Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-04 19:54:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

[RTL]: Add all the missing Rtl*Security*Object APIs and put them all in security.c. Move privilege functions into a new file, priv.c. No functional/code changes, just more stubs/exports and moving things around.

Browse source 
svn path=/trunk/; revision=57481
This commit is contained in:
Alex Ionescu 2012-10-04 18:48:15 +00:00
parent f6686c1c81
commit 3e8f4222f0
4 changed files with 314 additions and 176 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
reactos/dll/ntdll/def/ntdll.spec
View file

@ -491,7 +491,7 @@
;@ stdcall RtlConvertPropertyToVariant
@ stdcall RtlConvertSharedToExclusive(ptr)
@ stdcall RtlConvertSidToUnicodeString(ptr ptr long)
;@ stdcall RtlConvertToAutoInheritSecurityObject
@ stdcall RtlConvertToAutoInheritSecurityObject(ptr ptr ptr ptr long ptr)
;@ stdcall RtlConvertUiListToApiList
@ stdcall -arch=win32 -ret64 RtlConvertUlongToLargeInteger(long)
;@ stdcall RtlConvertVariantToProperty
@ -525,7 +525,7 @@
@ stdcall RtlCreateUnicodeString(ptr wstr)
@ stdcall RtlCreateUnicodeStringFromAsciiz(ptr str)
@ stdcall RtlCreateUserProcess(ptr long ptr ptr ptr ptr long ptr ptr ptr)
;@ stdcall RtlCreateUserSecurityObject
@ stdcall RtlCreateUserSecurityObject(ptr long ptr ptr long ptr ptr)
@ stdcall RtlCreateUserThread(long ptr long ptr long long ptr ptr ptr ptr)
@ stdcall RtlCustomCPToUnicodeN(ptr wstr long ptr str long)
@ stdcall RtlCutoverTimeToSystemTime(ptr ptr ptr long)
@ -788,11 +788,11 @@
;@ stdcall RtlMultiAppendUnicodeStringBuffer
@ stdcall RtlMultiByteToUnicodeN(ptr long ptr ptr long)
@ stdcall RtlMultiByteToUnicodeSize(ptr str long)
;@ stdcall RtlNewInstanceSecurityObject
;@ stdcall RtlNewSecurityGrantedAccess
@ stdcall RtlNewInstanceSecurityObject(long long ptr ptr ptr ptr ptr long ptr ptr)
@ stdcall RtlNewSecurityGrantedAccess(long ptr ptr ptr ptr ptr)
@ stdcall RtlNewSecurityObject(ptr ptr ptr long ptr ptr)
;@ stdcall RtlNewSecurityObjectEx
;@ stdcall RtlNewSecurityObjectWithMultipleInheritance
@ stdcall RtlNewSecurityObjectEx(ptr ptr ptr ptr long long ptr ptr)
@ stdcall RtlNewSecurityObjectWithMultipleInheritance(ptr ptr ptr ptr long long long ptr ptr)
@ stdcall RtlNormalizeProcessParams(ptr)
@ stdcall RtlNtPathNameToDosPathName(ptr ptr ptr ptr) ; CHECKME
@ stdcall RtlNtStatusToDosError(long)
@ -893,7 +893,7 @@
@ stdcall RtlSetSaclSecurityDescriptor(ptr long ptr long)
@ stdcall RtlSetSecurityDescriptorRMControl(ptr ptr)
@ stdcall RtlSetSecurityObject(long ptr ptr ptr ptr)
;@ stdcall RtlSetSecurityObjectEx
@ stdcall RtlSetSecurityObjectEx(long ptr ptr long ptr ptr)
@ stdcall RtlSetThreadErrorMode(long ptr)
@ stdcall RtlSetThreadIsCritical(long ptr long)
@ stdcall RtlSetThreadPoolStartFunc(ptr ptr)

1
reactos/lib/rtl/CMakeLists.txt
View file

@ -39,6 +39,7 @@ list(APPEND SOURCE
nls.c
path.c
ppb.c
priv.c
process.c
propvar.c
random.c

