Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-05 12:15:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Replace tabs by spaces. No code change

Browse source 
svn path=/trunk/; revision=27366
This commit is contained in:
Hervé Poussineau 2007-07-02 22:39:11 +00:00
parent bffd171f09
commit 55f2798900
2 changed files with 641 additions and 641 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

558
reactos/ntoskrnl/se/semgr.c
View file

@ -123,15 +123,15 @@ SeInitSRM(VOID)
/* Create '\Security' directory */ /* Create '\Security' directory */
RtlInitUnicodeString(&Name, RtlInitUnicodeString(&Name,
L"\\Security"); L"\\Security");
InitializeObjectAttributes(&ObjectAttributes, InitializeObjectAttributes(&ObjectAttributes,
&Name, &Name,
OBJ_PERMANENT, OBJ_PERMANENT,
0, 0,
NULL); NULL);
Status = ZwCreateDirectoryObject(&DirectoryHandle, Status = ZwCreateDirectoryObject(&DirectoryHandle,
DIRECTORY_ALL_ACCESS, DIRECTORY_ALL_ACCESS,
&ObjectAttributes); &ObjectAttributes);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
DPRINT1("Failed to create 'Security' directory!\n"); DPRINT1("Failed to create 'Security' directory!\n");
@ -140,17 +140,17 @@ SeInitSRM(VOID)
/* Create 'LSA_AUTHENTICATION_INITALIZED' event */ /* Create 'LSA_AUTHENTICATION_INITALIZED' event */
RtlInitUnicodeString(&Name, RtlInitUnicodeString(&Name,
L"\\LSA_AUTHENTICATION_INITALIZED"); L"\\LSA_AUTHENTICATION_INITALIZED");
InitializeObjectAttributes(&ObjectAttributes, InitializeObjectAttributes(&ObjectAttributes,
&Name, &Name,
OBJ_PERMANENT, OBJ_PERMANENT,
DirectoryHandle, DirectoryHandle,
SePublicDefaultSd); SePublicDefaultSd);
Status = ZwCreateEvent(&EventHandle, Status = ZwCreateEvent(&EventHandle,
EVENT_ALL_ACCESS, EVENT_ALL_ACCESS,
&ObjectAttributes, &ObjectAttributes,
SynchronizationEvent, SynchronizationEvent,
FALSE); FALSE);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
DPRINT1("Failed to create 'LSA_AUTHENTICATION_INITALIZED' event!\n"); DPRINT1("Failed to create 'LSA_AUTHENTICATION_INITALIZED' event!\n");
@ -271,170 +271,170 @@ SeDefaultObjectMethod(PVOID Object,
/* Get owner and owner size */ /* Get owner and owner size */
if (SecurityInformation & OWNER_SECURITY_INFORMATION) if (SecurityInformation & OWNER_SECURITY_INFORMATION)
{ {
if (SecurityDescriptor->Owner != NULL) if (SecurityDescriptor->Owner != NULL)
{ {
if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner + Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
(ULONG_PTR)SecurityDescriptor); (ULONG_PTR)SecurityDescriptor);
else else
Owner = (PSID)SecurityDescriptor->Owner; Owner = (PSID)SecurityDescriptor->Owner;
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
} }
Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED); Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED);
} }
else else
{ {
if (ObjectSd->Owner != NULL) if (ObjectSd->Owner != NULL)
{ {
Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd); Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
} }
Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED); Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
} }
/* Get group and group size */ /* Get group and group size */
if (SecurityInformation & GROUP_SECURITY_INFORMATION) if (SecurityInformation & GROUP_SECURITY_INFORMATION)
{ {
if (SecurityDescriptor->Group != NULL) if (SecurityDescriptor->Group != NULL)
{ {
if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group + Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group +
(ULONG_PTR)SecurityDescriptor); (ULONG_PTR)SecurityDescriptor);
else else
Group = (PSID)SecurityDescriptor->Group; Group = (PSID)SecurityDescriptor->Group;
