Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-27 01:24:38 +00:00
Code Issues Projects Releases Packages Wiki Activity

The structure layout of self-relative security descriptors may be different from absolute security descriptors depending on the platform. Self-relative security descriptors always use 32 bit offsets while absolute security descriptors use pointers which could be 64 bits.

Browse source 
svn path=/trunk/; revision=13502
This commit is contained in:
Thomas Bluemel 2005-02-12 11:47:03 +00:00
parent 18e42fda45
commit df616c9b3b
8 changed files with 351 additions and 363 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
reactos/include/ntos/rtl.h
View file

@ -521,7 +521,7 @@ PushEntryList (
NTSTATUS STDCALL
RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR AbsSD,
PSECURITY_DESCRIPTOR RelSD,
PSECURITY_DESCRIPTOR_RELATIVE RelSD,
PULONG BufferLength);
NTSTATUS STDCALL
@ -852,6 +852,10 @@ NTSTATUS STDCALL
RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor,
ULONG Revision);
NTSTATUS STDCALL
RtlCreateSecurityDescriptorRelative (PSECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
ULONG Revision);
NTSTATUS
STDCALL
RtlCreateSystemVolumeInformationFolder(
@ -1999,7 +2003,7 @@ RtlLookupElementGenericTableFullAvl (
NTSTATUS STDCALL
RtlMakeSelfRelativeSD (PSECURITY_DESCRIPTOR AbsSD,
PSECURITY_DESCRIPTOR RelSD,
PSECURITY_DESCRIPTOR_RELATIVE RelSD,
PULONG BufferLength);
VOID STDCALL
@ -2261,7 +2265,7 @@ RtlSecondsSince1980ToTime (ULONG SecondsSince1980,
PLARGE_INTEGER Time);
NTSTATUS STDCALL
RtlSelfRelativeToAbsoluteSD (PSECURITY_DESCRIPTOR RelSD,
RtlSelfRelativeToAbsoluteSD (PSECURITY_DESCRIPTOR_RELATIVE RelSD,
PSECURITY_DESCRIPTOR AbsSD,
PULONG AbsSDSize,
PACL Dacl,
@ -2276,7 +2280,7 @@ RtlSelfRelativeToAbsoluteSD (PSECURITY_DESCRIPTOR RelSD,
NTSTATUS
STDCALL
RtlSelfRelativeToAbsoluteSD2(
PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
PSECURITY_DESCRIPTOR_RELATIVE SelfRelativeSecurityDescriptor,
PULONG BufferSize
);
@ -2659,7 +2663,7 @@ RtlValidateHeap (
BOOLEAN
STDCALL
RtlValidRelativeSecurityDescriptor (
IN PSECURITY_DESCRIPTOR SecurityDescriptorInput,
IN PSECURITY_DESCRIPTOR_RELATIVE SecurityDescriptorInput,
IN ULONG SecurityDescriptorLength,
IN SECURITY_INFORMATION RequiredInformation
);

11
reactos/include/ntos/security.h
View file

@ -283,6 +283,17 @@ typedef struct _SECURITY_DESCRIPTOR
PACL Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
ULONG Owner;
ULONG Group;
ULONG Sacl;
ULONG Dacl;
} SECURITY_DESCRIPTOR_RELATIVE, *PSECURITY_DESCRIPTOR_RELATIVE;
typedef struct _LUID_AND_ATTRIBUTES
{
LUID Luid;

4
reactos/lib/advapi32/sec/sec.c
View file

@ -258,7 +258,7 @@ MakeAbsoluteSD (
{
NTSTATUS Status;
Status = RtlSelfRelativeToAbsoluteSD (pSelfRelativeSecurityDescriptor,
Status = RtlSelfRelativeToAbsoluteSD ((PSECURITY_DESCRIPTOR_RELATIVE)pSelfRelativeSecurityDescriptor,
pAbsoluteSecurityDescriptor,
lpdwAbsoluteSecurityDescriptorSize,
pDacl,
@ -293,7 +293,7 @@ MakeSelfRelativeSD (
NTSTATUS Status;
Status = RtlAbsoluteToSelfRelativeSD (pAbsoluteSecurityDescriptor,
pSelfRelativeSecurityDescriptor,
(PSECURITY_DESCRIPTOR_RELATIVE)pSelfRelativeSecurityDescriptor,
(PULONG)lpdwBufferLength);
if (!NT_SUCCESS(Status))
{

