fltmgr.sys: Implement FltBuildDefaultSecurityDescriptor.

dlls/fltmgr.sys/Makefile.in

 MODULE    = fltmgr.sys
 EXTRADLLFLAGS = -Wl,--subsystem,native
+IMPORTS = ntoskrnl
 
 SOURCES = \
 	fltmgr.sys.spec \

dlls/fltmgr.sys/fltmgr.sys.spec

@@ -10,7 +10,7 @@
 @ stub FltAllocatePoolAlignedWithTag
 @ stub FltAttachVolume
 @ stub FltAttachVolumeAtAltitude
-@ stub FltBuildDefaultSecurityDescriptor
+@ stdcall FltBuildDefaultSecurityDescriptor(ptr long)
 @ stub FltCancelFileOpen
 @ stub FltCancelIo
 @ stub FltCbdqDisable
@@ -60,7 +60,7 @@
 @ stub FltFreeFileLock
 @ stub FltFreeGenericWorkItem
 @ stub FltFreePoolAlignedWithTag
-@ stub FltFreeSecurityDescriptor
+@ stdcall FltFreeSecurityDescriptor(ptr)
 @ stub FltFsControlFile
 @ stub FltGetBottomInstance
 @ stub FltGetContexts

dlls/fltmgr.sys/main.c

@@ -23,7 +23,6 @@
 #include "ntstatus.h"
 #define WIN32_NO_STATUS
 #include "windef.h"
-#include "winbase.h"
 #include "winternl.h"
 #include "ddk/fltkernel.h"
 
@@ -93,3 +92,61 @@ void* WINAPI FltGetRoutineAddress(LPCSTR name)
 
     return func;
 }
+
+NTSTATUS WINAPI FltBuildDefaultSecurityDescriptor(PSECURITY_DESCRIPTOR *descriptor, ACCESS_MASK access)
+{
+    PACL dacl;
+    NTSTATUS ret = STATUS_INSUFFICIENT_RESOURCES;
+    DWORD sid_len;
+    SID *sid;
+    SID *sid_system = NULL;
+    PSECURITY_DESCRIPTOR sec_desc = NULL;
+    SID_IDENTIFIER_AUTHORITY auth = { SECURITY_NULL_SID_AUTHORITY };
+
+    *descriptor = NULL;
+
+    sid_len = RtlLengthRequiredSid(2);
+    sid = ExAllocatePool(PagedPool, sid_len);
+    if (!sid)
+        goto done;
+    RtlInitializeSid(sid, &auth, 2);
+    sid->SubAuthority[1] = DOMAIN_GROUP_RID_ADMINS;
+    sid->SubAuthority[0] = SECURITY_BUILTIN_DOMAIN_RID;
+
+    sid_len = RtlLengthRequiredSid(1);
+    sid_system = ExAllocatePool(PagedPool, sid_len);
+    if (!sid_system)
+        goto done;
+    RtlInitializeSid(sid_system, &auth, 1);
+    sid_system->SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID;
+
+    sid_len = SECURITY_DESCRIPTOR_MIN_LENGTH + sizeof(ACL) +
+            sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid) +
+            sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid_system);
+
+    sec_desc = ExAllocatePool(PagedPool, sid_len);
+    if (!sec_desc)
+    {
+        ret = STATUS_NO_MEMORY;
+        goto done;
+    }
+
+    RtlCreateSecurityDescriptor(sec_desc, SECURITY_DESCRIPTOR_REVISION);
+    dacl = (PACL)((char*)sec_desc + SECURITY_DESCRIPTOR_MIN_LENGTH);
+    RtlCreateAcl(dacl, sid_len - SECURITY_DESCRIPTOR_MIN_LENGTH, ACL_REVISION);
+    RtlAddAccessAllowedAce(dacl, ACL_REVISION, access, sid);
+    RtlAddAccessAllowedAce(dacl, ACL_REVISION, access, sid_system);
+    RtlSetDaclSecurityDescriptor(sec_desc, 1, dacl, 0);
+    *descriptor = sec_desc;
+    ret = STATUS_SUCCESS;
+
+done:
+    ExFreePool(sid);
+    ExFreePool(sid_system);
+    return ret;
+}
+
+void WINAPI FltFreeSecurityDescriptor(PSECURITY_DESCRIPTOR descriptor)
+{
+    ExFreePool(descriptor);
+}

include/ddk/fltkernel.h

@@ -653,7 +653,8 @@ typedef struct _FLT_REGISTRATION
     PFLT_SECTION_CONFLICT_NOTIFICATION_CALLBACK SectionNotificationCallback;
 } FLT_REGISTRATION, *PFLT_REGISTRATION;
 
-
+NTSTATUS WINAPI FltBuildDefaultSecurityDescriptor(PSECURITY_DESCRIPTOR *, ACCESS_MASK);
+void     WINAPI FltFreeSecurityDescriptor(PSECURITY_DESCRIPTOR);
 void*    WINAPI FltGetRoutineAddress(LPCSTR name);
 NTSTATUS WINAPI FltRegisterFilter(PDRIVER_OBJECT, const FLT_REGISTRATION *, PFLT_FILTER *);
 NTSTATUS WINAPI FltStartFiltering(PFLT_FILTER);