reactos/reactos/ntoskrnl/se/acl.c

/* $Id: acl.c,v 1.19 2004/08/05 18:17:37 ion Exp $
 *
 * COPYRIGHT:         See COPYING in the top level directory
 * PROJECT:           ReactOS kernel
 * PURPOSE:           Security manager
 * FILE:              kernel/se/acl.c
 * PROGRAMER:         David Welch <welch@cwcom.net>
 * REVISION HISTORY:
 *                 26/07/98: Added stubs for security functions
 */

/* INCLUDES *****************************************************************/

#include <ddk/ntddk.h>
#include <internal/se.h>

#include <internal/debug.h>

#define TAG_ACL    TAG('A', 'C', 'L', 'T')


/* GLOBALS ******************************************************************/

PACL EXPORTED SePublicDefaultDacl = NULL;
PACL EXPORTED SeSystemDefaultDacl = NULL;

PACL SePublicDefaultUnrestrictedDacl = NULL;
PACL SePublicOpenDacl = NULL;
PACL SePublicOpenUnrestrictedDacl = NULL;
PACL SeUnrestrictedDacl = NULL;


/* FUNCTIONS ****************************************************************/

BOOLEAN INIT_FUNCTION
SepInitDACLs(VOID)
{
  ULONG AclLength2;
  ULONG AclLength3;
  ULONG AclLength4;

  AclLength2 = sizeof(ACL) +
	       2 * (RtlLengthRequiredSid(1) + sizeof(ACE));
  AclLength3 = sizeof(ACL) +
	       3 * (RtlLengthRequiredSid(1) + sizeof(ACE));
  AclLength4 = sizeof(ACL) +
	       4 * (RtlLengthRequiredSid(1) + sizeof(ACE));

  /* create PublicDefaultDacl */
  SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
					      AclLength2,
					      TAG_ACL);
  if (SePublicDefaultDacl == NULL)
    return FALSE;

  RtlCreateAcl(SePublicDefaultDacl,
	       AclLength2,
	       ACL_REVISION);

  RtlAddAccessAllowedAce(SePublicDefaultDacl,
			 ACL_REVISION,
			 GENERIC_EXECUTE,
			 SeWorldSid);

  RtlAddAccessAllowedAce(SePublicDefaultDacl,
			 ACL_REVISION,
			 GENERIC_ALL,
			 SeLocalSystemSid);


  /* create PublicDefaultUnrestrictedDacl */
  SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
							  AclLength4,
							  TAG_ACL);
  if (SePublicDefaultUnrestrictedDacl == NULL)
    return FALSE;

  RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
	       AclLength4,
	       ACL_REVISION);

  RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
			 ACL_REVISION,
			 GENERIC_EXECUTE,
			 SeWorldSid);

  RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
			 ACL_REVISION,
			 GENERIC_ALL,
			 SeLocalSystemSid);

  RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
			 ACL_REVISION,
			 GENERIC_ALL,
			 SeAliasAdminsSid);

  RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
			 ACL_REVISION,
			 GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
			 SeRestrictedCodeSid);

  /* create PublicOpenDacl */
  SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,
					   AclLength3,
					   TAG_ACL);
  if (SePublicOpenDacl == NULL)
    return FALSE;

  RtlCreateAcl(SePublicOpenDacl,
	       AclLength3,
	       ACL_REVISION);

  RtlAddAccessAllowedAce(SePublicOpenDacl,
			 ACL_REVISION,
			 GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
			 SeWorldSid);

  RtlAddAccessAllowedAce(SePublicOpenDacl,
			 ACL_REVISION,
			 GENERIC_ALL,
			 SeLocalSystemSid);

  RtlAddAccessAllowedAce(SePublicOpenDacl,
			 ACL_REVISION,
			 GENERIC_ALL,
			 SeAliasAdminsSid);

  /* create PublicOpenUnrestrictedDacl */
  SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
						       AclLength4,
						       TAG_ACL);
  if (SePublicOpenUnrestrictedDacl == NULL)
    return FALSE;

  RtlCreateAcl(SePublicOpenUnrestrictedDacl,
	       AclLength4,
	       ACL_REVISION);

  RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
			 ACL_REVISION,
			 GENERIC_ALL,
			 SeWorldSid);

  RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
			 ACL_REVISION,
			 GENERIC_ALL,
			 SeLocalSystemSid);

  RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
			 ACL_REVISION,
			 GENERIC_ALL,
			 SeAliasAdminsSid);

  RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
			 ACL_REVISION,
			 GENERIC_READ | GENERIC_EXECUTE,
			 SeRestrictedCodeSid);

  /* create SystemDefaultDacl */
  SeSystemDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
					      AclLength2,
					      TAG_ACL);
  if (SeSystemDefaultDacl == NULL)
    return FALSE;

  RtlCreateAcl(SeSystemDefaultDacl,
	       AclLength2,
	       ACL_REVISION);

  RtlAddAccessAllowedAce(SeSystemDefaultDacl,
			 ACL_REVISION,
			 GENERIC_ALL,
			 SeLocalSystemSid);

  RtlAddAccessAllowedAce(SeSystemDefaultDacl,
			 ACL_REVISION,
			 GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
			 SeAliasAdminsSid);

  /* create UnrestrictedDacl */
  SeUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
					     AclLength2,
					     TAG_ACL);
  if (SeUnrestrictedDacl == NULL)
    return FALSE;

  RtlCreateAcl(SeUnrestrictedDacl,
	       AclLength2,
	       ACL_REVISION);

  RtlAddAccessAllowedAce(SeUnrestrictedDacl,
			 ACL_REVISION,
			 GENERIC_ALL,
			 SeWorldSid);

  RtlAddAccessAllowedAce(SeUnrestrictedDacl,
			 ACL_REVISION,
			 GENERIC_READ | GENERIC_EXECUTE,
			 SeRestrictedCodeSid);

  return(TRUE);
}

/* EOF */
Added RTL Stubs, Prototypes and Exports. svn path=/trunk/; revision=10404 2004-08-05 18:17:37 +00:00			`/* $Id: acl.c,v 1.19 2004/08/05 18:17:37 ion Exp $`
Some missing __stdcall declarations added in headers and in code. svn path=/trunk/; revision=903 1999-12-26 17:22:19 +00:00			`*`
Added some security functions Changes to csrss console support Fixed bug in gdt.c svn path=/trunk/; revision=901 1999-12-26 15:50:53 +00:00			`* COPYRIGHT: See COPYING in the top level directory`
			`* PROJECT: ReactOS kernel`
			`* PURPOSE: Security manager`
			`* FILE: kernel/se/acl.c`
			`* PROGRAMER: David Welch <welch@cwcom.net>`
			`* REVISION HISTORY:`
			`* 26/07/98: Added stubs for security functions`
			`*/`

			`/* INCLUDES *****************************************************************/`

Reverted latest changes. svn path=/trunk/; revision=3473 2002-09-08 10:23:54 +00:00			`#include <ddk/ntddk.h>`
			`#include <internal/se.h>`
Added some security functions Changes to csrss console support Fixed bug in gdt.c svn path=/trunk/; revision=901 1999-12-26 15:50:53 +00:00
			`#include <internal/debug.h>`

Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`#define TAG_ACL TAG('A', 'C', 'L', 'T')`


			`/* GLOBALS ******************************************************************/`

Reverted latest changes. svn path=/trunk/; revision=3473 2002-09-08 10:23:54 +00:00			`PACL EXPORTED SePublicDefaultDacl = NULL;`
			`PACL EXPORTED SeSystemDefaultDacl = NULL;`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`PACL SePublicDefaultUnrestrictedDacl = NULL;`
			`PACL SePublicOpenDacl = NULL;`
			`PACL SePublicOpenUnrestrictedDacl = NULL;`
			`PACL SeUnrestrictedDacl = NULL;`


			`/* FUNCTIONS ****************************************************************/`

- Fixed the freeing of memory from boot load drivers. - Put all init functions in a special section and do free the memory from this section after system initialization. svn path=/trunk/; revision=6296 2003-10-12 17:05:50 +00:00			`BOOLEAN INIT_FUNCTION`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`SepInitDACLs(VOID)`
			`{`
			`ULONG AclLength2;`
			`ULONG AclLength3;`
			`ULONG AclLength4;`