GroupLength = ROUND_UP(RtlLengthSid(Group), 4); GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
} }
Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED); Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED);
} }
else else
{ {
if (ObjectSd->Group != NULL) if (ObjectSd->Group != NULL)
{ {
Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd); Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
GroupLength = ROUND_UP(RtlLengthSid(Group), 4); GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
} }
Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED); Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
} }
/* Get DACL and DACL size */ /* Get DACL and DACL size */
if (SecurityInformation & DACL_SECURITY_INFORMATION) if (SecurityInformation & DACL_SECURITY_INFORMATION)
{ {
if ((SecurityDescriptor->Control & SE_DACL_PRESENT) && if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
(SecurityDescriptor->Dacl != NULL)) (SecurityDescriptor->Dacl != NULL))
{ {
if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
Dacl = (PACL)((ULONG_PTR)SecurityDescriptor->Dacl + Dacl = (PACL)((ULONG_PTR)SecurityDescriptor->Dacl +
(ULONG_PTR)SecurityDescriptor); (ULONG_PTR)SecurityDescriptor);
else else
Dacl = (PACL)SecurityDescriptor->Dacl; Dacl = (PACL)SecurityDescriptor->Dacl;
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4); DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
} }
Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT)); Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
} }
else else
{ {
if ((ObjectSd->Control & SE_DACL_PRESENT) && if ((ObjectSd->Control & SE_DACL_PRESENT) &&
(ObjectSd->Dacl != NULL)) (ObjectSd->Dacl != NULL))
{ {
Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd); Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4); DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
} }
Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT)); Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
} }
/* Get SACL and SACL size */ /* Get SACL and SACL size */
if (SecurityInformation & SACL_SECURITY_INFORMATION) if (SecurityInformation & SACL_SECURITY_INFORMATION)
{ {
if ((SecurityDescriptor->Control & SE_SACL_PRESENT) && if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
(SecurityDescriptor->Sacl != NULL)) (SecurityDescriptor->Sacl != NULL))
{ {
if( SecurityDescriptor->Control & SE_SELF_RELATIVE ) if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
Sacl = (PACL)((ULONG_PTR)SecurityDescriptor->Sacl + Sacl = (PACL)((ULONG_PTR)SecurityDescriptor->Sacl +
(ULONG_PTR)SecurityDescriptor); (ULONG_PTR)SecurityDescriptor);
else else
Sacl = (PACL)SecurityDescriptor->Sacl; Sacl = (PACL)SecurityDescriptor->Sacl;
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4); SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
} }
Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT)); Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
} }
else else
{ {
if ((ObjectSd->Control & SE_SACL_PRESENT) && if ((ObjectSd->Control & SE_SACL_PRESENT) &&
(ObjectSd->Sacl != NULL)) (ObjectSd->Sacl != NULL))
{ {
Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd); Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4); SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
} }
Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT)); Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
} }
NewSd = ExAllocatePool(NonPagedPool, NewSd = ExAllocatePool(NonPagedPool,
sizeof(SECURITY_DESCRIPTOR) + OwnerLength + GroupLength + sizeof(SECURITY_DESCRIPTOR) + OwnerLength + GroupLength +
DaclLength + SaclLength); DaclLength + SaclLength);
