Implement RtlAccessAllowedAceEx() and RtlAccessDeniedAceEx().

Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=8004
2024-07-12 23:55:07 +00:00 · 2004-02-02 22:38:43 +00:00 · 2004-02-02 22:38:43 +00:00 · 2f3d748c1d
parent 7b7b608822
commit 2f3d748c1d
4 changed files with 106 additions and 84 deletions
--- a/reactos/lib/ntdll/def/ntdll.def
+++ b/reactos/lib/ntdll/def/ntdll.def
@ -1,4 +1,4 @@
-; $Id: ntdll.def,v 1.114 2004/02/01 20:48:05 ekohl Exp $
+; $Id: ntdll.def,v 1.115 2004/02/02 22:37:21 ekohl Exp $
 ;
 ; ReactOS Operating System
 ;
@ -97,6 +97,7 @@ NtCreateThread@32
 NtCreateTimer@16
 NtCreateToken@52
 NtCreateWaitablePort@20
+_NtCurrentTeb@0
 NtDelayExecution@8
 NtDeleteAtom@4
 NtDeleteFile@4
@ -281,7 +282,9 @@ RtlAcquirePebLock@0
 RtlAcquireResourceExclusive@8
 RtlAcquireResourceShared@8
 RtlAddAccessAllowedAce@16
+RtlAddAccessAllowedAceEx@20
 RtlAddAccessDeniedAce@16
+RtlAddAccessDeniedAceEx@20
 RtlAddAce@20
 ;RtlAddActionToRXact
 RtlAddAtomToAtomTable@12
@ -410,9 +413,11 @@ RtlFindClearBits@12
 RtlFindClearBitsAndSet@12
 RtlFindClearRuns@16
 RtlFindLastBackwardRunClear@12
+RtlFindLeastSignificantBit@8
 RtlFindLongestRunClear@8
 RtlFindLongestRunSet@8
 RtlFindMessage@20
+RtlFindMostSignificantBit@8
 RtlFindNextForwardRunClear@12
 RtlFindRange@48
 RtlFindSetBits@12
@ -974,8 +979,6 @@ InterlockedIncrement@4
 InterlockedDecrement@4
 InterlockedExchange@8
 InterlockedCompareExchange@12
-_NtCurrentTeb@0
-;RtlIpv4StringToAddressW
 ;?Allocate@CBufferAllocator@@UAEPAXK@Z
 ;CsrCaptureMessageMultiUnicodeStringsInPlace
 ;CsrGetProcessId
@ -1092,9 +1095,7 @@ NtWaitForKeyedEvent@16
 ;RtlActivateActivationContext
 ;RtlActivateActivationContextEx
 ;RtlActivateActivationContextUnsafeFast
-RtlAddAccessAllowedAceEx@20
 ;RtlAddAccessAllowedObjectAce
-RtlAddAccessDeniedAceEx@20
 ;RtlAddAccessDeniedObjectAce
 ;RtlAddAuditAccessAceEx
 ;RtlAddAuditAccessObjectAce
@ -1148,8 +1149,6 @@ RtlDuplicateUnicodeString@12
 ;RtlFindActivationContextSectionGuid
 ;RtlFindActivationContextSectionString
 RtlFindCharInUnicodeString@16
-RtlFindLeastSignificantBit@8
-RtlFindMostSignificantBit@8
 ;RtlFirstEntrySList
 ;RtlFlushSecureMemoryCache
 ;RtlFreeThreadActivationContextStack
@ -1181,6 +1180,7 @@ RtlInterlockedPushEntrySList@8
 ;RtlIpv4AddressToStringA
 ;RtlIpv4AddressToStringW
 ;RtlIpv4StringToAddressA
+;RtlIpv4StringToAddressW
 ;RtlIpv6AddressToStringA
 ;RtlIpv6AddressToStringW
 ;RtlIpv6StringToAddressA
--- a/reactos/lib/ntdll/def/ntdll.edf
+++ b/reactos/lib/ntdll/def/ntdll.edf
@ -1,4 +1,4 @@
-; $Id: ntdll.edf,v 1.104 2004/02/01 20:48:05 ekohl Exp $
+; $Id: ntdll.edf,v 1.105 2004/02/02 22:37:21 ekohl Exp $
 ;
 ; ReactOS Operating System
 ;
@ -97,6 +97,7 @@ NtCreateThread=NtCreateThread@32
 NtCreateTimer=NtCreateTimer@16
 NtCreateToken=NtCreateToken@52
 NtCreateWaitablePort=NtCreateWaitablePort@20
+NtCurrentTeb=_NtCurrentTeb@0
 NtDelayExecution=NtDelayExecution@8
 NtDeleteAtom=NtDeleteAtom@4
 NtDeleteFile=NtDeleteFile@4
@ -281,7 +282,9 @@ RtlAcquirePebLock=RtlAcquirePebLock@0
 RtlAcquireResourceExclusive=RtlAcquireResourceExclusive@8
 RtlAcquireResourceShared=RtlAcquireResourceShared@8
