ReactOS  0.4.13-dev-92-gf251225
sd.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS kernel
4  * FILE: ntoskrnl/se/sd.c
5  * PURPOSE: Security manager
6  *
7  * PROGRAMMERS: David Welch <welch@cwcom.net>
8  */
9 
10 /* INCLUDES *******************************************************************/
11 
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15 
16 #if defined (ALLOC_PRAGMA)
17 #pragma alloc_text(INIT, SepInitSDs)
18 #endif
19 
20 /* GLOBALS ********************************************************************/
21 
28 
29 /* PRIVATE FUNCTIONS **********************************************************/
30 
31 BOOLEAN
32 INIT_FUNCTION
33 NTAPI
35 {
36  /* Create PublicDefaultSd */
38  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
39  if (SePublicDefaultSd == NULL)
40  return FALSE;
41 
45  TRUE,
47  FALSE);
48 
49  /* Create PublicDefaultUnrestrictedSd */
51  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
53  return FALSE;
54 
58  TRUE,
60  FALSE);
61 
62  /* Create PublicOpenSd */
64  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
65  if (SePublicOpenSd == NULL)
66  return FALSE;
67 
71  TRUE,
73  FALSE);
74 
75  /* Create PublicOpenUnrestrictedSd */
77  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
79  return FALSE;
80 
84  TRUE,
86  FALSE);
87 
88  /* Create SystemDefaultSd */
90  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
91  if (SeSystemDefaultSd == NULL)
92  return FALSE;
93 
97  TRUE,
99  FALSE);
100 
101  /* Create UnrestrictedSd */
103  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
104  if (SeUnrestrictedSd == NULL)
105  return FALSE;
106 
110  TRUE,
112  FALSE);
113 
114  return TRUE;
115 }
116 
117 NTSTATUS
118 NTAPI
122 {
123  ULONG Current;
124  ULONG SidSize;
125  ULONG SdSize;
128 
129  DPRINT("SeSetWorldSecurityDescriptor() called\n");
130 
131  if (SecurityInformation == 0)
132  {
133  return STATUS_ACCESS_DENIED;
134  }
135 
136  /* calculate the minimum size of the buffer */
137  SidSize = RtlLengthSid(SeWorldSid);
138  SdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
140  SdSize += SidSize;
142  SdSize += SidSize;
144  {
145  SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
146  }
147 
148  if (*BufferLength < SdSize)
149  {
150  *BufferLength = SdSize;
152  }
153 
154  *BufferLength = SdSize;
155 
158  if (!NT_SUCCESS(Status))
159  {
160  return Status;
161  }
162 
163  Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
164 
166  {
167  RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
168  SdRel->Owner = Current;
169  Current += SidSize;
170  }
171 
173  {
174  RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
175  SdRel->Group = Current;
176  Current += SidSize;
177  }
178 
180  {
181  PACL Dacl = (PACL)((PUCHAR)SdRel + Current);
182  SdRel->Control |= SE_DACL_PRESENT;
183 
185  sizeof(ACL) + sizeof(ACE) + SidSize,
186  ACL_REVISION);
187  if (!NT_SUCCESS(Status))
188  return Status;
189 
191  ACL_REVISION,
192  GENERIC_ALL,
193  SeWorldSid);
194  if (!NT_SUCCESS(Status))
195  return Status;
196 
197  SdRel->Dacl = Current;
198  }
199 
201  {
202  /* FIXME - SdRel->Control |= SE_SACL_PRESENT; */
203  }
204 
205  return STATUS_SUCCESS;
206 }
207 
208 
209 NTSTATUS
210 NTAPI
214  IN BOOLEAN CaptureIfKernel,
215  OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
216  OUT PBOOLEAN Present)
217 {
218  PSECURITY_QUALITY_OF_SERVICE CapturedQos;
220 
221  PAGED_CODE();
222 
223  ASSERT(CapturedSecurityQualityOfService);
224  ASSERT(Present);
225 
226  if (ObjectAttributes != NULL)
227  {
228  if (AccessMode != KernelMode)
229  {
231 
232  _SEH2_TRY
233  {
235  sizeof(OBJECT_ATTRIBUTES),
236  sizeof(ULONG));
237  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
238  {
239  if (ObjectAttributes->SecurityQualityOfService != NULL)
240  {
241  ProbeForRead(ObjectAttributes->SecurityQualityOfService,
243  sizeof(ULONG));
244 
245  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
247  {
248  /*
249  * Don't allocate memory here because ExAllocate should bugcheck
250  * the system if it's buggy, SEH would catch that! So make a local
251  * copy of the qos structure.
