ReactOS  0.4.15-dev-1150-g593bcce
cmse.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: GPL - See COPYING in the top level directory
4  * FILE: ntoskrnl/config/cmse.c
5  * PURPOSE: Configuration Manager - Security Subsystem Interface
6  * PROGRAMMERS: Alex Ionescu (alex.ionescu@reactos.org)
7  */
8 
9 /* INCLUDES ******************************************************************/
10 
11 #include "ntoskrnl.h"
12 #define NDEBUG
13 #include "debug.h"
14 
15 /* GLOBALS *******************************************************************/
16 
17 /* FUNCTIONS *****************************************************************/
18 
19 PSECURITY_DESCRIPTOR
20 NTAPI
21 CmpHiveRootSecurityDescriptor(VOID)
22 {
23  NTSTATUS Status;
24  PSECURITY_DESCRIPTOR SecurityDescriptor;
25  PACL Acl, AclCopy;
26  PSID Sid[4];
27  SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
28  SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
29  ULONG AceLength, AclLength, SidLength;
30  PACE_HEADER AceHeader;
31  ULONG i;
32  PAGED_CODE();
33 
34  /* Phase 1: Allocate SIDs */
35  SidLength = RtlLengthRequiredSid(1);
36  Sid[0] = ExAllocatePoolWithTag(PagedPool, SidLength, TAG_CMSD);
37  Sid[1] = ExAllocatePoolWithTag(PagedPool, SidLength, TAG_CMSD);
38  Sid[2] = ExAllocatePoolWithTag(PagedPool, SidLength, TAG_CMSD);
39  SidLength = RtlLengthRequiredSid(2);
40  Sid[3] = ExAllocatePoolWithTag(PagedPool, SidLength, TAG_CMSD);
41 
42  /* Make sure all SIDs were allocated */
43  if (!(Sid[0]) || !(Sid[1]) || !(Sid[2]) || !(Sid[3]))
44  {
45  /* Bugcheck */
46  KeBugCheckEx(REGISTRY_ERROR, 11, 1, 0, 0);
47  }
48 
49  /* Phase 2: Initialize all SIDs */
50  Status = RtlInitializeSid(Sid[0], &WorldAuthority, 1);
51  Status |= RtlInitializeSid(Sid[1], &NtAuthority, 1);
52  Status |= RtlInitializeSid(Sid[2], &NtAuthority, 1);
53  Status |= RtlInitializeSid(Sid[3], &NtAuthority, 2);
54  if (!NT_SUCCESS(Status)) KeBugCheckEx(REGISTRY_ERROR, 11, 2, 0, 0);
55 
56  /* Phase 2: Setup SID Sub Authorities */
57  *RtlSubAuthoritySid(Sid[0], 0) = SECURITY_WORLD_RID;
58  *RtlSubAuthoritySid(Sid[1], 0) = SECURITY_RESTRICTED_CODE_RID;
59  *RtlSubAuthoritySid(Sid[2], 0) = SECURITY_LOCAL_SYSTEM_RID;
60  *RtlSubAuthoritySid(Sid[3], 0) = SECURITY_BUILTIN_DOMAIN_RID;
61  *RtlSubAuthoritySid(Sid[3], 1) = DOMAIN_ALIAS_RID_ADMINS;
62 
63  /* Make sure all SIDs are valid */
64  ASSERT(RtlValidSid(Sid[0]));
65  ASSERT(RtlValidSid(Sid[1]));
66  ASSERT(RtlValidSid(Sid[2]));
67  ASSERT(RtlValidSid(Sid[3]));
68 
69  /* Phase 3: Calculate ACL Length */
70  AclLength = sizeof(ACL);
71  for (i = 0; i < 4; i++)
72  {
73  /* This is what MSDN says to do */
74  AceLength = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart);
75  AceLength += SeLengthSid(Sid[i]);
76  AclLength += AceLength;
77  }
78 
79  /* Phase 3: Allocate the ACL */
80  Acl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_CMSD);
81  if (!Acl) KeBugCheckEx(REGISTRY_ERROR, 11, 3, 0, 0);
82 
83  /* Phase 4: Create the ACL */
84  Status = RtlCreateAcl(Acl, AclLength, ACL_REVISION);
85  if (!NT_SUCCESS(Status)) KeBugCheckEx(REGISTRY_ERROR, 11, 4, Status, 0);
86 
87  /* Phase 5: Build the ACL */
88  Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION, KEY_ALL_ACCESS, Sid[2]);
89  Status |= RtlAddAccessAllowedAce(Acl, ACL_REVISION, KEY_ALL_ACCESS, Sid[3]);