 RtlAddAccessAllowedAce=RtlAddAccessAllowedAce@16
+RtlAddAccessAllowedAceEx=RtlAddAccessAllowedAceEx@20
 RtlAddAccessDeniedAce=RtlAddAccessDeniedAce@16
+RtlAddAccessDeniedAceEx=RtlAddAccessDeniedAceEx@20
 RtlAddAce=RtlAddAce@20
 ;RtlAddActionToRXact
 RtlAddAtomToAtomTable=RtlAddAtomToAtomTable@12
@ -410,9 +413,11 @@ RtlFindClearBits=RtlFindClearBits@12
 RtlFindClearBitsAndSet=RtlFindClearBitsAndSet@12
 RtlFindClearRuns=RtlFindClearRuns@16
 RtlFindLastBackwardRunClear=RtlFindLastBackwardRunClear@12
+RtlFindLeastSignificantBit=RtlFindLeastSignificantBit@8
 RtlFindLongestRunClear=RtlFindLongestRunClear@8
 RtlFindLongestRunSet=RtlFindLongestRunSet@8
 RtlFindMessage=RtlFindMessage@20
+RtlFindMostSignificantBit=RtlFindMostSignificantBit@8 
 RtlFindNextForwardRunClear=RtlFindNextForwardRunClear@12
 RtlFindRange=RtlFindRange@48
 RtlFindSetBits=RtlFindSetBits@12
@ -974,8 +979,6 @@ wcsstr
 wcstol
 wcstombs
 wcstoul
-NtCurrentTeb=_NtCurrentTeb@0
-;RtlIpv4StringToAddressW
 ;?Allocate@CBufferAllocator@@UAEPAXK@Z
 ;CsrCaptureMessageMultiUnicodeStringsInPlace
 ;CsrGetProcessId
@ -1092,9 +1095,7 @@ NtWaitForKeyedEvent=NtWaitForKeyedEvent@16
 ;RtlActivateActivationContext
 ;RtlActivateActivationContextEx
 ;RtlActivateActivationContextUnsafeFast
-RtlAddAccessAllowedAceEx=RtlAddAccessAllowedAceEx@20
 ;RtlAddAccessAllowedObjectAce
-RtlAddAccessDeniedAceEx=RtlAddAccessDeniedAceEx@20
 ;RtlAddAccessDeniedObjectAce
 ;RtlAddAuditAccessAceEx
 ;RtlAddAuditAccessObjectAce
@ -1148,8 +1149,6 @@ RtlDuplicateUnicodeString=RtlDuplicateUnicodeString@12
 ;RtlFindActivationContextSectionGuid
 ;RtlFindActivationContextSectionString
 RtlFindCharInUnicodeString=RtlFindCharInUnicodeString@16
-RtlFindLeastSignificantBit=RtlFindLeastSignificantBit@8
-RtlFindMostSignificantBit=RtlFindMostSignificantBit@8 
 ;RtlFirstEntrySList
 ;RtlFlushSecureMemoryCache
 ;RtlFreeThreadActivationContextStack
@ -1181,6 +1180,7 @@ RtlInterlockedPushEntrySList=RtlInterlockedPushEntrySList@8
 ;RtlIpv4AddressToStringA
 ;RtlIpv4AddressToStringW
 ;RtlIpv4StringToAddressA
+;RtlIpv4StringToAddressW
 ;RtlIpv6AddressToStringA
 ;RtlIpv6AddressToStringW
 ;RtlIpv6StringToAddressA
--- a/reactos/lib/ntdll/rtl/acl.c
+++ b/reactos/lib/ntdll/rtl/acl.c
@ -1,9 +1,9 @@
-/* $Id: acl.c,v 1.10 2003/07/11 13:50:23 royce Exp $
+/* $Id: acl.c,v 1.11 2004/02/02 22:38:12 ekohl Exp $
 *
 * COPYRIGHT:         See COPYING in the top level directory
 * PROJECT:           ReactOS kernel
 * PURPOSE:           Security manager
- * FILE:              kernel/se/acl.c
+ * FILE:              lib/ntdll/rtl/acl.c
 * PROGRAMER:         David Welch <welch@cwcom.net>
 * REVISION HISTORY:
 *                 26/07/98: Added stubs for security functions
@ -40,12 +40,10 @@ RtlFirstFreeAce(PACL Acl,
 	{
 	  return(FALSE);
 	}
-      if (Current->Header.AceType == 4)
+      if (Current->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE &&
+	  Acl->AclRevision < ACL_REVISION3)
 	{
-	  if (Acl->AclRevision < 3)
-	    {
-	      return(FALSE);
-	    }
+	  return(FALSE);
 	}
      Current = (PACE)((PVOID)Current + (ULONG)Current->Header.AceSize);
      i++;
@ -73,8 +71,8 @@ RtlGetAce(PACL Acl,