529
reactos/lib/rtl/sd.c
View file

@ -17,6 +17,95 @@
/* FUNCTIONS ***************************************************************/
static VOID
RtlpQuerySecurityDescriptorPointers(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
OUT PSID *Owner OPTIONAL,
OUT PSID *Group OPTIONAL,
OUT PACL *Sacl OPTIONAL,
OUT PACL *Dacl OPTIONAL)
{
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
PSECURITY_DESCRIPTOR_RELATIVE RelSD = (PSECURITY_DESCRIPTOR_RELATIVE)SecurityDescriptor;
if(Owner != NULL)
{
*Owner = ((RelSD->Owner != 0) ? (PSID)((ULONG_PTR)RelSD + RelSD->Owner) : NULL);
}
if(Group != NULL)
{
*Group = ((RelSD->Group != 0) ? (PSID)((ULONG_PTR)RelSD + RelSD->Group) : NULL);
}
if(Sacl != NULL)
{
*Sacl = (((RelSD->Control & SE_SACL_PRESENT) && (RelSD->Sacl != 0)) ?
(PSID)((ULONG_PTR)RelSD + RelSD->Sacl) : NULL);
}
if(Dacl != NULL)
{
*Dacl = (((RelSD->Control & SE_DACL_PRESENT) && (RelSD->Dacl != 0)) ?
(PSID)((ULONG_PTR)RelSD + RelSD->Dacl) : NULL);
}
}
else
{
if(Owner != NULL)
{
*Owner = SecurityDescriptor->Owner;
}
if(Group != NULL)
{
*Group = SecurityDescriptor->Group;
}
if(Sacl != NULL)
{
*Sacl = ((SecurityDescriptor->Control & SE_SACL_PRESENT) ? SecurityDescriptor->Sacl : NULL);
}
if(Dacl != NULL)
{
*Dacl = ((SecurityDescriptor->Control & SE_DACL_PRESENT) ? SecurityDescriptor->Dacl : NULL);
}
}
}
static VOID
RtlpQuerySecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
PSID* Owner,
PULONG OwnerLength,
PSID* Group,
PULONG GroupLength,
PACL* Dacl,
PULONG DaclLength,
PACL* Sacl,
PULONG SaclLength)
{
RtlpQuerySecurityDescriptorPointers(SecurityDescriptor,
Owner,
Group,
Sacl,
Dacl);
if (Owner != NULL)
{
*OwnerLength = ((*Owner != NULL) ? ROUND_UP(RtlLengthSid(*Owner), 4) : 0);
}
if (Group != NULL)
{
*GroupLength = ((*Group != NULL) ? ROUND_UP(RtlLengthSid(*Group), 4) : 0);
}
if (Dacl != NULL)
{
*DaclLength = ((*Dacl != NULL) ? ROUND_UP((*Dacl)->AclSize, 4) : 0);
}
if (Sacl != NULL)
{
*SaclLength = ((*Sacl != NULL) ? ROUND_UP((*Sacl)->AclSize, 4) : 0);
}
}
/*
* @implemented
*/
@ -41,54 +130,61 @@ RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
}
NTSTATUS STDCALL
RtlCreateSecurityDescriptorRelative (PSECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
ULONG Revision)
{
if (Revision != SECURITY_DESCRIPTOR_REVISION1)
{
return STATUS_UNKNOWN_REVISION;
}
SecurityDescriptor->Revision = Revision;
SecurityDescriptor->Sbz1 = 0;
SecurityDescriptor->Control = SE_SELF_RELATIVE;
SecurityDescriptor->Owner = 0;
SecurityDescriptor->Group = 0;
SecurityDescriptor->Sacl = 0;
SecurityDescriptor->Dacl = 0;
return STATUS_SUCCESS;
}
/*
* @implemented
*/
ULONG STDCALL
RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
{
PSID Owner, Group;
PACL Sacl, Dacl;
ULONG Length = sizeof(SECURITY_DESCRIPTOR);
RtlpQuerySecurityDescriptorPointers(SecurityDescriptor,
&Owner,
&Group,
&Sacl,
&Dacl);
if (SecurityDescriptor->Owner != NULL)
if (Owner != NULL)
{
PSID Owner = SecurityDescriptor->Owner;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
Owner = (PSID)((ULONG_PTR)Owner + (ULONG_PTR)SecurityDescriptor);
}
Length = Length + ROUND_UP(RtlLengthSid(Owner), 4);
Length += ROUND_UP(RtlLengthSid(Owner), 4);
}
if (SecurityDescriptor->Group != NULL)
if (Group != NULL)
{
PSID Group = SecurityDescriptor->Group;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
Group = (PSID)((ULONG_PTR)Group + (ULONG_PTR)SecurityDescriptor);
}
Length = Length + ROUND_UP(RtlLengthSid(Group), 4);
Length += ROUND_UP(RtlLengthSid(Group), 4);
}
if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
SecurityDescriptor->Dacl != NULL)
if (Dacl != NULL)
{
PACL Dacl = SecurityDescriptor->Dacl;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
Dacl = (PACL)((ULONG_PTR)Dacl + (ULONG_PTR)SecurityDescriptor);
}
Length = Length + ROUND_UP(Dacl->AclSize, 4);
Length += ROUND_UP(Dacl->AclSize, 4);
}
if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
SecurityDescriptor->Sacl != NULL)
if (Sacl != NULL)
{
PACL Sacl = SecurityDescriptor->Sacl;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
