[ros-diffs] [weiden] 24526: Implemented AddMandatoryAce
weiden at svn.reactos.org
weiden at svn.reactos.org
Sun Oct 15 18:52:26 CEST 2006
Author: weiden
Date: Sun Oct 15 20:52:25 2006
New Revision: 24526
URL: http://svn.reactos.org/svn/reactos?rev=24526&view=rev
Log:
Implemented AddMandatoryAce
Modified:
trunk/reactos/dll/ntdll/def/ntdll.def
trunk/reactos/dll/win32/advapi32/advapi32.def
trunk/reactos/dll/win32/advapi32/sec/ac.c
trunk/reactos/include/ndk/rtlfuncs.h
trunk/reactos/include/psdk/winnt.h
trunk/reactos/lib/rtl/acl.c
Modified: trunk/reactos/dll/ntdll/def/ntdll.def
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/ntdll/def/ntdll.def?rev=24526&r1=24525&r2=24526&view=diff
==============================================================================
--- trunk/reactos/dll/ntdll/def/ntdll.def (original)
+++ trunk/reactos/dll/ntdll/def/ntdll.def Sun Oct 15 20:52:25 2006
@@ -314,6 +314,7 @@
RtlAddAuditAccessAceEx at 28
RtlAddAuditAccessObjectAce at 36
;RtlAddCompoundAce
+RtlAddMandatoryAce at 24
RtlAddRange at 36
RtlAddVectoredExceptionHandler at 8
RtlAdjustPrivilege at 16
Modified: trunk/reactos/dll/win32/advapi32/advapi32.def
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/advapi32.def?rev=24526&r1=24525&r2=24526&view=diff
==============================================================================
--- trunk/reactos/dll/win32/advapi32/advapi32.def (original)
+++ trunk/reactos/dll/win32/advapi32/advapi32.def Sun Oct 15 20:52:25 2006
@@ -32,6 +32,7 @@
AddAuditAccessAce at 24
AddAuditAccessAceEx at 28
AddAuditAccessObjectAce at 36
+AddMandatoryAce at 20
AddUsersToEncryptedFile at 8
AdjustTokenGroups at 24
AdjustTokenPrivileges at 24
Modified: trunk/reactos/dll/win32/advapi32/sec/ac.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/ac.c?rev=24526&r1=24525&r2=24526&view=diff
==============================================================================
--- trunk/reactos/dll/win32/advapi32/sec/ac.c (original)
+++ trunk/reactos/dll/win32/advapi32/sec/ac.c Sun Oct 15 20:52:25 2006
@@ -413,6 +413,35 @@
}
return TRUE;
+}
+
+
+/*
+ * @implemented
+ */
+BOOL
+WINAPI
+AddMandatoryAce(IN OUT PACL pAcl,
+ IN DWORD dwAceRevision,
+ IN DWORD AceFlags,
+ IN DWORD MandatoryPolicy,
+ IN PSID pLabelSid)
+{
+ NTSTATUS Status;
+
+ Status = RtlAddMandatoryAce(pAcl,
+ dwAceRevision,
+ AceFlags,
+ MandatoryPolicy,
+ SYSTEM_MANDATORY_LABEL_ACE_TYPE,
+ pLabelSid);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
}
Modified: trunk/reactos/include/ndk/rtlfuncs.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/ndk/rtlfuncs.h?rev=24526&r1=24525&r2=24526&view=diff
==============================================================================
--- trunk/reactos/include/ndk/rtlfuncs.h (original)
+++ trunk/reactos/include/ndk/rtlfuncs.h Sun Oct 15 20:52:25 2006
@@ -762,6 +762,17 @@
NTSYSAPI
NTSTATUS
NTAPI
+RtlAddMandatoryAce(
+ IN OUT PACL Acl,
+ IN ULONG Revision,
+ IN ULONG Flags,
+ IN ULONG MandatoryFlags,
+ IN ULONG AceType,
+ IN PSID LabelSid);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
RtlAdjustPrivilege(
IN ULONG Privilege,
IN BOOLEAN NewValue,
Modified: trunk/reactos/include/psdk/winnt.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/winnt.h?rev=24526&r1=24525&r2=24526&view=diff
==============================================================================
--- trunk/reactos/include/psdk/winnt.h (original)
+++ trunk/reactos/include/psdk/winnt.h Sun Oct 15 20:52:25 2006
@@ -571,6 +571,8 @@
#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS 0x00000230L
#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS 0x00000231L
#define DOMAIN_ALIAS_RID_DCOM_USERS 0x00000232L
+
+#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
typedef enum
{
@@ -1622,7 +1624,8 @@
#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
-#define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
+#define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
+#define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
/* end ntifs.h */
typedef struct _GENERIC_MAPPING {
ACCESS_MASK GenericRead;
@@ -1659,6 +1662,15 @@
ACCESS_MASK Mask;
DWORD SidStart;
} SYSTEM_ALARM_ACE,*PSYSTEM_ALARM_ACE;
+typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ DWORD SidStart;
+} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
+#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
+#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
+#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
+#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | SYSTEM_MANDATORY_LABEL_NO_READ_UP | SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
Modified: trunk/reactos/lib/rtl/acl.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/acl.c?rev=24526&r1=24525&r2=24526&view=diff
==============================================================================
--- trunk/reactos/lib/rtl/acl.c (original)
+++ trunk/reactos/lib/rtl/acl.c Sun Oct 15 20:52:25 2006
@@ -141,6 +141,20 @@
{
return(STATUS_INVALID_SID);
}
+
+ if (Type == SYSTEM_MANDATORY_LABEL_ACE_TYPE)
+ {
+ static const SID_IDENTIFIER_AUTHORITY MandatoryLabelAuthority = {SECURITY_MANDATORY_LABEL_AUTHORITY};
+
+ /* The SID's identifier authority must be SECURITY_MANDATORY_LABEL_AUTHORITY! */
+ if (RtlCompareMemory(&((PISID)Sid)->IdentifierAuthority,
+ &MandatoryLabelAuthority,
+ sizeof(MandatoryLabelAuthority)) != sizeof(MandatoryLabelAuthority))
+ {
+ return STATUS_INVALID_PARAMETER;
+ }
+ }
+
if (Acl->AclRevision > MAX_ACL_REVISION ||
Revision > MAX_ACL_REVISION)
{
@@ -602,6 +616,34 @@
InheritedObjectTypeGuid,
Sid,
Type);
+}
+
+
+/*
+ * @implemented
+ */
+NTSTATUS NTAPI
+RtlAddMandatoryAce(IN OUT PACL Acl,
+ IN ULONG Revision,
+ IN ULONG Flags,
+ IN ULONG MandatoryFlags,
+ IN ULONG AceType,
+ IN PSID LabelSid)
+{
+ if (MandatoryFlags & ~SYSTEM_MANDATORY_LABEL_VALID_MASK)
+ return STATUS_INVALID_PARAMETER;
+
+ if (AceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE)
+ return STATUS_INVALID_PARAMETER;
+
+ return RtlpAddKnownAce (Acl,
+ Revision,
+ Flags,
+ (ACCESS_MASK)MandatoryFlags,
+ NULL,
+ NULL,
+ LabelSid,
+ AceType);
}
More information about the Ros-diffs
mailing list