ReactOS  0.4.14-dev-50-g13bb5e2
security.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS system libraries
4  * FILE: lib/rtl/security.c
5  * PURPOSE: Security related functions and Security Objects
6  * PROGRAMMER: Eric Kohl
7  */
8 
9 /* INCLUDES *******************************************************************/
10 
11 #include <rtl.h>
12 #define NDEBUG
13 #include <debug.h>
14 
15 /* PRIVATE FUNCTIONS **********************************************************/
16 
18 NTAPI
21  IN PSECURITY_DESCRIPTOR ModificationDescriptor,
22  IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
23  IN ULONG AutoInheritFlags,
27 {
29  PSID pOwnerSid = NULL;
30  PSID pGroupSid = NULL;
31  PACL pDacl = NULL;
32  PACL pSacl = NULL;
33  BOOLEAN Defaulted;
34  BOOLEAN Present;
35  ULONG ulOwnerSidSize = 0, ulGroupSidSize = 0;
36  ULONG ulDaclSize = 0, ulSaclSize = 0;
37  ULONG ulNewSdSize;
39  PUCHAR pDest;
41 
42  DPRINT("RtlpSetSecurityObject()\n");
43 
44  /* Change the Owner SID */
46  {
47  Status = RtlGetOwnerSecurityDescriptor(ModificationDescriptor, &pOwnerSid, &Defaulted);
48  if (!NT_SUCCESS(Status))
49  return Status;
50  }
51  else
52  {
53  Status = RtlGetOwnerSecurityDescriptor(*ObjectsSecurityDescriptor, &pOwnerSid, &Defaulted);
54  if (!NT_SUCCESS(Status))
55  return Status;
56  }
57 
58  if (pOwnerSid == NULL || !RtlValidSid(pOwnerSid))
59  return STATUS_INVALID_OWNER;
60 
61  ulOwnerSidSize = RtlLengthSid(pOwnerSid);
62 
63  /* Change the Group SID */
65  {
66  Status = RtlGetGroupSecurityDescriptor(ModificationDescriptor, &pGroupSid, &Defaulted);
67  if (!NT_SUCCESS(Status))
68  return Status;
69  }
70  else
71  {
72  Status = RtlGetGroupSecurityDescriptor(*ObjectsSecurityDescriptor, &pGroupSid, &Defaulted);
73  if (!NT_SUCCESS(Status))
74  return Status;
75  }
76 
77  if (pGroupSid == NULL || !RtlValidSid(pGroupSid))
79 
80  ulGroupSidSize = ROUND_UP(RtlLengthSid(pGroupSid), sizeof(ULONG));
81 
82  /* Change the DACL */
84  {
85  Status = RtlGetDaclSecurityDescriptor(ModificationDescriptor, &Present, &pDacl, &Defaulted);
86  if (!NT_SUCCESS(Status))
87  return Status;
88 
90  }
91  else
92  {
93  Status = RtlGetDaclSecurityDescriptor(*ObjectsSecurityDescriptor, &Present, &pDacl, &Defaulted);
94  if (!NT_SUCCESS(Status))
95  return Status;
96 
97  if (Present)
99 
100  if (Defaulted)
102  }
103 
104  if (pDacl != NULL)
105  ulDaclSize = pDacl->AclSize;
106 
107  /* Change the SACL */
109  {
110  Status = RtlGetSaclSecurityDescriptor(ModificationDescriptor, &Present, &pSacl, &Defaulted);
111  if (!NT_SUCCESS(Status))
112  return Status;
113 
115  }
116  else
117  {
118  Status = RtlGetSaclSecurityDescriptor(*ObjectsSecurityDescriptor, &Present, &pSacl, &Defaulted);
119  if (!NT_SUCCESS(Status))
120  return Status;
121 
122  if (Present)
124 
125  if (Defaulted)
127  }
128 
129  if (pSacl != NULL)
130  ulSaclSize = pSacl->AclSize;
131 
132  /* Calculate the size of the new security descriptor */
133  ulNewSdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE) +
134  ROUND_UP(ulOwnerSidSize, sizeof(ULONG)) +
135  ROUND_UP(ulGroupSidSize, sizeof(ULONG)) +
