Implement RtlGetSecurityDescriptorRMControl, RtlSetSecurityDescriptorRMControl, SetSecurityDescriptorControl, GetSecurityDescriptorRMControl and SetSecurityDescriptorRMControl.

svn path=/trunk/; revision=13493
2024-12-27 01:24:38 +00:00 · 2005-02-11 15:52:38 +00:00 · 2005-02-11 15:52:38 +00:00 · 1ca75be5f0
commit 1ca75be5f0
parent 5930efc575
8 changed files with 142 additions and 30 deletions
--- a/reactos/include/ddk/setypes.h
+++ b/reactos/include/ddk/setypes.h
@ -50,22 +50,23 @@
 #define FAILED_ACCESS_ACE_FLAG       (0x80)

 /* SECURITY_DESCRIPTOR_CONTROL */
-#define SECURITY_DESCRIPTOR_REVISION	(1)
-#define SECURITY_DESCRIPTOR_REVISION1	(1)
-#define SECURITY_DESCRIPTOR_MIN_LENGTH	(20)
-#define SE_OWNER_DEFAULTED	(1)
-#define SE_GROUP_DEFAULTED	(2)
-#define SE_DACL_PRESENT	(4)
-#define SE_DACL_DEFAULTED	(8)
-#define SE_SACL_PRESENT	(16)
-#define SE_SACL_DEFAULTED	(32)
-#define SE_SELF_RELATIVE	(32768)
+#define SECURITY_DESCRIPTOR_REVISION    (1)
+#define SECURITY_DESCRIPTOR_REVISION1   (1)
+#define SECURITY_DESCRIPTOR_MIN_LENGTH  (20)
+#define SE_OWNER_DEFAULTED              (0x0001)
+#define SE_GROUP_DEFAULTED              (0x0002)
+#define SE_DACL_PRESENT                 (0x0004)
+#define SE_DACL_DEFAULTED               (0x0008)
+#define SE_SACL_PRESENT                 (0x0010)
+#define SE_SACL_DEFAULTED               (0x0020)
+#define SE_RM_CONTROL_VALID             (0x4000)
+#define SE_SELF_RELATIVE                (0x8000)

 /* PRIVILEGE_SET */
-#define SE_PRIVILEGE_ENABLED_BY_DEFAULT	(0x1L)
-#define SE_PRIVILEGE_ENABLED	(0x2L)
-#define SE_PRIVILEGE_USED_FOR_ACCESS	(0x80000000L)
-#define PRIVILEGE_SET_ALL_NECESSARY	(0x1)
+#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L)
+#define SE_PRIVILEGE_ENABLED            (0x2L)
+#define SE_PRIVILEGE_USED_FOR_ACCESS    (0x80000000L)
+#define PRIVILEGE_SET_ALL_NECESSARY     (0x1)

 /* SID */
 #define SID_REVISION		(1)
--- a/reactos/include/ntos/rtl.h
+++ b/reactos/include/ntos/rtl.h
@ -1337,6 +1337,10 @@ RtlGetSaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor,
 			      PACL* Sacl,
 			      PBOOLEAN SaclDefaulted);

+BOOLEAN STDCALL
+RtlGetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor,
+				  PUCHAR RMControl);
+
 NTSTATUS
 STDCALL
 RtlGetSetBootStatusData(
@ -2321,6 +2325,10 @@ RtlSetSaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor,
 			      PACL Sacl,
 			      BOOLEAN SaclDefaulted);

+VOID STDCALL
+RtlSetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor,
+				  PUCHAR RMControl);
+
 NTSTATUS STDCALL
 RtlSetInformationAcl (PACL Acl,
 		      PVOID Information,
--- a/reactos/include/ntos/security.h
+++ b/reactos/include/ntos/security.h
@ -36,13 +36,14 @@
 /* Security descriptor control. */
 #define SECURITY_DESCRIPTOR_REVISION	(1)
 #define SECURITY_DESCRIPTOR_MIN_LENGTH	(20)
-#define SE_OWNER_DEFAULTED	(1)
-#define SE_GROUP_DEFAULTED	(2)
-#define SE_DACL_PRESENT	(4)
-#define SE_DACL_DEFAULTED	(8)
-#define SE_SACL_PRESENT	(16)
-#define SE_SACL_DEFAULTED	(32)
-#define SE_SELF_RELATIVE	(32768)
+#define SE_OWNER_DEFAULTED	(0x0001)
+#define SE_GROUP_DEFAULTED	(0x0002)
+#define SE_DACL_PRESENT		(0x0004)
+#define SE_DACL_DEFAULTED	(0x0008)
+#define SE_SACL_PRESENT		(0x0010)
+#define SE_SACL_DEFAULTED	(0x0020)
+#define SE_RM_CONTROL_VALID	(0x4000)
+#define SE_SELF_RELATIVE	(0x8000)
 #endif

