Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-26 17:14:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Use proper PISID pointer to SID structure, fix wrong LUID definition, and remove duplicate code in Security Manager

Browse source 
svn path=/trunk/; revision=12806
This commit is contained in:
Alex Ionescu 2005-01-04 22:44:50 +00:00
parent ddd07cb377
commit 4dba0925ac
8 changed files with 76 additions and 263 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
reactos/include/ntdll/rtl.h
View file

@ -193,6 +193,18 @@ RtlpInitDeferedCriticalSection(
VOID
);
VOID
STDCALL
RtlpFreeDebugInfo(
PRTL_CRITICAL_SECTION_DEBUG DebugInfo
);
PRTL_CRITICAL_SECTION_DEBUG
STDCALL
RtlpAllocateDebugInfo(
VOID
);
NTSTATUS STDCALL
RtlAddAccessAllowedAceEx (IN OUT PACL Acl,
IN ULONG Revision,

4
reactos/include/ntos/obtypes.h
View file

@ -83,8 +83,8 @@ typedef struct _OBJECT_ATTRIBUTES
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
SECURITY_DESCRIPTOR *SecurityDescriptor;
SECURITY_QUALITY_OF_SERVICE *SecurityQualityOfService;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
#endif /* __USE_W32API */

16
reactos/include/ntos/security.h
View file

@ -74,6 +74,18 @@ typedef struct _SECURITY_DESCRIPTOR_CONTEXT
#ifndef __USE_W32API
#ifndef _MSC_VER
#define SYSTEM_LUID {{ 0x3E7, 0x0 }}
#define ANONYMOUS_LOGON_LUID {{ 0x3e6, 0x0 }}
#define LOCALSERVICE_LUID {{ 0x3e5, 0x0 }}
#define NETWORKSERVICE_LUID {{ 0x3e4, 0x0 }}
#else
#define SYSTEM_LUID { 0x3E7, 0x0 }
#define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
#define LOCALSERVICE_LUID { 0x3e5, 0x0 }
#define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
#endif
/* SID Auhority */
#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
@ -227,7 +239,9 @@ typedef struct _SID
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[1];
} SID, *PSID;
} SID, *PISID;
typedef PVOID PSID;
typedef struct _ACL
{

