dlls/ntdll/sec.c

   1 /*
   2  *      Security functions
   3  *
   4  *      Copyright 1996-1998 Marcus Meissner
   5  */
   6
   7 #include <stdlib.h>
   8 #include <string.h>
   9 #include <time.h>
  10 #include <ctype.h>
  11 #include <math.h>
  12 #include "windef.h"
  13 #include "winbase.h"
  14 #include "winuser.h"
  15 #include "wine/winestring.h"
  16 #include "file.h"
  17 #include "heap.h"
  18 #include "winnls.h"
  19 #include "debugstr.h"
  20 #include "debug.h"
  21 #include "winuser.h"
  22 #include "winerror.h"
  23 #include "stackframe.h"
  24
  25 #include "ntddk.h"
  26 #include "winreg.h"
  27
  28 /*
  29  *      SID FUNCTIONS
  30  */
  31
  32 /******************************************************************************
  33  *  RtlAllocateAndInitializeSid         [NTDLL.265]
  34  *
  35  */
  36 BOOLEAN WINAPI RtlAllocateAndInitializeSid (PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
  37         DWORD nSubAuthorityCount,DWORD x3,DWORD x4,DWORD x5,DWORD x6,DWORD x7,DWORD x8,DWORD x9,DWORD x10, PSID pSid)
  38 {
  39         FIXME(ntdll,"(%p,0x%08lx,0x%08lx,0x%08lx,0x%08lx,0x%08lx,0x%08lx,0x%08lx,0x%08lx,0x%08lx,%p),stub!\n",
  40                 pIdentifierAuthority,nSubAuthorityCount,x3,x4,x5,x6,x7,x8,x9,x10,pSid);
  41         return 0;
  42 }
  43 /******************************************************************************
  44  *  RtlEqualSid         [NTDLL.352]
  45  *
  46  */
  47 DWORD WINAPI RtlEqualSid(DWORD x1,DWORD x2)
  48 {
  49         FIXME(ntdll,"(0x%08lx,0x%08lx),stub!\n", x1,x2);
  50         return TRUE;
  51 }
  52
  53 /******************************************************************************
  54  *  RtlFreeSid          [NTDLL.376]
  55  */
  56 DWORD WINAPI RtlFreeSid(DWORD x1)
  57 {
  58         FIXME(ntdll,"(0x%08lx),stub!\n", x1);
  59         return TRUE;
  60 }
  61
  62 /**************************************************************************
  63  *                 RtlLengthRequiredSid                 [NTDLL.427]
  64  */
  65 DWORD WINAPI RtlLengthRequiredSid(DWORD nrofsubauths)
  66 {
  67         return sizeof(DWORD)*nrofsubauths+sizeof(SID);
  68 }
  69
  70 /**************************************************************************
  71  *                 RtlLengthSid                         [NTDLL.429]
  72  */
  73 DWORD WINAPI RtlLengthSid(PSID sid)
  74 {
  75         TRACE(ntdll,"sid=%p\n",sid);
  76         if (!sid)
  77           return FALSE;
  78         return sizeof(DWORD)*sid->SubAuthorityCount+sizeof(SID);
  79 }
  80
  81 /**************************************************************************
  82  *                 RtlInitializeSid                     [NTDLL.410]
  83  */
  84 DWORD WINAPI RtlInitializeSid(PSID PSID,PSID_IDENTIFIER_AUTHORITY PSIDauth,
  85                               DWORD c)
  86 {
  87         BYTE    a = c&0xff;
  88
  89         if (a>=SID_MAX_SUB_AUTHORITIES)
  90                 return a;
  91         PSID->SubAuthorityCount = a;
  92         PSID->Revision           = SID_REVISION;
  93         memcpy(&(PSID->IdentifierAuthority),PSIDauth,sizeof(SID_IDENTIFIER_AUTHORITY));
  94         return STATUS_SUCCESS;
  95 }
  96
  97 /**************************************************************************
  98  *                 RtlSubAuthoritySid                   [NTDLL.497]
  99  */
 100 LPDWORD WINAPI RtlSubAuthoritySid(PSID PSID,DWORD nr)
 101 {
 102         return &(PSID->SubAuthority[nr]);
 103 }
 104
 105 /**************************************************************************
 106  *                 RtlSubAuthorityCountSid              [NTDLL.496]