Sacl = (PACL)((ULONG_PTR)Sacl + (ULONG_PTR)SecurityDescriptor);
}
Length = Length + ROUND_UP(Sacl->AclSize, 4);
Length += ROUND_UP(Sacl->AclSize, 4);
}
return Length;
@ -116,27 +212,13 @@ RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
}
*DaclPresent = TRUE;
if (SecurityDescriptor->Dacl == NULL)
{
*Dacl = NULL;
}
else
{
*Dacl = SecurityDescriptor->Dacl;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
*Dacl = (PACL)((ULONG_PTR)*Dacl + (ULONG_PTR)SecurityDescriptor);
}
}
RtlpQuerySecurityDescriptorPointers(SecurityDescriptor,
NULL,
NULL,
NULL,
Dacl);
if (SecurityDescriptor->Control & SE_DACL_DEFAULTED)
{
*DaclDefaulted = TRUE;
}
else
{
*DaclDefaulted = FALSE;
}
*DaclDefaulted = ((SecurityDescriptor->Control & SE_DACL_DEFAULTED) ? TRUE : FALSE);
return STATUS_SUCCESS;
}
@ -186,67 +268,26 @@ RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
BOOLEAN STDCALL
RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor)
{
PSID Owner, Group;
PACL Sacl, Dacl;
if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
{
return FALSE;
}
RtlpQuerySecurityDescriptorPointers(SecurityDescriptor,
&Owner,
&Group,
&Sacl,
&Dacl);
if (SecurityDescriptor->Owner != NULL)
if ((Owner != NULL && !RtlValidSid(Owner)) ||
(Group != NULL && !RtlValidSid(Group)) ||
(Sacl != NULL && !RtlValidAcl(Sacl)) ||
(Dacl != NULL && !RtlValidAcl(Dacl)))
{
PSID Owner = SecurityDescriptor->Owner;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
Owner = (PSID)((ULONG_PTR)Owner + (ULONG_PTR)SecurityDescriptor);
}
if (!RtlValidSid(Owner))
{
return FALSE;
}
}
if (SecurityDescriptor->Group != NULL)
{
PSID Group = SecurityDescriptor->Group;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
Group = (PSID)((ULONG_PTR)Group + (ULONG_PTR)SecurityDescriptor);
}
if (!RtlValidSid(Group))
{
return FALSE;
}
}
if (SecurityDescriptor->Control & SE_DACL_PRESENT &&
SecurityDescriptor->Dacl != NULL)
{
PACL Dacl = SecurityDescriptor->Dacl;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
Dacl = (PACL)((ULONG_PTR)Dacl + (ULONG_PTR)SecurityDescriptor);
}
if (!RtlValidAcl(Dacl))
{
return FALSE;
}
}
if (SecurityDescriptor->Control & SE_SACL_PRESENT &&
SecurityDescriptor->Sacl != NULL)
{
PACL Sacl = SecurityDescriptor->Sacl;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
Sacl = (PACL)((ULONG_PTR)Sacl + (ULONG_PTR)SecurityDescriptor);
}
if (!RtlValidAcl(Sacl))
{
return FALSE;
}
return FALSE;
}
return TRUE;
@ -296,27 +337,13 @@ RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
return STATUS_UNKNOWN_REVISION;
}
if (SecurityDescriptor->Owner != NULL)
{
*Owner = SecurityDescriptor->Owner;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
*Owner = (PSID)((ULONG_PTR)*Owner + (ULONG_PTR)SecurityDescriptor);
}
}
else
{
*Owner = NULL;
}
RtlpQuerySecurityDescriptorPointers(SecurityDescriptor,
Owner,
NULL,
NULL,
NULL);
if (SecurityDescriptor->Control & SE_OWNER_DEFAULTED)
{
*OwnerDefaulted = TRUE;
}
else
{
*OwnerDefaulted = FALSE;
}
*OwnerDefaulted = ((SecurityDescriptor->Control & SE_OWNER_DEFAULTED) ? TRUE : FALSE);
return STATUS_SUCCESS;
}
@ -364,142 +391,25 @@ RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
return STATUS_UNKNOWN_REVISION;
}
if (SecurityDescriptor->Group != NULL)
{
*Group = SecurityDescriptor->Group;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
*Group = (PSID)((ULONG_PTR)*Group + (ULONG_PTR)SecurityDescriptor);
}
}
else
{
*Group = NULL;
}
RtlpQuerySecurityDescriptorPointers(SecurityDescriptor,
NULL,
Group,
NULL,
NULL);
if (SecurityDescriptor->Control & SE_GROUP_DEFAULTED)
{
*GroupDefaulted = TRUE;
}
else
{
*GroupDefaulted = FALSE;
}
*GroupDefaulted = ((SecurityDescriptor->Control & SE_GROUP_DEFAULTED) ? TRUE : FALSE);
return STATUS_SUCCESS;
}
static VOID
RtlpQuerySecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
PSID* Owner,
PULONG OwnerLength,
PSID* Group,
PULONG GroupLength,
PACL* Dacl,
PULONG DaclLength,
PACL* Sacl,
PULONG SaclLength)
{
if (SecurityDescriptor->Owner != NULL)
{
*Owner = SecurityDescriptor->Owner;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
