archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/base/published/sertlp.w

339 lines
10 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  5. Module Name:
  7. sertlp.h
  9. Abstract:
  11. Include file for NT runtime routines that are callable by both
  12. kernel mode code in the executive and user mode code in various
  13. NT subsystems, but which are private interfaces.
  15. The routines in this file should not be used outside of the security
  16. related rtl files.
  18. Author:
  20. Robert P. Reichel (robertre) 6-12-91
  22. Environment:
  24. These routines are statically linked in the caller's executable and
  25. are callable in either kernel mode or user mode.
  27. Revision History:
  29. --*/
  31. #ifndef _SERTLP_
  32. #define _SERTLP_
  34. #include "nt.h"
  35. #include "zwapi.h"
  36. #include "ntrtl.h"
  40. ///////////////////////////////////////////////////////////////////////////////
  41. // //
  42. // Local Macros //
  43. // //
  44. ///////////////////////////////////////////////////////////////////////////////
  46. #ifndef LongAlign
  47. #define LongAlign LongAlignPtr
  48. #endif
  50. #define LongAlignPtr(Ptr) ((PVOID)(((ULONG_PTR)(Ptr) + 3) & -4))
  51. #define LongAlignSize(Size) (((ULONG)(Size) + 3) & -4)
  53. //
  54. // Macros for calculating the address of the components of a security
  55. // descriptor. This will calculate the address of the field regardless
  56. // of whether the security descriptor is absolute or self-relative form.
  57. // A null value indicates the specified field is not present in the
  58. // security descriptor.
  59. //
  61. //
  62. // NOTE: Similar copies of these macros appear in sep.h.
  63. // Be sure to propagate bug fixes and changes.
  64. //
  66. #define RtlpOwnerAddrSecurityDescriptor( SD ) \
  67. ( ((SD)->Control & SE_SELF_RELATIVE) ? \
  68. ( (((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Owner == 0) ? ((PSID) NULL) : \
  69. (PSID)RtlOffsetToPointer((SD), ((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Owner) \
  70. ) : \
  71. (PSID)((SD)->Owner) \
  72. )
  74. #define RtlpGroupAddrSecurityDescriptor( SD ) \
  75. ( ((SD)->Control & SE_SELF_RELATIVE) ? \
  76. ( (((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Group == 0) ? ((PSID) NULL) : \
  77. (PSID)RtlOffsetToPointer((SD), ((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Group) \
  78. ) : \
  79. (PSID)((SD)->Group) \
  80. )
  82. #define RtlpSaclAddrSecurityDescriptor( SD ) \
  83. ( (!((SD)->Control & SE_SACL_PRESENT) ) ? \
  84. (PACL)NULL : \
  85. ( ((SD)->Control & SE_SELF_RELATIVE) ? \
  86. ( (((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Sacl == 0) ? ((PACL) NULL) : \
  87. (PACL)RtlOffsetToPointer((SD), ((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Sacl) \
  88. ) : \
  89. (PACL)((SD)->Sacl) \
  90. ) \
  91. )
  93. #define RtlpDaclAddrSecurityDescriptor( SD ) \
  94. ( (!((SD)->Control & SE_DACL_PRESENT) ) ? \
  95. (PACL)NULL : \
  96. ( ((SD)->Control & SE_SELF_RELATIVE) ? \
  97. ( (((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Dacl == 0) ? ((PACL) NULL) : \
  98. (PACL)RtlOffsetToPointer((SD), ((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Dacl) \
  99. ) : \
  100. (PACL)((SD)->Dacl) \
  101. ) \
  102. )
  107. //
  108. // Macro to determine if the given ID has the owner attribute set,
  109. // which means that it may be assignable as an owner
  110. // The GroupSid should not be marked for UseForDenyOnly.
  111. //
  113. #define RtlpIdAssignableAsOwner( G ) \
  114. ( (((G).Attributes & SE_GROUP_OWNER) != 0) && \
  115. (((G).Attributes & SE_GROUP_USE_FOR_DENY_ONLY) == 0) )
  117. //
  118. // Macro to copy the state of the passed bits from the old security
  119. // descriptor (OldSD) into the Control field of the new one (NewSD)
  120. //
  122. #define RtlpPropagateControlBits( NewSD, OldSD, Bits ) \
  123. ( NewSD )->Control |= \
  124. ( \
  125. ( OldSD )->Control & ( Bits ) \
  126. )
  129. //
  130. // Macro to query whether or not the passed set of bits are ALL on
  131. // or not (ie, returns FALSE if some are on and not others)
  132. //
  134. #define RtlpAreControlBitsSet( SD, Bits ) \
  135. (BOOLEAN) \
  136. ( \
  137. (( SD )->Control & ( Bits )) == ( Bits ) \
  138. )
  140. //
  141. // Macro to set the passed control bits in the given Security Descriptor
  142. //
  144. #define RtlpSetControlBits( SD, Bits ) \
  145. ( \
  146. ( SD )->Control |= ( Bits ) \
  147. )
  149. //
