Commit graph

15 commits

Author SHA1 Message Date
George Bișoc
8b75dce45a
[NTOS:SE][FORMATTING] Fix the file header
This fixes the copyright file header at the top of the file, reflecting
the Coding Style rules. No code changes!
2023-03-07 18:39:46 +01:00
George Bișoc
e2ee126c23
[NTOS:SE] Add new ACE types for SepGetSidFromAce routine 2022-11-08 18:24:37 +01:00
George Bișoc
9a2c62b544
[NTOS:SE] Reorganize the security manager component
The current state of Security manager's code is kind of a mess. Mainly, there's code scattered around places where they shouldn't belong and token implementation (token.c) is already of a bloat in itself as it is. The file has over 6k lines and it's subject to grow exponentially with improvements, features, whatever that is.

With that being said, the token implementation code in the kernel will be split accordingly and rest of the code moved to appropriate places. The new layout will look as follows (excluding the already existing files):

- client.c (Client security implementation code)
- objtype.c (Object type list implementation code -- more code related to object types will be put here when I'm going to implement object type access checks in the future)
- subject.c (Subject security context support)

The token implementation in the kernel will be split in 4 distinct files as shown:

- token.c (Base token support routines)
- tokenlif.c (Life management of a token object -- that is Duplication, Creation and Filtering)
- tokencls.c (Token Query/Set Information Classes support)
- tokenadj.c (Token privileges/groups adjusting support)

In addition to that, tidy up the internal header and reorganize it as well.
2022-05-29 20:22:19 +02:00
George Bișoc
bac67a65f2
[NTOS:SE] Implement SepGetSidFromAce
This function will be used to retrieve a security identifier from a valid access control entry in the kernel. Mostly and exclusively used within access checks related code and such.
2022-05-06 10:09:53 +02:00
George Bișoc
1b06522638
[NTOS:SE] Assign the captured SID and/or privileges to NULL manually on token filtering
This reverts 8479509 commit which pretty much does nothing at all (the captured pointer is NULL within the stack of the function has no effect outside of the function). My mistake, sorry.
2022-02-10 09:51:58 +01:00
George Bișoc
8479509a7b
[NTOS:SE] Assign the captured privilege or SID as NULL when releasing
Whenever a captured security property such as privilege or SID is released, we must not have such captured property point at random address in memory but rather we must assign it as NULL after it's been freed from pool memory. This avoids potential double-after-free situations where we might release a buffer twice.
This is exactly the case with token filtering.
2022-02-09 10:29:56 +01:00
George Bișoc
f909e8762d
[NTOS:SE] Validate the SID lengths when capturing them
SIDs are variadic by nature which means their lengths can vary in a given amount of time and certain factors that allow for this happen. This also especially can lead to issues when capturing SIDs and attributes because SeCaptureSidAndAttributesArray might end up overwriting the buffer during the time it's been called.

Therefore when we're copying the SIDs, validate their lengths. In addition to that, update the documentation header accordingly and add some debug prints in code.
2021-11-16 10:55:44 +01:00
George Bișoc
9c1c88de3e
[NTOS:SE] Define a name macro for the threshold value
Instead of having this magic value as is, describe it within a macro for readability purposes.
2021-09-27 09:39:23 +02:00
Hermès Bélusca-Maïto
9393fc320e
[FORMATTING] Remove trailing whitespace. Addendum to 34593d93.
Excluded: 3rd-party code (incl. wine) and most of the win32ss.
2021-09-13 03:52:22 +02:00
George Bișoc
8567d8145e
[NTOS:SE] Annotate the remaining functions with SAL 2021-08-22 10:29:58 +02:00
George Bișoc
6413009c10
[NTOS:SE] Document the whole subsystem in Doxygen format
And update the file comment headers.
2021-08-22 10:29:47 +02:00
George Bișoc
7692c10527
[NTOS:SE] Unify all the SRM tags in one place
And rename SEP_LOGON_SESSION_TAG and SEP_LOGON_NOTIFICATION_TAG to TAG_LOGON_SESSION and TAG_LOGON_NOTIFICATION respectively.
2021-07-31 16:10:50 +02:00
Victor Perevertkin
5c7ce4475e
[REACTOS] Cleanup INIT and some PAGE section allocations
- Change INIT_FUNCTION and INIT_SECTION to CODE_SEG("INIT") and DATA_SEG("INIT") respectively
- Remove INIT_FUNCTION from function prototypes
- Remove alloc_text pragma calls as they are not needed anymore
2020-11-02 21:45:31 +03:00
Serge Gautherie
b20f815126
[NTOSKRNL] Place INIT_FUNCTION before the return type (#2823)
(but after 'static' or SAL 2 annotation.)
Follow-up to 71fefa32, which mentions that it's actually required by the compiler in some circumstances.
2020-05-23 15:56:10 +02:00
Colin Finck
c2c66aff7d Git conversion: Make reactos the root directory, move rosapps, rostests, wallpapers into modules, and delete rossubsys. 2017-10-03 07:45:34 +00:00
Renamed from reactos/ntoskrnl/se/sid.c (Browse further)