ReactOS Development > Doxygen
sid.c
Go to the documentation of this file.
00001 /* 00002 * COPYRIGHT: See COPYING in the top level directory 00003 * PROJECT: ReactOS kernel 00004 * FILE: ntoskrnl/se/sid.c 00005 * PURPOSE: Security manager 00006 * 00007 * PROGRAMMERS: David Welch <welch@cwcom.net> 00008 */ 00009 00010 /* INCLUDES *******************************************************************/ 00011 00012 #include <ntoskrnl.h> 00013 #define NDEBUG 00014 #include <debug.h> 00015 00016 #if defined (ALLOC_PRAGMA) 00017 #pragma alloc_text(INIT, SepInitSecurityIDs) 00018 #endif 00019 00020 /* GLOBALS ********************************************************************/ 00021 00022 SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY}; 00023 SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY}; 00024 SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY}; 00025 SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY}; 00026 SID_IDENTIFIER_AUTHORITY SeNtSidAuthority = {SECURITY_NT_AUTHORITY}; 00027 00028 PSID SeNullSid = NULL; 00029 PSID SeWorldSid = NULL; 00030 PSID SeLocalSid = NULL; 00031 PSID SeCreatorOwnerSid = NULL; 00032 PSID SeCreatorGroupSid = NULL; 00033 PSID SeCreatorOwnerServerSid = NULL; 00034 PSID SeCreatorGroupServerSid = NULL; 00035 PSID SeNtAuthoritySid = NULL; 00036 PSID SeDialupSid = NULL; 00037 PSID SeNetworkSid = NULL; 00038 PSID SeBatchSid = NULL; 00039 PSID SeInteractiveSid = NULL; 00040 PSID SeServiceSid = NULL; 00041 PSID SePrincipalSelfSid = NULL; 00042 PSID SeLocalSystemSid = NULL; 00043 PSID SeAuthenticatedUserSid = NULL; 00044 PSID SeRestrictedCodeSid = NULL; 00045 PSID SeAliasAdminsSid = NULL; 00046 PSID SeAliasUsersSid = NULL; 00047 PSID SeAliasGuestsSid = NULL; 00048 PSID SeAliasPowerUsersSid = NULL; 00049 PSID SeAliasAccountOpsSid = NULL; 00050 PSID SeAliasSystemOpsSid = NULL; 00051 PSID SeAliasPrintOpsSid = NULL; 00052 PSID SeAliasBackupOpsSid = NULL; 00053 PSID SeAuthenticatedUsersSid = NULL; 00054 PSID SeRestrictedSid = NULL; 00055 PSID SeAnonymousLogonSid = NULL; 00056 00057 /* FUNCTIONS ******************************************************************/ 00058 00059 VOID 00060 NTAPI 00061 FreeInitializedSids(VOID) 00062 { 00063 if (SeNullSid) ExFreePoolWithTag(SeNullSid, TAG_SID); 00064 if (SeWorldSid) ExFreePoolWithTag(SeWorldSid, TAG_SID); 00065 if (SeLocalSid) ExFreePoolWithTag(SeLocalSid, TAG_SID); 00066 if (SeCreatorOwnerSid) ExFreePoolWithTag(SeCreatorOwnerSid, TAG_SID); 00067 if (SeCreatorGroupSid) ExFreePoolWithTag(SeCreatorGroupSid, TAG_SID); 00068 if (SeCreatorOwnerServerSid) ExFreePoolWithTag(SeCreatorOwnerServerSid, TAG_SID); 00069 if (SeCreatorGroupServerSid) ExFreePoolWithTag(SeCreatorGroupServerSid, TAG_SID); 00070 if (SeNtAuthoritySid) ExFreePoolWithTag(SeNtAuthoritySid, TAG_SID); 00071 if (SeDialupSid) ExFreePoolWithTag(SeDialupSid, TAG_SID); 00072 if (SeNetworkSid) ExFreePoolWithTag(SeNetworkSid, TAG_SID); 00073 if (SeBatchSid) ExFreePoolWithTag(SeBatchSid, TAG_SID); 00074 if (SeInteractiveSid) ExFreePoolWithTag(SeInteractiveSid, TAG_SID); 00075 if (SeServiceSid) ExFreePoolWithTag(SeServiceSid, TAG_SID); 00076 if (SePrincipalSelfSid) ExFreePoolWithTag(SePrincipalSelfSid, TAG_SID); 00077 if (SeLocalSystemSid) ExFreePoolWithTag(SeLocalSystemSid, TAG_SID); 00078 if (SeAuthenticatedUserSid) ExFreePoolWithTag(SeAuthenticatedUserSid, TAG_SID); 00079 if (SeRestrictedCodeSid) ExFreePoolWithTag(SeRestrictedCodeSid, TAG_SID); 00080 if (SeAliasAdminsSid) ExFreePoolWithTag(SeAliasAdminsSid, TAG_SID); 00081 if (SeAliasUsersSid) ExFreePoolWithTag(SeAliasUsersSid, TAG_SID); 00082 if (SeAliasGuestsSid) ExFreePoolWithTag(SeAliasGuestsSid, TAG_SID); 00083 if (SeAliasPowerUsersSid) ExFreePoolWithTag(SeAliasPowerUsersSid, TAG_SID); 00084 if (SeAliasAccountOpsSid) ExFreePoolWithTag(SeAliasAccountOpsSid, TAG_SID); 00085 if (SeAliasSystemOpsSid) ExFreePoolWithTag(SeAliasSystemOpsSid, TAG_SID); 