Use proper PISID pointer to SID structure, fix wrong LUID definition, and remove duplicate code in Security Manager

svn path=/trunk/; revision=12806
2024-12-27 09:34:43 +00:00 · 2005-01-04 22:44:50 +00:00 · 2005-01-04 22:44:50 +00:00 · 4dba0925ac
commit 4dba0925ac
parent ddd07cb377
8 changed files with 76 additions and 263 deletions
--- a/reactos/include/ntdll/rtl.h
+++ b/reactos/include/ntdll/rtl.h
@ -193,6 +193,18 @@ RtlpInitDeferedCriticalSection(
    VOID
 );
 VOID
 STDCALL
 RtlpFreeDebugInfo(
    PRTL_CRITICAL_SECTION_DEBUG DebugInfo
 );
 PRTL_CRITICAL_SECTION_DEBUG
 STDCALL
 RtlpAllocateDebugInfo(
    VOID
 );
 NTSTATUS STDCALL
 RtlAddAccessAllowedAceEx (IN OUT PACL Acl,
 			  IN ULONG Revision,
--- a/reactos/include/ntos/obtypes.h
+++ b/reactos/include/ntos/obtypes.h
@ -83,8 +83,8 @@ typedef struct _OBJECT_ATTRIBUTES
   HANDLE RootDirectory;
   PUNICODE_STRING ObjectName;
   ULONG Attributes;
-   SECURITY_DESCRIPTOR *SecurityDescriptor;
+   PVOID SecurityDescriptor;
-   SECURITY_QUALITY_OF_SERVICE *SecurityQualityOfService;
+   PVOID SecurityQualityOfService;
 } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
 #endif /* __USE_W32API */
--- a/reactos/include/ntos/security.h
+++ b/reactos/include/ntos/security.h
@ -74,6 +74,18 @@ typedef struct _SECURITY_DESCRIPTOR_CONTEXT
 #ifndef __USE_W32API
 #ifndef _MSC_VER 
 #define SYSTEM_LUID                    {{ 0x3E7, 0x0 }}
 #define ANONYMOUS_LOGON_LUID           {{ 0x3e6, 0x0 }}
 #define LOCALSERVICE_LUID              {{ 0x3e5, 0x0 }}
 #define NETWORKSERVICE_LUID            {{ 0x3e4, 0x0 }}
 #else
 #define SYSTEM_LUID                     { 0x3E7, 0x0 }
 #define ANONYMOUS_LOGON_LUID            { 0x3e6, 0x0 }
 #define LOCALSERVICE_LUID               { 0x3e5, 0x0 }
 #define NETWORKSERVICE_LUID             { 0x3e4, 0x0 }
 #endif
 /* SID Auhority */
 #define SECURITY_NULL_SID_AUTHORITY		{0,0,0,0,0,0}
 #define SECURITY_WORLD_SID_AUTHORITY		{0,0,0,0,0,1}
@ -227,7 +239,9 @@ typedef struct _SID
  UCHAR  SubAuthorityCount;
  SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
  ULONG SubAuthority[1];
-} SID, *PSID;
+} SID, *PISID;
 typedef PVOID PSID;
 typedef struct _ACL
 {
--- a/reactos/lib/rtl/sid.c
+++ b/reactos/lib/rtl/sid.c
@ -1,4 +1,4 @@
-/* $Id: sid.c,v 1.4 2004/07/12 19:39:29 ekohl Exp $
+/* $Id$
 *
 * COPYRIGHT:         See COPYING in the top level directory
 * PROJECT:           ReactOS kernel
@ -22,8 +22,10 @@
 /* FUNCTIONS ***************************************************************/
 BOOLEAN STDCALL
-RtlValidSid(IN PSID Sid)
+RtlValidSid(IN PSID Sid_)
 {
  PISID Sid =  Sid_;
  if ((Sid->Revision != SID_REVISION) ||
      (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES))
    {
@ -48,10 +50,12 @@ RtlLengthRequiredSid(IN UCHAR SubAuthorityCount)