45
reactos/lib/rtl/sid.c
View file

@ -1,4 +1,4 @@
/* $Id: sid.c,v 1.4 2004/07/12 19:39:29 ekohl Exp $
/* $Id$
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -22,8 +22,10 @@
/* FUNCTIONS ***************************************************************/
BOOLEAN STDCALL
RtlValidSid(IN PSID Sid)
RtlValidSid(IN PSID Sid_)
{
PISID Sid = Sid_;
if ((Sid->Revision != SID_REVISION) ||
(Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES))
{
@ -48,10 +50,12 @@ RtlLengthRequiredSid(IN UCHAR SubAuthorityCount)
* @implemented
*/
NTSTATUS STDCALL
RtlInitializeSid(IN PSID Sid,
RtlInitializeSid(IN PSID Sid_,
IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
IN UCHAR SubAuthorityCount)
{
PISID Sid = Sid_;
Sid->Revision = SID_REVISION;
Sid->SubAuthorityCount = SubAuthorityCount;
memcpy(&Sid->IdentifierAuthority,
@ -66,9 +70,11 @@ RtlInitializeSid(IN PSID Sid,
* @implemented
*/
PULONG STDCALL
RtlSubAuthoritySid(IN PSID Sid,
RtlSubAuthoritySid(IN PSID Sid_,
IN ULONG SubAuthority)
{
PISID Sid = Sid_;
return &Sid->SubAuthority[SubAuthority];
}
@ -77,8 +83,10 @@ RtlSubAuthoritySid(IN PSID Sid,
* @implemented
*/
PUCHAR STDCALL
RtlSubAuthorityCountSid(IN PSID Sid)
RtlSubAuthorityCountSid(IN PSID Sid_)
{
PISID Sid = Sid_;
return &Sid->SubAuthorityCount;
}
@ -87,9 +95,12 @@ RtlSubAuthorityCountSid(IN PSID Sid)
* @implemented
*/
BOOLEAN STDCALL
RtlEqualSid(IN PSID Sid1,
IN PSID Sid2)
RtlEqualSid(IN PSID Sid1_,
IN PSID Sid2_)
{
PISID Sid1 = Sid1_;
PISID Sid2 = Sid2_;
if (Sid1->Revision != Sid2->Revision)
{
return(FALSE);
@ -110,8 +121,10 @@ RtlEqualSid(IN PSID Sid1,
* @implemented
*/
ULONG STDCALL
RtlLengthSid(IN PSID Sid)
RtlLengthSid(IN PSID Sid_)
{
PISID Sid = Sid_;
return (sizeof(SID) + (Sid->SubAuthorityCount-1) * sizeof(ULONG));
}
@ -180,8 +193,10 @@ RtlCopySidAndAttributesArray(ULONG Count,
* @implemented
*/
PSID_IDENTIFIER_AUTHORITY STDCALL
RtlIdentifierAuthoritySid(IN PSID Sid)
RtlIdentifierAuthoritySid(IN PSID Sid_)
{
PISID Sid = Sid_;
return &Sid->IdentifierAuthority;
}
@ -202,7 +217,7 @@ RtlAllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
ULONG SubAuthority7,
PSID *Sid)
{
PSID pSid;
PISID pSid;
if (SubAuthorityCount > 8)
return STATUS_INVALID_SID;
@ -267,9 +282,12 @@ RtlFreeSid(IN PSID Sid)
* @implemented
*/
BOOLEAN STDCALL
RtlEqualPrefixSid(IN PSID Sid1,
IN PSID Sid2)
RtlEqualPrefixSid(IN PSID Sid1_,
IN PSID Sid2_)
{
PISID Sid1 = Sid1_;
PISID Sid2 = Sid2_;
return(Sid1->SubAuthorityCount == Sid2->SubAuthorityCount &&
!RtlCompareMemory(Sid1, Sid2,
(Sid1->SubAuthorityCount - 1) * sizeof(DWORD) + 8));
@ -281,13 +299,14 @@ RtlEqualPrefixSid(IN PSID Sid1,
*/
NTSTATUS STDCALL
RtlConvertSidToUnicodeString(PUNICODE_STRING String,
PSID Sid,
PSID Sid_,
BOOLEAN AllocateBuffer)
{
WCHAR Buffer[256];
PWSTR wcs;
ULONG Length;
ULONG i;
PISID Sid = Sid_;
if (RtlValidSid (Sid) == FALSE)
return STATUS_INVALID_SID;

8
reactos/ntoskrnl/se/luid.c
View file

@ -1,4 +1,4 @@
/* $Id: luid.c,v 1.10 2004/08/15 16:39:11 chorns Exp $
/* $Id$
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -20,15 +20,15 @@ static KSPIN_LOCK LuidLock;
static LARGE_INTEGER LuidIncrement;
static LARGE_INTEGER LuidValue;
#define SYSTEM_LUID 0x3E7;
/* FUNCTIONS *****************************************************************/
VOID INIT_FUNCTION
SepInitLuid(VOID)
{
LARGE_INTEGER DummyLuidValue = SYSTEM_LUID;
KeInitializeSpinLock(&LuidLock);
LuidValue.QuadPart = SYSTEM_LUID;
LuidValue = DummyLuidValue;
LuidIncrement.QuadPart = 1;
}

6
reactos/ntoskrnl/se/sd.c
View file

@ -1,4 +1,4 @@
/* $Id: sd.c,v 1.20 2004/08/15 16:39:12 chorns Exp $
/* $Id$
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -319,7 +319,7 @@ SeValidSecurityDescriptor(IN ULONG Length,
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
{
ULONG SdLength;
PSID Sid;
PISID Sid;
PACL Acl;
if (Length < SECURITY_DESCRIPTOR_MIN_LENGTH)
@ -355,7 +355,7 @@ SeValidSecurityDescriptor(IN ULONG Length,
return FALSE;
}
Sid = (PSID)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Owner);
Sid = (PISID)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Owner);
if (Sid->Revision != SID_REVISION)
{
DPRINT1("Invalid Owner SID revision\n");

