ReactOS 0.4.15-dev-7889-g76290a6
sd.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS Kernel
3 * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4 * PURPOSE: Security descriptors (SDs) implementation support
5 * COPYRIGHT: Copyright David Welch <welch@cwcom.net>
6 */
7
8/* INCLUDES *******************************************************************/
9
10#include <ntoskrnl.h>
11#define NDEBUG
12#include <debug.h>
13
14/* GLOBALS ********************************************************************/
15
23
24/* PRIVATE FUNCTIONS **********************************************************/
25
34CODE_SEG("INIT")
38{
39 /* Create PublicDefaultSd */
43 return FALSE;
44
48 TRUE,
50 FALSE);
51
52 /* Create PublicDefaultUnrestrictedSd */
56 return FALSE;
57
61 TRUE,
63 FALSE);
64
65 /* Create PublicOpenSd */
68 if (SePublicOpenSd == NULL)
69 return FALSE;
70
74 TRUE,
76 FALSE);
77
78 /* Create PublicOpenUnrestrictedSd */
82 return FALSE;
83
87 TRUE,
89 FALSE);
90
91 /* Create SystemDefaultSd */
95 return FALSE;
96
100 TRUE,
102 FALSE);
103
104 /* Create UnrestrictedSd */
106 sizeof(SECURITY_DESCRIPTOR), TAG_SD);
107 if (SeUnrestrictedSd == NULL)
108 return FALSE;
109
113 TRUE,
115 FALSE);
116
117 /* Create SystemAnonymousLogonSd */
119 sizeof(SECURITY_DESCRIPTOR), TAG_SD);
121 return FALSE;
122
126 TRUE,
128 FALSE);
129
130 return TRUE;
131}
132
154NTAPI
159{
160 ULONG Current;
161 ULONG SidSize;
162 ULONG SdSize;
165
166 DPRINT("SeSetWorldSecurityDescriptor() called\n");
167
168 if (SecurityInformation == 0)
169 {
171 }
172
173 /* calculate the minimum size of the buffer */
174 SidSize = RtlLengthSid(SeWorldSid);
175 SdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
177 SdSize += SidSize;
179 SdSize += SidSize;
181 {
182 SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
183 }
185 {
186 SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
187 }
188
189 if (*BufferLength < SdSize)
190 {
191 *BufferLength = SdSize;
193 }
194
195 *BufferLength = SdSize;
196
199 if (!NT_SUCCESS(Status))
200 {
201 return Status;
202 }
203
204 Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
205
207 {
208 RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
209 SdRel->Owner = Current;
210 Current += SidSize;
211 }
212
214 {
215 RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
216 SdRel->Group = Current;
217 Current += SidSize;
218 }
219
221 {
222 PACL Dacl = (PACL)((PUCHAR)SdRel + Current);
223
225 sizeof(ACL) + sizeof(ACE) + SidSize,
227 if (!NT_SUCCESS(Status))
228 return Status;
229
233 SeWorldSid);
234 if (!NT_SUCCESS(Status))
235 return Status;
236
237 SdRel->Control |= SE_DACL_PRESENT;
238 SdRel->Dacl = Current;
239 Current += SidSize;
240 }
241
243 {
244 PACL Sacl = (PACL)((PUCHAR)SdRel + Current);
245
247 sizeof(ACL) + sizeof(ACE) + SidSize,
249 if (!NT_SUCCESS(Status))
250 return Status;
251
256 TRUE,
257 TRUE);
258 if (!NT_SUCCESS(Status))
259 return Status;
260
261 SdRel->Control |= SE_SACL_PRESENT;
262 SdRel->Sacl = Current;
263 Current += SidSize;
264 }
265
266 return STATUS_SUCCESS;
267}
268
269/* PUBLIC FUNCTIONS ***********************************************************/
270
288static
289ULONG
291 _In_ PISID Sid,
292 _Inout_ PULONG OutSAC,
293 _In_ KPROCESSOR_MODE ProcessorMode)
294{
295 ULONG Size;
296
297 if (!Sid)
298 {
299 *OutSAC = 0;
300 return 0;
301 }
302
303 if (ProcessorMode != KernelMode)
304 {
305 /* Securely access the buffers! */
307 Size = RtlLengthRequiredSid(*OutSAC);
308 ProbeForRead(Sid, Size, sizeof(ULONG));
309 }
310 else
311 {
312 *OutSAC = Sid->SubAuthorityCount;
313 Size = RtlLengthRequiredSid(*OutSAC);
314 }
315
316 return Size;
317}
318
334static
