[ros-diffs] [greatlrd] 21875: bug 1467 : patch from w3seek,
ACLs: Implement audit functions
greatlrd at svn.reactos.org
greatlrd at svn.reactos.org
Wed May 10 11:32:24 CEST 2006
Author: greatlrd
Date: Wed May 10 13:32:23 2006
New Revision: 21875
URL: http://svn.reactos.ru/svn/reactos?rev=21875&view=rev
Log:
bug 1467 : patch from w3seek, ACLs: Implement audit functions
Modified:
trunk/reactos/dll/ntdll/def/ntdll.def
trunk/reactos/dll/win32/advapi32/advapi32.h
trunk/reactos/dll/win32/advapi32/sec/ac.c
trunk/reactos/dll/win32/advapi32/sec/sec.c
trunk/reactos/dll/win32/ntmarta/ntmarta.c
trunk/reactos/include/ndk/rtlfuncs.h
trunk/reactos/include/winnt.h
trunk/reactos/lib/rtl/acl.c
Modified: trunk/reactos/dll/ntdll/def/ntdll.def
URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/dll/ntdll/def/ntdll.def?rev=21875&r1=21874&r2=21875&view=diff
==============================================================================
--- trunk/reactos/dll/ntdll/def/ntdll.def (original)
+++ trunk/reactos/dll/ntdll/def/ntdll.def Wed May 10 13:32:23 2006
@@ -292,14 +292,17 @@
RtlAcquireResourceShared at 8
RtlAddAccessAllowedAce at 16
RtlAddAccessAllowedAceEx at 20
+RtlAddAccessAllowedObjectAce at 28
RtlAddAccessDeniedAce at 16
RtlAddAccessDeniedAceEx at 20
+RtlAddAccessDeniedObjectAce at 28
RtlAddAce at 20
;RtlAddActionToRXact
RtlAddAtomToAtomTable at 12
;RtlAddAttributeActionToRXact
RtlAddAuditAccessAce at 24
RtlAddAuditAccessAceEx at 28
+RtlAddAuditAccessObjectAce at 36
;RtlAddCompoundAce
RtlAddRange at 36
RtlAddVectoredExceptionHandler at 8
Modified: trunk/reactos/dll/win32/advapi32/advapi32.h
URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/dll/win32/advapi32/advapi32.h?rev=21875&r1=21874&r2=21875&view=diff
==============================================================================
--- trunk/reactos/dll/win32/advapi32/advapi32.h (original)
+++ trunk/reactos/dll/win32/advapi32/advapi32.h Wed May 10 13:32:23 2006
@@ -17,6 +17,7 @@
#define WIN32_NO_STATUS
#include <windows.h>
#include <accctrl.h>
+#include <aclapi.h>
#include <sddl.h>
#define NTOS_MODE_USER
#include <ndk/ntndk.h>
Modified: trunk/reactos/dll/win32/advapi32/sec/ac.c
URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/ac.c?rev=21875&r1=21874&r2=21875&view=diff
==============================================================================
--- trunk/reactos/dll/win32/advapi32/sec/ac.c (original)
+++ trunk/reactos/dll/win32/advapi32/sec/ac.c Wed May 10 13:32:23 2006
@@ -166,7 +166,7 @@
/*
- * @unimplemented
+ * @implemented
*/
BOOL
STDCALL
@@ -179,8 +179,22 @@
GUID* InheritedObjectTypeGuid,
PSID pSid)
{
- DPRINT1("%s() not implemented!\n", __FUNCTION__);
- return ERROR_CALL_NOT_IMPLEMENTED;
+ NTSTATUS Status;
+
+ Status = RtlAddAccessAllowedObjectAce(pAcl,
+ dwAceRevision,
+ AceFlags,
+ AccessMask,
+ ObjectTypeGuid,
+ InheritedObjectTypeGuid,
+ pSid);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
}
@@ -240,7 +254,7 @@
/*
- * @unimplemented
+ * @implemented
*/
BOOL
STDCALL
@@ -253,8 +267,22 @@
GUID* InheritedObjectTypeGuid,
PSID pSid)
{
- DPRINT1("%s() not implemented!\n", __FUNCTION__);
- return ERROR_CALL_NOT_IMPLEMENTED;
+ NTSTATUS Status;
+
+ Status = RtlAddAccessDeniedObjectAce(pAcl,
+ dwAceRevision,
+ AceFlags,
+ AccessMask,
+ ObjectTypeGuid,
+ InheritedObjectTypeGuid,
+ pSid);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
}
@@ -352,7 +380,7 @@
/*
- * @unimplemented
+ * @implemented
*/
BOOL
STDCALL
@@ -367,8 +395,24 @@
BOOL bAuditSuccess,
BOOL bAuditFailure)
{
- DPRINT1("%s() not implemented!\n", __FUNCTION__);
- return ERROR_CALL_NOT_IMPLEMENTED;
+ NTSTATUS Status;
+
+ Status = RtlAddAuditAccessObjectAce(pAcl,
+ dwAceRevision,
+ AceFlags,
+ AccessMask,
+ ObjectTypeGuid,
+ InheritedObjectTypeGuid,
+ pSid,
+ bAuditSuccess,
+ bAuditFailure);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
}
@@ -554,6 +598,385 @@
}
+static DWORD
+InternalTrusteeAToW(IN PTRUSTEE_A pTrusteeA,
+ OUT PTRUSTEE_W *pTrusteeW)
