ReactOS  0.4.13-dev-52-g0efcfec
acl.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS kernel
4  * FILE: ntoskrnl/se/acl.c
5  * PURPOSE: Security manager
6  *
7  * PROGRAMMERS: David Welch <welch@cwcom.net>
8  */
9 
10 /* INCLUDES *******************************************************************/
11 
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15 
16 #if defined (ALLOC_PRAGMA)
17 #pragma alloc_text(INIT, SepInitDACLs)
18 #endif
19 
20 /* GLOBALS ********************************************************************/
21 
28 
29 /* FUNCTIONS ******************************************************************/
30 
31 BOOLEAN
32 INIT_FUNCTION
33 NTAPI
35 {
37 
38  /* create PublicDefaultDacl */
39  AclLength = sizeof(ACL) +
40  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
41  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
42  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
43 
45  AclLength,
46  TAG_ACL);
48  return FALSE;
49 
51  AclLength,
52  ACL_REVISION);
53 
57  SeWorldSid);
58 
63 
68 
69  /* create PublicDefaultUnrestrictedDacl */
70  AclLength = sizeof(ACL) +
71  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
72  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
73  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
75 
77  AclLength,
78  TAG_ACL);
80  return FALSE;
81 
83  AclLength,
84  ACL_REVISION);
85 
89  SeWorldSid);
90 
95 
100 
102  ACL_REVISION,
105 
106  /* create PublicOpenDacl */
107  AclLength = sizeof(ACL) +
108  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
109  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
110  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
111 
113  AclLength,
114  TAG_ACL);
115  if (SePublicOpenDacl == NULL)
116  return FALSE;
117 
119  AclLength,
120  ACL_REVISION);
121 
123  ACL_REVISION,
125  SeWorldSid);
126 
128  ACL_REVISION,
129  GENERIC_ALL,
131 
133  ACL_REVISION,
134  GENERIC_ALL,
136 
137  /* create PublicOpenUnrestrictedDacl */
138  AclLength = sizeof(ACL) +
139  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
140  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
141  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
142  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
143 
145  AclLength,
146  TAG_ACL);
148  return FALSE;
149 
151  AclLength,
152  ACL_REVISION);
153 
155  ACL_REVISION,
156  GENERIC_ALL,
157  SeWorldSid);
158 
160  ACL_REVISION,
161  GENERIC_ALL,
163 
165  ACL_REVISION,
166  GENERIC_ALL,
168 
170  ACL_REVISION,
173 
174  /* create SystemDefaultDacl */
175  AclLength = sizeof(ACL) +
176  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
177  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
178 
180  AclLength,
181  TAG_ACL);
182  if (SeSystemDefaultDacl == NULL)
183  return FALSE;
184 
186  AclLength,
187  ACL_REVISION);
188 
190  ACL_REVISION,
191  GENERIC_ALL,
193 
195  ACL_REVISION,
198 
199  /* create UnrestrictedDacl */
200  AclLength = sizeof(ACL) +
201  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
202  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
203 
205  AclLength,
206  TAG_ACL);
207  if (SeUnrestrictedDacl == NULL)
208  return FALSE;
209 
211  AclLength,
212  ACL_REVISION);
213 
215  ACL_REVISION,
216  GENERIC_ALL,
217  SeWorldSid);
218 
220  ACL_REVISION,
223 
224  return TRUE;
225 }
226 
227 NTSTATUS
228 NTAPI
230  _In_ PTOKEN Token,
231  _In_ PTOKEN PrimaryToken,
232  _Out_ PACL* Dacl)
233 {
235  PACL TokenDacl;
236 
237  PAGED_CODE();
238 
239  *Dacl = NULL;
240 
241  AclLength = sizeof(ACL) +
242  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
243  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
244  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
245  (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
246  (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
247 
249  if (TokenDacl == NULL)
250  {
252  }
253 
254  RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
256  Token->UserAndGroups->Sid);
258  PrimaryToken->UserAndGroups->Sid);
263 