335ULONG
337 _In_ PACL Acl,
338 _In_ KPROCESSOR_MODE ProcessorMode)
339{
340 ULONG Size;
341
342 if (!Acl) return 0;
343
344 if (ProcessorMode == KernelMode) return Acl->AclSize;
345
346 /* Probe the buffers! */
347 Size = ProbeForReadUshort(&Acl->AclSize);
348 ProbeForRead(Acl, Size, sizeof(ULONG));
349
350 return Size;
351}
352
385NTAPI
387 _In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
388 _In_ KPROCESSOR_MODE CurrentMode,
390 _In_ BOOLEAN CaptureIfKernel,
391 _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
392{
393 PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
394 SECURITY_DESCRIPTOR DescriptorCopy;
396 ULONG OwnerSAC = 0, GroupSAC = 0;
397 ULONG OwnerSize = 0, GroupSize = 0;
398 ULONG SaclSize = 0, DaclSize = 0;
401
402 if (!OriginalDescriptor)
403 {
404 /* Nothing to do... */
405 *CapturedSecurityDescriptor = NULL;
406 return STATUS_SUCCESS;
407 }
408
409 /* Quick path */
410 if (CurrentMode == KernelMode && !CaptureIfKernel)
411 {
412 /* Check descriptor version */
413 if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
414 {
416 }
417
418 *CapturedSecurityDescriptor = _OriginalSecurityDescriptor;
419 return STATUS_SUCCESS;
420 }
421
423 {
424 if (CurrentMode != KernelMode)
425 {
426 ProbeForRead(OriginalDescriptor,
428 sizeof(ULONG));
429 }
430
431 /* Check the descriptor version */
432 if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
433 {
435 }
436
437 if (CurrentMode != KernelMode)
438 {
439 /* Get the size of the descriptor */
440 DescriptorSize = (OriginalDescriptor->Control & SE_SELF_RELATIVE) ?
442
443 /* Probe the entire security descriptor structure. The SIDs
444 * and ACLs will be probed and copied later though */
445 ProbeForRead(OriginalDescriptor, DescriptorSize, sizeof(ULONG));
446 }
447
448 /* Now capture all fields and convert to an absolute descriptor */
449 DescriptorCopy.Revision = OriginalDescriptor->Revision;
450 DescriptorCopy.Sbz1 = OriginalDescriptor->Sbz1;
451 DescriptorCopy.Control = OriginalDescriptor->Control & ~SE_SELF_RELATIVE;
452 DescriptorCopy.Owner = SepGetOwnerFromDescriptor(OriginalDescriptor);
453 DescriptorCopy.Group = SepGetGroupFromDescriptor(OriginalDescriptor);
454 DescriptorCopy.Sacl = SepGetSaclFromDescriptor(OriginalDescriptor);
455 DescriptorCopy.Dacl = SepGetDaclFromDescriptor(OriginalDescriptor);
457
458 /* Determine owner and group sizes */
459 OwnerSize = DetermineSIDSize(DescriptorCopy.Owner, &OwnerSAC, CurrentMode);
461 GroupSize = DetermineSIDSize(DescriptorCopy.Group, &GroupSAC, CurrentMode);
462 DescriptorSize += ROUND_UP(GroupSize, sizeof(ULONG));
463
464 /* Determine the size of the ACLs */
465 if (DescriptorCopy.Control & SE_SACL_PRESENT)
466 {
467 /* Get the size and probe if user mode */
468 SaclSize = DetermineACLSize(DescriptorCopy.Sacl, CurrentMode);
470 }
471
472 if (DescriptorCopy.Control & SE_DACL_PRESENT)
473 {
474 /* Get the size and probe if user mode */
475 DaclSize = DetermineACLSize(DescriptorCopy.Dacl, CurrentMode);
477 }
478 }
480 {
482 }
483 _SEH2_END;
484
485 /*
486 * Allocate enough memory to store a complete copy of a self-relative
487 * security descriptor
488 */
491 TAG_SD);
493
495 NewDescriptor->Revision = DescriptorCopy.Revision;
496 NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
497 NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
498
500 {
501 /*
502 * Setup the offsets and copy the SIDs and ACLs to the new
503 * self-relative security descriptor. Probing the pointers is not
504 * neccessary anymore as we did that when collecting the sizes!
505 * Make sure to validate the SIDs and ACLs *again* as they could have
506 * been modified in the meanwhile!