+{
+ TRUSTEE_FORM TrusteeForm;
+ INT BufferSize = 0;
+ PSTR lpStr;
+ DWORD ErrorCode = ERROR_SUCCESS;
+
+ ASSERT(sizeof(TRUSTEE_W) == sizeof(TRUSTEE_A));
+
+ TrusteeForm = GetTrusteeForm(pTrusteeA);
+ switch (TrusteeForm)
+ {
+ case TRUSTEE_IS_NAME:
+ {
+ lpStr = GetTrusteeName(pTrusteeA);
+ if (lpStr != NULL)
+ BufferSize = strlen(lpStr) + 1;
+
+ *pTrusteeW = RtlAllocateHeap(RtlGetProcessHeap(),
+ 0,
+ sizeof(TRUSTEE_W) + (BufferSize * sizeof(WCHAR)));
+ if (*pTrusteeW != NULL)
+ {
+ RtlCopyMemory(*pTrusteeW,
+ pTrusteeA,
+ FIELD_OFFSET(TRUSTEE_A,
+ ptstrName));
+
+ if (lpStr != NULL)
+ {
+ (*pTrusteeW)->ptstrName = (PWSTR)((*pTrusteeW) + 1);
+
+ /* convert the trustee's name */
+ if (MultiByteToWideChar(CP_ACP,
+ 0,
+ lpStr,
+ -1,
+ (*pTrusteeW)->ptstrName,
+ BufferSize) == 0)
+ {
+ goto ConvertErr;
+ }
+ }
+ else
+ {
+ RtlFreeHeap(RtlGetProcessHeap(),
+ 0,
+ *pTrusteeW);
+ goto NothingToConvert;
+ }
+ }
+ else
+ ErrorCode = ERROR_NOT_ENOUGH_MEMORY;
+ break;
+ }
+
+ case TRUSTEE_IS_OBJECTS_AND_NAME:
+ {
+ POBJECTS_AND_NAME_A oanA = (POBJECTS_AND_NAME_A)GetTrusteeNameA(pTrusteeA);
+ POBJECTS_AND_NAME_W oan;
+ PWSTR StrBuf;
+
+ /* calculate the size needed */
+ if ((oanA->ObjectsPresent & ACE_INHERITED_OBJECT_TYPE_PRESENT) &&
+ oanA->InheritedObjectTypeName != NULL)
+ {
+ BufferSize = strlen(oanA->InheritedObjectTypeName) + 1;
+ }
+ if (oanA->ptstrName != NULL)
+ {
+ BufferSize += strlen(oanA->ptstrName) + 1;
+ }
+
+ *pTrusteeW = RtlAllocateHeap(RtlGetProcessHeap(),
+ 0,
+ sizeof(TRUSTEE_W) + sizeof(OBJECTS_AND_NAME_W) +
+ (BufferSize * sizeof(WCHAR)));
+
+ if (*pTrusteeW != NULL)
+ {
+ oan = (POBJECTS_AND_NAME_W)((*pTrusteeW) + 1);
+ StrBuf = (PWSTR)(oan + 1);
+
+ /* copy over the parts of the TRUSTEE structure that don't need
+ to be touched */
+ RtlCopyMemory(*pTrusteeW,
+ pTrusteeA,
+ FIELD_OFFSET(TRUSTEE_A,
+ ptstrName));
+
+ (*pTrusteeW)->ptstrName = (LPWSTR)oan;
+
+ /* convert the OBJECTS_AND_NAME_A structure */
+ oan->ObjectsPresent = oanA->ObjectsPresent;
+ oan->ObjectType = oanA->ObjectType;
+
+ if ((oanA->ObjectsPresent & ACE_INHERITED_OBJECT_TYPE_PRESENT) &&
+ oanA->InheritedObjectTypeName != NULL)
+ {
+ /* convert inherited object type name */
+ BufferSize = strlen(oanA->InheritedObjectTypeName) + 1;
+
+ if (MultiByteToWideChar(CP_ACP,
+ 0,
+ oanA->InheritedObjectTypeName,
+ -1,
+ StrBuf,
+ BufferSize) == 0)
+ {
+ goto ConvertErr;
+ }
+ oan->InheritedObjectTypeName = StrBuf;
+
+ StrBuf += BufferSize;
+ }
+ else
+ oan->InheritedObjectTypeName = NULL;
+
+ if (oanA->ptstrName != NULL)
+ {
+ /* convert the trustee name */
+ BufferSize = strlen(oanA->ptstrName) + 1;
+
+ if (MultiByteToWideChar(CP_ACP,
+ 0,
+ oanA->ptstrName,
+ -1,
+ StrBuf,
+ BufferSize) == 0)
+ {
+ConvertErr:
+ ErrorCode = GetLastError();
+
+ /* cleanup */
+ RtlFreeHeap(RtlGetProcessHeap(),
+ 0,
+ *pTrusteeW);
+
+ return ErrorCode;
+ }
+ oan->ptstrName = StrBuf;
+ }
+ else
+ oan->ptstrName = NULL;
+ }
+ else
+ ErrorCode = ERROR_NOT_ENOUGH_MEMORY;
+ break;
+ }
+
+ default:
+ {
+NothingToConvert:
+ /* no need to convert anything to unicode */
+ *pTrusteeW = (PTRUSTEE_W)pTrusteeA;
+ break;
+ }
+ }
+
+ return ErrorCode;
+}
+
+
+static __inline VOID
+InternalFreeConvertedTrustee(IN PTRUSTEE_W pTrusteeW,
+ IN PTRUSTEE_A pTrusteeA)
+{
+ if ((PVOID)pTrusteeW != (PVOID)pTrusteeA)
+ {
+ RtlFreeHeap(RtlGetProcessHeap(),
+ 0,
+ pTrusteeW);
+ }
+}
+
+
+static DWORD
+InternalExplicitAccessAToW(IN ULONG cCountOfExplicitEntries,
+ IN PEXPLICIT_ACCESS_A pListOfExplicitEntriesA,
+ OUT PEXPLICIT_ACCESS_W *pListOfExplicitEntriesW)
+{
+ TRUSTEE_FORM TrusteeForm;
+ SIZE_T Size;
+ ULONG i;
+ ULONG ObjectsAndNameCount = 0;
+ PEXPLICIT_ACCESS_W peaw = NULL;
+ DWORD ErrorCode = ERROR_SUCCESS;
+ LPSTR lpStr;
+
+ /* NOTE: This code assumes that the size of the TRUSTEE_A and TRUSTEE_W structure matches! */
+ ASSERT(sizeof(TRUSTEE_A) == sizeof(TRUSTEE_W));
+
+ if (cCountOfExplicitEntries != 0)
+ {
