From 1ca75be5f020337fc0b7feebc719111814e9cc2e Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Fri, 11 Feb 2005 15:52:38 +0000 Subject: [PATCH] Implement RtlGetSecurityDescriptorRMControl, RtlSetSecurityDescriptorRMControl, SetSecurityDescriptorControl, GetSecurityDescriptorRMControl and SetSecurityDescriptorRMControl. svn path=/trunk/; revision=13493 --- reactos/include/ddk/setypes.h | 29 +++++++-------- reactos/include/ntos/rtl.h | 8 +++++ reactos/include/ntos/security.h | 15 ++++---- reactos/lib/advapi32/advapi32.def | 9 ++--- reactos/lib/advapi32/sec/sec.c | 60 ++++++++++++++++++++++++++++++- reactos/lib/ntdll/def/ntdll.def | 6 ++-- reactos/lib/rtl/sd.c | 43 ++++++++++++++++++++-- reactos/w32api/include/winbase.h | 2 ++ 8 files changed, 142 insertions(+), 30 deletions(-) diff --git a/reactos/include/ddk/setypes.h b/reactos/include/ddk/setypes.h index 322b7bdc46e..f9890b4c988 100644 --- a/reactos/include/ddk/setypes.h +++ b/reactos/include/ddk/setypes.h @@ -50,22 +50,23 @@ #define FAILED_ACCESS_ACE_FLAG (0x80) /* SECURITY_DESCRIPTOR_CONTROL */ -#define SECURITY_DESCRIPTOR_REVISION (1) -#define SECURITY_DESCRIPTOR_REVISION1 (1) -#define SECURITY_DESCRIPTOR_MIN_LENGTH (20) -#define SE_OWNER_DEFAULTED (1) -#define SE_GROUP_DEFAULTED (2) -#define SE_DACL_PRESENT (4) -#define SE_DACL_DEFAULTED (8) -#define SE_SACL_PRESENT (16) -#define SE_SACL_DEFAULTED (32) -#define SE_SELF_RELATIVE (32768) +#define SECURITY_DESCRIPTOR_REVISION (1) +#define SECURITY_DESCRIPTOR_REVISION1 (1) +#define SECURITY_DESCRIPTOR_MIN_LENGTH (20) +#define SE_OWNER_DEFAULTED (0x0001) +#define SE_GROUP_DEFAULTED (0x0002) +#define SE_DACL_PRESENT (0x0004) +#define SE_DACL_DEFAULTED (0x0008) +#define SE_SACL_PRESENT (0x0010) +#define SE_SACL_DEFAULTED (0x0020) +#define SE_RM_CONTROL_VALID (0x4000) +#define SE_SELF_RELATIVE (0x8000) /* PRIVILEGE_SET */ -#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L) -#define SE_PRIVILEGE_ENABLED (0x2L) -#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L) -#define PRIVILEGE_SET_ALL_NECESSARY (0x1) +#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L) +#define SE_PRIVILEGE_ENABLED (0x2L) +#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L) +#define PRIVILEGE_SET_ALL_NECESSARY (0x1) /* SID */ #define SID_REVISION (1) diff --git a/reactos/include/ntos/rtl.h b/reactos/include/ntos/rtl.h index e3276f8560b..183e127afce 100755 --- a/reactos/include/ntos/rtl.h +++ b/reactos/include/ntos/rtl.h @@ -1337,6 +1337,10 @@ RtlGetSaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PACL* Sacl, PBOOLEAN SaclDefaulted); +BOOLEAN STDCALL +RtlGetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor, + PUCHAR RMControl); + NTSTATUS STDCALL RtlGetSetBootStatusData( @@ -2321,6 +2325,10 @@ RtlSetSaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PACL Sacl, BOOLEAN SaclDefaulted); +VOID STDCALL +RtlSetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor, + PUCHAR RMControl); + NTSTATUS STDCALL RtlSetInformationAcl (PACL Acl, PVOID Information, diff --git a/reactos/include/ntos/security.h b/reactos/include/ntos/security.h index 1fa8d5db05a..24545637e6c 100644 --- a/reactos/include/ntos/security.h +++ b/reactos/include/ntos/security.h @@ -36,13 +36,14 @@ /* Security descriptor control. */ #define SECURITY_DESCRIPTOR_REVISION (1) #define SECURITY_DESCRIPTOR_MIN_LENGTH (20) -#define SE_OWNER_DEFAULTED (1) -#define SE_GROUP_DEFAULTED (2) -#define SE_DACL_PRESENT (4) -#define SE_DACL_DEFAULTED (8) -#define SE_SACL_PRESENT (16) -#define SE_SACL_DEFAULTED (32) -#define