From 3e8f4222f0310e47d6d9afe3ccb838108cc937d0 Mon Sep 17 00:00:00 2001 From: Alex Ionescu Date: Thu, 4 Oct 2012 18:48:15 +0000 Subject: [PATCH] [RTL]: Add all the missing Rtl*Security*Object APIs and put them all in security.c. Move privilege functions into a new file, priv.c. No functional/code changes, just more stubs/exports and moving things around. svn path=/trunk/; revision=57481 --- reactos/dll/ntdll/def/ntdll.spec | 14 +- reactos/lib/rtl/CMakeLists.txt | 1 + reactos/lib/rtl/priv.c | 185 ++++++++++++++++++++ reactos/lib/rtl/security.c | 290 +++++++++++++------------------ 4 files changed, 314 insertions(+), 176 deletions(-) create mode 100644 reactos/lib/rtl/priv.c diff --git a/reactos/dll/ntdll/def/ntdll.spec b/reactos/dll/ntdll/def/ntdll.spec index 2760640fbd9..b45a1969874 100644 --- a/reactos/dll/ntdll/def/ntdll.spec +++ b/reactos/dll/ntdll/def/ntdll.spec @@ -491,7 +491,7 @@ ;@ stdcall RtlConvertPropertyToVariant @ stdcall RtlConvertSharedToExclusive(ptr) @ stdcall RtlConvertSidToUnicodeString(ptr ptr long) -;@ stdcall RtlConvertToAutoInheritSecurityObject +@ stdcall RtlConvertToAutoInheritSecurityObject(ptr ptr ptr ptr long ptr) ;@ stdcall RtlConvertUiListToApiList @ stdcall -arch=win32 -ret64 RtlConvertUlongToLargeInteger(long) ;@ stdcall RtlConvertVariantToProperty @@ -525,7 +525,7 @@ @ stdcall RtlCreateUnicodeString(ptr wstr) @ stdcall RtlCreateUnicodeStringFromAsciiz(ptr str) @ stdcall RtlCreateUserProcess(ptr long ptr ptr ptr ptr long ptr ptr ptr) -;@ stdcall RtlCreateUserSecurityObject +@ stdcall RtlCreateUserSecurityObject(ptr long ptr ptr long ptr ptr) @ stdcall RtlCreateUserThread(long ptr long ptr long long ptr ptr ptr ptr) @ stdcall RtlCustomCPToUnicodeN(ptr wstr long ptr str long) @ stdcall RtlCutoverTimeToSystemTime(ptr ptr ptr long) @@ -788,11 +788,11 @@ ;@ stdcall RtlMultiAppendUnicodeStringBuffer @ stdcall RtlMultiByteToUnicodeN(ptr long ptr ptr long) @ stdcall RtlMultiByteToUnicodeSize(ptr str long) -;@ stdcall RtlNewInstanceSecurityObject -;@ stdcall RtlNewSecurityGrantedAccess +@ stdcall RtlNewInstanceSecurityObject(long long ptr ptr ptr ptr ptr long ptr ptr) +@ stdcall RtlNewSecurityGrantedAccess(long ptr ptr ptr ptr ptr) @ stdcall RtlNewSecurityObject(ptr ptr ptr long ptr ptr) -;@ stdcall RtlNewSecurityObjectEx -;@ stdcall RtlNewSecurityObjectWithMultipleInheritance +@ stdcall RtlNewSecurityObjectEx(ptr ptr ptr ptr long long ptr ptr) +@ stdcall RtlNewSecurityObjectWithMultipleInheritance(ptr ptr ptr ptr long long long ptr ptr) @ stdcall RtlNormalizeProcessParams(ptr) @ stdcall RtlNtPathNameToDosPathName(ptr ptr ptr ptr) ; CHECKME @ stdcall RtlNtStatusToDosError(long) @@ -893,7 +893,7 @@ @ stdcall RtlSetSaclSecurityDescriptor(ptr long ptr long) @ stdcall RtlSetSecurityDescriptorRMControl(ptr ptr) @ stdcall RtlSetSecurityObject(long ptr ptr ptr ptr) -;@ stdcall RtlSetSecurityObjectEx +@ stdcall RtlSetSecurityObjectEx(long ptr ptr long ptr ptr) @ stdcall RtlSetThreadErrorMode(long ptr) @ stdcall RtlSetThreadIsCritical(long ptr long) @ stdcall RtlSetThreadPoolStartFunc(ptr ptr) diff --git a/reactos/lib/rtl/CMakeLists.txt b/reactos/lib/rtl/CMakeLists.txt index a6becccc85c..5009360f037 100644 --- a/reactos/lib/rtl/CMakeLists.txt +++ b/reactos/lib/rtl/CMakeLists.txt @@ -39,6 +39,7 @@ list(APPEND SOURCE nls.c path.c ppb.c + priv.c process.c propvar.c random.c diff --git a/reactos/lib/rtl/priv.c b/reactos/lib/rtl/priv.c new file mode 100644 index 00000000000..ebcf55f13cf --- /dev/null +++ b/reactos/lib/rtl/priv.c @@ -0,0 +1,185 @@ +/* + * COPYRIGHT: See COPYING in the top level directory + * PROJECT: ReactOS system libraries + * FILE: lib/rtl/priv.c + * PURPOSE: Security related functions and Security Objects + * PROGRAMMER: Eric Kohl + */ + +/* INCLUDES *****************************************************************/ + +#include + +#define NDEBUG +#include + +/* FUNCTIONS ***************************************************************/ + +/* + * @implemented + */ +NTSTATUS +NTAPI +RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel) +{ + HANDLE ProcessToken; + HANDLE ImpersonationToken; + NTSTATUS Status; + OBJECT_ATTRIBUTES ObjAttr; + SECURITY_QUALITY_OF_SERVICE Sqos; + + PAGED_CODE_RTL(); + + Status = ZwOpenProcessToken(NtCurrentProcess(), + TOKEN_DUPLICATE, + &ProcessToken); + if (!NT_SUCCESS(Status)) + { + DPRINT1("NtOpenProcessToken() failed (Status %lx)\n", Status); + return Status; + } + + Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE); + Sqos.ImpersonationLevel = ImpersonationLevel; + Sqos.ContextTrackingMode = 0; + Sqos.EffectiveOnly = FALSE; + + InitializeObjectAttributes(&ObjAttr, + NULL, + 0, + NULL, + NULL); + + ObjAttr.SecurityQualityOfService = &Sqos; + + Status = ZwDuplicateToken(ProcessToken, + TOKEN_IMPERSONATE, + &ObjAttr, + Sqos.EffectiveOnly, /* why both here _and_ in Sqos? */ + TokenImpersonation, + &ImpersonationToken); + if (!NT_SUCCESS(Status)) + { + DPRINT1("NtDuplicateToken() failed (Status %lx)\n", Status); + NtClose(ProcessToken); + return Status; + } + + Status = ZwSetInformationThread(NtCurrentThread(), + ThreadImpersonationToken, + &ImpersonationToken, + sizeof(HANDLE)); + if (!NT_SUCCESS(Status)) + { + DPRINT1("NtSetInformationThread() failed (Status %lx)\n", Status); + } + + ZwClose(ImpersonationToken); + ZwClose(ProcessToken); + + return Status; +} + +/* + * @unimplemented + */ +NTSTATUS +NTAPI +RtlAcquirePrivilege(IN PULONG Privilege, + IN ULONG NumPriv, + IN ULONG Flags, + OUT PVOID *ReturnedState) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; +} + +/* + * @unimplemented + */ +VOID +NTAPI +RtlReleasePrivilege(IN PVOID ReturnedState) +{ + UNIMPLEMENTED; +} + +/* + * @implemented + */ +NTSTATUS +NTAPI +RtlAdjustPrivilege(IN ULONG Privilege, + IN BOOLEAN Enable, + IN BOOLEAN CurrentThread, + OUT PBOOLEAN Enabled) +{ + TOKEN_PRIVILEGES NewState; + TOKEN_PRIVILEGES OldState; + ULONG ReturnLength; + HANDLE TokenHandle; + NTSTATUS Status; + + PAGED_CODE_RTL(); + + DPRINT("RtlAdjustPrivilege() called\n"); + + if (CurrentThread) + { + Status = ZwOpenThreadToken(NtCurrentThread(), + TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, + FALSE, + &TokenHandle); + } + else + { + Status = ZwOpenProcessToken(NtCurrentProcess(), + TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, + &TokenHandle); + } + + if (!NT_SUCCESS (Status)) + { + DPRINT1("Retrieving token handle failed (Status %lx)\n", Status); + return Status; + } + + OldState.PrivilegeCount = 1; + + NewState.PrivilegeCount = 1; + NewState.Privileges[0].Luid.LowPart = Privilege; + NewState.Privileges[0].Luid.HighPart = 0; + NewState.Privileges[0].Attributes = (Enable) ? SE_PRIVILEGE_ENABLED : 0; + + Status = ZwAdjustPrivilegesToken(TokenHandle, + FALSE, + &NewState, + sizeof(TOKEN_PRIVILEGES), + &OldState, + &ReturnLength); + ZwClose (TokenHandle); + if (Status == STATUS_NOT_ALL_ASSIGNED) + { + DPRINT1("Failed to assign all privileges\n"); + return STATUS_PRIVILEGE_NOT_HELD; + } + + if (!NT_SUCCESS(Status)) + { + DPRINT1("NtAdjustPrivilegesToken() failed (Status %lx)\n", Status); + return Status; + } + + if (OldState.PrivilegeCount == 0) + { + *Enabled = Enable; + } + else + { + *Enabled = (OldState.