507 */
509
510 if (DescriptorCopy.Owner)
511 {
512 if (!RtlValidSid(DescriptorCopy.Owner)) RtlRaiseStatus(STATUS_INVALID_SID);
515 DescriptorCopy.Owner,
516 OwnerSize);
517 Offset += ROUND_UP(OwnerSize, sizeof(ULONG));
518 }
519
520 if (DescriptorCopy.Group)
521 {
522 if (!RtlValidSid(DescriptorCopy.Group)) RtlRaiseStatus(STATUS_INVALID_SID);
525 DescriptorCopy.Group,
526 GroupSize);
527 Offset += ROUND_UP(GroupSize, sizeof(ULONG));
528 }
529
530 if (DescriptorCopy.Sacl)
531 {
532 if (!RtlValidAcl(DescriptorCopy.Sacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
535 DescriptorCopy.Sacl,
536 SaclSize);
537 Offset += ROUND_UP(SaclSize, sizeof(ULONG));
538 }
539
540 if (DescriptorCopy.Dacl)
541 {
542 if (!RtlValidAcl(DescriptorCopy.Dacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
545 DescriptorCopy.Dacl,
546 DaclSize);
547 Offset += ROUND_UP(DaclSize, sizeof(ULONG));
548 }
549
550 /* Make sure the size was correct */
552 }
554 {
555 /* We failed to copy the data to the new descriptor */
558 }
559 _SEH2_END;
560
561 /*
562 * We're finally done!
563 * Copy the pointer to the captured descriptor to to the caller.
564 */
565 *CapturedSecurityDescriptor = NewDescriptor;
566 return STATUS_SUCCESS;
567}
568
598NTAPI
603 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
604{
605 PISECURITY_DESCRIPTOR ObjectSd;
607 PSID Owner = NULL;
608 PSID Group = NULL;
609 PACL Dacl = NULL;
610 PACL Sacl = NULL;
611 ULONG OwnerLength = 0;
612 ULONG GroupLength = 0;
613 ULONG DaclLength = 0;
614 ULONG SaclLength = 0;
616 ULONG_PTR Current;
617 ULONG SdLength;
618
619 PAGED_CODE();
620
622
623 if (*ObjectsSecurityDescriptor == NULL)
624 {
626 {
629 }
630
634 return STATUS_SUCCESS;
635 }
636
637 ObjectSd = *ObjectsSecurityDescriptor;
638
639 /* Calculate the required security descriptor length */
642 {
644 if (Owner != NULL)
645 {
646 OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
647 Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
648 }
649 }
650
652 {
654 if (Group != NULL)
655 {
657 Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
658 }
659 }
660
662 (ObjectSd->Control & SE_DACL_PRESENT))
663 {
664 Dacl = SepGetDaclFromDescriptor(ObjectSd);
665 if (Dacl != NULL)
666 {
667 DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
668 }
669
671 }
672
674 (ObjectSd->Control & SE_SACL_PRESENT))
675 {
676 Sacl = SepGetSaclFromDescriptor(ObjectSd);
677 if (Sacl != NULL)
678 {
679 SaclLength = ROUND_UP(Sacl->AclSize, 4);
680 }
681
683 }
684
685 SdLength = OwnerLength + GroupLength + DaclLength +
686 SaclLength + sizeof(SECURITY_DESCRIPTOR_RELATIVE);
687 if (*Length < SdLength)
688 {
689 *Length = SdLength;
691 }
692
693 /* Build the new security descrtiptor */
696 RelSD->Control = Control;
697
698 Current = (ULONG_PTR)(RelSD + 1);
699
700 if (OwnerLength != 0)
701 {
702 RtlCopyMemory((PVOID)Current,
703 Owner,
704 OwnerLength);
705 RelSD->Owner = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
706 Current += OwnerLength;
707 }
708
709 if (GroupLength != 0)
710 {
711 RtlCopyMemory((PVOID)Current,
712 Group,
714 RelSD->Group = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
715 Current += GroupLength;
716 }
717
718 if (DaclLength != 0)
719 {
720 RtlCopyMemory((PVOID)Current,
721 Dacl,
722 DaclLength);
723 RelSD->Dacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
724 Current += DaclLength;
725 }
726
727 if (SaclLength != 0)
728 {
729 RtlCopyMemory((PVOID)Current,
730 Sacl,
731 SaclLength);
732 RelSD->Sacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
733 Current += SaclLength;
734 }
735
736 *Length = SdLength;
737
738 return STATUS_SUCCESS;
739}
740
759NTAPI
761 _In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
762 _In_ KPROCESSOR_MODE CurrentMode,
763 _In_ BOOLEAN CaptureIfKernelMode)
764{
765 PAGED_CODE();
766
767 /*
768 * WARNING! You need to call this function with the same value for CurrentMode
769 * and CaptureIfKernelMode that you previously passed to
770 * SeCaptureSecurityDescriptor() in order to avoid memory leaks!