185
reactos/lib/rtl/priv.c Normal file
View file

@ -0,0 +1,185 @@
/*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS system libraries
* FILE: lib/rtl/priv.c
* PURPOSE: Security related functions and Security Objects
* PROGRAMMER: Eric Kohl
*/
/* INCLUDES *****************************************************************/
#include <rtl.h>
#define NDEBUG
#include <debug.h>
/* FUNCTIONS ***************************************************************/
/*
* @implemented
*/
NTSTATUS
NTAPI
RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
{
HANDLE ProcessToken;
HANDLE ImpersonationToken;
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjAttr;
SECURITY_QUALITY_OF_SERVICE Sqos;
PAGED_CODE_RTL();
Status = ZwOpenProcessToken(NtCurrentProcess(),
TOKEN_DUPLICATE,
&ProcessToken);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtOpenProcessToken() failed (Status %lx)\n", Status);
return Status;
}
Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
Sqos.ImpersonationLevel = ImpersonationLevel;
Sqos.ContextTrackingMode = 0;
Sqos.EffectiveOnly = FALSE;
InitializeObjectAttributes(&ObjAttr,
NULL,
0,
NULL,
NULL);
ObjAttr.SecurityQualityOfService = &Sqos;
Status = ZwDuplicateToken(ProcessToken,
TOKEN_IMPERSONATE,
&ObjAttr,
Sqos.EffectiveOnly, /* why both here _and_ in Sqos? */
TokenImpersonation,
&ImpersonationToken);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateToken() failed (Status %lx)\n", Status);
NtClose(ProcessToken);
return Status;
}
Status = ZwSetInformationThread(NtCurrentThread(),
ThreadImpersonationToken,
&ImpersonationToken,
sizeof(HANDLE));
if (!NT_SUCCESS(Status))
{
DPRINT1("NtSetInformationThread() failed (Status %lx)\n", Status);
}
ZwClose(ImpersonationToken);
ZwClose(ProcessToken);
return Status;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
RtlAcquirePrivilege(IN PULONG Privilege,
IN ULONG NumPriv,
IN ULONG Flags,
OUT PVOID *ReturnedState)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
VOID
NTAPI
RtlReleasePrivilege(IN PVOID ReturnedState)
{
UNIMPLEMENTED;
}
/*
* @implemented
*/
NTSTATUS
NTAPI
RtlAdjustPrivilege(IN ULONG Privilege,
IN BOOLEAN Enable,
IN BOOLEAN CurrentThread,
OUT PBOOLEAN Enabled)
{
TOKEN_PRIVILEGES NewState;
TOKEN_PRIVILEGES OldState;
ULONG ReturnLength;
HANDLE TokenHandle;
NTSTATUS Status;
PAGED_CODE_RTL();
DPRINT("RtlAdjustPrivilege() called\n");
if (CurrentThread)
{
Status = ZwOpenThreadToken(NtCurrentThread(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
FALSE,
&TokenHandle);
}
else
{
Status = ZwOpenProcessToken(NtCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&TokenHandle);
}
if (!NT_SUCCESS (Status))
{
DPRINT1("Retrieving token handle failed (Status %lx)\n", Status);
return Status;
}
OldState.PrivilegeCount = 1;
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Luid.LowPart = Privilege;
NewState.Privileges[0].Luid.HighPart = 0;
NewState.Privileges[0].Attributes = (Enable) ? SE_PRIVILEGE_ENABLED : 0;
Status = ZwAdjustPrivilegesToken(TokenHandle,
FALSE,
&NewState,
sizeof(TOKEN_PRIVILEGES),
&OldState,
&ReturnLength);
ZwClose (TokenHandle);
if (Status == STATUS_NOT_ALL_ASSIGNED)
{
DPRINT1("Failed to assign all privileges\n");
return STATUS_PRIVILEGE_NOT_HELD;
}
if (!NT_SUCCESS(Status))
{
DPRINT1("NtAdjustPrivilegesToken() failed (Status %lx)\n", Status);
return Status;
}
if (OldState.PrivilegeCount == 0)
{
*Enabled = Enable;
}
else
{
*Enabled = (OldState.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED);
}
DPRINT("RtlAdjustPrivilege() done\n");
return STATUS_SUCCESS;
}