136  ROUND_UP(ulDaclSize, sizeof(ULONG)) +
137  ROUND_UP(ulSaclSize, sizeof(ULONG));
138 
139  /* Allocate the new security descriptor */
140  pNewSd = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulNewSdSize);
141  if (pNewSd == NULL)
142  {
144  DPRINT1("New security descriptor allocation failed (Status 0x%08lx)\n", Status);
145  goto done;
146  }
147 
148  /* Initialize the new security descriptor */
150  if (!NT_SUCCESS(Status))
151  {
152  DPRINT1("New security descriptor creation failed (Status 0x%08lx)\n", Status);
153  goto done;
154  }
155 
156  /* Set the security descriptor control flags */
157  pNewSd->Control = Control;
158 
159  pDest = (PUCHAR)((ULONG_PTR)pNewSd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
160 
161  /* Copy the SACL */
162  if (pSacl != NULL)
163  {
164  RtlCopyMemory(pDest, pSacl, ulSaclSize);
165  pNewSd->Sacl = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
166  pDest = pDest + ROUND_UP(ulSaclSize, sizeof(ULONG));
167  }
168 
169  /* Copy the DACL */
170  if (pDacl != NULL)
171  {
172  RtlCopyMemory(pDest, pDacl, ulDaclSize);
173  pNewSd->Dacl = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
174  pDest = pDest + ROUND_UP(ulDaclSize, sizeof(ULONG));
175  }
176 
177  /* Copy the Owner SID */
178  RtlCopyMemory(pDest, pOwnerSid, ulOwnerSidSize);
179  pNewSd->Owner = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
180  pDest = pDest + ROUND_UP(ulOwnerSidSize, sizeof(ULONG));
181 
182  /* Copy the Group SID */
183  RtlCopyMemory(pDest, pGroupSid, ulGroupSidSize);
184  pNewSd->Group = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
185 
186  /* Free the old security descriptor */
187  RtlFreeHeap(RtlGetProcessHeap(), 0, (PVOID)*ObjectsSecurityDescriptor);
188 
189  /* Return the new security descriptor */
190  *ObjectsSecurityDescriptor = (PSECURITY_DESCRIPTOR)pNewSd;
191 
192 done:
193  if (!NT_SUCCESS(Status))
194  {
195  if (pNewSd != NULL)
196  RtlFreeHeap(RtlGetProcessHeap(), 0, pNewSd);
197  }
198 
199  return Status;
200 }
201 
202 NTSTATUS
203 NTAPI
205  IN PSECURITY_DESCRIPTOR CreatorDescriptor,
207  IN LPGUID *ObjectTypes,
208  IN ULONG GuidCount,
210  IN ULONG AutoInheritFlags,
211  IN HANDLE Token,
213 {
215  return STATUS_NOT_IMPLEMENTED;
216 }
217 
218 NTSTATUS
219 NTAPI
221  IN PSECURITY_DESCRIPTOR CreatorDescriptor,
226 {
228  return STATUS_NOT_IMPLEMENTED;
229 }
230 
231 /* PUBLIC FUNCTIONS ***********************************************************/
232 
233 /*
234  * @implemented
235  */
236 NTSTATUS
237 NTAPI
239 {
242  PTOKEN_OWNER OwnerSid;
243  ULONG ReturnLength = 0;
244  ULONG AclSize;
247 
248  /*
249  * Temporary buffer large enough to hold a maximum of two SIDs.
250  * An alternative is to call RtlAllocateAndInitializeSid many times...
251  */
252  UCHAR SidBuffer[16];
253  PSID Sid = (PSID)&SidBuffer;
254 
255  ASSERT(RtlLengthRequiredSid(2) == 16);
256 
257  /* Initialize the user ACL pointer */
258  *pAcl = NULL;
259 
260  /*
261  * Try to retrieve the SID of the current owner. For that,
262  * we first attempt to get the current thread level token.