771 */
772 if (CapturedSecurityDescriptor != NULL &&
773 (CurrentMode != KernelMode ||
774 (CurrentMode == KernelMode && CaptureIfKernelMode)))
775 {
776 /* Only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
777 ExFreePoolWithTag(CapturedSecurityDescriptor, TAG_SD);
778 }
779
780 return STATUS_SUCCESS;
781}
782
812NTAPI
817 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
820{
821 PAGED_CODE();
822
826 ObjectsSecurityDescriptor,
827 0,
828 PoolType,
830}
831
871NTAPI
874 _In_ PSECURITY_INFORMATION _SecurityInformation,
875 _In_ PSECURITY_DESCRIPTOR _SecurityDescriptor,
876 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
877 _In_ ULONG AutoInheritFlags,
880{
883 PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
884 PSID Owner;
885 PSID Group;
886 PACL Dacl;
887 PACL Sacl;
888 ULONG OwnerLength;
890 ULONG DaclLength;
891 ULONG SaclLength;
893 ULONG Current;
895
896 PAGED_CODE();
897
898 ObjectSd = *ObjectsSecurityDescriptor;
899
900 /* The object does not have a security descriptor. */
901 if (!ObjectSd)
903
904 ASSERT(ObjectSd->Control & SE_SELF_RELATIVE);
905
906 SecurityInformation = *_SecurityInformation;
907
908 /* Get owner and owner size */
910 {
913 }
914 else
915 {
917 Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
918 }
919 OwnerLength = Owner ? RtlLengthSid(Owner) : 0;
920 ASSERT(OwnerLength % sizeof(ULONG) == 0);
921
922 /* Get group and group size */
924 {
927 }
928 else
929 {
931 Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
932 }
934 ASSERT(GroupLength % sizeof(ULONG) == 0);
935
936 /* Get DACL and DACL size */
938 {
941 }
942 else
943 {
944 Dacl = SepGetDaclFromDescriptor(ObjectSd);
946 }
947 DaclLength = Dacl ? ROUND_UP((ULONG)Dacl->AclSize, 4) : 0;
948
949 /* Get SACL and SACL size */
951 {
954 }
955 else
956 {
957 Sacl = SepGetSaclFromDescriptor(ObjectSd);
959 }
960 SaclLength = Sacl ? ROUND_UP((ULONG)Sacl->AclSize, 4) : 0;
961
964 OwnerLength + GroupLength +
965 DaclLength + SaclLength,
966 TAG_SD);
967 if (NewSd == NULL)
968 {
970 }
971
973
974 Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
975
976 if (OwnerLength != 0)
977 {
978 RtlCopyMemory((PUCHAR)NewSd + Current, Owner, OwnerLength);
979 NewSd->Owner = Current;
980 Current += OwnerLength;
981 }
982
983 if (GroupLength != 0)
984 {
985 RtlCopyMemory((PUCHAR)NewSd + Current, Group, GroupLength);
986 NewSd->Group = Current;
987 Current += GroupLength;
988 }
989
990 if (DaclLength != 0)
991 {
992 RtlCopyMemory((PUCHAR)NewSd + Current, Dacl, DaclLength);
993 NewSd->Dacl = Current;
994 Current += DaclLength;
995 }
996
997 if (SaclLength != 0)
998 {
999 RtlCopyMemory((PUCHAR)NewSd + Current, Sacl, SaclLength);
1000 NewSd->Sacl = Current;
1001 Current += SaclLength;
1002 }
1003
1004 NewSd->Control |= Control;
1005 *ObjectsSecurityDescriptor = NewSd;
1006 return STATUS_SUCCESS;
1007}
1008
1029 _In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
1030{
1031 ULONG SdLength;
1032 PISID Sid;
1033 PACL Acl;
1035
1037 {
1038 DPRINT1("Invalid Security Descriptor revision\n");
1039 return FALSE;
1040 }
1041
1043 {
1044 DPRINT1("Invalid Security Descriptor revision\n");
1045 return FALSE;
1046 }
1047
1048 if (!(SecurityDescriptor->Control & SE_SELF_RELATIVE))
1049 {
1050 DPRINT1("No self-relative Security Descriptor\n");
1051 return FALSE;
1052 }
1053
1054 SdLength = sizeof(SECURITY_DESCRIPTOR);
1055
1056 /* Check Owner SID */
1057 if (!SecurityDescriptor->Owner)
1058 {
1059 DPRINT1("No Owner SID\n");
1060 return FALSE;
1061 }
1062
1063 if (SecurityDescriptor->Owner % sizeof(ULONG))
1064 {
1065 DPRINT1("Invalid Owner SID alignment\n");
1066 return FALSE;
1067 }
1068
1069 /* Ensure the Owner SID is within the bounds of the security descriptor */
1070 if ((SecurityDescriptor->Owner > Length) ||
1071 (Length - SecurityDescriptor->Owner < sizeof(SID)))
1072 {
1073 DPRINT1("Owner SID not within bounds\n");
1074 return FALSE;
1075 }
1076
1077 /* Reference it */
1079 if (Sid->Revision != SID_REVISION)
1080 {
1081 DPRINT1("Invalid Owner SID revision\n");
1082 return FALSE;
1083 }
1084
1085 // NOTE: Same as SeLengthSid(Sid); but doesn't use hardcoded values.
