Include dependency graph for sd.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ RtlAbsoluteToSelfRelativeSD()
| NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD | ( | IN PSECURITY_DESCRIPTOR | AbsoluteSecurityDescriptor, |
| IN OUT PSECURITY_DESCRIPTOR | SelfRelativeSecurityDescriptor, | ||
| IN PULONG | BufferLength | ||
| ) |
Definition at line 626 of file sd.c.
629{
631 PAGED_CODE_RTL();
632
633 /* Can't already be relative */
635
636 /* Call the other API */
639 BufferLength);
640}
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
Definition: rtlfuncs.h:1591
_Out_writes_bytes_to_opt_ BufferLength PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
Definition: rtlfuncs.h:1120
NTSTATUS NTAPI RtlMakeSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSD, OUT PSECURITY_DESCRIPTOR SelfRelativeSD, IN OUT PULONG BufferLength)
Definition: sd.c:647
Definition: ms-dtyp.idl:301
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
Referenced by fcb_get_sd(), get_top_level_sd(), IntCreateServiceSecurity(), LsapCreateAccountSd(), LsapCreatePolicySd(), LsapCreateSecretSd(), LsapCreateTokenSd(), MakeSelfRelativeSD(), RtlpSysVolCheckOwnerAndSecurity(), RtlQuerySecurityObject(), SampCreateAccountDomainSD(), SampCreateAliasSD(), SampCreateBuiltinDomainSD(), SampCreateGroupSD(), SampCreateServerSD(), SampCreateUserSD(), and ScmCreateDefaultServiceSD().
◆ RtlCopySecurityDescriptor()
| NTSTATUS NTAPI RtlCopySecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | pSourceSecurityDescriptor, |
| OUT PSECURITY_DESCRIPTOR * | pDestinationSecurityDescriptor | ||
| ) |
Definition at line 582 of file sd.c.
584{
588 PISECURITY_DESCRIPTOR Sd = pSourceSecurityDescriptor;
589
590 /* Get all the components */
591 RtlpQuerySecurityDescriptor(Sd,
592 &Owner,
593 &OwnerLength,
594 &Group,
595 &GroupLength,
596 &Dacl,
597 &DaclLength,
598 &Sacl,
599 &SaclLength);
600
601 /* Add up their lengths */
603 OwnerLength +
604 GroupLength +
605 DaclLength +
606 SaclLength;
607
608 /* Allocate a copy */
609 *pDestinationSecurityDescriptor = RtlAllocateHeap(RtlGetProcessHeap(),
610 0,
611 TotalLength);
613
614 /* Copy the old in the new */
616
617 /* All good */
619}
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1597
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1595
VOID NTAPI RtlpQuerySecurityDescriptor(IN PISECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PULONG OwnerSize, OUT PSID *PrimaryGroup, OUT PULONG PrimaryGroupSize, OUT PACL *Dacl, OUT PULONG DaclSize, OUT PACL *Sacl, OUT PULONG SaclSize)
Definition: sd.c:45
Definition: ms-dtyp.idl:293
Definition: ms-dtyp.idl:198
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
◆ RtlCreateSecurityDescriptor()
| NTSTATUS NTAPI RtlCreateSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN ULONG | Revision | ||
| ) |
Definition at line 117 of file sd.c.
119{
121 PAGED_CODE_RTL();
122
123 /* Fail on invalid revisions */
125
126 /* Setup an empty SD */
129
130 /* All good */
132}
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
◆ RtlCreateSecurityDescriptorRelative()
| NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative | ( | IN PISECURITY_DESCRIPTOR_RELATIVE | SecurityDescriptor, |
| IN ULONG | Revision | ||
| ) |
Definition at line 139 of file sd.c.
141{
142 PAGED_CODE_RTL();
143
144 /* Fail on invalid revisions */
146
147 /* Setup an empty SD */
151
152 /* All good */
154}
◆ RtlGetControlSecurityDescriptor()
| NTSTATUS NTAPI RtlGetControlSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PSECURITY_DESCRIPTOR_CONTROL | Control, | ||
| OUT PULONG | Revision | ||
| ) |
Definition at line 439 of file sd.c.