252  */
253  RtlCopyMemory(&SafeQos,
254  ObjectAttributes->SecurityQualityOfService,
256  *Present = TRUE;
257  }
258  else
259  {
261  }
262  }
263  else
264  {
265  *CapturedSecurityQualityOfService = NULL;
266  *Present = FALSE;
267  }
268  }
269  else
270  {
272  }
273  }
275  {
277  }
278  _SEH2_END;
279 
280  if (NT_SUCCESS(Status))
281  {
282  if (*Present)
283  {
284  CapturedQos = ExAllocatePoolWithTag(PoolType,
286  TAG_QOS);
287  if (CapturedQos != NULL)
288  {
289  RtlCopyMemory(CapturedQos,
290  &SafeQos,
292  *CapturedSecurityQualityOfService = CapturedQos;
293  }
294  else
295  {
297  }
298  }
299  else
300  {
301  *CapturedSecurityQualityOfService = NULL;
302  }
303  }
304  }
305  else
306  {
307  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
308  {
309  if (CaptureIfKernel)
310  {
311  if (ObjectAttributes->SecurityQualityOfService != NULL)
312  {
313  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
315  {
316  CapturedQos = ExAllocatePoolWithTag(PoolType,
318  TAG_QOS);
319  if (CapturedQos != NULL)
320  {
321  RtlCopyMemory(CapturedQos,
322  ObjectAttributes->SecurityQualityOfService,
324  *CapturedSecurityQualityOfService = CapturedQos;
325  *Present = TRUE;
326  }
327  else
328  {
330  }
331  }
332  else
333  {
335  }
336  }
337  else
338  {
339  *CapturedSecurityQualityOfService = NULL;
340  *Present = FALSE;
341  }
342  }
343  else
344  {
345  *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
346  *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
347  }
348  }
349  else
350  {
352  }
353  }
354  }
355  else
356  {
357  *CapturedSecurityQualityOfService = NULL;
358  *Present = FALSE;
359  }
360 
361  return Status;
362 }
363 
364 
365 VOID
366 NTAPI
369  IN BOOLEAN CaptureIfKernel)
370 {
371  PAGED_CODE();
372 
373  if (CapturedSecurityQualityOfService != NULL &&
374  (AccessMode != KernelMode || CaptureIfKernel))
375  {
376  ExFreePoolWithTag(CapturedSecurityQualityOfService, TAG_QOS);
377  }
378 }
379 
380 /* PUBLIC FUNCTIONS ***********************************************************/
381 
382 static
383 ULONG
385  PISID Sid,
386  PULONG OutSAC,
387  KPROCESSOR_MODE ProcessorMode)
388 {
389  ULONG Size;
390 
391  if (!Sid)
392  {
393  *OutSAC = 0;
394  return 0;
395  }
396 
397  if (ProcessorMode != KernelMode)
398  {
399  /* Securely access the buffers! */
401  Size = RtlLengthRequiredSid(*OutSAC);
402  ProbeForRead(Sid, Size, sizeof(ULONG));
403  }
404  else
405  {
406  *OutSAC = Sid->SubAuthorityCount;
407  Size = RtlLengthRequiredSid(*OutSAC);
408  }
409 
410  return Size;
411 }
412 
413 static
414 ULONG
416  PACL Acl,
417  KPROCESSOR_MODE ProcessorMode)
418 {
419  ULONG Size;
420 
421  if (!Acl) return 0;
422 
423  if (ProcessorMode == KernelMode) return Acl->AclSize;
424 
425  /* Probe the buffers! */
427  ProbeForRead(Acl, Size, sizeof(ULONG));
428 
429  return Size;
430 }
431 
432 NTSTATUS
433 NTAPI
435  IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
436  IN KPROCESSOR_MODE CurrentMode,
438  IN BOOLEAN CaptureIfKernel,
439  OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
440 {
441  PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
442  SECURITY_DESCRIPTOR DescriptorCopy;
444  ULONG OwnerSAC = 0, GroupSAC = 0;
445  ULONG OwnerSize = 0, GroupSize = 0;
446  ULONG SaclSize = 0, DaclSize = 0;
447  ULONG DescriptorSize = 0;
448  ULONG Offset;
449 
450  if (!OriginalDescriptor)
451  {
452  /* Nothing to do... */
453  *CapturedSecurityDescriptor = NULL;
454  return STATUS_SUCCESS;
455  }
456 
457  /* Quick path */
458  if (CurrentMode == KernelMode && !CaptureIfKernel)
459  {
460  /* Check descriptor version */
461  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
462  {
464  }
465 
466  *CapturedSecurityDescriptor = _OriginalSecurityDescriptor;
467  return STATUS_SUCCESS;
468  }
469 
470  _SEH2_TRY
471  {
472  if (CurrentMode != KernelMode)
473  {
474  ProbeForRead(OriginalDescriptor,
476  sizeof(ULONG));
477  }
478 
479  /* Check the descriptor version */
480  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
481  {
483  }
484 
485  if (CurrentMode != KernelMode)
