ReactOS 0.4.16-dev-197-g92996da
security.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * FILE: lib/rtl/security.c
5 * PURPOSE: Security related functions and Security Objects
6 * PROGRAMMER: Eric Kohl
7 */
8
9/* INCLUDES *******************************************************************/
10
11#include <rtl.h>
12#define NDEBUG
13#include <debug.h>
14
15/* PRIVATE FUNCTIONS **********************************************************/
16
21 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
22 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
23 IN ULONG AutoInheritFlags,
27{
29 PSID pOwnerSid = NULL;
30 PSID pGroupSid = NULL;
31 PACL pDacl = NULL;
32 PACL pSacl = NULL;
33 BOOLEAN Defaulted;
34 BOOLEAN Present;
35 ULONG ulOwnerSidSize = 0, ulGroupSidSize = 0;
36 ULONG ulDaclSize = 0, ulSaclSize = 0;
37 ULONG ulNewSdSize;
39 PUCHAR pDest;
41
42 DPRINT("RtlpSetSecurityObject()\n");
43
44 /* Change the Owner SID */
46 {
47 Status = RtlGetOwnerSecurityDescriptor(ModificationDescriptor, &pOwnerSid, &Defaulted);
48 if (!NT_SUCCESS(Status))
49 return Status;
50 }
51 else
52 {
53 Status = RtlGetOwnerSecurityDescriptor(*ObjectsSecurityDescriptor, &pOwnerSid, &Defaulted);
54 if (!NT_SUCCESS(Status))
55 return Status;
56 }
57
58 if (pOwnerSid == NULL || !RtlValidSid(pOwnerSid))
60
61 ulOwnerSidSize = RtlLengthSid(pOwnerSid);
62
63 /* Change the Group SID */
65 {
66 Status = RtlGetGroupSecurityDescriptor(ModificationDescriptor, &pGroupSid, &Defaulted);
67 if (!NT_SUCCESS(Status))
68 return Status;
69 }
70 else
71 {
72 Status = RtlGetGroupSecurityDescriptor(*ObjectsSecurityDescriptor, &pGroupSid, &Defaulted);
73 if (!NT_SUCCESS(Status))
74 return Status;
75 }
76
77 if (pGroupSid == NULL || !RtlValidSid(pGroupSid))
79
80 ulGroupSidSize = ROUND_UP(RtlLengthSid(pGroupSid), sizeof(ULONG));
81
82 /* Change the DACL */
84 {
85 Status = RtlGetDaclSecurityDescriptor(ModificationDescriptor, &Present, &pDacl, &Defaulted);
86 if (!NT_SUCCESS(Status))
87 return Status;
88
90 }
91 else
92 {
93 Status = RtlGetDaclSecurityDescriptor(*ObjectsSecurityDescriptor, &Present, &pDacl, &Defaulted);
94 if (!NT_SUCCESS(Status))
95 return Status;
96
97 if (Present)
99
100 if (Defaulted)
102 }
103
104 if (pDacl != NULL)
105 ulDaclSize = pDacl->AclSize;
106
107 /* Change the SACL */
109 {
110 Status = RtlGetSaclSecurityDescriptor(ModificationDescriptor, &Present, &pSacl, &Defaulted);
111 if (!NT_SUCCESS(Status))
112 return Status;
113
115 }
116 else
117 {
118 Status = RtlGetSaclSecurityDescriptor(*ObjectsSecurityDescriptor, &Present, &pSacl, &Defaulted);
119 if (!NT_SUCCESS(Status))
120 return Status;
121
122 if (Present)
124
125 if (Defaulted)
127 }
128
129 if (pSacl != NULL)
130 ulSaclSize = pSacl->AclSize;
131
132 /* Calculate the size of the new security descriptor */
133 ulNewSdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE) +
134 ROUND_UP(ulOwnerSidSize, sizeof(ULONG)) +
135 ROUND_UP(ulGroupSidSize, sizeof(ULONG)) +
136 ROUND_UP(ulDaclSize, sizeof(ULONG)) +
137 ROUND_UP(ulSaclSize, sizeof(ULONG));
138
139 /* Allocate the new security descriptor */
140 pNewSd = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulNewSdSize);
141 if (pNewSd == NULL)
142 {
144 DPRINT1("New security descriptor allocation failed (Status 0x%08lx)\n", Status);
145 goto done;
146 }
147
148 /* Initialize the new security descriptor */
150 if (!NT_SUCCESS(Status))
151 {
152 DPRINT1("New security descriptor creation failed (Status 0x%08lx)\n", Status);
153 goto done;
154 }
155