			`AclLength2 = sizeof(ACL) +`
2002-10-25 Casper S. Hornstrup <chorns@users.sourceforge.net> * apps/tests/tokentest/tokentest.c (ROS_ACE_HEADER): Move field AccessMask ... (ROS_ACE): ... here. (DisplayDacl): Make pAce an ROS_ACE; Use new path for AceType; Use sizeof(ACE) instead of sizeof(ACE_HEADER). include/ntos/security.h (ACE_HEADER): Move field AccessMask ... (ACE): ... here. * lib/ntdll/rtl/acl.c: Use new path for AccessMask. * ntoskrnl/se/semgr.c: Ditto. * ntoskrnl/se/acl.c (SepInitDACLs): Use new path for AccessMask; Use sizeof(ACE) instead of sizeof(ACE_HEADER). * ntoskrnl/se/token.c (SepCreateSystemProcessToken): Use sizeof(ACE) instead of sizeof(ACE_HEADER). svn path=/trunk/; revision=3654 2002-10-25 21:48:00 +00:00			`2 * (RtlLengthRequiredSid(1) + sizeof(ACE));`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`AclLength3 = sizeof(ACL) +`
2002-10-25 Casper S. Hornstrup <chorns@users.sourceforge.net> * apps/tests/tokentest/tokentest.c (ROS_ACE_HEADER): Move field AccessMask ... (ROS_ACE): ... here. (DisplayDacl): Make pAce an ROS_ACE; Use new path for AceType; Use sizeof(ACE) instead of sizeof(ACE_HEADER). include/ntos/security.h (ACE_HEADER): Move field AccessMask ... (ACE): ... here. * lib/ntdll/rtl/acl.c: Use new path for AccessMask. * ntoskrnl/se/semgr.c: Ditto. * ntoskrnl/se/acl.c (SepInitDACLs): Use new path for AccessMask; Use sizeof(ACE) instead of sizeof(ACE_HEADER). * ntoskrnl/se/token.c (SepCreateSystemProcessToken): Use sizeof(ACE) instead of sizeof(ACE_HEADER). svn path=/trunk/; revision=3654 2002-10-25 21:48:00 +00:00			`3 * (RtlLengthRequiredSid(1) + sizeof(ACE));`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`AclLength4 = sizeof(ACL) +`
2002-10-25 Casper S. Hornstrup <chorns@users.sourceforge.net> * apps/tests/tokentest/tokentest.c (ROS_ACE_HEADER): Move field AccessMask ... (ROS_ACE): ... here. (DisplayDacl): Make pAce an ROS_ACE; Use new path for AceType; Use sizeof(ACE) instead of sizeof(ACE_HEADER). include/ntos/security.h (ACE_HEADER): Move field AccessMask ... (ACE): ... here. * lib/ntdll/rtl/acl.c: Use new path for AccessMask. * ntoskrnl/se/semgr.c: Ditto. * ntoskrnl/se/acl.c (SepInitDACLs): Use new path for AccessMask; Use sizeof(ACE) instead of sizeof(ACE_HEADER). * ntoskrnl/se/token.c (SepCreateSystemProcessToken): Use sizeof(ACE) instead of sizeof(ACE_HEADER). svn path=/trunk/; revision=3654 2002-10-25 21:48:00 +00:00			`4 * (RtlLengthRequiredSid(1) + sizeof(ACE));`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`/* create PublicDefaultDacl */`
			`SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,`
			`AclLength2,`
			`TAG_ACL);`
			`if (SePublicDefaultDacl == NULL)`
Create missing default DACLs. svn path=/trunk/; revision=10184 2004-07-17 20:32:11 +00:00			`return FALSE;`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`RtlCreateAcl(SePublicDefaultDacl,`
			`AclLength2,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION);`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`RtlAddAccessAllowedAce(SePublicDefaultDacl,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION,`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`GENERIC_EXECUTE,`
			`SeWorldSid);`

			`RtlAddAccessAllowedAce(SePublicDefaultDacl,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION,`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`GENERIC_ALL,`
			`SeLocalSystemSid);`


			`/* create PublicDefaultUnrestrictedDacl */`
			`SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,`
			`AclLength4,`
			`TAG_ACL);`
			`if (SePublicDefaultUnrestrictedDacl == NULL)`
Create missing default DACLs. svn path=/trunk/; revision=10184 2004-07-17 20:32:11 +00:00			`return FALSE;`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`RtlCreateAcl(SePublicDefaultUnrestrictedDacl,`
			`AclLength4,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION);`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION,`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`GENERIC_EXECUTE,`
			`SeWorldSid);`