00086 if (SeAliasPrintOpsSid) ExFreePoolWithTag(SeAliasPrintOpsSid, TAG_SID); 00087 if (SeAliasBackupOpsSid) ExFreePoolWithTag(SeAliasBackupOpsSid, TAG_SID); 00088 if (SeAuthenticatedUsersSid) ExFreePoolWithTag(SeAuthenticatedUsersSid, TAG_SID); 00089 if (SeRestrictedSid) ExFreePoolWithTag(SeRestrictedSid, TAG_SID); 00090 if (SeAnonymousLogonSid) ExFreePoolWithTag(SeAnonymousLogonSid, TAG_SID); 00091 } 00092 00093 BOOLEAN 00094 INIT_FUNCTION 00095 NTAPI 00096 SepInitSecurityIDs(VOID) 00097 { 00098 ULONG SidLength0; 00099 ULONG SidLength1; 00100 ULONG SidLength2; 00101 PULONG SubAuthority; 00102 00103 SidLength0 = RtlLengthRequiredSid(0); 00104 SidLength1 = RtlLengthRequiredSid(1); 00105 SidLength2 = RtlLengthRequiredSid(2); 00106 00107 /* create NullSid */ 00108 SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00109 SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00110 SeLocalSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00111 SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00112 SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00113 SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00114 SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00115 SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, SidLength0, TAG_SID); 00116 SeDialupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00117 SeNetworkSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00118 SeBatchSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00119 SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00120 SeServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00121 SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00122 SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00123 SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00124 SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00125 SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); 00126 SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); 00127 SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); 00128 SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); 00129 SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); 00130 SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); 00131 SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); 00132 SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); 00133 SeAuthenticatedUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00134 SeRestrictedSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00135 SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); 00136 00137 if (SeNullSid == NULL || SeWorldSid == NULL || 00138 SeLocalSid == NULL || SeCreatorOwnerSid == NULL || 00139 SeCreatorGroupSid == NULL || SeCreatorOwnerServerSid == NULL || 00140 SeCreatorGroupServerSid == NULL || SeNtAuthoritySid == NULL || 00141 SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL || 00142 SeInteractiveSid == NULL || SeServiceSid == NULL || 00143 SePrincipalSelfSid == NULL || SeLocalSystemSid == NULL || 00144 SeAuthenticatedUserSid == NULL || SeRestrictedCodeSid == NULL || 00145 SeAliasAdminsSid == NULL || SeAliasUsersSid == NULL || 00146 SeAliasGuestsSid == NULL || SeAliasPowerUsersSid == NULL || 00147 SeAliasAccountOpsSid == NULL || SeAliasSystemOpsSid == NULL || 00148 SeAliasPrintOpsSid == NULL || SeAliasBackupOpsSid == NULL || 00149 SeAuthenticatedUsersSid == NULL || SeRestrictedSid == NULL || 00150 SeAnonymousLogonSid == NULL) 00151 { 00152 FreeInitializedSids(); 00153 return FALSE; 00154 } 00155 00156 RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1); 00157 RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1); 00158 RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1); 00159 RtlInitializeSid(SeCreatorOwnerSid, &SeCreatorSidAuthority, 1); 00160 RtlInitializeSid(SeCreatorGroupSid, &SeCreatorSidAuthority, 1); 00161 RtlInitializeSid(SeCreatorOwnerServerSid, &SeCreatorSidAuthority, 