1c2c66affSColin Finck /* 2c2c66affSColin Finck * COPYRIGHT: See COPYING in the top level directory 3c2c66affSColin Finck * PROJECT: ReactOS kernel 4c2c66affSColin Finck * FILE: ntoskrnl/se/semgr.c 5c2c66affSColin Finck * PURPOSE: Security manager 6c2c66affSColin Finck * 7c2c66affSColin Finck * PROGRAMMERS: No programmer listed. 8c2c66affSColin Finck */ 9c2c66affSColin Finck 10c2c66affSColin Finck /* INCLUDES *******************************************************************/ 11c2c66affSColin Finck 12c2c66affSColin Finck #include <ntoskrnl.h> 13c2c66affSColin Finck #define NDEBUG 14c2c66affSColin Finck #include <debug.h> 15c2c66affSColin Finck 16c2c66affSColin Finck /* GLOBALS ********************************************************************/ 17c2c66affSColin Finck 18*5b5b814aSGeorge Bișoc PTOKEN SeAnonymousLogonToken = NULL; 19*5b5b814aSGeorge Bișoc PTOKEN SeAnonymousLogonTokenNoEveryone = NULL; 20c2c66affSColin Finck PSE_EXPORTS SeExports = NULL; 21c2c66affSColin Finck SE_EXPORTS SepExports; 22c2c66affSColin Finck ULONG SidInTokenCalls = 0; 23c2c66affSColin Finck 24c2c66affSColin Finck extern ULONG ExpInitializationPhase; 25c2c66affSColin Finck extern ERESOURCE SepSubjectContextLock; 26c2c66affSColin Finck 27c2c66affSColin Finck /* PRIVATE FUNCTIONS **********************************************************/ 28c2c66affSColin Finck 2971fefa32STimo Kreuzer static 305c7ce447SVictor Perevertkin CODE_SEG("INIT") 3171fefa32STimo Kreuzer BOOLEAN 32c2c66affSColin Finck SepInitExports(VOID) 33c2c66affSColin Finck { 34c2c66affSColin Finck SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege; 35c2c66affSColin Finck SepExports.SeAssignPrimaryTokenPrivilege = SeAssignPrimaryTokenPrivilege; 36c2c66affSColin Finck SepExports.SeLockMemoryPrivilege = SeLockMemoryPrivilege; 37c2c66affSColin Finck SepExports.SeIncreaseQuotaPrivilege = SeIncreaseQuotaPrivilege; 38c2c66affSColin Finck SepExports.SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege; 39c2c66affSColin Finck SepExports.SeTcbPrivilege = SeTcbPrivilege; 40c2c66affSColin Finck SepExports.SeSecurityPrivilege = SeSecurityPrivilege; 41c2c66affSColin Finck SepExports.SeTakeOwnershipPrivilege = SeTakeOwnershipPrivilege; 42c2c66affSColin Finck SepExports.SeLoadDriverPrivilege = SeLoadDriverPrivilege; 43c2c66affSColin Finck SepExports.SeCreatePagefilePrivilege = SeCreatePagefilePrivilege; 44c2c66affSColin Finck SepExports.SeIncreaseBasePriorityPrivilege = SeIncreaseBasePriorityPrivilege; 45c2c66affSColin Finck SepExports.SeSystemProfilePrivilege = SeSystemProfilePrivilege; 46c2c66affSColin Finck SepExports.SeSystemtimePrivilege = SeSystemtimePrivilege; 47c2c66affSColin Finck SepExports.SeProfileSingleProcessPrivilege = SeProfileSingleProcessPrivilege; 48c2c66affSColin Finck SepExports.SeCreatePermanentPrivilege = SeCreatePermanentPrivilege; 49c2c66affSColin Finck SepExports.SeBackupPrivilege = SeBackupPrivilege; 50c2c66affSColin Finck SepExports.SeRestorePrivilege = SeRestorePrivilege; 51c2c66affSColin Finck SepExports.SeShutdownPrivilege = SeShutdownPrivilege; 52c2c66affSColin Finck SepExports.SeDebugPrivilege = SeDebugPrivilege; 53c2c66affSColin Finck SepExports.SeAuditPrivilege = SeAuditPrivilege; 54c2c66affSColin Finck SepExports.SeSystemEnvironmentPrivilege = SeSystemEnvironmentPrivilege; 55c2c66affSColin Finck SepExports.SeChangeNotifyPrivilege = SeChangeNotifyPrivilege; 56c2c66affSColin Finck SepExports.SeRemoteShutdownPrivilege = SeRemoteShutdownPrivilege; 57c2c66affSColin Finck 58c2c66affSColin Finck SepExports.SeNullSid = SeNullSid; 59c2c66affSColin Finck SepExports.SeWorldSid = SeWorldSid; 60c2c66affSColin Finck SepExports.SeLocalSid = SeLocalSid; 61c2c66affSColin Finck SepExports.SeCreatorOwnerSid = SeCreatorOwnerSid; 62c2c66affSColin Finck SepExports.SeCreatorGroupSid = SeCreatorGroupSid; 63c2c66affSColin Finck SepExports.SeNtAuthoritySid = SeNtAuthoritySid; 64c2c66affSColin Finck SepExports.SeDialupSid = SeDialupSid; 65c2c66affSColin Finck SepExports.SeNetworkSid = SeNetworkSid; 66c2c66affSColin Finck SepExports.SeBatchSid = SeBatchSid; 67c2c66affSColin Finck SepExports.SeInteractiveSid = SeInteractiveSid; 68c2c66affSColin Finck SepExports.SeLocalSystemSid = SeLocalSystemSid; 69c2c66affSColin Finck SepExports.SeAliasAdminsSid = SeAliasAdminsSid; 70c2c66affSColin Finck SepExports.SeAliasUsersSid = SeAliasUsersSid; 71c2c66affSColin Finck SepExports.SeAliasGuestsSid = SeAliasGuestsSid; 72c2c66affSColin Finck SepExports.SeAliasPowerUsersSid = SeAliasPowerUsersSid; 73c2c66affSColin Finck SepExports.SeAliasAccountOpsSid = SeAliasAccountOpsSid; 74c2c66affSColin Finck SepExports.SeAliasSystemOpsSid = SeAliasSystemOpsSid; 75c2c66affSColin Finck SepExports.SeAliasPrintOpsSid = SeAliasPrintOpsSid; 76c2c66affSColin Finck SepExports.SeAliasBackupOpsSid = SeAliasBackupOpsSid; 77c2c66affSColin Finck SepExports.SeAuthenticatedUsersSid = SeAuthenticatedUsersSid; 78c2c66affSColin Finck SepExports.SeRestrictedSid = SeRestrictedSid; 79c2c66affSColin Finck SepExports.SeAnonymousLogonSid = SeAnonymousLogonSid; 80c2c66affSColin Finck SepExports.SeLocalServiceSid = SeLocalServiceSid; 81c2c66affSColin Finck SepExports.SeNetworkServiceSid = SeNetworkServiceSid; 82c2c66affSColin Finck 83c2c66affSColin Finck SepExports.SeUndockPrivilege = SeUndockPrivilege; 84c2c66affSColin Finck SepExports.SeSyncAgentPrivilege = SeSyncAgentPrivilege; 85c2c66affSColin Finck SepExports.SeEnableDelegationPrivilege = SeEnableDelegationPrivilege; 86c2c66affSColin Finck SepExports.SeManageVolumePrivilege = SeManageVolumePrivilege; 87c2c66affSColin Finck SepExports.SeImpersonatePrivilege = SeImpersonatePrivilege; 88c2c66affSColin Finck SepExports.SeCreateGlobalPrivilege = SeCreateGlobalPrivilege; 89c2c66affSColin Finck 90c2c66affSColin Finck SeExports = &SepExports; 91c2c66affSColin Finck return TRUE; 92c2c66affSColin Finck } 93c2c66affSColin Finck 94c2c66affSColin Finck 955c7ce447SVictor Perevertkin CODE_SEG("INIT") 96c2c66affSColin Finck BOOLEAN 97c2c66affSColin Finck NTAPI 98c2c66affSColin Finck SepInitializationPhase0(VOID) 99c2c66affSColin Finck { 100c2c66affSColin Finck PAGED_CODE(); 101c2c66affSColin Finck 102eb8b481cSPierre Schweitzer if (!ExLuidInitialization()) return FALSE; 103c2c66affSColin Finck if (!SepInitSecurityIDs()) return FALSE; 104c2c66affSColin Finck if (!SepInitDACLs()) return FALSE; 105c2c66affSColin Finck if (!SepInitSDs()) return FALSE; 106c2c66affSColin Finck SepInitPrivileges(); 107c2c66affSColin Finck if (!SepInitExports()) return FALSE; 108c2c66affSColin Finck 