if (NewSd == NULL) if (NewSd == NULL)
{ {
ObDereferenceObject(Object); ObDereferenceObject(Object);
return STATUS_INSUFFICIENT_RESOURCES; return STATUS_INSUFFICIENT_RESOURCES;
} }
RtlCreateSecurityDescriptor(NewSd, RtlCreateSecurityDescriptor(NewSd,
SECURITY_DESCRIPTOR_REVISION1); SECURITY_DESCRIPTOR_REVISION1);
/* We always build a self-relative descriptor */ /* We always build a self-relative descriptor */
NewSd->Control = (USHORT)Control | SE_SELF_RELATIVE; NewSd->Control = (USHORT)Control | SE_SELF_RELATIVE;
Current = (ULONG_PTR)NewSd + sizeof(SECURITY_DESCRIPTOR); Current = (ULONG_PTR)NewSd + sizeof(SECURITY_DESCRIPTOR);
if (OwnerLength != 0) if (OwnerLength != 0)
{ {
RtlCopyMemory((PVOID)Current, RtlCopyMemory((PVOID)Current,
Owner, Owner,
OwnerLength); OwnerLength);
NewSd->Owner = (PSID)(Current - (ULONG_PTR)NewSd); NewSd->Owner = (PSID)(Current - (ULONG_PTR)NewSd);
Current += OwnerLength; Current += OwnerLength;
} }
if (GroupLength != 0) if (GroupLength != 0)
{ {
RtlCopyMemory((PVOID)Current, RtlCopyMemory((PVOID)Current,
Group, Group,
GroupLength); GroupLength);
NewSd->Group = (PSID)(Current - (ULONG_PTR)NewSd); NewSd->Group = (PSID)(Current - (ULONG_PTR)NewSd);
Current += GroupLength; Current += GroupLength;
} }
if (DaclLength != 0) if (DaclLength != 0)
{ {
RtlCopyMemory((PVOID)Current, RtlCopyMemory((PVOID)Current,
Dacl, Dacl,
DaclLength); DaclLength);
NewSd->Dacl = (PACL)(Current - (ULONG_PTR)NewSd); NewSd->Dacl = (PACL)(Current - (ULONG_PTR)NewSd);
Current += DaclLength; Current += DaclLength;
} }
if (SaclLength != 0) if (SaclLength != 0)
{ {
RtlCopyMemory((PVOID)Current, RtlCopyMemory((PVOID)Current,
Sacl, Sacl,
SaclLength); SaclLength);
NewSd->Sacl = (PACL)(Current - (ULONG_PTR)NewSd); NewSd->Sacl = (PACL)(Current - (ULONG_PTR)NewSd);
Current += SaclLength; Current += SaclLength;
} }
/* Add the new SD */ /* Add the new SD */
Status = ObpAddSecurityDescriptor(NewSd, Status = ObpAddSecurityDescriptor(NewSd,
&Header->SecurityDescriptor); &Header->SecurityDescriptor);
if (NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
/* Remove the old security descriptor */ /* Remove the old security descriptor */
ObpRemoveSecurityDescriptor(ObjectSd); ObpRemoveSecurityDescriptor(ObjectSd);
} }
else else
{ {
/* Restore the old security descriptor */ /* Restore the old security descriptor */
Header->SecurityDescriptor = ObjectSd; Header->SecurityDescriptor = ObjectSd;
} }
ExFreePool(NewSd); ExFreePool(NewSd);
} }
@ -449,7 +449,7 @@ SeDefaultObjectMethod(PVOID Object,
{ {
/* Assign the security descriptor to the object header */ /* Assign the security descriptor to the object header */
Status = ObpAddSecurityDescriptor(SecurityDescriptor, Status = ObpAddSecurityDescriptor(SecurityDescriptor,
&Header->SecurityDescriptor); &Header->SecurityDescriptor);
} }
@ -571,14 +571,14 @@ SeDeassignSecurity(PSECURITY_DESCRIPTOR *SecurityDescriptor)
*/ */
NTSTATUS STDCALL NTSTATUS STDCALL
SeAssignSecurityEx(IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL, SeAssignSecurityEx(IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL, IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
OUT PSECURITY_DESCRIPTOR *NewDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor,
IN GUID *ObjectType OPTIONAL, IN GUID *ObjectType OPTIONAL,
IN BOOLEAN IsDirectoryObject, IN BOOLEAN IsDirectoryObject,
IN ULONG AutoInheritFlags, IN ULONG AutoInheritFlags,
IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN PGENERIC_MAPPING GenericMapping, IN PGENERIC_MAPPING GenericMapping,
IN POOL_TYPE PoolType) IN POOL_TYPE PoolType)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED; return STATUS_NOT_IMPLEMENTED;