156 /* Set the security descriptor control flags */
157 pNewSd->Control = Control;
158
159 pDest = (PUCHAR)((ULONG_PTR)pNewSd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
160
161 /* Copy the SACL */
162 if (pSacl != NULL)
163 {
164 RtlCopyMemory(pDest, pSacl, ulSaclSize);
165 pNewSd->Sacl = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
166 pDest = pDest + ROUND_UP(ulSaclSize, sizeof(ULONG));
167 }
168
169 /* Copy the DACL */
170 if (pDacl != NULL)
171 {
172 RtlCopyMemory(pDest, pDacl, ulDaclSize);
173 pNewSd->Dacl = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
174 pDest = pDest + ROUND_UP(ulDaclSize, sizeof(ULONG));
175 }
176
177 /* Copy the Owner SID */
178 RtlCopyMemory(pDest, pOwnerSid, ulOwnerSidSize);
179 pNewSd->Owner = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
180 pDest = pDest + ROUND_UP(ulOwnerSidSize, sizeof(ULONG));
181
182 /* Copy the Group SID */
183 RtlCopyMemory(pDest, pGroupSid, ulGroupSidSize);
184 pNewSd->Group = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
185
186 /* Free the old security descriptor */
187 RtlFreeHeap(RtlGetProcessHeap(), 0, (PVOID)*ObjectsSecurityDescriptor);
188
189 /* Return the new security descriptor */
190 *ObjectsSecurityDescriptor = (PSECURITY_DESCRIPTOR)pNewSd;
191
192done:
193 if (!NT_SUCCESS(Status))
194 {
195 if (pNewSd != NULL)
196 RtlFreeHeap(RtlGetProcessHeap(), 0, pNewSd);
197 }
198
199 return Status;
200}
201
203NTAPI
205 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
207 IN LPGUID *ObjectTypes,
208 IN ULONG GuidCount,
210 IN ULONG AutoInheritFlags,
213{
216}
217
219NTAPI
221 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
226{
229}
230
231/* PUBLIC FUNCTIONS ***********************************************************/
232
233/*
234 * @implemented
235 */
237NTAPI
239{
242 PTOKEN_OWNER OwnerSid;
244 ULONG AclSize;
247
248 C_ASSERT(sizeof(ACE) == FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart));
249
250 /*
251 * Temporary buffer large enough to hold a maximum of two SIDs.
252 * An alternative is to call RtlAllocateAndInitializeSid many times...
253 */
254 UCHAR SidBuffer[FIELD_OFFSET(SID, SubAuthority)
255 + 2*RTL_FIELD_SIZE(SID, SubAuthority)];
256 PSID Sid = (PSID)&SidBuffer;
257
258 ASSERT(RtlLengthRequiredSid(2) == sizeof(SidBuffer));
259
260 /* Initialize the user ACL pointer */
261 *pAcl = NULL;
262
263 /*
264 * Try to retrieve the SID of the current owner. For that,
265 * we first attempt to get the current thread level token.
266 */
269 TRUE,
270 &TokenHandle);
271 if (Status == STATUS_NO_TOKEN)
272 {
273 /*
274 * No thread level token, so use the process level token.
275 * This is the common case since the only time a thread
276 * has a token is when it is impersonating.
277 */
280 &TokenHandle);
281 }
282 /* Fail if we didn't succeed in retrieving a handle to the token */
283 if (!NT_SUCCESS(Status)) return Status;
284
285 /*
286 * Retrieve the owner SID from the token.
287 */
288
289 /* Query the needed size... */
292 NULL, 0,
293 &ReturnLength);
294 /* ... so that we must fail with STATUS_BUFFER_TOO_SMALL error */
295 if (Status != STATUS_BUFFER_TOO_SMALL) goto Cleanup1;
296
297 /* Allocate space for the owner SID */
298 OwnerSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ReturnLength);
299 if (OwnerSid == NULL)
300 {
302 goto Cleanup1;
303 }
304
305 /* Retrieve the owner SID; we must succeed */
308 OwnerSid,
310 &ReturnLength);
311 if (!NT_SUCCESS(Status)) goto Cleanup2;
312
313 /*
314 * Allocate one ACL with 5 ACEs.