 /* This is defined in the Win 32 API headers as something else: */
--- a/reactos/lib/advapi32/advapi32.def
+++ b/reactos/lib/advapi32/advapi32.def
@ -54,7 +54,7 @@ ControlService@12
 ConvertSidToStringSidA@8
 ConvertSidToStringSidW@8
 CopySid@12
-;CreatePrivateObjectSecurity@24
+CreatePrivateObjectSecurity@24
 CreateProcessAsUserA@44
 CreateProcessAsUserW@44
 CreateServiceA@52
@ -93,7 +93,7 @@ DeleteService@4
 ;DenyAccessRightsA
 ;DenyAccessRightsW
 DeregisterEventSource@4
-;DestroyPrivateObjectSecurity@4
+DestroyPrivateObjectSecurity@4
 DuplicateToken@12
 DuplicateTokenEx@24
 ;ElfBackupEventLogFileA@8
@ -157,7 +157,7 @@ GetNamedSecurityInfoA@32
 GetNamedSecurityInfoW@32
 GetNumberOfEventLogRecords@8
 GetOldestEventLogRecord@8
-;GetPrivateObjectSecurity@20
+GetPrivateObjectSecurity@20
 GetSecurityDescriptorControl@12
 GetSecurityDescriptorDacl@16
 GetSecurityDescriptorGroup@12
@ -379,7 +379,8 @@ SetFileSecurityW@12
 SetKernelObjectSecurity@12
 SetNamedSecurityInfoA@28
 SetNamedSecurityInfoW@28
-;SetPrivateObjectSecurity@20
+SetPrivateObjectSecurity@20
+SetSecurityDescriptorControl@12
 SetSecurityDescriptorDacl@16
 SetSecurityDescriptorGroup@12
 SetSecurityDescriptorOwner@12
--- a/reactos/lib/advapi32/sec/sec.c
+++ b/reactos/lib/advapi32/sec/sec.c
@ -124,7 +124,7 @@ GetSecurityDescriptorOwner (
 	PSECURITY_DESCRIPTOR	pSecurityDescriptor,
 	PSID			*pOwner,
 	LPBOOL			lpbOwnerDefaulted
-)
+	)
 {
 	BOOLEAN OwnerDefaulted;
 	NTSTATUS Status;
@ -144,6 +144,23 @@ GetSecurityDescriptorOwner (
 }


+/*
+ * @implemented
+ */
+DWORD
+STDCALL
+GetSecurityDescriptorRMControl (
+	PSECURITY_DESCRIPTOR	SecurityDescriptor,
+	PUCHAR			RMControl)
+{
+  if (!RtlGetSecurityDescriptorRMControl(SecurityDescriptor,
+					 RMControl))
+    return ERROR_INVALID_DATA;
+
+  return ERROR_SUCCESS;
+}
+
+
 /*
 * @implemented
 */
@ -288,6 +305,31 @@ MakeSelfRelativeSD (
 }


+/*
+ * @implemented
+ */
+BOOL
+STDCALL
+SetSecurityDescriptorControl (
+	PSECURITY_DESCRIPTOR		pSecurityDescriptor,
+	SECURITY_DESCRIPTOR_CONTROL	ControlBitsOfInterest,
+	SECURITY_DESCRIPTOR_CONTROL	ControlBitsToSet)
+{
+	NTSTATUS Status;
+
+	Status = RtlSetControlSecurityDescriptor(pSecurityDescriptor,
+	                                         ControlBitsOfInterest,
+	                                         ControlBitsToSet);
+	if (!NT_SUCCESS(Status))
+	{
+		SetLastError (RtlNtStatusToDosError (Status));
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
+
 /*
 * @implemented
 */
@ -368,6 +410,22 @@ SetSecurityDescriptorOwner (
 }