@ -601,12 +601,12 @@ SeAssignSecurityEx(IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
*/ */
NTSTATUS STDCALL NTSTATUS STDCALL
SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL, SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
PSECURITY_DESCRIPTOR _ExplicitDescriptor OPTIONAL, PSECURITY_DESCRIPTOR _ExplicitDescriptor OPTIONAL,
PSECURITY_DESCRIPTOR *NewDescriptor, PSECURITY_DESCRIPTOR *NewDescriptor,
BOOLEAN IsDirectoryObject, BOOLEAN IsDirectoryObject,
PSECURITY_SUBJECT_CONTEXT SubjectContext, PSECURITY_SUBJECT_CONTEXT SubjectContext,
PGENERIC_MAPPING GenericMapping, PGENERIC_MAPPING GenericMapping,
POOL_TYPE PoolType) POOL_TYPE PoolType)
{ {
PISECURITY_DESCRIPTOR ParentDescriptor = _ParentDescriptor; PISECURITY_DESCRIPTOR ParentDescriptor = _ParentDescriptor;
PISECURITY_DESCRIPTOR ExplicitDescriptor = _ExplicitDescriptor; PISECURITY_DESCRIPTOR ExplicitDescriptor = _ExplicitDescriptor;
@ -646,23 +646,23 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
Owner = ExplicitDescriptor->Owner; Owner = ExplicitDescriptor->Owner;
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE) if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
{ {
Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor); Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor);
} }
} }
else else
{ {
if (Token != NULL) if (Token != NULL)
{ {
DPRINT("Use token owner sid!\n"); DPRINT("Use token owner sid!\n");
Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid; Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
} }
else else
{ {
DPRINT("Use default owner sid!\n"); DPRINT("Use default owner sid!\n");
Owner = SeLocalSystemSid; Owner = SeLocalSystemSid;
} }
Control |= SE_OWNER_DEFAULTED; Control |= SE_OWNER_DEFAULTED;
} }
@ -676,22 +676,22 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
DPRINT("Use explicit group sid!\n"); DPRINT("Use explicit group sid!\n");
Group = ExplicitDescriptor->Group; Group = ExplicitDescriptor->Group;
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE) if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
{ {
Group = (PSID)(((ULONG_PTR)Group) + (ULONG_PTR)ExplicitDescriptor); Group = (PSID)(((ULONG_PTR)Group) + (ULONG_PTR)ExplicitDescriptor);
} }
} }
else else
{ {
if (Token != NULL) if (Token != NULL)
{ {
DPRINT("Use token group sid!\n"); DPRINT("Use token group sid!\n");
Group = Token->PrimaryGroup; Group = Token->PrimaryGroup;
} }
else else
{ {
DPRINT("Use default group sid!\n"); DPRINT("Use default group sid!\n");
Group = SeLocalSystemSid; Group = SeLocalSystemSid;
} }
Control |= SE_OWNER_DEFAULTED; Control |= SE_OWNER_DEFAULTED;
} }
@ -707,22 +707,22 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
DPRINT("Use explicit DACL!\n"); DPRINT("Use explicit DACL!\n");
Dacl = ExplicitDescriptor->Dacl; Dacl = ExplicitDescriptor->Dacl;
if (Dacl != NULL && (ExplicitDescriptor->Control & SE_SELF_RELATIVE)) if (Dacl != NULL && (ExplicitDescriptor->Control & SE_SELF_RELATIVE))
{ {
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ExplicitDescriptor); Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ExplicitDescriptor);
} }
Control |= SE_DACL_PRESENT; Control |= SE_DACL_PRESENT;
} }
else if (ParentDescriptor != NULL && else if (ParentDescriptor != NULL &&
(ParentDescriptor->Control & SE_DACL_PRESENT)) (ParentDescriptor->Control & SE_DACL_PRESENT))
{ {
DPRINT("Use parent DACL!\n"); DPRINT("Use parent DACL!\n");
/* FIXME: Inherit */ /* FIXME: Inherit */
Dacl = ParentDescriptor->Dacl; Dacl = ParentDescriptor->Dacl;