263  */
265  TOKEN_QUERY,
266  TRUE,
267  &TokenHandle);
268  if (Status == STATUS_NO_TOKEN)
269  {
270  /*
271  * No thread level token, so use the process level token.
272  * This is the common case since the only time a thread
273  * has a token is when it is impersonating.
274  */
276  TOKEN_QUERY,
277  &TokenHandle);
278  }
279  /* Fail if we didn't succeed in retrieving a handle to the token */
280  if (!NT_SUCCESS(Status)) return Status;
281 
282  /*
283  * Retrieve the owner SID from the token.
284  */
285 
286  /* Query the needed size... */
288  TokenOwner,
289  NULL, 0,
290  &ReturnLength);
291  /* ... so that we must fail with STATUS_BUFFER_TOO_SMALL error */
292  if (Status != STATUS_BUFFER_TOO_SMALL) goto Cleanup1;
293 
294  /* Allocate space for the owner SID */
295  OwnerSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ReturnLength);
296  if (OwnerSid == NULL)
297  {
299  goto Cleanup1;
300  }
301 
302  /* Retrieve the owner SID; we must succeed */
304  TokenOwner,
305  OwnerSid,
306  ReturnLength,
307  &ReturnLength);
308  if (!NT_SUCCESS(Status)) goto Cleanup2;
309 
310  /*
311  * Allocate one ACL with 5 ACEs.
312  *
313  * NOTE: sizeof(ACE) == sizeof(ACCESS_ALLOWED_ACE) - sizeof(((ACCESS_ALLOWED_ACE*)NULL)->SidStart)
314  * (see kernel32/client/debugger.c line 54).
315  */
316  AclSize = sizeof(ACL) + // Header
317  5 * sizeof(ACE /*ACCESS_ALLOWED_ACE*/) + // 5 ACEs:
318  RtlLengthRequiredSid(1) + // LocalSystem
319  RtlLengthRequiredSid(2) + // Administrators
320  RtlLengthRequiredSid(1) + // Anonymous
321  RtlLengthRequiredSid(1) + // World
322  RtlLengthSid(OwnerSid->Owner); // Owner
323 
324  *pAcl = RtlAllocateHeap(RtlGetProcessHeap(), 0, AclSize);
325  if (*pAcl == NULL)
326  {
328  goto Cleanup2;
329  }
330 
331  /*
332  * Build the ACL and add the five ACEs.
333  */
334  Status = RtlCreateAcl(*pAcl, AclSize, ACL_REVISION2);
336 
337  /* Local System SID - Generic All */
343 
344  /* Administrators SID - Generic All */
351 
352  /* Owner SID - Generic All */
355 
356  /* Anonymous SID - Generic Read */
362 
363  /* World SID - Generic Read */
369 
370  /* If some problem happened, cleanup everything */
371  if (!NT_SUCCESS(Status))
372  {
373  RtlFreeHeap(RtlGetProcessHeap(), 0, *pAcl);
374  *pAcl = NULL;
375  }
376 
377 Cleanup2:
378  /* Get rid of the owner SID */
379  RtlFreeHeap(RtlGetProcessHeap(), 0, OwnerSid);
380 
381 Cleanup1:
382  /* Close the token handle */
384 
385  /* Done */
386  return Status;
387 }
388 
389 /*
390  * @unimplemented
391  */
392 NTSTATUS
393 NTAPI
395  IN ULONG AceCount,
396  IN PSID OwnerSid OPTIONAL,
397  IN PSID GroupSid OPTIONAL,
399 {
401  return STATUS_NOT_IMPLEMENTED;
402 }
403 
404 /*
405  * @implemented
406  */
407 NTSTATUS
408 NTAPI
410 {
411  DPRINT1("RtlDeleteSecurityObject(%p)\n", ObjectDescriptor);
412 
413  /* Free the object from the heap */
414  RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectDescriptor);
415  return STATUS_SUCCESS;
416 }
417 
418 /*
419  * @implemented
420  */
421 NTSTATUS
422 NTAPI
424  IN PSECURITY_DESCRIPTOR CreatorDescriptor,
427  IN HANDLE Token,
429 {
430  DPRINT1("RtlNewSecurityObject(%p)\n", ParentDescriptor);
431 
432  /* Call the internal API */
433  return RtlpNewSecurityObject(ParentDescriptor,
434  CreatorDescriptor,
436  NULL,
437  0,
439  0,
440  Token,
442 }
443 
444 /*