232
reactos/ntoskrnl/se/sid.c
View file

@ -1,4 +1,4 @@
/* $Id: sid.c,v 1.16 2003/12/30 18:52:06 fireball Exp $
/* $Id$
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -11,9 +11,9 @@
/* INCLUDES *****************************************************************/
#include <ddk/ntddk.h>
#include <internal/se.h>
#include <ntoskrnl.h>
#define NDEBUG
#include <internal/debug.h>
#define TAG_SID TAG('S', 'I', 'D', 'T')
@ -467,230 +467,4 @@ SepInitSecurityIDs(VOID)
return(TRUE);
}
/*
* @implemented
*/
BOOLEAN STDCALL
RtlValidSid(PSID Sid)
{
if ((Sid->Revision & 0xf) != 1)
{
return(FALSE);
}
if (Sid->SubAuthorityCount > 15)
{
return(FALSE);
}
return(TRUE);
}
/*
* @implemented
*/
ULONG STDCALL
RtlLengthRequiredSid(UCHAR SubAuthorityCount)
{
return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG));
}
/*
* @implemented
*/
NTSTATUS STDCALL
RtlInitializeSid(PSID Sid,
PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
UCHAR SubAuthorityCount)
{
Sid->Revision = 1;
Sid->SubAuthorityCount = SubAuthorityCount;
RtlCopyMemory(&Sid->IdentifierAuthority,
IdentifierAuthority,
sizeof(SID_IDENTIFIER_AUTHORITY));
return(STATUS_SUCCESS);
}
/*
* @implemented
*/
PULONG STDCALL
RtlSubAuthoritySid(PSID Sid,
ULONG SubAuthority)
{
return(&Sid->SubAuthority[SubAuthority]);
}
/*
* @implemented
*/
PUCHAR STDCALL
RtlSubAuthorityCountSid(PSID Sid)
{
return(&Sid->SubAuthorityCount);
}
/*
* @implemented
*/
BOOLEAN STDCALL
RtlEqualSid(PSID Sid1,
PSID Sid2)
{
if (Sid1->Revision != Sid2->Revision)
{
return(FALSE);
}
if ((*RtlSubAuthorityCountSid(Sid1)) !=
(*RtlSubAuthorityCountSid(Sid2)))
{
return(FALSE);
}
if (memcmp(Sid1, Sid2, RtlLengthSid(Sid1)) != 0)
{
return(FALSE);
}
return(TRUE);
}
/*
* @implemented
*/
ULONG STDCALL
RtlLengthSid(PSID Sid)
{
return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
}
/*
* @implemented
*/
NTSTATUS STDCALL
RtlCopySid(ULONG BufferLength,
PSID Dest,
PSID Src)
{
if (BufferLength < RtlLengthSid(Src))
{
return(STATUS_UNSUCCESSFUL);
}
memmove(Dest, Src, RtlLengthSid(Src));
return(STATUS_SUCCESS);
}
NTSTATUS STDCALL
RtlCopySidAndAttributesArray(ULONG Count,
PSID_AND_ATTRIBUTES Src,
ULONG SidAreaSize,
PSID_AND_ATTRIBUTES Dest,
PVOID SidArea,
PVOID* RemainingSidArea,
PULONG RemainingSidAreaSize)
{
ULONG Length;
ULONG i;
Length = SidAreaSize;
for (i=0; i<Count; i++)
{
if (RtlLengthSid(Src[i].Sid) > Length)
{
return(STATUS_BUFFER_TOO_SMALL);
}
Length = Length - RtlLengthSid(Src[i].Sid);
Dest[i].Sid = SidArea;
Dest[i].Attributes = Src[i].Attributes;
RtlCopySid(RtlLengthSid(Src[i].Sid), SidArea, Src[i].Sid);
SidArea = (char*)SidArea + RtlLengthSid(Src[i].Sid);
}
*RemainingSidArea = SidArea;
*RemainingSidAreaSize = Length;
return(STATUS_SUCCESS);
}
/*
* @implemented
*/
NTSTATUS STDCALL
RtlConvertSidToUnicodeString(PUNICODE_STRING String,
PSID Sid,
BOOLEAN AllocateString)
{
WCHAR Buffer[256];
PWSTR Ptr;
ULONG Length;
ULONG i;
if (!RtlValidSid(Sid))
return STATUS_INVALID_SID;
Ptr = Buffer;
Ptr += swprintf (Ptr,
L"S-%u-",
Sid->Revision);
if(!Sid->IdentifierAuthority.Value[0] &&
!Sid->IdentifierAuthority.Value[1])
{
Ptr += swprintf(Ptr,
L"%u",
(ULONG)Sid->IdentifierAuthority.Value[2] << 24 |
(ULONG)Sid->IdentifierAuthority.Value[3] << 16 |
(ULONG)Sid->IdentifierAuthority.Value[4] << 8 |
(ULONG)Sid->IdentifierAuthority.Value[5]);
}
else
{
Ptr += swprintf(Ptr,
L"0x%02hx%02hx%02hx%02hx%02hx%02hx",
Sid->IdentifierAuthority.Value[0],
Sid->IdentifierAuthority.Value[1],
Sid->IdentifierAuthority.Value[2],
Sid->IdentifierAuthority.Value[3],
Sid->IdentifierAuthority.Value[4],
Sid->IdentifierAuthority.Value[5]);
}
for (i = 0; i < Sid->SubAuthorityCount; i++)
{
Ptr += swprintf(Ptr,
L"-%u",
Sid->SubAuthority[i]);
}
Length = (Ptr - Buffer) * sizeof(WCHAR);
if (AllocateString)
{
String->Buffer = ExAllocatePool(NonPagedPool,
Length + sizeof(WCHAR));
if (String->Buffer == NULL)
return STATUS_NO_MEMORY;
String->MaximumLength = Length + sizeof(WCHAR);
}
else
{
if (Length > String->MaximumLength)
return STATUS_BUFFER_TOO_SMALL;
}
String->Length = Length;
memmove(String->Buffer,
Buffer,
Length);
if (Length < String->MaximumLength)
String->Buffer[Length/sizeof(WCHAR)] = 0;
return STATUS_SUCCESS;
}
/* EOF */

