ReactOS  0.4.15-dev-1070-ge1a01de
security.c File Reference
#include <rtl.h>
#include <debug.h>
Include dependency graph for security.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

NTSTATUS NTAPI RtlpSetSecurityObject (IN PVOID Object OPTIONAL, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN ULONG PoolType, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
 
NTSTATUS NTAPI RtlpNewSecurityObject (IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI RtlpConvertToAutoInheritSecurityObject (IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI RtlDefaultNpAcl (OUT PACL *pAcl)
 
NTSTATUS NTAPI RtlCreateAndSetSD (IN PVOID AceData, IN ULONG AceCount, IN PSID OwnerSid OPTIONAL, IN PSID GroupSid OPTIONAL, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
 
NTSTATUS NTAPI RtlDeleteSecurityObject (IN PSECURITY_DESCRIPTOR *ObjectDescriptor)
 
NTSTATUS NTAPI RtlNewSecurityObject (IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI RtlNewSecurityObjectEx (IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI RtlNewSecurityObjectWithMultipleInheritance (IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI RtlNewInstanceSecurityObject (IN BOOLEAN ParentDescriptorChanged, IN BOOLEAN CreatorDescriptorChanged, IN PLUID OldClientTokenModifiedId, OUT PLUID NewClientTokenModifiedId, IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI RtlCreateUserSecurityObject (IN PVOID AceData, IN ULONG AceCount, IN PSID OwnerSid, IN PSID GroupSid, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
 
NTSTATUS NTAPI RtlNewSecurityGrantedAccess (IN ACCESS_MASK DesiredAccess, OUT PPRIVILEGE_SET Privileges, IN OUT PULONG Length, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping, OUT PACCESS_MASK RemainingDesiredAccess)
 
NTSTATUS NTAPI RtlQuerySecurityObject (IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor, IN ULONG DescriptorLength, OUT PULONG ReturnLength)
 
NTSTATUS NTAPI RtlSetSecurityObject (IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
 
NTSTATUS NTAPI RtlSetSecurityObjectEx (IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
 
NTSTATUS NTAPI RtlConvertToAutoInheritSecurityObject (IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI RtlRegisterSecureMemoryCacheCallback (IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback)
 
BOOLEAN NTAPI RtlFlushSecureMemoryCache (IN PVOID MemoryCache, IN OPTIONAL SIZE_T MemoryLength)
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 12 of file security.c.

Function Documentation

◆ RtlConvertToAutoInheritSecurityObject()

NTSTATUS NTAPI RtlConvertToAutoInheritSecurityObject ( IN PSECURITY_DESCRIPTOR  ParentDescriptor,
IN PSECURITY_DESCRIPTOR  CreatorDescriptor,
OUT PSECURITY_DESCRIPTOR NewDescriptor,
IN LPGUID  ObjectType,
IN BOOLEAN  IsDirectoryObject,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 798 of file security.c.

804 {
805  /* Call the internal API */
806  return RtlpConvertToAutoInheritSecurityObject(ParentDescriptor,
807  CreatorDescriptor,
809  ObjectType,
812 }
ObjectType
Definition: metafile.c:80
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
NTSTATUS NTAPI RtlpConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:220
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11

◆ RtlCreateAndSetSD()

NTSTATUS NTAPI RtlCreateAndSetSD ( IN PVOID  AceData,
IN ULONG  AceCount,
IN PSID OwnerSid  OPTIONAL,
IN PSID GroupSid  OPTIONAL,
OUT PSECURITY_DESCRIPTOR NewDescriptor 
)

Definition at line 394 of file security.c.

399 {
401  return STATUS_NOT_IMPLEMENTED;
402 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:239
#define UNIMPLEMENTED
Definition: debug.h:115

Referenced by RtlCreateUserSecurityObject().

◆ RtlCreateUserSecurityObject()

NTSTATUS NTAPI RtlCreateUserSecurityObject ( IN PVOID  AceData,
IN ULONG  AceCount,
IN PSID  OwnerSid,
IN PSID  GroupSid,
IN BOOLEAN  IsDirectoryObject,
IN PGENERIC_MAPPING  GenericMapping,
OUT PSECURITY_DESCRIPTOR NewDescriptor 
)

Definition at line 559 of file security.c.