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED); + } + + DPRINT("RtlAdjustPrivilege() done\n"); + + return STATUS_SUCCESS; +} diff --git a/reactos/lib/rtl/security.c b/reactos/lib/rtl/security.c index 8dc6646052f..b97a119205e 100644 --- a/reactos/lib/rtl/security.c +++ b/reactos/lib/rtl/security.c @@ -15,175 +15,6 @@ /* FUNCTIONS ***************************************************************/ -/* - * @implemented - */ -NTSTATUS -NTAPI -RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel) -{ - HANDLE ProcessToken; - HANDLE ImpersonationToken; - NTSTATUS Status; - OBJECT_ATTRIBUTES ObjAttr; - SECURITY_QUALITY_OF_SERVICE Sqos; - - PAGED_CODE_RTL(); - - Status = ZwOpenProcessToken(NtCurrentProcess(), - TOKEN_DUPLICATE, - &ProcessToken); - if (!NT_SUCCESS(Status)) - { - DPRINT1("NtOpenProcessToken() failed (Status %lx)\n", Status); - return Status; - } - - Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE); - Sqos.ImpersonationLevel = ImpersonationLevel; - Sqos.ContextTrackingMode = 0; - Sqos.EffectiveOnly = FALSE; - - InitializeObjectAttributes(&ObjAttr, - NULL, - 0, - NULL, - NULL); - - ObjAttr.SecurityQualityOfService = &Sqos; - - Status = ZwDuplicateToken(ProcessToken, - TOKEN_IMPERSONATE, - &ObjAttr, - Sqos.EffectiveOnly, /* why both here _and_ in Sqos? */ - TokenImpersonation, - &ImpersonationToken); - if (!NT_SUCCESS(Status)) - { - DPRINT1("NtDuplicateToken() failed (Status %lx)\n", Status); - NtClose(ProcessToken); - return Status; - } - - Status = ZwSetInformationThread(NtCurrentThread(), - ThreadImpersonationToken, - &ImpersonationToken, - sizeof(HANDLE)); - if (!NT_SUCCESS(Status)) - { - DPRINT1("NtSetInformationThread() failed (Status %lx)\n", Status); - } - - ZwClose(ImpersonationToken); - ZwClose(ProcessToken); - - return Status; -} - -/* - * @unimplemented - */ -NTSTATUS -NTAPI -RtlAcquirePrivilege(IN PULONG Privilege, - IN ULONG NumPriv, - IN ULONG Flags, - OUT PVOID *ReturnedState) -{ - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; -} - -/* - * @unimplemented - */ -VOID -NTAPI -RtlReleasePrivilege(IN PVOID ReturnedState) -{ - UNIMPLEMENTED; -} - -/* - * @implemented - */ -NTSTATUS -NTAPI -RtlAdjustPrivilege(IN ULONG Privilege, - IN BOOLEAN Enable, - IN BOOLEAN CurrentThread, - OUT PBOOLEAN Enabled) -{ - TOKEN_PRIVILEGES NewState; - TOKEN_PRIVILEGES OldState; - ULONG ReturnLength; - HANDLE TokenHandle; - NTSTATUS Status; - - PAGED_CODE_RTL(); - - DPRINT("RtlAdjustPrivilege() called\n"); - - if (CurrentThread) - { - Status = ZwOpenThreadToken(NtCurrentThread(), - TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, - FALSE, - &TokenHandle); - } - else - { - Status = ZwOpenProcessToken(NtCurrentProcess(), - TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, - &TokenHandle); - } - - if (!NT_SUCCESS (Status)) - { - DPRINT1("Retrieving token handle failed (Status %lx)\n", Status); - return Status; - } - - OldState.PrivilegeCount = 1; - - NewState.PrivilegeCount = 1; - NewState.Privileges[0].Luid.LowPart = Privilege; - NewState.Privileges[0].Luid.HighPart = 0; - NewState.Privileges[0].Attributes = (Enable) ? SE_PRIVILEGE_ENABLED : 0; - - Status = ZwAdjustPrivilegesToken(TokenHandle, - FALSE, - &NewState, - sizeof(TOKEN_PRIVILEGES), - &OldState, - &ReturnLength); - ZwClose (TokenHandle); - if (Status == STATUS_NOT_ALL_ASSIGNED) - { - DPRINT1("Failed to assign all privileges\n"); - return STATUS_PRIVILEGE_NOT_HELD; - } - - if (!NT_SUCCESS(Status)) - { - DPRINT1("NtAdjustPrivilegesToken() failed (Status %lx)\n", Status); - return Status; - } - - if (OldState.PrivilegeCount == 0) - { - *Enabled = Enable; - } - else - { - *Enabled = (OldState.