Include dependency graph for sd.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ RtlAbsoluteToSelfRelativeSD()
| NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD | ( | IN PSECURITY_DESCRIPTOR | AbsoluteSecurityDescriptor, |
| IN OUT PSECURITY_DESCRIPTOR | SelfRelativeSecurityDescriptor, | ||
| IN PULONG | BufferLength | ||
| ) |
Definition at line 626 of file sd.c.
629{
631 PAGED_CODE_RTL();
632
633 /* Can't already be relative */
635
636 /* Call the other API */
639 BufferLength);
640}
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
Definition: rtlfuncs.h:1623
_Out_writes_bytes_to_opt_ BufferLength PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
Definition: rtlfuncs.h:1152
NTSTATUS NTAPI RtlMakeSelfRelativeSD(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSECURITY_DESCRIPTOR SelfRelativeSD, IN OUT PULONG BufferLength)
Definition: sd.c:647
Definition: ms-dtyp.idl:301
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3777
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
Referenced by fcb_get_sd(), get_top_level_sd(), IntCreateServiceSecurity(), LsapCreateAccountSd(), LsapCreatePolicySd(), LsapCreateSecretSd(), LsapCreateTokenSd(), MakeSelfRelativeSD(), RtlpSysVolCheckOwnerAndSecurity(), RtlQuerySecurityObject(), SampCreateAccountDomainSD(), SampCreateAliasSD(), SampCreateBuiltinDomainSD(), SampCreateGroupSD(), SampCreateServerSD(), SampCreateUserSD(), ScmCreateDefaultServiceSD(), and TiCreateSecurityDescriptor().
◆ RtlCopySecurityDescriptor()
| NTSTATUS NTAPI RtlCopySecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | pSourceSecurityDescriptor, |
| OUT PSECURITY_DESCRIPTOR * | pDestinationSecurityDescriptor | ||
| ) |
Definition at line 582 of file sd.c.
584{
588 PISECURITY_DESCRIPTOR Sd = pSourceSecurityDescriptor;
589
590 /* Get all the components */
591 RtlpQuerySecurityDescriptor(Sd,
592 &Owner,
593 &OwnerLength,
594 &Group,
595 &GroupLength,
596 &Dacl,
597 &DaclLength,
598 &Sacl,
599 &SaclLength);
600
601 /* Add up their lengths */
603 OwnerLength +
604 GroupLength +
605 DaclLength +
606 SaclLength;
607
608 /* Allocate a copy */
609 *pDestinationSecurityDescriptor = RtlAllocateHeap(RtlGetProcessHeap(),
610 0,
611 TotalLength);
613
614 /* Copy the old in the new */
616
617 /* All good */
619}
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:616
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1625
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1629
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1627
VOID NTAPI RtlpQuerySecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PULONG OwnerSize, OUT PSID *PrimaryGroup, OUT PULONG PrimaryGroupSize, OUT PACL *Dacl, OUT PULONG DaclSize, OUT PACL *Sacl, OUT PULONG SaclSize)
Definition: sd.c:45
Definition: ms-dtyp.idl:293
Definition: ms-dtyp.idl:198
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
◆ RtlCreateSecurityDescriptor()
| NTSTATUS NTAPI RtlCreateSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN ULONG | Revision | ||
| ) |
Definition at line 117 of file sd.c.
119{
121 PAGED_CODE_RTL();
122
123 /* Fail on invalid revisions */
125
126 /* Setup an empty SD */
129
130 /* All good */
132}
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
◆ RtlCreateSecurityDescriptorRelative()
| NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative | ( | IN PISECURITY_DESCRIPTOR_RELATIVE | SecurityDescriptor, |
| IN ULONG | Revision | ||
| ) |
Definition at line 139 of file sd.c.
141{
142 PAGED_CODE_RTL();
143
144 /* Fail on invalid revisions */
146
147 /* Setup an empty SD */
151
152 /* All good */
154}
◆ RtlGetControlSecurityDescriptor()
| NTSTATUS NTAPI RtlGetControlSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PSECURITY_DESCRIPTOR_CONTROL | Control, | ||
| OUT PULONG | Revision | ||
| ) |
Definition at line 439 of file sd.c.
