ReactOS  0.4.15-dev-2979-gfd8baca
sd.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS kernel
4  * FILE: ntoskrnl/se/sd.c
5  * PURPOSE: Security manager
6  *
7  * PROGRAMMERS: David Welch <welch@cwcom.net>
8  */
9 
10 /* INCLUDES *******************************************************************/
11 
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15 
16 /* GLOBALS ********************************************************************/
17 
25 
26 /* PRIVATE FUNCTIONS **********************************************************/
27 
28 CODE_SEG("INIT")
29 BOOLEAN
30 NTAPI
32 {
33  /* Create PublicDefaultSd */
35  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
36  if (SePublicDefaultSd == NULL)
37  return FALSE;
38 
42  TRUE,
44  FALSE);
45 
46  /* Create PublicDefaultUnrestrictedSd */
48  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
50  return FALSE;
51 
55  TRUE,
57  FALSE);
58 
59  /* Create PublicOpenSd */
61  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
62  if (SePublicOpenSd == NULL)
63  return FALSE;
64 
68  TRUE,
70  FALSE);
71 
72  /* Create PublicOpenUnrestrictedSd */
74  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
76  return FALSE;
77 
81  TRUE,
83  FALSE);
84 
85  /* Create SystemDefaultSd */
87  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
88  if (SeSystemDefaultSd == NULL)
89  return FALSE;
90 
94  TRUE,
96  FALSE);
97 
98  /* Create UnrestrictedSd */
100  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
101  if (SeUnrestrictedSd == NULL)
102  return FALSE;
103 
107  TRUE,
109  FALSE);
110 
111  /* Create SystemAnonymousLogonSd */
113  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
115  return FALSE;
116 
120  TRUE,
122  FALSE);
123 
124  return TRUE;
125 }
126 
127 NTSTATUS
128 NTAPI
132 {
133  ULONG Current;
134  ULONG SidSize;
135  ULONG SdSize;
138 
139  DPRINT("SeSetWorldSecurityDescriptor() called\n");
140 
141  if (SecurityInformation == 0)
142  {
143  return STATUS_ACCESS_DENIED;
144  }
145 
146  /* calculate the minimum size of the buffer */
147  SidSize = RtlLengthSid(SeWorldSid);
148  SdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
150  SdSize += SidSize;
152  SdSize += SidSize;
154  {
155  SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
156  }
157 
158  if (*BufferLength < SdSize)
159  {
160  *BufferLength = SdSize;
162  }
163 
164  *BufferLength = SdSize;
165 
168  if (!NT_SUCCESS(Status))
169  {
170  return Status;
171  }
172 
173  Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
174 
176  {
177  RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
178  SdRel->Owner = Current;
179  Current += SidSize;
180  }
181 
183  {
184  RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
185  SdRel->Group = Current;
186  Current += SidSize;
187  }
188 
190  {
191  PACL Dacl = (PACL)((PUCHAR)SdRel + Current);
192  SdRel->Control |= SE_DACL_PRESENT;
193 
195  sizeof(ACL) + sizeof(ACE) + SidSize,
196  ACL_REVISION);
197  if (!NT_SUCCESS(Status))
198  return Status;
199 
201  ACL_REVISION,
202  GENERIC_ALL,
203  SeWorldSid);
204  if (!NT_SUCCESS(Status))
205  return Status;
206 
207  SdRel->Dacl = Current;
208  }
209 
211  {
212  /* FIXME - SdRel->Control |= SE_SACL_PRESENT; */
213  }
214 
215  return STATUS_SUCCESS;
216 }
217 
218 /* PUBLIC FUNCTIONS ***********************************************************/
219 
220 static
221 ULONG
223  PISID Sid,
224  PULONG OutSAC,
225  KPROCESSOR_MODE ProcessorMode)
226 {
227  ULONG Size;
228 
229  if (!Sid)
230  {
231  *OutSAC = 0;
232  return 0;
233  }
234 
235  if (ProcessorMode != KernelMode)
236  {
237  /* Securely access the buffers! */
239  Size = RtlLengthRequiredSid(*OutSAC);
240  ProbeForRead(Sid, Size, sizeof(ULONG));
241  }
242  else
243  {
244  *OutSAC = Sid->SubAuthorityCount;
245  Size = RtlLengthRequiredSid(*OutSAC);
246  }
247 
248  return Size;
249 }
250 
251 static
252 ULONG
254  PACL Acl,
255  KPROCESSOR_MODE ProcessorMode)
256 {
257  ULONG Size;
258 
259  if (!Acl) return 0;