  *Ace = (PACE)(Acl + 1);

-  if (Acl->AclRevision != 2 &&
-      Acl->AclRevision != 3)
+  if (Acl->AclRevision < MIN_ACL_REVISION ||
+      Acl->AclRevision > MAX_ACL_REVISION)
    {
      return(STATUS_INVALID_PARAMETER);
    }
@ -103,11 +101,12 @@ RtlGetAce(PACL Acl,


 static NTSTATUS
-RtlpAddKnownAce(PACL Acl,
-		ULONG Revision,
-		ACCESS_MASK AccessMask,
-		PSID Sid,
-		ULONG Type)
+RtlpAddKnownAce (PACL Acl,
+		 ULONG Revision,
+		 ULONG Flags,
+		 ACCESS_MASK AccessMask,
+		 PSID Sid,
+		 ULONG Type)
 {
  PACE Ace;

@ -115,8 +114,8 @@ RtlpAddKnownAce(PACL Acl,
    {
      return(STATUS_INVALID_SID);
    }
-  if (Acl->AclRevision > 3 ||
-      Revision > 3)
+  if (Acl->AclRevision > MAX_ACL_REVISION ||
+      Revision > MAX_ACL_REVISION)
    {
      return(STATUS_UNKNOWN_REVISION);
    }
@ -137,7 +136,7 @@ RtlpAddKnownAce(PACL Acl,
    {
      return(STATUS_ALLOTTED_SPACE_EXCEEDED);
    }
-  Ace->Header.AceFlags = 0;
+  Ace->Header.AceFlags = Flags;
  Ace->Header.AceType = Type;
  Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
  Ace->AccessMask = AccessMask;
@ -152,12 +151,17 @@ RtlpAddKnownAce(PACL Acl,
 * @implemented
 */
 NTSTATUS STDCALL
-RtlAddAccessAllowedAce(PACL Acl,
-		       ULONG Revision,
-		       ACCESS_MASK AccessMask,
-		       PSID Sid)
+RtlAddAccessAllowedAce (IN OUT PACL Acl,
+			IN ULONG Revision,
+			IN ACCESS_MASK AccessMask,
+			IN PSID Sid)
 {
-  return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 0));
+  return RtlpAddKnownAce (Acl,
+			  Revision,
+			  0,
+			  AccessMask,
+			  Sid,
+			  ACCESS_ALLOWED_ACE_TYPE);
 }


@ -165,12 +169,55 @@ RtlAddAccessAllowedAce(PACL Acl,
 * @implemented
 */
 NTSTATUS STDCALL
-RtlAddAccessDeniedAce(PACL Acl,
-		      ULONG Revision,
-		      ACCESS_MASK AccessMask,
-		      PSID Sid)
+RtlAddAccessAllowedAceEx (IN OUT PACL Acl,
+			  IN ULONG Revision,
+			  IN ULONG Flags,
+			  IN ACCESS_MASK AccessMask,
+			  IN PSID Sid)
 {
-  return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 1));
+  return RtlpAddKnownAce (Acl,
+			  Revision,
+			  Flags,
+			  AccessMask,
+			  Sid,
+			  ACCESS_ALLOWED_ACE_TYPE);
+}
+
+
+/*
+ * @implemented
+ */
+NTSTATUS STDCALL
+RtlAddAccessDeniedAce (PACL Acl,
+		       ULONG Revision,
+		       ACCESS_MASK AccessMask,
+		       PSID Sid)
+{
+  return RtlpAddKnownAce (Acl,
+			  Revision,
+			  0,
+			  AccessMask,
+			  Sid,
+			  ACCESS_DENIED_ACE_TYPE);
+}
+
+
+/*
+ * @implemented
+ */
+NTSTATUS STDCALL
+RtlAddAccessDeniedAceEx (IN OUT PACL Acl,
+			 IN ULONG Revision,
+			 IN ULONG Flags,
+			 IN ACCESS_MASK AccessMask,
+			 IN PSID Sid)
+{
+  return RtlpAddKnownAce (Acl,
+			  Revision,
+			  Flags,
+			  AccessMask,
+			  Sid,
+			  ACCESS_DENIED_ACE_TYPE);
 }


@ -211,8 +258,8 @@ RtlAddAce(PACL Acl,
  PACE Current;
  ULONG j;

