Use proper PISID pointer to SID structure, fix wrong LUID definition, and remove duplicate code in Security Manager Modified: trunk/reactos/include/ntdll/rtl.h Modified: trunk/reactos/include/ntos/obtypes.h Modified: trunk/reactos/include/ntos/security.h Modified: trunk/reactos/lib/rtl/sid.c Modified: trunk/reactos/ntoskrnl/se/luid.c Modified: trunk/reactos/ntoskrnl/se/sd.c Modified: trunk/reactos/ntoskrnl/se/sid.c Modified: trunk/reactos/ntoskrnl/se/token.c _____ Modified: trunk/reactos/include/ntdll/rtl.h --- trunk/reactos/include/ntdll/rtl.h 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/include/ntdll/rtl.h 2005-01-04 22:44:50 UTC (rev 12806) @@ -193,6 +193,18 @@ VOID ); +VOID +STDCALL +RtlpFreeDebugInfo( + PRTL_CRITICAL_SECTION_DEBUG DebugInfo +); + +PRTL_CRITICAL_SECTION_DEBUG +STDCALL +RtlpAllocateDebugInfo( + VOID +); + NTSTATUS STDCALL RtlAddAccessAllowedAceEx (IN OUT PACL Acl, IN ULONG Revision, _____ Modified: trunk/reactos/include/ntos/obtypes.h --- trunk/reactos/include/ntos/obtypes.h 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/include/ntos/obtypes.h 2005-01-04 22:44:50 UTC (rev 12806) @@ -83,8 +83,8 @@ HANDLE RootDirectory; PUNICODE_STRING ObjectName; ULONG Attributes; - SECURITY_DESCRIPTOR *SecurityDescriptor; - SECURITY_QUALITY_OF_SERVICE *SecurityQualityOfService; + PVOID SecurityDescriptor; + PVOID SecurityQualityOfService; } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; #endif /* __USE_W32API */ _____ Modified: trunk/reactos/include/ntos/security.h --- trunk/reactos/include/ntos/security.h 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/include/ntos/security.h 2005-01-04 22:44:50 UTC (rev 12806) @@ -74,6 +74,18 @@ #ifndef __USE_W32API +#ifndef _MSC_VER +#define SYSTEM_LUID {{ 0x3E7, 0x0 }} +#define ANONYMOUS_LOGON_LUID {{ 0x3e6, 0x0 }} +#define LOCALSERVICE_LUID {{ 0x3e5, 0x0 }} +#define NETWORKSERVICE_LUID {{ 0x3e4, 0x0 }} +#else +#define SYSTEM_LUID { 0x3E7, 0x0 } +#define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 } +#define LOCALSERVICE_LUID { 0x3e5, 0x0 } +#define NETWORKSERVICE_LUID { 0x3e4, 0x0 } +#endif + /* SID Auhority */ #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} @@ -227,8 +239,10 @@ UCHAR SubAuthorityCount; SID_IDENTIFIER_AUTHORITY IdentifierAuthority; ULONG SubAuthority[1]; -} SID, *PSID; +} SID, *PISID; +typedef PVOID PSID; + typedef struct _ACL { UCHAR AclRevision; _____ Modified: trunk/reactos/lib/rtl/sid.c --- trunk/reactos/lib/rtl/sid.c 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/lib/rtl/sid.c 2005-01-04 22:44:50 UTC (rev 12806) @@ -1,4 +1,4 @@ -/* $Id: sid.c,v 1.4 2004/07/12 19:39:29 ekohl Exp $ +/* $Id$ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -22,8 +22,10 @@ /* FUNCTIONS ***************************************************************/ BOOLEAN STDCALL -RtlValidSid(IN PSID Sid) +RtlValidSid(IN PSID Sid_) { + PISID Sid = Sid_; + if ((Sid->Revision != SID_REVISION) || (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES)) { @@ -48,10 +50,12 @@ * @implemented */ NTSTATUS STDCALL -RtlInitializeSid(IN PSID Sid, +RtlInitializeSid(IN PSID Sid_, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount) { + PISID Sid = Sid_; + Sid->Revision = SID_REVISION; Sid->SubAuthorityCount = SubAuthorityCount; memcpy(&Sid->IdentifierAuthority, @@ -66,9 +70,11 @@ * @implemented */ PULONG STDCALL -RtlSubAuthoritySid(IN PSID Sid, +RtlSubAuthoritySid(IN PSID Sid_, IN ULONG SubAuthority) { + PISID Sid = Sid_; + return &Sid->SubAuthority[SubAuthority]; } @@ -77,8 +83,10 @@ * @implemented */ PUCHAR STDCALL -RtlSubAuthorityCountSid(IN PSID Sid) +RtlSubAuthorityCountSid(IN PSID Sid_) { + PISID Sid = Sid_; + return &Sid->SubAuthorityCount; } @@ -87,9 +95,12 @@ * @implemented */ BOOLEAN STDCALL -RtlEqualSid(IN PSID Sid1, - IN PSID Sid2) +RtlEqualSid(IN PSID Sid1_, + IN PSID Sid2_) { + PISID Sid1 = Sid1_; + PISID Sid2 = Sid2_; + if (Sid1->Revision != Sid2->Revision) { return(FALSE); @@ -110,8 +121,10 @@ * @implemented */ ULONG STDCALL -RtlLengthSid(IN PSID Sid) +RtlLengthSid(IN PSID Sid_) { + PISID Sid = Sid_; + return (sizeof(SID) + (Sid->SubAuthorityCount-1) * sizeof(ULONG)); } @@ -180,8 +193,10 @@ * @implemented */ PSID_IDENTIFIER_AUTHORITY STDCALL -RtlIdentifierAuthoritySid(IN PSID Sid) +RtlIdentifierAuthoritySid(IN PSID Sid_) { + PISID Sid = Sid_; + return &Sid->IdentifierAuthority; } @@ -202,7 +217,7 @@ ULONG SubAuthority7, PSID *Sid) { - PSID pSid; + PISID pSid; if (SubAuthorityCount > 8) return STATUS_INVALID_SID; @@ -267,9 +282,12 @@ * @implemented */ BOOLEAN STDCALL -RtlEqualPrefixSid(IN PSID Sid1, - IN PSID Sid2) +RtlEqualPrefixSid(IN PSID Sid1_, + IN PSID Sid2_) { + PISID Sid1 = Sid1_; + PISID Sid2 = Sid2_; + return(Sid1->SubAuthorityCount == Sid2->SubAuthorityCount && !RtlCompareMemory(Sid1, Sid2, (Sid1->SubAuthorityCount - 1) * sizeof(DWORD) + 8)); @@ -281,13 +299,14 @@ */ NTSTATUS STDCALL RtlConvertSidToUnicodeString(PUNICODE_STRING String, - PSID Sid, + PSID Sid_, BOOLEAN AllocateBuffer) { WCHAR Buffer[256]; PWSTR wcs; ULONG Length; ULONG i; + PISID Sid = Sid_; if (RtlValidSid (Sid) == FALSE) return STATUS_INVALID_SID; _____ Modified: trunk/reactos/ntoskrnl/se/luid.c --- trunk/reactos/ntoskrnl/se/luid.c 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/ntoskrnl/se/luid.c 2005-01-04 22:44:50 UTC (rev 12806) @@ -1,4 +1,4 @@ -/* $Id: luid.c,v 1.10 2004/08/15 16:39:11 chorns Exp $ +/* $Id$ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -20,15 +20,15 @@ static LARGE_INTEGER LuidIncrement; static LARGE_INTEGER LuidValue; -#define SYSTEM_LUID 0x3E7; - /* FUNCTIONS *****************************************************************/ VOID INIT_FUNCTION SepInitLuid(VOID) { + LARGE_INTEGER DummyLuidValue = SYSTEM_LUID; + KeInitializeSpinLock(&LuidLock); - LuidValue.QuadPart = SYSTEM_LUID; + LuidValue = DummyLuidValue; LuidIncrement.QuadPart = 1; } _____ Modified: trunk/reactos/ntoskrnl/se/sd.c --- trunk/reactos/ntoskrnl/se/sd.c 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/ntoskrnl/se/sd.c 2005-01-04 22:44:50 UTC (rev 12806) @@ -1,4 +1,4 @@ -/* $Id: sd.c,v 1.20 2004/08/15 16:39:12 chorns Exp $ +/* $Id$ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -319,7 +319,7 @@ IN PSECURITY_DESCRIPTOR SecurityDescriptor) { ULONG SdLength; - PSID Sid; + PISID Sid; PACL Acl; if (Length < SECURITY_DESCRIPTOR_MIN_LENGTH) @@ -355,7 +355,7 @@ return FALSE; } - Sid = (PSID)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Owner); + Sid = (PISID)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Owner); if (Sid->Revision != SID_REVISION) { DPRINT1("Invalid Owner SID revision\n"); _____ Modified: trunk/reactos/ntoskrnl/se/sid.c --- trunk/reactos/ntoskrnl/se/sid.c 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/ntoskrnl/se/sid.c 2005-01-04 22:44:50 UTC (rev 12806) @@ -1,4 +1,4 @@ -/* $Id: sid.c,v 1.16 2003/12/30 18:52:06 fireball Exp $ +/* $Id$ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -11,9 +11,9 @@ /* INCLUDES *****************************************************************/ -#include <ddk/ntddk.h> -#include <internal/se.h> +#include <ntoskrnl.h> +#define NDEBUG #include <internal/debug.h> #define TAG_SID TAG('S', 'I', 'D', 'T') @@ -467,230 +467,4 @@ return(TRUE); } - -/* - * @implemented - */ -BOOLEAN STDCALL -RtlValidSid(PSID Sid) -{ - if ((Sid->Revision & 0xf) != 1) - { - return(FALSE); - } - if (Sid->SubAuthorityCount > 15) - { - return(FALSE); - } - return(TRUE); -} - - -/* - * @implemented - */ -ULONG STDCALL -RtlLengthRequiredSid(UCHAR SubAuthorityCount) -{ - return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG)); -} - - -/* - * @implemented - */ -NTSTATUS STDCALL -RtlInitializeSid(PSID Sid, - PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, - UCHAR SubAuthorityCount) -{ - Sid->Revision = 1; - Sid->SubAuthorityCount = SubAuthorityCount; - RtlCopyMemory(&Sid->IdentifierAuthority, - IdentifierAuthority, - sizeof(SID_IDENTIFIER_AUTHORITY)); - return(STATUS_SUCCESS); -} - - -/* - * @implemented - */ -PULONG STDCALL -RtlSubAuthoritySid(PSID Sid, - ULONG SubAuthority) -{ - return(&Sid->SubAuthority[SubAuthority]); -} - - -/* - * @implemented - */ -PUCHAR STDCALL -RtlSubAuthorityCountSid(PSID Sid) -{ - return(&Sid->SubAuthorityCount); -} - - -/* - * @implemented - */ -BOOLEAN STDCALL -RtlEqualSid(PSID Sid1, - PSID Sid2) -{ - if (Sid1->Revision != Sid2->Revision) - { - return(FALSE); - } - if ((*RtlSubAuthorityCountSid(Sid1)) != - (*RtlSubAuthorityCountSid(Sid2))) - { - return(FALSE); - } - if (memcmp(Sid1, Sid2, RtlLengthSid(Sid1)) != 0) - { - return(FALSE); - } - return(TRUE); -} - - -/* - * @implemented - */ -ULONG STDCALL -RtlLengthSid(PSID Sid) -{ - return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4); -} - - -/* - * @implemented - */ -NTSTATUS STDCALL -RtlCopySid(ULONG BufferLength, - PSID Dest, - PSID Src) -{ - if (BufferLength < RtlLengthSid(Src)) - { - return(STATUS_UNSUCCESSFUL); - } - memmove(Dest, Src, RtlLengthSid(Src)); - return(STATUS_SUCCESS); -} - - -NTSTATUS STDCALL -RtlCopySidAndAttributesArray(ULONG Count, - PSID_AND_ATTRIBUTES Src, - ULONG SidAreaSize, - PSID_AND_ATTRIBUTES Dest, - PVOID SidArea, - PVOID* RemainingSidArea, - PULONG RemainingSidAreaSize) -{ - ULONG Length; - ULONG i; - - Length = SidAreaSize; - - for (i=0; i<Count; i++) - { - if (RtlLengthSid(Src[i].Sid) > Length) - { - return(STATUS_BUFFER_TOO_SMALL); - } - Length = Length - RtlLengthSid(Src[i].Sid); - Dest[i].Sid = SidArea; - Dest[i].Attributes = Src[i].Attributes; - RtlCopySid(RtlLengthSid(Src[i].Sid), SidArea, Src[i].Sid); - SidArea = (char*)SidArea + RtlLengthSid(Src[i].Sid); - } - *RemainingSidArea = SidArea; - *RemainingSidAreaSize = Length; - return(STATUS_SUCCESS); -} - - -/* - * @implemented - */ -NTSTATUS STDCALL -RtlConvertSidToUnicodeString(PUNICODE_STRING String, - PSID Sid, - BOOLEAN