mirror of
https://github.com/reactos/reactos.git
synced 2024-12-28 10:04:49 +00:00
Implement RtlAccessAllowedAceEx() and RtlAccessDeniedAceEx().
Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=8004
This commit is contained in:
Eric Kohl
parent
7b7b608822
commit
2f3d748c1d
4 changed files with 106 additions and 84 deletions
|
|
@ -1,4 +1,4 @@
|
|||
; $Id: ntdll.def,v 1.114 2004/02/01 20:48:05 ekohl Exp $
|
||||
; $Id: ntdll.def,v 1.115 2004/02/02 22:37:21 ekohl Exp $
|
||||
;
|
||||
; ReactOS Operating System
|
||||
;
|
||||
|
|
@ -97,6 +97,7 @@ NtCreateThread@32
|
|||
NtCreateTimer@16
|
||||
NtCreateToken@52
|
||||
NtCreateWaitablePort@20
|
||||
_NtCurrentTeb@0
|
||||
NtDelayExecution@8
|
||||
NtDeleteAtom@4
|
||||
NtDeleteFile@4
|
||||
|
|
@ -281,7 +282,9 @@ RtlAcquirePebLock@0
|
|||
RtlAcquireResourceExclusive@8
|
||||
RtlAcquireResourceShared@8
|
||||
RtlAddAccessAllowedAce@16
|
||||
RtlAddAccessAllowedAceEx@20
|
||||
RtlAddAccessDeniedAce@16
|
||||
RtlAddAccessDeniedAceEx@20
|
||||
RtlAddAce@20
|
||||
;RtlAddActionToRXact
|
||||
RtlAddAtomToAtomTable@12
|
||||
|
|
@ -410,9 +413,11 @@ RtlFindClearBits@12
|
|||
RtlFindClearBitsAndSet@12
|
||||
RtlFindClearRuns@16
|
||||
RtlFindLastBackwardRunClear@12
|
||||
RtlFindLeastSignificantBit@8
|
||||
RtlFindLongestRunClear@8
|
||||
RtlFindLongestRunSet@8
|
||||
RtlFindMessage@20
|
||||
RtlFindMostSignificantBit@8
|
||||
RtlFindNextForwardRunClear@12
|
||||
RtlFindRange@48
|
||||
RtlFindSetBits@12
|
||||
|
|
@ -974,8 +979,6 @@ InterlockedIncrement@4
|
|||
InterlockedDecrement@4
|
||||
InterlockedExchange@8
|
||||
InterlockedCompareExchange@12
|
||||
_NtCurrentTeb@0
|
||||
;RtlIpv4StringToAddressW
|
||||
;?Allocate@CBufferAllocator@@UAEPAXK@Z
|
||||
;CsrCaptureMessageMultiUnicodeStringsInPlace
|
||||
;CsrGetProcessId
|
||||
|
|
@ -1092,9 +1095,7 @@ NtWaitForKeyedEvent@16
|
|||
;RtlActivateActivationContext
|
||||
;RtlActivateActivationContextEx
|
||||
;RtlActivateActivationContextUnsafeFast
|
||||
RtlAddAccessAllowedAceEx@20
|
||||
;RtlAddAccessAllowedObjectAce
|
||||
RtlAddAccessDeniedAceEx@20
|
||||
;RtlAddAccessDeniedObjectAce
|
||||
;RtlAddAuditAccessAceEx
|
||||
;RtlAddAuditAccessObjectAce
|
||||
|
|
@ -1148,8 +1149,6 @@ RtlDuplicateUnicodeString@12
|
|||
;RtlFindActivationContextSectionGuid
|
||||
;RtlFindActivationContextSectionString
|
||||
RtlFindCharInUnicodeString@16
|
||||
RtlFindLeastSignificantBit@8
|
||||
RtlFindMostSignificantBit@8
|
||||
;RtlFirstEntrySList
|
||||
;RtlFlushSecureMemoryCache
|
||||
;RtlFreeThreadActivationContextStack
|
||||
|
|
@ -1181,6 +1180,7 @@ RtlInterlockedPushEntrySList@8
|
|||
;RtlIpv4AddressToStringA
|
||||
;RtlIpv4AddressToStringW
|
||||
;RtlIpv4StringToAddressA
|
||||
;RtlIpv4StringToAddressW
|
||||
;RtlIpv6AddressToStringA
|
||||
;RtlIpv6AddressToStringW
|
||||
;RtlIpv6StringToAddressA
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
; $Id: ntdll.edf,v 1.104 2004/02/01 20:48:05 ekohl Exp $
|
||||
; $Id: ntdll.edf,v 1.105 2004/02/02 22:37:21 ekohl Exp $