442{
444 PAGED_CODE_RTL();
445
446 /* Read current revision, even if invalid */
448
449 /* Fail on invalid revision */
451
452 /* Read current control */
454
455 /* All good */
457}
◆ RtlGetDaclSecurityDescriptor()
| NTSTATUS NTAPI RtlGetDaclSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PBOOLEAN | DaclPresent, | ||
| OUT PACL * | Dacl, | ||
| OUT PBOOLEAN | DaclDefaulted | ||
| ) |
Definition at line 199 of file sd.c.
203{
205 PAGED_CODE_RTL();
206
207 /* Fail on invalid revisions */
209
210 /* Is there a DACL? */
213 {
214 /* Yes, return it, and check if defaulted */
217 }
218
219 /* All good */
221}
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:119
◆ RtlGetGroupSecurityDescriptor()
| NTSTATUS NTAPI RtlGetGroupSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PSID * | Group, | ||
| OUT PBOOLEAN | GroupDefaulted | ||
| ) |
Definition at line 280 of file sd.c.
283{
285 PAGED_CODE_RTL();
286
287 /* Fail on invalid revision */
289
290 /* Get the group and if defaulted */
293
294 /* All good */
296}
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:79
Referenced by _test_group(), CheckDirectorySecurity__(), CheckKeySecurity__(), GetSecurityDescriptorGroup(), RtlpSetSecurityObject(), and RtlQuerySecurityObject().
◆ RtlGetOwnerSecurityDescriptor()
| NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PSID * | Owner, | ||
| OUT PBOOLEAN | OwnerDefaulted | ||
| ) |
Definition at line 257 of file sd.c.
260{
262 PAGED_CODE_RTL();
263
264 /* Fail on invalid revision */
266
267 /* Get the owner and if defaulted */
270
271 /* All good */
273}
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:99
Referenced by CheckDirectorySecurity__(), CheckKeySecurity__(), create_directory_fcb(), create_subvol(), fcb_get_new_sd(), GetSecurityDescriptorOwner(), mknod(), RtlpSetSecurityObject(), RtlpSysVolCheckOwnerAndSecurity(), and RtlQuerySecurityObject().
◆ RtlGetSaclSecurityDescriptor()
| NTSTATUS NTAPI RtlGetSaclSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PBOOLEAN | SaclPresent, | ||
| OUT PACL * | Sacl, | ||
| OUT PBOOLEAN | SaclDefaulted | ||
| ) |
Definition at line 228 of file sd.c.
232{
234 PAGED_CODE_RTL();
235
236 /* Fail on invalid revisions */
238
239 /* Is there a SACL? */
242 {
243 /* Yes, return it, and check if defaulted */
246 }
247
248 /* All good */
250}
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:141
◆ RtlGetSecurityDescriptorRMControl()
| BOOLEAN NTAPI RtlGetSecurityDescriptorRMControl | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PUCHAR | RMControl | ||
| ) |
Definition at line 500 of file sd.c.
502{
504 PAGED_CODE_RTL();
505
506 /* Check if there's no valid RM control */
508 {
509 /* Fail and return nothing */
510 *RMControl = 0;
512 }
513
514 /* Return it, ironically the member is "should be zero" */
515 *RMControl = Sd->Sbz1;
517}
◆ RtlLengthSecurityDescriptor()
| ULONG NTAPI RtlLengthSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor | ) |
Definition at line 161 of file sd.c.
162{
163 PISECURITY_DESCRIPTOR Sd;
167 PAGED_CODE_RTL();
168
169 /* Start with the initial length of the SD itself */
172 {
174 }
175 else
176 {
178 }
179
180 /* Add the length of the individual subcomponents */
189
190 /* Return the final length */
192}
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
◆ RtlMakeSelfRelativeSD()
| NTSTATUS NTAPI RtlMakeSelfRelativeSD | ( | IN PSECURITY_DESCRIPTOR | AbsoluteSD, |
| OUT PSECURITY_DESCRIPTOR | SelfRelativeSD, | ||
| IN OUT PULONG | BufferLength | ||
| ) |
Definition at line 647 of file sd.c.