264  if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
265  {
268  }
269 
270  *Dacl = TokenDacl;
271 
272  return STATUS_SUCCESS;
273 }
274 
275 NTSTATUS
276 NTAPI
280  IN BOOLEAN CaptureIfKernel,
281  OUT PACL *CapturedAcl)
282 {
283  PACL NewAcl;
284  ULONG AclSize = 0;
286 
287  PAGED_CODE();
288 
289  if (AccessMode != KernelMode)
290  {
291  _SEH2_TRY
292  {
293  ProbeForRead(InputAcl,
294  sizeof(ACL),
295  sizeof(ULONG));
296  AclSize = InputAcl->AclSize;
297  ProbeForRead(InputAcl,
298  AclSize,
299  sizeof(ULONG));
300  }
302  {
303  /* Return the exception code */
305  }
306  _SEH2_END;
307 
309  AclSize,
310  TAG_ACL);
311  if (NewAcl != NULL)
312  {
313  _SEH2_TRY
314  {
315  RtlCopyMemory(NewAcl,
316  InputAcl,
317  AclSize);
318 
319  *CapturedAcl = NewAcl;
320  }
322  {
323  /* Free the ACL and return the exception code */
324  ExFreePoolWithTag(NewAcl, TAG_ACL);
326  }
327  _SEH2_END;
328  }
329  else
330  {
332  }
333  }
334  else if (!CaptureIfKernel)
335  {
336  *CapturedAcl = InputAcl;
337  }
338  else
339  {
340  AclSize = InputAcl->AclSize;
341 
343  AclSize,
344  TAG_ACL);
345 
346  if (NewAcl != NULL)
347  {
348  RtlCopyMemory(NewAcl,
349  InputAcl,
350  AclSize);
351 
352  *CapturedAcl = NewAcl;
353  }
354  else
355  {
357  }
358  }
359 
360  return Status;
361 }
362 
363 VOID
364 NTAPI
365 SepReleaseAcl(IN PACL CapturedAcl,
367  IN BOOLEAN CaptureIfKernel)
368 {
369  PAGED_CODE();
370 
371  if (CapturedAcl != NULL &&
372  (AccessMode != KernelMode ||
373  (AccessMode == KernelMode && CaptureIfKernel)))
374  {
375  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
376  }
377 }
378 
379 BOOLEAN
382  _Out_ PUCHAR NewAceFlags,
383  _In_ BOOLEAN IsInherited,
385 {
386  if (!IsInherited)
387  {
388  *NewAceFlags = AceFlags;
389  return TRUE;
390  }
391 
392  if (!IsDirectoryObject)
393  {
395  {
396  *NewAceFlags = AceFlags & ~VALID_INHERIT_FLAGS;
397  return TRUE;
398  }
399  return FALSE;
400  }
401 
403  {
405  {
406  *NewAceFlags = AceFlags & ~VALID_INHERIT_FLAGS;
407  return TRUE;
408  }
409  return FALSE;
410  }
411 
413  {
415  return TRUE;
416  }
417 
419  {
421  return TRUE;
422  }
423 
424  return FALSE;
425 }
426 
427 NTSTATUS
431  _In_reads_bytes_(AclSource->AclSize) PACL AclSource,
432  _In_ PSID Owner,
433  _In_ PSID Group,
434  _In_ BOOLEAN IsInherited,
437 {
438  ACCESS_MASK Mask;
439  PACCESS_ALLOWED_ACE AceSource;
440  PACCESS_ALLOWED_ACE AceDest;
441  PUCHAR CurrentDest;
442  PUCHAR CurrentSource;
443  ULONG i;
444  ULONG Written;
445  UCHAR AceFlags;
446  USHORT AceSize;
447  USHORT AceCount = 0;
448  PSID Sid;
449  BOOLEAN WriteTwoAces;
450 
451  ASSERT(RtlValidAcl(AclSource));
452  ASSERT(AclSource->AclSize % sizeof(ULONG) == 0);
453  ASSERT(AclSource->Sbz1 == 0);
454  ASSERT(AclSource->Sbz2 == 0);
455 
456  Written = 0;
457  if (*AclLength >= Written + sizeof(ACL))
458  {
459  RtlCopyMemory(AclDest,
460  AclSource,
461  sizeof(ACL));
462  }
463  Written += sizeof(ACL);
464 
465  CurrentDest = (PUCHAR)(AclDest + 1);
466  CurrentSource = (PUCHAR)(AclSource + 1);
467  for (i = 0; i < AclSource->AceCount; i++)
468  {
469  ASSERT((ULONG_PTR)CurrentDest % sizeof(ULONG) == 0);
470  ASSERT((ULONG_PTR)CurrentSource % sizeof(ULONG) == 0);
471  AceDest = (PACCESS_ALLOWED_ACE)CurrentDest;
472  AceSource = (PACCESS_ALLOWED_ACE)CurrentSource;
473 
474  if (AceSource->Header.AceType > ACCESS_MAX_MS_V2_ACE_TYPE)
475  {
476  /* FIXME: handle object & compound ACEs */
477  AceSize = AceSource->Header.AceSize;
478 
479  if (*AclLength >= Written + AceSize)
480  {
481  RtlCopyMemory(AceDest, AceSource, AceSize);
482  }
483  CurrentDest += AceSize;
484  CurrentSource += AceSize;
485  Written += AceSize;
486  AceCount++;
487  continue;
488  }
489 
490  /* These all have the same structure */
492  AceSource->Header.AceType == ACCESS_DENIED_ACE_TYPE ||
493  AceSource->Header.AceType == SYSTEM_AUDIT_ACE_TYPE ||
494  AceSource->Header.AceType == SYSTEM_ALARM_ACE_TYPE);
495 
496  ASSERT(AceSource->Header.AceSize % sizeof(ULONG) == 0);
497  ASSERT(AceSource->Header.AceSize >= sizeof(*AceSource));