566 {
570  DPRINT1("RtlCreateUserSecurityObject(%p)\n", AceData);
571 
572  /* Create the security descriptor based on the ACE Data */
573  Status = RtlCreateAndSetSD(AceData,
574  AceCount,
575  OwnerSid,
576  GroupSid,
577  &Sd);
578  if (!NT_SUCCESS(Status)) return Status;
579 
580  /* Open the process token */
582  if (!NT_SUCCESS(Status)) goto Quickie;
583 
584  /* Create the security object */
586  Sd,
589  TokenHandle,
591 
592  /* We're done, close the token handle */
594 
595 Quickie:
596  /* Free the SD and return status */
597  RtlFreeHeap(RtlGetProcessHeap(), 0, Sd);
598  return Status;
599 }
NTSTATUS NTAPI RtlCreateAndSetSD(IN PVOID AceData, IN ULONG AceCount, IN PSID OwnerSid OPTIONAL, IN PSID GroupSid OPTIONAL, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
Definition: security.c:394
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
smooth NULL
Definition: ftsmooth.c:416
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
#define NtCurrentProcess()
Definition: nt_native.h:1657
#define TOKEN_QUERY
Definition: setypes.h:874
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
Status
Definition: gdiplustypes.h:24
NTSTATUS NTAPI RtlNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:423
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define DPRINT1
Definition: precomp.h:8

◆ RtlDefaultNpAcl()

NTSTATUS NTAPI RtlDefaultNpAcl ( OUT PACL pAcl)

Definition at line 238 of file security.c.

239 {
242  PTOKEN_OWNER OwnerSid;
243  ULONG ReturnLength = 0;
244  ULONG AclSize;
247 
248  /*
249  * Temporary buffer large enough to hold a maximum of two SIDs.
250  * An alternative is to call RtlAllocateAndInitializeSid many times...
251  */
252  UCHAR SidBuffer[16];
253  PSID Sid = (PSID)&SidBuffer;
254 
255  ASSERT(RtlLengthRequiredSid(2) == 16);
256 
257  /* Initialize the user ACL pointer */
258  *pAcl = NULL;
259 
260  /*
261  * Try to retrieve the SID of the current owner. For that,
262  * we first attempt to get the current thread level token.
263  */
265  TOKEN_QUERY,
266  TRUE,
267  &TokenHandle);
268  if (Status == STATUS_NO_TOKEN)
269  {
270  /*
271  * No thread level token, so use the process level token.
272  * This is the common case since the only time a thread
273  * has a token is when it is impersonating.
274  */
276  TOKEN_QUERY,
277  &TokenHandle);
278  }
279  /* Fail if we didn't succeed in retrieving a handle to the token */
280  if (!NT_SUCCESS(Status)) return Status;
281 
282  /*
283  * Retrieve the owner SID from the token.
284  */
285 
286  /* Query the needed size... */
288  TokenOwner,
289  NULL, 0,
290  &ReturnLength);
291  /* ... so that we must fail with STATUS_BUFFER_TOO_SMALL error */
292  if (Status != STATUS_BUFFER_TOO_SMALL) goto Cleanup1;
293 
294  /* Allocate space for the owner SID */
295  OwnerSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ReturnLength);
296  if (OwnerSid == NULL)
297  {
299  goto Cleanup1;
300  }
301 
302  /* Retrieve the owner SID; we must succeed */
304  TokenOwner,
305  OwnerSid,
306  ReturnLength,
307  &ReturnLength);
308  if (!NT_SUCCESS(Status)) goto Cleanup2;
309 
310  /*
311  * Allocate one ACL with 5 ACEs.
312  *
313  * NOTE: sizeof(ACE) == sizeof(ACCESS_ALLOWED_ACE) - sizeof(((ACCESS_ALLOWED_ACE*)NULL)->SidStart)
314  * (see kernel32/client/debugger.c line 54).
315  */
316  AclSize = sizeof(ACL) + // Header
317  5 * sizeof(ACE /*ACCESS_ALLOWED_ACE*/) + // 5 ACEs:
318  RtlLengthRequiredSid(1) + // LocalSystem
319  RtlLengthRequiredSid(2) + // Administrators
320  RtlLengthRequiredSid(1) + // Anonymous
321  RtlLengthRequiredSid(1) + // World
322  RtlLengthSid(OwnerSid->Owner); // Owner
323 
324  *pAcl = RtlAllocateHeap(RtlGetProcessHeap(), 0, AclSize);
325  if (*pAcl == NULL)
326  {
328  goto Cleanup2;
329  }
330 
331  /*
332  * Build the ACL and add the five ACEs.
333  */
334  Status = RtlCreateAcl(*pAcl, AclSize, ACL_REVISION2);
336 
337  /* Local System SID - Generic All */
343 
344  /* Administrators SID - Generic All */
351 
352  /* Owner SID - Generic All */
355 
356  /* Anonymous SID - Generic Read */
362 
363  /* World SID - Generic Read */
369 
370  /* If some problem happened, cleanup everything */
371  if (!NT_SUCCESS(Status))
372  {
373  RtlFreeHeap(RtlGetProcessHeap(), 0, *pAcl);
374  *pAcl = NULL;
375  }
376 
377 Cleanup2:
378  /* Get rid of the owner SID */
379  RtlFreeHeap(RtlGetProcessHeap(), 0, OwnerSid);
380 
381 Cleanup1:
382  /* Close the token handle */
384 
385  /* Done */
386  return Status;
387 }
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
#define GENERIC_ALL
Definition: nt_native.h:92
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
#define NtCurrentThread()
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:15
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
#define ACL_REVISION2
Definition: setypes.h:43
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Definition: token.c:1839
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
PSID Owner
Definition: setypes.h:974
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
#define NtCurrentProcess()
Definition: nt_native.h:1657
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define TOKEN_QUERY
Definition: setypes.h:874
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
static PSID
Definition: security.c:70
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
unsigned char UCHAR
Definition: xmlstorage.h:181
Status
Definition: gdiplustypes.h:24
#define GENERIC_READ
Definition: compat.h:135
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
NTSTATUS NTAPI NtOpenThreadToken(IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle)
Definition: token.c:3858
unsigned int ULONG
Definition: retypes.h:1
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
Definition: rtltypes.h:990
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