486  {
487  /* Get the size of the descriptor */
488  DescriptorSize = (OriginalDescriptor->Control & SE_SELF_RELATIVE) ?
490 
491  /* Probe the entire security descriptor structure. The SIDs
492  * and ACLs will be probed and copied later though */
493  ProbeForRead(OriginalDescriptor, DescriptorSize, sizeof(ULONG));
494  }
495 
496  /* Now capture all fields and convert to an absolute descriptor */
497  DescriptorCopy.Revision = OriginalDescriptor->Revision;
498  DescriptorCopy.Sbz1 = OriginalDescriptor->Sbz1;
499  DescriptorCopy.Control = OriginalDescriptor->Control & ~SE_SELF_RELATIVE;
500  DescriptorCopy.Owner = SepGetOwnerFromDescriptor(OriginalDescriptor);
501  DescriptorCopy.Group = SepGetGroupFromDescriptor(OriginalDescriptor);
502  DescriptorCopy.Sacl = SepGetSaclFromDescriptor(OriginalDescriptor);
503  DescriptorCopy.Dacl = SepGetDaclFromDescriptor(OriginalDescriptor);
504  DescriptorSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
505 
506  /* Determine owner and group sizes */
507  OwnerSize = DetermineSIDSize(DescriptorCopy.Owner, &OwnerSAC, CurrentMode);
508  DescriptorSize += ROUND_UP(OwnerSize, sizeof(ULONG));
509  GroupSize = DetermineSIDSize(DescriptorCopy.Group, &GroupSAC, CurrentMode);
510  DescriptorSize += ROUND_UP(GroupSize, sizeof(ULONG));
511 
512  /* Determine the size of the ACLs */
513  if (DescriptorCopy.Control & SE_SACL_PRESENT)
514  {
515  /* Get the size and probe if user mode */
516  SaclSize = DetermineACLSize(DescriptorCopy.Sacl, CurrentMode);
517  DescriptorSize += ROUND_UP(SaclSize, sizeof(ULONG));
518  }
519 
520  if (DescriptorCopy.Control & SE_DACL_PRESENT)
521  {
522  /* Get the size and probe if user mode */
523  DaclSize = DetermineACLSize(DescriptorCopy.Dacl, CurrentMode);
524  DescriptorSize += ROUND_UP(DaclSize, sizeof(ULONG));
525  }
526  }
528  {
530  }
531  _SEH2_END;
532 
533  /*
534  * Allocate enough memory to store a complete copy of a self-relative
535  * security descriptor
536  */
538  DescriptorSize,
539  TAG_SD);
541 
542  RtlZeroMemory(NewDescriptor, DescriptorSize);
543  NewDescriptor->Revision = DescriptorCopy.Revision;
544  NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
545  NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
546 
547  _SEH2_TRY
548  {
549  /*
550  * Setup the offsets and copy the SIDs and ACLs to the new
551  * self-relative security descriptor. Probing the pointers is not
552  * neccessary anymore as we did that when collecting the sizes!
553  * Make sure to validate the SIDs and ACLs *again* as they could have
554  * been modified in the meanwhile!
555  */
557 
558  if (DescriptorCopy.Owner)
559  {
560  if (!RtlValidSid(DescriptorCopy.Owner)) RtlRaiseStatus(STATUS_INVALID_SID);
563  DescriptorCopy.Owner,
564  OwnerSize);
565  Offset += ROUND_UP(OwnerSize, sizeof(ULONG));
566  }
567 
568  if (DescriptorCopy.Group)
569  {
570  if (!RtlValidSid(DescriptorCopy.Group)) RtlRaiseStatus(STATUS_INVALID_SID);
573  DescriptorCopy.Group,
574  GroupSize);
575  Offset += ROUND_UP(GroupSize, sizeof(ULONG));
576  }
577 
578  if (DescriptorCopy.Sacl)
579  {
580  if (!RtlValidAcl(DescriptorCopy.Sacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
583  DescriptorCopy.Sacl,
584  SaclSize);
585  Offset += ROUND_UP(SaclSize, sizeof(ULONG));
586  }
587 
588  if (DescriptorCopy.Dacl)
589  {
590  if (!RtlValidAcl(DescriptorCopy.Dacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
593  DescriptorCopy.Dacl,
594  DaclSize);
595  Offset += ROUND_UP(DaclSize, sizeof(ULONG));
596  }
597 
598  /* Make sure the size was correct */
599  ASSERT(Offset == DescriptorSize);
600  }
602  {
603  /* We failed to copy the data to the new descriptor */
606  }
607  _SEH2_END;
608 
609  /*
610  * We're finally done!
611  * Copy the pointer to the captured descriptor to to the caller.