1086 SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
1087 if (Length < SdLength)
1088 {
1089 DPRINT1("Invalid Owner SID size\n");
1090 return FALSE;
1091 }
1092
1093 /* Check Group SID */
1094 if (SecurityDescriptor->Group)
1095 {
1096 if (SecurityDescriptor->Group % sizeof(ULONG))
1097 {
1098 DPRINT1("Invalid Group SID alignment\n");
1099 return FALSE;
1100 }
1101
1102 /* Ensure the Group SID is within the bounds of the security descriptor */
1103 if ((SecurityDescriptor->Group > Length) ||
1104 (Length - SecurityDescriptor->Group < sizeof(SID)))
1105 {
1106 DPRINT1("Group SID not within bounds\n");
1107 return FALSE;
1108 }
1109
1110 /* Reference it */
1112 if (Sid->Revision != SID_REVISION)
1113 {
1114 DPRINT1("Invalid Group SID revision\n");
1115 return FALSE;
1116 }
1117
1118 // NOTE: Same as SeLengthSid(Sid); but doesn't use hardcoded values.
1119 SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
1120 if (Length < SdLength)
1121 {
1122 DPRINT1("Invalid Group SID size\n");
1123 return FALSE;
1124 }
1125 }
1126
1127 /* Check DACL */
1128 if (SecurityDescriptor->Dacl)
1129 {
1130 if (SecurityDescriptor->Dacl % sizeof(ULONG))
1131 {
1132 DPRINT1("Invalid DACL alignment\n");
1133 return FALSE;
1134 }
1135
1136 /* Ensure the DACL is within the bounds of the security descriptor */
1137 if ((SecurityDescriptor->Dacl > Length) ||
1138 (Length - SecurityDescriptor->Dacl < sizeof(ACL)))
1139 {
1140 DPRINT1("DACL not within bounds\n");
1141 return FALSE;
1142 }
1143
1144 /* Reference it */
1146
1147 SdLength += Acl->AclSize;
1148 if (Length < SdLength)
1149 {
1150 DPRINT1("Invalid DACL size\n");
1151 return FALSE;
1152 }
1153
1154 if (!RtlValidAcl(Acl))
1155 {
1156 DPRINT1("Invalid DACL\n");
1157 return FALSE;
1158 }
1159 }
1160
1161 /* Check SACL */
1162 if (SecurityDescriptor->Sacl)
1163 {
1164 if (SecurityDescriptor->Sacl % sizeof(ULONG))
1165 {
1166 DPRINT1("Invalid SACL alignment\n");
1167 return FALSE;
1168 }
1169
1170 /* Ensure the SACL is within the bounds of the security descriptor */
1171 if ((SecurityDescriptor->Sacl > Length) ||
1172 (Length - SecurityDescriptor->Sacl < sizeof(ACL)))
1173 {
1174 DPRINT1("SACL not within bounds\n");
1175 return FALSE;
1176 }
1177
1178 /* Reference it */
1180
1181 SdLength += Acl->AclSize;
1182 if (Length < SdLength)
1183 {
1184 DPRINT1("Invalid SACL size\n");
1185 return FALSE;
1186 }
1187
1188 if (!RtlValidAcl(Acl))
1189 {
1190 DPRINT1("Invalid SACL\n");
1191 return FALSE;
1192 }
1193 }
1194
1195 return TRUE;
1196}
1197
1210NTAPI
1211SeDeassignSecurity(
1213{
1214 PAGED_CODE();
1215
1216 if (*SecurityDescriptor != NULL)
1217 {
1220 }
1221
1222 return STATUS_SUCCESS;
1223}
1224
1280NTAPI
1282 _In_opt_ PSECURITY_DESCRIPTOR _ParentDescriptor,
1283 _In_opt_ PSECURITY_DESCRIPTOR _ExplicitDescriptor,
1287 _In_ ULONG AutoInheritFlags,
1291{
1292 PISECURITY_DESCRIPTOR ParentDescriptor = _ParentDescriptor;
1293 PISECURITY_DESCRIPTOR ExplicitDescriptor = _ExplicitDescriptor;
1295 PTOKEN Token;
1296 ULONG OwnerLength;
1298 ULONG DaclLength;
1299 ULONG SaclLength;
1300 ULONG Length;
1302 ULONG Current;
1303 PSID Owner = NULL;
1304 PSID Group = NULL;
1305 PACL ExplicitAcl;
1306 BOOLEAN ExplicitPresent;
1307 BOOLEAN ExplicitDefaulted;
1308 PACL ParentAcl;
1309 PACL Dacl = NULL;
1310 PACL Sacl = NULL;
1311 BOOLEAN DaclIsInherited;
1312 BOOLEAN SaclIsInherited;
1316
1318 DBG_UNREFERENCED_PARAMETER(AutoInheritFlags);
1320
1321 PAGED_CODE();
1322
1324
1326 {
1327 return STATUS_NO_TOKEN;
1328 }
1329
1330 /* Lock subject context */
1332
1333 if (SubjectContext->ClientToken != NULL)
1334 {
1335 Token = SubjectContext->ClientToken;
1336 }
1337 else
1338 {
1339 Token = SubjectContext->PrimaryToken;
1340 }
1341
1342 /* Inherit the Owner SID */
1343 if (ExplicitDescriptor != NULL)
1344 {
1345 DPRINT("Use explicit owner sid!\n");
1347 }
1348 if (!Owner)
1349 {