 * @implemented
 */
 NTSTATUS STDCALL
-RtlInitializeSid(IN PSID Sid,
+RtlInitializeSid(IN PSID Sid_,
                 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
                 IN UCHAR SubAuthorityCount)
 {
  PISID Sid =  Sid_;
  Sid->Revision = SID_REVISION;
  Sid->SubAuthorityCount = SubAuthorityCount;
  memcpy(&Sid->IdentifierAuthority,
@ -66,9 +70,11 @@ RtlInitializeSid(IN PSID Sid,
 * @implemented
 */
 PULONG STDCALL
-RtlSubAuthoritySid(IN PSID Sid,
+RtlSubAuthoritySid(IN PSID Sid_,
                   IN ULONG SubAuthority)
 {
  PISID Sid =  Sid_;
  return &Sid->SubAuthority[SubAuthority];
 }
@ -77,8 +83,10 @@ RtlSubAuthoritySid(IN PSID Sid,
 * @implemented
 */
 PUCHAR STDCALL
-RtlSubAuthorityCountSid(IN PSID Sid)
+RtlSubAuthorityCountSid(IN PSID Sid_)
 {
  PISID Sid =  Sid_;
  return &Sid->SubAuthorityCount;
 }
@ -87,9 +95,12 @@ RtlSubAuthorityCountSid(IN PSID Sid)
 * @implemented
 */
 BOOLEAN STDCALL
-RtlEqualSid(IN PSID Sid1,
+RtlEqualSid(IN PSID Sid1_,
-            IN PSID Sid2)
+            IN PSID Sid2_)
 {
  PISID Sid1 =  Sid1_;
  PISID Sid2 =  Sid2_;
  if (Sid1->Revision != Sid2->Revision)
   {
      return(FALSE);
@ -110,8 +121,10 @@ RtlEqualSid(IN PSID Sid1,
 * @implemented
 */
 ULONG STDCALL
-RtlLengthSid(IN PSID Sid)
+RtlLengthSid(IN PSID Sid_)
 {
  PISID Sid =  Sid_;
  return (sizeof(SID) + (Sid->SubAuthorityCount-1) * sizeof(ULONG));
 }
@ -180,8 +193,10 @@ RtlCopySidAndAttributesArray(ULONG Count,
 * @implemented
 */
 PSID_IDENTIFIER_AUTHORITY STDCALL
-RtlIdentifierAuthoritySid(IN PSID Sid)
+RtlIdentifierAuthoritySid(IN PSID Sid_)
 {
  PISID Sid =  Sid_;
  return &Sid->IdentifierAuthority;
 }
@ -202,7 +217,7 @@ RtlAllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
 			    ULONG SubAuthority7,
 			    PSID *Sid)
 {
-  PSID pSid;
+  PISID pSid;
  if (SubAuthorityCount > 8)
    return STATUS_INVALID_SID;
@ -267,9 +282,12 @@ RtlFreeSid(IN PSID Sid)
 * @implemented
 */
 BOOLEAN STDCALL
-RtlEqualPrefixSid(IN PSID Sid1,
+RtlEqualPrefixSid(IN PSID Sid1_,
-                  IN PSID Sid2)
+                  IN PSID Sid2_)
 {
  PISID Sid1 =  Sid1_;
  PISID Sid2 =  Sid2_;
   return(Sid1->SubAuthorityCount == Sid2->SubAuthorityCount &&
          !RtlCompareMemory(Sid1, Sid2,
                            (Sid1->SubAuthorityCount - 1) * sizeof(DWORD) + 8));
@ -281,13 +299,14 @@ RtlEqualPrefixSid(IN PSID Sid1,
 */
 NTSTATUS STDCALL
 RtlConvertSidToUnicodeString(PUNICODE_STRING String,
-                             PSID Sid,
+                             PSID Sid_,
                             BOOLEAN AllocateBuffer)
 {
   WCHAR Buffer[256];
   PWSTR wcs;
   ULONG Length;
   ULONG i;
   PISID Sid =  Sid_;
   if (RtlValidSid (Sid) == FALSE)
      return STATUS_INVALID_SID;
--- a/reactos/ntoskrnl/se/luid.c