90  Status |= RtlAddAccessAllowedAce(Acl, ACL_REVISION, KEY_READ, Sid[0]);
91  Status |= RtlAddAccessAllowedAce(Acl, ACL_REVISION, KEY_READ, Sid[1]);
92  if (!NT_SUCCESS(Status)) KeBugCheckEx(REGISTRY_ERROR, 11, 5, Status, 0);
93 
94  /* Phase 5: Make the ACEs inheritable */
95  Status = RtlGetAce(Acl, 0, (PVOID*)&AceHeader);
96  ASSERT(NT_SUCCESS(Status));
97  AceHeader->AceFlags |= CONTAINER_INHERIT_ACE;
98  Status = RtlGetAce(Acl, 1, (PVOID*)&AceHeader);
99  ASSERT(NT_SUCCESS(Status));
100  AceHeader->AceFlags |= CONTAINER_INHERIT_ACE;
101  Status = RtlGetAce(Acl, 2, (PVOID*)&AceHeader);
102  ASSERT(NT_SUCCESS(Status));
103  AceHeader->AceFlags |= CONTAINER_INHERIT_ACE;
104  Status = RtlGetAce(Acl, 3, (PVOID*)&AceHeader);
105  ASSERT(NT_SUCCESS(Status));
106  AceHeader->AceFlags |= CONTAINER_INHERIT_ACE;
107 
108  /* Phase 6: Allocate the security descriptor and make space for the ACL */
109  SecurityDescriptor = ExAllocatePoolWithTag(PagedPool,
110  sizeof(SECURITY_DESCRIPTOR) +
111  AclLength,
112  TAG_CMSD);
113  if (!SecurityDescriptor) KeBugCheckEx(REGISTRY_ERROR, 11, 6, 0, 0);
114 
115  /* Phase 6: Make a copy of the ACL */
116  AclCopy = (PACL)((PISECURITY_DESCRIPTOR)SecurityDescriptor + 1);
117  RtlCopyMemory(AclCopy, Acl, AclLength);
118 
119  /* Phase 7: Create the security descriptor */
120  Status = RtlCreateSecurityDescriptor(SecurityDescriptor,
121  SECURITY_DESCRIPTOR_REVISION);
122  if (!NT_SUCCESS(Status)) KeBugCheckEx(REGISTRY_ERROR, 11, 7, Status, 0);
123 
124  /* Phase 8: Set the ACL as a DACL */
125  Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor,
126  TRUE,
127  AclCopy,
128  FALSE);
129  if (!NT_SUCCESS(Status)) KeBugCheckEx(REGISTRY_ERROR, 11, 8, Status, 0);
130 
131  /* Free the SIDs and original ACL */
132  for (i = 0; i < 4; i++) ExFreePoolWithTag(Sid[i], TAG_CMSD);
133  ExFreePoolWithTag(Acl, TAG_CMSD);
134 
135  /* Return the security descriptor */
136  return SecurityDescriptor;
137 }
138 
139 NTSTATUS
140 CmpQuerySecurityDescriptor(IN PCM_KEY_CONTROL_BLOCK Kcb,
141  IN SECURITY_INFORMATION SecurityInformation,
142  OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
143  IN OUT PULONG BufferLength)
144 {
145  PISECURITY_DESCRIPTOR_RELATIVE RelSd;
146  ULONG SidSize;
147  ULONG AclSize;
148  ULONG SdSize;
149  NTSTATUS Status;
150  SECURITY_DESCRIPTOR_CONTROL Control = 0;
151  ULONG Owner = 0;
152  ULONG Group = 0;
153  ULONG Dacl = 0;
154 
155  DBG_UNREFERENCED_PARAMETER(Kcb);
156 
157  DPRINT("CmpQuerySecurityDescriptor()\n");
158 
159  if (SecurityInformation == 0)
160  {
161  return STATUS_ACCESS_DENIED;
162  }
163 
164  SidSize = RtlLengthSid(SeWorldSid);
165  RelSd = SecurityDescriptor;
166  SdSize = sizeof(*RelSd);
167 
168  if (SecurityInformation & OWNER_SECURITY_INFORMATION)
169  {
170  Owner = SdSize;
171  SdSize += SidSize;
172  }
173 
174  if (SecurityInformation & GROUP_SECURITY_INFORMATION)
175  {
176  Group = SdSize;
177  SdSize += SidSize;
178  }
179 
180  if (SecurityInformation & DACL_SECURITY_INFORMATION)
181  {
182  Control |= SE_DACL_PRESENT;
183  Dacl = SdSize;
184  AclSize = sizeof(ACL) + sizeof(ACE) + SidSize;
185  SdSize += AclSize;
186  }
187 
188  if (SecurityInformation & SACL_SECURITY_INFORMATION)
189  {
190  Control |= SE_SACL_PRESENT;
191  }
192 
193  if (*BufferLength < SdSize)
194  {
195  *BufferLength = SdSize;