AllocateString) -{ - WCHAR Buffer[256]; - PWSTR Ptr; - ULONG Length; - ULONG i; - - if (!RtlValidSid(Sid)) - return STATUS_INVALID_SID; - - Ptr = Buffer; - Ptr += swprintf (Ptr, - L"S-%u-", - Sid->Revision); - - if(!Sid->IdentifierAuthority.Value[0] && - !Sid->IdentifierAuthority.Value[1]) - { - Ptr += swprintf(Ptr, - L"%u", - (ULONG)Sid->IdentifierAuthority.Value[2] << 24 | - (ULONG)Sid->IdentifierAuthority.Value[3] << 16 | - (ULONG)Sid->IdentifierAuthority.Value[4] << 8 | - (ULONG)Sid->IdentifierAuthority.Value[5]); - } - else - { - Ptr += swprintf(Ptr, - L"0x%02hx%02hx%02hx%02hx%02hx%02hx", - Sid->IdentifierAuthority.Value[0], - Sid->IdentifierAuthority.Value[1], - Sid->IdentifierAuthority.Value[2], - Sid->IdentifierAuthority.Value[3], - Sid->IdentifierAuthority.Value[4], - Sid->IdentifierAuthority.Value[5]); - } - - for (i = 0; i < Sid->SubAuthorityCount; i++) - { - Ptr += swprintf(Ptr, - L"-%u", - Sid->SubAuthority[i]); - } - - Length = (Ptr - Buffer) * sizeof(WCHAR); - - if (AllocateString) - { - String->Buffer = ExAllocatePool(NonPagedPool, - Length + sizeof(WCHAR)); - if (String->Buffer == NULL) - return STATUS_NO_MEMORY; - - String->MaximumLength = Length + sizeof(WCHAR); - } - else - { - if (Length > String->MaximumLength) - return STATUS_BUFFER_TOO_SMALL; - } - String->Length = Length; - memmove(String->Buffer, - Buffer, - Length); - if (Length < String->MaximumLength) - String->Buffer[Length/sizeof(WCHAR)] = 0; - - return STATUS_SUCCESS; -} - /* EOF */ _____ Modified: trunk/reactos/ntoskrnl/se/token.c --- trunk/reactos/ntoskrnl/se/token.c 2005-01-04 22:40:08 UTC (rev 12805) +++ trunk/reactos/ntoskrnl/se/token.c 2005-01-04 22:44:50 UTC (rev 12806) @@ -11,13 +11,7 @@ /* INCLUDES *****************************************************************/ -#include <limits.h> -#define NTOS_MODE_KERNEL -#include <ntos.h> -#include <internal/ob.h> -#include <internal/ps.h> -#include <internal/se.h> -#include <internal/safe.h> +#include <ntoskrnl.h> #define NDEBUG #include <internal/debug.h> @@ -31,8 +25,6 @@ TOKEN_EXECUTE, TOKEN_ALL_ACCESS}; -//#define SYSTEM_LUID 0x3E7; - /* FUNCTIONS *****************************************************************/ VOID SepFreeProxyData(PVOID ProxyData) @@ -1028,6 +1020,7 @@ * NOTE: Some sources claim 4th param is ImpersonationLevel, but on W2K * this is certainly NOT true, thou i can't say for sure that EffectiveOnly * is correct either. -Gunnar + * This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI */ NTSTATUS STDCALL NtDuplicateToken(IN HANDLE ExistingTokenHandle, @@ -1060,7 +1053,7 @@ EffectiveOnly, TokenType, ObjectAttributes->SecurityQualityOfService ? - ObjectAttributes->SecurityQualityOfService->ImpersonationLevel : + ((PSECURITY_QUALITY_OF_SERVICE)(ObjectAttributes->SecurityQualityOfServi ce))->ImpersonationLevel : 0 /*SecurityAnonymous*/, PreviousMode, &NewToken); @@ -1645,7 +1638,8 @@ AccessToken->Privileges = 0; AccessToken->TokenType = TokenType; - AccessToken->ImpersonationLevel = ObjectAttributes->SecurityQualityOfService->ImpersonationLevel; + AccessToken->ImpersonationLevel = ((PSECURITY_QUALITY_OF_SERVICE) + (ObjectAttributes->SecurityQualityOfService))->ImpersonationLevel; /* * Normally we would just point these members into the variable information