◆ RtlDeleteSecurityObject()

NTSTATUS NTAPI RtlDeleteSecurityObject ( IN PSECURITY_DESCRIPTOR ObjectDescriptor)

Definition at line 409 of file security.c.

410 {
411  DPRINT1("RtlDeleteSecurityObject(%p)\n", ObjectDescriptor);
412 
413  /* Free the object from the heap */
414  RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectDescriptor);
415  return STATUS_SUCCESS;
416 }
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
#define DPRINT1
Definition: precomp.h:8
return STATUS_SUCCESS
Definition: btrfs.c:3014

◆ RtlFlushSecureMemoryCache()

BOOLEAN NTAPI RtlFlushSecureMemoryCache ( IN PVOID  MemoryCache,
IN OPTIONAL SIZE_T  MemoryLength 
)

Definition at line 830 of file security.c.

832 {
834  return FALSE;
835 }
#define FALSE
Definition: types.h:117
#define UNIMPLEMENTED
Definition: debug.h:115

Referenced by RtlpSecMemFreeVirtualMemory(), and UnmapViewOfFile().

◆ RtlNewInstanceSecurityObject()

NTSTATUS NTAPI RtlNewInstanceSecurityObject ( IN BOOLEAN  ParentDescriptorChanged,
IN BOOLEAN  CreatorDescriptorChanged,
IN PLUID  OldClientTokenModifiedId,
OUT PLUID  NewClientTokenModifiedId,
IN PSECURITY_DESCRIPTOR  ParentDescriptor,
IN PSECURITY_DESCRIPTOR  CreatorDescriptor,
OUT PSECURITY_DESCRIPTOR NewDescriptor,
IN BOOLEAN  IsDirectoryObject,
IN HANDLE  Token,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 506 of file security.c.