498  if (!SepShouldPropagateAce(AceSource->Header.AceFlags,
499  &AceFlags,
500  IsInherited,
502  {
503  CurrentSource += AceSource->Header.AceSize;
504  continue;
505  }
506 
507  /* FIXME: filter out duplicate ACEs */
508  AceSize = AceSource->Header.AceSize;
509  Mask = AceSource->Mask;
510  Sid = (PSID)&AceSource->SidStart;
511  ASSERT(AceSize >= FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + RtlLengthSid(Sid));
512 
513  WriteTwoAces = FALSE;
514  /* Map effective ACE to specific rights */
515  if (!(AceFlags & INHERIT_ONLY_ACE))
516  {
518  Mask &= GenericMapping->GenericAll;
519 
520  if (IsInherited)
521  {
523  Sid = Owner;
524  else if (RtlEqualSid(Sid, SeCreatorGroupSid))
525  Sid = Group;
526  AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + RtlLengthSid(Sid);
527 
528  /*
529  * A generic container ACE becomes two ACEs:
530  * - a specific effective ACE with no inheritance flags
531  * - an inherit-only ACE that keeps the generic rights
532  */
533  if (IsDirectoryObject &&
535  (Mask != AceSource->Mask || Sid != (PSID)&AceSource->SidStart))
536  {
537  WriteTwoAces = TRUE;
538  }
539  }
540  }
541 
542  while (1)
543  {
544  if (*AclLength >= Written + AceSize)
545  {
546  AceDest->Header.AceType = AceSource->Header.AceType;
547  AceDest->Header.AceFlags = WriteTwoAces ? AceFlags & ~VALID_INHERIT_FLAGS
548  : AceFlags;
549  AceDest->Header.AceSize = AceSize;
550  AceDest->Mask = Mask;
551  RtlCopySid(AceSize - FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart),
552  (PSID)&AceDest->SidStart,
553  Sid);
554  }
555  Written += AceSize;
556 
557  AceCount++;
558  CurrentDest += AceSize;
559 
560  if (!WriteTwoAces)
561  break;
562 
563  /* Second ACE keeps all the generics from the source ACE */
564  WriteTwoAces = FALSE;
565  AceDest = (PACCESS_ALLOWED_ACE)CurrentDest;
566  AceSize = AceSource->Header.AceSize;
567  Mask = AceSource->Mask;
568  Sid = (PSID)&AceSource->SidStart;
570  }
571 
572  CurrentSource += AceSource->Header.AceSize;
573  }
574 
575  if (*AclLength >= sizeof(ACL))
576  {
577  AclDest->AceCount = AceCount;
578  AclDest->AclSize = Written;
579  }
580 
581  if (Written > *AclLength)
582  {
583  *AclLength = Written;
585  }
586  *AclLength = Written;
587  return STATUS_SUCCESS;
588 }
589 
590 PACL
592  _In_opt_ PACL ExplicitAcl,
593  _In_ BOOLEAN ExplicitPresent,
594  _In_ BOOLEAN ExplicitDefaulted,
595  _In_opt_ PACL ParentAcl,
596  _In_opt_ PACL DefaultAcl,
598  _In_ PSID Owner,
599  _In_ PSID Group,
600  _Out_ PBOOLEAN AclPresent,
601  _Out_ PBOOLEAN IsInherited,
604 {
605  PACL Acl;
607 
608  *AclPresent = TRUE;
609  if (ExplicitPresent && !ExplicitDefaulted)
610  {
611  Acl = ExplicitAcl;
612  }
613  else
614  {
615  if (ParentAcl)
616  {
617  *IsInherited = TRUE;
618  *AclLength = 0;
620  AclLength,
621  ParentAcl,
622  Owner,
623  Group,
624  *IsInherited,
628 
629  /* Use the parent ACL only if it's not empty */
630  if (*AclLength != sizeof(ACL))
631  return ParentAcl;
632  }
633 
634  if (ExplicitPresent)
635  {
636  Acl = ExplicitAcl;
637  }
638  else if (DefaultAcl)
639  {
640  Acl = DefaultAcl;
641  }
642  else
643  {
644  *AclPresent = FALSE;
645  Acl = NULL;
646  }
647  }
648 
649  *IsInherited = FALSE;
650  *AclLength = 0;
651  if (Acl)
652  {
653  /* Get the length */
655  AclLength,
656  Acl,
657  Owner,
658  Group,
659  *IsInherited,
663  }
664  return Acl;
665 }
666 
667 /* EOF */
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Definition: acl.c:229
#define IN
Definition: typedefs.h:38
#define GENERIC_ALL
Definition: nt_native.h:92
UCHAR AceFlags
Definition: ms-dtyp.idl:211
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define ACCESS_MAX_MS_V2_ACE_TYPE
Definition: setypes.h:689
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
PSID SeRestrictedCodeSid
Definition: sid.c:46
BOOLEAN INIT_FUNCTION NTAPI SepInitDACLs(VOID)
Definition: acl.c:34
#define VALID_INHERIT_FLAGS
Definition: setypes.h:719
USHORT AclSize
Definition: ms-dtyp.idl:296
PACL SeSystemDefaultDacl
Definition: acl.c:23