445  * @implemented
446  */
447 NTSTATUS
448 NTAPI
450  IN PSECURITY_DESCRIPTOR CreatorDescriptor,
454  IN ULONG AutoInheritFlags,
455  IN HANDLE Token,
457 {
458  DPRINT1("RtlNewSecurityObjectEx(%p)\n", ParentDescriptor);
459 
460  /* Call the internal API */
461  return RtlpNewSecurityObject(ParentDescriptor,
462  CreatorDescriptor,
465  ObjectType ? 1 : 0,
467  AutoInheritFlags,
468  Token,
470 }
471 
472 /*
473  * @implemented
474  */
475 NTSTATUS
476 NTAPI
478  IN PSECURITY_DESCRIPTOR CreatorDescriptor,
480  IN LPGUID *ObjectTypes,
481  IN ULONG GuidCount,
483  IN ULONG AutoInheritFlags,
484  IN HANDLE Token,
486 {
487  DPRINT1("RtlNewSecurityObjectWithMultipleInheritance(%p)\n", ParentDescriptor);
488 
489  /* Call the internal API */
490  return RtlpNewSecurityObject(ParentDescriptor,
491  CreatorDescriptor,
493  ObjectTypes,
494  GuidCount,
496  AutoInheritFlags,
497  Token,
499 }
500 
501 /*
502  * @implemented
503  */
504 NTSTATUS
505 NTAPI
506 RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged,
507  IN BOOLEAN CreatorDescriptorChanged,
508  IN PLUID OldClientTokenModifiedId,
509  OUT PLUID NewClientTokenModifiedId,
510  IN PSECURITY_DESCRIPTOR ParentDescriptor,
511  IN PSECURITY_DESCRIPTOR CreatorDescriptor,
514  IN HANDLE Token,
516 {
517  TOKEN_STATISTICS TokenStats;
518  ULONG Size;
520  DPRINT1("RtlNewInstanceSecurityObject(%p)\n", ParentDescriptor);
521 
522  /* Query the token statistics */
525  &TokenStats,
526  sizeof(TokenStats),
527  &Size);
528  if (!NT_SUCCESS(Status)) return Status;
529 
530  /* Return the LUID */
531  *NewClientTokenModifiedId = TokenStats.ModifiedId;
532 
533  /* Check if the LUID changed */
534  if (RtlEqualLuid(NewClientTokenModifiedId, OldClientTokenModifiedId))
535  {
536  /* Did nothing change? */
537  if (!(ParentDescriptorChanged) && !(CreatorDescriptorChanged))
538  {
539  /* There's no new descriptor, we're done */
540  *NewDescriptor = NULL;
541  return STATUS_SUCCESS;
542  }
543  }
544 
545  /* Call the standard API */
546  return RtlNewSecurityObject(ParentDescriptor,
547  CreatorDescriptor,
550  Token,
552 }
553 
554 /*
555  * @implemented
556  */
557 NTSTATUS
558 NTAPI
560  IN ULONG AceCount,
561  IN PSID OwnerSid,
562  IN PSID GroupSid,
566 {
570  DPRINT1("RtlCreateUserSecurityObject(%p)\n", AceData);
571 
572  /* Create the security descriptor based on the ACE Data */
573  Status = RtlCreateAndSetSD(AceData,
574  AceCount,
575  OwnerSid,
576  GroupSid,
577  &Sd);
578  if (!NT_SUCCESS(Status)) return Status;
579 
580  /* Open the process token */
582  if (!NT_SUCCESS(Status)) goto Quickie;
583 
584  /* Create the security object */
586  Sd,
589  TokenHandle,
591 
592  /* We're done, close the token handle */
594 
595 Quickie:
596  /* Free the SD and return status */
597  RtlFreeHeap(RtlGetProcessHeap(), 0, Sd);
598  return Status;
599 }
600 
601 /*
602  * @implemented
603  */
604 NTSTATUS
605 NTAPI
609  IN HANDLE Token,
611  OUT PACCESS_MASK RemainingDesiredAccess)
612 {
614  BOOLEAN Granted, CallerToken;
615  TOKEN_STATISTICS TokenStats;
616  ULONG Size;
617  DPRINT1("RtlNewSecurityGrantedAccess(%lx)\n", DesiredAccess);
618 
619  /* Has the caller passed a token? */
620  if (!Token)
621  {
622  /* Remember that we'll have to close the handle */
623  CallerToken = FALSE;
624 
625  /* Nope, open it */
627  if (!NT_SUCCESS(Status)) return Status;