612  */
613  *CapturedSecurityDescriptor = NewDescriptor;
614  return STATUS_SUCCESS;
615 }
616 
617 /*
618  * @implemented
619  */
621 NTSTATUS
622 NTAPI
627  _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
628 {
629  PISECURITY_DESCRIPTOR ObjectSd;
631  PSID Owner = NULL;
632  PSID Group = NULL;
633  PACL Dacl = NULL;
634  PACL Sacl = NULL;
635  ULONG OwnerLength = 0;
636  ULONG GroupLength = 0;
637  ULONG DaclLength = 0;
638  ULONG SaclLength = 0;
640  ULONG_PTR Current;
641  ULONG SdLength;
642 
643  PAGED_CODE();
644 
646 
647  if (*ObjectsSecurityDescriptor == NULL)
648  {
649  if (*Length < sizeof(SECURITY_DESCRIPTOR_RELATIVE))
650  {
653  }
654 
658  return STATUS_SUCCESS;
659  }
660 
661  ObjectSd = *ObjectsSecurityDescriptor;
662 
663  /* Calculate the required security descriptor length */
666  (ObjectSd->Owner != NULL))
667  {
668  Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
669  OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
670  Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
671  }
672 
674  (ObjectSd->Group != NULL))
675  {
676  Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
678  Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
679  }
680 
682  (ObjectSd->Control & SE_DACL_PRESENT))
683  {
684  if (ObjectSd->Dacl != NULL)
685  {
686  Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
687  DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
688  }
689 
690  Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
691  }
692 
694  (ObjectSd->Control & SE_SACL_PRESENT))
695  {
696  if (ObjectSd->Sacl != NULL)
697  {
698  Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
699  SaclLength = ROUND_UP(Sacl->AclSize, 4);
700  }
701 
702  Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
703  }
704 
705  SdLength = OwnerLength + GroupLength + DaclLength +
706  SaclLength + sizeof(SECURITY_DESCRIPTOR_RELATIVE);
707  if (*Length < SdLength)
708  {
709  *Length = SdLength;
711  }
712 
713  /* Build the new security descrtiptor */
716  RelSD->Control = Control;
717 
718  Current = (ULONG_PTR)(RelSD + 1);
719 
720  if (OwnerLength != 0)
721  {
722  RtlCopyMemory((PVOID)Current,
723  Owner,
724  OwnerLength);
725  RelSD->Owner = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
726  Current += OwnerLength;
727  }
728 
729  if (GroupLength != 0)
730  {
731  RtlCopyMemory((PVOID)Current,
732  Group,
733  GroupLength);
734  RelSD->Group = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
735  Current += GroupLength;
736  }
737 
738  if (DaclLength != 0)
739  {
740  RtlCopyMemory((PVOID)Current,
741  Dacl,
742  DaclLength);
743  RelSD->Dacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
744  Current += DaclLength;
745  }
746 
747  if (SaclLength != 0)
748  {
749  RtlCopyMemory((PVOID)Current,
750  Sacl,
751  SaclLength);
752  RelSD->Sacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
753  Current += SaclLength;
754  }
755 
756  *Length = SdLength;
757 
758  return STATUS_SUCCESS;
759 }
760 
761 /*
762  * @implemented
763  */
764 NTSTATUS
765 NTAPI
767  IN KPROCESSOR_MODE CurrentMode,
768  IN BOOLEAN CaptureIfKernelMode)
769 {
770  PAGED_CODE();
771 
772  /*
773  * WARNING! You need to call this function with the same value for CurrentMode
774  * and CaptureIfKernelMode that you previously passed to
775  * SeCaptureSecurityDescriptor() in order to avoid memory leaks!
776  */
777  if (CapturedSecurityDescriptor != NULL &&
778  (CurrentMode != KernelMode ||
779  (CurrentMode == KernelMode && CaptureIfKernelMode)))
780  {
781  /* Only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
782  ExFreePoolWithTag(CapturedSecurityDescriptor, TAG_SD);
783  }
784 
785  return STATUS_SUCCESS;
786 }
787 
788 /*
789  * @implemented
790  */
792 NTSTATUS
793 NTAPI
798  _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
801 {
802  PAGED_CODE();
803 
807  ObjectsSecurityDescriptor,
808  0,
809  PoolType,
811 }
812 
813 /*
814  * @implemented
815  */
817 NTSTATUS
818 NTAPI
821  _In_ PSECURITY_INFORMATION _SecurityInformation,
822  _In_ PSECURITY_DESCRIPTOR _SecurityDescriptor,
823  _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
824  _In_ ULONG AutoInheritFlags,
827 {
830  PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
831  PSID Owner;
832  PSID Group;
833  PACL Dacl;
834  PACL Sacl;
835  ULONG OwnerLength;
837  ULONG DaclLength;
838  ULONG SaclLength;
840  ULONG Current;
842 
843  PAGED_CODE();
844 
845  ObjectSd = *ObjectsSecurityDescriptor;
846 
847  /* The object does not have a security descriptor. */
848  if (!ObjectSd)
850 
851  ASSERT(ObjectSd->Control & SE_SELF_RELATIVE);
852 
853  SecurityInformation = *_SecurityInformation;
854 
855  /* Get owner and owner size */
857  {
860  }
861  else
862  {
863  Owner = SepGetOwnerFromDescriptor(ObjectSd);
864  Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
865  }
866  OwnerLength = Owner ? RtlLengthSid(Owner) : 0;
867  ASSERT(OwnerLength % sizeof(ULONG) == 0);
868 
869  /* Get group and group size */
