[ion] 57481: [RTL]: Add all the missing Rtl*Security*Object APIs and put them all in security.c. Move privilege functions into a new file, priv.c. No functional/code changes, just more stubs/export... - Ros-diffs

4 Oct 2012

Author: ion
Date: Thu Oct  4 18:48:15 2012
New Revision: 57481
URL: http://svn.reactos.org/svn/reactos?rev=57481&view=rev
Log:
[RTL]: Add all the missing Rtl*Security*Object APIs and put them all in security.c. Move privilege functions into a new file, priv.c. No functional/code changes, just more stubs/exports and moving things around.
Added:
    trunk/reactos/lib/rtl/priv.c   (with props)
Modified:
    trunk/reactos/dll/ntdll/def/ntdll.spec
    trunk/reactos/lib/rtl/CMakeLists.txt
    trunk/reactos/lib/rtl/security.c
Modified: trunk/reactos/dll/ntdll/def/ntdll.spec
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/ntdll/def/ntdll.spec?re...
==============================================================================

--- trunk/reactos/dll/ntdll/def/ntdll.spec [iso-8859-1] (original)
+++ trunk/reactos/dll/ntdll/def/ntdll.spec [iso-8859-1] Thu Oct  4 18:48:15 2012
@@ -491,7 +491,7 @@
 ;@ stdcall RtlConvertPropertyToVariant
 @ stdcall RtlConvertSharedToExclusive(ptr)
 @ stdcall RtlConvertSidToUnicodeString(ptr ptr long)
-;@ stdcall RtlConvertToAutoInheritSecurityObject
+@ stdcall RtlConvertToAutoInheritSecurityObject(ptr ptr ptr ptr long ptr)
 ;@ stdcall RtlConvertUiListToApiList
 @ stdcall -arch=win32 -ret64 RtlConvertUlongToLargeInteger(long)
 ;@ stdcall RtlConvertVariantToProperty
@@ -525,7 +525,7 @@
 @ stdcall RtlCreateUnicodeString(ptr wstr)
 @ stdcall RtlCreateUnicodeStringFromAsciiz(ptr str)
 @ stdcall RtlCreateUserProcess(ptr long ptr ptr ptr ptr long ptr ptr ptr)
-;@ stdcall RtlCreateUserSecurityObject
+@ stdcall RtlCreateUserSecurityObject(ptr long ptr ptr long ptr ptr)
 @ stdcall RtlCreateUserThread(long ptr long ptr long long ptr ptr ptr ptr)
 @ stdcall RtlCustomCPToUnicodeN(ptr wstr long ptr str long)
 @ stdcall RtlCutoverTimeToSystemTime(ptr ptr ptr long)
@@ -788,11 +788,11 @@
 ;@ stdcall RtlMultiAppendUnicodeStringBuffer
 @ stdcall RtlMultiByteToUnicodeN(ptr long ptr ptr long)
 @ stdcall RtlMultiByteToUnicodeSize(ptr str long)
-;@ stdcall RtlNewInstanceSecurityObject
-;@ stdcall RtlNewSecurityGrantedAccess
+@ stdcall RtlNewInstanceSecurityObject(long long ptr ptr ptr ptr ptr long ptr ptr)
+@ stdcall RtlNewSecurityGrantedAccess(long ptr ptr ptr ptr ptr)
 @ stdcall RtlNewSecurityObject(ptr ptr ptr long ptr ptr)
-;@ stdcall RtlNewSecurityObjectEx
-;@ stdcall RtlNewSecurityObjectWithMultipleInheritance
+@ stdcall RtlNewSecurityObjectEx(ptr ptr ptr ptr long long ptr ptr)
+@ stdcall RtlNewSecurityObjectWithMultipleInheritance(ptr ptr ptr ptr long long long ptr ptr)
 @ stdcall RtlNormalizeProcessParams(ptr)
 @ stdcall RtlNtPathNameToDosPathName(ptr ptr ptr ptr) ; CHECKME
 @ stdcall RtlNtStatusToDosError(long)
@@ -893,7 +893,7 @@
 @ stdcall RtlSetSaclSecurityDescriptor(ptr long ptr long)
 @ stdcall RtlSetSecurityDescriptorRMControl(ptr ptr)
 @ stdcall RtlSetSecurityObject(long ptr ptr ptr ptr)
-;@ stdcall RtlSetSecurityObjectEx
+@ stdcall RtlSetSecurityObjectEx(long ptr ptr long ptr ptr)
 @ stdcall RtlSetThreadErrorMode(long ptr)
 @ stdcall RtlSetThreadIsCritical(long ptr long)
 @ stdcall RtlSetThreadPoolStartFunc(ptr ptr)
Modified: trunk/reactos/lib/rtl/CMakeLists.txt
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/CMakeLists.txt?rev=...