+++ b/reactos/ntoskrnl/se/luid.c
@ -1,4 +1,4 @@
-/* $Id: luid.c,v 1.10 2004/08/15 16:39:11 chorns Exp $
+/* $Id$
 *
 * COPYRIGHT:         See COPYING in the top level directory
 * PROJECT:           ReactOS kernel
@ -20,15 +20,15 @@ static KSPIN_LOCK LuidLock;
 static LARGE_INTEGER LuidIncrement;
 static LARGE_INTEGER LuidValue;
 #define SYSTEM_LUID   0x3E7;
 /* FUNCTIONS *****************************************************************/
 VOID INIT_FUNCTION
 SepInitLuid(VOID)
 {
  LARGE_INTEGER DummyLuidValue = SYSTEM_LUID;
  KeInitializeSpinLock(&LuidLock);
-  LuidValue.QuadPart = SYSTEM_LUID;
+  LuidValue = DummyLuidValue;
  LuidIncrement.QuadPart = 1;
 }
--- a/reactos/ntoskrnl/se/sd.c
+++ b/reactos/ntoskrnl/se/sd.c
@ -1,4 +1,4 @@
-/* $Id: sd.c,v 1.20 2004/08/15 16:39:12 chorns Exp $
+/* $Id$
 *
 * COPYRIGHT:         See COPYING in the top level directory
 * PROJECT:           ReactOS kernel
@ -319,7 +319,7 @@ SeValidSecurityDescriptor(IN ULONG Length,
 			  IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 {
  ULONG SdLength;
-  PSID Sid;
+  PISID Sid;
  PACL Acl;
  if (Length < SECURITY_DESCRIPTOR_MIN_LENGTH)
@ -355,7 +355,7 @@ SeValidSecurityDescriptor(IN ULONG Length,
      return FALSE;
    }
-  Sid = (PSID)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Owner);
+  Sid = (PISID)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Owner);
  if (Sid->Revision != SID_REVISION)
    {
      DPRINT1("Invalid Owner SID revision\n");
--- a/reactos/ntoskrnl/se/sid.c
+++ b/reactos/ntoskrnl/se/sid.c
@ -1,4 +1,4 @@
-/* $Id: sid.c,v 1.16 2003/12/30 18:52:06 fireball Exp $
+/* $Id$
 *
 * COPYRIGHT:         See COPYING in the top level directory
 * PROJECT:           ReactOS kernel
@ -11,9 +11,9 @@
 /* INCLUDES *****************************************************************/
-#include <ddk/ntddk.h>
+#include <ntoskrnl.h>
 #include <internal/se.h>
 #define NDEBUG
 #include <internal/debug.h>
 #define TAG_SID    TAG('S', 'I', 'D', 'T')
@ -467,230 +467,4 @@ SepInitSecurityIDs(VOID)
  return(TRUE);
 }
 /*
 * @implemented
 */
 BOOLEAN STDCALL
 RtlValidSid(PSID Sid)
 {
   if ((Sid->Revision & 0xf) != 1)
     {
 	return(FALSE);
     }
   if (Sid->SubAuthorityCount > 15)
     {
 	return(FALSE);
     }
   return(TRUE);
 }
 /*
 * @implemented
 */
 ULONG STDCALL
 RtlLengthRequiredSid(UCHAR SubAuthorityCount)
 {
  return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG));
 }
 /*
 * @implemented
 */
 NTSTATUS STDCALL
 RtlInitializeSid(PSID Sid,
 		 PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
 		 UCHAR SubAuthorityCount)
 {
  Sid->Revision = 1;
  Sid->SubAuthorityCount = SubAuthorityCount;
  RtlCopyMemory(&Sid->IdentifierAuthority,
 		IdentifierAuthority,
 		sizeof(SID_IDENTIFIER_AUTHORITY));
  return(STATUS_SUCCESS);
 }
 /*