290
reactos/lib/rtl/security.c
View file

@ -15,175 +15,6 @@
/* FUNCTIONS ***************************************************************/
/*
* @implemented
*/
NTSTATUS
NTAPI
RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
{
HANDLE ProcessToken;
HANDLE ImpersonationToken;
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjAttr;
SECURITY_QUALITY_OF_SERVICE Sqos;
PAGED_CODE_RTL();
Status = ZwOpenProcessToken(NtCurrentProcess(),
TOKEN_DUPLICATE,
&ProcessToken);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtOpenProcessToken() failed (Status %lx)\n", Status);
return Status;
}
Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
Sqos.ImpersonationLevel = ImpersonationLevel;
Sqos.ContextTrackingMode = 0;
Sqos.EffectiveOnly = FALSE;
InitializeObjectAttributes(&ObjAttr,
NULL,
0,
NULL,
NULL);
ObjAttr.SecurityQualityOfService = &Sqos;
Status = ZwDuplicateToken(ProcessToken,
TOKEN_IMPERSONATE,
&ObjAttr,
Sqos.EffectiveOnly, /* why both here _and_ in Sqos? */
TokenImpersonation,
&ImpersonationToken);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateToken() failed (Status %lx)\n", Status);
NtClose(ProcessToken);
return Status;
}
Status = ZwSetInformationThread(NtCurrentThread(),
ThreadImpersonationToken,
&ImpersonationToken,
sizeof(HANDLE));
if (!NT_SUCCESS(Status))
{
DPRINT1("NtSetInformationThread() failed (Status %lx)\n", Status);
}
ZwClose(ImpersonationToken);
ZwClose(ProcessToken);
return Status;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
RtlAcquirePrivilege(IN PULONG Privilege,
IN ULONG NumPriv,
IN ULONG Flags,
OUT PVOID *ReturnedState)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
VOID
NTAPI
RtlReleasePrivilege(IN PVOID ReturnedState)
{
UNIMPLEMENTED;
}
/*
* @implemented
*/
NTSTATUS
NTAPI
RtlAdjustPrivilege(IN ULONG Privilege,
IN BOOLEAN Enable,
IN BOOLEAN CurrentThread,
OUT PBOOLEAN Enabled)
{
TOKEN_PRIVILEGES NewState;
TOKEN_PRIVILEGES OldState;
ULONG ReturnLength;
HANDLE TokenHandle;
NTSTATUS Status;
PAGED_CODE_RTL();
DPRINT("RtlAdjustPrivilege() called\n");
if (CurrentThread)
{
Status = ZwOpenThreadToken(NtCurrentThread(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
FALSE,
&TokenHandle);
}
else
{
Status = ZwOpenProcessToken(NtCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&TokenHandle);
}
if (!NT_SUCCESS (Status))
{
DPRINT1("Retrieving token handle failed (Status %lx)\n", Status);
return Status;
}
OldState.PrivilegeCount = 1;
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Luid.LowPart = Privilege;
NewState.Privileges[0].Luid.HighPart = 0;
NewState.Privileges[0].Attributes = (Enable) ? SE_PRIVILEGE_ENABLED : 0;
Status = ZwAdjustPrivilegesToken(TokenHandle,
FALSE,
&NewState,
sizeof(TOKEN_PRIVILEGES),
&OldState,
&ReturnLength);
ZwClose (TokenHandle);
if (Status == STATUS_NOT_ALL_ASSIGNED)
{
DPRINT1("Failed to assign all privileges\n");
return STATUS_PRIVILEGE_NOT_HELD;
}
if (!NT_SUCCESS(Status))
{
DPRINT1("NtAdjustPrivilegesToken() failed (Status %lx)\n", Status);
return Status;
}
if (OldState.PrivilegeCount == 0)
{
*Enabled = Enable;
}
else
{
*Enabled = (OldState.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED);
}
DPRINT("RtlAdjustPrivilege() done\n");
return STATUS_SUCCESS;
}
/*
* @implemented
*/
@ -217,6 +48,111 @@ RtlNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor,
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
RtlNewSecurityObjectEx(IN PSECURITY_DESCRIPTOR ParentDescriptor,
IN PSECURITY_DESCRIPTOR CreatorDescriptor,
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
IN LPGUID ObjectType,
IN BOOLEAN IsDirectoryObject,
IN ULONG AutoInheritFlags,
IN HANDLE Token,
IN PGENERIC_MAPPING GenericMapping)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
RtlNewSecurityObjectWithMultipleInheritance(IN PSECURITY_DESCRIPTOR ParentDescriptor,
IN PSECURITY_DESCRIPTOR CreatorDescriptor,
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
IN LPGUID *ObjectTypes,
IN ULONG GuidCount,
IN BOOLEAN IsDirectoryObject,
IN ULONG AutoInheritFlags,
IN HANDLE Token,
IN PGENERIC_MAPPING GenericMapping)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
RtlConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor,
IN PSECURITY_DESCRIPTOR CreatorDescriptor,
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
IN LPGUID ObjectType,
IN BOOLEAN IsDirectoryObject,
IN PGENERIC_MAPPING GenericMapping)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
RtlCreateUserSecurityObject(IN PVOID AceData,
IN ULONG AceCount,
IN PSID OwnerSid,
IN PSID GroupSid,
IN BOOLEAN IsDirectoryObject,
IN PGENERIC_MAPPING GenericMapping,
OUT PSECURITY_DESCRIPTOR *NewDescriptor)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged,
IN BOOLEAN CreatorDescriptorChanged,
IN PLUID OldClientTokenModifiedI,
OUT PLUID NewClientTokenModifiedId,
IN PSECURITY_DESCRIPTOR ParentDescriptor,
IN PSECURITY_DESCRIPTOR CreatorDescriptor,
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
IN BOOLEAN IsDirectoryObject,
IN HANDLE Token,
IN PGENERIC_MAPPING GenericMapping)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
RtlNewSecurityGrantedAccess(IN ACCESS_MASK DesiredAccess,
OUT PPRIVILEGE_SET Privileges,
IN OUT PULONG Length,
IN HANDLE Token,
IN PGENERIC_MAPPING GenericMapping,
OUT PACCESS_MASK RemainingDesiredAccess)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
@ -290,6 +226,22 @@ RtlSetSecurityObject(IN SECURITY_INFORMATION SecurityInformation,
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
RtlSetSecurityObjectEx(IN SECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR ModificationDescriptor,
OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
IN ULONG AutoInheritFlags,
IN PGENERIC_MAPPING GenericMapping,
IN HANDLE Token)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/