109c2c66affSColin Finck /* Initialize the subject context lock */ 110c2c66affSColin Finck ExInitializeResource(&SepSubjectContextLock); 111c2c66affSColin Finck 112c2c66affSColin Finck /* Initialize token objects */ 113c2c66affSColin Finck SepInitializeTokenImplementation(); 114c2c66affSColin Finck 115c2c66affSColin Finck /* Initialize logon sessions */ 116c2c66affSColin Finck if (!SeRmInitPhase0()) return FALSE; 117c2c66affSColin Finck 118c2c66affSColin Finck /* Clear impersonation info for the idle thread */ 119c2c66affSColin Finck PsGetCurrentThread()->ImpersonationInfo = NULL; 120c2c66affSColin Finck PspClearCrossThreadFlag(PsGetCurrentThread(), 121c2c66affSColin Finck CT_ACTIVE_IMPERSONATION_INFO_BIT); 122c2c66affSColin Finck 123c2c66affSColin Finck /* Initialize the boot token */ 124c2c66affSColin Finck ObInitializeFastReference(&PsGetCurrentProcess()->Token, NULL); 125c2c66affSColin Finck ObInitializeFastReference(&PsGetCurrentProcess()->Token, 126c2c66affSColin Finck SepCreateSystemProcessToken()); 127*5b5b814aSGeorge Bișoc 128*5b5b814aSGeorge Bișoc /* Initialise the anonymous logon tokens */ 129*5b5b814aSGeorge Bișoc SeAnonymousLogonToken = SepCreateSystemAnonymousLogonToken(); 130*5b5b814aSGeorge Bișoc if (!SeAnonymousLogonToken) 131*5b5b814aSGeorge Bișoc return FALSE; 132*5b5b814aSGeorge Bișoc 133*5b5b814aSGeorge Bișoc SeAnonymousLogonTokenNoEveryone = SepCreateSystemAnonymousLogonTokenNoEveryone(); 134*5b5b814aSGeorge Bișoc if (!SeAnonymousLogonTokenNoEveryone) 135*5b5b814aSGeorge Bișoc return FALSE; 136*5b5b814aSGeorge Bișoc 137c2c66affSColin Finck return TRUE; 138c2c66affSColin Finck } 139c2c66affSColin Finck 1405c7ce447SVictor Perevertkin CODE_SEG("INIT") 141c2c66affSColin Finck BOOLEAN 142c2c66affSColin Finck NTAPI 143c2c66affSColin Finck SepInitializationPhase1(VOID) 144c2c66affSColin Finck { 145c2c66affSColin Finck OBJECT_ATTRIBUTES ObjectAttributes; 146c2c66affSColin Finck UNICODE_STRING Name; 147c2c66affSColin Finck HANDLE SecurityHandle; 148c2c66affSColin Finck HANDLE EventHandle; 149c2c66affSColin Finck NTSTATUS Status; 1506747dacfSPierre Schweitzer SECURITY_DESCRIPTOR SecurityDescriptor; 1516747dacfSPierre Schweitzer PACL Dacl; 1526747dacfSPierre Schweitzer ULONG DaclLength; 153c2c66affSColin Finck 154c2c66affSColin Finck PAGED_CODE(); 155c2c66affSColin Finck 156c2c66affSColin Finck /* Insert the system token into the tree */ 157c2c66affSColin Finck Status = ObInsertObject((PVOID)(PsGetCurrentProcess()->Token.Value & 158c2c66affSColin Finck ~MAX_FAST_REFS), 159c2c66affSColin Finck NULL, 160c2c66affSColin Finck 0, 161c2c66affSColin Finck 0, 162c2c66affSColin Finck NULL, 163c2c66affSColin Finck NULL); 164c2c66affSColin Finck ASSERT(NT_SUCCESS(Status)); 165c2c66affSColin Finck 1666747dacfSPierre Schweitzer /* Create a security descriptor for the directory */ 1676747dacfSPierre Schweitzer RtlCreateSecurityDescriptor(&SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION); 1686747dacfSPierre Schweitzer 1696747dacfSPierre Schweitzer /* Setup the ACL */ 1706747dacfSPierre Schweitzer DaclLength = sizeof(ACL) + 3 * sizeof(ACCESS_ALLOWED_ACE) + 1716747dacfSPierre Schweitzer RtlLengthSid(SeLocalSystemSid) + 1726747dacfSPierre Schweitzer RtlLengthSid(SeAliasAdminsSid) + 1736747dacfSPierre