315 */
316 AclSize = sizeof(ACL) + // Header
317 5 * sizeof(ACE) + // 5 ACEs:
318 RtlLengthRequiredSid(1) + // LocalSystem
319 RtlLengthRequiredSid(2) + // Administrators
320 RtlLengthRequiredSid(1) + // Anonymous
321 RtlLengthRequiredSid(1) + // World
322 RtlLengthSid(OwnerSid->Owner); // Owner
323
324 *pAcl = RtlAllocateHeap(RtlGetProcessHeap(), 0, AclSize);
325 if (*pAcl == NULL)
326 {
328 goto Cleanup2;
329 }
330
331 /*
332 * Build the ACL and add the five ACEs.
333 */
334 Status = RtlCreateAcl(*pAcl, AclSize, ACL_REVISION2);
336
337 /* Local System SID - Generic All */
343
344 /* Administrators SID - Generic All */
351
352 /* Owner SID - Generic All */
355
356 /* Anonymous SID - Generic Read */
362
363 /* World SID - Generic Read */
369
370 /* If some problem happened, cleanup everything */
371 if (!NT_SUCCESS(Status))
372 {
373 RtlFreeHeap(RtlGetProcessHeap(), 0, *pAcl);
374 *pAcl = NULL;
375 }
376
377Cleanup2:
378 /* Get rid of the owner SID */
379 RtlFreeHeap(RtlGetProcessHeap(), 0, OwnerSid);
380
381Cleanup1:
382 /* Close the token handle */
384
385 /* Done */
386 return Status;
387}
388
389/*
390 * @unimplemented
391 */
393NTAPI
395 IN ULONG AceCount,
396 IN PSID OwnerSid OPTIONAL,
397 IN PSID GroupSid OPTIONAL,
399{
402}
403
404/*
405 * @implemented
406 */
408NTAPI
410{
411 DPRINT1("RtlDeleteSecurityObject(%p)\n", ObjectDescriptor);
412
413 /* Free the object from the heap */
414 RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectDescriptor);
415 return STATUS_SUCCESS;
416}
417
418/*
419 * @implemented
420 */
422NTAPI
424 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
429{
430 DPRINT1("RtlNewSecurityObject(%p)\n", ParentDescriptor);
431
432 /* Call the internal API */
433 return RtlpNewSecurityObject(ParentDescriptor,
434 CreatorDescriptor,
436 NULL,
437 0,
439 0,
440 Token,
442}
443
444/*
445 * @implemented
446 */
448NTAPI
450 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
454 IN ULONG AutoInheritFlags,
457{
458 DPRINT1("RtlNewSecurityObjectEx(%p)\n", ParentDescriptor);
459
460 /* Call the internal API */
461 return RtlpNewSecurityObject(ParentDescriptor,
462 CreatorDescriptor,
465 ObjectType ? 1 : 0,
467 AutoInheritFlags,
468 Token,
470}
471
472/*
473 * @implemented
474 */
476NTAPI
478 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
480 IN LPGUID *ObjectTypes,
481 IN ULONG GuidCount,
483 IN ULONG AutoInheritFlags,
486{
487 DPRINT1("RtlNewSecurityObjectWithMultipleInheritance(%p)\n", ParentDescriptor);
488
489 /* Call the internal API */
490 return RtlpNewSecurityObject(ParentDescriptor,
491 CreatorDescriptor,
493 ObjectTypes,
494 GuidCount,
496 AutoInheritFlags,
497 Token,
499}
500
501/*
502 * @implemented
503 */
505NTAPI
507 IN BOOLEAN CreatorDescriptorChanged,
508 IN PLUID OldClientTokenModifiedId,
509 OUT PLUID NewClientTokenModifiedId,
510 IN PSECURITY_DESCRIPTOR ParentDescriptor,
511 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
516{
517 TOKEN_STATISTICS TokenStats;
518 ULONG Size;
520 DPRINT1("RtlNewInstanceSecurityObject(%p)\n", ParentDescriptor);
521
522 /* Query the token statistics */
525 &TokenStats,
526 sizeof(TokenStats),
527 &Size);
528 if (!NT_SUCCESS(Status)) return Status;
529
530 /* Return the LUID */
531 *NewClientTokenModifiedId = TokenStats.ModifiedId;
532
533 /* Check if the LUID changed */
534 if (RtlEqualLuid(NewClientTokenModifiedId, OldClientTokenModifiedId))
535 {
536 /* Did nothing change? */
537 if (!(ParentDescriptorChanged) && !(CreatorDescriptorChanged))
538 {
539 /* There's no new descriptor, we're done */
541 return STATUS_SUCCESS;
542 }
543 }
544
545 /* Call the standard API */
546 return RtlNewSecurityObject(ParentDescriptor,
547 CreatorDescriptor,
550 Token,
552}
553
554/*
555 * @implemented
556 */
558NTAPI
560 IN ULONG AceCount,
561 IN PSID OwnerSid,
562 IN PSID GroupSid,
566{
570 DPRINT1("RtlCreateUserSecurityObject(%p)\n", AceData);