if (Dacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE)) if (Dacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE))
{ {
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor); Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor);
} }
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED); Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
} }
else if (Token != NULL && Token->DefaultDacl != NULL) else if (Token != NULL && Token->DefaultDacl != NULL)
@ -750,22 +750,22 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
DPRINT("Use explicit SACL!\n"); DPRINT("Use explicit SACL!\n");
Sacl = ExplicitDescriptor->Sacl; Sacl = ExplicitDescriptor->Sacl;
if (Sacl != NULL && (ExplicitDescriptor->Control & SE_SELF_RELATIVE)) if (Sacl != NULL && (ExplicitDescriptor->Control & SE_SELF_RELATIVE))
{ {
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ExplicitDescriptor); Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ExplicitDescriptor);
} }
Control |= SE_SACL_PRESENT; Control |= SE_SACL_PRESENT;
} }
else if (ParentDescriptor != NULL && else if (ParentDescriptor != NULL &&
(ParentDescriptor->Control & SE_SACL_PRESENT)) (ParentDescriptor->Control & SE_SACL_PRESENT))
{ {
DPRINT("Use parent SACL!\n"); DPRINT("Use parent SACL!\n");
/* FIXME: Inherit */ /* FIXME: Inherit */
Sacl = ParentDescriptor->Sacl; Sacl = ParentDescriptor->Sacl;
if (Sacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE)) if (Sacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE))
{ {
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor); Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor);
} }
Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED); Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED);
} }
@ -777,14 +777,14 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
OwnerLength + GroupLength + DaclLength + SaclLength; OwnerLength + GroupLength + DaclLength + SaclLength;
DPRINT("L: sizeof(SECURITY_DESCRIPTOR) %d OwnerLength %d GroupLength %d DaclLength %d SaclLength %d\n", DPRINT("L: sizeof(SECURITY_DESCRIPTOR) %d OwnerLength %d GroupLength %d DaclLength %d SaclLength %d\n",
sizeof(SECURITY_DESCRIPTOR), sizeof(SECURITY_DESCRIPTOR),
OwnerLength, OwnerLength,
GroupLength, GroupLength,
DaclLength, DaclLength,
SaclLength); SaclLength);
Descriptor = ExAllocatePool(PagedPool, Descriptor = ExAllocatePool(PagedPool,
Length); Length);
if (Descriptor == NULL) if (Descriptor == NULL)
{ {
DPRINT1("ExAlloctePool() failed\n"); DPRINT1("ExAlloctePool() failed\n");
@ -794,7 +794,7 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
RtlZeroMemory( Descriptor, Length ); RtlZeroMemory( Descriptor, Length );
RtlCreateSecurityDescriptor(Descriptor, RtlCreateSecurityDescriptor(Descriptor,
SECURITY_DESCRIPTOR_REVISION); SECURITY_DESCRIPTOR_REVISION);
Descriptor->Control = (USHORT)Control | SE_SELF_RELATIVE; Descriptor->Control = (USHORT)Control | SE_SELF_RELATIVE;
@ -803,8 +803,8 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
if (SaclLength != 0) if (SaclLength != 0)
{ {
RtlCopyMemory((PVOID)Current, RtlCopyMemory((PVOID)Current,
Sacl, Sacl,
SaclLength); SaclLength);
Descriptor->Sacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor); Descriptor->Sacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
Current += SaclLength; Current += SaclLength;
} }
@ -812,8 +812,8 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
if (DaclLength != 0) if (DaclLength != 0)
{ {
RtlCopyMemory((PVOID)Current, RtlCopyMemory((PVOID)Current,
Dacl, Dacl,
DaclLength); DaclLength);
Descriptor->Dacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor); Descriptor->Dacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
