2004-08-05 18:17:37 +00:00
|
|
|
/* $Id: acl.c,v 1.19 2004/08/05 18:17:37 ion Exp $
|
1999-12-26 17:22:19 +00:00
|
|
|
*
|
1999-12-26 15:50:53 +00:00
|
|
|
* COPYRIGHT: See COPYING in the top level directory
|
|
|
|
* PROJECT: ReactOS kernel
|
|
|
|
* PURPOSE: Security manager
|
|
|
|
* FILE: kernel/se/acl.c
|
|
|
|
* PROGRAMER: David Welch <welch@cwcom.net>
|
|
|
|
* REVISION HISTORY:
|
|
|
|
* 26/07/98: Added stubs for security functions
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* INCLUDES *****************************************************************/
|
|
|
|
|
2002-09-08 10:23:54 +00:00
|
|
|
#include <ddk/ntddk.h>
|
|
|
|
#include <internal/se.h>
|
1999-12-26 15:50:53 +00:00
|
|
|
|
|
|
|
#include <internal/debug.h>
|
|
|
|
|
2002-02-20 20:16:49 +00:00
|
|
|
#define TAG_ACL TAG('A', 'C', 'L', 'T')
|
|
|
|
|
|
|
|
|
|
|
|
/* GLOBALS ******************************************************************/
|
|
|
|
|
2002-09-08 10:23:54 +00:00
|
|
|
PACL EXPORTED SePublicDefaultDacl = NULL;
|
|
|
|
PACL EXPORTED SeSystemDefaultDacl = NULL;
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
PACL SePublicDefaultUnrestrictedDacl = NULL;
|
|
|
|
PACL SePublicOpenDacl = NULL;
|
|
|
|
PACL SePublicOpenUnrestrictedDacl = NULL;
|
|
|
|
PACL SeUnrestrictedDacl = NULL;
|
|
|
|
|
|
|
|
|
|
|
|
/* FUNCTIONS ****************************************************************/
|
|
|
|
|
2003-10-12 17:05:50 +00:00
|
|
|
BOOLEAN INIT_FUNCTION
|
2002-02-20 20:16:49 +00:00
|
|
|
SepInitDACLs(VOID)
|
|
|
|
{
|
|
|
|
ULONG AclLength2;
|
|
|
|
ULONG AclLength3;
|
|
|
|
ULONG AclLength4;
|
|
|
|
|
|
|
|
AclLength2 = sizeof(ACL) +
|
2002-10-25 21:48:00 +00:00
|
|
|
2 * (RtlLengthRequiredSid(1) + sizeof(ACE));
|
2002-02-20 20:16:49 +00:00
|
|
|
AclLength3 = sizeof(ACL) +
|
2002-10-25 21:48:00 +00:00
|
|
|
3 * (RtlLengthRequiredSid(1) + sizeof(ACE));
|
2002-02-20 20:16:49 +00:00
|
|
|
AclLength4 = sizeof(ACL) +
|
2002-10-25 21:48:00 +00:00
|
|
|
4 * (RtlLengthRequiredSid(1) + sizeof(ACE));
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
/* create PublicDefaultDacl */
|
|
|
|
SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
|
|
|
|
AclLength2,
|
|
|
|
TAG_ACL);
|
|
|
|
if (SePublicDefaultDacl == NULL)
|
2004-07-17 20:32:11 +00:00
|
|
|
return FALSE;
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlCreateAcl(SePublicDefaultDacl,
|
|
|
|
AclLength2,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_EXECUTE,
|
|
|
|
SeWorldSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_ALL,
|
|
|
|
SeLocalSystemSid);
|
|
|
|
|
|
|
|
|
|
|
|
/* create PublicDefaultUnrestrictedDacl */
|
|
|
|
SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
|
|
|
|
AclLength4,
|
|
|
|
TAG_ACL);
|
|
|
|
if (SePublicDefaultUnrestrictedDacl == NULL)
|
2004-07-17 20:32:11 +00:00
|
|
|
return FALSE;
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
|
|
|
|
AclLength4,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_EXECUTE,
|
|
|
|
SeWorldSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_ALL,
|
|
|
|
SeLocalSystemSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_ALL,
|
|
|
|
SeAliasAdminsSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2004-07-17 20:32:11 +00:00
|
|
|
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
2002-02-20 20:16:49 +00:00
|
|
|
SeRestrictedCodeSid);
|
|
|
|
|
|
|
|
/* create PublicOpenDacl */
|
|
|
|
SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,
|
|
|
|
AclLength3,
|
|
|
|
TAG_ACL);
|
|
|
|
if (SePublicOpenDacl == NULL)
|
2004-07-17 20:32:11 +00:00
|
|
|
return FALSE;
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlCreateAcl(SePublicOpenDacl,
|
|
|
|
AclLength3,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
|
|
|
|
SeWorldSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_ALL,
|
|
|
|
SeLocalSystemSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_ALL,
|
|
|
|
SeAliasAdminsSid);
|
|
|
|
|
2004-07-17 20:32:11 +00:00
|
|
|
/* create PublicOpenUnrestrictedDacl */
|
|
|
|
SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
|
|
|
|
AclLength4,
|
|
|
|
TAG_ACL);
|
|
|
|
if (SePublicOpenUnrestrictedDacl == NULL)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
RtlCreateAcl(SePublicOpenUnrestrictedDacl,
|
|
|
|
AclLength4,
|
|
|
|
ACL_REVISION);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_ALL,
|
|
|
|
SeWorldSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_ALL,
|
|
|
|
SeLocalSystemSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_ALL,
|
|
|
|
SeAliasAdminsSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_READ | GENERIC_EXECUTE,
|
|
|
|
SeRestrictedCodeSid);
|
|
|
|
|
|
|
|
/* create SystemDefaultDacl */
|
|
|
|
SeSystemDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
|
|
|
|
AclLength2,
|
|
|
|
TAG_ACL);
|
|
|
|
if (SeSystemDefaultDacl == NULL)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
RtlCreateAcl(SeSystemDefaultDacl,
|
|
|
|
AclLength2,
|
|
|
|
ACL_REVISION);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_ALL,
|
|
|
|
SeLocalSystemSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
|
|
|
SeAliasAdminsSid);
|
|
|
|
|
|
|
|
/* create UnrestrictedDacl */
|
|
|
|
SeUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
|
|
|
|
AclLength2,
|
|
|
|
TAG_ACL);
|
|
|
|
if (SeUnrestrictedDacl == NULL)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
RtlCreateAcl(SeUnrestrictedDacl,
|
|
|
|
AclLength2,
|
|
|
|
ACL_REVISION);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_ALL,
|
|
|
|
SeWorldSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_READ | GENERIC_EXECUTE,
|
|
|
|
SeRestrictedCodeSid);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
return(TRUE);
|
|
|
|
}
|
|
|
|
|
1999-12-26 17:22:19 +00:00
|
|
|
/* EOF */
|