mirror of
https://github.com/reactos/reactos.git
synced 2024-07-01 02:10:07 +00:00
Implement Access State support (SeCreate/DeleteAccessState and SeSetAccessStateGenericMapping. Based on a patch by Javier M. Mellid
svn path=/trunk/; revision=15190
This commit is contained in:
Alex Ionescu
parent
786ed0c605
commit
1f40540008
|
|
@ -122,7 +122,7 @@ NTSTATUS
|
|||
STDCALL
|
||||
SeCreateAccessState(
|
||||
PACCESS_STATE AccessState,
|
||||
PVOID AuxData,
|
||||
PAUX_DATA AuxData,
|
||||
ACCESS_MASK Access,
|
||||
PGENERIC_MAPPING GenericMapping
|
||||
);
|
||||
|
|
|
|||
|
|
@ -97,6 +97,7 @@ typedef struct _SEP_AUDIT_POLICY {
|
|||
};
|
||||
} SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;
|
||||
|
||||
#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
|
||||
typedef struct _TOKEN {
|
||||
TOKEN_SOURCE TokenSource; /* 0x00 */
|
||||
LUID TokenId; /* 0x10 */
|
||||
|
|
@ -222,6 +223,13 @@ typedef enum _SECURITY_OPERATION_CODE
|
|||
AssignSecurityDescriptor
|
||||
} SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
|
||||
|
||||
typedef struct _AUX_DATA
|
||||
{
|
||||
PPRIVILEGE_SET PrivilegeSet;
|
||||
GENERIC_MAPPING GenericMapping;
|
||||
ULONG Reserved;
|
||||
} AUX_DATA, *PAUX_DATA;
|
||||
|
||||
typedef struct _ACCESS_STATE
|
||||
{
|
||||
LUID OperationID;
|
||||
|
|
|
|||
|
|
@ -4,7 +4,8 @@
|
|||
* FILE: ntoskrnl/se/access.c
|
||||
* PURPOSE: Access state functions
|
||||
*
|
||||
* PROGRAMMERS: Eric Kohl
|
||||
* PROGRAMMERS: Alex Ionescu (alex@relsoft.net) -
|
||||
* Based on patch by Javier M. Mellid
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
|
|
@ -13,47 +14,108 @@
|
|||
#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
|
||||
#define GENERIC_ACCESS (GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | \
|
||||
GENERIC_ALL)
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeCreateAccessState(
|
||||
PACCESS_STATE AccessState,
|
||||
PVOID AuxData,
|
||||
ACCESS_MASK Access,
|
||||
PGENERIC_MAPPING GenericMapping
|
||||
)
|
||||
SeCreateAccessState(PACCESS_STATE AccessState,
|
||||
PAUX_DATA AuxData,
|
||||
ACCESS_MASK Access,
|
||||
PGENERIC_MAPPING GenericMapping)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
ACCESS_MASK AccessMask = Access;
|
||||
PTOKEN Token;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Map the Generic Acess to Specific Access if we have a Mapping */
|
||||
if ((Access & GENERIC_ACCESS) && (GenericMapping))
|
||||
{
|
||||
RtlMapGenericMask(&AccessMask, GenericMapping);
|
||||
}
|
||||
|
||||
/* Initialize the Access State */
|
||||
RtlZeroMemory(AccessState, sizeof(ACCESS_STATE));
|
||||
|
||||
/* Capture the Subject Context */
|
||||
SeCaptureSubjectContext(&AccessState->SubjectSecurityContext);
|
||||
|
||||
/* Set Access State Data */
|
||||
AccessState->AuxData = AuxData;
|
||||
AccessState->RemainingDesiredAccess = AccessMask;
|
||||
AccessState->OriginallyDesiredAccess = AccessMask;
|
||||
ExpAllocateLocallyUniqueId(&AccessState->OperationID);
|
||||
|
||||
/* Get the Token to use */
|
||||
Token = AccessState->SubjectSecurityContext.ClientToken ?
|
||||
(PTOKEN)&AccessState->SubjectSecurityContext.ClientToken :
|
||||
(PTOKEN)&AccessState->SubjectSecurityContext.PrimaryToken;
|
||||
|
||||
/* Check for Travers Privilege */
|
||||
if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
|
||||
{
|
||||
/* Preserve the Traverse Privilege */
|
||||
AccessState->Flags = TOKEN_HAS_TRAVERSE_PRIVILEGE;
|
||||
}
|
||||
|
||||
/* Set the Auxiliary Data */
|
||||
AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
|
||||
FIELD_OFFSET(ACCESS_STATE,
|
||||
Privileges));
|
||||
if (GenericMapping) AuxData->GenericMapping = *GenericMapping;
|
||||
|
||||
/* Return Sucess */
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SeDeleteAccessState(
|
||||
IN PACCESS_STATE AccessState
|
||||
)
|
||||
SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
PAUX_DATA AuxData;
|
||||
PAGED_CODE();
|
||||
|
||||
/* Get the Auxiliary Data */
|
||||
AuxData = AccessState->AuxData;
|
||||
|
||||
/* Deallocate Privileges */
|
||||
if (AccessState->PrivilegesAllocated) ExFreePool(AuxData->PrivilegeSet);
|
||||
|
||||
/* Deallocate Name and Type Name */
|
||||
if (AccessState->ObjectName.Buffer)
|
||||
{
|
||||
ExFreePool(AccessState->ObjectName.Buffer);
|
||||
}
|
||||
if (AccessState->ObjectTypeName.Buffer)
|
||||
{
|
||||
ExFreePool(AccessState->ObjectTypeName.Buffer);
|
||||
}
|
||||
|
||||
/* Release the Subject Context */
|
||||
SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SeSetAccessStateGenericMapping(
|
||||
PACCESS_STATE AccessState,
|
||||
PGENERIC_MAPPING GenericMapping
|
||||
)
|
||||
SeSetAccessStateGenericMapping(PACCESS_STATE AccessState,
|
||||
PGENERIC_MAPPING GenericMapping)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
PAGED_CODE();
|
||||
|
||||
/* Set the Generic Mapping */
|
||||
((PAUX_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
|||
Loading…
Reference in a new issue