*Owner = (PSID)((ULONG_PTR)*Owner + (ULONG_PTR)SecurityDescriptor);
}
}
else
{
*Owner = NULL;
}
if (*Owner != NULL)
{
*OwnerLength = ROUND_UP(RtlLengthSid(*Owner), 4);
}
else
{
*OwnerLength = 0;
}
if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
SecurityDescriptor->Dacl != NULL)
{
*Dacl = SecurityDescriptor->Dacl;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
*Dacl = (PACL)((ULONG_PTR)*Dacl + (ULONG_PTR)SecurityDescriptor);
}
}
else
{
*Dacl = NULL;
}
if (*Dacl != NULL)
{
*DaclLength = ROUND_UP((*Dacl)->AclSize, 4);
}
else
{
*DaclLength = 0;
}
if (SecurityDescriptor->Group != NULL)
{
*Group = SecurityDescriptor->Group;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
*Group = (PSID)((ULONG_PTR)*Group + (ULONG_PTR)SecurityDescriptor);
}
}
else
{
*Group = NULL;
}
if (*Group != NULL)
{
*GroupLength = ROUND_UP(RtlLengthSid(*Group), 4);
}
else
{
*GroupLength = 0;
}
if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
SecurityDescriptor->Sacl != NULL)
{
*Sacl = SecurityDescriptor->Sacl;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
*Sacl = (PACL)((ULONG_PTR)*Sacl + (ULONG_PTR)SecurityDescriptor);
}
}
else
{
*Sacl = NULL;
}
if (*Sacl != NULL)
{
*SaclLength = ROUND_UP((*Sacl)->AclSize, 4);
}
else
{
*SaclLength = 0;
}
}
/*
* @implemented
*/
NTSTATUS STDCALL
RtlMakeSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
PSECURITY_DESCRIPTOR RelSD,
PULONG BufferLength)
PSECURITY_DESCRIPTOR_RELATIVE RelSD,
PULONG BufferLength)
{
PSID Owner;
PSID Group;
@ -522,7 +432,7 @@ RtlMakeSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
&Sacl,
&SaclLength);
TotalLength = OwnerLength + GroupLength + SaclLength + DaclLength + sizeof(SECURITY_DESCRIPTOR);
TotalLength = sizeof(SECURITY_DESCRIPTOR_RELATIVE) + OwnerLength + GroupLength + SaclLength + DaclLength;
if (*BufferLength < TotalLength)
{
return STATUS_BUFFER_TOO_SMALL;
@ -530,48 +440,48 @@ RtlMakeSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
RtlZeroMemory(RelSD,
TotalLength);
memmove(RelSD,
AbsSD,
sizeof(SECURITY_DESCRIPTOR));
Current = (ULONG_PTR)RelSD + sizeof(SECURITY_DESCRIPTOR);
RelSD->Revision = AbsSD->Revision;
RelSD->Sbz1 = AbsSD->Sbz1;
RelSD->Control = AbsSD->Control | SE_SELF_RELATIVE;
Current = (ULONG_PTR)(RelSD + 1);
if (SaclLength != 0)
{
memmove((PVOID)Current,
Sacl,
SaclLength);
RelSD->Sacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)RelSD);
RtlCopyMemory((PVOID)Current,
Sacl,
SaclLength);
RelSD->Sacl = (ULONG)((ULONG_PTR)Current - (ULONG_PTR)RelSD);
Current += SaclLength;
}
if (DaclLength != 0)
{
memmove((PVOID)Current,
Dacl,
DaclLength);
RelSD->Dacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)RelSD);
RtlCopyMemory((PVOID)Current,
Dacl,
DaclLength);
RelSD->Dacl = (ULONG)((ULONG_PTR)Current - (ULONG_PTR)RelSD);
Current += DaclLength;
}
if (OwnerLength != 0)
{
memmove((PVOID)Current,
Owner,
OwnerLength);
RelSD->Owner = (PSID)((ULONG_PTR)Current - (ULONG_PTR)RelSD);
RtlCopyMemory((PVOID)Current,
Owner,
OwnerLength);
RelSD->Owner = (ULONG)((ULONG_PTR)Current - (ULONG_PTR)RelSD);
Current += OwnerLength;
}
if (GroupLength != 0)
{
memmove((PVOID)Current,
Group,
GroupLength);
RelSD->Group = (PSID)((ULONG_PTR)Current - (ULONG_PTR)RelSD);
RtlCopyMemory((PVOID)Current,
Group,
GroupLength);
RelSD->Group = (ULONG)((ULONG_PTR)Current - (ULONG_PTR)RelSD);
}
RelSD->Control |= SE_SELF_RELATIVE;
return STATUS_SUCCESS;
}
@ -581,7 +491,7 @@ RtlMakeSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
*/
NTSTATUS STDCALL
RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR AbsSD,
PSECURITY_DESCRIPTOR RelSD,
PSECURITY_DESCRIPTOR_RELATIVE RelSD,
PULONG BufferLength)
{
if (AbsSD->Control & SE_SELF_RELATIVE)
@ -658,27 +568,13 @@ RtlGetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
}
*SaclPresent = TRUE;
if (SecurityDescriptor->Sacl == NULL)
{
*Sacl = NULL;
}
else
{
*Sacl = SecurityDescriptor->Sacl;
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
{
*Sacl = (PACL)((ULONG_PTR)*Sacl + (ULONG_PTR)SecurityDescriptor);
}
}
RtlpQuerySecurityDescriptorPointers(SecurityDescriptor,
NULL,
NULL,
Sacl,
NULL);