+ /* calculate the size needed */
+ Size = cCountOfExplicitEntries * sizeof(EXPLICIT_ACCESS_W);
+ for (i = 0; i != cCountOfExplicitEntries; i++)
+ {
+ TrusteeForm = GetTrusteeForm(&pListOfExplicitEntriesA[i].Trustee);
+
+ switch (TrusteeForm)
+ {
+ case TRUSTEE_IS_NAME:
+ {
+ lpStr = GetTrusteeNameA(&pListOfExplicitEntriesA[i].Trustee);
+ if (lpStr != NULL)
+ Size += (strlen(lpStr) + 1) * sizeof(WCHAR);
+ break;
+ }
+
+ case TRUSTEE_IS_OBJECTS_AND_NAME:
+ {
+ POBJECTS_AND_NAME_A oan = (POBJECTS_AND_NAME_A)GetTrusteeNameA(&pListOfExplicitEntriesA[i].Trustee);
+
+ if ((oan->ObjectsPresent & ACE_INHERITED_OBJECT_TYPE_PRESENT) &&
+ oan->InheritedObjectTypeName != NULL)
+ {
+ Size += (strlen(oan->InheritedObjectTypeName) + 1) * sizeof(WCHAR);
+ }
+
+ if (oan->ptstrName != NULL)
+ Size += (strlen(oan->ptstrName) + 1) * sizeof(WCHAR);
+
+ ObjectsAndNameCount++;
+ break;
+ }
+
+ default:
+ break;
+ }
+ }
+
+ /* allocate the array */
+ peaw = RtlAllocateHeap(RtlGetProcessHeap(),
+ 0,
+ Size);
+ if (peaw != NULL)
+ {
+ INT BufferSize;
+ POBJECTS_AND_NAME_W oan = (POBJECTS_AND_NAME_W)(peaw + cCountOfExplicitEntries);
+ LPWSTR StrBuf = (LPWSTR)(oan + ObjectsAndNameCount);
+
+ /* convert the array to unicode */
+ for (i = 0; i != cCountOfExplicitEntries; i++)
+ {
+ peaw[i].grfAccessPermissions = pListOfExplicitEntriesA[i].grfAccessPermissions;
+ peaw[i].grfAccessMode = pListOfExplicitEntriesA[i].grfAccessMode;
+ peaw[i].grfInheritance = pListOfExplicitEntriesA[i].grfInheritance;
+
+ /* convert or copy the TRUSTEE structure */
+ TrusteeForm = GetTrusteeForm(&pListOfExplicitEntriesA[i].Trustee);
+ switch (TrusteeForm)
+ {
+ case TRUSTEE_IS_NAME:
+ {
+ lpStr = GetTrusteeNameA(&pListOfExplicitEntriesA[i].Trustee);
+ if (lpStr != NULL)
+ {
+ /* convert the trustee name */
+ BufferSize = strlen(lpStr) + 1;
+
+ if (MultiByteToWideChar(CP_ACP,
+ 0,
+ lpStr,
+ -1,
+ StrBuf,
+ BufferSize) == 0)
+ {
+ goto ConvertErr;
+ }
+ peaw[i].Trustee.ptstrName = StrBuf;
+
+ StrBuf += BufferSize;
+ }
+ else
+ goto RawTrusteeCopy;
+
+ break;
+ }
+
+ case TRUSTEE_IS_OBJECTS_AND_NAME:
+ {
+ POBJECTS_AND_NAME_A oanA = (POBJECTS_AND_NAME_A)GetTrusteeNameA(&pListOfExplicitEntriesA[i].Trustee);
+
+ /* copy over the parts of the TRUSTEE structure that don't need
+ to be touched */
+ RtlCopyMemory(&peaw[i].Trustee,
+ &pListOfExplicitEntriesA[i].Trustee,
+ FIELD_OFFSET(TRUSTEE_A,
+ ptstrName));
+
+ peaw[i].Trustee.ptstrName = (LPWSTR)oan;
+
+ /* convert the OBJECTS_AND_NAME_A structure */
+ oan->ObjectsPresent = oanA->ObjectsPresent;
+ oan->ObjectType = oanA->ObjectType;
+
+ if ((oanA->ObjectsPresent & ACE_INHERITED_OBJECT_TYPE_PRESENT) &&
+ oanA->InheritedObjectTypeName != NULL)
+ {
+ /* convert inherited object type name */
+ BufferSize = strlen(oanA->InheritedObjectTypeName) + 1;
+
+ if (MultiByteToWideChar(CP_ACP,
+ 0,
+ oanA->InheritedObjectTypeName,
+ -1,
+ StrBuf,
+ BufferSize) == 0)
+ {
+ goto ConvertErr;
+ }
+ oan->InheritedObjectTypeName = StrBuf;
+
+ StrBuf += BufferSize;
+ }
+ else
+ oan->InheritedObjectTypeName = NULL;
+
+ if (oanA->ptstrName != NULL)
+ {
+ /* convert the trustee name */
+ BufferSize = strlen(oanA->ptstrName) + 1;
+
+ if (MultiByteToWideChar(CP_ACP,
+ 0,
+ oanA->ptstrName,
+ -1,
+ StrBuf,
+ BufferSize) == 0)
+ {
+ConvertErr:
+ ErrorCode = GetLastError();
+
+ /* cleanup */
+ RtlFreeHeap(RtlGetProcessHeap(),
+ 0,
+ peaw);
+
+ return ErrorCode;
+ }
+ oan->ptstrName = StrBuf;
+
+ StrBuf += BufferSize;
+ }
+ else
+ oan->ptstrName = NULL;
+
+ /* move on to the next OBJECTS_AND_NAME_A structure */
+ oan++;
+ break;
+ }
+
+ default:
+ {
+RawTrusteeCopy:
+ /* just copy over the TRUSTEE structure, they don't contain any
+ ansi/unicode specific data */
+ RtlCopyMemory(&peaw[i].Trustee,
+ &pListOfExplicitEntriesA[i].Trustee,
+ sizeof(TRUSTEE_A));
+ break;
+ }
+ }
+ }
+
+ ASSERT(ErrorCode == ERROR_SUCCESS);
+ *pListOfExplicitEntriesW = peaw;
+ }
+ else
+ ErrorCode = ERROR_NOT_ENOUGH_MEMORY;
+ }
+
+ return ErrorCode;