196  return STATUS_BUFFER_TOO_SMALL;
197  }
198 
199  *BufferLength = SdSize;
200 
201  Status = RtlCreateSecurityDescriptorRelative(RelSd,
202  SECURITY_DESCRIPTOR_REVISION);
203  if (!NT_SUCCESS(Status))
204  return Status;
205 
206  RelSd->Control |= Control;
207  RelSd->Owner = Owner;
208  RelSd->Group = Group;
209  RelSd->Dacl = Dacl;
210 
211  if (Owner)
212  RtlCopyMemory((PUCHAR)RelSd + Owner,
213  SeWorldSid,
214  SidSize);
215 
216  if (Group)
217  RtlCopyMemory((PUCHAR)RelSd + Group,
218  SeWorldSid,
219  SidSize);
220 
221  if (Dacl)
222  {
223  Status = RtlCreateAcl((PACL)((PUCHAR)RelSd + Dacl),
224  AclSize,
225  ACL_REVISION);
226  if (NT_SUCCESS(Status))
227  {
228  Status = RtlAddAccessAllowedAce((PACL)((PUCHAR)RelSd + Dacl),
229  ACL_REVISION,
230  GENERIC_ALL,
231  SeWorldSid);
232  }
233  }
234 
235  ASSERT(Status == STATUS_SUCCESS);
236  return Status;
237 }
238 
239 NTSTATUS
240 CmpSetSecurityDescriptor(IN PCM_KEY_CONTROL_BLOCK Kcb,
241  IN PSECURITY_INFORMATION SecurityInformation,
242  IN PSECURITY_DESCRIPTOR SecurityDescriptor,
243  IN POOL_TYPE PoolType,
244  IN PGENERIC_MAPPING GenericMapping)
245 {
246  DPRINT("CmpSetSecurityDescriptor()\n");
247  return STATUS_SUCCESS;
248 }
249 
250 NTSTATUS
251 CmpAssignSecurityDescriptor(IN PCM_KEY_CONTROL_BLOCK Kcb,
252  IN PSECURITY_DESCRIPTOR SecurityDescriptor)
253 {
254  DPRINT("CmpAssignSecurityDescriptor(%p %p)\n",
255  Kcb, SecurityDescriptor);
256  return STATUS_SUCCESS;
257 }
258 
259 NTSTATUS
260 NTAPI
261 CmpSecurityMethod(IN PVOID ObjectBody,
262  IN SECURITY_OPERATION_CODE OperationCode,
263  IN PSECURITY_INFORMATION SecurityInformation,
264  IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
265  IN OUT PULONG BufferLength,
266  IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
267  IN POOL_TYPE PoolType,
268  IN PGENERIC_MAPPING GenericMapping)
269 {
270  PCM_KEY_CONTROL_BLOCK Kcb;
271  NTSTATUS Status = STATUS_SUCCESS;
272 
273  DBG_UNREFERENCED_PARAMETER(OldSecurityDescriptor);
274  DBG_UNREFERENCED_PARAMETER(GenericMapping);
275 
276  Kcb = ((PCM_KEY_BODY)ObjectBody)->KeyControlBlock;
277 
278  /* Acquire the hive lock */
279  CmpLockRegistry();
280 
281  /* Acquire the KCB lock */
282  if (OperationCode == QuerySecurityDescriptor)
283  {
284  CmpAcquireKcbLockShared(Kcb);
285  }
286  else
287  {
288  CmpAcquireKcbLockExclusive(Kcb);
289  }
290 
291  /* Don't touch deleted keys */
292  if (Kcb->Delete)
293  {
294  /* Release the KCB lock */
295  CmpReleaseKcbLock(Kcb);
296 
297  /* Release the hive lock */
298  CmpUnlockRegistry();
299  return STATUS_KEY_DELETED;
300  }
301 
302  switch (OperationCode)
303  {
304  case SetSecurityDescriptor:
305  DPRINT("Set security descriptor\n");
306  ASSERT((PoolType == PagedPool) || (PoolType == NonPagedPool));
307  Status = CmpSetSecurityDescriptor(Kcb,
308  SecurityInformation,
309  SecurityDescriptor,
310  PoolType,
311  GenericMapping);
312  break;
313 
314  case QuerySecurityDescriptor:
315  DPRINT("Query security descriptor\n");
316  Status = CmpQuerySecurityDescriptor(Kcb,
317  *SecurityInformation,
318  SecurityDescriptor,
319  BufferLength);
320  break;
321 
322  case DeleteSecurityDescriptor:
323  DPRINT("Delete security descriptor\n");
324  /* HACK */
325  break;
326 
327  case AssignSecurityDescriptor:
328  DPRINT("Assign security descriptor\n");