==============================================================================
--- trunk/reactos/lib/rtl/CMakeLists.txt [iso-8859-1] (original)
+++ trunk/reactos/lib/rtl/CMakeLists.txt [iso-8859-1] Thu Oct  4 18:48:15 2012
@@ -39,6 +39,7 @@
     nls.c
     path.c
     ppb.c
+    priv.c
     process.c
     propvar.c
     random.c
Added: trunk/reactos/lib/rtl/priv.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/priv.c?rev=57481&am...
==============================================================================
--- trunk/reactos/lib/rtl/priv.c (added)
+++ trunk/reactos/lib/rtl/priv.c [iso-8859-1] Thu Oct  4 18:48:15 2012
@@ -1,0 +1,185 @@
+/*
+ * COPYRIGHT:         See COPYING in the top level directory
+ * PROJECT:           ReactOS system libraries
+ * FILE:              lib/rtl/priv.c
+ * PURPOSE:           Security related functions and Security Objects
+ * PROGRAMMER:        Eric Kohl
+ */
+
+/* INCLUDES *****************************************************************/
+
+#include <rtl.h>
+
+#define NDEBUG
+#include <debug.h>
+
+/* FUNCTIONS ***************************************************************/
+
+/*
+ * @implemented
+ */
+NTSTATUS
+NTAPI
+RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
+{
+    HANDLE ProcessToken;
+    HANDLE ImpersonationToken;
+    NTSTATUS Status;
+    OBJECT_ATTRIBUTES ObjAttr;
+    SECURITY_QUALITY_OF_SERVICE Sqos;
+
+    PAGED_CODE_RTL();
+
+    Status = ZwOpenProcessToken(NtCurrentProcess(),
+                                TOKEN_DUPLICATE,
+                                &ProcessToken);
+    if (!NT_SUCCESS(Status))
+    {
+        DPRINT1("NtOpenProcessToken() failed (Status %lx)\n", Status);
+        return Status;
+    }
+
+    Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
+    Sqos.ImpersonationLevel = ImpersonationLevel;
+    Sqos.ContextTrackingMode = 0;
+    Sqos.EffectiveOnly = FALSE;
+
+    InitializeObjectAttributes(&ObjAttr,
+                               NULL,
+                               0,
+                               NULL,
+                               NULL);
+
+    ObjAttr.SecurityQualityOfService = &Sqos;
+
+    Status = ZwDuplicateToken(ProcessToken,
+                              TOKEN_IMPERSONATE,
+                              &ObjAttr,
+                              Sqos.EffectiveOnly, /* why both here _and_ in Sqos? */
+                              TokenImpersonation,
+                              &ImpersonationToken);
+    if (!NT_SUCCESS(Status))
+    {
+        DPRINT1("NtDuplicateToken() failed (Status %lx)\n", Status);
+        NtClose(ProcessToken);
+        return Status;
+    }
+
+    Status = ZwSetInformationThread(NtCurrentThread(),
+                                    ThreadImpersonationToken,
+                                    &ImpersonationToken,
+                                    sizeof(HANDLE));
+    if (!NT_SUCCESS(Status))
+    {
+        DPRINT1("NtSetInformationThread() failed (Status %lx)\n", Status);