442{
444 PAGED_CODE_RTL();
445
446 /* Read current revision, even if invalid */
448
449 /* Fail on invalid revision */
451
452 /* Read current control */
454
455 /* All good */
457}
◆ RtlGetDaclSecurityDescriptor()
| NTSTATUS NTAPI RtlGetDaclSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PBOOLEAN | DaclPresent, | ||
| OUT PACL * | Dacl, | ||
| OUT PBOOLEAN | DaclDefaulted | ||
| ) |
Definition at line 199 of file sd.c.
203{
205 PAGED_CODE_RTL();
206
207 /* Fail on invalid revisions */
209
210 /* Is there a DACL? */
213 {
214 /* Yes, return it, and check if defaulted */
217 }
218
219 /* All good */
221}
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:129
◆ RtlGetGroupSecurityDescriptor()
| NTSTATUS NTAPI RtlGetGroupSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PSID * | Group, | ||
| OUT PBOOLEAN | GroupDefaulted | ||
| ) |
Definition at line 280 of file sd.c.
283{
285 PAGED_CODE_RTL();
286
287 /* Fail on invalid revision */
289
290 /* Get the group and if defaulted */
293
294 /* All good */
296}
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:89
Referenced by _test_group(), CheckDirectorySecurity__(), CheckKeySecurity__(), GetSecurityDescriptorGroup(), RtlpSetSecurityObject(), and RtlQuerySecurityObject().
◆ RtlGetOwnerSecurityDescriptor()
| NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PSID * | Owner, | ||
| OUT PBOOLEAN | OwnerDefaulted | ||
| ) |
Definition at line 257 of file sd.c.
260{
262 PAGED_CODE_RTL();
263
264 /* Fail on invalid revision */
266
267 /* Get the owner and if defaulted */
270
271 /* All good */
273}
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:109
Referenced by CheckDirectorySecurity__(), CheckKeySecurity__(), create_directory_fcb(), create_subvol(), fcb_get_new_sd(), GetSecurityDescriptorOwner(), mknod(), RtlpSetSecurityObject(), RtlpSysVolCheckOwnerAndSecurity(), and RtlQuerySecurityObject().
◆ RtlGetSaclSecurityDescriptor()
| NTSTATUS NTAPI RtlGetSaclSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PBOOLEAN | SaclPresent, | ||
| OUT PACL * | Sacl, | ||
| OUT PBOOLEAN | SaclDefaulted | ||
| ) |
Definition at line 228 of file sd.c.
232{
234 PAGED_CODE_RTL();
235
236 /* Fail on invalid revisions */
238
239 /* Is there a SACL? */
242 {
243 /* Yes, return it, and check if defaulted */
246 }
247
248 /* All good */
250}
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:151
◆ RtlGetSecurityDescriptorRMControl()
| BOOLEAN NTAPI RtlGetSecurityDescriptorRMControl | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PUCHAR | RMControl | ||
| ) |
Definition at line 500 of file sd.c.
502{
504 PAGED_CODE_RTL();
505
506 /* Check if there's no valid RM control */
508 {
509 /* Fail and return nothing */
510 *RMControl = 0;
512 }
513
514 /* Return it, ironically the member is "should be zero" */
515 *RMControl = Sd->Sbz1;
517}
◆ RtlLengthSecurityDescriptor()
| ULONG NTAPI RtlLengthSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor | ) |
Definition at line 161 of file sd.c.
162{
163 PISECURITY_DESCRIPTOR Sd;
167 PAGED_CODE_RTL();
168
169 /* Start with the initial length of the SD itself */
172 {
174 }
175 else
176 {
178 }
179
180 /* Add the length of the individual subcomponents */
189
190 /* Return the final length */
192}
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
◆ RtlMakeSelfRelativeSD()
| NTSTATUS NTAPI RtlMakeSelfRelativeSD | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PSECURITY_DESCRIPTOR | SelfRelativeSD, | ||
| IN OUT PULONG | BufferLength | ||
| ) |
Definition at line 647 of file sd.c.