516 {
517  TOKEN_STATISTICS TokenStats;
518  ULONG Size;
520  DPRINT1("RtlNewInstanceSecurityObject(%p)\n", ParentDescriptor);
521 
522  /* Query the token statistics */
525  &TokenStats,
526  sizeof(TokenStats),
527  &Size);
528  if (!NT_SUCCESS(Status)) return Status;
529 
530  /* Return the LUID */
531  *NewClientTokenModifiedId = TokenStats.ModifiedId;
532 
533  /* Check if the LUID changed */
534  if (RtlEqualLuid(NewClientTokenModifiedId, OldClientTokenModifiedId))
535  {
536  /* Did nothing change? */
537  if (!(ParentDescriptorChanged) && !(CreatorDescriptorChanged))
538  {
539  /* There's no new descriptor, we're done */
540  *NewDescriptor = NULL;
541  return STATUS_SUCCESS;
542  }
543  }
544 
545  /* Call the standard API */
546  return RtlNewSecurityObject(ParentDescriptor,
547  CreatorDescriptor,
550  Token,
552 }
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
smooth NULL
Definition: ftsmooth.c:416
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Definition: token.c:1839
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
Status
Definition: gdiplustypes.h:24
NTSTATUS NTAPI RtlNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:423
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:3014

◆ RtlNewSecurityGrantedAccess()

NTSTATUS NTAPI RtlNewSecurityGrantedAccess ( IN ACCESS_MASK  DesiredAccess,
OUT PPRIVILEGE_SET  Privileges,
IN OUT PULONG  Length,
IN HANDLE  Token,
IN PGENERIC_MAPPING  GenericMapping,
OUT PACCESS_MASK  RemainingDesiredAccess 
)

Definition at line 606 of file security.c.

612 {
614  BOOLEAN Granted, CallerToken;
615  TOKEN_STATISTICS TokenStats;
616  ULONG Size;
617  DPRINT1("RtlNewSecurityGrantedAccess(%lx)\n", DesiredAccess);
618 
619  /* Has the caller passed a token? */
620  if (!Token)
621  {
622  /* Remember that we'll have to close the handle */
623  CallerToken = FALSE;
624 
625  /* Nope, open it */
627  if (!NT_SUCCESS(Status)) return Status;
628  }
629  else
630  {
631  /* Yep, use it */
632  CallerToken = TRUE;
633  }
634 
635  /* Get information on the token */
638  &TokenStats,
639  sizeof(TokenStats),
640  &Size);
642 
643  /* Windows doesn't do anything with the token statistics! */
644 
645  /* Map the access and return it back decoded */
647  *RemainingDesiredAccess = DesiredAccess;
648 
649  /* Check if one of the rights requested was the SACL right */
651  {
652  /* Pretend that it's allowed FIXME: Do privilege check */
653  DPRINT1("Missing privilege check for SE_SECURITY_PRIVILEGE");
654  Granted = TRUE;
655  *RemainingDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
656  }
657  else
658  {
659  /* Nothing to grant */
660  Granted = FALSE;
661  }
662 
663  /* If the caller did not pass in a token, close the handle to ours */
664  if (!CallerToken) NtClose(Token);
665 
666  /* We need space to return only 1 privilege -- already part of the struct */
667  Size = sizeof(PRIVILEGE_SET);
668  if (Size > *Length)
669  {
670  /* Tell the caller how much space we need and fail */
671  *Length = Size;
673  }
674 
675  /* Check if the SACL right was granted... */
677  if (Granted)
678  {
679  /* Yes, return it in the structure */
680  Privileges->PrivilegeCount = 1;
681  Privileges->Privilege[0].Luid.LowPart = SE_SECURITY_PRIVILEGE;
682  Privileges->Privilege[0].Luid.HighPart = 0;
683  Privileges->Privilege[0].Attributes = SE_PRIVILEGE_USED_FOR_ACCESS;
684  }
685 
686  /* All done */
687  return STATUS_SUCCESS;
688 }
struct _PRIVILEGE_SET PRIVILEGE_SET
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define NtCurrentThread()
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Definition: token.c:1839
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
#define SE_SECURITY_PRIVILEGE
Definition: security.c:662
#define TOKEN_QUERY
Definition: setypes.h:874
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
Status
Definition: gdiplustypes.h:24
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4137
#define DPRINT1
Definition: precomp.h:8
NTSTATUS NTAPI NtOpenThreadToken(IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle)
Definition: token.c:3858
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
return STATUS_SUCCESS
Definition: btrfs.c:3014
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)

◆ RtlNewSecurityObject()

NTSTATUS NTAPI RtlNewSecurityObject ( IN PSECURITY_DESCRIPTOR  ParentDescriptor,
IN PSECURITY_DESCRIPTOR  CreatorDescriptor,
OUT PSECURITY_DESCRIPTOR NewDescriptor,
IN BOOLEAN  IsDirectoryObject,
IN HANDLE  Token,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 423 of file security.c.