|
||||
;
|
||||
; ReactOS Operating System
|
||||
;
|
||||
|
|
@ -97,6 +97,7 @@ NtCreateThread=NtCreateThread@32
|
|||
NtCreateTimer=NtCreateTimer@16
|
||||
NtCreateToken=NtCreateToken@52
|
||||
NtCreateWaitablePort=NtCreateWaitablePort@20
|
||||
NtCurrentTeb=_NtCurrentTeb@0
|
||||
NtDelayExecution=NtDelayExecution@8
|
||||
NtDeleteAtom=NtDeleteAtom@4
|
||||
NtDeleteFile=NtDeleteFile@4
|
||||
|
|
@ -281,7 +282,9 @@ RtlAcquirePebLock=RtlAcquirePebLock@0
|
|||
RtlAcquireResourceExclusive=RtlAcquireResourceExclusive@8
|
||||
RtlAcquireResourceShared=RtlAcquireResourceShared@8
|
||||
RtlAddAccessAllowedAce=RtlAddAccessAllowedAce@16
|
||||
RtlAddAccessAllowedAceEx=RtlAddAccessAllowedAceEx@20
|
||||
RtlAddAccessDeniedAce=RtlAddAccessDeniedAce@16
|
||||
RtlAddAccessDeniedAceEx=RtlAddAccessDeniedAceEx@20
|
||||
RtlAddAce=RtlAddAce@20
|
||||
;RtlAddActionToRXact
|
||||
RtlAddAtomToAtomTable=RtlAddAtomToAtomTable@12
|
||||
|
|
@ -410,9 +413,11 @@ RtlFindClearBits=RtlFindClearBits@12
|
|||
RtlFindClearBitsAndSet=RtlFindClearBitsAndSet@12
|
||||
RtlFindClearRuns=RtlFindClearRuns@16
|
||||
RtlFindLastBackwardRunClear=RtlFindLastBackwardRunClear@12
|
||||
RtlFindLeastSignificantBit=RtlFindLeastSignificantBit@8
|
||||
RtlFindLongestRunClear=RtlFindLongestRunClear@8
|
||||
RtlFindLongestRunSet=RtlFindLongestRunSet@8
|
||||
RtlFindMessage=RtlFindMessage@20
|
||||
RtlFindMostSignificantBit=RtlFindMostSignificantBit@8
|
||||
RtlFindNextForwardRunClear=RtlFindNextForwardRunClear@12
|
||||
RtlFindRange=RtlFindRange@48
|
||||
RtlFindSetBits=RtlFindSetBits@12
|
||||
|
|
@ -974,8 +979,6 @@ wcsstr
|
|||
wcstol
|
||||
wcstombs
|
||||
wcstoul
|
||||
NtCurrentTeb=_NtCurrentTeb@0
|
||||
;RtlIpv4StringToAddressW
|
||||
;?Allocate@CBufferAllocator@@UAEPAXK@Z
|
||||
;CsrCaptureMessageMultiUnicodeStringsInPlace
|
||||
;CsrGetProcessId
|
||||
|
|
@ -1092,9 +1095,7 @@ NtWaitForKeyedEvent=NtWaitForKeyedEvent@16
|
|||
;RtlActivateActivationContext
|
||||
;RtlActivateActivationContextEx
|
||||
;RtlActivateActivationContextUnsafeFast
|
||||
RtlAddAccessAllowedAceEx=RtlAddAccessAllowedAceEx@20
|
||||
;RtlAddAccessAllowedObjectAce
|
||||
RtlAddAccessDeniedAceEx=RtlAddAccessDeniedAceEx@20
|
||||
;RtlAddAccessDeniedObjectAce
|
||||
;RtlAddAuditAccessAceEx
|
||||
;RtlAddAuditAccessObjectAce
|
||||
|
|
@ -1148,8 +1149,6 @@ RtlDuplicateUnicodeString=RtlDuplicateUnicodeString@12
|
|||
;RtlFindActivationContextSectionGuid
|
||||
;RtlFindActivationContextSectionString
|
||||
RtlFindCharInUnicodeString=RtlFindCharInUnicodeString@16
|
||||
RtlFindLeastSignificantBit=RtlFindLeastSignificantBit@8
|
||||
RtlFindMostSignificantBit=RtlFindMostSignificantBit@8
|
||||
;RtlFirstEntrySList
|
||||
;RtlFlushSecureMemoryCache
|
||||
;RtlFreeThreadActivationContextStack
|
||||
|
|
@ -1181,6 +1180,7 @@ RtlInterlockedPushEntrySList=RtlInterlockedPushEntrySList@8
|
|||
;RtlIpv4AddressToStringA
|
||||
;RtlIpv4AddressToStringW
|
||||
;RtlIpv4StringToAddressA
|
||||
;RtlIpv4StringToAddressW
|
||||