871  {
874  }
875  else
876  {
877  Group = SepGetGroupFromDescriptor(ObjectSd);
878  Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
879  }
881  ASSERT(GroupLength % sizeof(ULONG) == 0);
882 
883  /* Get DACL and DACL size */
885  {
888  }
889  else
890  {
891  Dacl = SepGetDaclFromDescriptor(ObjectSd);
892  Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
893  }
894  DaclLength = Dacl ? ROUND_UP((ULONG)Dacl->AclSize, 4) : 0;
895 
896  /* Get SACL and SACL size */
898  {
901  }
902  else
903  {
904  Sacl = SepGetSaclFromDescriptor(ObjectSd);
905  Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
906  }
907  SaclLength = Sacl ? ROUND_UP((ULONG)Sacl->AclSize, 4) : 0;
908 
911  OwnerLength + GroupLength +
912  DaclLength + SaclLength,
913  TAG_SD);
914  if (NewSd == NULL)
915  {
917  }
918 
920 
921  Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
922 
923  if (OwnerLength != 0)
924  {
925  RtlCopyMemory((PUCHAR)NewSd + Current, Owner, OwnerLength);
926  NewSd->Owner = Current;
927  Current += OwnerLength;
928  }
929 
930  if (GroupLength != 0)
931  {
932  RtlCopyMemory((PUCHAR)NewSd + Current, Group, GroupLength);
933  NewSd->Group = Current;
934  Current += GroupLength;
935  }
936 
937  if (DaclLength != 0)
938  {
939  RtlCopyMemory((PUCHAR)NewSd + Current, Dacl, DaclLength);
940  NewSd->Dacl = Current;
941  Current += DaclLength;
942  }
943 
944  if (SaclLength != 0)
945  {
946  RtlCopyMemory((PUCHAR)NewSd + Current, Sacl, SaclLength);
947  NewSd->Sacl = Current;
948  Current += SaclLength;
949  }
950 
951  *ObjectsSecurityDescriptor = NewSd;
952  return STATUS_SUCCESS;
953 }
954 
955 
956 /*
957  * @implemented
958  */
961  IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
962 {
963  ULONG SdLength;
964  PISID Sid;
965  PACL Acl;
967 
969  {
970  DPRINT1("Invalid Security Descriptor revision\n");
971  return FALSE;
972  }
973 
975  {
976  DPRINT1("Invalid Security Descriptor revision\n");
977  return FALSE;
978  }
979 
980  if (!(SecurityDescriptor->Control & SE_SELF_RELATIVE))
981  {
982  DPRINT1("No self-relative Security Descriptor\n");
983  return FALSE;
984  }
985 
986  SdLength = sizeof(SECURITY_DESCRIPTOR);
987 
988  /* Check Owner SID */
989  if (!SecurityDescriptor->Owner)
990  {
991  DPRINT1("No Owner SID\n");
992  return FALSE;
993  }
994 
995  if (SecurityDescriptor->Owner % sizeof(ULONG))
996  {
997  DPRINT1("Invalid Owner SID alignment\n");
998  return FALSE;
999  }
1000 
1002  if (Sid->Revision != SID_REVISION)
1003  {
1004  DPRINT1("Invalid Owner SID revision\n");
1005  return FALSE;
1006  }
1007 
1008  SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
1009  if (Length < SdLength)
1010  {
1011  DPRINT1("Invalid Owner SID size\n");
1012  return FALSE;
1013  }
1014 
1015  /* Check Group SID */
1016  if (SecurityDescriptor->Group)
1017  {
1018  if (SecurityDescriptor->Group % sizeof(ULONG))
1019  {
1020  DPRINT1("Invalid Group SID alignment\n");
1021  return FALSE;
1022  }
1023 
1025  if (Sid->Revision != SID_REVISION)
1026  {
1027  DPRINT1("Invalid Group SID revision\n");
1028  return FALSE;
1029  }
1030 
1031  SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
1032  if (Length < SdLength)
1033  {
1034  DPRINT1("Invalid Group SID size\n");
1035  return FALSE;
1036  }
1037  }
1038 
1039  /* Check DACL */
1040  if (SecurityDescriptor->Dacl)
1041  {
1042  if (SecurityDescriptor->Dacl % sizeof(ULONG))
1043  {
1044  DPRINT1("Invalid DACL alignment\n");
1045  return FALSE;
1046  }
1047 
1049  if ((Acl->AclRevision < MIN_ACL_REVISION) ||
1050  (Acl->AclRevision > MAX_ACL_REVISION))
1051  {
1052  DPRINT1("Invalid DACL revision\n");
1053  return FALSE;
1054  }
1055 
1056  SdLength += Acl->AclSize;
1057  if (Length < SdLength)
1058  {
1059  DPRINT1("Invalid DACL size\n");
1060  return FALSE;
1061  }
1062  }
1063 
1064  /* Check SACL */
1065  if (SecurityDescriptor->Sacl)
1066  {
1067  if (SecurityDescriptor->Sacl % sizeof(ULONG))
1068  {
1069  DPRINT1("Invalid SACL alignment\n");
1070  return FALSE;
1071  }
1072 
1074  if ((Acl->AclRevision < MIN_ACL_REVISION) ||
1075  (Acl->AclRevision > MAX_ACL_REVISION))
1076  {
1077  DPRINT1("Invalid SACL revision\n");
1078  return FALSE;
1079  }
1080 
1081  SdLength += Acl->AclSize;
1082  if (Length < SdLength)
1083  {
1084  DPRINT1("Invalid SACL size\n");
1085  return FALSE;
1086  }
1087  }
1088 
1089  return TRUE;
1090 }
1091 
1092 /*
1093  * @implemented
1094  */
1096 NTSTATUS
1097 NTAPI
1098 SeDeassignSecurity(
1100 {
1101  PAGED_CODE();
1102 
1103  if (*SecurityDescriptor != NULL)
1104  {
1107  }
1108 
1109  return STATUS_SUCCESS;
1110 }
1111 
1112 /*
1113  * @implemented
1114  */
1116 NTSTATUS
1117 NTAPI
1119  _In_opt_ PSECURITY_DESCRIPTOR _ParentDescriptor,
1120  _In_opt_ PSECURITY_DESCRIPTOR _ExplicitDescriptor,
1124  _In_ ULONG AutoInheritFlags,
1128 {
1129  PISECURITY_DESCRIPTOR ParentDescriptor = _ParentDescriptor;
1130  PISECURITY_DESCRIPTOR ExplicitDescriptor = _ExplicitDescriptor;
1132  PTOKEN Token;
