ReactOS  0.4.13-dev-698-g77671f0
security.c File Reference
#include "services.h"
#include <debug.h>
Include dependency graph for security.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

static VOID ScmFreeSids (VOID)
 
static DWORD ScmCreateSids (VOID)
 
static DWORD ScmCreateAcls (VOID)
 
static VOID ScmFreeAcls (VOID)
 
static DWORD ScmCreateDefaultSD (VOID)
 
static VOID ScmFreeDefaultSD (VOID)
 
DWORD ScmCreateDefaultServiceSD (PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
 
DWORD ScmInitializeSecurity (VOID)
 
VOID ScmShutdownSecurity (VOID)
 

Variables

static PSID pNullSid = NULL
 
static PSID pLocalSystemSid = NULL
 
static PSID pAuthenticatedUserSid = NULL
 
static PSID pAliasAdminsSid = NULL
 
static PACL pDefaultDacl = NULL
 
static PACL pDefaultSacl = NULL
 
static PSECURITY_DESCRIPTOR pDefaultSD = NULL
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 13 of file security.c.

Function Documentation

◆ ScmCreateAcls()

static DWORD ScmCreateAcls ( VOID  )
static

Definition at line 110 of file security.c.

111 {
112  ULONG ulLength;
113 
114  /* Create DACL */
115  ulLength = sizeof(ACL) +
116  (sizeof(ACE) + RtlLengthSid(pLocalSystemSid)) +
117  (sizeof(ACE) + RtlLengthSid(pAliasAdminsSid)) +
119 
120  pDefaultDacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
121  if (pDefaultDacl == NULL)
122  return ERROR_OUTOFMEMORY;
123 
125 
127  ACL_REVISION,
132 
134  ACL_REVISION,
137 
139  ACL_REVISION,
143 
144  /* Create SACL */
145  ulLength = sizeof(ACL) +
146  (sizeof(ACE) + RtlLengthSid(pNullSid));
147 
148  pDefaultSacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
149  if (pDefaultSacl == NULL)
150  return ERROR_OUTOFMEMORY;
151 
153 
155  ACL_REVISION,
157  pNullSid,
158  FALSE,
159  TRUE);
160 
161  return ERROR_SUCCESS;
162 }
#define TRUE
Definition: types.h:120
#define ERROR_SUCCESS
Definition: deptool.c:10
static PSID pAuthenticatedUserSid
Definition: security.c:18
static PSID pNullSid
Definition: security.c:16
#define SERVICE_INTERROGATE
Definition: winsvc.h:60
static PSID pAliasAdminsSid
Definition: security.c:19
#define SERVICE_ALL_ACCESS
Definition: winsvc.h:62
static PACL pDefaultSacl
Definition: security.c:22
#define SERVICE_ENUMERATE_DEPENDENTS
Definition: winsvc.h:56
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define SERVICE_QUERY_STATUS
Definition: winsvc.h:55
static PACL pDefaultDacl
Definition: security.c:21
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define SERVICE_USER_DEFINED_CONTROL
Definition: winsvc.h:61
#define READ_CONTROL
Definition: nt_native.h:58
#define SERVICE_START
Definition: winsvc.h:57
static PSID pLocalSystemSid
Definition: security.c:17
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
#define SERVICE_STOP
Definition: winsvc.h:58
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
#define SERVICE_QUERY_CONFIG
Definition: winsvc.h:53
#define SERVICE_PAUSE_CONTINUE
Definition: winsvc.h:59
Definition: rtltypes.h:988
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13

Referenced by ScmInitializeSecurity().

◆ ScmCreateDefaultSD()

static DWORD ScmCreateDefaultSD ( VOID  )
static

Definition at line 179 of file security.c.

180 {
182 
183  /* Create the absolute security descriptor */
184  pDefaultSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR));
185  if (pDefaultSD == NULL)
186  return ERROR_OUTOFMEMORY;
187 
188  DPRINT("pDefaultSD %p\n", pDefaultSD);
189 
192  if (!NT_SUCCESS(Status))
194 
197  FALSE);
198  if (!NT_SUCCESS(Status))
200 
203  FALSE);
204  if (!NT_SUCCESS(Status))
206 
208  TRUE,
209  pDefaultDacl,
210  FALSE);
211  if (!NT_SUCCESS(Status))
213 
215  TRUE,
216  pDefaultSacl,
217  FALSE);
218  if (!NT_SUCCESS(Status))
220 
221  return ERROR_SUCCESS;
222 }
#define TRUE
Definition: types.h:120
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
#define ERROR_SUCCESS
Definition: deptool.c:10
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
static PACL pDefaultSacl
Definition: security.c:22
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
void DPRINT(...)
Definition: polytest.cpp:61
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
static PACL pDefaultDacl
Definition: security.c:21
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
Status
Definition: gdiplustypes.h:24
static PSECURITY_DESCRIPTOR pDefaultSD
Definition: security.c:24
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
static PSID pLocalSystemSid
Definition: security.c:17
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13

Referenced by ScmInitializeSecurity().