+}
+
+
/*
* @implemented
*/
@@ -565,102 +988,24 @@
PACL OldAcl,
PACL* NewAcl)
{
- PEXPLICIT_ACCESS_W ListOfExplicitEntriesW;
- ULONG i;
+ PEXPLICIT_ACCESS_W ListOfExplicitEntriesW = NULL;
DWORD ErrorCode;
- if (cCountOfExplicitEntries != 0)
+ ErrorCode = InternalExplicitAccessAToW(cCountOfExplicitEntries,
+ pListOfExplicitEntries,
+ &ListOfExplicitEntriesW);
+
+ if (ErrorCode == ERROR_SUCCESS)
{
- ListOfExplicitEntriesW = HeapAlloc(GetProcessHeap(),
- 0,
- cCountOfExplicitEntries * sizeof(EXPLICIT_ACCESS_W));
- if (ListOfExplicitEntriesW != NULL)
- {
- /* directly copy the array, this works as the size of the EXPLICIT_ACCESS_A
- structure matches the size of the EXPLICIT_ACCESS_W version */
- ASSERT(sizeof(EXPLICIT_ACCESS_A) == sizeof(EXPLICIT_ACCESS_W));
-
- RtlCopyMemory(ListOfExplicitEntriesW,
- pListOfExplicitEntries,
- cCountOfExplicitEntries * sizeof(EXPLICIT_ACCESS_W));
-
- /* convert the trustee names if required */
- for (i = 0; i != cCountOfExplicitEntries; i++)
- {
- if (pListOfExplicitEntries[i].Trustee.TrusteeForm == TRUSTEE_IS_NAME)
- {
- UINT BufCount = strlen(pListOfExplicitEntries[i].Trustee.ptstrName) + 1;
- ListOfExplicitEntriesW[i].Trustee.ptstrName =
- (LPWSTR)HeapAlloc(GetProcessHeap(),
- 0,
- BufCount * sizeof(WCHAR));
-
- if (ListOfExplicitEntriesW[i].Trustee.ptstrName == NULL ||
- MultiByteToWideChar(CP_ACP,
- 0,
- pListOfExplicitEntries[i].Trustee.ptstrName,
- -1,
- ListOfExplicitEntriesW[i].Trustee.ptstrName,
- BufCount) == 0)
- {
- /* failed to allocate enough momory for the strings or failed to
- convert the ansi string to unicode, then fail and free all
- allocated memory */
-
- ErrorCode = GetLastError();
-
- do
- {
- if (ListOfExplicitEntriesW[i].Trustee.TrusteeForm == TRUSTEE_IS_NAME &&
- ListOfExplicitEntriesW[i].Trustee.ptstrName != NULL)
- {
- HeapFree(GetProcessHeap(),
- 0,
- ListOfExplicitEntriesW[i].Trustee.ptstrName);
- }
- } while (i-- != 0);
-
- /* free the allocated array */
- HeapFree(GetProcessHeap(),
- 0,
- ListOfExplicitEntriesW);
-
- return ErrorCode;
- }
- }
- }
- }
- else
- {
- return GetLastError();
- }
- }
- else
- ListOfExplicitEntriesW = NULL;
-
- ErrorCode = SetEntriesInAclW(cCountOfExplicitEntries,
- ListOfExplicitEntriesW,
- OldAcl,
- NewAcl);
-
- /* free the strings */
- if (ListOfExplicitEntriesW != NULL)
- {
- /* free the converted strings */
- for (i = 0; i != cCountOfExplicitEntries; i++)
- {
- if (ListOfExplicitEntriesW[i].Trustee.TrusteeForm == TRUSTEE_IS_NAME)
- {
- HeapFree(GetProcessHeap(),
- 0,
- ListOfExplicitEntriesW[i].Trustee.ptstrName);
- }
- }
+ ErrorCode = SetEntriesInAclW(cCountOfExplicitEntries,
+ ListOfExplicitEntriesW,
+ OldAcl,
+ NewAcl);
/* free the allocated array */
- HeapFree(GetProcessHeap(),
- 0,
- ListOfExplicitEntriesW);
+ RtlFreeHeap(RtlGetProcessHeap(),
+ 0,
+ ListOfExplicitEntriesW);
}
return ErrorCode;
@@ -708,7 +1053,7 @@
/*
- * @unimplemented
+ * @implemented
*/
DWORD
STDCALL
@@ -716,8 +1061,24 @@
IN PTRUSTEE_A pTrustee,
OUT PACCESS_MASK pAccessRights)
{
- DPRINT1("%s() not implemented!\n", __FUNCTION__);
- return ERROR_CALL_NOT_IMPLEMENTED;
+ PTRUSTEE_W pTrusteeW = NULL;
+ DWORD ErrorCode;
+
+ ErrorCode = InternalTrusteeAToW(pTrustee,
+ &pTrusteeW);
+ if (ErrorCode == ERROR_SUCCESS)
+ {
+ ErrorCode = GetEffectiveRightsFromAclW(pacl,
+ pTrusteeW,
+ pAccessRights);
+
+ InternalFreeConvertedTrustee(pTrusteeW,
+ pTrustee);
+ }
+ else
+ ErrorCode = ERROR_NOT_ENOUGH_MEMORY;
+
+ return ErrorCode;
}
@@ -737,7 +1098,7 @@
/*
- * @unimplemented
+ * @implemented
*/
DWORD
STDCALL
@@ -746,8 +1107,25 @@
OUT PACCESS_MASK pSuccessfulAuditedRights,
OUT PACCESS_MASK pFailedAuditRights)
{
- DPRINT1("%s() not implemented!\n", __FUNCTION__);
- return ERROR_CALL_NOT_IMPLEMENTED;
+ PTRUSTEE_W pTrusteeW = NULL;
+ DWORD ErrorCode;
+
+ ErrorCode = InternalTrusteeAToW(pTrustee,
+ &pTrusteeW);
+ if (ErrorCode == ERROR_SUCCESS)
+ {
+ ErrorCode = GetAuditedPermissionsFromAclW(pacl,
+ pTrusteeW,