1133  ULONG OwnerLength;
1135  ULONG DaclLength;
1136  ULONG SaclLength;
1137  ULONG Length;
1139  ULONG Current;
1140  PSID Owner = NULL;
1141  PSID Group = NULL;
1142  PACL ExplicitAcl;
1143  BOOLEAN ExplicitPresent;
1144  BOOLEAN ExplicitDefaulted;
1145  PACL ParentAcl;
1146  PACL Dacl = NULL;
1147  PACL Sacl = NULL;
1148  BOOLEAN DaclIsInherited;
1149  BOOLEAN SaclIsInherited;
1152  NTSTATUS Status;
1153 
1155  DBG_UNREFERENCED_PARAMETER(AutoInheritFlags);
1157 
1158  PAGED_CODE();
1159 
1160  *NewDescriptor = NULL;
1161 
1163  {
1164  return STATUS_NO_TOKEN;
1165  }
1166 
1167  /* Lock subject context */
1169 
1170  if (SubjectContext->ClientToken != NULL)
1171  {
1172  Token = SubjectContext->ClientToken;
1173  }
1174  else
1175  {
1176  Token = SubjectContext->PrimaryToken;
1177  }
1178 
1179  /* Inherit the Owner SID */
1180  if (ExplicitDescriptor != NULL)
1181  {
1182  DPRINT("Use explicit owner sid!\n");
1184  }
1185  if (!Owner)
1186  {
1187  if (AutoInheritFlags & 0x20 /* FIXME: SEF_DEFAULT_OWNER_FROM_PARENT */)
1188  {
1189  DPRINT("Use parent owner sid!\n");
1190  if (!ARGUMENT_PRESENT(ParentDescriptor))
1191  {
1193  return STATUS_INVALID_OWNER;
1194  }
1195 
1196  Owner = SepGetOwnerFromDescriptor(ParentDescriptor);
1197  if (!Owner)
1198  {
1200  return STATUS_INVALID_OWNER;
1201  }
1202  }
1203  else
1204  {
1205  DPRINT("Use token owner sid!\n");
1206  Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
1207  }
1208  }
1209  OwnerLength = RtlLengthSid(Owner);
1210  ASSERT(OwnerLength % sizeof(ULONG) == 0);
1211 
1212  /* Inherit the Group SID */
1213  if (ExplicitDescriptor != NULL)
1214  {
1216  }
1217  if (!Group)
1218  {
1219  if (AutoInheritFlags & 0x40 /* FIXME: SEF_DEFAULT_GROUP_FROM_PARENT */)
1220  {
1221  DPRINT("Use parent group sid!\n");
1222  if (!ARGUMENT_PRESENT(ParentDescriptor))
1223  {
1226  }
1227 
1228  Group = SepGetGroupFromDescriptor(ParentDescriptor);
1229  if (!Group)
1230  {
1233  }
1234  }
1235  else
1236  {
1237  DPRINT("Use token group sid!\n");
1238  Group = Token->PrimaryGroup;
1239  }
1240  }
1241  if (!Group)
1242  {
1245  }
1247  ASSERT(GroupLength % sizeof(ULONG) == 0);
1248 
1249  /* Inherit the DACL */
1250  DaclLength = 0;
1251  ExplicitAcl = NULL;
1252  ExplicitPresent = FALSE;
1253  ExplicitDefaulted = FALSE;
1254  if (ExplicitDescriptor != NULL &&
1256  {
1258  ExplicitPresent = TRUE;
1260  ExplicitDefaulted = TRUE;
1261  }
1262  ParentAcl = NULL;
1263  if (ParentDescriptor != NULL &&
1264  (ParentDescriptor->Control & SE_DACL_PRESENT))
1265  {
1266  ParentAcl = SepGetDaclFromDescriptor(ParentDescriptor);
1267  }
1268  Dacl = SepSelectAcl(ExplicitAcl,
1269  ExplicitPresent,
1270  ExplicitDefaulted,
1271  ParentAcl,
1272  Token->DefaultDacl,
1273  &DaclLength,
1274  Owner,
1275  Group,
1276  &DaclPresent,
1277  &DaclIsInherited,
1279  GenericMapping);
1280  if (DaclPresent)
1282  ASSERT(DaclLength % sizeof(ULONG) == 0);
1283 
1284  /* Inherit the SACL */
1285  SaclLength = 0;
1286  ExplicitAcl = NULL;
1287  ExplicitPresent = FALSE;
1288  ExplicitDefaulted = FALSE;
1289  if (ExplicitDescriptor != NULL &&
1291  {
1293  ExplicitPresent = TRUE;
1295  ExplicitDefaulted = TRUE;
1296  }
1297  ParentAcl = NULL;
1298  if (ParentDescriptor != NULL &&
1299  (ParentDescriptor->Control & SE_SACL_PRESENT))
1300  {
1301  ParentAcl = SepGetSaclFromDescriptor(ParentDescriptor);
1302  }
1303  Sacl = SepSelectAcl(ExplicitAcl,
1304  ExplicitPresent,
1305  ExplicitDefaulted,
1306  ParentAcl,
1307  NULL,
1308  &SaclLength,
1309  Owner,
1310  Group,
1311  &SaclPresent,
1312  &SaclIsInherited,
1314  GenericMapping);
1315  if (SaclPresent)
1317  ASSERT(SaclLength % sizeof(ULONG) == 0);
1318 
1319  /* Allocate and initialize the new security descriptor */
1321  OwnerLength + GroupLength + DaclLength + SaclLength;
1322 
1323  DPRINT("L: sizeof(SECURITY_DESCRIPTOR) %u OwnerLength %lu GroupLength %lu DaclLength %lu SaclLength %lu\n",
1324  sizeof(SECURITY_DESCRIPTOR),
1325  OwnerLength,
1326  GroupLength,
1327  DaclLength,
1328  SaclLength);
1329 
1331  if (Descriptor == NULL)
1332  {
1333  DPRINT1("ExAlloctePool() failed\n");
1336  }
1337 
1340 
1341  Descriptor->Control = Control | SE_SELF_RELATIVE;
1342 
1343  Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1344 
1345  if (SaclLength != 0)
1346  {
1347  Status = SepPropagateAcl((PACL)((PUCHAR)Descriptor + Current),
1348  &SaclLength,
1349  Sacl,
1350  Owner,
1351  Group,
1352  SaclIsInherited,
1354  GenericMapping);
1356  Descriptor->Sacl = Current;
1357  Current += SaclLength;
1358  }
1359 
1360  if (DaclLength != 0)
1361  {
1362  Status = SepPropagateAcl((PACL)((PUCHAR)Descriptor + Current),
1363  &DaclLength,
1364  Dacl,
1365  Owner,
1366  Group,
1367  DaclIsInherited,
1369  GenericMapping);
1371  Descriptor->Dacl = Current;
1372  Current += DaclLength;
1373  }
1374 
1375  if (OwnerLength != 0)
1376  {
1377  RtlCopyMemory((PUCHAR)Descriptor + Current, Owner, OwnerLength);
1378  Descriptor->Owner = Current;
1379  Current += OwnerLength;