571
572 /* Create the security descriptor based on the ACE Data */
573 Status = RtlCreateAndSetSD(AceData,
574 AceCount,
575 OwnerSid,
576 GroupSid,
577 &Sd);
578 if (!NT_SUCCESS(Status)) return Status;
579
580 /* Open the process token */
582 if (!NT_SUCCESS(Status)) goto Quickie;
583
584 /* Create the security object */
586 Sd,
591
592 /* We're done, close the token handle */
594
595Quickie:
596 /* Free the SD and return status */
597 RtlFreeHeap(RtlGetProcessHeap(), 0, Sd);
598 return Status;
599}
600
601/*
602 * @implemented
603 */
605NTAPI
611 OUT PACCESS_MASK RemainingDesiredAccess)
612{
614 BOOLEAN Granted, CallerToken;
615 TOKEN_STATISTICS TokenStats;
616 ULONG Size;
617 DPRINT1("RtlNewSecurityGrantedAccess(%lx)\n", DesiredAccess);
618
619 /* Has the caller passed a token? */
620 if (!Token)
621 {
622 /* Remember that we'll have to close the handle */
623 CallerToken = FALSE;
624
625 /* Nope, open it */
627 if (!NT_SUCCESS(Status)) return Status;
628 }
629 else
630 {
631 /* Yep, use it */
632 CallerToken = TRUE;
633 }
634
635 /* Get information on the token */
638 &TokenStats,
639 sizeof(TokenStats),
640 &Size);
642
643 /* Windows doesn't do anything with the token statistics! */
644
645 /* Map the access and return it back decoded */
647 *RemainingDesiredAccess = DesiredAccess;
648
649 /* Check if one of the rights requested was the SACL right */
651 {
652 /* Pretend that it's allowed FIXME: Do privilege check */
653 DPRINT1("Missing privilege check for SE_SECURITY_PRIVILEGE");
654 Granted = TRUE;
655 *RemainingDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
656 }
657 else
658 {
659 /* Nothing to grant */
660 Granted = FALSE;
661 }
662
663 /* If the caller did not pass in a token, close the handle to ours */
664 if (!CallerToken) NtClose(Token);
665
666 /* We need space to return only 1 privilege -- already part of the struct */
667 Size = sizeof(PRIVILEGE_SET);
668 if (Size > *Length)
669 {
670 /* Tell the caller how much space we need and fail */
671 *Length = Size;
673 }
674
675 /* Check if the SACL right was granted */
677 if (Granted)
678 {
679 /* Yes, return it in the structure */
680 Privileges->PrivilegeCount = 1;
681 Privileges->Privilege[0].Luid.LowPart = SE_SECURITY_PRIVILEGE;
682 Privileges->Privilege[0].Luid.HighPart = 0;
683 Privileges->Privilege[0].Attributes = SE_PRIVILEGE_USED_FOR_ACCESS;
684 }
685
686 /* All done */
687 return STATUS_SUCCESS;
688}
689
690/*
691 * @unimplemented
692 */
694NTAPI
697 OUT PSECURITY_DESCRIPTOR ResultantDescriptor,
698 IN ULONG DescriptorLength,
700{
703 BOOLEAN defaulted, present;
704 PACL pacl;
705 PSID psid;
706
708 if (!NT_SUCCESS(Status)) return Status;
709
711 {
712 Status = RtlGetOwnerSecurityDescriptor(ObjectDescriptor, &psid, &defaulted);
713 if (!NT_SUCCESS(Status)) return Status;
714 Status = RtlSetOwnerSecurityDescriptor(&desc, psid, defaulted);
715 if (!NT_SUCCESS(Status)) return Status;
716 }
717
719 {
720 Status = RtlGetGroupSecurityDescriptor(ObjectDescriptor, &psid, &defaulted);
721 if (!NT_SUCCESS(Status)) return Status;
722 Status = RtlSetGroupSecurityDescriptor(&desc, psid, defaulted);
723 if (!NT_SUCCESS(Status)) return Status;
724 }
725
727 {
728 Status = RtlGetDaclSecurityDescriptor(ObjectDescriptor, &present, &pacl, &defaulted);
729 if (!NT_SUCCESS(Status)) return Status;
730 Status = RtlSetDaclSecurityDescriptor(&desc, present, pacl, defaulted);
731 if (!NT_SUCCESS(Status)) return Status;
732 }
733
735 {
736 Status = RtlGetSaclSecurityDescriptor(ObjectDescriptor, &present, &pacl, &defaulted);
737 if (!NT_SUCCESS(Status)) return Status;
738 Status = RtlSetSaclSecurityDescriptor(&desc, present, pacl, defaulted);
739 if (!NT_SUCCESS(Status)) return Status;
740 }
741
742 *ReturnLength = DescriptorLength;
743 return RtlAbsoluteToSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength);