+ pSuccessfulAuditedRights,
+ pFailedAuditRights);
+
+ InternalFreeConvertedTrustee(pTrusteeW,
+ pTrustee);
+ }
+ else
+ ErrorCode = ERROR_NOT_ENOUGH_MEMORY;
+
+ return ErrorCode;
}
/* EOF */
Modified: trunk/reactos/dll/win32/advapi32/sec/sec.c
URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/sec.c?rev=21875&r1=21874&r2=21875&view=diff
==============================================================================
--- trunk/reactos/dll/win32/advapi32/sec/sec.c (original)
+++ trunk/reactos/dll/win32/advapi32/sec/sec.c Wed May 10 13:32:23 2006
@@ -490,9 +490,9 @@
BuildSecurityDescriptorW(IN PTRUSTEE_W pOwner OPTIONAL,
IN PTRUSTEE_W pGroup OPTIONAL,
IN ULONG cCountOfAccessEntries,
- IN PEXPLICIT_ACCESS pListOfAccessEntries OPTIONAL,
+ IN PEXPLICIT_ACCESS_W pListOfAccessEntries OPTIONAL,
IN ULONG cCountOfAuditEntries,
- IN PEXPLICIT_ACCESS pListOfAuditEntries OPTIONAL,
+ IN PEXPLICIT_ACCESS_W pListOfAuditEntries OPTIONAL,
IN PSECURITY_DESCRIPTOR pOldSD OPTIONAL,
OUT PULONG pSizeNewSD,
OUT PSECURITY_DESCRIPTOR* pNewSD)
@@ -510,9 +510,9 @@
BuildSecurityDescriptorA(IN PTRUSTEE_A pOwner OPTIONAL,
IN PTRUSTEE_A pGroup OPTIONAL,
IN ULONG cCountOfAccessEntries,
- IN PEXPLICIT_ACCESS pListOfAccessEntries OPTIONAL,
+ IN PEXPLICIT_ACCESS_A pListOfAccessEntries OPTIONAL,
IN ULONG cCountOfAuditEntries,
- IN PEXPLICIT_ACCESS pListOfAuditEntries OPTIONAL,
+ IN PEXPLICIT_ACCESS_A pListOfAuditEntries OPTIONAL,
IN PSECURITY_DESCRIPTOR pOldSD OPTIONAL,
OUT PULONG pSizeNewSD,
OUT PSECURITY_DESCRIPTOR* pNewSD)
Modified: trunk/reactos/dll/win32/ntmarta/ntmarta.c
URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/dll/win32/ntmarta/ntmarta.c?rev=21875&r1=21874&r2=21875&view=diff
==============================================================================
--- trunk/reactos/dll/win32/ntmarta/ntmarta.c (original)
+++ trunk/reactos/dll/win32/ntmarta/ntmarta.c Wed May 10 13:32:23 2006
@@ -155,6 +155,136 @@
AccpGetAceAccessMask(IN PACE_HEADER AceHeader)
{
return *((PACCESS_MASK)(AceHeader + 1));
+}
+
+static BOOL
+AccpIsObjectAce(IN PACE_HEADER AceHeader)
+{
+ BOOL Ret;
+
+ switch (AceHeader->AceType)
+ {
+ case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
+ case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
+ case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
+ case ACCESS_DENIED_OBJECT_ACE_TYPE:
+ case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
+ case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
+ Ret = TRUE;
+ break;
+
+ default:
+ Ret = FALSE;
+ break;
+ }
+
+ return Ret;
+}
+
+static GUID*
+AccpGetObjectAceObjectType(IN PACE_HEADER AceHeader)
+{
+ GUID *ObjectType = NULL;
+
+ switch (AceHeader->AceType)
+ {
+ case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
+ case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
+ {
+ PACCESS_ALLOWED_CALLBACK_OBJECT_ACE Ace = (PACCESS_ALLOWED_CALLBACK_OBJECT_ACE)AceHeader;
+ if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
+ ObjectType = &Ace->ObjectType;
+ break;
+ }
+ case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
+ case ACCESS_DENIED_OBJECT_ACE_TYPE:
+ {
+ PACCESS_ALLOWED_OBJECT_ACE Ace = (PACCESS_ALLOWED_OBJECT_ACE)AceHeader;
+ if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
+ ObjectType = &Ace->ObjectType;
+ break;
+ }
+
+ case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
+ {
+ PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE Ace = (PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE)AceHeader;
+ if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
+ ObjectType = &Ace->ObjectType;
+ break;
+ }
+ case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
+ {
+ PSYSTEM_AUDIT_OBJECT_ACE Ace = (PSYSTEM_AUDIT_OBJECT_ACE)AceHeader;
+ if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
+ ObjectType = &Ace->ObjectType;
+ break;
+ }
+ }
+
+ return ObjectType;
+}
+
+static GUID*
+AccpGetObjectAceInheritedObjectType(IN PACE_HEADER AceHeader)
+{
+ GUID *ObjectType = NULL;