650{
654 ULONG_PTR Current;
656 PAGED_CODE_RTL();
657
658 /* Query all components */
660 &Owner,
661 &OwnerLength,
662 &Group,
663 &GroupLength,
664 &Dacl,
665 &DaclLength,
666 &Sacl,
667 &SaclLength);
668
669 /* Calculate final length */
671 OwnerLength +
672 GroupLength +
673 SaclLength +
674 DaclLength;
675
676 /* Is there enough space? */
678 {
679 /* Nope, return how much is needed */
682 }
683
684 /* Start fresh */
686
687 /* Copy the header fields */
688 RtlCopyMemory(RelSd,
689 SecurityDescriptor,
691
692 /* Set the current copy pointer */
693 Current = (ULONG_PTR)(RelSd + 1);
694
695 /* Is there a SACL? */
696 if (SaclLength)
697 {
698 /* Copy it */
701 Current += SaclLength;
702 }
703
704 /* Is there a DACL? */
705 if (DaclLength)
706 {
707 /* Copy it */
710 Current += DaclLength;
711 }
712
713 /* Is there an owner? */
714 if (OwnerLength)
715 {
716 /* Copy it */
719 Current += OwnerLength;
720 }
721
722 /* Is there a group? */
724 {
725 /* Copy it */
728 }
729
730 /* Mark it as relative */
732
733 /* All good */
735}
Definition: nsiface.idl:2307
Definition: setypes.h:848
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
Referenced by RtlAbsoluteToSelfRelativeSD().
◆ RtlpQuerySecurityDescriptor()
| VOID NTAPI RtlpQuerySecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PSID * | Owner, | ||
| OUT PULONG | OwnerSize, | ||
| OUT PSID * | PrimaryGroup, | ||
| OUT PULONG | PrimaryGroupSize, | ||
| OUT PACL * | Dacl, | ||
| OUT PULONG | DaclSize, | ||
| OUT PACL * | Sacl, | ||
| OUT PULONG | SaclSize | ||
| ) |
Definition at line 45 of file sd.c.
54{
55 PAGED_CODE_RTL();
56
57 /* Get the owner */
60 {
61 /* There's an owner, so align the size */
63 }
64 else
65 {
66 /* No owner, no size */
67 *OwnerSize = 0;
68 }
69
70 /* Get the group */
73 {
74 /* There's a group, so align the size */
76 }
77 else
78 {
79 /* No group, no size */
80 *PrimaryGroupSize = 0;
81 }
82
83 /* Get the DACL */
86 {
87 /* There's a DACL, align the size */
89 }
90 else
91 {
92 /* No DACL, no size */
93 *DaclSize = 0;
94 }
95
96 /* Get the SACL */
99 {
100 /* There's a SACL, align the size */
102 }
103 else
104 {
105 /* No SACL, no size */
106 *SaclSize = 0;
107 }
108}
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1630
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1631
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1628
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID _Inout_ PULONG PrimaryGroupSize
Definition: rtlfuncs.h:1633
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1626
Referenced by RtlCopySecurityDescriptor(), RtlMakeSelfRelativeSD(), RtlSelfRelativeToAbsoluteSD(), and RtlSelfRelativeToAbsoluteSD2().
◆ RtlpValidateSDOffsetAndSize()
| BOOLEAN NTAPI RtlpValidateSDOffsetAndSize | ( | IN ULONG | Offset, |
| IN ULONG | Length, | ||
| IN ULONG | MinLength, | ||
| OUT PULONG | MaxLength | ||
| ) |
Definition at line 20 of file sd.c.
24{
25 /* Assume failure */
26 *MaxLength = 0;
27
28 /* Reject out of bounds lengths */
31
32 /* Reject insufficient lengths */
34
35 /* Reject unaligned offsets */
37
38 /* Return length that is safe to read */
41}
Referenced by RtlValidRelativeSecurityDescriptor().