1350 if (AutoInheritFlags & SEF_DEFAULT_OWNER_FROM_PARENT)
1351 {
1352 DPRINT("Use parent owner sid!\n");
1353 if (!ARGUMENT_PRESENT(ParentDescriptor))
1354 {
1356 return STATUS_INVALID_OWNER;
1357 }
1358
1359 Owner = SepGetOwnerFromDescriptor(ParentDescriptor);
1360 if (!Owner)
1361 {
1363 return STATUS_INVALID_OWNER;
1364 }
1365 }
1366 else
1367 {
1368 DPRINT("Use token owner sid!\n");
1369 Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
1370 }
1371 }
1372 OwnerLength = RtlLengthSid(Owner);
1373 ASSERT(OwnerLength % sizeof(ULONG) == 0);
1374
1375 /* Inherit the Group SID */
1376 if (ExplicitDescriptor != NULL)
1377 {
1379 }
1380 if (!Group)
1381 {
1382 if (AutoInheritFlags & SEF_DEFAULT_GROUP_FROM_PARENT)
1383 {
1384 DPRINT("Use parent group sid!\n");
1385 if (!ARGUMENT_PRESENT(ParentDescriptor))
1386 {
1389 }
1390
1391 Group = SepGetGroupFromDescriptor(ParentDescriptor);
1392 if (!Group)
1393 {
1396 }
1397 }
1398 else
1399 {
1400 DPRINT("Use token group sid!\n");
1401 Group = Token->PrimaryGroup;
1402 }
1403 }
1404 if (!Group)
1405 {
1408 }
1410 ASSERT(GroupLength % sizeof(ULONG) == 0);
1411
1412 /* Inherit the DACL */
1413 DaclLength = 0;
1414 ExplicitAcl = NULL;
1415 ExplicitPresent = FALSE;
1416 ExplicitDefaulted = FALSE;
1417 if (ExplicitDescriptor != NULL &&
1419 {
1421 ExplicitPresent = TRUE;
1423 ExplicitDefaulted = TRUE;
1424 }
1425 ParentAcl = NULL;
1426 if (ParentDescriptor != NULL &&
1427 (ParentDescriptor->Control & SE_DACL_PRESENT))
1428 {
1429 ParentAcl = SepGetDaclFromDescriptor(ParentDescriptor);
1430 }
1431 Dacl = SepSelectAcl(ExplicitAcl,
1432 ExplicitPresent,
1433 ExplicitDefaulted,
1434 ParentAcl,
1435 Token->DefaultDacl,
1436 &DaclLength,
1437 Owner,
1438 Group,
1439 &DaclPresent,
1440 &DaclIsInherited,
1443 if (DaclPresent)
1445 ASSERT(DaclLength % sizeof(ULONG) == 0);
1446
1447 /* Inherit the SACL */
1448 SaclLength = 0;
1449 ExplicitAcl = NULL;
1450 ExplicitPresent = FALSE;
1451 ExplicitDefaulted = FALSE;
1452 if (ExplicitDescriptor != NULL &&
1454 {
1456 ExplicitPresent = TRUE;
1458 ExplicitDefaulted = TRUE;
1459 }
1460 ParentAcl = NULL;
1461 if (ParentDescriptor != NULL &&
1462 (ParentDescriptor->Control & SE_SACL_PRESENT))
1463 {
1464 ParentAcl = SepGetSaclFromDescriptor(ParentDescriptor);
1465 }
1466 Sacl = SepSelectAcl(ExplicitAcl,
1467 ExplicitPresent,
1468 ExplicitDefaulted,
1469 ParentAcl,
1470 NULL,
1471 &SaclLength,
1472 Owner,
1473 Group,
1474 &SaclPresent,
1475 &SaclIsInherited,
1478 if (SaclPresent)
1480 ASSERT(SaclLength % sizeof(ULONG) == 0);
1481
1482 /* Allocate and initialize the new security descriptor */
1484 OwnerLength + GroupLength + DaclLength + SaclLength;
1485
1486 DPRINT("L: sizeof(SECURITY_DESCRIPTOR) %u OwnerLength %lu GroupLength %lu DaclLength %lu SaclLength %lu\n",
1487 sizeof(SECURITY_DESCRIPTOR),
1488 OwnerLength,
1490 DaclLength,
1491 SaclLength);
1492
1494 if (Descriptor == NULL)
1495 {
1496 DPRINT1("ExAlloctePool() failed\n");
1499 }
1500
1503
1504 Descriptor->Control = Control | SE_SELF_RELATIVE;
1505
1506 Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1507
1508 if (SaclLength != 0)
1509 {
1511 &SaclLength,
1512 Sacl,
1513 Owner,
1514 Group,
1515 SaclIsInherited,
1519 Descriptor->Sacl = Current;
1520 Current += SaclLength;
1521 }
1522
1523 if (DaclLength != 0)
1524 {
1526 &DaclLength,
1527 Dacl,
1528 Owner,
1529 Group,
1530 DaclIsInherited,
1534 Descriptor->Dacl = Current;
1535 Current += DaclLength;
1536 }
1537
1538 if (OwnerLength != 0)
1539 {
1540 RtlCopyMemory((PUCHAR)Descriptor + Current, Owner, OwnerLength);
1541 Descriptor->Owner = Current;
1542 Current += OwnerLength;
1543 DPRINT("Owner of %p at %x\n", Descriptor, Descriptor->Owner);
1544 }
1545 else
1546 {
1547 DPRINT("Owner of %p is zero length\n", Descriptor);
1548 }
1549
1550 if (GroupLength != 0)
1551 {
1553 Descriptor->Group = Current;
1554 }