 * @implemented
 */
 PULONG STDCALL
 RtlSubAuthoritySid(PSID Sid,
 		   ULONG SubAuthority)
 {
  return(&Sid->SubAuthority[SubAuthority]);
 }
 /*
 * @implemented
 */
 PUCHAR STDCALL
 RtlSubAuthorityCountSid(PSID Sid)
 {
  return(&Sid->SubAuthorityCount);
 }
 /*
 * @implemented
 */
 BOOLEAN STDCALL
 RtlEqualSid(PSID Sid1,
 	    PSID Sid2)
 {
   if (Sid1->Revision != Sid2->Revision)
     {
 	return(FALSE);
     }
   if ((*RtlSubAuthorityCountSid(Sid1)) !=
       (*RtlSubAuthorityCountSid(Sid2)))
     {
 	return(FALSE);
     }
   if (memcmp(Sid1, Sid2, RtlLengthSid(Sid1)) != 0)
     {
 	return(FALSE);
     }
   return(TRUE);
 }
 /*
 * @implemented
 */
 ULONG STDCALL
 RtlLengthSid(PSID Sid)
 {
  return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
 }
 /*
 * @implemented
 */
 NTSTATUS STDCALL
 RtlCopySid(ULONG BufferLength,
 	   PSID Dest,
 	   PSID Src)
 {
   if (BufferLength < RtlLengthSid(Src))
     {
 	return(STATUS_UNSUCCESSFUL);
     }
   memmove(Dest, Src, RtlLengthSid(Src));
   return(STATUS_SUCCESS);
 }
 NTSTATUS STDCALL
 RtlCopySidAndAttributesArray(ULONG Count,
 			     PSID_AND_ATTRIBUTES Src,
 			     ULONG SidAreaSize,
 			     PSID_AND_ATTRIBUTES Dest,
 			     PVOID SidArea,
 			     PVOID* RemainingSidArea,
 			     PULONG RemainingSidAreaSize)
 {
  ULONG Length;
  ULONG i;
  Length = SidAreaSize;
  for (i=0; i<Count; i++)
    {
 	if (RtlLengthSid(Src[i].Sid) > Length)
 	  {
 	     return(STATUS_BUFFER_TOO_SMALL);
 	  }
 	Length = Length - RtlLengthSid(Src[i].Sid);
 	Dest[i].Sid = SidArea;
 	Dest[i].Attributes = Src[i].Attributes;
 	RtlCopySid(RtlLengthSid(Src[i].Sid), SidArea, Src[i].Sid);
 	SidArea = (char*)SidArea + RtlLengthSid(Src[i].Sid);
    }
  *RemainingSidArea = SidArea;
  *RemainingSidAreaSize = Length;
  return(STATUS_SUCCESS);
 }
 /*
 * @implemented
 */
 NTSTATUS STDCALL
 RtlConvertSidToUnicodeString(PUNICODE_STRING String,
 			     PSID Sid,
 			     BOOLEAN AllocateString)
 {
   WCHAR Buffer[256];
   PWSTR Ptr;
   ULONG Length;
   ULONG i;
   if (!RtlValidSid(Sid))
     return STATUS_INVALID_SID;
   Ptr = Buffer;
   Ptr += swprintf (Ptr,
 		    L"S-%u-",
 		    Sid->Revision);
   if(!Sid->IdentifierAuthority.Value[0] &&
      !Sid->IdentifierAuthority.Value[1])
      {
 	Ptr += swprintf(Ptr,
 			L"%u",
 			(ULONG)Sid->IdentifierAuthority.Value[2] << 24 |
 			(ULONG)Sid->IdentifierAuthority.Value[3] << 16 |
 			(ULONG)Sid->IdentifierAuthority.Value[4] << 8 |
 			(ULONG)Sid->IdentifierAuthority.Value[5]);
     }
   else
     {
 	Ptr += swprintf(Ptr,
 			L"0x%02hx%02hx%02hx%02hx%02hx%02hx",
 			Sid->IdentifierAuthority.Value[0],
 			Sid->IdentifierAuthority.Value[1],
 			Sid->IdentifierAuthority.Value[2],
 			Sid->IdentifierAuthority.Value[3],
 			Sid->IdentifierAuthority.Value[4],