+    }
+
+    ZwClose(ImpersonationToken);
+    ZwClose(ProcessToken);
+
+    return Status;
+}
+
+/*
+ * @unimplemented
+ */
+NTSTATUS
+NTAPI
+RtlAcquirePrivilege(IN PULONG Privilege,
+                    IN ULONG NumPriv,
+                    IN ULONG Flags,
+                    OUT PVOID *ReturnedState)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+ * @unimplemented
+ */
+VOID
+NTAPI
+RtlReleasePrivilege(IN PVOID ReturnedState)
+{
+    UNIMPLEMENTED;
+}
+
+/*
+ * @implemented
+ */
+NTSTATUS
+NTAPI
+RtlAdjustPrivilege(IN ULONG Privilege,
+                   IN BOOLEAN Enable,
+                   IN BOOLEAN CurrentThread,
+                   OUT PBOOLEAN Enabled)
+{
+    TOKEN_PRIVILEGES NewState;
+    TOKEN_PRIVILEGES OldState;
+    ULONG ReturnLength;
+    HANDLE TokenHandle;
+    NTSTATUS Status;
+
+    PAGED_CODE_RTL();
+
+    DPRINT("RtlAdjustPrivilege() called\n");
+
+    if (CurrentThread)
+    {
+        Status = ZwOpenThreadToken(NtCurrentThread(),
+                                   TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
+                                   FALSE,
+                                   &TokenHandle);
+    }
+    else
+    {
+        Status = ZwOpenProcessToken(NtCurrentProcess(),
+                                    TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
+                                    &TokenHandle);
+    }
+
+    if (!NT_SUCCESS (Status))
+    {
+        DPRINT1("Retrieving token handle failed (Status %lx)\n", Status);
+        return Status;
+    }
+
+    OldState.PrivilegeCount = 1;
+
+    NewState.PrivilegeCount = 1;
+    NewState.Privileges[0].Luid.LowPart = Privilege;
+    NewState.Privileges[0].Luid.HighPart = 0;
+    NewState.Privileges[0].Attributes = (Enable) ? SE_PRIVILEGE_ENABLED : 0;
+
+    Status = ZwAdjustPrivilegesToken(TokenHandle,
+                                     FALSE,
+                                     &NewState,
+                                     sizeof(TOKEN_PRIVILEGES),
+                                     &OldState,
+                                     &ReturnLength);
+    ZwClose (TokenHandle);
+    if (Status == STATUS_NOT_ALL_ASSIGNED)
+    {
+        DPRINT1("Failed to assign all privileges\n");
+       return STATUS_PRIVILEGE_NOT_HELD;
+    }
+
+    if (!NT_SUCCESS(Status))
+    {
+        DPRINT1("NtAdjustPrivilegesToken() failed (Status %lx)\n", Status);
+        return Status;
+    }
+
+    if (OldState.PrivilegeCount == 0)
+    {
+        *Enabled = Enable;
+    }
+    else
+    {
+        *Enabled = (OldState.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED);
+    }
+
+    DPRINT("RtlAdjustPrivilege() done\n");
+
+    return STATUS_SUCCESS;
+}
Propchange: trunk/reactos/lib/rtl/priv.c
------------------------------------------------------------------------------
    svn:eol-style = native
Modified: trunk/reactos/lib/rtl/security.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/security.c?rev=5748...