◆ RtlSelfRelativeToAbsoluteSD()
| NTSTATUS NTAPI RtlSelfRelativeToAbsoluteSD | ( | IN PSECURITY_DESCRIPTOR | SelfRelativeSD, |
| OUT PSECURITY_DESCRIPTOR | AbsoluteSD, | ||
| IN PULONG | AbsoluteSDSize, | ||
| IN PACL | Dacl, | ||
| IN PULONG | DaclSize, | ||
| IN PACL | Sacl, | ||
| IN PULONG | SaclSize, | ||
| IN PSID | Owner, | ||
| IN PULONG | OwnerSize, | ||
| IN PSID | PrimaryGroup, | ||
| IN PULONG | PrimaryGroupSize | ||
| ) |
Definition at line 742 of file sd.c.
753{
757 PSID pOwner, pGroup;
758 PACL pDacl, pSacl;
759 PAGED_CODE_RTL();
760
761 /* Must be relative, otherwiise fail */
763
764 /* Get all the components */
765 RtlpQuerySecurityDescriptor(RelSd,
766 &pOwner,
767 &OwnerLength,
768 &pGroup,
769 &GroupLength,
770 &pDacl,
771 &DaclLength,
772 &pSacl,
773 &SaclLength);
774
775 /* Fail if there's not enough space */
776 if (!(Sd) ||
778 (OwnerLength > *OwnerSize) ||
780 (DaclLength > *DaclSize) ||
781 (SaclLength > *SaclSize))
782 {
783 /* Return how much space is needed for each components */
785 *OwnerSize = OwnerLength;
787 *DaclSize = DaclLength;
788 *SaclSize = SaclLength;
790 }
791
792 /* Copy the header fields */
794
795 /* Wipe out the pointers and the relative flag */
800 Sd->Control &= ~SE_SELF_RELATIVE;
801
802 /* Is there an owner? */
803 if (pOwner)
804 {
805 /* Copy it */
808 }
809
810 /* Is there a group? */
811 if (pGroup)
812 {
813 /* Copy it */
816 }
817
818 /* Is there a DACL? */
819 if (pDacl)
820 {
821 /* Copy it */
824 }
825
826 /* Is there a SACL? */
827 if (pSacl)
828 {
829 /* Copy it */
832 }
833
834 /* All good */
836}
◆ RtlSelfRelativeToAbsoluteSD2()
| NTSTATUS NTAPI RtlSelfRelativeToAbsoluteSD2 | ( | IN OUT PSECURITY_DESCRIPTOR | SelfRelativeSD, |
| OUT PULONG | BufferSize | ||
| ) |
Definition at line 843 of file sd.c.
845{
848 PVOID DataStart, DataEnd;
849 LONG MoveDelta;
851 PSID pOwner, pGroup;
852 PACL pDacl, pSacl;
853 PAGED_CODE_RTL();
854
855 /* Need input */
857
858 /* Need to know how much space we have */
860
861 /* Input must be relative */
863
864 /* Query all the component sizes */
865 RtlpQuerySecurityDescriptor(Sd,
866 &pOwner,
867 &OwnerLength,
868 &pGroup,
869 &GroupLength,
870 &pDacl,
871 &DaclLength,
872 &pSacl,
873 &SaclLength);
874
875 /*
876 * Check if there's a difference in structure layout between relatiev and
877 * absolute descriptors. On 32-bit, there won't be, since an offset is the
878 * same size as a pointer (32-bit), but on 64-bit, the offsets remain 32-bit
879 * as they are not SIZE_T, but ULONG, while the pointers now become 64-bit
880 * and thus the structure is different */
882 if (!MoveDelta)
883 {
884 /* So on 32-bit, simply clear the flag... */
885 Sd->Control &= ~SE_SELF_RELATIVE;
886
887 /* Ensure we're *really* on 32-bit */
892
893 /* And simply set pointers where there used to be offsets */
894 Sd->Owner = pOwner;
895 Sd->Group = pGroup;
896 Sd->Sacl = pSacl;
897 Sd->Dacl = pDacl;
899 }
900
901 /*
902 * Calculate the start and end of the data area, we simply just move the
903 * data by the difference between the size of the relative and absolute
904 * security descriptor structure
905 */
906 DataStart = pOwner;
908
909 /* Is there a group? */
910 if (pGroup)
911 {
912 /* Is the group higher than where we started? */
914 {
915 /* Update the start pointer */
916 DataStart = pGroup;
917 }
918
919 /* Is the group beyond where we ended? */
921 {
922 /* Update the end pointer */
924 }
925 }
926
927 /* Is there a DACL? */
928 if (pDacl)
929 {
930 /* Is the DACL higher than where we started? */
932 {
933 /* Update the start pointer */
934 DataStart = pDacl;
935 }
936
937 /* Is the DACL beyond where we ended? */
939 {
940 /* Update the end pointer */
942 }
943 }
944
945 /* Is there a SACL? */
946 if (pSacl)
947 {
948 /* Is the SACL higher than where we started? */
950 {
951 /* Update the start pointer */
952 DataStart = pSacl;
953 }
954
955 /* Is the SACL beyond where we ended? */
957 {
958 /* Update the end pointer */
960 }
961 }
962
963 /* Sanity check */
965
966 /* Now compute the difference between relative and absolute */
968
969 /* Is the new buffer large enough for this difference? */
971 {
972 /* Nope, bail out */
975 }
976
977 /* Is there anything actually to copy? */
979 {
980 /*
981 * There must be at least one SID or ACL in the security descriptor!