if (SecurityDescriptor->Control & SE_SACL_DEFAULTED)
{
*SaclDefaulted = TRUE;
}
else
{
*SaclDefaulted = FALSE;
}
*SaclDefaulted = ((SecurityDescriptor->Control & SE_SACL_DEFAULTED) ? TRUE : FALSE);
return STATUS_SUCCESS;
}
@ -726,7 +622,7 @@ RtlSetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
* @implemented
*/
NTSTATUS STDCALL
RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR RelSD,
RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR_RELATIVE RelSD,
PSECURITY_DESCRIPTOR AbsSD,
PDWORD AbsSDSize,
PACL Dacl,
@ -747,10 +643,17 @@ RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR RelSD,
PACL pDacl;
PACL pSacl;
if (!(RelSD->Control & SE_SELF_RELATIVE))
return STATUS_BAD_DESCRIPTOR_FORMAT;
if (RelSD->Revision != SECURITY_DESCRIPTOR_REVISION1)
{
return STATUS_UNKNOWN_REVISION;
}
RtlpQuerySecurityDescriptor (RelSD,
if (!(RelSD->Control & SE_SELF_RELATIVE))
{
return STATUS_BAD_DESCRIPTOR_FORMAT;
}
RtlpQuerySecurityDescriptor ((PSECURITY_DESCRIPTOR)RelSD,
&pOwner,
&OwnerLength,
&pGroup,
@ -764,16 +667,18 @@ RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR RelSD,
GroupLength > *GroupSize ||
DaclLength > *DaclSize ||
SaclLength > *SaclSize)
{
return STATUS_BUFFER_TOO_SMALL;
}
memmove (Owner, pOwner, OwnerLength);
memmove (Group, pGroup, GroupLength);
memmove (Dacl, pDacl, DaclLength);
memmove (Sacl, pSacl, SaclLength);
RtlCopyMemory (Owner, pOwner, OwnerLength);
RtlCopyMemory (Group, pGroup, GroupLength);
RtlCopyMemory (Dacl, pDacl, DaclLength);
RtlCopyMemory (Sacl, pSacl, SaclLength);
memmove (AbsSD, RelSD, sizeof (SECURITY_DESCRIPTOR));
AbsSD->Control &= ~SE_SELF_RELATIVE;
AbsSD->Revision = RelSD->Revision;
AbsSD->Sbz1 = RelSD->Sbz1;
AbsSD->Control = RelSD->Control & ~SE_SELF_RELATIVE;
AbsSD->Owner = Owner;
AbsSD->Group = Group;
AbsSD->Dacl = Dacl;
@ -792,7 +697,7 @@ RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR RelSD,
* @unimplemented
*/
NTSTATUS STDCALL
RtlSelfRelativeToAbsoluteSD2(PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
RtlSelfRelativeToAbsoluteSD2(PSECURITY_DESCRIPTOR_RELATIVE SelfRelativeSecurityDescriptor,
PULONG BufferSize)
{
UNIMPLEMENTED;
@ -804,18 +709,18 @@ RtlSelfRelativeToAbsoluteSD2(PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
* @implemented
*/
BOOLEAN STDCALL
RtlValidRelativeSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptorInput,
RtlValidRelativeSecurityDescriptor(IN PSECURITY_DESCRIPTOR_RELATIVE SecurityDescriptorInput,
IN ULONG SecurityDescriptorLength,
IN SECURITY_INFORMATION RequiredInformation)
{
if (SecurityDescriptorLength < sizeof(SECURITY_DESCRIPTOR) ||
if (SecurityDescriptorLength < sizeof(SECURITY_DESCRIPTOR_RELATIVE) ||
SecurityDescriptorInput->Revision != SECURITY_DESCRIPTOR_REVISION1 ||
!(SecurityDescriptorInput->Control & SE_SELF_RELATIVE))
{
return FALSE;
}
if (SecurityDescriptorInput->Owner != NULL)
if (SecurityDescriptorInput->Owner != 0)
{
PSID Owner = (PSID)((ULONG_PTR)SecurityDescriptorInput->Owner + (ULONG_PTR)SecurityDescriptorInput);
if (!RtlValidSid(Owner))
@ -828,7 +733,7 @@ RtlValidRelativeSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptorInp
return FALSE;
}
if (SecurityDescriptorInput->Group != NULL)
if (SecurityDescriptorInput->Group != 0)
{
PSID Group = (PSID)((ULONG_PTR)SecurityDescriptorInput->Group + (ULONG_PTR)SecurityDescriptorInput);
if (!RtlValidSid(Group))
@ -843,7 +748,7 @@ RtlValidRelativeSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptorInp
if (SecurityDescriptorInput->Control & SE_DACL_PRESENT)
{
if (SecurityDescriptorInput->Dacl != NULL &&
if (SecurityDescriptorInput->Dacl != 0 &&
!RtlValidAcl((PACL)((ULONG_PTR)SecurityDescriptorInput->Dacl + (ULONG_PTR)SecurityDescriptorInput)))
{
return FALSE;
@ -856,7 +761,7 @@ RtlValidRelativeSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptorInp
if (SecurityDescriptorInput->Control & SE_SACL_PRESENT)
{
if (SecurityDescriptorInput->Sacl != NULL &&
if (SecurityDescriptorInput->Sacl != 0 &&
!RtlValidAcl((PACL)((ULONG_PTR)SecurityDescriptorInput->Sacl + (ULONG_PTR)SecurityDescriptorInput)))
{
return FALSE;

