[RTL] Improve usage of absolte vs self-relative security descriptors

- RtlpQuerySecurityDescriptor: Change argument type of first parameter from PISECURITY_DESCRIPTOR to PSECURITY_DESCRIPTOR, since it handles both absolute and self-relative SDs. - RtlMakeSelfRelativeSD: rename first parameter from AbsoluteSD to SecurityDescriptor, since it handles both absolute and self-relative SDs. - SepGetGroupFromDescriptor/SepGetOwnerFromDescriptor/SepGetDaclFromDescriptor/SepGetSaclFromDescriptor: Change parameter type from PVOID to PSECURITY_DESCRIPTOR for clarity.
2025-07-31 09:11:42 +00:00 · 2023-09-23 17:49:27 +03:00 · 2023-09-23 17:49:27 +03:00 · df053d4e43
commit df053d4e43
parent 389d04650f
2 changed files with 8 additions and 9 deletions
--- a/ntoskrnl/include/internal/se.h
+++ b/ntoskrnl/include/internal/se.h
@ -87,7 +87,7 @@ typedef struct _TOKEN_AUDIT_POLICY_INFORMATION
 FORCEINLINE
 PSID
 SepGetGroupFromDescriptor(
-    _Inout_ PVOID _Descriptor)
+    _Inout_ PSECURITY_DESCRIPTOR _Descriptor)
 {
    PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
    PISECURITY_DESCRIPTOR_RELATIVE SdRel;
@ -107,7 +107,7 @@ SepGetGroupFromDescriptor(
 FORCEINLINE
 PSID
 SepGetOwnerFromDescriptor(
-    _Inout_ PVOID _Descriptor)
+    _Inout_ PSECURITY_DESCRIPTOR _Descriptor)
 {
    PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
    PISECURITY_DESCRIPTOR_RELATIVE SdRel;
@ -127,7 +127,7 @@ SepGetOwnerFromDescriptor(
 FORCEINLINE
 PACL
 SepGetDaclFromDescriptor(
-    _Inout_ PVOID _Descriptor)
+    _Inout_ PSECURITY_DESCRIPTOR _Descriptor)
 {
    PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
    PISECURITY_DESCRIPTOR_RELATIVE SdRel;
@ -149,7 +149,7 @@ SepGetDaclFromDescriptor(
 FORCEINLINE
 PACL
 SepGetSaclFromDescriptor(
-    _Inout_ PVOID _Descriptor)
+    _Inout_ PSECURITY_DESCRIPTOR _Descriptor)
 {
    PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
    PISECURITY_DESCRIPTOR_RELATIVE SdRel;
--- a/sdk/lib/rtl/sd.c
+++ b/sdk/lib/rtl/sd.c
@ -42,7 +42,7 @@ RtlpValidateSDOffsetAndSize(IN ULONG Offset,

 VOID
 NTAPI
-RtlpQuerySecurityDescriptor(IN PISECURITY_DESCRIPTOR SecurityDescriptor,
+RtlpQuerySecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
                            OUT PSID *Owner,
                            OUT PULONG OwnerSize,
                            OUT PSID *PrimaryGroup,
@ -644,7 +644,7 @@ RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
 */
 NTSTATUS
 NTAPI
-RtlMakeSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSD,
+RtlMakeSelfRelativeSD(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
                      OUT PSECURITY_DESCRIPTOR SelfRelativeSD,
                      IN OUT PULONG BufferLength)
 {
@ -652,12 +652,11 @@ RtlMakeSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSD,
    PACL Sacl, Dacl;
    ULONG OwnerLength, GroupLength, SaclLength, DaclLength, TotalLength;
    ULONG_PTR Current;
-    PISECURITY_DESCRIPTOR Sd = (PISECURITY_DESCRIPTOR)AbsoluteSD;
    PISECURITY_DESCRIPTOR_RELATIVE RelSd = (PISECURITY_DESCRIPTOR_RELATIVE)SelfRelativeSD;
    PAGED_CODE_RTL();

    /* Query all components */
-    RtlpQuerySecurityDescriptor(Sd,
+    RtlpQuerySecurityDescriptor(SecurityDescriptor,
                                &Owner,
                                &OwnerLength,
                                &Group,
@ -687,7 +686,7 @@ RtlMakeSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSD,

    /* Copy the header fields */
    RtlCopyMemory(RelSd,
-                  Sd,
+                  SecurityDescriptor,
                  FIELD_OFFSET(SECURITY_DESCRIPTOR_RELATIVE, Owner));

    /* Set the current copy pointer */