 107  */
 108
 109 LPBYTE WINAPI RtlSubAuthorityCountSid(PSID PSID)
 110 {
 111         return ((LPBYTE)PSID)+1;
 112 }
 113
 114 /**************************************************************************
 115  *                 RtlCopySid                           [NTDLL.302]
 116  */
 117 DWORD WINAPI RtlCopySid(DWORD len,PSID to,PSID from)
 118 {       if (!from)
 119                 return 0;
 120         if (len<(from->SubAuthorityCount*4+8))
 121                 return STATUS_BUFFER_TOO_SMALL;
 122         memmove(to,from,from->SubAuthorityCount*4+8);
 123         return STATUS_SUCCESS;
 124 }
 125
 126 /*
 127  *      security descriptor functions
 128  */
 129
 130 /**************************************************************************
 131  * RtlCreateSecurityDescriptor                  [NTDLL.313]
 132  *
 133  * RETURNS:
 134  *  0 success,
 135  *  STATUS_INVALID_OWNER, STATUS_PRIVILEGE_NOT_HELD, STATUS_NO_INHERITANCE,
 136  *  STATUS_NO_MEMORY
 137  */
 138 NTSTATUS WINAPI RtlCreateSecurityDescriptor(
 139         PSECURITY_DESCRIPTOR lpsd,
 140         DWORD rev)
 141 {
 142         if (rev!=SECURITY_DESCRIPTOR_REVISION)
 143                 return STATUS_UNKNOWN_REVISION;
 144         memset(lpsd,'\0',sizeof(*lpsd));
 145         lpsd->Revision = SECURITY_DESCRIPTOR_REVISION;
 146         return STATUS_SUCCESS;
 147 }
 148 /**************************************************************************
 149  * RtlValidSecurityDescriptor                   [NTDLL.313]
 150  *
 151  */
 152 NTSTATUS WINAPI RtlValidSecurityDescriptor(
 153         PSECURITY_DESCRIPTOR SecurityDescriptor)
 154 {
 155         if ( ! SecurityDescriptor )
 156                 return STATUS_INVALID_SECURITY_DESCR;
 157         if ( SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION )
 158                 return STATUS_UNKNOWN_REVISION;
 159
 160         return STATUS_SUCCESS;
 161 }
 162
 163 /**************************************************************************
 164  *  RtlLengthSecurityDescriptor                 [NTDLL]
 165  */
 166 ULONG WINAPI RtlLengthSecurityDescriptor(
 167         PSECURITY_DESCRIPTOR SecurityDescriptor)
 168 {
 169         ULONG Size;
 170         Size = SECURITY_DESCRIPTOR_MIN_LENGTH;
 171         if ( SecurityDescriptor == NULL )
 172                 return 0;
 173
 174         if ( SecurityDescriptor->Owner != NULL )
 175                 Size += SecurityDescriptor->Owner->SubAuthorityCount;
 176         if ( SecurityDescriptor->Group != NULL )
 177                 Size += SecurityDescriptor->Group->SubAuthorityCount;
 178
 179
 180         if ( SecurityDescriptor->Sacl != NULL )
 181                 Size += SecurityDescriptor->Sacl->AclSize;
 182         if ( SecurityDescriptor->Dacl != NULL )
 183                 Size += SecurityDescriptor->Dacl->AclSize;
 184
 185         return Size;
 186 }
 187
 188 /******************************************************************************
 189  *  RtlGetDaclSecurityDescriptor                [NTDLL]
 190  *
 191  */
 192 NTSTATUS WINAPI RtlGetDaclSecurityDescriptor(
 193         IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
 194         OUT PBOOLEAN lpbDaclPresent,
 195         OUT PACL *pDacl,
 196         OUT PBOOLEAN lpbDaclDefaulted)
 197 {
 198         TRACE(ntdll,"(%p,%p,%p,%p)\n",
 199         pSecurityDescriptor, lpbDaclPresent, *pDacl, lpbDaclDefaulted);
 200
 201         if (pSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
 202           return STATUS_UNKNOWN_REVISION ;
 203
 204         if ( (*lpbDaclPresent = (SE_DACL_PRESENT & pSecurityDescriptor->Control) ? 1 : 0) )