650{
654 ULONG_PTR Current;
657 PAGED_CODE_RTL();
658
659 /* Query all components */
660 RtlpQuerySecurityDescriptor(Sd,
661 &Owner,
662 &OwnerLength,
663 &Group,
664 &GroupLength,
665 &Dacl,
666 &DaclLength,
667 &Sacl,
668 &SaclLength);
669
670 /* Calculate final length */
672 OwnerLength +
673 GroupLength +
674 SaclLength +
675 DaclLength;
676
677 /* Is there enough space? */
679 {
680 /* Nope, return how much is needed */
683 }
684
685 /* Start fresh */
687
688 /* Copy the header fields */
689 RtlCopyMemory(RelSd,
690 Sd,
692
693 /* Set the current copy pointer */
694 Current = (ULONG_PTR)(RelSd + 1);
695
696 /* Is there a SACL? */
697 if (SaclLength)
698 {
699 /* Copy it */
702 Current += SaclLength;
703 }
704
705 /* Is there a DACL? */
706 if (DaclLength)
707 {
708 /* Copy it */
711 Current += DaclLength;
712 }
713
714 /* Is there an owner? */
715 if (OwnerLength)
716 {
717 /* Copy it */
720 Current += OwnerLength;
721 }
722
723 /* Is there a group? */
725 {
726 /* Copy it */
729 }
730
731 /* Mark it as relative */
733
734 /* All good */
736}
Definition: nsiface.idl:2307
Definition: setypes.h:832
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
Referenced by RtlAbsoluteToSelfRelativeSD().
◆ RtlpQuerySecurityDescriptor()
| VOID NTAPI RtlpQuerySecurityDescriptor | ( | IN PISECURITY_DESCRIPTOR | SecurityDescriptor, |
| OUT PSID * | Owner, | ||
| OUT PULONG | OwnerSize, | ||
| OUT PSID * | PrimaryGroup, | ||
| OUT PULONG | PrimaryGroupSize, | ||
| OUT PACL * | Dacl, | ||
| OUT PULONG | DaclSize, | ||
| OUT PACL * | Sacl, | ||
| OUT PULONG | SaclSize | ||
| ) |
Definition at line 45 of file sd.c.
54{
55 PAGED_CODE_RTL();
56
57 /* Get the owner */
60 {
61 /* There's an owner, so align the size */
63 }
64 else
65 {
66 /* No owner, no size */
67 *OwnerSize = 0;
68 }
69
70 /* Get the group */
73 {
74 /* There's a group, so align the size */
76 }
77 else
78 {
79 /* No group, no size */
80 *PrimaryGroupSize = 0;
81 }
82
83 /* Get the DACL */
86 {
87 /* There's a DACL, align the size */
89 }
90 else
91 {
92 /* No DACL, no size */
93 *DaclSize = 0;
94 }
95
96 /* Get the SACL */
99 {
100 /* There's a SACL, align the size */
102 }
103 else
104 {
105 /* No SACL, no size */
106 *SaclSize = 0;
107 }
108}
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1598
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1599
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1596
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID _Inout_ PULONG PrimaryGroupSize
Definition: rtlfuncs.h:1601
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1594
Referenced by RtlCopySecurityDescriptor(), RtlMakeSelfRelativeSD(), RtlSelfRelativeToAbsoluteSD(), and RtlSelfRelativeToAbsoluteSD2().
◆ RtlpValidateSDOffsetAndSize()
| BOOLEAN NTAPI RtlpValidateSDOffsetAndSize | ( | IN ULONG | Offset, |
| IN ULONG | Length, | ||
| IN ULONG | MinLength, | ||
| OUT PULONG | MaxLength | ||
| ) |
Definition at line 20 of file sd.c.
24{
25 /* Assume failure */
26 *MaxLength = 0;
27
28 /* Reject out of bounds lengths */
31
32 /* Reject insufficient lengths */
34
35 /* Reject unaligned offsets */
37
38 /* Return length that is safe to read */
41}
Referenced by RtlValidRelativeSecurityDescriptor().