;RtlIpv6AddressToStringA
|
||||
;RtlIpv6AddressToStringW
|
||||
;RtlIpv6StringToAddressA
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
/* $Id: acl.c,v 1.10 2003/07/11 13:50:23 royce Exp $
|
||||
/* $Id: acl.c,v 1.11 2004/02/02 22:38:12 ekohl Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* PURPOSE: Security manager
|
||||
* FILE: kernel/se/acl.c
|
||||
* FILE: lib/ntdll/rtl/acl.c
|
||||
* PROGRAMER: David Welch <welch@cwcom.net>
|
||||
* REVISION HISTORY:
|
||||
* 26/07/98: Added stubs for security functions
|
||||
|
|
@ -40,12 +40,10 @@ RtlFirstFreeAce(PACL Acl,
|
|||
{
|
||||
return(FALSE);
|
||||
}
|
||||
if (Current->Header.AceType == 4)
|
||||
if (Current->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE &&
|
||||
Acl->AclRevision < ACL_REVISION3)
|
||||
{
|
||||
if (Acl->AclRevision < 3)
|
||||
{
|
||||
return(FALSE);
|
||||
}
|
||||
return(FALSE);
|
||||
}
|
||||
Current = (PACE)((PVOID)Current + (ULONG)Current->Header.AceSize);
|
||||
i++;
|
||||
|
|
@ -73,8 +71,8 @@ RtlGetAce(PACL Acl,
|
|||
|
||||
*Ace = (PACE)(Acl + 1);
|
||||
|
||||
if (Acl->AclRevision != 2 &&
|
||||
Acl->AclRevision != 3)
|
||||
if (Acl->AclRevision < MIN_ACL_REVISION ||
|
||||
Acl->AclRevision > MAX_ACL_REVISION)
|
||||
{
|
||||
return(STATUS_INVALID_PARAMETER);
|
||||
}
|
||||
|
|
@ -103,11 +101,12 @@ RtlGetAce(PACL Acl,
|
|||
|
||||
|
||||
static NTSTATUS
|
||||
RtlpAddKnownAce(PACL Acl,
|
||||
ULONG Revision,
|
||||
ACCESS_MASK AccessMask,
|
||||
PSID Sid,
|
||||
ULONG Type)
|
||||
RtlpAddKnownAce (PACL Acl,
|
||||
ULONG Revision,
|
||||
ULONG Flags,
|
||||
ACCESS_MASK AccessMask,
|
||||
PSID Sid,
|
||||
ULONG Type)
|
||||
{
|
||||
PACE Ace;
|
||||
|
||||
|
|
@ -115,8 +114,8 @@ RtlpAddKnownAce(PACL Acl,
|
|||
{
|
||||
return(STATUS_INVALID_SID);
|
||||
}
|
||||
if (Acl->AclRevision > 3 ||
|
||||
Revision > 3)
|
||||
if (Acl->AclRevision > MAX_ACL_REVISION ||
|
||||
Revision > MAX_ACL_REVISION)
|
||||
{
|
||||
return(STATUS_UNKNOWN_REVISION);
|
||||
}
|
||||
|
|
@ -137,7 +136,7 @@ RtlpAddKnownAce(PACL Acl,
|
|||
{
|
||||
return(STATUS_ALLOTTED_SPACE_EXCEEDED);
|
||||
}
|
||||
Ace->Header.AceFlags = 0;
|
||||
Ace->Header.AceFlags = Flags;
|
||||
Ace->Header.AceType = Type;
|
||||
Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
|
||||
Ace->AccessMask = AccessMask;
|
||||
|
|
@ -152,12 +151,17 @@ RtlpAddKnownAce(PACL Acl,
|
|||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
RtlAddAccessAllowedAce(PACL Acl,
|
||||
ULONG Revision,
|
||||
ACCESS_MASK AccessMask,
|
||||
PSID Sid)
|
||||
RtlAddAccessAllowedAce (IN OUT PACL Acl,
|
||||
IN ULONG Revision,
|
||||
IN ACCESS_MASK AccessMask,
|
||||
IN PSID Sid)
|
||||
{
|
||||
return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 0));
|
||||
return RtlpAddKnownAce (Acl,
|
||||
Revision,
|
||||
0,
|
||||
AccessMask,
|
||||
Sid,
|
||||
ACCESS_ALLOWED_ACE_TYPE);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -165,12 +169,55 @@ RtlAddAccessAllowedAce(PACL Acl,
|