SE_SELF_RELATIVE (32768) +#define SE_OWNER_DEFAULTED (0x0001) +#define SE_GROUP_DEFAULTED (0x0002) +#define SE_DACL_PRESENT (0x0004) +#define SE_DACL_DEFAULTED (0x0008) +#define SE_SACL_PRESENT (0x0010) +#define SE_SACL_DEFAULTED (0x0020) +#define SE_RM_CONTROL_VALID (0x4000) +#define SE_SELF_RELATIVE (0x8000) #endif /* This is defined in the Win 32 API headers as something else: */ diff --git a/reactos/lib/advapi32/advapi32.def b/reactos/lib/advapi32/advapi32.def index 0945f2130ee..8f8034abadd 100644 --- a/reactos/lib/advapi32/advapi32.def +++ b/reactos/lib/advapi32/advapi32.def @@ -54,7 +54,7 @@ ControlService@12 ConvertSidToStringSidA@8 ConvertSidToStringSidW@8 CopySid@12 -;CreatePrivateObjectSecurity@24 +CreatePrivateObjectSecurity@24 CreateProcessAsUserA@44 CreateProcessAsUserW@44 CreateServiceA@52 @@ -93,7 +93,7 @@ DeleteService@4 ;DenyAccessRightsA ;DenyAccessRightsW DeregisterEventSource@4 -;DestroyPrivateObjectSecurity@4 +DestroyPrivateObjectSecurity@4 DuplicateToken@12 DuplicateTokenEx@24 ;ElfBackupEventLogFileA@8 @@ -157,7 +157,7 @@ GetNamedSecurityInfoA@32 GetNamedSecurityInfoW@32 GetNumberOfEventLogRecords@8 GetOldestEventLogRecord@8 -;GetPrivateObjectSecurity@20 +GetPrivateObjectSecurity@20 GetSecurityDescriptorControl@12 GetSecurityDescriptorDacl@16 GetSecurityDescriptorGroup@12 @@ -379,7 +379,8 @@ SetFileSecurityW@12 SetKernelObjectSecurity@12 SetNamedSecurityInfoA@28 SetNamedSecurityInfoW@28 -;SetPrivateObjectSecurity@20 +SetPrivateObjectSecurity@20 +SetSecurityDescriptorControl@12 SetSecurityDescriptorDacl@16 SetSecurityDescriptorGroup@12 SetSecurityDescriptorOwner@12 diff --git a/reactos/lib/advapi32/sec/sec.c b/reactos/lib/advapi32/sec/sec.c index 00b353eeac1..ea7b36cac2a 100644 --- a/reactos/lib/advapi32/sec/sec.c +++ b/reactos/lib/advapi32/sec/sec.c @@ -124,7 +124,7 @@ GetSecurityDescriptorOwner ( PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted -) + ) { BOOLEAN OwnerDefaulted; NTSTATUS Status; @@ -144,6 +144,23 @@ GetSecurityDescriptorOwner ( } +/* + * @implemented + */ +DWORD +STDCALL +GetSecurityDescriptorRMControl ( + PSECURITY_DESCRIPTOR SecurityDescriptor, + PUCHAR RMControl) +{ + if (!RtlGetSecurityDescriptorRMControl(SecurityDescriptor, + RMControl)) + return ERROR_INVALID_DATA; + + return ERROR_SUCCESS; +} + + /* * @implemented */ @@ -288,6 +305,31 @@ MakeSelfRelativeSD ( } +/* + * @implemented + */ +BOOL +STDCALL +SetSecurityDescriptorControl ( + PSECURITY_DESCRIPTOR pSecurityDescriptor, + SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, + SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet) +{ + NTSTATUS Status; + + Status = RtlSetControlSecurityDescriptor(pSecurityDescriptor, + ControlBitsOfInterest, + ControlBitsToSet); + if (!NT_SUCCESS(Status)) + { + SetLastError (RtlNtStatusToDosError (Status)); + return FALSE; + } + + return TRUE; +} + + /* * @implemented */ @@ -368,6 +410,22 @@ SetSecurityDescriptorOwner ( } +/* + * @implemented + */ +DWORD +STDCALL +SetSecurityDescriptorRMControl ( + PSECURITY_DESCRIPTOR SecurityDescriptor, + PUCHAR RMControl) +{ + RtlSetSecurityDescriptorRMControl(SecurityDescriptor, + RMControl); + + return ERROR_SUCCESS; +} + + /* * @implemented */ diff --git a/reactos/lib/ntdll/def/ntdll.def b/reactos/lib/ntdll/def/ntdll.def index ca0ab12cbae..3122ecb60fd 100644 --- a/reactos/lib/ntdll/def/ntdll.def +++ b/reactos/lib/ntdll/def/ntdll.def @@ -369,8 +369,6 @@ RtlDecompressFragment@32 RtlDeleteAce@8 RtlDeleteAtomFromAtomTable@8 RtlDeleteCriticalSection@4 -RtlDuplicateUnicodeString@12 -RtlSetCriticalSectionSpinCount@8 ;RtlDeleteElementGenericTable ;RtlDeleteNoSplay RtlDeleteOwnersRanges@8 @@ -394,6 +392,7 @@ RtlDosSearchPath_U@24 RtlDowncaseUnicodeChar@4 RtlDowncaseUnicodeString@12 RtlDumpResource@4 +RtlDuplicateUnicodeString@12 RtlEmptyAtomTable@8 RtlEnlargedIntegerMultiply@8 RtlEnlargedUnsignedDivide@16 @@ -462,6 +461,7 @@ RtlGetNtVersionNumbers@12 RtlGetOwnerSecurityDescriptor@12 RtlGetProcessHeaps@8 RtlGetSaclSecurityDescriptor@16 +RtlGetSecurityDescriptorRMControl@8 ;RtlGetUserInfoHeap RtlGetVersion@4 RtlIdentifierAuthoritySid@4 @@ -586,6 +586,7 @@ RtlSetAllBits@4 ;RtlSetAttributesSecurityDescriptor RtlSetBits@12 RtlSetControlSecurityDescriptor@12 +RtlSetCriticalSectionSpinCount@8 RtlSetCurrentDirectory_U@4 RtlSetCurrentEnvironment@8 RtlSetDaclSecurityDescriptor@16 @@ -594,6 +595,7 @@ RtlSetGroupSecurityDescriptor@12 RtlSetInformationAcl@16 RtlSetOwnerSecurityDescriptor@12 RtlSetSaclSecurityDescriptor@16 +RtlSetSecurityDescriptorRMControl@8 ;RtlSetSecurityObject RtlSetTimeZoneInformation@4 ;RtlSetUnicodeCallouts diff --git a/reactos/lib/rtl/sd.c b/reactos/lib/rtl/sd.c index 6dd61e73c07..7430a16f521 100644 --- a/reactos/lib/rtl/sd.c +++ b/reactos/lib/rtl/sd.c @@ -789,8 +789,8 @@ RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR RelSD, /* -* @unimplemented -*/ + * @unimplemented + */ NTSTATUS STDCALL RtlSelfRelativeToAbsoluteSD2(PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, PULONG BufferSize) @@ -870,4 +870,43 @@ RtlValidRelativeSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptorInp return TRUE; } + +/* + * @implemented + */ +BOOLEAN STDCALL +RtlGetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor, + PUCHAR RMControl) +{ + if (!(SecurityDescriptor->Control & SE_RM_CONTROL_VALID)) + { + *RMControl = 0; + return FALSE; + } + + *RMControl = SecurityDescriptor->Sbz1; + + return TRUE; +} + + +/* + * @implemented + */ +VOID STDCALL +RtlSetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor, + PUCHAR RMControl) +{ + if (RMControl == NULL) + { + SecurityDescriptor->Control &= ~SE_RM_CONTROL_VALID; + SecurityDescriptor->Sbz1 = 0; + } + else + { + SecurityDescriptor->Control |= SE_RM_CONTROL_VALID; + SecurityDescriptor->Sbz1 = *RMControl; + } +} + /* EOF */ diff --git a/reactos/w32api/include/winbase.h b/reactos/w32api/include/winbase.h index a68cffb4def..ddeab7e1824 100644 --- a/reactos/w32api/include/winbase.h +++ b/reactos/w32api/include/winbase.h @@ -1457,6 +1457,7 @@ BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR,LPBOOL,PACL*,LPBOOL); BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR,PSID*,LPBOOL); DWORD WINAPI GetSecurityDescriptorLength(PSECURITY_DESCRIPTOR); BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR,PSID*,LPBOOL); +DWORD WINAPI GetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR,PUCHAR); BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR,LPBOOL,PACL*,LPBOOL); DWORD WINAPI GetShortPathNameA(LPCSTR,LPSTR,DWORD); DWORD WINAPI GetShortPathNameW(LPCWSTR,LPWSTR,DWORD); @@ -1835,6 +1836,7 @@ BOOL WINAPI SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR,SECURITY_DESCRIPTO BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR,BOOL,PACL,BOOL); BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR,PSID,BOOL); BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR,PSID,BOOL); +DWORD WINAPI SetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR,PUCHAR); BOOL WINAPI SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR,BOOL,PACL,BOOL); BOOL WINAPI SetStdHandle(DWORD,HANDLE); #define SetSwapAreaSize(w) (w)