329  Status = CmpAssignSecurityDescriptor(Kcb,
330  SecurityDescriptor);
331  break;
332 
333  default:
334  KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0);
335  }
336 
337  /* Release the KCB lock */
338  CmpReleaseKcbLock(Kcb);
339 
340  /* Release the hive lock */
341  CmpUnlockRegistry();
342 
343  return Status;
344 }
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
IN
#define IN
Definition: typedefs.h:39
SE_SACL_PRESENT
#define SE_SACL_PRESENT
Definition: setypes.h:769
GENERIC_ALL
#define GENERIC_ALL
Definition: nt_native.h:92
SECURITY_LOCAL_SYSTEM_RID
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
RtlCopyMemory
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
BufferLength
_In_ PSCSI_REQUEST_BLOCK _In_opt_ PVOID _In_ ULONG BufferLength
Definition: cdrom.h:989
CmpSecurityMethod
NTSTATUS NTAPI CmpSecurityMethod(IN PVOID ObjectBody, IN SECURITY_OPERATION_CODE OperationCode, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG BufferLength, IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
Definition: cmse.c:261
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:782
_SECURITY_DESCRIPTOR_RELATIVE::Group
$ULONG Group
Definition: setypes.h:787
RtlCreateSecurityDescriptorRelative
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(_Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, _In_ ULONG Revision)
_SID
Definition: ms-dtyp.idl:198
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
KEY_READ
#define KEY_READ
Definition: nt_native.h:1023
TRUE
#define TRUE
Definition: types.h:120
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
DBG_UNREFERENCED_PARAMETER
#define DBG_UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:319
_ACL
Definition: ms-dtyp.idl:293
_SECURITY_DESCRIPTOR_RELATIVE::Dacl
$ULONG Dacl
Definition: setypes.h:789
Group
_In_opt_ PSID Group
Definition: rtlfuncs.h:1605
PUCHAR
unsigned char * PUCHAR
Definition: retypes.h:3
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
WorldAuthority
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
RtlSubAuthoritySid
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
CmpQuerySecurityDescriptor
NTSTATUS CmpQuerySecurityDescriptor(IN PCM_KEY_CONTROL_BLOCK Kcb, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG BufferLength)
Definition: cmse.c:140
GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
RtlGetAce
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)
RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
SE_DACL_PRESENT
#define SE_DACL_PRESENT
Definition: setypes.h:767
RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
RtlSetDaclSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
CmpAcquireKcbLockShared
#define CmpAcquireKcbLockShared(k)
Definition: cm_x.h:121
_CM_KEY_CONTROL_BLOCK::Delete
ULONG Delete
Definition: cm.h:267
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
CmpHiveRootSecurityDescriptor
PSECURITY_DESCRIPTOR NTAPI CmpHiveRootSecurityDescriptor(VOID)
Definition: cmse.c:21
RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
RtlInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
FALSE
#define FALSE
Definition: types.h:117
SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
SECURITY_DESCRIPTOR_CONTROL
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
ACL
struct _ACL ACL
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
DPRINT
void DPRINT(...)