  150. // Macro to clear the passed control bits in the given Security Descriptor
  151. //
  153. #define RtlpClearControlBits( SD, Bits ) \
  154. ( \
  155. ( SD )->Control &= ~( Bits ) \
  156. )
  161. ////////////////////////////////////////////////////////////////////////////////
  162. // //
  163. // Prototypes for local procedures //
  164. // //
  165. ////////////////////////////////////////////////////////////////////////////////
  168. BOOLEAN
  169. RtlpContainsCreatorOwnerSid(
  170. PKNOWN_ACE Ace
  171. );
  173. BOOLEAN
  174. RtlpContainsCreatorGroupSid(
  175. PKNOWN_ACE Ace
  176. );
  179. VOID
  180. RtlpApplyAclToObject (
  181. IN PACL Acl,
  182. IN PGENERIC_MAPPING GenericMapping
  183. );
  185. NTSTATUS
  186. RtlpInheritAcl (
  187. IN PACL DirectoryAcl,
  188. IN PACL ChildAcl,
  189. IN ULONG ChildGenericControl,
  190. IN BOOLEAN IsDirectoryObject,
  191. IN BOOLEAN AutoInherit,
  192. IN BOOLEAN DefaultDescriptorForObject,
  193. IN PSID OwnerSid,
  194. IN PSID GroupSid,
  195. IN PSID ServerOwnerSid OPTIONAL,
  196. IN PSID ServerGroupSid OPTIONAL,
  197. IN PGENERIC_MAPPING GenericMapping,
  198. IN BOOLEAN IsSacl,
  199. IN GUID **pNewObjectType OPTIONAL,
  200. IN ULONG GuidCount,
  201. OUT PACL *NewAcl,
  202. OUT PBOOLEAN NewAclExplicitlyAssigned,
  203. OUT PULONG NewGenericControl
  204. );
  208. NTSTATUS
  209. RtlpInitializeAllowedAce(
  210. IN PACCESS_ALLOWED_ACE AllowedAce,
  211. IN USHORT AceSize,
  212. IN UCHAR InheritFlags,
  213. IN UCHAR AceFlags,
  214. IN ACCESS_MASK Mask,
  215. IN PSID AllowedSid
  216. );
  218. NTSTATUS
  219. RtlpInitializeDeniedAce(
  220. IN PACCESS_DENIED_ACE DeniedAce,
  221. IN USHORT AceSize,
  222. IN UCHAR InheritFlags,
  223. IN UCHAR AceFlags,
  224. IN ACCESS_MASK Mask,
  225. IN PSID DeniedSid
  226. );
  228. NTSTATUS
  229. RtlpInitializeAuditAce(
  230. IN PACCESS_ALLOWED_ACE AuditAce,
  231. IN USHORT AceSize,
  232. IN UCHAR InheritFlags,
  233. IN UCHAR AceFlags,
  234. IN ACCESS_MASK Mask,
  235. IN PSID AuditSid
  236. );
  238. BOOLEAN
  239. RtlpValidOwnerSubjectContext(
  240. IN HANDLE Token,
  241. IN PSID Owner,
  242. IN BOOLEAN ServerObject,
  243. OUT PNTSTATUS ReturnStatus
  244. );
  246. VOID
  247. RtlpQuerySecurityDescriptor(
  248. IN PISECURITY_DESCRIPTOR SecurityDescriptor,
  249. OUT PSID *Owner,
  250. OUT PULONG OwnerSize,
  251. OUT PSID *PrimaryGroup,
  252. OUT PULONG PrimaryGroupSize,
  253. OUT PACL *Dacl,
  254. OUT PULONG DaclSize,
  255. OUT PACL *Sacl,
  256. OUT PULONG SaclSize
  257. );
  261. NTSTATUS
  262. RtlpFreeVM(
  263. IN PVOID *Base
  264. );
  265. NTSTATUS
  266. RtlpConvertToAutoInheritSecurityObject(
  267. IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
  268. IN PSECURITY_DESCRIPTOR CurrentSecurityDescriptor,
  269. OUT PSECURITY_DESCRIPTOR *NewSecurityDescriptor,
  270. IN GUID *ObjectType OPTIONAL,
  271. IN BOOLEAN IsDirectoryObject,
  272. IN PGENERIC_MAPPING GenericMapping
  273. );
  275. NTSTATUS
  276. RtlpNewSecurityObject (
  277. IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
  278. IN PSECURITY_DESCRIPTOR CreatorDescriptor OPTIONAL,
  279. OUT PSECURITY_DESCRIPTOR * NewDescriptor,
  280. IN GUID **pObjectType OPTIONAL,
  281. IN ULONG GuidCOunt,
  282. IN BOOLEAN IsDirectoryObject,
  283. IN ULONG AutoInheritFlags,
  284. IN HANDLE Token OPTIONAL,
  285. IN PGENERIC_MAPPING GenericMapping
  286. );
  288. NTSTATUS
  289. RtlpSetSecurityObject (
  290. IN PVOID Object OPTIONAL,
  291. IN SECURITY_INFORMATION SecurityInformation,
  292. IN PSECURITY_DESCRIPTOR ModificationDescriptor,
  293. IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
  294. IN ULONG AutoInheritFlags,
  295. IN ULONG PoolType,
  296. IN PGENERIC_MAPPING GenericMapping,
  297. IN HANDLE Token OPTIONAL
  298. );
  300. FORCEINLINE
  301. PULONG
  302. RtlpSubAuthoritySid(
  303. IN PSID Sid,
  304. IN ULONG SubAuthority
  305. )
  306. /*++
  308. Routine Description:
  310. This function returns the address of a sub-authority array element of
  311. an SID.
  313. Arguments:
  315. Sid - Pointer to the SID data structure.
  317. SubAuthority - An index indicating which sub-authority is being specified.
  318. This value is not compared against the number of sub-authorities in the
  319. SID for validity.
  321. Return Value:
  324. --*/
  325. {
  326. PISID ISid;
  328. //
  329. // Typecast to the opaque SID
  330. //
  332. ISid = (PISID)Sid;
  334. return &(ISid->SubAuthority[SubAuthority]);
  336. }
  338. #endif // _SERTLP_