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED); - } - - DPRINT("RtlAdjustPrivilege() done\n"); - - return STATUS_SUCCESS; -} - /* * @implemented */ @@ -217,6 +48,111 @@ RtlNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, return STATUS_NOT_IMPLEMENTED; } +/* + * @unimplemented + */ +NTSTATUS +NTAPI +RtlNewSecurityObjectEx(IN PSECURITY_DESCRIPTOR ParentDescriptor, + IN PSECURITY_DESCRIPTOR CreatorDescriptor, + OUT PSECURITY_DESCRIPTOR *NewDescriptor, + IN LPGUID ObjectType, + IN BOOLEAN IsDirectoryObject, + IN ULONG AutoInheritFlags, + IN HANDLE Token, + IN PGENERIC_MAPPING GenericMapping) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; +} + +/* + * @unimplemented + */ +NTSTATUS +NTAPI +RtlNewSecurityObjectWithMultipleInheritance(IN PSECURITY_DESCRIPTOR ParentDescriptor, + IN PSECURITY_DESCRIPTOR CreatorDescriptor, + OUT PSECURITY_DESCRIPTOR *NewDescriptor, + IN LPGUID *ObjectTypes, + IN ULONG GuidCount, + IN BOOLEAN IsDirectoryObject, + IN ULONG AutoInheritFlags, + IN HANDLE Token, + IN PGENERIC_MAPPING GenericMapping) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; +} + +/* + * @unimplemented + */ +NTSTATUS +NTAPI +RtlConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, + IN PSECURITY_DESCRIPTOR CreatorDescriptor, + OUT PSECURITY_DESCRIPTOR *NewDescriptor, + IN LPGUID ObjectType, + IN BOOLEAN IsDirectoryObject, + IN PGENERIC_MAPPING GenericMapping) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; +} + +/* + * @unimplemented + */ +NTSTATUS +NTAPI +RtlCreateUserSecurityObject(IN PVOID AceData, + IN ULONG AceCount, + IN PSID OwnerSid, + IN PSID GroupSid, + IN BOOLEAN IsDirectoryObject, + IN PGENERIC_MAPPING GenericMapping, + OUT PSECURITY_DESCRIPTOR *NewDescriptor) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; +} + +/* + * @unimplemented + */ +NTSTATUS +NTAPI +RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged, + IN BOOLEAN CreatorDescriptorChanged, + IN PLUID OldClientTokenModifiedI, + OUT PLUID NewClientTokenModifiedId, + IN PSECURITY_DESCRIPTOR ParentDescriptor, + IN PSECURITY_DESCRIPTOR CreatorDescriptor, + OUT PSECURITY_DESCRIPTOR *NewDescriptor, + IN BOOLEAN IsDirectoryObject, + IN HANDLE Token, + IN PGENERIC_MAPPING GenericMapping) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; +} + +/* + * @unimplemented + */ +NTSTATUS +NTAPI +RtlNewSecurityGrantedAccess(IN ACCESS_MASK DesiredAccess, + OUT PPRIVILEGE_SET Privileges, + IN OUT PULONG Length, + IN HANDLE Token, + IN PGENERIC_MAPPING GenericMapping, + OUT PACCESS_MASK RemainingDesiredAccess) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; +} /* * @unimplemented @@ -290,6 +226,22 @@ RtlSetSecurityObject(IN SECURITY_INFORMATION SecurityInformation, return STATUS_NOT_IMPLEMENTED; } +/* + * @unimplemented + */ +NTSTATUS +NTAPI +RtlSetSecurityObjectEx(IN SECURITY_INFORMATION SecurityInformation, + IN PSECURITY_DESCRIPTOR ModificationDescriptor, + OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, + IN ULONG AutoInheritFlags, + IN PGENERIC_MAPPING GenericMapping, + IN HANDLE Token) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; +} + /* * @unimplemented */