2004-11-06 21:32:16 +00:00
|
|
|
/* $Id: acl.c,v 1.21 2004/11/06 21:32:16 navaraf Exp $
|
1999-12-26 17:22:19 +00:00
|
|
|
*
|
1999-12-26 15:50:53 +00:00
|
|
|
* COPYRIGHT: See COPYING in the top level directory
|
|
|
|
* PROJECT: ReactOS kernel
|
|
|
|
* PURPOSE: Security manager
|
|
|
|
* FILE: kernel/se/acl.c
|
|
|
|
* PROGRAMER: David Welch <welch@cwcom.net>
|
|
|
|
* REVISION HISTORY:
|
|
|
|
* 26/07/98: Added stubs for security functions
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* INCLUDES *****************************************************************/
|
|
|
|
|
2004-08-15 16:39:12 +00:00
|
|
|
#include <ntoskrnl.h>
|
1999-12-26 15:50:53 +00:00
|
|
|
#include <internal/debug.h>
|
|
|
|
|
2002-02-20 20:16:49 +00:00
|
|
|
#define TAG_ACL TAG('A', 'C', 'L', 'T')
|
|
|
|
|
|
|
|
|
|
|
|
/* GLOBALS ******************************************************************/
|
|
|
|
|
2002-09-08 10:23:54 +00:00
|
|
|
PACL EXPORTED SePublicDefaultDacl = NULL;
|
|
|
|
PACL EXPORTED SeSystemDefaultDacl = NULL;
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
PACL SePublicDefaultUnrestrictedDacl = NULL;
|
|
|
|
PACL SePublicOpenDacl = NULL;
|
|
|
|
PACL SePublicOpenUnrestrictedDacl = NULL;
|
|
|
|
PACL SeUnrestrictedDacl = NULL;
|
|
|
|
|
|
|
|
|
|
|
|
/* FUNCTIONS ****************************************************************/
|
|
|
|
|
2003-10-12 17:05:50 +00:00
|
|
|
BOOLEAN INIT_FUNCTION
|
2002-02-20 20:16:49 +00:00
|
|
|
SepInitDACLs(VOID)
|
|
|
|
{
|
2004-11-06 21:32:16 +00:00
|
|
|
ULONG AclLength;
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
/* create PublicDefaultDacl */
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength = sizeof(ACL) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
|
|
|
|
|
2002-02-20 20:16:49 +00:00
|
|
|
SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2002-02-20 20:16:49 +00:00
|
|
|
TAG_ACL);
|
|
|
|
if (SePublicDefaultDacl == NULL)
|
2004-07-17 20:32:11 +00:00
|
|
|
return FALSE;
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlCreateAcl(SePublicDefaultDacl,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_EXECUTE,
|
|
|
|
SeWorldSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_ALL,
|
|
|
|
SeLocalSystemSid);
|
|
|
|
|
|
|
|
|
|
|
|
/* create PublicDefaultUnrestrictedDacl */
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength = sizeof(ACL) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
|
|
|
|
2002-02-20 20:16:49 +00:00
|
|
|
SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2002-02-20 20:16:49 +00:00
|
|
|
TAG_ACL);
|
|
|
|
if (SePublicDefaultUnrestrictedDacl == NULL)
|
2004-07-17 20:32:11 +00:00
|
|
|
return FALSE;
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_EXECUTE,
|
|
|
|
SeWorldSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_ALL,
|
|
|
|
SeLocalSystemSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_ALL,
|
|
|
|
SeAliasAdminsSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2004-07-17 20:32:11 +00:00
|
|
|
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
2002-02-20 20:16:49 +00:00
|
|
|
SeRestrictedCodeSid);
|
|
|
|
|
|
|
|
/* create PublicOpenDacl */
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength = sizeof(ACL) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
|
|
|
|
2002-02-20 20:16:49 +00:00
|
|
|
SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2002-02-20 20:16:49 +00:00
|
|
|
TAG_ACL);
|
|
|
|
if (SePublicOpenDacl == NULL)
|
2004-07-17 20:32:11 +00:00
|
|
|
return FALSE;
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlCreateAcl(SePublicOpenDacl,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
|
|
|
|
SeWorldSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_ALL,
|
|
|
|
SeLocalSystemSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
2004-02-02 12:05:41 +00:00
|
|
|
ACL_REVISION,
|
2002-02-20 20:16:49 +00:00
|
|
|
GENERIC_ALL,
|
|
|
|
SeAliasAdminsSid);
|
|
|
|
|
2004-07-17 20:32:11 +00:00
|
|
|
/* create PublicOpenUnrestrictedDacl */
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength = sizeof(ACL) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
|
|
|
|
2004-07-17 20:32:11 +00:00
|
|
|
SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2004-07-17 20:32:11 +00:00
|
|
|
TAG_ACL);
|
|
|
|
if (SePublicOpenUnrestrictedDacl == NULL)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
RtlCreateAcl(SePublicOpenUnrestrictedDacl,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2004-07-17 20:32:11 +00:00
|
|
|
ACL_REVISION);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_ALL,
|
|
|
|
SeWorldSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_ALL,
|
|
|
|
SeLocalSystemSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_ALL,
|
|
|
|
SeAliasAdminsSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_READ | GENERIC_EXECUTE,
|
|
|
|
SeRestrictedCodeSid);
|
|
|
|
|
|
|
|
/* create SystemDefaultDacl */
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength = sizeof(ACL) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
|
|
|
|
2004-07-17 20:32:11 +00:00
|
|
|
SeSystemDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2004-07-17 20:32:11 +00:00
|
|
|
TAG_ACL);
|
|
|
|
if (SeSystemDefaultDacl == NULL)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
RtlCreateAcl(SeSystemDefaultDacl,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2004-07-17 20:32:11 +00:00
|
|
|
ACL_REVISION);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_ALL,
|
|
|
|
SeLocalSystemSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
|
|
|
SeAliasAdminsSid);
|
|
|
|
|
|
|
|
/* create UnrestrictedDacl */
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength = sizeof(ACL) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
|
|
|
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
|
|
|
|
2004-07-17 20:32:11 +00:00
|
|
|
SeUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2004-07-17 20:32:11 +00:00
|
|
|
TAG_ACL);
|
|
|
|
if (SeUnrestrictedDacl == NULL)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
RtlCreateAcl(SeUnrestrictedDacl,
|
2004-11-06 21:32:16 +00:00
|
|
|
AclLength,
|
2004-07-17 20:32:11 +00:00
|
|
|
ACL_REVISION);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_ALL,
|
|
|
|
SeWorldSid);
|
|
|
|
|
|
|
|
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
|
|
|
ACL_REVISION,
|
|
|
|
GENERIC_READ | GENERIC_EXECUTE,
|
|
|
|
SeRestrictedCodeSid);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
return(TRUE);
|
|
|
|
}
|
|
|
|
|
1999-12-26 17:22:19 +00:00
|
|
|
/* EOF */
|