 205         {
 206           if ( SE_SELF_RELATIVE & pSecurityDescriptor->Control)
 207           { *pDacl = (PACL) ((LPBYTE)pSecurityDescriptor + (DWORD)pSecurityDescriptor->Dacl);
 208           }
 209           else
 210           { *pDacl = pSecurityDescriptor->Dacl;
 211           }
 212         }
 213
 214         *lpbDaclDefaulted = (( SE_DACL_DEFAULTED & pSecurityDescriptor->Control ) ? 1 : 0);
 215
 216         return STATUS_SUCCESS;
 217 }
 218
 219 /**************************************************************************
 220  *  RtlSetDaclSecurityDescriptor                [NTDLL.483]
 221  */
 222 NTSTATUS WINAPI RtlSetDaclSecurityDescriptor (
 223         PSECURITY_DESCRIPTOR lpsd,
 224         BOOLEAN daclpresent,
 225         PACL dacl,
 226         BOOLEAN dacldefaulted )
 227 {
 228         if (lpsd->Revision!=SECURITY_DESCRIPTOR_REVISION)
 229                 return STATUS_UNKNOWN_REVISION;
 230         if (lpsd->Control & SE_SELF_RELATIVE)
 231                 return STATUS_INVALID_SECURITY_DESCR;
 232
 233         if (!daclpresent)
 234         {       lpsd->Control &= ~SE_DACL_PRESENT;
 235                 return TRUE;
 236         }
 237
 238         lpsd->Control |= SE_DACL_PRESENT;
 239         lpsd->Dacl = dacl;
 240
 241         if (dacldefaulted)
 242                 lpsd->Control |= SE_DACL_DEFAULTED;
 243         else
 244                 lpsd->Control &= ~SE_DACL_DEFAULTED;
 245
 246         return STATUS_SUCCESS;
 247 }
 248
 249 /******************************************************************************
 250  *  RtlGetSaclSecurityDescriptor                [NTDLL]
 251  *
 252  */
 253 NTSTATUS WINAPI RtlGetSaclSecurityDescriptor(
 254         IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
 255         OUT PBOOLEAN lpbSaclPresent,
 256         OUT PACL *pSacl,
 257         OUT PBOOLEAN lpbSaclDefaulted)
 258 {
 259         TRACE(ntdll,"(%p,%p,%p,%p)\n",
 260         pSecurityDescriptor, lpbSaclPresent, *pSacl, lpbSaclDefaulted);
 261
 262         if (pSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION)
 263           return STATUS_UNKNOWN_REVISION ;
 264
 265         if ( (*lpbSaclPresent = (SE_SACL_PRESENT & pSecurityDescriptor->Control) ? 1 : 0) )
 266         {
 267           if ( SE_SELF_RELATIVE & pSecurityDescriptor->Control)
 268           { *pSacl = (PACL) ((LPBYTE)pSecurityDescriptor + (DWORD)pSecurityDescriptor->Sacl);
 269           }
 270           else
 271           { *pSacl = pSecurityDescriptor->Sacl;
 272           }
 273         }
 274
 275         *lpbSaclDefaulted = (( SE_SACL_DEFAULTED & pSecurityDescriptor->Control ) ? 1 : 0);
 276
 277         return STATUS_SUCCESS;
 278 }
 279
 280 /**************************************************************************
 281  * RtlSetSaclSecurityDescriptor                 [NTDLL.488]
 282  */
 283 NTSTATUS WINAPI RtlSetSaclSecurityDescriptor (
 284         PSECURITY_DESCRIPTOR lpsd,
 285         BOOLEAN saclpresent,
 286         PACL sacl,
 287         BOOLEAN sacldefaulted)
 288 {
 289         if (lpsd->Revision!=SECURITY_DESCRIPTOR_REVISION)
 290                 return STATUS_UNKNOWN_REVISION;
 291         if (lpsd->Control & SE_SELF_RELATIVE)
 292                 return STATUS_INVALID_SECURITY_DESCR;
 293         if (!saclpresent) {
 294                 lpsd->Control &= ~SE_SACL_PRESENT;
 295                 return 0;
 296         }
 297         lpsd->Control |= SE_SACL_PRESENT;
 298         lpsd->Sacl = sacl;
 299         if (sacldefaulted)
 300                 lpsd->Control |= SE_SACL_DEFAULTED;
 301         else
 302                 lpsd->Control &= ~SE_SACL_DEFAULTED;