744}
745
746
747/*
748 * @implemented
749 */
751NTAPI
753 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
754 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
757{
758 /* Call the internal API */
761 ModificationDescriptor,
762 ObjectsSecurityDescriptor,
763 0,
764 PagedPool,
766 Token);
767}
768
769/*
770 * @implemented
771 */
773NTAPI
775 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
776 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
777 IN ULONG AutoInheritFlags,
780{
781 /* Call the internal API */
784 ModificationDescriptor,
785 ObjectsSecurityDescriptor,
786 AutoInheritFlags,
787 PagedPool,
789 Token);
790
791}
792
793/*
794 * @implemented
795 */
797NTAPI
799 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
804{
805 /* Call the internal API */
806 return RtlpConvertToAutoInheritSecurityObject(ParentDescriptor,
807 CreatorDescriptor,
812}
813
814/*
815 * @unimplemented
816 */
818NTAPI
819RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback)
820{
823}
824
825/*
826 * @unimplemented
827 */
829NTAPI
831 IN OPTIONAL SIZE_T MemoryLength)
832{
834 return FALSE;
835}
unsigned char BOOLEAN
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
LONG NTSTATUS
Definition: precomp.h:26
#define DPRINT1
Definition: precomp.h:8
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:40
#define UNIMPLEMENTED
Definition: debug.h:118
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:590
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:608
#define STATUS_NO_MEMORY
Definition: d3dkmdt.h:51
#define STATUS_NOT_IMPLEMENTED
Definition: d3dkmdt.h:42
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
#define GENERIC_READ
Definition: compat.h:135
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
#define ULONG_PTR
Definition: config.h:101
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:43
#define PagedPool
Definition: env_spec_w32.h:308
#define ROUND_UP(n, align)
Definition: eventvwr.h:34
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
Status
Definition: gdiplustypes.h:25
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
#define C_ASSERT(e)
Definition: intsafe.h:73
#define RTL_FIELD_SIZE(type, field)
Definition: kdb_expr.c:86
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
#define ASSERT(a)
Definition: mode.c:44
#define SE_SECURITY_PRIVILEGE
Definition: security.c:662
static const WCHAR desc[]
Definition: protectdata.c:36
ObjectType
Definition: metafile.c:81
struct _SID * PSID
Definition: eventlog.c:35
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
Definition: security.c:98
struct _ACL ACL
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1145
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(_Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
#define NtCurrentProcess()
Definition: nt_native.h:1657
#define GENERIC_ALL
Definition: nt_native.h:92
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted)
Definition: sd.c:280
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
Definition: sd.c:257
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2474
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360
#define STATUS_INVALID_PRIMARY_GROUP
Definition: ntstatus.h:327
#define STATUS_INVALID_OWNER
Definition: ntstatus.h:326
BOOLEAN NTAPI RtlFlushSecureMemoryCache(IN PVOID MemoryCache, IN OPTIONAL SIZE_T MemoryLength)
Definition: security.c:830
NTSTATUS NTAPI RtlCreateUserSecurityObject(IN PVOID AceData, IN ULONG AceCount, IN PSID OwnerSid, IN PSID GroupSid, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
Definition: security.c:559
NTSTATUS NTAPI RtlQuerySecurityObject(IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor, IN ULONG DescriptorLength, OUT PULONG ReturnLength)
Definition: security.c:695
NTSTATUS NTAPI RtlConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:798
