ReactOS 0.4.16-dev-340-g0540c21
security.c File Reference
#include "services.h"
#include <debug.h>
Include dependency graph for security.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

static VOID ScmFreeSids (VOID)
 
static DWORD ScmCreateSids (VOID)
 
static DWORD ScmCreateAcls (VOID)
 
static VOID ScmFreeAcls (VOID)
 
static DWORD ScmCreateDefaultSD (VOID)
 
static VOID ScmFreeDefaultSD (VOID)
 
static DWORD ScmCreatePipeSD (VOID)
 
static VOID ScmFreePipeSD (VOID)
 
DWORD ScmCreateDefaultServiceSD (PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
 
DWORD ScmInitializeSecurity (VOID)
 
VOID ScmShutdownSecurity (VOID)
 

Variables

static PSID pNullSid = NULL
 
static PSID pWorldSid = NULL
 
static PSID pLocalSystemSid = NULL
 
static PSID pAuthenticatedUserSid = NULL
 
static PSID pAliasAdminsSid = NULL
 
static PACL pDefaultDacl = NULL
 
static PACL pDefaultSacl = NULL
 
static PACL pPipeDacl = NULL
 
static PSECURITY_DESCRIPTOR pDefaultSD = NULL
 
PSECURITY_DESCRIPTOR pPipeSD = NULL
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 13 of file security.c.

Function Documentation

◆ ScmCreateAcls()

static DWORD ScmCreateAcls ( VOID  )
static

Definition at line 127 of file security.c.

128{
129 ULONG ulLength;
130
131 /* Create DACL */
132 ulLength = sizeof(ACL) +
133 (sizeof(ACE) + RtlLengthSid(pLocalSystemSid)) +
134 (sizeof(ACE) + RtlLengthSid(pAliasAdminsSid)) +
136
137 pDefaultDacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
138 if (pDefaultDacl == NULL)
139 return ERROR_OUTOFMEMORY;
140
142
149
154
160
161 /* Create SACL */
162 ulLength = sizeof(ACL) +
163 (sizeof(ACE) + RtlLengthSid(pNullSid));
164
165 pDefaultSacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
166 if (pDefaultSacl == NULL)
167 return ERROR_OUTOFMEMORY;
168
170
174 pNullSid,
175 FALSE,
176 TRUE);
177
178 /* Create the pipe DACL */
179 ulLength = sizeof(ACL) +
180 (sizeof(ACE) + RtlLengthSid(pWorldSid));
181
182 pPipeDacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
183 if (pPipeDacl == NULL)
184 return ERROR_OUTOFMEMORY;
185
187
191 pWorldSid);
192
193 return ERROR_SUCCESS;
194}
static PSID pNullSid
Definition: security.c:16
static PSID pAuthenticatedUserSid
Definition: security.c:19
static PSID pWorldSid
Definition: security.c:17
static PSID pAliasAdminsSid
Definition: security.c:20
static PACL pDefaultSacl
Definition: security.c:23
static PACL pDefaultDacl
Definition: security.c:22
static PACL pPipeDacl
Definition: security.c:24
static PSID pLocalSystemSid
Definition: security.c:18
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:590
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13
#define ERROR_SUCCESS
Definition: deptool.c:10
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
struct _ACL ACL
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define GENERIC_ALL
Definition: nt_native.h:92
#define READ_CONTROL
Definition: nt_native.h:58
Definition: rtltypes.h:993
uint32_t ULONG
Definition: typedefs.h:59
#define SERVICE_START
Definition: winsvc.h:57
#define SERVICE_QUERY_STATUS
Definition: winsvc.h:55
#define SERVICE_USER_DEFINED_CONTROL
Definition: winsvc.h:61
#define SERVICE_ALL_ACCESS
Definition: winsvc.h:62
#define SERVICE_PAUSE_CONTINUE
Definition: winsvc.h:59
#define SERVICE_INTERROGATE
Definition: winsvc.h:60
#define SERVICE_STOP
Definition: winsvc.h:58
#define SERVICE_ENUMERATE_DEPENDENTS
Definition: winsvc.h:56
#define SERVICE_QUERY_CONFIG
Definition: winsvc.h:53
#define ACL_REVISION
Definition: setypes.h:39

Referenced by ScmInitializeSecurity().