429 {
430  DPRINT1("RtlNewSecurityObject(%p)\n", ParentDescriptor);
431 
432  /* Call the internal API */
433  return RtlpNewSecurityObject(ParentDescriptor,
434  CreatorDescriptor,
436  NULL,
437  0,
439  0,
440  Token,
442 }
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
smooth NULL
Definition: ftsmooth.c:416
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define DPRINT1
Definition: precomp.h:8
NTSTATUS NTAPI RtlpNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:204

Referenced by RtlCreateUserSecurityObject(), and RtlNewInstanceSecurityObject().

◆ RtlNewSecurityObjectEx()

NTSTATUS NTAPI RtlNewSecurityObjectEx ( IN PSECURITY_DESCRIPTOR  ParentDescriptor,
IN PSECURITY_DESCRIPTOR  CreatorDescriptor,
OUT PSECURITY_DESCRIPTOR NewDescriptor,
IN LPGUID  ObjectType,
IN BOOLEAN  IsDirectoryObject,
IN ULONG  AutoInheritFlags,
IN HANDLE  Token,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 449 of file security.c.

457 {
458  DPRINT1("RtlNewSecurityObjectEx(%p)\n", ParentDescriptor);
459 
460  /* Call the internal API */
461  return RtlpNewSecurityObject(ParentDescriptor,
462  CreatorDescriptor,
465  ObjectType ? 1 : 0,
467  AutoInheritFlags,
468  Token,
470 }
ObjectType
Definition: metafile.c:80
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
smooth NULL
Definition: ftsmooth.c:416
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define DPRINT1
Definition: precomp.h:8
NTSTATUS NTAPI RtlpNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:204

◆ RtlNewSecurityObjectWithMultipleInheritance()

NTSTATUS NTAPI RtlNewSecurityObjectWithMultipleInheritance ( IN PSECURITY_DESCRIPTOR  ParentDescriptor,
IN PSECURITY_DESCRIPTOR  CreatorDescriptor,
OUT PSECURITY_DESCRIPTOR NewDescriptor,
IN LPGUID ObjectTypes,
IN ULONG  GuidCount,
IN BOOLEAN  IsDirectoryObject,
IN ULONG  AutoInheritFlags,
IN HANDLE  Token,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 477 of file security.c.

486 {
487  DPRINT1("RtlNewSecurityObjectWithMultipleInheritance(%p)\n", ParentDescriptor);
488 
489  /* Call the internal API */
490  return RtlpNewSecurityObject(ParentDescriptor,
491  CreatorDescriptor,
493  ObjectTypes,
494  GuidCount,
496  AutoInheritFlags,
497  Token,
499 }
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define DPRINT1
Definition: precomp.h:8
NTSTATUS NTAPI RtlpNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:204

◆ RtlpConvertToAutoInheritSecurityObject()

NTSTATUS NTAPI RtlpConvertToAutoInheritSecurityObject ( IN PSECURITY_DESCRIPTOR  ParentDescriptor,
IN PSECURITY_DESCRIPTOR  CreatorDescriptor,
OUT PSECURITY_DESCRIPTOR NewDescriptor,
IN LPGUID  ObjectType,
IN BOOLEAN  IsDirectoryObject,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 220 of file security.c.

226 {
228  return STATUS_NOT_IMPLEMENTED;
229 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:239
#define UNIMPLEMENTED
Definition: debug.h:115

Referenced by RtlConvertToAutoInheritSecurityObject().

◆ RtlpNewSecurityObject()

NTSTATUS NTAPI RtlpNewSecurityObject ( IN PSECURITY_DESCRIPTOR  ParentDescriptor,
IN PSECURITY_DESCRIPTOR  CreatorDescriptor,
OUT PSECURITY_DESCRIPTOR NewDescriptor,
IN LPGUID ObjectTypes,
IN ULONG  GuidCount,
IN BOOLEAN  IsDirectoryObject,
IN ULONG  AutoInheritFlags,
IN HANDLE  Token,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 204 of file security.c.