982 * Also the data area must be located somewhere after the end of the
983 * SECURITY_DESCRIPTOR_RELATIVE structure
984 */
987
988 /* It's time to move the data */
990 DataStart,
991 DataSize);
992 }
993
994 /* Is there an owner? */
995 if (pOwner)
996 {
997 /* Set the pointer to the relative position */
999 }
1000 else
1001 {
1002 /* No owner, clear the pointer */
1004 }
1005
1006 /* Is there a group */
1007 if (pGroup)
1008 {
1009 /* Set the pointer to the relative position */
1011 }
1012 else
1013 {
1014 /* No group, clear the pointer */
1016 }
1017
1018 /* Is there a SACL? */
1019 if (pSacl)
1020 {
1021 /* Set the pointer to the relative position */
1023 }
1024 else
1025 {
1026 /* No SACL, clear the pointer */
1028 }
1029
1030 /* Is there a DACL? */
1031 if (pDacl)
1032 {
1033 /* Set the pointer to the relative position */
1035 }
1036 else
1037 {
1038 /* No DACL, clear the pointer */
1040 }
1041
1042 /* Clear the self-relative flag */
1043 Sd->Control &= ~SE_SELF_RELATIVE;
1044
1045 /* All good */
1047}
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT _In_opt_ PVOID _In_ ULONG DataSize
Definition: ndis.h:4755
◆ RtlSetAttributesSecurityDescriptor()
| NTSTATUS NTAPI RtlSetAttributesSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN SECURITY_DESCRIPTOR_CONTROL | Control, | ||
| OUT PULONG | Revision | ||
| ) |
Definition at line 550 of file sd.c.
553{
555 PAGED_CODE_RTL();
556
557 /* Always return revision, even if invalid */
559
560 /* Fail on invalid revision */
562
563 /* Mask out flags which are not attributes */
565 SE_SERVER_SECURITY |
566 SE_DACL_AUTO_INHERIT_REQ |
567 SE_SACL_AUTO_INHERIT_REQ |
568 SE_DACL_AUTO_INHERITED |
569 SE_SACL_AUTO_INHERITED |
570 SE_DACL_PROTECTED |
571 SE_SACL_PROTECTED;
572
573 /* Call the newer API */
575}
NTSTATUS NTAPI RtlSetControlSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, IN SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet)
Definition: sd.c:464
◆ RtlSetControlSecurityDescriptor()
| NTSTATUS NTAPI RtlSetControlSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN SECURITY_DESCRIPTOR_CONTROL | ControlBitsOfInterest, | ||
| IN SECURITY_DESCRIPTOR_CONTROL | ControlBitsToSet | ||
| ) |
Definition at line 464 of file sd.c.