1380  DPRINT("Owner of %p at %x\n", Descriptor, Descriptor->Owner);
1381  }
1382  else
1383  {
1384  DPRINT("Owner of %p is zero length\n", Descriptor);
1385  }
1386 
1387  if (GroupLength != 0)
1388  {
1390  Descriptor->Group = Current;
1391  }
1392 
1393  /* Unlock subject context */
1395 
1397 
1398  DPRINT("Descriptor %p\n", Descriptor);
1400 
1401  return STATUS_SUCCESS;
1402 }
1403 
1404 /*
1405  * @implemented
1406  */
1408 NTSTATUS
1409 NTAPI
1410 SeAssignSecurity(
1411  _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor,
1418 {
1419  PAGED_CODE();
1420 
1421  return SeAssignSecurityEx(ParentDescriptor,
1423  NewDescriptor,
1424  NULL,
1426  0,
1429  PoolType);
1430 }
1431 
1432 /*
1433  * @implemented
1434  */
1436 NTSTATUS
1437 NTAPI
1440  _Out_ PULONG QuotaInfoSize)
1441 {
1442  PSID Group;
1443  PACL Dacl;
1444 
1445  PAGED_CODE();
1446 
1447  *QuotaInfoSize = 0;
1448 
1449  /* Validate security descriptor revision */
1451  {
1452  return STATUS_UNKNOWN_REVISION;
1453  }
1454 
1455  /* Get group and DACL, if any */
1458 
1459  /* Return SID length if any */
1460  if (Group != NULL)
1461  {
1462  *QuotaInfoSize = ALIGN_UP_BY(RtlLengthSid(Group), sizeof(ULONG));
1463  }
1464 
1465  /* Return DACL if any */
1466  if (Dacl != NULL)
1467  {
1468  *QuotaInfoSize += ALIGN_UP_BY(Dacl->AclSize, sizeof(ULONG));
1469  }
1470 
1471  return STATUS_SUCCESS;
1472 }
1473 
1474 /* EOF */
NTSTATUS NTAPI SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation, PISECURITY_DESCRIPTOR SecurityDescriptor, PULONG BufferLength)
Definition: sd.c:119
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
ObjectType
Definition: metafile.c:80
#define IN
Definition: typedefs.h:38
#define SE_SACL_PRESENT
Definition: setypes.h:769
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
BOOLEAN INIT_FUNCTION NTAPI SepInitSDs(VOID)
Definition: sd.c:34
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
#define GENERIC_ALL
Definition: nt_native.h:92
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
Definition: sefuncs.h:29
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:24
#define ProbeForReadUchar(Ptr)
Definition: probe.h:61
#define SECURITY_DESCRIPTOR_MIN_LENGTH
Definition: setypes.h:761
NTSTATUS NTAPI SeComputeQuotaInformationSize(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
Definition: sd.c:211
struct _SID SID
#define MAX_ACL_REVISION
Definition: setypes.h:47
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:323
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
USHORT AclSize
Definition: ms-dtyp.idl:296
#define DBG_UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:325
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:22
PACL SeSystemDefaultDacl
Definition: acl.c:23
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:27
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
_In_opt_ PSID Group
Definition: rtlfuncs.h:1606
unsigned char * PUCHAR
Definition: retypes.h:3
#define SID_REVISION
Definition: setypes.h:453
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI RtlCreateSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:117
NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(IN PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:139
struct _SECURITY_QUALITY_OF_SERVICE * PSECURITY_QUALITY_OF_SERVICE
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SE_DACL_PRESENT
Definition: setypes.h:767
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:24
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
_In_ ULONG Revision
Definition: rtlfuncs.h:1104
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
#define PAGED_CODE()
Definition: video.h:57
_In_ BOOLEAN DaclPresent
Definition: rtlfuncs.h:1595
#define _In_opt_
Definition: no_sal2.h:213
VOID NTAPI SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sd.c:367
static ULONG DetermineACLSize(PACL Acl, KPROCESSOR_MODE ProcessorMode)
Definition: sd.c:415
#define SE_OWNER_DEFAULTED
Definition: setypes.h:765
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:766
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
_SEH2_TRY
Definition: create.c:4250
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN DaclPresent, IN PACL Dacl, IN BOOLEAN DaclDefaulted)
Definition: sd.c:303
uint32_t ULONG_PTR
Definition: typedefs.h:63
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
_In_ ULONG BufferLength
Definition: usbdlib.h:225
PACL SePublicOpenDacl
Definition: acl.c:25
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
struct _SID * PISID
FORCEINLINE PACL SepGetSaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:88
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
_Out_ PBOOLEAN SaclPresent
Definition: rtlfuncs.h:2415
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned char BOOLEAN
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
#define _Out_writes_bytes_(size)
Definition: no_sal2.h:370
#define _Out_
Definition: no_sal2.h:323
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
void DPRINT(...)