 303         return STATUS_SUCCESS;
 304 }
 305
 306 /**************************************************************************
 307  * RtlGetOwnerSecurityDescriptor                [NTDLL.488]
 308  */
 309 NTSTATUS WINAPI RtlGetOwnerSecurityDescriptor(
 310         PSECURITY_DESCRIPTOR SecurityDescriptor,
 311         PSID *Owner,
 312         PBOOLEAN OwnerDefaulted)
 313 {
 314         if ( !SecurityDescriptor  || !Owner || !OwnerDefaulted )
 315                 return STATUS_INVALID_PARAMETER;
 316
 317         *Owner = SecurityDescriptor->Owner;
 318         if ( *Owner != NULL )  {
 319                 if ( SecurityDescriptor->Control & SE_OWNER_DEFAULTED )
 320                         *OwnerDefaulted = TRUE;
 321                 else
 322                         *OwnerDefaulted = FALSE;
 323         }
 324         return STATUS_SUCCESS;
 325 }
 326
 327 /**************************************************************************
 328  *                 RtlSetOwnerSecurityDescriptor                [NTDLL.487]
 329  */
 330 NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(
 331         PSECURITY_DESCRIPTOR lpsd,
 332         PSID owner,
 333         BOOLEAN ownerdefaulted)
 334 {
 335         if (lpsd->Revision!=SECURITY_DESCRIPTOR_REVISION)
 336                 return STATUS_UNKNOWN_REVISION;
 337         if (lpsd->Control & SE_SELF_RELATIVE)
 338                 return STATUS_INVALID_SECURITY_DESCR;
 339
 340         lpsd->Owner = owner;
 341         if (ownerdefaulted)
 342                 lpsd->Control |= SE_OWNER_DEFAULTED;
 343         else
 344                 lpsd->Control &= ~SE_OWNER_DEFAULTED;
 345         return STATUS_SUCCESS;
 346 }
 347
 348 /**************************************************************************
 349  *                 RtlSetGroupSecurityDescriptor                [NTDLL.485]
 350  */
 351 NTSTATUS WINAPI RtlSetGroupSecurityDescriptor (
 352         PSECURITY_DESCRIPTOR lpsd,
 353         PSID group,
 354         BOOLEAN groupdefaulted)
 355 {
 356         if (lpsd->Revision!=SECURITY_DESCRIPTOR_REVISION)
 357                 return STATUS_UNKNOWN_REVISION;
 358         if (lpsd->Control & SE_SELF_RELATIVE)
 359                 return STATUS_INVALID_SECURITY_DESCR;
 360
 361         lpsd->Group = group;
 362         if (groupdefaulted)
 363                 lpsd->Control |= SE_GROUP_DEFAULTED;
 364         else
 365                 lpsd->Control &= ~SE_GROUP_DEFAULTED;
 366         return STATUS_SUCCESS;
 367 }
 368 /**************************************************************************
 369  *                 RtlGetGroupSecurityDescriptor                [NTDLL]
 370  */
 371 NTSTATUS WINAPI RtlGetGroupSecurityDescriptor(
 372         PSECURITY_DESCRIPTOR SecurityDescriptor,
 373         PSID *Group,
 374         PBOOLEAN GroupDefaulted)
 375 {
 376         if ( !SecurityDescriptor || !Group || !GroupDefaulted )
 377                 return STATUS_INVALID_PARAMETER;
 378
 379         *Group = SecurityDescriptor->Group;
 380         if ( *Group != NULL )  {
 381                 if ( SecurityDescriptor->Control & SE_GROUP_DEFAULTED )
 382                         *GroupDefaulted = TRUE;
 383                 else
 384                         *GroupDefaulted = FALSE;
 385         }
 386         return STATUS_SUCCESS;
 387 }
 388
 389 /*
 390  *      access control list's
 391  */
 392
 393 /**************************************************************************
 394  *                 RtlCreateAcl                         [NTDLL.306]
 395  *
 396  * NOTES
 397  *    This should return NTSTATUS
 398  */