Schweitzer RtlLengthSid(SeWorldSid); 1746747dacfSPierre Schweitzer Dacl = ExAllocatePoolWithTag(NonPagedPool, DaclLength, TAG_SE); 1756747dacfSPierre Schweitzer if (Dacl == NULL) 1766747dacfSPierre Schweitzer { 1776747dacfSPierre Schweitzer return FALSE; 1786747dacfSPierre Schweitzer } 1796747dacfSPierre Schweitzer 1806747dacfSPierre Schweitzer Status = RtlCreateAcl(Dacl, DaclLength, ACL_REVISION); 1816747dacfSPierre Schweitzer ASSERT(NT_SUCCESS(Status)); 1826747dacfSPierre Schweitzer 1836747dacfSPierre Schweitzer /* Grant full access to SYSTEM */ 1846747dacfSPierre Schweitzer Status = RtlAddAccessAllowedAce(Dacl, 1856747dacfSPierre Schweitzer ACL_REVISION, 1866747dacfSPierre Schweitzer DIRECTORY_ALL_ACCESS, 1876747dacfSPierre Schweitzer SeLocalSystemSid); 1886747dacfSPierre Schweitzer ASSERT(NT_SUCCESS(Status)); 1896747dacfSPierre Schweitzer 1906747dacfSPierre Schweitzer /* Allow admins to traverse and query */ 1916747dacfSPierre Schweitzer Status = RtlAddAccessAllowedAce(Dacl, 1926747dacfSPierre Schweitzer ACL_REVISION, 1936747dacfSPierre Schweitzer READ_CONTROL | DIRECTORY_TRAVERSE | DIRECTORY_QUERY, 1946747dacfSPierre Schweitzer SeAliasAdminsSid); 1956747dacfSPierre Schweitzer ASSERT(NT_SUCCESS(Status)); 1966747dacfSPierre Schweitzer 1976747dacfSPierre Schweitzer /* Allow anyone to traverse */ 1986747dacfSPierre Schweitzer Status = RtlAddAccessAllowedAce(Dacl, 1996747dacfSPierre Schweitzer ACL_REVISION, 2006747dacfSPierre Schweitzer DIRECTORY_TRAVERSE, 2016747dacfSPierre Schweitzer SeWorldSid); 2026747dacfSPierre Schweitzer ASSERT(NT_SUCCESS(Status)); 2036747dacfSPierre Schweitzer 2046747dacfSPierre Schweitzer /* And link ACL and SD */ 2056747dacfSPierre Schweitzer Status = RtlSetDaclSecurityDescriptor(&SecurityDescriptor, TRUE, Dacl, FALSE); 2066747dacfSPierre Schweitzer ASSERT(NT_SUCCESS(Status)); 207c2c66affSColin Finck 208c2c66affSColin Finck /* Create '\Security' directory */ 209c2c66affSColin Finck RtlInitUnicodeString(&Name, L"\\Security"); 210c2c66affSColin Finck InitializeObjectAttributes(&ObjectAttributes, 211c2c66affSColin Finck &Name, 212c2c66affSColin Finck OBJ_PERMANENT | OBJ_CASE_INSENSITIVE, 213c2c66affSColin Finck 0, 2146747dacfSPierre Schweitzer &SecurityDescriptor); 215c2c66affSColin Finck 216c2c66affSColin Finck Status = ZwCreateDirectoryObject(&SecurityHandle, 217c2c66affSColin Finck DIRECTORY_ALL_ACCESS, 218c2c66affSColin Finck &ObjectAttributes); 219c2c66affSColin Finck ASSERT(NT_SUCCESS(Status)); 220c2c66affSColin Finck 22195bc44e2SPierre Schweitzer /* Free the DACL */ 22295bc44e2SPierre Schweitzer ExFreePoolWithTag(Dacl, TAG_SE); 22395bc44e2SPierre Schweitzer 224c2c66affSColin Finck /* Create 'LSA_AUTHENTICATION_INITIALIZED' event */ 225c2c66affSColin Finck RtlInitUnicodeString(&Name, L"LSA_AUTHENTICATION_INITIALIZED"); 226c2c66affSColin Finck InitializeObjectAttributes(&ObjectAttributes, 227c2c66affSColin Finck &Name, 228c2c66affSColin Finck OBJ_PERMANENT | OBJ_CASE_INSENSITIVE, 229c2c66affSColin Finck SecurityHandle, 230c2c66affSColin Finck SePublicDefaultSd); 231c2c66affSColin Finck 232c2c66affSColin Finck Status = ZwCreateEvent(&EventHandle, 233c2c66affSColin Finck GENERIC_WRITE, 234c2c66affSColin Finck &ObjectAttributes, 235c2c66affSColin Finck NotificationEvent, 