1555
1556 /* Unlock subject context */
1558
1560
1561 DPRINT("Descriptor %p\n", Descriptor);
1563
1564 return STATUS_SUCCESS;
1565}
1566
1600NTAPI
1601SeAssignSecurity(
1602 _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor,
1609{
1610 PAGED_CODE();
1611
1612 return SeAssignSecurityEx(ParentDescriptor,
1615 NULL,
1617 0,
1620 PoolType);
1621}
1622
1643NTAPI
1646 _Out_ PULONG QuotaInfoSize)
1647{
1648 PSID Group;
1649 PACL Dacl;
1650
1651 PAGED_CODE();
1652
1653 *QuotaInfoSize = 0;
1654
1655 /* Validate security descriptor revision */
1657 {
1659 }
1660
1661 /* Get group and DACL, if any */
1664
1665 /* Return SID length if any */
1666 if (Group != NULL)
1667 {
1668 *QuotaInfoSize = ALIGN_UP_BY(RtlLengthSid(Group), sizeof(ULONG));
1669 }
1670
1671 /* Return DACL if any */
1672 if (Dacl != NULL)
1673 {
1674 *QuotaInfoSize += ALIGN_UP_BY(Dacl->AclSize, sizeof(ULONG));
1675 }
1676
1677 return STATUS_SUCCESS;
1678}
1679
1680/* EOF */
#define PAGED_CODE()
#define CODE_SEG(...)
#define ALIGN_UP_BY(size, align)
unsigned char BOOLEAN
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
LONG NTSTATUS
Definition: precomp.h:26
#define DPRINT1
Definition: precomp.h:8
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ULONG_PTR
Definition: config.h:101
#define _IRQL_requires_max_(irql)
Definition: driverspecs.h:230
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define PASSIVE_LEVEL
Definition: env_spec_w32.h:693
#define PagedPool
Definition: env_spec_w32.h:308
#define ROUND_UP(n, align)
Definition: eventvwr.h:34
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define _SEH2_END
Definition: filesup.c:22
#define _SEH2_TRY
Definition: filesup.c:19
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
Status
Definition: gdiplustypes.h:25
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
#define ASSERT(a)
Definition: mode.c:44
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
ObjectType
Definition: metafile.c:81
struct _SID * PSID
Definition: eventlog.c:35
struct _SID SID
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
struct _ACL ACL
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
struct _ACL * PACL
Definition: security.c:105
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311
#define _Inout_
Definition: ms_sal.h:378
#define _Out_writes_bytes_(size)
Definition: ms_sal.h:350
#define _Out_
Definition: ms_sal.h:345
#define _In_
Definition: ms_sal.h:308
#define _In_opt_
Definition: ms_sal.h:309
#define KernelMode
Definition: asm.h:34
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1598
_In_opt_ PSID Group
Definition: rtlfuncs.h:1646
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1597
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1596
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
_In_ BOOLEAN DaclPresent
Definition: rtlfuncs.h:1635
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1595
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
_In_ ULONG Revision
Definition: rtlfuncs.h:1130
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(_Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, _In_ ULONG Revision)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1594
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define GENERIC_ALL
Definition: nt_native.h:92
#define DBG_UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:318
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
#define ARGUMENT_PRESENT(ArgumentPointer)
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
PACL SePublicOpenDacl
Definition: acl.c:19
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:18
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:109
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:20
PACL SeUnrestrictedDacl
Definition: acl.c:21
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Selects an ACL and returns it to the caller.