467{
469
470 /* Check for invalid bits */
472 SE_SERVER_SECURITY |
473 SE_DACL_AUTO_INHERIT_REQ |
474 SE_SACL_AUTO_INHERIT_REQ |
475 SE_DACL_AUTO_INHERITED |
476 SE_SACL_AUTO_INHERITED |
477 SE_DACL_PROTECTED |
478 SE_SACL_PROTECTED)) ||
479 (ControlBitsToSet & ~ControlBitsOfInterest))
480 {
481 /* Fail */
483 }
484
485 /* Zero the 'bits of interest' */
486 Sd->Control &= ~ControlBitsOfInterest;
487
488 /* Set the 'bits to set' */
489 Sd->Control |= (ControlBitsToSet & ControlBitsOfInterest);
490
491 /* All good */
493}
Referenced by RtlSetAttributesSecurityDescriptor().
◆ RtlSetDaclSecurityDescriptor()
| NTSTATUS NTAPI RtlSetDaclSecurityDescriptor | ( | IN OUT PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN BOOLEAN | DaclPresent, | ||
| IN PACL | Dacl, | ||
| IN BOOLEAN | DaclDefaulted | ||
| ) |
Definition at line 303 of file sd.c.
307{
309 PAGED_CODE_RTL();
310
311 /* Fail on invalid revision */
313
314 /* Fail on relative descriptors */
316
317 /* Is there a DACL? */
319 {
320 /* Caller is destroying the DACL, unset the flag and we're done */
323 }
324
325 /* Caller is setting a new DACL, set the pointer and flag */
328
329 /* Set if defaulted */
330 Sd->Control &= ~SE_DACL_DEFAULTED;
332
333 /* All good */
335}
◆ RtlSetGroupSecurityDescriptor()
| NTSTATUS NTAPI RtlSetGroupSecurityDescriptor | ( | IN OUT PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN PSID | Group, | ||
| IN BOOLEAN | GroupDefaulted | ||
| ) |
Definition at line 410 of file sd.c.
413{
415 PAGED_CODE_RTL();
416
417 /* Fail on invalid revision */
419
420 /* Fail on relative descriptors */
422
423 /* Group being set or cleared */
425
426 /* Set if defaulted */
427 Sd->Control &= ~SE_GROUP_DEFAULTED;
429
430 /* All good */
432}
Referenced by AccessCheckEmptyMappingTest(), AccessGrantedMultipleObjectsTests(), AccessGrantedNoDaclTests(), AccessGrantedTests(), CheckTokenMembership(), DenyAccessTests(), fcb_get_sd(), get_top_level_sd(), GrantedAccessTests(), IntCreateServiceSecurity(), LsapCreateAccountSd(), LsapCreatePolicySd(), LsapCreateSecretSd(), ParamsValidationTests(), ParamValidationNoObjsList(), RtlQuerySecurityObject(), SampCreateAccountDomainSD(), SampCreateAliasSD(), SampCreateBuiltinDomainSD(), SampCreateGroupSD(), SampCreateServerSD(), SampCreateUserSD(), ScmCreateDefaultSD(), ScmCreatePipeSD(), SetSecurityDescriptorGroup(), and TiCreateSecurityDescriptor().
◆ RtlSetOwnerSecurityDescriptor()
| NTSTATUS NTAPI RtlSetOwnerSecurityDescriptor | ( | IN OUT PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN PSID | Owner, | ||
| IN BOOLEAN | OwnerDefaulted | ||
| ) |
Definition at line 381 of file sd.c.
384{
386 PAGED_CODE_RTL();
387
388 /* Fail on invalid revision */
390
391 /* Fail on relative descriptors */
393
394 /* Owner being set or cleared */
396
397 /* Set if defaulted */
398 Sd->Control &= ~SE_OWNER_DEFAULTED;
400
401 /* All good */
403}
◆ RtlSetSaclSecurityDescriptor()
| NTSTATUS NTAPI RtlSetSaclSecurityDescriptor | ( | IN OUT PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN BOOLEAN | SaclPresent, | ||
| IN PACL | Sacl, | ||
| IN BOOLEAN | SaclDefaulted | ||
| ) |
Definition at line 342 of file sd.c.