260 
261  if (ProcessorMode == KernelMode) return Acl->AclSize;
262 
263  /* Probe the buffers! */
265  ProbeForRead(Acl, Size, sizeof(ULONG));
266 
267  return Size;
268 }
269 
270 NTSTATUS
271 NTAPI
273  IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
274  IN KPROCESSOR_MODE CurrentMode,
276  IN BOOLEAN CaptureIfKernel,
277  OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
278 {
279  PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
280  SECURITY_DESCRIPTOR DescriptorCopy;
282  ULONG OwnerSAC = 0, GroupSAC = 0;
283  ULONG OwnerSize = 0, GroupSize = 0;
284  ULONG SaclSize = 0, DaclSize = 0;
285  ULONG DescriptorSize = 0;
286  ULONG Offset;
287 
288  if (!OriginalDescriptor)
289  {
290  /* Nothing to do... */
291  *CapturedSecurityDescriptor = NULL;
292  return STATUS_SUCCESS;
293  }
294 
295  /* Quick path */
296  if (CurrentMode == KernelMode && !CaptureIfKernel)
297  {
298  /* Check descriptor version */
299  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
300  {
302  }
303 
304  *CapturedSecurityDescriptor = _OriginalSecurityDescriptor;
305  return STATUS_SUCCESS;
306  }
307 
308  _SEH2_TRY
309  {
310  if (CurrentMode != KernelMode)
311  {
312  ProbeForRead(OriginalDescriptor,
314  sizeof(ULONG));
315  }
316 
317  /* Check the descriptor version */
318  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
319  {
321  }
322 
323  if (CurrentMode != KernelMode)
324  {
325  /* Get the size of the descriptor */
326  DescriptorSize = (OriginalDescriptor->Control & SE_SELF_RELATIVE) ?
328 
329  /* Probe the entire security descriptor structure. The SIDs
330  * and ACLs will be probed and copied later though */
331  ProbeForRead(OriginalDescriptor, DescriptorSize, sizeof(ULONG));
332  }
333 
334  /* Now capture all fields and convert to an absolute descriptor */
335  DescriptorCopy.Revision = OriginalDescriptor->Revision;
336  DescriptorCopy.Sbz1 = OriginalDescriptor->Sbz1;
337  DescriptorCopy.Control = OriginalDescriptor->Control & ~SE_SELF_RELATIVE;
338  DescriptorCopy.Owner = SepGetOwnerFromDescriptor(OriginalDescriptor);
339  DescriptorCopy.Group = SepGetGroupFromDescriptor(OriginalDescriptor);
340  DescriptorCopy.Sacl = SepGetSaclFromDescriptor(OriginalDescriptor);
341  DescriptorCopy.Dacl = SepGetDaclFromDescriptor(OriginalDescriptor);
342  DescriptorSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
343 
344  /* Determine owner and group sizes */
345  OwnerSize = DetermineSIDSize(DescriptorCopy.Owner, &OwnerSAC, CurrentMode);
346  DescriptorSize += ROUND_UP(OwnerSize, sizeof(ULONG));
347  GroupSize = DetermineSIDSize(DescriptorCopy.Group, &GroupSAC, CurrentMode);
348  DescriptorSize += ROUND_UP(GroupSize, sizeof(ULONG));
349 
350  /* Determine the size of the ACLs */
351  if (DescriptorCopy.Control & SE_SACL_PRESENT)
352  {
353  /* Get the size and probe if user mode */
354  SaclSize = DetermineACLSize(DescriptorCopy.Sacl, CurrentMode);
355  DescriptorSize += ROUND_UP(SaclSize, sizeof(ULONG));
356  }
357 
358  if (DescriptorCopy.Control & SE_DACL_PRESENT)
359  {
360  /* Get the size and probe if user mode */
361  DaclSize = DetermineACLSize(DescriptorCopy.Dacl, CurrentMode);
362  DescriptorSize += ROUND_UP(DaclSize, sizeof(ULONG));
363  }
364  }
366  {
368  }
369  _SEH2_END;
370 
371  /*
372  * Allocate enough memory to store a complete copy of a self-relative
373  * security descriptor
374  */
376  DescriptorSize,
377  TAG_SD);
379 
380  RtlZeroMemory(NewDescriptor, DescriptorSize);
381  NewDescriptor->Revision = DescriptorCopy.Revision;
382  NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
383  NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
384 
385  _SEH2_TRY
386  {
387  /*
388  * Setup the offsets and copy the SIDs and ACLs to the new
389  * self-relative security descriptor. Probing the pointers is not
390  * neccessary anymore as we did that when collecting the sizes!
391  * Make sure to validate the SIDs and ACLs *again* as they could have
392  * been modified in the meanwhile!