213 {
215  return STATUS_NOT_IMPLEMENTED;
216 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:239
#define UNIMPLEMENTED
Definition: debug.h:115

Referenced by RtlNewSecurityObject(), RtlNewSecurityObjectEx(), and RtlNewSecurityObjectWithMultipleInheritance().

◆ RtlpSetSecurityObject()

NTSTATUS NTAPI RtlpSetSecurityObject ( IN PVOID Object  OPTIONAL,
IN SECURITY_INFORMATION  SecurityInformation,
IN PSECURITY_DESCRIPTOR  ModificationDescriptor,
IN OUT PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor,
IN ULONG  AutoInheritFlags,
IN ULONG  PoolType,
IN PGENERIC_MAPPING  GenericMapping,
IN HANDLE Token  OPTIONAL 
)

Definition at line 19 of file security.c.

27 {
29  PSID pOwnerSid = NULL;
30  PSID pGroupSid = NULL;
31  PACL pDacl = NULL;
32  PACL pSacl = NULL;
33  BOOLEAN Defaulted;
34  BOOLEAN Present;
35  ULONG ulOwnerSidSize = 0, ulGroupSidSize = 0;
36  ULONG ulDaclSize = 0, ulSaclSize = 0;
37  ULONG ulNewSdSize;
39  PUCHAR pDest;
41 
42  DPRINT("RtlpSetSecurityObject()\n");
43 
44  /* Change the Owner SID */
46  {
47  Status = RtlGetOwnerSecurityDescriptor(ModificationDescriptor, &pOwnerSid, &Defaulted);
48  if (!NT_SUCCESS(Status))
49  return Status;
50  }
51  else
52  {
53  Status = RtlGetOwnerSecurityDescriptor(*ObjectsSecurityDescriptor, &pOwnerSid, &Defaulted);
54  if (!NT_SUCCESS(Status))
55  return Status;
56  }
57 
58  if (pOwnerSid == NULL || !RtlValidSid(pOwnerSid))
59  return STATUS_INVALID_OWNER;
60 
61  ulOwnerSidSize = RtlLengthSid(pOwnerSid);
62 
63  /* Change the Group SID */
65  {
66  Status = RtlGetGroupSecurityDescriptor(ModificationDescriptor, &pGroupSid, &Defaulted);
67  if (!NT_SUCCESS(Status))
68  return Status;
69  }
70  else
71  {
72  Status = RtlGetGroupSecurityDescriptor(*ObjectsSecurityDescriptor, &pGroupSid, &Defaulted);
73  if (!NT_SUCCESS(Status))
74  return Status;
75  }
76 
77  if (pGroupSid == NULL || !RtlValidSid(pGroupSid))
79 
80  ulGroupSidSize = ROUND_UP(RtlLengthSid(pGroupSid), sizeof(ULONG));
81 
82  /* Change the DACL */
84  {
85  Status = RtlGetDaclSecurityDescriptor(ModificationDescriptor, &Present, &pDacl, &Defaulted);
86  if (!NT_SUCCESS(Status))
87  return Status;
88 
90  }
91  else
92  {
93  Status = RtlGetDaclSecurityDescriptor(*ObjectsSecurityDescriptor, &Present, &pDacl, &Defaulted);
94  if (!NT_SUCCESS(Status))
95  return Status;
96 
97  if (Present)
99 
100  if (Defaulted)
102  }
103 
104  if (pDacl != NULL)
105  ulDaclSize = pDacl->AclSize;
106 
107  /* Change the SACL */
109  {
110  Status = RtlGetSaclSecurityDescriptor(ModificationDescriptor, &Present, &pSacl, &Defaulted);
111  if (!NT_SUCCESS(Status))
112  return Status;
113 
115  }
116  else
117  {
118  Status = RtlGetSaclSecurityDescriptor(*ObjectsSecurityDescriptor, &Present, &pSacl, &Defaulted);
119  if (!NT_SUCCESS(Status))
120  return Status;
121 
122  if (Present)
124 
125  if (Defaulted)
127  }
128 
129  if (pSacl != NULL)
130  ulSaclSize = pSacl->AclSize;
131 
132  /* Calculate the size of the new security descriptor */
133  ulNewSdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE) +
134  ROUND_UP(ulOwnerSidSize, sizeof(ULONG)) +
135  ROUND_UP(ulGroupSidSize, sizeof(ULONG)) +
136  ROUND_UP(ulDaclSize, sizeof(ULONG)) +
137  ROUND_UP(ulSaclSize, sizeof(ULONG));
138 
139  /* Allocate the new security descriptor */
140  pNewSd = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulNewSdSize);
141  if (pNewSd == NULL)
142  {
144  DPRINT1("New security descriptor allocation failed (Status 0x%08lx)\n", Status);
145  goto done;
146  }
147 