NTSTATUS NTAPI RtlpSetSecurityObject(IN PVOID Object OPTIONAL, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN ULONG PoolType, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:19
NTSTATUS NTAPI RtlDeleteSecurityObject(IN PSECURITY_DESCRIPTOR *ObjectDescriptor)
Definition: security.c:409
NTSTATUS NTAPI RtlSetSecurityObject(IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:752
NTSTATUS NTAPI RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback)
Definition: security.c:819
NTSTATUS NTAPI RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged, IN BOOLEAN CreatorDescriptorChanged, IN PLUID OldClientTokenModifiedId, OUT PLUID NewClientTokenModifiedId, IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:506
NTSTATUS NTAPI RtlNewSecurityObjectEx(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:449
NTSTATUS NTAPI RtlNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:423
NTSTATUS NTAPI RtlpConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:220
NTSTATUS NTAPI RtlCreateAndSetSD(IN PVOID AceData, IN ULONG AceCount, IN PSID OwnerSid OPTIONAL, IN PSID GroupSid OPTIONAL, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
Definition: security.c:394
NTSTATUS NTAPI RtlNewSecurityObjectWithMultipleInheritance(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:477
NTSTATUS NTAPI RtlpNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:204
NTSTATUS NTAPI RtlNewSecurityGrantedAccess(IN ACCESS_MASK DesiredAccess, OUT PPRIVILEGE_SET Privileges, IN OUT PULONG Length, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping, OUT PACCESS_MASK RemainingDesiredAccess)
Definition: security.c:606
NTSTATUS NTAPI RtlDefaultNpAcl(OUT PACL *pAcl)
Definition: security.c:238
NTSTATUS NTAPI RtlSetSecurityObjectEx(IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:774
#define STATUS_SUCCESS
Definition: shellext.h:65
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
#define DPRINT
Definition: sndvol32.h:73
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
Definition: rtltypes.h:993
USHORT AclSize
Definition: ms-dtyp.idl:296
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:839
PSID Owner
Definition: setypes.h:1028
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
uint32_t * PULONG
Definition: typedefs.h:59
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define NTAPI
Definition: typedefs.h:36
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define IN
Definition: typedefs.h:39
unsigned char * PUCHAR
Definition: typedefs.h:53
uint32_t ULONG
Definition: typedefs.h:59
#define OUT
Definition: typedefs.h:40
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
_In_ WDFINTERRUPT _In_ PFN_WDF_INTERRUPT_SYNCHRONIZE Callback
Definition: wdfinterrupt.h:458
_In_ WDF_WMI_PROVIDER_CONTROL Control
Definition: wdfwmi.h:166
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:31
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:563
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:581
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define SE_DACL_DEFAULTED
Definition: setypes.h:822
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:527
#define SECURITY_WORLD_RID
Definition: setypes.h:541
#define TOKEN_QUERY
Definition: setypes.h:928
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:574
#define ACL_REVISION2
Definition: setypes.h:43
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define SE_SELF_RELATIVE
Definition: setypes.h:834
#define SE_SACL_DEFAULTED
Definition: setypes.h:824
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
@ TokenStatistics
Definition: setypes.h:975
@ TokenOwner
Definition: setypes.h:969
#define SE_SACL_PRESENT
Definition: setypes.h:823
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:652
struct _PRIVILEGE_SET PRIVILEGE_SET
#define SE_DACL_PRESENT
Definition: setypes.h:821
unsigned char UCHAR
Definition: xmlstorage.h:181
#define NtCurrentThread()