◆ RtlSelfRelativeToAbsoluteSD()
| NTSTATUS NTAPI RtlSelfRelativeToAbsoluteSD | ( | IN PSECURITY_DESCRIPTOR | SelfRelativeSD, |
| OUT PSECURITY_DESCRIPTOR | AbsoluteSD, | ||
| IN PULONG | AbsoluteSDSize, | ||
| IN PACL | Dacl, | ||
| IN PULONG | DaclSize, | ||
| IN PACL | Sacl, | ||
| IN PULONG | SaclSize, | ||
| IN PSID | Owner, | ||
| IN PULONG | OwnerSize, | ||
| IN PSID | PrimaryGroup, | ||
| IN PULONG | PrimaryGroupSize | ||
| ) |
Definition at line 743 of file sd.c.
754{
758 PSID pOwner, pGroup;
759 PACL pDacl, pSacl;
760 PAGED_CODE_RTL();
761
762 /* Must be relative, otherwiise fail */
764
765 /* Get all the components */
766 RtlpQuerySecurityDescriptor(RelSd,
767 &pOwner,
768 &OwnerLength,
769 &pGroup,
770 &GroupLength,
771 &pDacl,
772 &DaclLength,
773 &pSacl,
774 &SaclLength);
775
776 /* Fail if there's not enough space */
777 if (!(Sd) ||
779 (OwnerLength > *OwnerSize) ||
781 (DaclLength > *DaclSize) ||
782 (SaclLength > *SaclSize))
783 {
784 /* Return how much space is needed for each components */
786 *OwnerSize = OwnerLength;
788 *DaclSize = DaclLength;
789 *SaclSize = SaclLength;
791 }
792
793 /* Copy the header fields */
795
796 /* Wipe out the pointers and the relative flag */
801 Sd->Control &= ~SE_SELF_RELATIVE;
802
803 /* Is there an owner? */
804 if (pOwner)
805 {
806 /* Copy it */
809 }
810
811 /* Is there a group? */
812 if (pGroup)
813 {
814 /* Copy it */
817 }
818
819 /* Is there a DACL? */
820 if (pDacl)
821 {
822 /* Copy it */
825 }
826
827 /* Is there a SACL? */
828 if (pSacl)
829 {
830 /* Copy it */
833 }
834
835 /* All good */
837}
◆ RtlSelfRelativeToAbsoluteSD2()
| NTSTATUS NTAPI RtlSelfRelativeToAbsoluteSD2 | ( | IN OUT PSECURITY_DESCRIPTOR | SelfRelativeSD, |
| OUT PULONG | BufferSize | ||
| ) |
Definition at line 844 of file sd.c.
846{
849 PVOID DataStart, DataEnd;
850 LONG MoveDelta;
852 PSID pOwner, pGroup;
853 PACL pDacl, pSacl;
854 PAGED_CODE_RTL();
855
856 /* Need input */
858
859 /* Need to know how much space we have */
861
862 /* Input must be relative */
864
865 /* Query all the component sizes */
866 RtlpQuerySecurityDescriptor(Sd,
867 &pOwner,
868 &OwnerLength,
869 &pGroup,
870 &GroupLength,
871 &pDacl,
872 &DaclLength,
873 &pSacl,
874 &SaclLength);
875
876 /*
877 * Check if there's a difference in structure layout between relatiev and
878 * absolute descriptors. On 32-bit, there won't be, since an offset is the
879 * same size as a pointer (32-bit), but on 64-bit, the offsets remain 32-bit
880 * as they are not SIZE_T, but ULONG, while the pointers now become 64-bit
881 * and thus the structure is different */
883 if (!MoveDelta)
884 {
885 /* So on 32-bit, simply clear the flag... */
886 Sd->Control &= ~SE_SELF_RELATIVE;
887
888 /* Ensure we're *really* on 32-bit */
893
894 /* And simply set pointers where there used to be offsets */
895 Sd->Owner = pOwner;
896 Sd->Group = pGroup;
897 Sd->Sacl = pSacl;
898 Sd->Dacl = pDacl;
900 }
901
902 /*
903 * Calculate the start and end of the data area, we simply just move the
904 * data by the difference between the size of the relative and absolute
905 * security descriptor structure
906 */
907 DataStart = pOwner;
909
910 /* Is there a group? */
911 if (pGroup)
912 {
913 /* Is the group higher than where we started? */
915 {