◆ ScmCreateDefaultServiceSD()

DWORD ScmCreateDefaultServiceSD ( PSECURITY_DESCRIPTOR ppSecurityDescriptor)

Definition at line 235 of file security.c.

237 {
238  PSECURITY_DESCRIPTOR pRelativeSD = NULL;
239  DWORD dwBufferLength = 0;
241  DWORD dwError = ERROR_SUCCESS;
242 
243  /* Convert the absolute SD to a self-relative SD */
245  NULL,
246  &dwBufferLength);
248  {
249  dwError = RtlNtStatusToDosError(Status);
250  goto done;
251  }
252 
253  DPRINT("BufferLength %lu\n", dwBufferLength);
254 
255  pRelativeSD = RtlAllocateHeap(RtlGetProcessHeap(),
257  dwBufferLength);
258  if (pRelativeSD == NULL)
259  {
260  dwError = ERROR_OUTOFMEMORY;
261  goto done;
262  }
263  DPRINT("pRelativeSD %p\n", pRelativeSD);
264 
266  pRelativeSD,
267  &dwBufferLength);
268  if (!NT_SUCCESS(Status))
269  {
270  dwError = RtlNtStatusToDosError(Status);
271  goto done;
272  }
273 
274  *ppSecurityDescriptor = pRelativeSD;
275 
276 done:
277  if (dwError != ERROR_SUCCESS)
278  {
279  if (pRelativeSD != NULL)
280  RtlFreeHeap(RtlGetProcessHeap(), 0, pRelativeSD);
281  }
282 
283  return dwError;
284 }
#define ERROR_SUCCESS
Definition: deptool.c:10
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
unsigned long DWORD
Definition: ntddk_ex.h:95
Status
Definition: gdiplustypes.h:24
static PSECURITY_DESCRIPTOR pDefaultSD
Definition: security.c:24
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13

Referenced by CreateServiceListEntry(), and RCreateServiceW().

◆ ScmCreateSids()

static DWORD ScmCreateSids ( VOID  )
static

Definition at line 50 of file security.c.

51 {
54  PULONG pSubAuthority;
55  ULONG ulLength1 = RtlLengthRequiredSid(1);
56  ULONG ulLength2 = RtlLengthRequiredSid(2);
57 
58  /* Create the Null SID */
59  pNullSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
60  if (pNullSid == NULL)
61  {
62  return ERROR_OUTOFMEMORY;
63  }
64 
65  RtlInitializeSid(pNullSid, &NullAuthority, 1);
66  pSubAuthority = RtlSubAuthoritySid(pNullSid, 0);
67  *pSubAuthority = SECURITY_NULL_RID;
68 
69  /* Create the LocalSystem SID */
70  pLocalSystemSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
71  if (pLocalSystemSid == NULL)
72  {
73  return ERROR_OUTOFMEMORY;
74  }
75 
77  pSubAuthority = RtlSubAuthoritySid(pLocalSystemSid, 0);
78  *pSubAuthority = SECURITY_LOCAL_SYSTEM_RID;
79 
80  /* Create the AuthenticatedUser SID */
81  pAuthenticatedUserSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
83  {
84  return ERROR_OUTOFMEMORY;
85  }
86 
88  pSubAuthority = RtlSubAuthoritySid(pAuthenticatedUserSid, 0);
89  *pSubAuthority = SECURITY_AUTHENTICATED_USER_RID;
90 
91  /* Create the AliasAdmins SID */
92  pAliasAdminsSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength2);
93  if (pAliasAdminsSid == NULL)
94  {
95  return ERROR_OUTOFMEMORY;
96  }
97 
99  pSubAuthority = RtlSubAuthoritySid(pAliasAdminsSid, 0);
100  *pSubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
101  pSubAuthority = RtlSubAuthoritySid(pAliasAdminsSid, 1);
102  *pSubAuthority = DOMAIN_ALIAS_RID_ADMINS;
103 
104  return ERROR_SUCCESS;
105 }
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
#define ERROR_SUCCESS
Definition: deptool.c:10
static PSID pAuthenticatedUserSid
Definition: security.c:18
static PSID pNullSid
Definition: security.c:16
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
static PSID pAliasAdminsSid
Definition: security.c:19
#define SECURITY_NULL_SID_AUTHORITY
Definition: setypes.h:496
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:15
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
smooth NULL
Definition: ftsmooth.c:416
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define SECURITY_NULL_RID
Definition: setypes.h:512
static PSID pLocalSystemSid
Definition: security.c:17
unsigned int * PULONG
Definition: retypes.h:1
unsigned int ULONG
Definition: retypes.h:1
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

Referenced by ScmInitializeSecurity().