1); 00162 RtlInitializeSid(SeCreatorGroupServerSid, &SeCreatorSidAuthority, 1); 00163 RtlInitializeSid(SeNtAuthoritySid, &SeNtSidAuthority, 0); 00164 RtlInitializeSid(SeDialupSid, &SeNtSidAuthority, 1); 00165 RtlInitializeSid(SeNetworkSid, &SeNtSidAuthority, 1); 00166 RtlInitializeSid(SeBatchSid, &SeNtSidAuthority, 1); 00167 RtlInitializeSid(SeInteractiveSid, &SeNtSidAuthority, 1); 00168 RtlInitializeSid(SeServiceSid, &SeNtSidAuthority, 1); 00169 RtlInitializeSid(SePrincipalSelfSid, &SeNtSidAuthority, 1); 00170 RtlInitializeSid(SeLocalSystemSid, &SeNtSidAuthority, 1); 00171 RtlInitializeSid(SeAuthenticatedUserSid, &SeNtSidAuthority, 1); 00172 RtlInitializeSid(SeRestrictedCodeSid, &SeNtSidAuthority, 1); 00173 RtlInitializeSid(SeAliasAdminsSid, &SeNtSidAuthority, 2); 00174 RtlInitializeSid(SeAliasUsersSid, &SeNtSidAuthority, 2); 00175 RtlInitializeSid(SeAliasGuestsSid, &SeNtSidAuthority, 2); 00176 RtlInitializeSid(SeAliasPowerUsersSid, &SeNtSidAuthority, 2); 00177 RtlInitializeSid(SeAliasAccountOpsSid, &SeNtSidAuthority, 2); 00178 RtlInitializeSid(SeAliasSystemOpsSid, &SeNtSidAuthority, 2); 00179 RtlInitializeSid(SeAliasPrintOpsSid, &SeNtSidAuthority, 2); 00180 RtlInitializeSid(SeAliasBackupOpsSid, &SeNtSidAuthority, 2); 00181 RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1); 00182 RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1); 00183 RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1); 00184 00185 SubAuthority = RtlSubAuthoritySid(SeNullSid, 0); 00186 *SubAuthority = SECURITY_NULL_RID; 00187 SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0); 00188 *SubAuthority = SECURITY_WORLD_RID; 00189 SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0); 00190 *SubAuthority = SECURITY_LOCAL_RID; 00191 SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0); 00192 *SubAuthority = SECURITY_CREATOR_OWNER_RID; 00193 SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0); 00194 *SubAuthority = SECURITY_CREATOR_GROUP_RID; 00195 SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0); 00196 *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID; 00197 SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0); 00198 *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID; 00199 SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0); 00200 *SubAuthority = SECURITY_DIALUP_RID; 00201 SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0); 00202 *SubAuthority = SECURITY_NETWORK_RID; 00203 SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0); 00204 *SubAuthority = SECURITY_BATCH_RID; 00205 SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0); 00206 *SubAuthority = SECURITY_INTERACTIVE_RID; 00207 SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0); 00208 *SubAuthority = SECURITY_SERVICE_RID; 00209 SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0); 00210 *SubAuthority = SECURITY_PRINCIPAL_SELF_RID; 00211 SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0); 00212 *SubAuthority = SECURITY_LOCAL_SYSTEM_RID; 00213 SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0); 00214 *SubAuthority = SECURITY_AUTHENTICATED_USER_RID; 00215 SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0); 00216 *SubAuthority = SECURITY_RESTRICTED_CODE_RID; 00217 SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0); 00218 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; 00219 SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1); 00220 *SubAuthority = DOMAIN_ALIAS_RID_ADMINS; 00221 SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0); 00222 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; 00223 SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1); 00224 *SubAuthority = DOMAIN_ALIAS_RID_USERS; 00225 SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0); 00226 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; 00227 SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1); 