393  */
395 
396  if (DescriptorCopy.Owner)
397  {
398  if (!RtlValidSid(DescriptorCopy.Owner)) RtlRaiseStatus(STATUS_INVALID_SID);
401  DescriptorCopy.Owner,
402  OwnerSize);
403  Offset += ROUND_UP(OwnerSize, sizeof(ULONG));
404  }
405 
406  if (DescriptorCopy.Group)
407  {
408  if (!RtlValidSid(DescriptorCopy.Group)) RtlRaiseStatus(STATUS_INVALID_SID);
411  DescriptorCopy.Group,
412  GroupSize);
413  Offset += ROUND_UP(GroupSize, sizeof(ULONG));
414  }
415 
416  if (DescriptorCopy.Sacl)
417  {
418  if (!RtlValidAcl(DescriptorCopy.Sacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
421  DescriptorCopy.Sacl,
422  SaclSize);
423  Offset += ROUND_UP(SaclSize, sizeof(ULONG));
424  }
425 
426  if (DescriptorCopy.Dacl)
427  {
428  if (!RtlValidAcl(DescriptorCopy.Dacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
431  DescriptorCopy.Dacl,
432  DaclSize);
433  Offset += ROUND_UP(DaclSize, sizeof(ULONG));
434  }
435 
436  /* Make sure the size was correct */
437  ASSERT(Offset == DescriptorSize);
438  }
440  {
441  /* We failed to copy the data to the new descriptor */
444  }
445  _SEH2_END;
446 
447  /*
448  * We're finally done!
449  * Copy the pointer to the captured descriptor to to the caller.
450  */
451  *CapturedSecurityDescriptor = NewDescriptor;
452  return STATUS_SUCCESS;
453 }
454 
455 /*
456  * @implemented
457  */
459 NTSTATUS
460 NTAPI
465  _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
466 {
467  PISECURITY_DESCRIPTOR ObjectSd;
469  PSID Owner = NULL;
470  PSID Group = NULL;
471  PACL Dacl = NULL;
472  PACL Sacl = NULL;
473  ULONG OwnerLength = 0;
474  ULONG GroupLength = 0;
475  ULONG DaclLength = 0;
476  ULONG SaclLength = 0;
478  ULONG_PTR Current;
479  ULONG SdLength;
480 
481  PAGED_CODE();
482 
484 
485  if (*ObjectsSecurityDescriptor == NULL)
486  {
487  if (*Length < sizeof(SECURITY_DESCRIPTOR_RELATIVE))
488  {
491  }
492 
496  return STATUS_SUCCESS;
497  }
498 
499  ObjectSd = *ObjectsSecurityDescriptor;
500 
501  /* Calculate the required security descriptor length */
504  {
505  Owner = SepGetOwnerFromDescriptor(ObjectSd);
506  if (Owner != NULL)
507  {
508  OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
509  Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
510  }
511  }
512 
514  {
515  Group = SepGetGroupFromDescriptor(ObjectSd);
516  if (Group != NULL)
517  {
519  Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
520  }
521  }
522 
524  (ObjectSd->Control & SE_DACL_PRESENT))
525  {
526  Dacl = SepGetDaclFromDescriptor(ObjectSd);
527  if (Dacl != NULL)
528  {
529  DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
530  }
531 
532  Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
533  }
534 
536  (ObjectSd->Control & SE_SACL_PRESENT))
537  {
538  Sacl = SepGetSaclFromDescriptor(ObjectSd);
539  if (Sacl != NULL)
540  {
541  SaclLength = ROUND_UP(Sacl->AclSize, 4);
542  }
543 
544  Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
545  }
546 
547  SdLength = OwnerLength + GroupLength + DaclLength +
548  SaclLength + sizeof(SECURITY_DESCRIPTOR_RELATIVE);
549  if (*Length < SdLength)
550  {
551  *Length = SdLength;
553  }
554 
555  /* Build the new security descrtiptor */
558  RelSD->Control = Control;
559 
560  Current = (ULONG_PTR)(RelSD + 1);
561 
562  if (OwnerLength != 0)
563  {
564  RtlCopyMemory((PVOID)Current,
565  Owner,
566  OwnerLength);
567  RelSD->Owner = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
568  Current += OwnerLength;
569  }
570 
571  if (GroupLength != 0)
572  {
573  RtlCopyMemory((PVOID)Current,
574  Group,
575  GroupLength);
576  RelSD->Group = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
577  Current += GroupLength;
578  }
579 
580  if (DaclLength != 0)
581  {
582  RtlCopyMemory((PVOID)Current,
583  Dacl,
584  DaclLength);
585  RelSD->Dacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
586  Current += DaclLength;
587  }
588 
589  if (SaclLength != 0)
590  {
591  RtlCopyMemory((PVOID)Current,
592  Sacl,
593  SaclLength);
594  RelSD->Sacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
595  Current += SaclLength;
596  }
597 
598  *Length = SdLength;
599 
600  return STATUS_SUCCESS;
601 }
602 
603 /*
604  * @implemented
605  */
606 NTSTATUS
607 NTAPI
609  IN KPROCESSOR_MODE CurrentMode,
610  IN BOOLEAN CaptureIfKernelMode)
611 {
612  PAGED_CODE();
613 
614  /*
615  * WARNING! You need to call this function with the same value for CurrentMode
616  * and CaptureIfKernelMode that you previously passed to
617  * SeCaptureSecurityDescriptor() in order to avoid memory leaks!