==============================================================================
--- trunk/reactos/lib/rtl/security.c [iso-8859-1] (original)
+++ trunk/reactos/lib/rtl/security.c [iso-8859-1] Thu Oct  4 18:48:15 2012
@@ -14,175 +14,6 @@
 #include <debug.h>
/* FUNCTIONS ***************************************************************/
-
-/*
- * @implemented
- */
-NTSTATUS
-NTAPI
-RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
-{
-    HANDLE ProcessToken;
-    HANDLE ImpersonationToken;
-    NTSTATUS Status;
-    OBJECT_ATTRIBUTES ObjAttr;
-    SECURITY_QUALITY_OF_SERVICE Sqos;
-
-    PAGED_CODE_RTL();
-
-    Status = ZwOpenProcessToken(NtCurrentProcess(),
-                                TOKEN_DUPLICATE,
-                                &ProcessToken);
-    if (!NT_SUCCESS(Status))
-    {
-        DPRINT1("NtOpenProcessToken() failed (Status %lx)\n", Status);
-        return Status;
-    }
-
-    Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
-    Sqos.ImpersonationLevel = ImpersonationLevel;
-    Sqos.ContextTrackingMode = 0;
-    Sqos.EffectiveOnly = FALSE;
-
-    InitializeObjectAttributes(&ObjAttr,
-                               NULL,
-                               0,
-                               NULL,
-                               NULL);
-
-    ObjAttr.SecurityQualityOfService = &Sqos;
-
-    Status = ZwDuplicateToken(ProcessToken,
-                              TOKEN_IMPERSONATE,
-                              &ObjAttr,
-                              Sqos.EffectiveOnly, /* why both here _and_ in Sqos? */
-                              TokenImpersonation,
-                              &ImpersonationToken);
-    if (!NT_SUCCESS(Status))
-    {
-        DPRINT1("NtDuplicateToken() failed (Status %lx)\n", Status);
-        NtClose(ProcessToken);
-        return Status;
-    }
-
-    Status = ZwSetInformationThread(NtCurrentThread(),
-                                    ThreadImpersonationToken,
-                                    &ImpersonationToken,
-                                    sizeof(HANDLE));
-    if (!NT_SUCCESS(Status))
-    {
-        DPRINT1("NtSetInformationThread() failed (Status %lx)\n", Status);
-    }
-
-    ZwClose(ImpersonationToken);
-    ZwClose(ProcessToken);
-
-    return Status;
-}
-
-/*
- * @unimplemented
- */
-NTSTATUS
-NTAPI
-RtlAcquirePrivilege(IN PULONG Privilege,
-                    IN ULONG NumPriv,
-                    IN ULONG Flags,
-                    OUT PVOID *ReturnedState)
-{
-    UNIMPLEMENTED;
-    return STATUS_NOT_IMPLEMENTED;
-}
-
-/*
- * @unimplemented
- */
-VOID
-NTAPI
-RtlReleasePrivilege(IN PVOID ReturnedState)
-{
-    UNIMPLEMENTED;
-}
-
-/*
- * @implemented
- */
-NTSTATUS
-NTAPI
-RtlAdjustPrivilege(IN ULONG Privilege,
-                   IN BOOLEAN Enable,
-                   IN BOOLEAN CurrentThread,
-                   OUT PBOOLEAN Enabled)
-{
-    TOKEN_PRIVILEGES NewState;
-    TOKEN_PRIVILEGES OldState;
-    ULONG ReturnLength;
-    HANDLE TokenHandle;
-    NTSTATUS Status;
-
-    PAGED_CODE_RTL();
-
-    DPRINT("RtlAdjustPrivilege() called\n");
-
-    if (CurrentThread)
-    {
-        Status = ZwOpenThreadToken(NtCurrentThread(),
-                                   TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
-                                   FALSE,
-                                   &TokenHandle);
-    }
-    else
-    {
-        Status = ZwOpenProcessToken(NtCurrentProcess(),
-                                    TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
-                                    &TokenHandle);
-    }
-
-    if (!NT_SUCCESS (Status))
-    {
-        DPRINT1("Retrieving token handle failed (Status %lx)\n", Status);
-        return Status;
-    }
-
-    OldState.PrivilegeCount = 1;
-
-    NewState.PrivilegeCount = 1;
-    NewState.Privileges[0].Luid.LowPart = Privilege;
-    NewState.Privileges[0].Luid.HighPart = 0;
-    NewState.Privileges[0].Attributes = (Enable) ? SE_PRIVILEGE_ENABLED : 0;
-
-    Status = ZwAdjustPrivilegesToken(TokenHandle,
-                                     FALSE,
-                                     &NewState,
-                                     sizeof(TOKEN_PRIVILEGES),
-                                     &OldState,
-                                     &ReturnLength);
-    ZwClose (TokenHandle);
-    if (Status == STATUS_NOT_ALL_ASSIGNED)
-    {
-        DPRINT1("Failed to assign all privileges\n");
-       return STATUS_PRIVILEGE_NOT_HELD;
-    }
-
-    if (!NT_SUCCESS(Status))
-    {