 			Sid->IdentifierAuthority.Value[5]);
     }
   for (i = 0; i < Sid->SubAuthorityCount; i++)
     {
 	Ptr += swprintf(Ptr,
 			L"-%u",
 			Sid->SubAuthority[i]);
     }
   Length = (Ptr - Buffer) * sizeof(WCHAR);
   if (AllocateString)
     {
 	String->Buffer = ExAllocatePool(NonPagedPool,
 					Length + sizeof(WCHAR));
 	if (String->Buffer == NULL)
 	  return STATUS_NO_MEMORY;
 	String->MaximumLength = Length + sizeof(WCHAR);
     }
   else
     {
 	if (Length > String->MaximumLength)
 	  return STATUS_BUFFER_TOO_SMALL;
     }
   String->Length = Length;
   memmove(String->Buffer,
 	   Buffer,
 	   Length);
   if (Length < String->MaximumLength)
     String->Buffer[Length/sizeof(WCHAR)] = 0;
   return STATUS_SUCCESS;
 }
 /* EOF */
--- a/reactos/ntoskrnl/se/token.c
+++ b/reactos/ntoskrnl/se/token.c
@ -11,13 +11,7 @@
 /* INCLUDES *****************************************************************/
-#include <limits.h>
+#include <ntoskrnl.h>
 #define NTOS_MODE_KERNEL
 #include <ntos.h>
 #include <internal/ob.h>
 #include <internal/ps.h>
 #include <internal/se.h>
 #include <internal/safe.h>
 #define NDEBUG
 #include <internal/debug.h>
@ -31,8 +25,6 @@ static GENERIC_MAPPING SepTokenMapping = {TOKEN_READ,
 					  TOKEN_EXECUTE,
 					  TOKEN_ALL_ACCESS};
 //#define SYSTEM_LUID                      0x3E7;
 /* FUNCTIONS *****************************************************************/
 VOID SepFreeProxyData(PVOID ProxyData)
@ -1028,6 +1020,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
 * NOTE: Some sources claim 4th param is ImpersonationLevel, but on W2K
 * this is certainly NOT true, thou i can't say for sure that EffectiveOnly
 * is correct either. -Gunnar
 * This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI
 */
 NTSTATUS STDCALL
 NtDuplicateToken(IN HANDLE ExistingTokenHandle,
@ -1060,7 +1053,7 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
 			     EffectiveOnly,
 			     TokenType,
              ObjectAttributes->SecurityQualityOfService ? 
-                  ObjectAttributes->SecurityQualityOfService->ImpersonationLevel : 
+                  ((PSECURITY_QUALITY_OF_SERVICE)(ObjectAttributes->SecurityQualityOfService))->ImpersonationLevel : 
                  0 /*SecurityAnonymous*/,
 			     PreviousMode,
 			     &NewToken);
@ -1645,7 +1638,8 @@ NtCreateToken(OUT PHANDLE UnsafeTokenHandle,
  AccessToken->Privileges        = 0;
  AccessToken->TokenType = TokenType;
-  AccessToken->ImpersonationLevel = ObjectAttributes->SecurityQualityOfService->ImpersonationLevel;
+  AccessToken->ImpersonationLevel = ((PSECURITY_QUALITY_OF_SERVICE)
                                     (ObjectAttributes->SecurityQualityOfService))->ImpersonationLevel;
  /*
   * Normally we would just point these members into the variable information