00228 *SubAuthority = DOMAIN_ALIAS_RID_GUESTS; 00229 SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0); 00230 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; 00231 SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1); 00232 *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS; 00233 SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0); 00234 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; 00235 SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1); 00236 *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS; 00237 SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0); 00238 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; 00239 SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1); 00240 *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS; 00241 SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0); 00242 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; 00243 SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1); 00244 *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS; 00245 SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0); 00246 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; 00247 SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1); 00248 *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS; 00249 SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0); 00250 *SubAuthority = SECURITY_AUTHENTICATED_USER_RID; 00251 SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0); 00252 *SubAuthority = SECURITY_RESTRICTED_CODE_RID; 00253 SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0); 00254 *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID; 00255 00256 return TRUE; 00257 } 00258 00259 NTSTATUS 00260 NTAPI 00261 SepCaptureSid(IN PSID InputSid, 00262 IN KPROCESSOR_MODE AccessMode, 00263 IN POOL_TYPE PoolType, 00264 IN BOOLEAN CaptureIfKernel, 00265 OUT PSID *CapturedSid) 00266 { 00267 ULONG SidSize = 0; 00268 PISID NewSid, Sid = (PISID)InputSid; 00269 00270 PAGED_CODE(); 00271 00272 if (AccessMode != KernelMode) 00273 { 00274 _SEH2_TRY 00275 { 00276 ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR)); 00277 SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount); 00278 ProbeForRead(Sid, SidSize, sizeof(UCHAR)); 00279 } 00280 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) 00281 { 00282 /* Return the exception code */ 00283 _SEH2_YIELD(return _SEH2_GetExceptionCode()); 00284 } 00285 _SEH2_END; 00286 00287 /* allocate a SID and copy it */ 00288 NewSid = ExAllocatePool(PoolType, SidSize); 00289 if (!NewSid) 00290 return STATUS_INSUFFICIENT_RESOURCES; 00291 00292 _SEH2_TRY 00293 { 00294 RtlCopyMemory(NewSid, Sid, SidSize); 00295 00296 *CapturedSid = NewSid; 00297 } 00298 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) 00299 { 00300 /* Free the SID and return the exception code */ 00301 ExFreePoolWithTag(NewSid, TAG_SID); 00302 _SEH2_YIELD(return _SEH2_GetExceptionCode()); 00303 } 00304 _SEH2_END; 00305 } 00306 else if (!CaptureIfKernel) 00307 { 00308 *CapturedSid = InputSid; 00309 } 00310 else 00311 { 00312 SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount); 00313 00314 /* allocate a SID and copy it */ 00315 NewSid = ExAllocatePool(PoolType, SidSize); 00316 if (NewSid == NULL) 00317 return STATUS_INSUFFICIENT_RESOURCES; 00318 00319 RtlCopyMemory(NewSid, Sid, SidSize); 00320 00321 *CapturedSid = NewSid; 00322 } 00323 00324 return STATUS_SUCCESS; 00325 } 00326 00327 VOID 00328 NTAPI 00329 SepReleaseSid(IN PSID CapturedSid, 00330 IN KPROCESSOR_MODE AccessMode, 00331 IN BOOLEAN CaptureIfKernel) 00332 { 00333 PAGED_CODE(); 00334 00335 if (CapturedSid != NULL && 00336 (AccessMode != KernelMode || 00337 (AccessMode == KernelMode && CaptureIfKernel))) 00338 { 00339 ExFreePoolWithTag(CapturedSid, TAG_SID); 00340 } 00341 } 00342 00343 /* EOF */
Generated on Sun May 27 2012 04:22:44 for ReactOS by
1.7.6.1