-        DPRINT1("NtAdjustPrivilegesToken() failed (Status %lx)\n", Status);
-        return Status;
-    }
-
-    if (OldState.PrivilegeCount == 0)
-    {
-        *Enabled = Enable;
-    }
-    else
-    {
-        *Enabled = (OldState.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED);
-    }
-
-    DPRINT("RtlAdjustPrivilege() done\n");
-
-    return STATUS_SUCCESS;
-}
/*
  * @implemented
@@ -217,6 +48,111 @@
     return STATUS_NOT_IMPLEMENTED;
 }
+/*
+ * @unimplemented
+ */
+NTSTATUS
+NTAPI
+RtlNewSecurityObjectEx(IN PSECURITY_DESCRIPTOR ParentDescriptor,
+                       IN PSECURITY_DESCRIPTOR CreatorDescriptor,
+                       OUT PSECURITY_DESCRIPTOR *NewDescriptor,
+                       IN LPGUID ObjectType,
+                       IN BOOLEAN IsDirectoryObject,
+                       IN ULONG AutoInheritFlags,
+                       IN HANDLE Token,
+                       IN PGENERIC_MAPPING GenericMapping)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+ * @unimplemented
+ */
+NTSTATUS
+NTAPI
+RtlNewSecurityObjectWithMultipleInheritance(IN PSECURITY_DESCRIPTOR ParentDescriptor,
+                                            IN PSECURITY_DESCRIPTOR CreatorDescriptor,
+                                            OUT PSECURITY_DESCRIPTOR *NewDescriptor,
+                                            IN LPGUID *ObjectTypes,
+                                            IN ULONG GuidCount,
+                                            IN BOOLEAN IsDirectoryObject,
+                                            IN ULONG AutoInheritFlags,
+                                            IN HANDLE Token,
+                                            IN PGENERIC_MAPPING GenericMapping)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+ * @unimplemented
+ */
+NTSTATUS
+NTAPI
+RtlConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor,
+                                      IN PSECURITY_DESCRIPTOR CreatorDescriptor,
+                                      OUT PSECURITY_DESCRIPTOR *NewDescriptor,
+                                      IN LPGUID ObjectType,
+                                      IN BOOLEAN IsDirectoryObject,
+                                      IN PGENERIC_MAPPING GenericMapping)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+ * @unimplemented
+ */
+NTSTATUS
+NTAPI
+RtlCreateUserSecurityObject(IN PVOID AceData,
+                            IN ULONG AceCount,
+                            IN PSID OwnerSid,
+                            IN PSID GroupSid,
+                            IN BOOLEAN IsDirectoryObject,
+                            IN PGENERIC_MAPPING GenericMapping,
+                            OUT PSECURITY_DESCRIPTOR *NewDescriptor)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+ * @unimplemented
+ */
+NTSTATUS
+NTAPI
+RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged,
+                             IN BOOLEAN CreatorDescriptorChanged,
+                             IN PLUID OldClientTokenModifiedI,
+                             OUT PLUID NewClientTokenModifiedId,
+                             IN PSECURITY_DESCRIPTOR ParentDescriptor,
+                             IN PSECURITY_DESCRIPTOR CreatorDescriptor,
+                             OUT PSECURITY_DESCRIPTOR *NewDescriptor,
+                             IN BOOLEAN IsDirectoryObject,
+                             IN HANDLE Token,
+                             IN PGENERIC_MAPPING GenericMapping)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+ * @unimplemented
+ */
+NTSTATUS
+NTAPI
+RtlNewSecurityGrantedAccess(IN ACCESS_MASK DesiredAccess,
+                            OUT PPRIVILEGE_SET Privileges,
+                            IN OUT PULONG Length,
+                            IN HANDLE Token,
+                            IN PGENERIC_MAPPING GenericMapping,
+                            OUT PACCESS_MASK RemainingDesiredAccess)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
/*
  * @unimplemented
@@ -295,6 +231,22 @@
  */
 NTSTATUS
 NTAPI
+RtlSetSecurityObjectEx(IN SECURITY_INFORMATION SecurityInformation,
+                       IN PSECURITY_DESCRIPTOR ModificationDescriptor,
+                       OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
+                       IN ULONG AutoInheritFlags,
+                       IN PGENERIC_MAPPING GenericMapping,
+                       IN HANDLE Token)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+ * @unimplemented
+ */
+NTSTATUS
+NTAPI
 RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback)
 {
     UNIMPLEMENTED;

    