 399 DWORD WINAPI RtlCreateAcl(PACL acl,DWORD size,DWORD rev)
 400 {
 401         if (rev!=ACL_REVISION)
 402                 return STATUS_INVALID_PARAMETER;
 403         if (size<sizeof(ACL))
 404                 return STATUS_BUFFER_TOO_SMALL;
 405         if (size>0xFFFF)
 406                 return STATUS_INVALID_PARAMETER;
 407
 408         memset(acl,'\0',sizeof(ACL));
 409         acl->AclRevision        = rev;
 410         acl->AclSize            = size;
 411         acl->AceCount           = 0;
 412         return 0;
 413 }
 414
 415 /**************************************************************************
 416  *                 RtlFirstFreeAce                      [NTDLL.370]
 417  * looks for the AceCount+1 ACE, and if it is still within the alloced
 418  * ACL, return a pointer to it
 419  */
 420 BOOLEAN WINAPI RtlFirstFreeAce(
 421         PACL acl,
 422         PACE_HEADER *x)
 423 {
 424         PACE_HEADER     ace;
 425         int             i;
 426
 427         *x = 0;
 428         ace = (PACE_HEADER)(acl+1);
 429         for (i=0;i<acl->AceCount;i++) {
 430                 if ((DWORD)ace>=(((DWORD)acl)+acl->AclSize))
 431                         return 0;
 432                 ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize);
 433         }
 434         if ((DWORD)ace>=(((DWORD)acl)+acl->AclSize))
 435                 return 0;
 436         *x = ace;
 437         return 1;
 438 }
 439
 440 /**************************************************************************
 441  *                 RtlAddAce                            [NTDLL.260]
 442  */
 443 NTSTATUS WINAPI RtlAddAce(
 444         PACL acl,
 445         DWORD rev,
 446         DWORD xnrofaces,
 447         PACE_HEADER acestart,
 448         DWORD acelen)
 449 {
 450         PACE_HEADER     ace,targetace;
 451         int             nrofaces;
 452
 453         if (acl->AclRevision != ACL_REVISION)
 454                 return STATUS_INVALID_PARAMETER;
 455         if (!RtlFirstFreeAce(acl,&targetace))
 456                 return STATUS_INVALID_PARAMETER;
 457         nrofaces=0;ace=acestart;
 458         while (((DWORD)ace-(DWORD)acestart)<acelen) {
 459                 nrofaces++;
 460                 ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize);
 461         }
 462         if ((DWORD)targetace+acelen>(DWORD)acl+acl->AclSize) /* too much aces */
 463                 return STATUS_INVALID_PARAMETER;
 464         memcpy((LPBYTE)targetace,acestart,acelen);
 465         acl->AceCount+=nrofaces;
 466         return STATUS_SUCCESS;
 467 }
 468
 469 /******************************************************************************
 470  *  RtlAddAccessAllowedAce              [NTDLL]
 471  */
 472 DWORD WINAPI RtlAddAccessAllowedAce(DWORD x1,DWORD x2,DWORD x3,DWORD x4)
 473 {
 474         FIXME(ntdll,"(0x%08lx,0x%08lx,0x%08lx,0x%08lx),stub!\n",x1,x2,x3,x4);
 475         return 0;
 476 }
 477
 478 /******************************************************************************
 479  *  RtlGetAce           [NTDLL]
 480  */
 481 DWORD WINAPI RtlGetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
 482 {
 483         FIXME(ntdll,"(%p,%ld,%p),stub!\n",pAcl,dwAceIndex,pAce);
 484         return 0;
 485 }
 486
 487 /*
 488  *      misc
 489  */
 490
 491 /******************************************************************************
 492  *  RtlAdjustPrivilege          [NTDLL]
 493  */
 494 DWORD WINAPI RtlAdjustPrivilege(DWORD x1,DWORD x2,DWORD x3,DWORD x4)
 495 {
 496         FIXME(ntdll,"(0x%08lx,0x%08lx,0x%08lx,0x%08lx),stub!\n",x1,x2,x3,x4);
 497         return 0;
 498 }
 499