148  /* Initialize the new security descriptor */
150  if (!NT_SUCCESS(Status))
151  {
152  DPRINT1("New security descriptor creation failed (Status 0x%08lx)\n", Status);
153  goto done;
154  }
155 
156  /* Set the security descriptor control flags */
157  pNewSd->Control = Control;
158 
159  pDest = (PUCHAR)((ULONG_PTR)pNewSd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
160 
161  /* Copy the SACL */
162  if (pSacl != NULL)
163  {
164  RtlCopyMemory(pDest, pSacl, ulSaclSize);
165  pNewSd->Sacl = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
166  pDest = pDest + ROUND_UP(ulSaclSize, sizeof(ULONG));
167  }
168 
169  /* Copy the DACL */
170  if (pDacl != NULL)
171  {
172  RtlCopyMemory(pDest, pDacl, ulDaclSize);
173  pNewSd->Dacl = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
174  pDest = pDest + ROUND_UP(ulDaclSize, sizeof(ULONG));
175  }
176 
177  /* Copy the Owner SID */
178  RtlCopyMemory(pDest, pOwnerSid, ulOwnerSidSize);
179  pNewSd->Owner = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
180  pDest = pDest + ROUND_UP(ulOwnerSidSize, sizeof(ULONG));
181 
182  /* Copy the Group SID */
183  RtlCopyMemory(pDest, pGroupSid, ulGroupSidSize);
184  pNewSd->Group = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
185 
186  /* Free the old security descriptor */
187  RtlFreeHeap(RtlGetProcessHeap(), 0, (PVOID)*ObjectsSecurityDescriptor);
188 
189  /* Return the new security descriptor */
190  *ObjectsSecurityDescriptor = (PSECURITY_DESCRIPTOR)pNewSd;
191 
192 done:
193  if (!NT_SUCCESS(Status))
194  {
195  if (pNewSd != NULL)
196  RtlFreeHeap(RtlGetProcessHeap(), 0, pNewSd);
197  }
198 
199  return Status;
200 }
#define SE_SACL_PRESENT
Definition: setypes.h:769
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(_Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, _In_ ULONG Revision)
USHORT AclSize
Definition: ms-dtyp.idl:296
unsigned char * PUCHAR
Definition: retypes.h:3
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SE_DACL_PRESENT
Definition: setypes.h:767
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted)
Definition: sd.c:280
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
static PSECURITY_DESCRIPTOR
Definition: security.c:88
void DPRINT(...)
Definition: polytest.cpp:61
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
#define SE_DACL_DEFAULTED
Definition: setypes.h:768
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define STATUS_INVALID_PRIMARY_GROUP
Definition: ntstatus.h:327
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
static PUCHAR(WINAPI *pGetSidSubAuthorityCount)(PSID)
Status
Definition: gdiplustypes.h:24
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
static const WCHAR Control[]
Definition: interface.c:27
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define STATUS_INVALID_OWNER
Definition: ntstatus.h:326
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
Definition: sd.c:257
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
#define ULONG_PTR
Definition: config.h:101
#define SE_SACL_DEFAULTED
Definition: setypes.h:770
return STATUS_SUCCESS
Definition: btrfs.c:3014
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

Referenced by RtlSetSecurityObject(), and RtlSetSecurityObjectEx().

◆ RtlQuerySecurityObject()

NTSTATUS NTAPI RtlQuerySecurityObject ( IN PSECURITY_DESCRIPTOR  ObjectDescriptor,
IN SECURITY_INFORMATION  SecurityInformation,
OUT PSECURITY_DESCRIPTOR  ResultantDescriptor,
IN ULONG  DescriptorLength,
OUT PULONG  ReturnLength 
)

Definition at line 695 of file security.c.

