 sizeof(SECURITY_DESCRIPTOR) + 00112 AclLength, 00113 TAG_CM); 00114 if (!SecurityDescriptor) KeBugCheckEx(REGISTRY_ERROR, 11, 6, 0, 0); 00115 00116 /* Phase 6: Make a copy of the ACL */ 00117 AclCopy = (PACL)((PISECURITY_DESCRIPTOR)SecurityDescriptor + 1); 00118 RtlCopyMemory(AclCopy, Acl, AclLength); 00119 00120 /* Phase 7: Create the security descriptor */ 00121 Status = RtlCreateSecurityDescriptor(SecurityDescriptor, 00122 SECURITY_DESCRIPTOR_REVISION); 00123 if (!NT_SUCCESS(Status)) KeBugCheckEx(REGISTRY_ERROR, 11, 7, Status, 0); 00124 00125 /* Phase 8: Set the ACL as a DACL */ 00126 Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor, 00127 TRUE, 00128 AclCopy, 00129 FALSE); 00130 if (!NT_SUCCESS(Status)) KeBugCheckEx(REGISTRY_ERROR, 11, 8, Status, 0); 00131 00132 /* Free the SIDs and original ACL */ 00133 for (i = 0; i < 4; i++) ExFreePoolWithTag(Sid[i], TAG_CM); 00134 ExFreePoolWithTag(Acl, TAG_CM); 00135 00136 /* Return the security descriptor */ 00137 return SecurityDescriptor; 00138 } 00139 00140 NTSTATUS 00141 NTAPI 00142 CmpSecurityMethod(IN PVOID ObjectBody, 00143 IN SECURITY_OPERATION_CODE OperationCode, 00144 IN PSECURITY_INFORMATION SecurityInformation, 00145 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 00146 IN OUT PULONG BufferLength, 00147 IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor, 00148 IN POOL_TYPE PoolType, 00149 IN PGENERIC_MAPPING GenericMapping) 00150 { 00151 /* HACK */ 00152 return STATUS_SUCCESS; 00153 }
Generated on Sun May 27 2012 04:37:08 for ReactOS by
1.7.6.1