916 /* Update the start pointer */
917 DataStart = pGroup;
918 }
919
920 /* Is the group beyond where we ended? */
922 {
923 /* Update the end pointer */
925 }
926 }
927
928 /* Is there a DACL? */
929 if (pDacl)
930 {
931 /* Is the DACL higher than where we started? */
933 {
934 /* Update the start pointer */
935 DataStart = pDacl;
936 }
937
938 /* Is the DACL beyond where we ended? */
940 {
941 /* Update the end pointer */
943 }
944 }
945
946 /* Is there a SACL? */
947 if (pSacl)
948 {
949 /* Is the SACL higher than where we started? */
951 {
952 /* Update the start pointer */
953 DataStart = pSacl;
954 }
955
956 /* Is the SACL beyond where we ended? */
958 {
959 /* Update the end pointer */
961 }
962 }
963
964 /* Sanity check */
966
967 /* Now compute the difference between relative and absolute */
969
970 /* Is the new buffer large enough for this difference? */
972 {
973 /* Nope, bail out */
976 }
977
978 /* Is there anything actually to copy? */
980 {
981 /*
982 * There must be at least one SID or ACL in the security descriptor!
983 * Also the data area must be located somewhere after the end of the
984 * SECURITY_DESCRIPTOR_RELATIVE structure
985 */
988
989 /* It's time to move the data */
991 DataStart,
992 DataSize);
993 }
994
995 /* Is there an owner? */
996 if (pOwner)
997 {
998 /* Set the pointer to the relative position */
1000 }
1001 else
1002 {
1003 /* No owner, clear the pointer */
1005 }
1006
1007 /* Is there a group */
1008 if (pGroup)
1009 {
1010 /* Set the pointer to the relative position */
1012 }
1013 else
1014 {
1015 /* No group, clear the pointer */
1017 }
1018
1019 /* Is there a SACL? */
1020 if (pSacl)
1021 {
1022 /* Set the pointer to the relative position */
1024 }
1025 else
1026 {
1027 /* No SACL, clear the pointer */
1029 }
1030
1031 /* Is there a DACL? */
1032 if (pDacl)
1033 {
1034 /* Set the pointer to the relative position */
1036 }
1037 else
1038 {
1039 /* No DACL, clear the pointer */
1041 }
1042
1043 /* Clear the self-relative flag */
1044 Sd->Control &= ~SE_SELF_RELATIVE;
1045
1046 /* All good */
1048}
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT _In_opt_ PVOID _In_ ULONG DataSize
Definition: ndis.h:4755
◆ RtlSetAttributesSecurityDescriptor()
| NTSTATUS NTAPI RtlSetAttributesSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN SECURITY_DESCRIPTOR_CONTROL | Control, | ||
| OUT PULONG | Revision | ||
| ) |
Definition at line 550 of file sd.c.
553{
555 PAGED_CODE_RTL();
556
557 /* Always return revision, even if invalid */
559
560 /* Fail on invalid revision */
562
563 /* Mask out flags which are not attributes */
565 SE_SERVER_SECURITY |
566 SE_DACL_AUTO_INHERIT_REQ |
567 SE_SACL_AUTO_INHERIT_REQ |
568 SE_DACL_AUTO_INHERITED |
569 SE_SACL_AUTO_INHERITED |
570 SE_DACL_PROTECTED |
571 SE_SACL_PROTECTED;
572
573 /* Call the newer API */
575}
NTSTATUS NTAPI RtlSetControlSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, IN SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet)
Definition: sd.c:464
◆ RtlSetControlSecurityDescriptor()
| NTSTATUS NTAPI RtlSetControlSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN SECURITY_DESCRIPTOR_CONTROL | ControlBitsOfInterest, | ||
| IN SECURITY_DESCRIPTOR_CONTROL | ControlBitsToSet | ||
| ) |
Definition at line 464 of file sd.c.