618  */
619  if (CapturedSecurityDescriptor != NULL &&
620  (CurrentMode != KernelMode ||
621  (CurrentMode == KernelMode && CaptureIfKernelMode)))
622  {
623  /* Only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
624  ExFreePoolWithTag(CapturedSecurityDescriptor, TAG_SD);
625  }
626 
627  return STATUS_SUCCESS;
628 }
629 
630 /*
631  * @implemented
632  */
634 NTSTATUS
635 NTAPI
640  _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
643 {
644  PAGED_CODE();
645 
649  ObjectsSecurityDescriptor,
650  0,
651  PoolType,
653 }
654 
655 /*
656  * @implemented
657  */
659 NTSTATUS
660 NTAPI
663  _In_ PSECURITY_INFORMATION _SecurityInformation,
664  _In_ PSECURITY_DESCRIPTOR _SecurityDescriptor,
665  _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
666  _In_ ULONG AutoInheritFlags,
669 {
672  PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
673  PSID Owner;
674  PSID Group;
675  PACL Dacl;
676  PACL Sacl;
677  ULONG OwnerLength;
679  ULONG DaclLength;
680  ULONG SaclLength;
682  ULONG Current;
684 
685  PAGED_CODE();
686 
687  ObjectSd = *ObjectsSecurityDescriptor;
688 
689  /* The object does not have a security descriptor. */
690  if (!ObjectSd)
692 
693  ASSERT(ObjectSd->Control & SE_SELF_RELATIVE);
694 
695  SecurityInformation = *_SecurityInformation;
696 
697  /* Get owner and owner size */
699  {
702  }
703  else
704  {
705  Owner = SepGetOwnerFromDescriptor(ObjectSd);
706  Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
707  }
708  OwnerLength = Owner ? RtlLengthSid(Owner) : 0;
709  ASSERT(OwnerLength % sizeof(ULONG) == 0);
710 
711  /* Get group and group size */
713  {
716  }
717  else
718  {
719  Group = SepGetGroupFromDescriptor(ObjectSd);
720  Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
721  }
723  ASSERT(GroupLength % sizeof(ULONG) == 0);
724 
725  /* Get DACL and DACL size */
727  {
730  }
731  else
732  {
733  Dacl = SepGetDaclFromDescriptor(ObjectSd);
734  Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
735  }
736  DaclLength = Dacl ? ROUND_UP((ULONG)Dacl->AclSize, 4) : 0;
737 
738  /* Get SACL and SACL size */
740  {
743  }
744  else
745  {
746  Sacl = SepGetSaclFromDescriptor(ObjectSd);
747  Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
748  }
749  SaclLength = Sacl ? ROUND_UP((ULONG)Sacl->AclSize, 4) : 0;
750 
753  OwnerLength + GroupLength +
754  DaclLength + SaclLength,
755  TAG_SD);
756  if (NewSd == NULL)
757  {
759  }
760 
762 
763  Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
764 
765  if (OwnerLength != 0)
766  {
767  RtlCopyMemory((PUCHAR)NewSd + Current, Owner, OwnerLength);
768  NewSd->Owner = Current;
769  Current += OwnerLength;
770  }
771 
772  if (GroupLength != 0)
773  {
774  RtlCopyMemory((PUCHAR)NewSd + Current, Group, GroupLength);
775  NewSd->Group = Current;
776  Current += GroupLength;
777  }
778 
779  if (DaclLength != 0)
780  {
781  RtlCopyMemory((PUCHAR)NewSd + Current, Dacl, DaclLength);
782  NewSd->Dacl = Current;
783  Current += DaclLength;
784  }
785 
786  if (SaclLength != 0)
787  {
788  RtlCopyMemory((PUCHAR)NewSd + Current, Sacl, SaclLength);
789  NewSd->Sacl = Current;
790  Current += SaclLength;
791  }
792 
793  NewSd->Control |= Control;
794  *ObjectsSecurityDescriptor = NewSd;
795  return STATUS_SUCCESS;
796 }
797 
798 
799 /*
800  * @implemented
801  */
804  IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
805 {
806  ULONG SdLength;
807  PISID Sid;
808  PACL Acl;
810 
812  {
813  DPRINT1("Invalid Security Descriptor revision\n");
814  return FALSE;
815  }
816 
818  {
819  DPRINT1("Invalid Security Descriptor revision\n");
820  return FALSE;
821  }
822 
823  if (!(SecurityDescriptor->Control & SE_SELF_RELATIVE))
824  {
825  DPRINT1("No self-relative Security Descriptor\n");
826  return FALSE;
827  }
828 
829  SdLength = sizeof(SECURITY_DESCRIPTOR);
830 
831  /* Check Owner SID */
832  if (!SecurityDescriptor->Owner)
833  {
834  DPRINT1("No Owner SID\n");
835  return FALSE;
836  }
837 
838  if (SecurityDescriptor->Owner % sizeof(ULONG))
839  {
840  DPRINT1("Invalid Owner SID alignment\n");