Definition: polytest.cpp:61
SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
STATUS_KEY_DELETED
#define STATUS_KEY_DELETED
Definition: ntstatus.h:613
CmpReleaseKcbLock
FORCEINLINE VOID CmpReleaseKcbLock(PCM_KEY_CONTROL_BLOCK Kcb)
Definition: cm_x.h:169
RtlValidSid
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
_ACE_HEADER
Definition: ms-dtyp.idl:209
PACL
struct _ACL * PACL
Definition: security.c:104
_CM_KEY_CONTROL_BLOCK
Definition: cm.h:259
CONTAINER_INHERIT_ACE
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:715
SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
_GENERIC_MAPPING
Definition: nt_native.h:564
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
PSECURITY_INFORMATION
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311
SECURITY_WORLD_SID_AUTHORITY
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:78
CmpUnlockRegistry
VOID NTAPI CmpUnlockRegistry(VOID)
Definition: cmsysini.c:1993
SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
SECURITY_WORLD_RID
#define SECURITY_WORLD_RID
Definition: setypes.h:513
ASSERT
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
Status
Status
Definition: gdiplustypes.h:24
_SECURITY_DESCRIPTOR_RELATIVE::Owner
$ULONG Owner
Definition: setypes.h:786
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
SeWorldSid
PSID SeWorldSid
Definition: sid.c:31
Control
static const WCHAR Control[]
Definition: interface.c:27
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
CmpSetSecurityDescriptor
NTSTATUS CmpSetSecurityDescriptor(IN PCM_KEY_CONTROL_BLOCK Kcb, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
Definition: cmse.c:240
_SECURITY_DESCRIPTOR_RELATIVE::Control
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
KEY_ALL_ACCESS
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
PULONG
unsigned int * PULONG
Definition: retypes.h:1
Owner
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
SECURITY_RESTRICTED_CODE_RID
#define SECURITY_RESTRICTED_CODE_RID
Definition: setypes.h:541
TAG_CMSD
#define TAG_CMSD
Definition: cmlib.h:207
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39
OUT
#define OUT
Definition: typedefs.h:40
ULONG
unsigned int ULONG
Definition: retypes.h:1
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
CmpAcquireKcbLockExclusive
FORCEINLINE VOID CmpAcquireKcbLockExclusive(PCM_KEY_CONTROL_BLOCK Kcb)
Definition: cm_x.h:102
PCM_KEY_BODY
struct _CM_KEY_BODY * PCM_KEY_BODY
CmpAssignSecurityDescriptor
NTSTATUS CmpAssignSecurityDescriptor(IN PCM_KEY_CONTROL_BLOCK Kcb, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: cmse.c:251
STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:3014
SeLengthSid
#define SeLengthSid(Sid)
Definition: sefuncs.h:570
PoolType
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444
CmpLockRegistry
VOID NTAPI CmpLockRegistry(VOID)
Definition: cmsysini.c:1907
DOMAIN_ALIAS_RID_ADMINS
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
SECURITY_OPERATION_CODE
SECURITY_OPERATION_CODE
Definition: setypes.h:142
_ACE
Definition: rtltypes.h:990
AclLength
_In_ ULONG AclLength
Definition: rtlfuncs.h:1844
KeBugCheckEx
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
NtAuthority
SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: database.c:19
RtlLengthRequiredSid
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89