Current += DaclLength; Current += DaclLength;
} }
@ -821,8 +821,8 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
if (OwnerLength != 0) if (OwnerLength != 0)
{ {
RtlCopyMemory((PVOID)Current, RtlCopyMemory((PVOID)Current,
Owner, Owner,
OwnerLength); OwnerLength);
Descriptor->Owner = (PSID)((ULONG_PTR)Current - (ULONG_PTR)Descriptor); Descriptor->Owner = (PSID)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
Current += OwnerLength; Current += OwnerLength;
DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner); DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner);
@ -852,7 +852,7 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
static BOOLEAN static BOOLEAN
SepSidInToken(PACCESS_TOKEN _Token, SepSidInToken(PACCESS_TOKEN _Token,
PSID Sid) PSID Sid)
{ {
ULONG i; ULONG i;
PTOKEN Token = (PTOKEN)_Token; PTOKEN Token = (PTOKEN)_Token;
@ -901,15 +901,15 @@ SepSidInToken(PACCESS_TOKEN _Token,
*/ */
BOOLEAN STDCALL BOOLEAN STDCALL
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked, IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess, IN ACCESS_MASK PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET* Privileges, OUT PPRIVILEGE_SET* Privileges,
IN PGENERIC_MAPPING GenericMapping, IN PGENERIC_MAPPING GenericMapping,
IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE AccessMode,
OUT PACCESS_MASK GrantedAccess, OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus) OUT PNTSTATUS AccessStatus)
{ {
LUID_AND_ATTRIBUTES Privilege; LUID_AND_ATTRIBUTES Privilege;
ACCESS_MASK CurrentAccess, AccessMask; ACCESS_MASK CurrentAccess, AccessMask;
@ -994,19 +994,19 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
Token = SubjectSecurityContext->ClientToken ? Token = SubjectSecurityContext->ClientToken ?
SubjectSecurityContext->ClientToken : SubjectSecurityContext->PrimaryToken; SubjectSecurityContext->ClientToken : SubjectSecurityContext->PrimaryToken;
/* Get the DACL */ /* Get the DACL */
Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor, Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
&Present, &Present,
&Dacl, &Dacl,
&Defaulted); &Defaulted);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
if (SubjectContextLocked == FALSE) if (SubjectContextLocked == FALSE)
{ {
SeUnlockSubjectContext(SubjectSecurityContext); SeUnlockSubjectContext(SubjectSecurityContext);
} }
*AccessStatus = Status; *AccessStatus = Status;
return FALSE; return FALSE;
@ -1016,9 +1016,9 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
if (Present == TRUE && Dacl == NULL) if (Present == TRUE && Dacl == NULL)
{ {
if (SubjectContextLocked == FALSE) if (SubjectContextLocked == FALSE)
{ {
SeUnlockSubjectContext(SubjectSecurityContext); SeUnlockSubjectContext(SubjectSecurityContext);
} }
*GrantedAccess = DesiredAccess; *GrantedAccess = DesiredAccess;
*AccessStatus = STATUS_SUCCESS; *AccessStatus = STATUS_SUCCESS;
@ -1032,36 +1032,36 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
Privilege.Attributes = SE_PRIVILEGE_ENABLED; Privilege.Attributes = SE_PRIVILEGE_ENABLED;
if (SepPrivilegeCheck(Token, if (SepPrivilegeCheck(Token,
&Privilege, &Privilege,
1, 1,
PRIVILEGE_SET_ALL_NECESSARY, PRIVILEGE_SET_ALL_NECESSARY,
AccessMode)) AccessMode))
{ {
CurrentAccess |= WRITE_OWNER; CurrentAccess |= WRITE_OWNER;
if (DesiredAccess == CurrentAccess) if (DesiredAccess == CurrentAccess)
{ {
if (SubjectContextLocked == FALSE) if (SubjectContextLocked == FALSE)
{ {
SeUnlockSubjectContext(SubjectSecurityContext); SeUnlockSubjectContext(SubjectSecurityContext);
} }
*GrantedAccess = CurrentAccess; *GrantedAccess = CurrentAccess;
*AccessStatus = STATUS_SUCCESS; *AccessStatus = STATUS_SUCCESS;