◆ ScmCreateDefaultSD()

static DWORD ScmCreateDefaultSD ( VOID  )
static

Definition at line 214 of file security.c.

215{
217
218 /* Create the absolute security descriptor */
219 pDefaultSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR));
220 if (pDefaultSD == NULL)
221 return ERROR_OUTOFMEMORY;
222
223 DPRINT("pDefaultSD %p\n", pDefaultSD);
224
227 if (!NT_SUCCESS(Status))
229
232 FALSE);
233 if (!NT_SUCCESS(Status))
235
238 FALSE);
239 if (!NT_SUCCESS(Status))
241
243 TRUE,
245 FALSE);
246 if (!NT_SUCCESS(Status))
248
250 TRUE,
252 FALSE);
253 if (!NT_SUCCESS(Status))
255
256 return ERROR_SUCCESS;
257}
LONG NTSTATUS
Definition: precomp.h:26
static PSECURITY_DESCRIPTOR pDefaultSD
Definition: security.c:26
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
Status
Definition: gdiplustypes.h:25
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
#define DPRINT
Definition: sndvol32.h:73
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58

Referenced by ScmInitializeSecurity().

◆ ScmCreateDefaultServiceSD()

DWORD ScmCreateDefaultServiceSD ( PSECURITY_DESCRIPTOR ppSecurityDescriptor)

Definition at line 320 of file security.c.

322{
323 PSECURITY_DESCRIPTOR pRelativeSD = NULL;
324 DWORD dwBufferLength = 0;
326 DWORD dwError = ERROR_SUCCESS;
327
328 /* Convert the absolute SD to a self-relative SD */
330 NULL,
331 &dwBufferLength);
333 {
334 dwError = RtlNtStatusToDosError(Status);
335 goto done;
336 }
337
338 DPRINT("BufferLength %lu\n", dwBufferLength);
339
340 pRelativeSD = RtlAllocateHeap(RtlGetProcessHeap(),
342 dwBufferLength);
343 if (pRelativeSD == NULL)
344 {
345 dwError = ERROR_OUTOFMEMORY;
346 goto done;
347 }
348 DPRINT("pRelativeSD %p\n", pRelativeSD);
349
351 pRelativeSD,
352 &dwBufferLength);
353 if (!NT_SUCCESS(Status))
354 {
355 dwError = RtlNtStatusToDosError(Status);
356 goto done;
357 }
358
359 *ppSecurityDescriptor = pRelativeSD;
360
361done:
362 if (dwError != ERROR_SUCCESS)
363 {
364 if (pRelativeSD != NULL)
365 RtlFreeHeap(RtlGetProcessHeap(), 0, pRelativeSD);
366 }
367
368 return dwError;
369}
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:608
unsigned long DWORD
Definition: ntddk_ex.h:95
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69

Referenced by CreateServiceListEntry(), and RCreateServiceW().

◆ ScmCreatePipeSD()

static DWORD ScmCreatePipeSD ( VOID  )
static

Definition at line 271 of file security.c.

272{
274
275 /* Create the absolute security descriptor */
276 pPipeSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR));
277 if (pPipeSD == NULL)
278 return ERROR_OUTOFMEMORY;
279
280 DPRINT("pPipeSD %p\n", pDefaultSD);
281
284 if (!NT_SUCCESS(Status))
286
289 FALSE);
290 if (!NT_SUCCESS(Status))
292
295 FALSE);
296 if (!NT_SUCCESS(Status))
298
300 TRUE,
301 pPipeDacl,
302 FALSE);
303 if (!NT_SUCCESS(Status))
305
306 return ERROR_SUCCESS;
307}
PSECURITY_DESCRIPTOR pPipeSD
Definition: security.c:27

Referenced by ScmInitializeSecurity().

◆ ScmCreateSids()

static DWORD ScmCreateSids ( VOID  )
static

Definition at line 55 of file security.c.