841  return FALSE;
842  }
843 
845  if (Sid->Revision != SID_REVISION)
846  {
847  DPRINT1("Invalid Owner SID revision\n");
848  return FALSE;
849  }
850 
851  SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
852  if (Length < SdLength)
853  {
854  DPRINT1("Invalid Owner SID size\n");
855  return FALSE;
856  }
857 
858  /* Check Group SID */
859  if (SecurityDescriptor->Group)
860  {
861  if (SecurityDescriptor->Group % sizeof(ULONG))
862  {
863  DPRINT1("Invalid Group SID alignment\n");
864  return FALSE;
865  }
866 
868  if (Sid->Revision != SID_REVISION)
869  {
870  DPRINT1("Invalid Group SID revision\n");
871  return FALSE;
872  }
873 
874  SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
875  if (Length < SdLength)
876  {
877  DPRINT1("Invalid Group SID size\n");
878  return FALSE;
879  }
880  }
881 
882  /* Check DACL */
883  if (SecurityDescriptor->Dacl)
884  {
885  if (SecurityDescriptor->Dacl % sizeof(ULONG))
886  {
887  DPRINT1("Invalid DACL alignment\n");
888  return FALSE;
889  }
890 
892  if ((Acl->AclRevision < MIN_ACL_REVISION) ||
893  (Acl->AclRevision > MAX_ACL_REVISION))
894  {
895  DPRINT1("Invalid DACL revision\n");
896  return FALSE;
897  }
898 
899  SdLength += Acl->AclSize;
900  if (Length < SdLength)
901  {
902  DPRINT1("Invalid DACL size\n");
903  return FALSE;
904  }
905  }
906 
907  /* Check SACL */
908  if (SecurityDescriptor->Sacl)
909  {
910  if (SecurityDescriptor->Sacl % sizeof(ULONG))
911  {
912  DPRINT1("Invalid SACL alignment\n");
913  return FALSE;
914  }
915 
917  if ((Acl->AclRevision < MIN_ACL_REVISION) ||
918  (Acl->AclRevision > MAX_ACL_REVISION))
919  {
920  DPRINT1("Invalid SACL revision\n");
921  return FALSE;
922  }
923 
924  SdLength += Acl->AclSize;
925  if (Length < SdLength)
926  {
927  DPRINT1("Invalid SACL size\n");
928  return FALSE;
929  }
930  }
931 
932  return TRUE;
933 }
934 
935 /*
936  * @implemented
937  */
939 NTSTATUS
940 NTAPI
941 SeDeassignSecurity(
943 {
944  PAGED_CODE();
945 
946  if (*SecurityDescriptor != NULL)
947  {
950  }
951 
952  return STATUS_SUCCESS;
953 }
954 
955 /*
956  * @implemented
957  */
959 NTSTATUS
960 NTAPI
962  _In_opt_ PSECURITY_DESCRIPTOR _ParentDescriptor,
963  _In_opt_ PSECURITY_DESCRIPTOR _ExplicitDescriptor,
967  _In_ ULONG AutoInheritFlags,
971 {
972  PISECURITY_DESCRIPTOR ParentDescriptor = _ParentDescriptor;
973  PISECURITY_DESCRIPTOR ExplicitDescriptor = _ExplicitDescriptor;
975  PTOKEN Token;
976  ULONG OwnerLength;
978  ULONG DaclLength;
979  ULONG SaclLength;
980  ULONG Length;
982  ULONG Current;
983  PSID Owner = NULL;
984  PSID Group = NULL;
985  PACL ExplicitAcl;
986  BOOLEAN ExplicitPresent;
987  BOOLEAN ExplicitDefaulted;
988  PACL ParentAcl;
989  PACL Dacl = NULL;
990  PACL Sacl = NULL;
991  BOOLEAN DaclIsInherited;
992  BOOLEAN SaclIsInherited;
996 
998  DBG_UNREFERENCED_PARAMETER(AutoInheritFlags);
1000 
1001  PAGED_CODE();
1002 
1003  *NewDescriptor = NULL;
1004 
1006  {
1007  return STATUS_NO_TOKEN;
1008  }
1009 
1010  /* Lock subject context */
1012 
1013  if (SubjectContext->ClientToken != NULL)
1014  {
1015  Token = SubjectContext->ClientToken;
1016  }
1017  else
1018  {
1019  Token = SubjectContext->PrimaryToken;
1020  }
1021 
1022  /* Inherit the Owner SID */
1023  if (ExplicitDescriptor != NULL)
1024  {
1025  DPRINT("Use explicit owner sid!\n");
1027  }
1028  if (!Owner)
1029  {
1030  if (AutoInheritFlags & 0x20 /* FIXME: SEF_DEFAULT_OWNER_FROM_PARENT */)
1031  {
1032  DPRINT("Use parent owner sid!\n");
1033  if (!ARGUMENT_PRESENT(ParentDescriptor))
1034  {
1036  return STATUS_INVALID_OWNER;
1037  }
1038 
1039  Owner = SepGetOwnerFromDescriptor(ParentDescriptor);
1040  if (!Owner)
1041  {
1043  return STATUS_INVALID_OWNER;
1044  }
1045  }
1046  else
1047  {
1048  DPRINT("Use token owner sid!\n");
1049  Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
1050  }
1051  }
1052  OwnerLength = RtlLengthSid(Owner);
1053  ASSERT(OwnerLength % sizeof(ULONG) == 0);
1054 
1055  /* Inherit the Group SID */
1056  if (ExplicitDescriptor != NULL)
1057  {