16
reactos/ntoskrnl/se/token.c
View file

@ -11,13 +11,7 @@
/* INCLUDES *****************************************************************/
#include <limits.h>
#define NTOS_MODE_KERNEL
#include <ntos.h>
#include <internal/ob.h>
#include <internal/ps.h>
#include <internal/se.h>
#include <internal/safe.h>
#include <ntoskrnl.h>
#define NDEBUG
#include <internal/debug.h>
@ -31,8 +25,6 @@ static GENERIC_MAPPING SepTokenMapping = {TOKEN_READ,
TOKEN_EXECUTE,
TOKEN_ALL_ACCESS};
//#define SYSTEM_LUID 0x3E7;
/* FUNCTIONS *****************************************************************/
VOID SepFreeProxyData(PVOID ProxyData)
@ -1028,6 +1020,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
* NOTE: Some sources claim 4th param is ImpersonationLevel, but on W2K
* this is certainly NOT true, thou i can't say for sure that EffectiveOnly
* is correct either. -Gunnar
* This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI
*/
NTSTATUS STDCALL
NtDuplicateToken(IN HANDLE ExistingTokenHandle,
@ -1060,7 +1053,7 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
EffectiveOnly,
TokenType,
ObjectAttributes->SecurityQualityOfService ?
ObjectAttributes->SecurityQualityOfService->ImpersonationLevel :
((PSECURITY_QUALITY_OF_SERVICE)(ObjectAttributes->SecurityQualityOfService))->ImpersonationLevel :
0 /*SecurityAnonymous*/,
PreviousMode,
&NewToken);
@ -1645,7 +1638,8 @@ NtCreateToken(OUT PHANDLE UnsafeTokenHandle,
AccessToken->Privileges = 0;
AccessToken->TokenType = TokenType;
AccessToken->ImpersonationLevel = ObjectAttributes->SecurityQualityOfService->ImpersonationLevel;
AccessToken->ImpersonationLevel = ((PSECURITY_QUALITY_OF_SERVICE)
(ObjectAttributes->SecurityQualityOfService))->ImpersonationLevel;
/*
* Normally we would just point these members into the variable information