628  }
629  else
630  {
631  /* Yep, use it */
632  CallerToken = TRUE;
633  }
634 
635  /* Get information on the token */
638  &TokenStats,
639  sizeof(TokenStats),
640  &Size);
642 
643  /* Windows doesn't do anything with the token statistics! */
644 
645  /* Map the access and return it back decoded */
647  *RemainingDesiredAccess = DesiredAccess;
648 
649  /* Check if one of the rights requested was the SACL right */
651  {
652  /* Pretend that it's allowed FIXME: Do privilege check */
653  DPRINT1("Missing privilege check for SE_SECURITY_PRIVILEGE");
654  Granted = TRUE;
655  *RemainingDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
656  }
657  else
658  {
659  /* Nothing to grant */
660  Granted = FALSE;
661  }
662 
663  /* If the caller did not pass in a token, close the handle to ours */
664  if (!CallerToken) NtClose(Token);
665 
666  /* We need space to return only 1 privilege -- already part of the struct */
667  Size = sizeof(PRIVILEGE_SET);
668  if (Size > *Length)
669  {
670  /* Tell the caller how much space we need and fail */
671  *Length = Size;
673  }
674 
675  /* Check if the SACL right was granted... */
677  if (Granted)
678  {
679  /* Yes, return it in the structure */
680  Privileges->PrivilegeCount = 1;
681  Privileges->Privilege[0].Luid.LowPart = SE_SECURITY_PRIVILEGE;
682  Privileges->Privilege[0].Luid.HighPart = 0;
683  Privileges->Privilege[0].Attributes = SE_PRIVILEGE_USED_FOR_ACCESS;
684  }
685 
686  /* All done */
687  return STATUS_SUCCESS;
688 }
689 
690 /*
691  * @unimplemented
692  */
693 NTSTATUS
694 NTAPI
697  OUT PSECURITY_DESCRIPTOR ResultantDescriptor,
698  IN ULONG DescriptorLength,
700 {
703  BOOLEAN defaulted, present;
704  PACL pacl;
705  PSID psid;
706 
708  if (!NT_SUCCESS(Status)) return Status;
709 
711  {
712  Status = RtlGetOwnerSecurityDescriptor(ObjectDescriptor, &psid, &defaulted);
713  if (!NT_SUCCESS(Status)) return Status;
714  Status = RtlSetOwnerSecurityDescriptor(&desc, psid, defaulted);
715  if (!NT_SUCCESS(Status)) return Status;
716  }
717 
719  {
720  Status = RtlGetGroupSecurityDescriptor(ObjectDescriptor, &psid, &defaulted);
721  if (!NT_SUCCESS(Status)) return Status;
722  Status = RtlSetGroupSecurityDescriptor(&desc, psid, defaulted);
723  if (!NT_SUCCESS(Status)) return Status;
724  }
725 
727  {
728  Status = RtlGetDaclSecurityDescriptor(ObjectDescriptor, &present, &pacl, &defaulted);
729  if (!NT_SUCCESS(Status)) return Status;
730  Status = RtlSetDaclSecurityDescriptor(&desc, present, pacl, defaulted);
731  if (!NT_SUCCESS(Status)) return Status;
732  }
733 
735  {
736  Status = RtlGetSaclSecurityDescriptor(ObjectDescriptor, &present, &pacl, &defaulted);
737  if (!NT_SUCCESS(Status)) return Status;
738  Status = RtlSetSaclSecurityDescriptor(&desc, present, pacl, defaulted);
739  if (!NT_SUCCESS(Status)) return Status;
740  }
741 
742  *ReturnLength = DescriptorLength;
743  return RtlAbsoluteToSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength);
744 }
745 
746 
747 /*
748  * @implemented
749  */
750 NTSTATUS
751 NTAPI
753  IN PSECURITY_DESCRIPTOR ModificationDescriptor,
754  IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
757 {
758  /* Call the internal API */
761  ModificationDescriptor,
762  ObjectsSecurityDescriptor,
763  0,
764  PagedPool,
766  Token);
767 }
768 
769 /*
770  * @implemented
771  */
772 NTSTATUS