1059  }
1060  if (!Group)
1061  {
1062  if (AutoInheritFlags & 0x40 /* FIXME: SEF_DEFAULT_GROUP_FROM_PARENT */)
1063  {
1064  DPRINT("Use parent group sid!\n");
1065  if (!ARGUMENT_PRESENT(ParentDescriptor))
1066  {
1069  }
1070 
1071  Group = SepGetGroupFromDescriptor(ParentDescriptor);
1072  if (!Group)
1073  {
1076  }
1077  }
1078  else
1079  {
1080  DPRINT("Use token group sid!\n");
1081  Group = Token->PrimaryGroup;
1082  }
1083  }
1084  if (!Group)
1085  {
1088  }
1090  ASSERT(GroupLength % sizeof(ULONG) == 0);
1091 
1092  /* Inherit the DACL */
1093  DaclLength = 0;
1094  ExplicitAcl = NULL;
1095  ExplicitPresent = FALSE;
1096  ExplicitDefaulted = FALSE;
1097  if (ExplicitDescriptor != NULL &&
1099  {
1101  ExplicitPresent = TRUE;
1103  ExplicitDefaulted = TRUE;
1104  }
1105  ParentAcl = NULL;
1106  if (ParentDescriptor != NULL &&
1107  (ParentDescriptor->Control & SE_DACL_PRESENT))
1108  {
1109  ParentAcl = SepGetDaclFromDescriptor(ParentDescriptor);
1110  }
1111  Dacl = SepSelectAcl(ExplicitAcl,
1112  ExplicitPresent,
1113  ExplicitDefaulted,
1114  ParentAcl,
1115  Token->DefaultDacl,
1116  &DaclLength,
1117  Owner,
1118  Group,
1119  &DaclPresent,
1120  &DaclIsInherited,
1122  GenericMapping);
1123  if (DaclPresent)
1125  ASSERT(DaclLength % sizeof(ULONG) == 0);
1126 
1127  /* Inherit the SACL */
1128  SaclLength = 0;
1129  ExplicitAcl = NULL;
1130  ExplicitPresent = FALSE;
1131  ExplicitDefaulted = FALSE;
1132  if (ExplicitDescriptor != NULL &&
1134  {
1136  ExplicitPresent = TRUE;
1138  ExplicitDefaulted = TRUE;
1139  }
1140  ParentAcl = NULL;
1141  if (ParentDescriptor != NULL &&
1142  (ParentDescriptor->Control & SE_SACL_PRESENT))
1143  {
1144  ParentAcl = SepGetSaclFromDescriptor(ParentDescriptor);
1145  }
1146  Sacl = SepSelectAcl(ExplicitAcl,
1147  ExplicitPresent,
1148  ExplicitDefaulted,
1149  ParentAcl,
1150  NULL,
1151  &SaclLength,
1152  Owner,
1153  Group,
1154  &SaclPresent,
1155  &SaclIsInherited,
1157  GenericMapping);
1158  if (SaclPresent)
1160  ASSERT(SaclLength % sizeof(ULONG) == 0);
1161 
1162  /* Allocate and initialize the new security descriptor */
1164  OwnerLength + GroupLength + DaclLength + SaclLength;
1165 
1166  DPRINT("L: sizeof(SECURITY_DESCRIPTOR) %u OwnerLength %lu GroupLength %lu DaclLength %lu SaclLength %lu\n",
1167  sizeof(SECURITY_DESCRIPTOR),
1168  OwnerLength,
1169  GroupLength,
1170  DaclLength,
1171  SaclLength);
1172 
1174  if (Descriptor == NULL)
1175  {
1176  DPRINT1("ExAlloctePool() failed\n");
1179  }
1180 
1183 
1184  Descriptor->Control = Control | SE_SELF_RELATIVE;
1185 
1186  Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1187 
1188  if (SaclLength != 0)
1189  {
1190  Status = SepPropagateAcl((PACL)((PUCHAR)Descriptor + Current),
1191  &SaclLength,
1192  Sacl,
1193  Owner,
1194  Group,
1195  SaclIsInherited,
1197  GenericMapping);
1199  Descriptor->Sacl = Current;
1200  Current += SaclLength;
1201  }
1202 
1203  if (DaclLength != 0)
1204  {
1205  Status = SepPropagateAcl((PACL)((PUCHAR)Descriptor + Current),
1206  &DaclLength,
1207  Dacl,
1208  Owner,
1209  Group,
1210  DaclIsInherited,
1212  GenericMapping);
1214  Descriptor->Dacl = Current;
1215  Current += DaclLength;
1216  }
1217 
1218  if (OwnerLength != 0)
1219  {
1220  RtlCopyMemory((PUCHAR)Descriptor + Current, Owner, OwnerLength);
1221  Descriptor->Owner = Current;
1222  Current += OwnerLength;
1223  DPRINT("Owner of %p at %x\n", Descriptor, Descriptor->Owner);
1224  }
1225  else
1226  {
1227  DPRINT("Owner of %p is zero length\n", Descriptor);
1228  }
1229 
1230  if (GroupLength != 0)
1231  {
1233  Descriptor->Group = Current;
1234  }
1235 
1236  /* Unlock subject context */
1238 
1240 
1241  DPRINT("Descriptor %p\n", Descriptor);
1243 
1244  return STATUS_SUCCESS;
1245 }
1246 
1247 /*
1248  * @implemented
1249  */
1251 NTSTATUS
1252 NTAPI
1253 SeAssignSecurity(
1254  _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor,
1261 {
1262  PAGED_CODE();
1263 
1264  return SeAssignSecurityEx(ParentDescriptor,
1266  NewDescriptor,
1267  NULL,
1269  0,
1272  PoolType);