+
+ switch (AceHeader->AceType)
+ {
+ case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
+ case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
+ {
+ PACCESS_ALLOWED_CALLBACK_OBJECT_ACE Ace = (PACCESS_ALLOWED_CALLBACK_OBJECT_ACE)AceHeader;
+ if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
+ {
+ if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
+ ObjectType = &Ace->InheritedObjectType;
+ else
+ ObjectType = &Ace->ObjectType;
+ }
+ break;
+ }
+ case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
+ case ACCESS_DENIED_OBJECT_ACE_TYPE:
+ {
+ PACCESS_ALLOWED_OBJECT_ACE Ace = (PACCESS_ALLOWED_OBJECT_ACE)AceHeader;
+ if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
+ {
+ if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
+ ObjectType = &Ace->InheritedObjectType;
+ else
+ ObjectType = &Ace->ObjectType;
+ }
+ break;
+ }
+
+ case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
+ {
+ PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE Ace = (PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE)AceHeader;
+ if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
+ {
+ if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
+ ObjectType = &Ace->InheritedObjectType;
+ else
+ ObjectType = &Ace->ObjectType;
+ }
+ break;
+ }
+ case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
+ {
+ PSYSTEM_AUDIT_OBJECT_ACE Ace = (PSYSTEM_AUDIT_OBJECT_ACE)AceHeader;
+ if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
+ {
+ if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
+ ObjectType = &Ace->InheritedObjectType;
+ else
+ ObjectType = &Ace->ObjectType;
+ }
+ break;
+ }
+ }
+
+ return ObjectType;
}
@@ -925,6 +1055,8 @@
{
PACE_HEADER AceHeader;
PSID Sid, SidTarget;
+ ULONG ObjectAceCount = 0;
+ POBJECTS_AND_SID ObjSid;
SIZE_T Size;
PEXPLICIT_ACCESS_W peaw;
DWORD LastErr, SidLen;
@@ -947,9 +1079,14 @@
{
Sid = AccpGetAceSid(AceHeader);
Size += GetLengthSid(Sid);
- /* FIXME - take size of opaque data in account? */
+
+ if (AccpIsObjectAce(AceHeader))
+ ObjectAceCount++;
+
AceIndex++;
}
+
+ Size += ObjectAceCount * sizeof(OBJECTS_AND_SID);
ASSERT(pacl->AceCount == AceIndex);
@@ -959,7 +1096,8 @@
if (peaw != NULL)
{
AceIndex = 0;
- SidTarget = (PSID)(peaw + pacl->AceCount);
+ ObjSid = (POBJECTS_AND_SID)(peaw + pacl->AceCount);
+ SidTarget = (PSID)(ObjSid + ObjectAceCount);
/* initialize the array */
while (GetAce(pacl,
@@ -977,8 +1115,20 @@
SidTarget,
Sid))
{
- BuildTrusteeWithSid(&peaw[AceIndex].Trustee,
- SidTarget);
+ if (AccpIsObjectAce(AceHeader))
+ {
+ BuildTrusteeWithObjectsAndSid(&peaw[AceIndex].Trustee,
+ ObjSid++,
+ AccpGetObjectAceObjectType(AceHeader),
+ AccpGetObjectAceInheritedObjectType(AceHeader),
+ SidTarget);
+ }
+ else
+ {
+ BuildTrusteeWithSid(&peaw[AceIndex].Trustee,
+ SidTarget);
+ }
+
SidTarget = (PSID)((ULONG_PTR)SidTarget + SidLen);
}
else
Modified: trunk/reactos/include/ndk/rtlfuncs.h
URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/include/ndk/rtlfuncs.h?rev=21875&r1=21874&r2=21875&view=diff
==============================================================================
--- trunk/reactos/include/ndk/rtlfuncs.h (original)
+++ trunk/reactos/include/ndk/rtlfuncs.h Wed May 10 13:32:23 2006
@@ -458,6 +458,19 @@
NTSYSAPI
NTSTATUS
NTAPI
+RtlAddAccessAllowedObjectAce(
+ IN OUT PACL pAcl,
+ IN ULONG dwAceRevision,
+ IN ULONG AceFlags,
+ IN ULONG AccessMask,
+ IN GUID *ObjectTypeGuid OPTIONAL,
+ IN GUID *InheritedObjectTypeGuid OPTIONAL,
+ IN PSID pSid
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
RtlAddAccessDeniedAce(
PACL Acl,
ULONG Revision,
@@ -474,6 +487,42 @@
IN ULONG Flags,
IN ACCESS_MASK AccessMask,
IN PSID Sid
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAddAccessDeniedObjectAce(
+ IN OUT PACL pAcl,
+ IN ULONG dwAceRevision,
+ IN ULONG AceFlags,
+ IN ULONG AccessMask,
+ IN GUID *ObjectTypeGuid OPTIONAL,
+ IN GUID *InheritedObjectTypeGuid OPTIONAL,
+ IN PSID pSid