Definition: acl.c:804
PSID SeWorldSid
Definition: sid.c:25
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:89
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:129
NTSTATUS NTAPI SeComputeQuotaInformationSize(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:151
PACL SePublicDefaultDacl
Definition: acl.c:16
PACL SeSystemDefaultDacl
Definition: acl.c:17
BOOLEAN NTAPI SeValidSecurityDescriptor(_In_ ULONG Length, _In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
Determines if a security descriptor is valid according to the general security requirements and condi...
Definition: sd.c:1027
static ULONG DetermineSIDSize(_In_ PISID Sid, _Inout_ PULONG OutSAC, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of a SID.
Definition: sd.c:290
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:20
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:19
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:18
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:21
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:16
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
Definition: sd.c:22
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:17
NTSTATUS NTAPI SeSetWorldSecurityDescriptor(_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength)
Sets a "World" security descriptor.
Definition: sd.c:155
BOOLEAN NTAPI SepInitSDs(VOID)
Initializes the known security descriptors in the system.
Definition: sd.c:37
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
static ULONG DetermineACLSize(_In_ PACL Acl, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of an ACL.
Definition: sd.c:336
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360
#define STATUS_UNKNOWN_REVISION
Definition: ntstatus.h:324
#define STATUS_INVALID_ACL
Definition: ntstatus.h:355
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
#define STATUS_NO_SECURITY_ON_OBJECT
Definition: ntstatus.h:451
#define STATUS_INVALID_PRIMARY_GROUP
Definition: ntstatus.h:327
#define STATUS_INVALID_OWNER
Definition: ntstatus.h:326
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:162
#define ProbeForReadUchar(Ptr)
Definition: probe.h:61
#define ProbeForReadUshort(Ptr)
Definition: probe.h:63
#define STATUS_SUCCESS
Definition: shellext.h:65
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
#define DPRINT
Definition: sndvol32.h:71
Definition: rtltypes.h:993
USHORT AclSize
Definition: ms-dtyp.idl:296
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:839
BYTE Revision
Definition: ms-dtyp.idl:199
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:107
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:138
_In_ SIZE_T DescriptorSize
Definition: nls.c:40
#define TAG_SD
Definition: tag.h:153
uint32_t * PULONG
Definition: typedefs.h:59
INT POOL_TYPE
Definition: typedefs.h:78
#define NTAPI
Definition: typedefs.h:36
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
uint32_t ULONG_PTR
Definition: typedefs.h:65
unsigned char * PUCHAR
Definition: typedefs.h:53
uint32_t ULONG
Definition: typedefs.h:59
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:342
_In_ WDF_WMI_PROVIDER_CONTROL Control
Definition: wdfwmi.h:166
_In_ ULONG _In_ CONST SOCKADDR _In_ int GroupLength
Definition: ws2tcpip.h:712
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_Out_ PBOOLEAN SaclPresent
Definition: rtlfuncs.h:2413
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ ULONG AutoInheritFlags, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
Definition: sefuncs.h:29
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:31
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30
#define SE_OWNER_DEFAULTED
Definition: setypes.h:819
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define SE_DACL_DEFAULTED
Definition: setypes.h:822
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:834
#define SE_SACL_DEFAULTED
Definition: setypes.h:824
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
#define SEF_DEFAULT_GROUP_FROM_PARENT
Definition: setypes.h:141
#define SE_SACL_PRESENT
Definition: setypes.h:823
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SECURITY_DESCRIPTOR_MIN_LENGTH
Definition: setypes.h:815
#define ACL_REVISION
Definition: setypes.h:39
#define SE_GROUP_DEFAULTED
Definition: setypes.h:820
struct _SID * PISID
#define SEF_DEFAULT_OWNER_FROM_PARENT
Definition: setypes.h:140
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define SID_REVISION
Definition: setypes.h:481
#define SECURITY_DESCRIPTOR_REVISION1
Definition: setypes.h:59
#define SE_DACL_PRESENT
Definition: setypes.h:821