◆ ScmFreeAcls()

static VOID ScmFreeAcls ( VOID  )
static

Definition at line 167 of file security.c.

168 {
169  if (pDefaultDacl != NULL)
170  RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultDacl);
171 
172  if (pDefaultSacl != NULL)
173  RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultSacl);
174 }
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
static PACL pDefaultSacl
Definition: security.c:22
smooth NULL
Definition: ftsmooth.c:416
static PACL pDefaultDacl
Definition: security.c:21

Referenced by ScmShutdownSecurity().

◆ ScmFreeDefaultSD()

static VOID ScmFreeDefaultSD ( VOID  )
static

Definition at line 227 of file security.c.

228 {
229  if (pDefaultSD != NULL)
230  RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultSD);
231 }
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
smooth NULL
Definition: ftsmooth.c:416
static PSECURITY_DESCRIPTOR pDefaultSD
Definition: security.c:24

Referenced by ScmShutdownSecurity().

◆ ScmFreeSids()

static VOID ScmFreeSids ( VOID  )
static

Definition at line 31 of file security.c.

32 {
33  if (pNullSid != NULL)
34  RtlFreeHeap(RtlGetProcessHeap(), 0, pNullSid);
35 
36  if (pLocalSystemSid != NULL)
37  RtlFreeHeap(RtlGetProcessHeap(), 0, pLocalSystemSid);
38 
40  RtlFreeHeap(RtlGetProcessHeap(), 0, pAuthenticatedUserSid);
41 
42  if (pAliasAdminsSid != NULL)
43  RtlFreeHeap(RtlGetProcessHeap(), 0, pAliasAdminsSid);
44 
45 }
static PSID pAuthenticatedUserSid
Definition: security.c:18
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
static PSID pNullSid
Definition: security.c:16
static PSID pAliasAdminsSid
Definition: security.c:19
smooth NULL
Definition: ftsmooth.c:416
static PSID pLocalSystemSid
Definition: security.c:17

Referenced by ScmShutdownSecurity().

◆ ScmInitializeSecurity()

DWORD ScmInitializeSecurity ( VOID  )

Definition at line 288 of file security.c.

289 {
290  DWORD dwError;
291 
292  dwError = ScmCreateSids();
293  if (dwError != ERROR_SUCCESS)
294  return dwError;
295 
296  dwError = ScmCreateAcls();
297  if (dwError != ERROR_SUCCESS)
298  return dwError;
299 
300  dwError = ScmCreateDefaultSD();
301  if (dwError != ERROR_SUCCESS)
302  return dwError;
303 
304  return ERROR_SUCCESS;
305 }
#define ERROR_SUCCESS
Definition: deptool.c:10
static DWORD ScmCreateSids(VOID)
Definition: security.c:50
unsigned long DWORD
Definition: ntddk_ex.h:95
static DWORD ScmCreateDefaultSD(VOID)
Definition: security.c:179
static DWORD ScmCreateAcls(VOID)
Definition: security.c:110

Referenced by wWinMain().

◆ ScmShutdownSecurity()

VOID ScmShutdownSecurity ( VOID  )

Definition at line 309 of file security.c.

310 {
312  ScmFreeAcls();
313  ScmFreeSids();
314 }
static VOID ScmFreeAcls(VOID)
Definition: security.c:167
static VOID ScmFreeDefaultSD(VOID)
Definition: security.c:227
static VOID ScmFreeSids(VOID)
Definition: security.c:31

Referenced by wWinMain().

Variable Documentation

◆ pAliasAdminsSid

PSID pAliasAdminsSid = NULL
static

Definition at line 19 of file security.c.

Referenced by ScmCreateAcls(), ScmCreateSids(), and ScmFreeSids().

◆ pAuthenticatedUserSid

PSID pAuthenticatedUserSid = NULL
static

Definition at line 18 of file security.c.

Referenced by SampInitializeSAM(), ScmCreateAcls(), ScmCreateSids(), and ScmFreeSids().

◆ pDefaultDacl

PACL pDefaultDacl = NULL
static

Definition at line 21 of file security.c.

Referenced by ScmCreateAcls(), ScmCreateDefaultSD(), and ScmFreeAcls().

◆ pDefaultSacl

PACL pDefaultSacl = NULL
static

Definition at line 22 of file security.c.

Referenced by ScmCreateAcls(), ScmCreateDefaultSD(), and ScmFreeAcls().

◆ pDefaultSD

PSECURITY_DESCRIPTOR pDefaultSD = NULL
static

Definition at line 24 of file security.c.

Referenced by ScmCreateDefaultSD(), ScmCreateDefaultServiceSD(), and ScmFreeDefaultSD().

◆ pLocalSystemSid

PSID pLocalSystemSid = NULL
static

◆ pNullSid

PSID pNullSid = NULL
static

Definition at line 16 of file security.c.

Referenced by ScmCreateAcls(), ScmCreateSids(), and ScmFreeSids().