			`RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION,`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`GENERIC_ALL,`
			`SeLocalSystemSid);`

			`RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION,`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`GENERIC_ALL,`
			`SeAliasAdminsSid);`

			`RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION,`
Create missing default DACLs. svn path=/trunk/; revision=10184 2004-07-17 20:32:11 +00:00			`GENERIC_READ \| GENERIC_EXECUTE \| READ_CONTROL,`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`SeRestrictedCodeSid);`

			`/* create PublicOpenDacl */`
			`SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,`
			`AclLength3,`
			`TAG_ACL);`
			`if (SePublicOpenDacl == NULL)`
Create missing default DACLs. svn path=/trunk/; revision=10184 2004-07-17 20:32:11 +00:00			`return FALSE;`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`RtlCreateAcl(SePublicOpenDacl,`
			`AclLength3,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION);`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`RtlAddAccessAllowedAce(SePublicOpenDacl,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION,`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`GENERIC_READ \| GENERIC_WRITE \| GENERIC_EXECUTE,`
			`SeWorldSid);`

			`RtlAddAccessAllowedAce(SePublicOpenDacl,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION,`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`GENERIC_ALL,`
			`SeLocalSystemSid);`

			`RtlAddAccessAllowedAce(SePublicOpenDacl,`
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=7990 2004-02-02 12:05:41 +00:00			`ACL_REVISION,`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`GENERIC_ALL,`
			`SeAliasAdminsSid);`

Create missing default DACLs. svn path=/trunk/; revision=10184 2004-07-17 20:32:11 +00:00			`/* create PublicOpenUnrestrictedDacl */`
			`SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,`
			`AclLength4,`
			`TAG_ACL);`
			`if (SePublicOpenUnrestrictedDacl == NULL)`
			`return FALSE;`

			`RtlCreateAcl(SePublicOpenUnrestrictedDacl,`
			`AclLength4,`
			`ACL_REVISION);`

			`RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,`
			`ACL_REVISION,`
			`GENERIC_ALL,`
			`SeWorldSid);`

			`RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,`
			`ACL_REVISION,`
			`GENERIC_ALL,`
			`SeLocalSystemSid);`

			`RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,`
			`ACL_REVISION,`
			`GENERIC_ALL,`
			`SeAliasAdminsSid);`

			`RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,`
			`ACL_REVISION,`
			`GENERIC_READ \| GENERIC_EXECUTE,`
			`SeRestrictedCodeSid);`

			`/* create SystemDefaultDacl */`
			`SeSystemDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,`
			`AclLength2,`
			`TAG_ACL);`
			`if (SeSystemDefaultDacl == NULL)`
			`return FALSE;`

			`RtlCreateAcl(SeSystemDefaultDacl,`
			`AclLength2,`
			`ACL_REVISION);`

			`RtlAddAccessAllowedAce(SeSystemDefaultDacl,`
			`ACL_REVISION,`
			`GENERIC_ALL,`
			`SeLocalSystemSid);`

			`RtlAddAccessAllowedAce(SeSystemDefaultDacl,`
			`ACL_REVISION,`
			`GENERIC_READ \| GENERIC_EXECUTE \| READ_CONTROL,`
			`SeAliasAdminsSid);`

			`/* create UnrestrictedDacl */`
			`SeUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,`
			`AclLength2,`
			`TAG_ACL);`
			`if (SeUnrestrictedDacl == NULL)`
			`return FALSE;`

			`RtlCreateAcl(SeUnrestrictedDacl,`
			`AclLength2,`
			`ACL_REVISION);`

			`RtlAddAccessAllowedAce(SeUnrestrictedDacl,`
			`ACL_REVISION,`
			`GENERIC_ALL,`
			`SeWorldSid);`

			`RtlAddAccessAllowedAce(SeUnrestrictedDacl,`
			`ACL_REVISION,`
			`GENERIC_READ \| GENERIC_EXECUTE,`
			`SeRestrictedCodeSid);`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`return(TRUE);`
			`}`

Some missing __stdcall declarations added in headers and in code. svn path=/trunk/; revision=903 1999-12-26 17:22:19 +00:00			`/* EOF */`