236c2c66affSColin Finck FALSE); 237c2c66affSColin Finck ASSERT(NT_SUCCESS(Status)); 238c2c66affSColin Finck 239c2c66affSColin Finck Status = ZwClose(EventHandle); 240c2c66affSColin Finck ASSERT(NT_SUCCESS(Status)); 241c2c66affSColin Finck 242c2c66affSColin Finck Status = ZwClose(SecurityHandle); 243c2c66affSColin Finck ASSERT(NT_SUCCESS(Status)); 244c2c66affSColin Finck 245c2c66affSColin Finck return TRUE; 246c2c66affSColin Finck } 247c2c66affSColin Finck 2485c7ce447SVictor Perevertkin CODE_SEG("INIT") 249c2c66affSColin Finck BOOLEAN 250c2c66affSColin Finck NTAPI 251c2c66affSColin Finck SeInitSystem(VOID) 252c2c66affSColin Finck { 253c2c66affSColin Finck /* Check the initialization phase */ 254c2c66affSColin Finck switch (ExpInitializationPhase) 255c2c66affSColin Finck { 256c2c66affSColin Finck case 0: 257c2c66affSColin Finck 258c2c66affSColin Finck /* Do Phase 0 */ 259c2c66affSColin Finck return SepInitializationPhase0(); 260c2c66affSColin Finck 261c2c66affSColin Finck case 1: 262c2c66affSColin Finck 263c2c66affSColin Finck /* Do Phase 1 */ 264c2c66affSColin Finck return SepInitializationPhase1(); 265c2c66affSColin Finck 266c2c66affSColin Finck default: 267c2c66affSColin Finck 268c2c66affSColin Finck /* Don't know any other phase! Bugcheck! */ 269c2c66affSColin Finck KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL, 270c2c66affSColin Finck 0, 271c2c66affSColin Finck ExpInitializationPhase, 272c2c66affSColin Finck 0, 273c2c66affSColin Finck 0); 274c2c66affSColin Finck return FALSE; 275c2c66affSColin Finck } 276c2c66affSColin Finck } 277c2c66affSColin Finck 278c2c66affSColin Finck NTSTATUS 279c2c66affSColin Finck NTAPI 280c2c66affSColin Finck SeDefaultObjectMethod(IN PVOID Object, 281c2c66affSColin Finck IN SECURITY_OPERATION_CODE OperationType, 282c2c66affSColin Finck IN PSECURITY_INFORMATION SecurityInformation, 283c2c66affSColin Finck IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 284c2c66affSColin Finck IN OUT PULONG ReturnLength OPTIONAL, 285c2c66affSColin Finck IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor, 286c2c66affSColin Finck IN POOL_TYPE PoolType, 287c2c66affSColin Finck IN PGENERIC_MAPPING GenericMapping) 288c2c66affSColin Finck { 289c2c66affSColin Finck PAGED_CODE(); 290c2c66affSColin Finck 291c2c66affSColin Finck /* Select the operation type */ 292c2c66affSColin Finck switch (OperationType) 293c2c66affSColin Finck { 294c2c66affSColin Finck /* Setting a new descriptor */ 295c2c66affSColin Finck case SetSecurityDescriptor: 296c2c66affSColin Finck 297c2c66affSColin Finck /* Sanity check */ 298c2c66affSColin Finck ASSERT((PoolType == PagedPool) || (PoolType == NonPagedPool)); 299c2c66affSColin Finck 300c2c66affSColin Finck /* Set the information */ 301c2c66affSColin Finck return ObSetSecurityDescriptorInfo(Object, 302c2c66affSColin Finck SecurityInformation, 303c2c66affSColin Finck SecurityDescriptor, 304c2c66affSColin Finck OldSecurityDescriptor, 305c2c66affSColin Finck PoolType, 306c2c66affSColin Finck GenericMapping); 307c2c66affSColin Finck 308c2c66affSColin Finck case QuerySecurityDescriptor: 309c2c66affSColin Finck 310c2c66affSColin Finck /* Query the information */ 311c2c66affSColin Finck return ObQuerySecurityDescriptorInfo(Object, 312c2c66affSColin Finck