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAddAce(
+ PACL Acl,
+ ULONG AceRevision,
+ ULONG StartingAceIndex,
+ PVOID AceList,
+ ULONG AceListLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAddAuditAccessAce(
+ PACL Acl,
+ ULONG Revision,
+ ACCESS_MASK AccessMask,
+ PSID Sid,
+ BOOLEAN Success,
+ BOOLEAN Failure
);
NTSYSAPI
@@ -492,24 +541,16 @@
NTSYSAPI
NTSTATUS
NTAPI
-RtlAddAce(
- PACL Acl,
- ULONG AceRevision,
- ULONG StartingAceIndex,
- PVOID AceList,
- ULONG AceListLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAuditAccessAce(
- PACL Acl,
- ULONG Revision,
- ACCESS_MASK AccessMask,
- PSID Sid,
- BOOLEAN Success,
- BOOLEAN Failure
+RtlAddAuditAccessObjectAce(
+ IN OUT PACL Acl,
+ IN ULONG Revision,
+ IN ULONG Flags,
+ IN ACCESS_MASK AccessMask,
+ IN GUID *ObjectTypeGuid OPTIONAL,
+ IN GUID *InheritedObjectTypeGuid OPTIONAL,
+ IN PSID Sid,
+ IN BOOLEAN Success,
+ IN BOOLEAN Failure
);
NTSYSAPI
Modified: trunk/reactos/include/winnt.h
URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/include/winnt.h?rev=21875&r1=21874&r2=21875&view=diff
==============================================================================
--- trunk/reactos/include/winnt.h (original)
+++ trunk/reactos/include/winnt.h Wed May 10 13:32:23 2006
@@ -225,7 +225,7 @@
#define NO_PROPAGATE_INHERIT_ACE 4
#define INHERIT_ONLY_ACE 8
#define INHERITED_ACE 10
-#define VALID_INHERIT_FLAGS 16
+#define VALID_INHERIT_FLAGS 0x1F
#define SUCCESSFUL_ACCESS_ACE_FLAG 64
#define FAILED_ACCESS_ACE_FLAG 128
#define DELETE 0x00010000L
Modified: trunk/reactos/lib/rtl/acl.c
URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/lib/rtl/acl.c?rev=21875&r1=21874&r2=21875&view=diff
==============================================================================
--- trunk/reactos/lib/rtl/acl.c (original)
+++ trunk/reactos/lib/rtl/acl.c Wed May 10 13:32:23 2006
@@ -103,13 +103,39 @@
ULONG Revision,
ULONG Flags,
ACCESS_MASK AccessMask,
+ GUID *ObjectTypeGuid OPTIONAL,
+ GUID *InheritedObjectTypeGuid OPTIONAL,
PSID Sid,
ULONG Type)
{
PACE Ace;
- ULONG InvalidFlags;
-
- PAGED_CODE_RTL();
+ PSID SidStart;
+ ULONG AceSize, InvalidFlags;
+ ULONG AceObjectFlags = 0;
+
+ PAGED_CODE_RTL();
+
+#if DBG
+ /* check if RtlpAddKnownAce was called incorrectly */
+ if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL)
+ {
+ ASSERT(Type == ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE ||
+ Type == ACCESS_ALLOWED_OBJECT_ACE_TYPE ||
+ Type == ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE ||
+ Type == ACCESS_DENIED_OBJECT_ACE_TYPE ||
+ Type == SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE ||
+ Type == SYSTEM_AUDIT_OBJECT_ACE_TYPE);
+ }
+ else
+ {
+ ASSERT(Type != ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE &&
+ Type != ACCESS_ALLOWED_OBJECT_ACE_TYPE &&
+ Type != ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE &&
+ Type != ACCESS_DENIED_OBJECT_ACE_TYPE &&
+ Type != SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE &&
+ Type != SYSTEM_AUDIT_OBJECT_ACE_TYPE);
+ }
+#endif
if (!RtlValidSid(Sid))
{
@@ -126,11 +152,17 @@
}
/* Validate the flags */
- if (Type == SYSTEM_AUDIT_ACE_TYPE)
+ if (Type == SYSTEM_AUDIT_ACE_TYPE ||
+ Type == SYSTEM_AUDIT_OBJECT_ACE_TYPE ||
+ Type == SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE)
+ {
InvalidFlags = Flags & ~(VALID_INHERIT_FLAGS |
SUCCESSFUL_ACCESS_ACE_FLAG | FAILED_ACCESS_ACE_FLAG);
+ }
else
+ {
InvalidFlags = Flags & ~VALID_INHERIT_FLAGS;
+ }
if (InvalidFlags != 0)
{
@@ -145,16 +177,69 @@
{
return(STATUS_ALLOTTED_SPACE_EXCEEDED);
}
- if ((ULONG_PTR)Ace + RtlLengthSid(Sid) + sizeof(ACE) >
+
+ /* Calculate the size of the ACE */
+ AceSize = RtlLengthSid(Sid) + sizeof(ACE);
+ if (ObjectTypeGuid != NULL)
+ {
+ AceObjectFlags |= ACE_OBJECT_TYPE_PRESENT;
+ AceSize += sizeof(GUID);
+ }
+ if (InheritedObjectTypeGuid != NULL)
+ {
+ AceObjectFlags |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
+ AceSize += sizeof(GUID);
+ }
+
+ if (AceObjectFlags != 0)