56{
60 PULONG pSubAuthority;
61 ULONG ulLength1 = RtlLengthRequiredSid(1);
62 ULONG ulLength2 = RtlLengthRequiredSid(2);
63
64 /* Create the Null SID */
65 pNullSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
66 if (pNullSid == NULL)
67 {
68 return ERROR_OUTOFMEMORY;
69 }
70
71 RtlInitializeSid(pNullSid, &NullAuthority, 1);
72 pSubAuthority = RtlSubAuthoritySid(pNullSid, 0);
73 *pSubAuthority = SECURITY_NULL_RID;
74
75 /* Create the World SID */
76 pWorldSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
77 if (pWorldSid == NULL)
78 {
79 return ERROR_OUTOFMEMORY;
80 }
81
83 pSubAuthority = RtlSubAuthoritySid(pWorldSid, 0);
84 *pSubAuthority = SECURITY_WORLD_RID;
85
86 /* Create the LocalSystem SID */
87 pLocalSystemSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
88 if (pLocalSystemSid == NULL)
89 {
90 return ERROR_OUTOFMEMORY;
91 }
92
94 pSubAuthority = RtlSubAuthoritySid(pLocalSystemSid, 0);
95 *pSubAuthority = SECURITY_LOCAL_SYSTEM_RID;
96
97 /* Create the AuthenticatedUser SID */
98 pAuthenticatedUserSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
100 {
101 return ERROR_OUTOFMEMORY;
102 }
103
105 pSubAuthority = RtlSubAuthoritySid(pAuthenticatedUserSid, 0);
106 *pSubAuthority = SECURITY_AUTHENTICATED_USER_RID;
107
108 /* Create the AliasAdmins SID */
109 pAliasAdminsSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength2);
110 if (pAliasAdminsSid == NULL)
111 {
112 return ERROR_OUTOFMEMORY;
113 }
114
116 pSubAuthority = RtlSubAuthoritySid(pAliasAdminsSid, 0);
117 *pSubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
118 pSubAuthority = RtlSubAuthoritySid(pAliasAdminsSid, 1);
119 *pSubAuthority = DOMAIN_ALIAS_RID_ADMINS;
120
121 return ERROR_SUCCESS;
122}
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:40
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
uint32_t * PULONG
Definition: typedefs.h:59
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:581
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:527
#define SECURITY_WORLD_RID
Definition: setypes.h:541
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:574
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:568
#define SECURITY_NULL_RID
Definition: setypes.h:540
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
#define SECURITY_NULL_SID_AUTHORITY
Definition: setypes.h:524
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:652

Referenced by ScmInitializeSecurity().

◆ ScmFreeAcls()

static VOID ScmFreeAcls ( VOID  )
static

Definition at line 199 of file security.c.

200{
201 if (pDefaultDacl != NULL)
202 RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultDacl);
203
204 if (pDefaultSacl != NULL)
205 RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultSacl);
206
207 if (pPipeDacl != NULL)
208 RtlFreeHeap(RtlGetProcessHeap(), 0, pPipeDacl);
209}

Referenced by ScmShutdownSecurity().

◆ ScmFreeDefaultSD()

static VOID ScmFreeDefaultSD ( VOID  )
static

Definition at line 262 of file security.c.

263{
264 if (pDefaultSD != NULL)
265 RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultSD);
266}

Referenced by ScmShutdownSecurity().

◆ ScmFreePipeSD()

static VOID ScmFreePipeSD ( VOID  )
static

Definition at line 312 of file security.c.

313{
314 if (pPipeSD != NULL)
315 RtlFreeHeap(RtlGetProcessHeap(), 0, pPipeSD);
316}

Referenced by ScmShutdownSecurity().

◆ ScmFreeSids()

static VOID ScmFreeSids ( VOID  )
static

Definition at line 34 of file security.c.