SecurityInformation, 313c2c66affSColin Finck SecurityDescriptor, 314c2c66affSColin Finck ReturnLength, 315c2c66affSColin Finck OldSecurityDescriptor); 316c2c66affSColin Finck 317c2c66affSColin Finck case DeleteSecurityDescriptor: 318c2c66affSColin Finck 319c2c66affSColin Finck /* De-assign it */ 320c2c66affSColin Finck return ObDeassignSecurity(OldSecurityDescriptor); 321c2c66affSColin Finck 322c2c66affSColin Finck case AssignSecurityDescriptor: 323c2c66affSColin Finck 324c2c66affSColin Finck /* Assign it */ 325c2c66affSColin Finck ObAssignObjectSecurityDescriptor(Object, SecurityDescriptor, PoolType); 326c2c66affSColin Finck return STATUS_SUCCESS; 327c2c66affSColin Finck 328c2c66affSColin Finck default: 329c2c66affSColin Finck 330c2c66affSColin Finck /* Bug check */ 331c2c66affSColin Finck KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0); 332c2c66affSColin Finck } 333c2c66affSColin Finck 334c2c66affSColin Finck /* Should never reach here */ 335c2c66affSColin Finck ASSERT(FALSE); 336c2c66affSColin Finck return STATUS_SUCCESS; 337c2c66affSColin Finck } 338c2c66affSColin Finck 339c2c66affSColin Finck VOID 340c2c66affSColin Finck NTAPI 341c2c66affSColin Finck SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, 342c2c66affSColin Finck OUT PACCESS_MASK DesiredAccess) 343c2c66affSColin Finck { 344c2c66affSColin Finck *DesiredAccess = 0; 345c2c66affSColin Finck 346c2c66affSColin Finck if (SecurityInformation & (OWNER_SECURITY_INFORMATION | 347c2c66affSColin Finck GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION)) 348c2c66affSColin Finck { 349c2c66affSColin Finck *DesiredAccess |= READ_CONTROL; 350c2c66affSColin Finck } 351c2c66affSColin Finck 352c2c66affSColin Finck if (SecurityInformation & SACL_SECURITY_INFORMATION) 353c2c66affSColin Finck { 354c2c66affSColin Finck *DesiredAccess |= ACCESS_SYSTEM_SECURITY; 355c2c66affSColin Finck } 356c2c66affSColin Finck } 357c2c66affSColin Finck 358c2c66affSColin Finck VOID 359c2c66affSColin Finck NTAPI 360c2c66affSColin Finck SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, 361c2c66affSColin Finck OUT PACCESS_MASK DesiredAccess) 362c2c66affSColin Finck { 363c2c66affSColin Finck *DesiredAccess = 0; 364c2c66affSColin Finck 365c2c66affSColin Finck if (SecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION)) 366c2c66affSColin Finck { 367c2c66affSColin Finck *DesiredAccess |= WRITE_OWNER; 368c2c66affSColin Finck } 369c2c66affSColin Finck 370c2c66affSColin Finck if (SecurityInformation & DACL_SECURITY_INFORMATION) 371c2c66affSColin Finck { 372c2c66affSColin Finck *DesiredAccess |= WRITE_DAC; 373c2c66affSColin Finck } 374c2c66affSColin Finck 375c2c66affSColin Finck if (SecurityInformation & SACL_SECURITY_INFORMATION) 376c2c66affSColin Finck { 377c2c66affSColin Finck *DesiredAccess |= ACCESS_SYSTEM_SECURITY; 378c2c66affSColin Finck } 379c2c66affSColin Finck } 380c2c66affSColin Finck 381c2c66affSColin Finck NTSTATUS 382c2c66affSColin Finck NTAPI 383c2c66affSColin Finck SeReportSecurityEvent( 384c2c66affSColin Finck _In_ ULONG Flags, 385c2c66affSColin Finck _In_ PUNICODE_STRING SourceName, 386c2c66affSColin Finck _In_opt_ PSID UserSid, 387c2c66affSColin Finck _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters) 388c2c66affSColin Finck { 