773 NTAPI
775  IN PSECURITY_DESCRIPTOR ModificationDescriptor,
776  IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
777  IN ULONG AutoInheritFlags,
780 {
781  /* Call the internal API */
784  ModificationDescriptor,
785  ObjectsSecurityDescriptor,
786  AutoInheritFlags,
787  PagedPool,
789  Token);
790 
791 }
792 
793 /*
794  * @implemented
795  */
796 NTSTATUS
797 NTAPI
799  IN PSECURITY_DESCRIPTOR CreatorDescriptor,
804 {
805  /* Call the internal API */
806  return RtlpConvertToAutoInheritSecurityObject(ParentDescriptor,
807  CreatorDescriptor,
809  ObjectType,
812 }
813 
814 /*
815  * @unimplemented
816  */
817 NTSTATUS
818 NTAPI
819 RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback)
820 {
822  return STATUS_NOT_IMPLEMENTED;
823 }
824 
825 /*
826  * @unimplemented
827  */
828 BOOLEAN
829 NTAPI
831  IN OPTIONAL SIZE_T MemoryLength)
832 {
834  return FALSE;
835 }
ObjectType
Definition: metafile.c:80
NTSTATUS NTAPI RtlpSetSecurityObject(IN PVOID Object OPTIONAL, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN ULONG PoolType, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:19
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
#define IN
Definition: typedefs.h:38
#define SE_SACL_PRESENT
Definition: setypes.h:769
#define GENERIC_ALL
Definition: nt_native.h:92
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(_Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, _In_ ULONG Revision)
struct _PRIVILEGE_SET PRIVILEGE_SET
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
NTSTATUS NTAPI RtlCreateAndSetSD(IN PVOID AceData, IN ULONG AceCount, IN PSID OwnerSid OPTIONAL, IN PSID GroupSid OPTIONAL, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
Definition: security.c:394
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
USHORT AclSize
Definition: ms-dtyp.idl:296
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
NTSTATUS NTAPI RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback)
Definition: security.c:819
unsigned char * PUCHAR
Definition: retypes.h:3
LONG NTSTATUS
Definition: precomp.h:26
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define NtCurrentThread()
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350
#define SE_DACL_PRESENT
Definition: setypes.h:767
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
NTSTATUS NTAPI RtlDefaultNpAcl(OUT PACL *pAcl)
Definition: security.c:238
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
uint32_t ULONG_PTR
Definition: typedefs.h:63
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:15
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted)
Definition: sd.c:280
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
NTSTATUS NTAPI RtlNewSecurityGrantedAccess(IN ACCESS_MASK DesiredAccess, OUT PPRIVILEGE_SET Privileges, IN OUT PULONG Length, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping, OUT PACCESS_MASK RemainingDesiredAccess)
Definition: security.c:606
const struct builtin_class_descr * desc
Definition: regcontrol.c:48
unsigned char BOOLEAN
#define ACL_REVISION2
Definition: setypes.h:43
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Definition: token.c:1839
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
static PSECURITY_DESCRIPTOR
Definition: security.c:88
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
PSID Owner
Definition: setypes.h:974
void DPRINT(...)