35{
36 if (pNullSid != NULL)
37 RtlFreeHeap(RtlGetProcessHeap(), 0, pNullSid);
38
39 if (pWorldSid != NULL)
40 RtlFreeHeap(RtlGetProcessHeap(), 0, pWorldSid);
41
42 if (pLocalSystemSid != NULL)
43 RtlFreeHeap(RtlGetProcessHeap(), 0, pLocalSystemSid);
44
46 RtlFreeHeap(RtlGetProcessHeap(), 0, pAuthenticatedUserSid);
47
48 if (pAliasAdminsSid != NULL)
49 RtlFreeHeap(RtlGetProcessHeap(), 0, pAliasAdminsSid);
50}

Referenced by ScmShutdownSecurity().

◆ ScmInitializeSecurity()

DWORD ScmInitializeSecurity ( VOID  )

Definition at line 373 of file security.c.

374{
375 DWORD dwError;
376
377 dwError = ScmCreateSids();
378 if (dwError != ERROR_SUCCESS)
379 return dwError;
380
381 dwError = ScmCreateAcls();
382 if (dwError != ERROR_SUCCESS)
383 return dwError;
384
385 dwError = ScmCreateDefaultSD();
386 if (dwError != ERROR_SUCCESS)
387 return dwError;
388
389 dwError = ScmCreatePipeSD();
390 if (dwError != ERROR_SUCCESS)
391 return dwError;
392
393 return ERROR_SUCCESS;
394}
static DWORD ScmCreatePipeSD(VOID)
Definition: security.c:271
static DWORD ScmCreateSids(VOID)
Definition: security.c:55
static DWORD ScmCreateAcls(VOID)
Definition: security.c:127
static DWORD ScmCreateDefaultSD(VOID)
Definition: security.c:214

Referenced by wWinMain().

◆ ScmShutdownSecurity()

VOID ScmShutdownSecurity ( VOID  )

Definition at line 398 of file security.c.

399{
402 ScmFreeAcls();
403 ScmFreeSids();
404}
static VOID ScmFreePipeSD(VOID)
Definition: security.c:312
static VOID ScmFreeAcls(VOID)
Definition: security.c:199
static VOID ScmFreeDefaultSD(VOID)
Definition: security.c:262
static VOID ScmFreeSids(VOID)
Definition: security.c:34

Referenced by wWinMain().

Variable Documentation

◆ pAliasAdminsSid

PSID pAliasAdminsSid = NULL
static

Definition at line 20 of file security.c.

Referenced by ScmCreateAcls(), ScmCreateSids(), and ScmFreeSids().

◆ pAuthenticatedUserSid

PSID pAuthenticatedUserSid = NULL
static

Definition at line 19 of file security.c.

Referenced by SampInitializeSAM(), ScmCreateAcls(), ScmCreateSids(), and ScmFreeSids().

◆ pDefaultDacl

PACL pDefaultDacl = NULL
static

Definition at line 22 of file security.c.

Referenced by ScmCreateAcls(), ScmCreateDefaultSD(), and ScmFreeAcls().

◆ pDefaultSacl

PACL pDefaultSacl = NULL
static

Definition at line 23 of file security.c.

Referenced by ScmCreateAcls(), ScmCreateDefaultSD(), and ScmFreeAcls().

◆ pDefaultSD

PSECURITY_DESCRIPTOR pDefaultSD = NULL
static

◆ pLocalSystemSid

PSID pLocalSystemSid = NULL
static

◆ pNullSid

PSID pNullSid = NULL
static

Definition at line 16 of file security.c.

Referenced by ScmCreateAcls(), ScmCreateSids(), and ScmFreeSids().

◆ pPipeDacl

PACL pPipeDacl = NULL
static

Definition at line 24 of file security.c.

Referenced by ScmCreateAcls(), ScmCreatePipeSD(), and ScmFreeAcls().

◆ pPipeSD

Definition at line 27 of file security.c.

Referenced by ScmCreateNewControlPipe(), ScmCreatePipeSD(), and ScmFreePipeSD().

◆ pWorldSid

PSID pWorldSid = NULL
static

Definition at line 17 of file security.c.

Referenced by ScmCreateAcls(), ScmCreateSids(), and ScmFreeSids().