Definition: polytest.cpp:61
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1555
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define STATUS_INVALID_SID
Definition: ntstatus.h:342
#define TAG_SD
Definition: tag.h:176
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
#define SE_DACL_DEFAULTED
Definition: setypes.h:768
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:25
struct _ACL * PACL
Definition: security.c:104
FORCEINLINE PSID SepGetOwnerFromDescriptor(PVOID _Descriptor)
Definition: se.h:48
#define STATUS_INVALID_PRIMARY_GROUP
Definition: ntstatus.h:313
_IRQL_requires_max_(PASSIVE_LEVEL)
Definition: sd.c:620
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311
INT POOL_TYPE
Definition: typedefs.h:76
#define ARGUMENT_PRESENT(ArgumentPointer)
#define MIN_ACL_REVISION
Definition: setypes.h:46
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define _Inout_
Definition: no_sal2.h:244
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
#define STATUS_NO_SECURITY_ON_OBJECT
Definition: ntstatus.h:437
#define STATUS_NO_TOKEN
Definition: ntstatus.h:346
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
static IUnknown Object
Definition: main.c:512
struct _SID * PSID
Definition: eventlog.c:35
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
char * PBOOLEAN
Definition: retypes.h:11
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359
#define PASSIVE_LEVEL
Definition: env_spec_w32.h:693
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
PSID SeWorldSid
Definition: sid.c:31
#define SE_GROUP_DEFAULTED
Definition: setypes.h:766
static const WCHAR Control[]
Definition: interface.c:27
Status
Definition: gdiplustypes.h:24
FORCEINLINE PSID SepGetGroupFromDescriptor(PVOID _Descriptor)
Definition: se.h:29
#define _In_
Definition: no_sal2.h:204
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:23
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ ULONG AutoInheritFlags, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
UCHAR AclRevision
Definition: ms-dtyp.idl:294
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:67
_SEH2_END
Definition: create.c:4424
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
PACL SePublicDefaultDacl
Definition: acl.c:22
#define STATUS_INVALID_ACL
Definition: ntstatus.h:341
BOOLEAN NTAPI SeValidSecurityDescriptor(IN ULONG Length, IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
Definition: sd.c:960
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1557
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
unsigned int * PULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1557
#define STATUS_INVALID_OWNER
Definition: ntstatus.h:312
#define DPRINT1
Definition: precomp.h:8
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1553
#define ACL_REVISION
Definition: setypes.h:39
#define OUT
Definition: typedefs.h:39
PACL SeUnrestrictedDacl
Definition: acl.c:27
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:26
unsigned int ULONG
Definition: retypes.h:1
#define ProbeForReadUshort(Ptr)
Definition: probe.h:63
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
#define ULONG_PTR
Definition: config.h:101
#define ALIGN_UP_BY(size, align)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1555
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
#define TAG_QOS
Definition: tag.h:177
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
BYTE Revision
Definition: ms-dtyp.idl:199
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:434
_In_ ULONG _In_ CONST SOCKADDR _In_ int GroupLength
Definition: ws2tcpip.h:710
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:26
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
#define SE_SACL_DEFAULTED
Definition: setypes.h:770
return STATUS_SUCCESS
Definition: btrfs.c:2725
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444
#define SECURITY_DESCRIPTOR_REVISION1
Definition: setypes.h:59
ULONG NTAPI RtlLengthSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: sd.c:161
Definition: rtltypes.h:988
#define STATUS_UNKNOWN_REVISION
Definition: ntstatus.h:310
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
static ULONG DetermineSIDSize(PISID Sid, PULONG OutSAC, KPROCESSOR_MODE ProcessorMode)
Definition: sd.c:384
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Definition: acl.c:591
_In_ PSTORAGE_PROPERTY_ID _Outptr_ PSTORAGE_DESCRIPTOR_HEADER * Descriptor
Definition: classpnp.h:966
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68