Definition: polytest.cpp:61
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
#define SE_DACL_DEFAULTED
Definition: setypes.h:768
#define NtCurrentProcess()
Definition: nt_native.h:1657
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
NTSTATUS NTAPI RtlpConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:220
#define SE_SECURITY_PRIVILEGE
Definition: security.c:662
#define STATUS_INVALID_PRIMARY_GROUP
Definition: ntstatus.h:313
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define TOKEN_QUERY
Definition: setypes.h:874
NTSTATUS NTAPI RtlQuerySecurityObject(IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor, IN ULONG DescriptorLength, OUT PULONG ReturnLength)
Definition: security.c:695
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
static PUCHAR(WINAPI *pGetSidSubAuthorityCount)(PSID)
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
static PSID
Definition: security.c:70
#define STATUS_NO_TOKEN
Definition: ntstatus.h:346
#define SECURITY_WORLD_RID
Definition: setypes.h:513
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
static IUnknown Object
Definition: main.c:512
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
unsigned char UCHAR
Definition: xmlstorage.h:181
NTSTATUS NTAPI RtlConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:798
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSTATUS NTAPI RtlSetSecurityObject(IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:752
NTSTATUS NTAPI RtlNewSecurityObjectEx(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:449
NTSTATUS NTAPI RtlNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:423
#define GENERIC_READ
Definition: compat.h:124
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359
static const WCHAR Control[]
Definition: interface.c:27
Status
Definition: gdiplustypes.h:24
NTSTATUS NTAPI RtlNewSecurityObjectWithMultipleInheritance(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:477
ULONG_PTR SIZE_T
Definition: typedefs.h:78
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTSTATUS NTAPI RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged, IN BOOLEAN CreatorDescriptorChanged, IN PLUID OldClientTokenModifiedId, OUT PLUID NewClientTokenModifiedId, IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:506
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
#define STATUS_NO_MEMORY
Definition: ntstatus.h:246
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
unsigned int * PULONG
Definition: retypes.h:1
NTSTATUS NTAPI RtlDeleteSecurityObject(IN PSECURITY_DESCRIPTOR *ObjectDescriptor)
Definition: security.c:409
#define STATUS_INVALID_OWNER
Definition: ntstatus.h:312
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
Definition: sd.c:257
#define DPRINT1
Definition: precomp.h:8
NTSTATUS NTAPI NtOpenThreadToken(IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle)
Definition: token.c:3858
BOOLEAN NTAPI RtlFlushSecureMemoryCache(IN PVOID MemoryCache, IN OPTIONAL SIZE_T MemoryLength)
Definition: security.c:830
#define OUT
Definition: typedefs.h:39
unsigned int ULONG
Definition: retypes.h:1
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
NTSTATUS NTAPI RtlpNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:204
#define UNIMPLEMENTED
Definition: debug.h:114
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
NTSTATUS NTAPI RtlCreateUserSecurityObject(IN PVOID AceData, IN ULONG AceCount, IN PSID OwnerSid, IN PSID GroupSid, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
Definition: security.c:559
#define ULONG_PTR
Definition: config.h:101
#define SE_SACL_DEFAULTED
Definition: setypes.h:770
return STATUS_SUCCESS
Definition: btrfs.c:2966
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444
LPFNPSPCALLBACK Callback
Definition: desk.c:111
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
Definition: rtltypes.h:988
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSTATUS NTAPI RtlSetSecurityObjectEx(IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:774
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68