117
reactos/ntoskrnl/se/sd.c
View file

@ -126,7 +126,7 @@ SeCaptureSecurityDescriptor(
ULONG OwnerSAC = 0, GroupSAC = 0;
ULONG OwnerSize = 0, GroupSize = 0;
ULONG SaclSize = 0, DaclSize = 0;
ULONG DescriptorSize = sizeof(SECURITY_DESCRIPTOR);
ULONG DescriptorSize = 0;
NTSTATUS Status = STATUS_SUCCESS;
if(OriginalSecurityDescriptor != NULL)
@ -135,12 +135,49 @@ SeCaptureSecurityDescriptor(
{
_SEH_TRY
{
/* first only probe and copy until the control field of the descriptor
to determine whether it's a self-relative descriptor */
DescriptorSize = (ULONG)((ULONG_PTR)&OriginalSecurityDescriptor->Control -
(ULONG_PTR)OriginalSecurityDescriptor) +
sizeof(OriginalSecurityDescriptor->Control);
ProbeForRead(OriginalSecurityDescriptor,
sizeof(SECURITY_DESCRIPTOR),
DescriptorSize,
sizeof(ULONG));
if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
{
Status = STATUS_UNKNOWN_REVISION;
_SEH_LEAVE;
}
/* make a copy on the stack */
DescriptorCopy = *OriginalSecurityDescriptor;
DescriptorCopy.Revision = OriginalSecurityDescriptor->Revision;
DescriptorCopy.Sbz1 = OriginalSecurityDescriptor->Sbz1;
DescriptorCopy.Control = OriginalSecurityDescriptor->Control;
DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ?
sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR));
/* probe and copy the entire security descriptor structure. The SIDs
and ACLs will be probed and copied later though */
ProbeForRead(OriginalSecurityDescriptor,
DescriptorSize,
sizeof(ULONG));
if(DescriptorCopy.Control & SE_SELF_RELATIVE)
{
PSECURITY_DESCRIPTOR_RELATIVE RelSD = (PSECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
DescriptorCopy.Owner = (PSID)RelSD->Owner;
DescriptorCopy.Group = (PSID)RelSD->Group;
DescriptorCopy.Sacl = (PACL)RelSD->Sacl;
DescriptorCopy.Dacl = (PACL)RelSD->Dacl;
}
else
{
DescriptorCopy.Owner = OriginalSecurityDescriptor->Owner;
DescriptorCopy.Group = OriginalSecurityDescriptor->Group;
DescriptorCopy.Sacl = OriginalSecurityDescriptor->Sacl;
DescriptorCopy.Dacl = OriginalSecurityDescriptor->Dacl;
}
}
_SEH_HANDLE
{
@ -165,13 +202,33 @@ SeCaptureSecurityDescriptor(
}
else
{
if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
{
return STATUS_UNKNOWN_REVISION;
}
/* make a copy on the stack */
DescriptorCopy = *OriginalSecurityDescriptor;
}
if(DescriptorCopy.Revision != SECURITY_DESCRIPTOR_REVISION1)
{
return STATUS_UNKNOWN_REVISION;
DescriptorCopy.Revision = OriginalSecurityDescriptor->Revision;
DescriptorCopy.Sbz1 = OriginalSecurityDescriptor->Sbz1;
DescriptorCopy.Control = OriginalSecurityDescriptor->Control;
DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ?
sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR));
if(DescriptorCopy.Control & SE_SELF_RELATIVE)
{
PSECURITY_DESCRIPTOR_RELATIVE RelSD = (PSECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
DescriptorCopy.Owner = (PSID)RelSD->Owner;
DescriptorCopy.Group = (PSID)RelSD->Group;
DescriptorCopy.Sacl = (PACL)RelSD->Sacl;
DescriptorCopy.Dacl = (PACL)RelSD->Dacl;
}
else
{
DescriptorCopy.Owner = OriginalSecurityDescriptor->Owner;
DescriptorCopy.Group = OriginalSecurityDescriptor->Group;
DescriptorCopy.Sacl = OriginalSecurityDescriptor->Sacl;
DescriptorCopy.Dacl = OriginalSecurityDescriptor->Dacl;