1273 }
1274 
1275 /*
1276  * @implemented
1277  */
1279 NTSTATUS
1280 NTAPI
1283  _Out_ PULONG QuotaInfoSize)
1284 {
1285  PSID Group;
1286  PACL Dacl;
1287 
1288  PAGED_CODE();
1289 
1290  *QuotaInfoSize = 0;
1291 
1292  /* Validate security descriptor revision */
1294  {
1295  return STATUS_UNKNOWN_REVISION;
1296  }
1297 
1298  /* Get group and DACL, if any */
1301 
1302  /* Return SID length if any */
1303  if (Group != NULL)
1304  {
1305  *QuotaInfoSize = ALIGN_UP_BY(RtlLengthSid(Group), sizeof(ULONG));
1306  }
1307 
1308  /* Return DACL if any */
1309  if (Dacl != NULL)
1310  {
1311  *QuotaInfoSize += ALIGN_UP_BY(Dacl->AclSize, sizeof(ULONG));
1312  }
1313 
1314  return STATUS_SUCCESS;
1315 }
1316 
1317 /* EOF */
NTSTATUS NTAPI SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation, PISECURITY_DESCRIPTOR SecurityDescriptor, PULONG BufferLength)
Definition: sd.c:129
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
ObjectType
Definition: metafile.c:80
#define IN
Definition: typedefs.h:39
#define SE_SACL_PRESENT
Definition: setypes.h:773
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
#define GENERIC_ALL
Definition: nt_native.h:92
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:784
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
#define _In_opt_
Definition: ms_sal.h:309
_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
Definition: sefuncs.h:29
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:20
#define _Inout_
Definition: ms_sal.h:378
#define ProbeForReadUchar(Ptr)
Definition: probe.h:61
#define SECURITY_DESCRIPTOR_MIN_LENGTH
Definition: setypes.h:765
#define _Out_
Definition: ms_sal.h:345
NTSTATUS NTAPI SeComputeQuotaInformationSize(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
struct _SID SID
#define MAX_ACL_REVISION
Definition: setypes.h:47
#define TRUE
Definition: types.h:120
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
USHORT AclSize
Definition: ms-dtyp.idl:296
#define DBG_UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:318
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:18
PACL SeSystemDefaultDacl
Definition: acl.c:19
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:23
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
_In_opt_ PSID Group
Definition: rtlfuncs.h:1605
unsigned char * PUCHAR
Definition: retypes.h:3
#define SID_REVISION
Definition: setypes.h:453
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
NTSTATUS NTAPI RtlCreateSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:117
NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(IN PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:139
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SE_DACL_PRESENT
Definition: setypes.h:771
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:20
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
_In_ ULONG Revision
Definition: rtlfuncs.h:1103
BOOLEAN NTAPI SepInitSDs(VOID)
Definition: sd.c:31
_In_ BOOLEAN DaclPresent
Definition: rtlfuncs.h:1594
static ULONG DetermineACLSize(PACL Acl, KPROCESSOR_MODE ProcessorMode)
Definition: sd.c:253
#define SE_OWNER_DEFAULTED
Definition: setypes.h:769
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:608
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4226
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN DaclPresent, IN PACL Dacl, IN BOOLEAN DaclDefaulted)
Definition: sd.c:303
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
#define FALSE
Definition: types.h:117
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
PACL SePublicOpenDacl
Definition: acl.c:21
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
struct _SID * PISID
FORCEINLINE PACL SepGetSaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:98
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
_Out_ PBOOLEAN SaclPresent
Definition: rtlfuncs.h:2413
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
unsigned char BOOLEAN
_In_ WDF_WMI_PROVIDER_CONTROL Control
Definition: wdfwmi.h:166
struct _ACL ACL
#define _In_
Definition: ms_sal.h:308