389c2c66affSColin Finck SECURITY_SUBJECT_CONTEXT SubjectContext; 390c2c66affSColin Finck PTOKEN EffectiveToken; 391c2c66affSColin Finck PISID Sid; 392c2c66affSColin Finck NTSTATUS Status; 393c2c66affSColin Finck 394c2c66affSColin Finck /* Validate parameters */ 395c2c66affSColin Finck if ((Flags != 0) || 396c2c66affSColin Finck (SourceName == NULL) || 397c2c66affSColin Finck (SourceName->Buffer == NULL) || 398c2c66affSColin Finck (SourceName->Length == 0) || 399c2c66affSColin Finck (AuditParameters == NULL) || 400c2c66affSColin Finck (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4)) 401c2c66affSColin Finck { 402c2c66affSColin Finck return STATUS_INVALID_PARAMETER; 403c2c66affSColin Finck } 404c2c66affSColin Finck 405c2c66affSColin Finck /* Validate the source name */ 406c2c66affSColin Finck Status = RtlValidateUnicodeString(0, SourceName); 407c2c66affSColin Finck if (!NT_SUCCESS(Status)) 408c2c66affSColin Finck { 409c2c66affSColin Finck return Status; 410c2c66affSColin Finck } 411c2c66affSColin Finck 412c2c66affSColin Finck /* Check if we have a user SID */ 413c2c66affSColin Finck if (UserSid != NULL) 414c2c66affSColin Finck { 415c2c66affSColin Finck /* Validate it */ 416c2c66affSColin Finck if (!RtlValidSid(UserSid)) 417c2c66affSColin Finck { 418c2c66affSColin Finck return STATUS_INVALID_PARAMETER; 419c2c66affSColin Finck } 420c2c66affSColin Finck 421c2c66affSColin Finck /* Use the user SID */ 422c2c66affSColin Finck Sid = UserSid; 423c2c66affSColin Finck } 424c2c66affSColin Finck else 425c2c66affSColin Finck { 426c2c66affSColin Finck /* No user SID, capture the security subject context */ 427c2c66affSColin Finck SeCaptureSubjectContext(&SubjectContext); 428c2c66affSColin Finck 429c2c66affSColin Finck /* Extract the effective token */ 430c2c66affSColin Finck EffectiveToken = SubjectContext.ClientToken ? 431c2c66affSColin Finck SubjectContext.ClientToken : SubjectContext.PrimaryToken; 432c2c66affSColin Finck 433c2c66affSColin Finck /* Use the user-and-groups SID */ 434c2c66affSColin Finck Sid = EffectiveToken->UserAndGroups->Sid; 435c2c66affSColin Finck } 436c2c66affSColin Finck 437c2c66affSColin Finck UNIMPLEMENTED; 438c2c66affSColin Finck 439c2c66affSColin Finck /* Check if we captured the subject context */ 440c2c66affSColin Finck if (Sid != UserSid) 441c2c66affSColin Finck { 442c2c66affSColin Finck /* Release it */ 443c2c66affSColin Finck SeReleaseSubjectContext(&SubjectContext); 444c2c66affSColin Finck } 445c2c66affSColin Finck 446c2c66affSColin Finck /* Return success */ 447c2c66affSColin Finck return STATUS_SUCCESS; 448c2c66affSColin Finck } 449c2c66affSColin Finck 450c2c66affSColin Finck _Const_ 451c2c66affSColin Finck NTSTATUS 452c2c66affSColin Finck NTAPI 453c2c66affSColin Finck SeSetAuditParameter( 454c2c66affSColin Finck _Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters, 455c2c66affSColin Finck _In_ SE_ADT_PARAMETER_TYPE Type, 456c2c66affSColin Finck _In_range_(<, SE_MAX_AUDIT_PARAMETERS) ULONG Index, 457c2c66affSColin Finck _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data) 458c2c66affSColin Finck { 459c2c66affSColin Finck UNIMPLEMENTED; 460c2c66affSColin Finck return STATUS_SUCCESS; 461c2c66affSColin Finck } 462c2c66affSColin Finck 463c2c66affSColin Finck /* EOF */ 464