}
}
if(DescriptorCopy.Control & SE_SELF_RELATIVE)
@ -377,10 +434,11 @@ SeQuerySecurityDescriptorInfo(IN PSECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor OPTIONAL)
{
PSECURITY_DESCRIPTOR ObjectSd;
PSID Owner = 0;
PSID Group = 0;
PACL Dacl = 0;
PACL Sacl = 0;
PSECURITY_DESCRIPTOR_RELATIVE RelSD;
PSID Owner = NULL;
PSID Group = NULL;
PACL Dacl = NULL;
PACL Sacl = NULL;
ULONG OwnerLength = 0;
ULONG GroupLength = 0;
ULONG DaclLength = 0;
@ -388,19 +446,20 @@ SeQuerySecurityDescriptorInfo(IN PSECURITY_INFORMATION SecurityInformation,
ULONG Control = 0;
ULONG_PTR Current;
ULONG SdLength;
RelSD = (PSECURITY_DESCRIPTOR_RELATIVE)SecurityDescriptor;
if (*ObjectsSecurityDescriptor == NULL)
{
if (*Length < sizeof(SECURITY_DESCRIPTOR))
if (*Length < sizeof(SECURITY_DESCRIPTOR_RELATIVE))
{
*Length = sizeof(SECURITY_DESCRIPTOR);
*Length = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
return STATUS_BUFFER_TOO_SMALL;
}
*Length = sizeof(SECURITY_DESCRIPTOR);
RtlCreateSecurityDescriptor(SecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION);
SecurityDescriptor->Control |= SE_SELF_RELATIVE;
*Length = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
RtlCreateSecurityDescriptorRelative(RelSD,
SECURITY_DESCRIPTOR_REVISION);
return STATUS_SUCCESS;
}
@ -447,26 +506,26 @@ SeQuerySecurityDescriptorInfo(IN PSECURITY_INFORMATION SecurityInformation,
}
SdLength = OwnerLength + GroupLength + DaclLength +
SaclLength + sizeof(SECURITY_DESCRIPTOR);
if (*Length < sizeof(SECURITY_DESCRIPTOR))
SaclLength + sizeof(SECURITY_DESCRIPTOR_RELATIVE);
if (*Length < SdLength)
{
*Length = SdLength;
return STATUS_BUFFER_TOO_SMALL;
}
/* Build the new security descrtiptor */
RtlCreateSecurityDescriptor(SecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION);
SecurityDescriptor->Control = Control;
RtlCreateSecurityDescriptorRelative(RelSD,
SECURITY_DESCRIPTOR_REVISION);
RelSD->Control = Control;
Current = (ULONG_PTR)SecurityDescriptor + sizeof(SECURITY_DESCRIPTOR);
Current = (ULONG_PTR)(RelSD + 1);
if (OwnerLength != 0)
{
RtlCopyMemory((PVOID)Current,
Owner,
OwnerLength);
SecurityDescriptor->Owner = (PSID)(Current - (ULONG_PTR)SecurityDescriptor);
RelSD->Owner = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += OwnerLength;
}
@ -475,7 +534,7 @@ SeQuerySecurityDescriptorInfo(IN PSECURITY_INFORMATION SecurityInformation,
RtlCopyMemory((PVOID)Current,
Group,
GroupLength);
SecurityDescriptor->Group = (PSID)(Current - (ULONG_PTR)SecurityDescriptor);
RelSD->Group = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += GroupLength;
}
@ -484,7 +543,7 @@ SeQuerySecurityDescriptorInfo(IN PSECURITY_INFORMATION SecurityInformation,
RtlCopyMemory((PVOID)Current,
Dacl,
DaclLength);
SecurityDescriptor->Dacl = (PACL)(Current - (ULONG_PTR)SecurityDescriptor);
RelSD->Dacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += DaclLength;
}
@ -493,7 +552,7 @@ SeQuerySecurityDescriptorInfo(IN PSECURITY_INFORMATION SecurityInformation,
RtlCopyMemory((PVOID)Current,
Sacl,
SaclLength);
SecurityDescriptor->Sacl = (PACL)(Current - (ULONG_PTR)SecurityDescriptor);
RelSD->Sacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += SaclLength;
}