+ {
+ /* Don't forget the ACE object flags
+ (corresponds to the Flags field in the *_OBJECT_ACE structures) */
+ AceSize += sizeof(ULONG);
+ }
+
+ if ((ULONG_PTR)Ace + AceSize >
(ULONG_PTR)Acl + Acl->AclSize)
{
return(STATUS_ALLOTTED_SPACE_EXCEEDED);
}
+
+ /* initialize the header and common fields */
Ace->Header.AceFlags = Flags;
Ace->Header.AceType = Type;
- Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
+ Ace->Header.AceSize = (WORD)AceSize;
Ace->AccessMask = AccessMask;
- RtlCopySid(RtlLengthSid(Sid), (PSID)(Ace + 1), Sid);
+
+ if (AceObjectFlags != 0)
+ {
+ /* Write the ACE flags to the ACE
+ (corresponds to the Flags field in the *_OBJECT_ACE structures) */
+ *(PULONG)(Ace + 1) = AceObjectFlags;
+ SidStart = (PSID)((ULONG_PTR)(Ace + 1) + sizeof(ULONG));
+ }
+ else
+ SidStart = (PSID)(Ace + 1);
+
+ /* copy the GUIDs */
+ if (ObjectTypeGuid != NULL)
+ {
+ RtlCopyMemory(SidStart,
+ ObjectTypeGuid,
+ sizeof(GUID));
+ SidStart = (PSID)((ULONG_PTR)SidStart + sizeof(GUID));
+ }
+ if (InheritedObjectTypeGuid != NULL)
+ {
+ RtlCopyMemory(SidStart,
+ InheritedObjectTypeGuid,
+ sizeof(GUID));
+ SidStart = (PSID)((ULONG_PTR)SidStart + sizeof(GUID));
+ }
+
+ /* copy the SID */
+ RtlCopySid(RtlLengthSid(Sid),
+ SidStart,
+ Sid);
Acl->AceCount++;
Acl->AclRevision = Revision;
return(STATUS_SUCCESS);
@@ -176,6 +261,8 @@
Revision,
0,
AccessMask,
+ NULL,
+ NULL,
Sid,
ACCESS_ALLOWED_ACE_TYPE);
}
@@ -197,8 +284,43 @@
Revision,
Flags,
AccessMask,
+ NULL,
+ NULL,
Sid,
ACCESS_ALLOWED_ACE_TYPE);
+}
+
+
+/*
+ * @implemented
+ */
+NTSTATUS NTAPI
+RtlAddAccessAllowedObjectAce (IN OUT PACL Acl,
+ IN ULONG Revision,
+ IN ULONG Flags,
+ IN ACCESS_MASK AccessMask,
+ IN GUID *ObjectTypeGuid OPTIONAL,
+ IN GUID *InheritedObjectTypeGuid OPTIONAL,
+ IN PSID Sid)
+{
+ ULONG Type;
+
+ PAGED_CODE_RTL();
+
+ /* make sure we call RtlpAddKnownAce correctly */
+ if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL)
+ Type = ACCESS_ALLOWED_OBJECT_ACE_TYPE;
+ else
+ Type = ACCESS_ALLOWED_ACE_TYPE;
+
+ return RtlpAddKnownAce (Acl,
+ Revision,
+ Flags,
+ AccessMask,
+ ObjectTypeGuid,
+ InheritedObjectTypeGuid,
+ Sid,
+ Type);
}
@@ -217,6 +339,8 @@
Revision,
0,
AccessMask,
+ NULL,
+ NULL,
Sid,
ACCESS_DENIED_ACE_TYPE);
}
@@ -238,8 +362,43 @@
Revision,
Flags,
AccessMask,
+ NULL,
+ NULL,
Sid,
ACCESS_DENIED_ACE_TYPE);
+}
+
+
+/*
+ * @implemented
+ */
+NTSTATUS NTAPI
+RtlAddAccessDeniedObjectAce (IN OUT PACL Acl,
+ IN ULONG Revision,
+ IN ULONG Flags,
+ IN ACCESS_MASK AccessMask,
+ IN GUID *ObjectTypeGuid OPTIONAL,
+ IN GUID *InheritedObjectTypeGuid OPTIONAL,
+ IN PSID Sid)
+{
+ ULONG Type;
+
+ PAGED_CODE_RTL();
+
+ /* make sure we call RtlpAddKnownAce correctly */
+ if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL)
+ Type = ACCESS_DENIED_OBJECT_ACE_TYPE;
+ else
+ Type = ACCESS_DENIED_ACE_TYPE;
+
+ return RtlpAddKnownAce (Acl,
+ Revision,
+ Flags,
+ AccessMask,
+ ObjectTypeGuid,
+ InheritedObjectTypeGuid,
+ Sid,
+ Type);
}
@@ -363,6 +522,8 @@
Revision,
Flags,
AccessMask,
+ NULL,
+ NULL,
Sid,
SYSTEM_AUDIT_ACE_TYPE);
}
@@ -394,8 +555,53 @@
Revision,
Flags,
AccessMask,
+ NULL,
+ NULL,
Sid,
SYSTEM_AUDIT_ACE_TYPE);
+}
+
+
+/*
+ * @implemented
+ */
+NTSTATUS NTAPI
+RtlAddAuditAccessObjectAce(PACL Acl,
+ ULONG Revision,
+ ULONG Flags,
+ ACCESS_MASK AccessMask,
+ IN GUID *ObjectTypeGuid OPTIONAL,
+ IN GUID *InheritedObjectTypeGuid OPTIONAL,
+ PSID Sid,
+ BOOLEAN Success,
+ BOOLEAN Failure)
+{
+ ULONG Type;
+
+ if (Success)
+ {
+ Flags |= SUCCESSFUL_ACCESS_ACE_FLAG;
+ }
+
+ if (Failure)
+ {
+ Flags |= FAILED_ACCESS_ACE_FLAG;
+ }
+
+ /* make sure we call RtlpAddKnownAce correctly */
+ if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL)
+ Type = SYSTEM_AUDIT_OBJECT_ACE_TYPE;
+ else
+ Type = SYSTEM_AUDIT_ACE_TYPE;
+
+ return RtlpAddKnownAce (Acl,
+ Revision,
+ Flags,
+ AccessMask,
+ ObjectTypeGuid,
+ InheritedObjectTypeGuid,
+ Sid,
+ Type);
}
More information about the Ros-diffs
mailing list