700 {
703  BOOLEAN defaulted, present;
704  PACL pacl;
705  PSID psid;
706 
708  if (!NT_SUCCESS(Status)) return Status;
709 
711  {
712  Status = RtlGetOwnerSecurityDescriptor(ObjectDescriptor, &psid, &defaulted);
713  if (!NT_SUCCESS(Status)) return Status;
714  Status = RtlSetOwnerSecurityDescriptor(&desc, psid, defaulted);
715  if (!NT_SUCCESS(Status)) return Status;
716  }
717 
719  {
720  Status = RtlGetGroupSecurityDescriptor(ObjectDescriptor, &psid, &defaulted);
721  if (!NT_SUCCESS(Status)) return Status;
722  Status = RtlSetGroupSecurityDescriptor(&desc, psid, defaulted);
723  if (!NT_SUCCESS(Status)) return Status;
724  }
725 
727  {
728  Status = RtlGetDaclSecurityDescriptor(ObjectDescriptor, &present, &pacl, &defaulted);
729  if (!NT_SUCCESS(Status)) return Status;
730  Status = RtlSetDaclSecurityDescriptor(&desc, present, pacl, defaulted);
731  if (!NT_SUCCESS(Status)) return Status;
732  }
733 
735  {
736  Status = RtlGetSaclSecurityDescriptor(ObjectDescriptor, &present, &pacl, &defaulted);
737  if (!NT_SUCCESS(Status)) return Status;
738  Status = RtlSetSaclSecurityDescriptor(&desc, present, pacl, defaulted);
739  if (!NT_SUCCESS(Status)) return Status;
740  }
741 
742  *ReturnLength = DescriptorLength;
743  return RtlAbsoluteToSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength);
744 }
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted)
Definition: sd.c:280
static const WCHAR desc[]
Definition: protectdata.c:36
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
unsigned char BOOLEAN
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
Status
Definition: gdiplustypes.h:24
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
Definition: sd.c:257
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

◆ RtlRegisterSecureMemoryCacheCallback()

NTSTATUS NTAPI RtlRegisterSecureMemoryCacheCallback ( IN PRTL_SECURE_MEMORY_CACHE_CALLBACK  Callback)

Definition at line 819 of file security.c.

820 {
822  return STATUS_NOT_IMPLEMENTED;
823 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:239
#define UNIMPLEMENTED
Definition: debug.h:115

◆ RtlSetSecurityObject()

NTSTATUS NTAPI RtlSetSecurityObject ( IN SECURITY_INFORMATION  SecurityInformation,
IN PSECURITY_DESCRIPTOR  ModificationDescriptor,
IN OUT PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor,
IN PGENERIC_MAPPING  GenericMapping,
IN HANDLE Token  OPTIONAL 
)

Definition at line 752 of file security.c.

757 {
758  /* Call the internal API */
761  ModificationDescriptor,
762  ObjectsSecurityDescriptor,
763  0,
764  PagedPool,
766  Token);
767 }
NTSTATUS NTAPI RtlpSetSecurityObject(IN PVOID Object OPTIONAL, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN ULONG PoolType, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:19
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
smooth NULL
Definition: ftsmooth.c:416
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11

◆ RtlSetSecurityObjectEx()

NTSTATUS NTAPI RtlSetSecurityObjectEx ( IN SECURITY_INFORMATION  SecurityInformation,
IN PSECURITY_DESCRIPTOR  ModificationDescriptor,
IN OUT PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor,
IN ULONG  AutoInheritFlags,
IN PGENERIC_MAPPING  GenericMapping,
IN HANDLE Token  OPTIONAL 
)

Definition at line 774 of file security.c.

780 {
781  /* Call the internal API */
784  ModificationDescriptor,
785  ObjectsSecurityDescriptor,
786  AutoInheritFlags,
787  PagedPool,
789  Token);
790 
791 }
NTSTATUS NTAPI RtlpSetSecurityObject(IN PVOID Object OPTIONAL, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN ULONG PoolType, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:19
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
smooth NULL
Definition: ftsmooth.c:416
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11