467{
469
470 /* Check for invalid bits */
472 SE_SERVER_SECURITY |
473 SE_DACL_AUTO_INHERIT_REQ |
474 SE_SACL_AUTO_INHERIT_REQ |
475 SE_DACL_AUTO_INHERITED |
476 SE_SACL_AUTO_INHERITED |
477 SE_DACL_PROTECTED |
478 SE_SACL_PROTECTED)) ||
479 (ControlBitsToSet & ~ControlBitsOfInterest))
480 {
481 /* Fail */
483 }
484
485 /* Zero the 'bits of interest' */
486 Sd->Control &= ~ControlBitsOfInterest;
487
488 /* Set the 'bits to set' */
489 Sd->Control |= (ControlBitsToSet & ControlBitsOfInterest);
490
491 /* All good */
493}
Referenced by RtlSetAttributesSecurityDescriptor().
◆ RtlSetDaclSecurityDescriptor()
| NTSTATUS NTAPI RtlSetDaclSecurityDescriptor | ( | IN OUT PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN BOOLEAN | DaclPresent, | ||
| IN PACL | Dacl, | ||
| IN BOOLEAN | DaclDefaulted | ||
| ) |
Definition at line 303 of file sd.c.
307{
309 PAGED_CODE_RTL();
310
311 /* Fail on invalid revision */
313
314 /* Fail on relative descriptors */
316
317 /* Is there a DACL? */
319 {
320 /* Caller is destroying the DACL, unset the flag and we're done */
323 }
324
325 /* Caller is setting a new DACL, set the pointer and flag */
328
329 /* Set if defaulted */
330 Sd->Control &= ~SE_DACL_DEFAULTED;
332
333 /* All good */
335}
◆ RtlSetGroupSecurityDescriptor()
| NTSTATUS NTAPI RtlSetGroupSecurityDescriptor | ( | IN OUT PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN PSID | Group, | ||
| IN BOOLEAN | GroupDefaulted | ||
| ) |
Definition at line 410 of file sd.c.
413{
415 PAGED_CODE_RTL();
416
417 /* Fail on invalid revision */
419
420 /* Fail on relative descriptors */
422
423 /* Group being set or cleared */
425
426 /* Set if defaulted */
427 Sd->Control &= ~SE_GROUP_DEFAULTED;
429
430 /* All good */
432}
Referenced by CheckTokenMembership(), fcb_get_sd(), get_top_level_sd(), IntCreateServiceSecurity(), LsapCreateAccountSd(), LsapCreatePolicySd(), LsapCreateSecretSd(), RtlQuerySecurityObject(), SampCreateAccountDomainSD(), SampCreateAliasSD(), SampCreateBuiltinDomainSD(), SampCreateGroupSD(), SampCreateServerSD(), SampCreateUserSD(), ScmCreateDefaultSD(), ScmCreatePipeSD(), and SetSecurityDescriptorGroup().
◆ RtlSetOwnerSecurityDescriptor()
| NTSTATUS NTAPI RtlSetOwnerSecurityDescriptor | ( | IN OUT PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN PSID | Owner, | ||
| IN BOOLEAN | OwnerDefaulted | ||
| ) |
Definition at line 381 of file sd.c.
384{
386 PAGED_CODE_RTL();
387
388 /* Fail on invalid revision */
390
391 /* Fail on relative descriptors */
393
394 /* Owner being set or cleared */
396
397 /* Set if defaulted */
398 Sd->Control &= ~SE_OWNER_DEFAULTED;
400
401 /* All good */
403}
◆ RtlSetSaclSecurityDescriptor()
| NTSTATUS NTAPI RtlSetSaclSecurityDescriptor | ( | IN OUT PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN BOOLEAN | SaclPresent, | ||
| IN PACL | Sacl, | ||
| IN BOOLEAN | SaclDefaulted | ||
| ) |
Definition at line 342 of file sd.c.