VOID NTAPI SepReleaseAcl(IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: acl.c:365
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
_In_opt_ PSID Group
Definition: rtlfuncs.h:1606
unsigned char * PUCHAR
Definition: retypes.h:3
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:716
ACE_HEADER Header
Definition: ms-dtyp.idl:216
USHORT AceCount
Definition: ms-dtyp.idl:297
#define PAGED_CODE()
Definition: video.h:57
#define _In_opt_
Definition: no_sal2.h:213
BOOLEAN SepShouldPropagateAce(_In_ UCHAR AceFlags, _Out_ PUCHAR NewAceFlags, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject)
Definition: acl.c:380
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
_SEH2_TRY
Definition: create.c:4250
uint32_t ULONG_PTR
Definition: typedefs.h:63
PACL SePublicOpenDacl
Definition: acl.c:25
USHORT AceSize
Definition: ms-dtyp.idl:212
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:26
PACL SeUnrestrictedDacl
Definition: acl.c:27
PSID SeCreatorGroupSid
Definition: sid.c:34
#define GENERIC_WRITE
Definition: nt_native.h:90
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned char BOOLEAN
#define _Out_writes_bytes_opt_(a)
Definition: btrfs_drv.h:171
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
#define _Out_
Definition: no_sal2.h:323
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:715
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
INT POOL_TYPE
Definition: typedefs.h:76
BOOLEAN NTAPI RtlValidAcl(IN PACL Acl)
Definition: acl.c:837
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(AclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Definition: acl.c:428
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define _Inout_
Definition: no_sal2.h:244
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:686
struct _SID * PSID
Definition: eventlog.c:35
#define READ_CONTROL
Definition: nt_native.h:58
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
unsigned char UCHAR
Definition: xmlstorage.h:181
UCHAR AceType
Definition: ms-dtyp.idl:210
char * PBOOLEAN
Definition: retypes.h:11
PSID SeAliasAdminsSid
Definition: sid.c:47
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
PSID SeCreatorOwnerSid
Definition: sid.c:33
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:24
USHORT Sbz2
Definition: ms-dtyp.idl:298
#define GENERIC_READ
Definition: compat.h:124
PSID SeWorldSid
Definition: sid.c:31
#define _In_reads_bytes_(size)
Definition: no_sal2.h:229
Status
Definition: gdiplustypes.h:24
UCHAR Sbz1
Definition: ms-dtyp.idl:295
#define _In_
Definition: no_sal2.h:204
#define TAG_ACL
Definition: tag.h:174
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define SYSTEM_ALARM_ACE_TYPE
Definition: setypes.h:688
_SEH2_END
Definition: create.c:4424
struct _ACCESS_ALLOWED_ACE * PACCESS_ALLOWED_ACE
ACCESS_MASK Mask
Definition: ms-dtyp.idl:217
unsigned short USHORT
Definition: pedump.c:61
PACL SePublicDefaultDacl
Definition: acl.c:22
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
unsigned int * PULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1557
#define ACL_REVISION
Definition: setypes.h:39
PSID SeLocalSystemSid
Definition: sid.c:44
#define OUT
Definition: typedefs.h:39
unsigned int ULONG
Definition: retypes.h:1
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:687
#define INHERIT_ONLY_ACE
Definition: setypes.h:717
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
ACCESS_MASK GenericAll
Definition: nt_native.h:568
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Definition: acl.c:591
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
#define GENERIC_EXECUTE
Definition: nt_native.h:91
return STATUS_SUCCESS
Definition: btrfs.c:2725
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444
Definition: rtltypes.h:988
#define OBJECT_INHERIT_ACE
Definition: setypes.h:714
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:277
ULONG ACCESS_MASK
Definition: nt_native.h:40
_In_ ULONG AclLength
Definition: rtlfuncs.h:1844
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
static const ACEFLAG AceFlags[]
Definition: security.c:2300