return TRUE; return TRUE;
} }
} }
/* RULE 3: Check whether the token is the owner */ /* RULE 3: Check whether the token is the owner */
Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor, Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor,
&Sid, &Sid,
&Defaulted); &Defaulted);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
DPRINT1("RtlGetOwnerSecurityDescriptor() failed (Status %lx)\n", Status); DPRINT1("RtlGetOwnerSecurityDescriptor() failed (Status %lx)\n", Status);
if (SubjectContextLocked == FALSE) if (SubjectContextLocked == FALSE)
{ {
SeUnlockSubjectContext(SubjectSecurityContext); SeUnlockSubjectContext(SubjectSecurityContext);
} }
*AccessStatus = Status; *AccessStatus = Status;
return FALSE; return FALSE;
@ -1071,25 +1071,25 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
{ {
CurrentAccess |= (READ_CONTROL | WRITE_DAC); CurrentAccess |= (READ_CONTROL | WRITE_DAC);
if (DesiredAccess == CurrentAccess) if (DesiredAccess == CurrentAccess)
{ {
if (SubjectContextLocked == FALSE) if (SubjectContextLocked == FALSE)
{ {
SeUnlockSubjectContext(SubjectSecurityContext); SeUnlockSubjectContext(SubjectSecurityContext);
} }
*GrantedAccess = CurrentAccess; *GrantedAccess = CurrentAccess;
*AccessStatus = STATUS_SUCCESS; *AccessStatus = STATUS_SUCCESS;
return TRUE; return TRUE;
} }
} }
/* Fail if DACL is absent */ /* Fail if DACL is absent */
if (Present == FALSE) if (Present == FALSE)
{ {
if (SubjectContextLocked == FALSE) if (SubjectContextLocked == FALSE)
{ {
SeUnlockSubjectContext(SubjectSecurityContext); SeUnlockSubjectContext(SubjectSecurityContext);
} }
*GrantedAccess = 0; *GrantedAccess = 0;
*AccessStatus = STATUS_ACCESS_DENIED; *AccessStatus = STATUS_ACCESS_DENIED;
@ -1172,13 +1172,13 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
NTSTATUS STDCALL NTSTATUS STDCALL
NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN HANDLE TokenHandle, IN HANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK DesiredAccess,
IN PGENERIC_MAPPING GenericMapping, IN PGENERIC_MAPPING GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet, OUT PPRIVILEGE_SET PrivilegeSet,
OUT PULONG ReturnLength, OUT PULONG ReturnLength,
OUT PACCESS_MASK GrantedAccess, OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus) OUT PNTSTATUS AccessStatus)
{ {
SECURITY_SUBJECT_CONTEXT SubjectSecurityContext = {0}; SECURITY_SUBJECT_CONTEXT SubjectSecurityContext = {0};
KPROCESSOR_MODE PreviousMode; KPROCESSOR_MODE PreviousMode;
@ -1198,11 +1198,11 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
} }
Status = ObReferenceObjectByHandle(TokenHandle, Status = ObReferenceObjectByHandle(TokenHandle,
TOKEN_QUERY, TOKEN_QUERY,
SepTokenObjectType, SepTokenObjectType,
PreviousMode, PreviousMode,
(PVOID*)&Token, (PVOID*)&Token,
NULL); NULL);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
DPRINT1("Failed to reference token (Status %lx)\n", Status); DPRINT1("Failed to reference token (Status %lx)\n", Status);
@ -1232,15 +1232,15 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
SeLockSubjectContext(&SubjectSecurityContext); SeLockSubjectContext(&SubjectSecurityContext);
if (SeAccessCheck(SecurityDescriptor, if (SeAccessCheck(SecurityDescriptor,
&SubjectSecurityContext, &SubjectSecurityContext,
TRUE, TRUE,
DesiredAccess, DesiredAccess,
0, 0,
&PrivilegeSet, &PrivilegeSet,
GenericMapping, GenericMapping,
PreviousMode, PreviousMode,
GrantedAccess, GrantedAccess,
AccessStatus)) AccessStatus))
{ {
Status = *AccessStatus; Status = *AccessStatus;
} }

724
reactos/ntoskrnl/se/token.c
View file

File diff suppressed because it is too large Load diff