-  if (Acl->AclRevision != 2 &&
-      Acl->AclRevision != 3)
+  if (Acl->AclRevision < MIN_ACL_REVISION ||
+      Acl->AclRevision > MAX_ACL_REVISION)
    {
      return(STATUS_INVALID_PARAMETER);
    }
@ -236,8 +283,8 @@ RtlAddAce(PACL Acl,
  Current = (PACE)(Acl + 1);
  while ((PVOID)Current < ((PVOID)AceList + AceListLength))
    {
-      if (AceList->Header.AceType == 4 &&
-	  AclRevision < 3)
+      if (AceList->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE &&
+	  AclRevision < ACL_REVISION3)
 	{
 	  return(STATUS_INVALID_PARAMETER);
 	}
@ -306,8 +353,8 @@ RtlAddAuditAccessAce(PACL Acl,
      return(STATUS_INVALID_SID);
    }

-  if (Acl->AclRevision > 3 ||
-      Revision > 3)
+  if (Acl->AclRevision > MAX_ACL_REVISION ||
+      Revision > MAX_ACL_REVISION)
    {
      return(STATUS_REVISION_MISMATCH);
    }
@ -333,7 +380,7 @@ RtlAddAuditAccessAce(PACL Acl,
    }

  Ace->Header.AceFlags = Flags;
-  Ace->Header.AceType = 2;
+  Ace->Header.AceType = SYSTEM_AUDIT_ACE_TYPE;
  Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
  Ace->AccessMask = AccessMask;
  RtlCopySid(RtlLengthSid(Sid),
@ -377,8 +424,8 @@ RtlDeleteAce(PACL Acl,
  PACE Ace;
  PACE Current;

-  if (Acl->AclRevision != 2 &&
-      Acl->AclRevision != 3)
+  if (Acl->AclRevision < MIN_ACL_REVISION ||
+      Acl->AclRevision > MAX_ACL_REVISION)
    {
      return(STATUS_INVALID_PARAMETER);
    }
@ -422,8 +469,8 @@ RtlCreateAcl(PACL Acl,
      return(STATUS_BUFFER_TOO_SMALL);
    }

-  if (AclRevision != 2 &&
-      AclRevision != 3)
+  if (AclRevision < MIN_ACL_REVISION ||
+      AclRevision > MAX_ACL_REVISION)
    {
      return(STATUS_INVALID_PARAMETER);
    }
@ -455,8 +502,8 @@ RtlQueryInformationAcl(PACL Acl,
 {
  PACE Ace;

-  if (Acl->AclRevision != 2 &&
-      Acl->AclRevision != 3)
+  if (Acl->AclRevision < MIN_ACL_REVISION ||
+      Acl->AclRevision > MAX_ACL_REVISION)
    {
      return(STATUS_INVALID_PARAMETER);
    }
@ -520,8 +567,8 @@ RtlSetInformationAcl(PACL Acl,
 		     ULONG InformationLength,
 		     ACL_INFORMATION_CLASS InformationClass)
 {
-  if (Acl->AclRevision != 2 &&
-      Acl->AclRevision != 3)
+  if (Acl->AclRevision < MIN_ACL_REVISION ||
+      Acl->AclRevision > MAX_ACL_REVISION)
    {
      return(STATUS_INVALID_PARAMETER);
    }
@ -558,15 +605,15 @@ RtlSetInformationAcl(PACL Acl,
 * @implemented
 */
 BOOLEAN STDCALL
-RtlValidAcl(PACL Acl)
+RtlValidAcl (PACL Acl)
 {
  PACE Ace;
  USHORT Size;

  Size = (Acl->AclSize + 3) & ~3;

-  if (Acl->AclRevision != 2 &&
-      Acl->AclRevision != 3)
+  if (Acl->AclRevision < MIN_ACL_REVISION ||
+      Acl->AclRevision > MAX_ACL_REVISION)
    {
      return(FALSE);
    }
--- a/reactos/lib/ntdll/stubs/stubs.c
+++ b/reactos/lib/ntdll/stubs/stubs.c
@ -159,31 +159,6 @@ NTSTATUS STDCALL NtPowerInformation(DWORD x1,DWORD x2,DWORD x3,DWORD x4,DWORD x5
  return(FALSE);
 }

-/*
- * @unimplemented
- */
-NTSTATUS  STDCALL RtlAddAccessAllowedAceEx(
-	IN OUT PACL pAcl,
-	IN DWORD dwAceRevision,
-	IN DWORD AceFlags,
-	IN DWORD AccessMask,
-	IN PSID pSid)
-{
-  return(FALSE);
-}
-
-/*
- * @unimplemented
- */
-NTSTATUS  STDCALL RtlAddAccessDeniedAceEx(
-	IN OUT PACL pAcl,
-	IN DWORD dwAceRevision,
-	IN DWORD AceFlags,
-	IN DWORD AccessMask,
-	IN PSID pSid)
-{
-  return(FALSE);
-}

 /*
 * @unimplemented