346{
348 PAGED_CODE_RTL();
349
350 /* Fail on invalid revision */
352
353 /* Fail on relative descriptors */
355
356 /* Is there a SACL? */
358 {
359 /* Caller is clearing the SACL, unset the flag and we're done */
362 }
363
364 /* Caller is setting a new SACL, set it and the flag */
367
368 /* Set if defaulted */
369 Sd->Control &= ~SE_SACL_DEFAULTED;
371
372 /* All good */
374}
Referenced by RtlQuerySecurityObject(), SampCreateAccountDomainSD(), SampCreateAliasSD(), SampCreateBuiltinDomainSD(), SampCreateGroupSD(), SampCreateServerSD(), SampCreateUserSD(), ScmCreateDefaultSD(), SetSecurityDescriptorSacl(), and TestSeAssignSecurity().
◆ RtlSetSecurityDescriptorRMControl()
| VOID NTAPI RtlSetSecurityDescriptorRMControl | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN PUCHAR | RMControl | ||
| ) |
◆ RtlValidRelativeSecurityDescriptor()
| BOOLEAN NTAPI RtlValidRelativeSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptorInput, |
| IN ULONG | SecurityDescriptorLength, | ||
| IN SECURITY_INFORMATION | RequiredInformation | ||
| ) |
Definition at line 1098 of file sd.c.
1101{
1106 PAGED_CODE_RTL();
1107
1108 /* Note that Windows allows no DACL/SACL even if RequiredInfo wants it */
1109
1110 /* Do we have enough space, is the revision vaild, and is this SD relative? */
1114 {
1115 /* Nope, bail out */
1117 }
1118
1119 /* Is there an owner? */
1121 {
1122 /* Try to access it */
1124 SecurityDescriptorLength,
1126 &Length))
1127 {
1128 /* It's beyond the buffer, fail */
1130 }
1131
1132 /* Read the owner, check if it's valid and if the buffer contains it */
1135 }
1137 {
1138 /* No owner but the caller expects one, fail */
1140 }
1141
1142 /* Is there a group? */
1143 if (Sd->Group)
1144 {
1145 /* Try to access it */
1147 SecurityDescriptorLength,
1149 &Length))
1150 {
1151 /* It's beyond the buffer, fail */
1153 }
1154
1155 /* Read the group, check if it's valid and if the buffer contains it */
1158 }
1160 {
1161 /* No group, but the caller expects one, fail */
1163 }
1164
1165 /* Is there a DACL? */
1167 {
1168 /* Try to access it */
1170 SecurityDescriptorLength,
1172 &Length))
1173 {
1174 /* It's beyond the buffer, fail */
1176 }
1177
1178 /* Read the DACL, check if it's valid and if the buffer contains it */
1181 }
1182
1183 /* Is there a SACL? */
1185 {
1186 /* Try to access it */
1188 SecurityDescriptorLength,
1190 &Length))
1191 {
1192 /* It's beyond the buffer, fail */
1194 }
1195
1196 /* Read the SACL, check if it's valid and if the buffer contains it */
1199 }
1200
1201 /* All good */
1203}
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
_In_ ULONG _In_ SECURITY_INFORMATION RequiredInformation
Definition: rtlfuncs.h:1748
BOOLEAN NTAPI RtlpValidateSDOffsetAndSize(IN ULONG Offset, IN ULONG Length, IN ULONG MinLength, OUT PULONG MaxLength)
Definition: sd.c:20
◆ RtlValidSecurityDescriptor()
| BOOLEAN NTAPI RtlValidSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor | ) |
Definition at line 1054 of file sd.c.
1055{
1059 PAGED_CODE_RTL();
1060
1061 _SEH2_TRY
1062 {
1063 /* Fail on bad revisions */
1065
1066 /* Owner SID must be valid if present */
1069
1070 /* Group SID must be valid if present */
1073
1074 /* DACL must be valid if present */
1077
1078 /* SACL must be valid if present */
1081 }
1083 {
1084 /* Access fault, bail out */
1086 }
1087 _SEH2_END;
1088
1089 /* All good */
1091}
Referenced by IsValidSecurityDescriptor(), LsarSetSecurityObject(), RSetServiceObjectSecurity(), SamrSetSecurityObject(), and UDFReadSecurity().