28
reactos/w32api/include/ddk/ntifs.h
View file

@ -3347,9 +3347,9 @@ NTSYSAPI
NTSTATUS
NTAPI
RtlAbsoluteToSelfRelativeSD (
IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
IN PULONG BufferLength
IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
IN OUT PSECURITY_DESCRIPTOR_RELATIVE SelfRelativeSecurityDescriptor,
IN PULONG BufferLength
);
NTSYSAPI
@ -3593,17 +3593,17 @@ NTSYSAPI
NTSTATUS
NTAPI
RtlSelfRelativeToAbsoluteSD (
IN PSECURITY_DESCRIPTOR SelfRelativeSD,
OUT PSECURITY_DESCRIPTOR AbsoluteSD,
IN PULONG AbsoluteSDSize,
IN PACL Dacl,
IN PULONG DaclSize,
IN PACL Sacl,
IN PULONG SaclSize,
IN PSID Owner,
IN PULONG OwnerSize,
IN PSID PrimaryGroup,
IN PULONG PrimaryGroupSize
IN PSECURITY_DESCRIPTOR_RELATIVE SelfRelativeSD,
OUT PSECURITY_DESCRIPTOR AbsoluteSD,
IN PULONG AbsoluteSDSize,
IN PACL Dacl,
IN PULONG DaclSize,
IN PACL Sacl,
IN PULONG SaclSize,
IN PSID Owner,
IN PULONG OwnerSize,
IN PSID PrimaryGroup,
IN PULONG PrimaryGroupSize
);
#endif /* (VER_PRODUCTBUILD >= 2195) */

2
reactos/w32api/include/ddk/winddk.h
View file

@ -5223,7 +5223,7 @@ NTOSAPI
BOOLEAN
DDKAPI
RtlValidRelativeSecurityDescriptor(
IN PSECURITY_DESCRIPTOR SecurityDescriptorInput,
IN PSECURITY_DESCRIPTOR_RELATIVE SecurityDescriptorInput,
IN ULONG SecurityDescriptorLength,
IN SECURITY_INFORMATION RequiredInformation);

9
reactos/w32api/include/winnt.h
View file

@ -2118,6 +2118,15 @@ typedef struct _SECURITY_DESCRIPTOR {
PACL Sacl;
PACL Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
ULONG Owner;
ULONG Group;
ULONG Sacl;
ULONG Dacl;
} SECURITY_DESCRIPTOR_RELATIVE, *PSECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser=1,TokenGroups,TokenPrivileges,TokenOwner,
TokenPrimaryGroup,TokenDefaultDacl,TokenSource,TokenType,