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1554
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
#define TAG_SD
Definition: tag.h:176
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
#define SE_DACL_DEFAULTED
Definition: setypes.h:772
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:21
struct _ACL * PACL
Definition: security.c:104
Status
Definition: gdiplustypes.h:24
FORCEINLINE PSID SepGetOwnerFromDescriptor(PVOID _Descriptor)
Definition: se.h:58
#define STATUS_INVALID_PRIMARY_GROUP
Definition: ntstatus.h:327
_IRQL_requires_max_(PASSIVE_LEVEL)
Definition: sd.c:458
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311
INT POOL_TYPE
Definition: typedefs.h:78
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ARGUMENT_PRESENT(ArgumentPointer)
#define MIN_ACL_REVISION
Definition: setypes.h:46
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define STATUS_NO_SECURITY_ON_OBJECT
Definition: ntstatus.h:451
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
struct _SID * PSID
Definition: eventlog.c:35
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
#define PASSIVE_LEVEL
Definition: env_spec_w32.h:693
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
PSID SeWorldSid
Definition: sid.c:27
#define SE_GROUP_DEFAULTED
Definition: setypes.h:770
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
FORCEINLINE PSID SepGetGroupFromDescriptor(PVOID _Descriptor)
Definition: se.h:39
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:19
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ ULONG AutoInheritFlags, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
UCHAR AclRevision
Definition: ms-dtyp.idl:294
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:77
_SEH2_END
Definition: create.c:4400
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:789
PACL SePublicDefaultDacl
Definition: acl.c:18
#define STATUS_INVALID_ACL
Definition: ntstatus.h:355
BOOLEAN NTAPI SeValidSecurityDescriptor(IN ULONG Length, IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
Definition: sd.c:803
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1556
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
unsigned int * PULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
#define STATUS_INVALID_OWNER
Definition: ntstatus.h:326
#define DPRINT1
Definition: precomp.h:8
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1552
#define ACL_REVISION
Definition: setypes.h:39
#define OUT
Definition: typedefs.h:40
PACL SeUnrestrictedDacl
Definition: acl.c:23
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:22
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define ProbeForReadUshort(Ptr)
Definition: probe.h:63
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define ULONG_PTR
Definition: config.h:101
#define ALIGN_UP_BY(size, align)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1554
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
Definition: sd.c:24
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
BYTE Revision
Definition: ms-dtyp.idl:199
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:272
_In_ ULONG _In_ CONST SOCKADDR _In_ int GroupLength
Definition: ws2tcpip.h:710
#define STATUS_SUCCESS
Definition: shellext.h:65
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:22
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define DPRINT
Definition: sndvol32.h:71
#define SE_SACL_DEFAULTED
Definition: setypes.h:774
#define _Out_writes_bytes_(size)
Definition: ms_sal.h:350
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
#define SECURITY_DESCRIPTOR_REVISION1
Definition: setypes.h:59
ULONG NTAPI RtlLengthSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: sd.c:161
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:24
Definition: rtltypes.h:990
#define STATUS_UNKNOWN_REVISION
Definition: ntstatus.h:324
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
#define PAGED_CODE()
static ULONG DetermineSIDSize(PISID Sid, PULONG OutSAC, KPROCESSOR_MODE ProcessorMode)
Definition: sd.c:222
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Definition: acl.c:613