+/*
+ * @implemented
+ */
+DWORD
+STDCALL
+SetSecurityDescriptorRMControl (
+	PSECURITY_DESCRIPTOR	SecurityDescriptor,
+	PUCHAR			RMControl)
+{
+  RtlSetSecurityDescriptorRMControl(SecurityDescriptor,
+				    RMControl);
+
+  return ERROR_SUCCESS;
+}
+
+
 /*
 * @implemented
 */
--- a/reactos/lib/ntdll/def/ntdll.def
+++ b/reactos/lib/ntdll/def/ntdll.def
@ -369,8 +369,6 @@ RtlDecompressFragment@32
 RtlDeleteAce@8
 RtlDeleteAtomFromAtomTable@8
 RtlDeleteCriticalSection@4
-RtlDuplicateUnicodeString@12
-RtlSetCriticalSectionSpinCount@8
 ;RtlDeleteElementGenericTable
 ;RtlDeleteNoSplay
 RtlDeleteOwnersRanges@8
@ -394,6 +392,7 @@ RtlDosSearchPath_U@24
 RtlDowncaseUnicodeChar@4
 RtlDowncaseUnicodeString@12
 RtlDumpResource@4
+RtlDuplicateUnicodeString@12
 RtlEmptyAtomTable@8
 RtlEnlargedIntegerMultiply@8
 RtlEnlargedUnsignedDivide@16
@ -462,6 +461,7 @@ RtlGetNtVersionNumbers@12
 RtlGetOwnerSecurityDescriptor@12
 RtlGetProcessHeaps@8
 RtlGetSaclSecurityDescriptor@16
+RtlGetSecurityDescriptorRMControl@8
 ;RtlGetUserInfoHeap
 RtlGetVersion@4
 RtlIdentifierAuthoritySid@4
@ -586,6 +586,7 @@ RtlSetAllBits@4
 ;RtlSetAttributesSecurityDescriptor
 RtlSetBits@12
 RtlSetControlSecurityDescriptor@12
+RtlSetCriticalSectionSpinCount@8
 RtlSetCurrentDirectory_U@4
 RtlSetCurrentEnvironment@8
 RtlSetDaclSecurityDescriptor@16
@ -594,6 +595,7 @@ RtlSetGroupSecurityDescriptor@12
 RtlSetInformationAcl@16
 RtlSetOwnerSecurityDescriptor@12
 RtlSetSaclSecurityDescriptor@16
+RtlSetSecurityDescriptorRMControl@8
 ;RtlSetSecurityObject
 RtlSetTimeZoneInformation@4
 ;RtlSetUnicodeCallouts
--- a/reactos/lib/rtl/sd.c
+++ b/reactos/lib/rtl/sd.c
@ -789,8 +789,8 @@ RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR RelSD,


 /*
-* @unimplemented
-*/
+ * @unimplemented
+ */
 NTSTATUS STDCALL
 RtlSelfRelativeToAbsoluteSD2(PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
                             PULONG BufferSize)
@ -870,4 +870,43 @@ RtlValidRelativeSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptorInp
   return TRUE;
 }

+
+/*
+ * @implemented
+ */
+BOOLEAN STDCALL
+RtlGetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor,
+                                  PUCHAR RMControl)
+{
+  if (!(SecurityDescriptor->Control & SE_RM_CONTROL_VALID))
+  {
+    *RMControl = 0;
+    return FALSE;
+  }
+
+  *RMControl = SecurityDescriptor->Sbz1;
+
+  return TRUE;
+}
+
+
+/*
+ * @implemented
+ */
+VOID STDCALL
+RtlSetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor,
+                                  PUCHAR RMControl)
+{
+  if (RMControl == NULL)
+  {
+    SecurityDescriptor->Control &= ~SE_RM_CONTROL_VALID;
+    SecurityDescriptor->Sbz1 = 0;
+  }
+  else
+  {
+    SecurityDescriptor->Control |= SE_RM_CONTROL_VALID;
+    SecurityDescriptor->Sbz1 = *RMControl;
+  }
+}
+
 /* EOF */
--- a/reactos/w32api/include/winbase.h
+++ b/reactos/w32api/include/winbase.h
@ -1457,6 +1457,7 @@ BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR,LPBOOL,PACL*,LPBOOL);
 BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR,PSID*,LPBOOL);
 DWORD WINAPI GetSecurityDescriptorLength(PSECURITY_DESCRIPTOR);
 BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR,PSID*,LPBOOL);
+DWORD WINAPI GetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR,PUCHAR);
 BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR,LPBOOL,PACL*,LPBOOL);
 DWORD WINAPI GetShortPathNameA(LPCSTR,LPSTR,DWORD);
 DWORD WINAPI GetShortPathNameW(LPCWSTR,LPWSTR,DWORD);
@ -1835,6 +1836,7 @@ BOOL WINAPI SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR,SECURITY_DESCRIPTO
 BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR,BOOL,PACL,BOOL);
 BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR,PSID,BOOL);
 BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR,PSID,BOOL);
+DWORD WINAPI SetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR,PUCHAR);
 BOOL WINAPI SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR,BOOL,PACL,BOOL);
 BOOL WINAPI SetStdHandle(DWORD,HANDLE);
 #define SetSwapAreaSize(w) (w)