346{
348 PAGED_CODE_RTL();
349
350 /* Fail on invalid revision */
352
353 /* Fail on relative descriptors */
355
356 /* Is there a SACL? */
358 {
359 /* Caller is clearing the SACL, unset the flag and we're done */
362 }
363
364 /* Caller is setting a new SACL, set it and the flag */
367
368 /* Set if defaulted */
369 Sd->Control &= ~SE_SACL_DEFAULTED;
371
372 /* All good */
374}
Referenced by RtlQuerySecurityObject(), SampCreateAccountDomainSD(), SampCreateAliasSD(), SampCreateBuiltinDomainSD(), SampCreateGroupSD(), SampCreateServerSD(), SampCreateUserSD(), ScmCreateDefaultSD(), SetSecurityDescriptorSacl(), and TestSeAssignSecurity().
◆ RtlSetSecurityDescriptorRMControl()
| VOID NTAPI RtlSetSecurityDescriptorRMControl | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| IN PUCHAR | RMControl | ||
| ) |
◆ RtlValidRelativeSecurityDescriptor()
| BOOLEAN NTAPI RtlValidRelativeSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptorInput, |
| IN ULONG | SecurityDescriptorLength, | ||
| IN SECURITY_INFORMATION | RequiredInformation | ||
| ) |
Definition at line 1099 of file sd.c.
1102{
1107 PAGED_CODE_RTL();
1108
1109 /* Note that Windows allows no DACL/SACL even if RequiredInfo wants it */
1110
1111 /* Do we have enough space, is the revision vaild, and is this SD relative? */
1115 {
1116 /* Nope, bail out */
1118 }
1119
1120 /* Is there an owner? */
1122 {
1123 /* Try to access it */
1125 SecurityDescriptorLength,
1127 &Length))
1128 {
1129 /* It's beyond the buffer, fail */
1131 }
1132
1133 /* Read the owner, check if it's valid and if the buffer contains it */
1136 }
1138 {
1139 /* No owner but the caller expects one, fail */
1141 }
1142
1143 /* Is there a group? */
1144 if (Sd->Group)
1145 {
1146 /* Try to access it */
1148 SecurityDescriptorLength,
1150 &Length))
1151 {
1152 /* It's beyond the buffer, fail */
1154 }
1155
1156 /* Read the group, check if it's valid and if the buffer contains it */
1159 }
1161 {
1162 /* No group, but the caller expects one, fail */
1164 }
1165
1166 /* Is there a DACL? */
1168 {
1169 /* Try to access it */
1171 SecurityDescriptorLength,
1173 &Length))
1174 {
1175 /* It's beyond the buffer, fail */
1177 }
1178
1179 /* Read the DACL, check if it's valid and if the buffer contains it */
1182 }
1183
1184 /* Is there a SACL? */
1186 {
1187 /* Try to access it */
1189 SecurityDescriptorLength,
1191 &Length))
1192 {
1193 /* It's beyond the buffer, fail */
1195 }
1196
1197 /* Read the SACL, check if it's valid and if the buffer contains it */
1200 }
1201
1202 /* All good */
1204}
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
_In_ ULONG _In_ SECURITY_INFORMATION RequiredInformation
Definition: rtlfuncs.h:1716
BOOLEAN NTAPI RtlpValidateSDOffsetAndSize(IN ULONG Offset, IN ULONG Length, IN ULONG MinLength, OUT PULONG MaxLength)
Definition: sd.c:20
◆ RtlValidSecurityDescriptor()
| BOOLEAN NTAPI RtlValidSecurityDescriptor | ( | IN PSECURITY_DESCRIPTOR | SecurityDescriptor | ) |
Definition at line 1055 of file sd.c.
1056{
1060 PAGED_CODE_RTL();
1061
1062 _SEH2_TRY
1063 {
1064 /* Fail on bad revisions */
1066
1067 /* Owner SID must be valid if present */
1070
1071 /* Group SID must be valid if present */
1074
1075 /* DACL must be valid if present */
1078
1079 /* SACL must be valid if present */
1082 }
1084 {
1085 /* Access fault, bail out */
1087 }
1088 _SEH2_END;
1089
1090 /* All good */
1092}
Referenced by IsValidSecurityDescriptor(), LsarSetSecurityObject(), RSetServiceObjectSecurity(), SamrSetSecurityObject(), and UDFReadSecurity().