|||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
RtlAddAccessDeniedAce(PACL Acl,
|
||||
ULONG Revision,
|
||||
ACCESS_MASK AccessMask,
|
||||
PSID Sid)
|
||||
RtlAddAccessAllowedAceEx (IN OUT PACL Acl,
|
||||
IN ULONG Revision,
|
||||
IN ULONG Flags,
|
||||
IN ACCESS_MASK AccessMask,
|
||||
IN PSID Sid)
|
||||
{
|
||||
return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 1));
|
||||
return RtlpAddKnownAce (Acl,
|
||||
Revision,
|
||||
Flags,
|
||||
AccessMask,
|
||||
Sid,
|
||||
ACCESS_ALLOWED_ACE_TYPE);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
RtlAddAccessDeniedAce (PACL Acl,
|
||||
ULONG Revision,
|
||||
ACCESS_MASK AccessMask,
|
||||
PSID Sid)
|
||||
{
|
||||
return RtlpAddKnownAce (Acl,
|
||||
Revision,
|
||||
0,
|
||||
AccessMask,
|
||||
Sid,
|
||||
ACCESS_DENIED_ACE_TYPE);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
RtlAddAccessDeniedAceEx (IN OUT PACL Acl,
|
||||
IN ULONG Revision,
|
||||
IN ULONG Flags,
|
||||
IN ACCESS_MASK AccessMask,
|
||||
IN PSID Sid)
|
||||
{
|
||||
return RtlpAddKnownAce (Acl,
|
||||
Revision,
|
||||
Flags,
|
||||
AccessMask,
|
||||
Sid,
|
||||
ACCESS_DENIED_ACE_TYPE);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -211,8 +258,8 @@ RtlAddAce(PACL Acl,
|
|||
PACE Current;
|
||||
ULONG j;
|
||||
|
||||
if (Acl->AclRevision != 2 &&
|
||||
Acl->AclRevision != 3)
|
||||
if (Acl->AclRevision < MIN_ACL_REVISION ||
|
||||
Acl->AclRevision > MAX_ACL_REVISION)
|
||||
{
|
||||
return(STATUS_INVALID_PARAMETER);
|
||||
}
|
||||
|
|
@ -236,8 +283,8 @@ RtlAddAce(PACL Acl,
|
|||
Current = (PACE)(Acl + 1);
|
||||
while ((PVOID)Current < ((PVOID)AceList + AceListLength))
|
||||
{
|
||||
if (AceList->Header.AceType == 4 &&
|
||||
AclRevision < 3)
|
||||
if (AceList->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE &&
|
||||
AclRevision < ACL_REVISION3)
|
||||
{
|
||||
return(STATUS_INVALID_PARAMETER);
|
||||
}
|
||||
|
|
@ -306,8 +353,8 @@ RtlAddAuditAccessAce(PACL Acl,
|
|||
return(STATUS_INVALID_SID);
|
||||
}
|
||||
|
||||
if (Acl->AclRevision > 3 ||
|
||||
Revision > 3)
|
||||
if (Acl->AclRevision > MAX_ACL_REVISION ||
|
||||
Revision > MAX_ACL_REVISION)
|
||||
{
|
||||
return(STATUS_REVISION_MISMATCH);
|
||||
}
|
||||
|
|
@ -333,7 +380,7 @@ RtlAddAuditAccessAce(PACL Acl,
|
|||
}
|
||||
|
||||
Ace->Header.AceFlags = Flags;
|
||||
Ace->Header.AceType = 2;
|
||||
Ace->Header.AceType = SYSTEM_AUDIT_ACE_TYPE;
|
||||
Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
|
||||
Ace->AccessMask = AccessMask;
|
||||
RtlCopySid(RtlLengthSid(Sid),
|
||||
|
|
@ -377,8 +424,8 @@ RtlDeleteAce(PACL Acl,
|
|||
PACE Ace;
|
||||
PACE Current;
|
||||
|
||||
if (Acl->AclRevision != 2 &&
|
||||
Acl->AclRevision != 3)
|
||||
if (Acl->AclRevision < MIN_ACL_REVISION ||
|
||||
Acl->AclRevision > MAX_ACL_REVISION)
|
||||
{
|
||||
return(STATUS_INVALID_PARAMETER);
|
||||
}
|
||||
|
|
@ -422,8 +469,8 @@ RtlCreateAcl(PACL Acl,
|
|||
return(STATUS_BUFFER_TOO_SMALL);
|
||||
}
|
||||
|
||||
if (AclRevision != 2 &&
|
||||
AclRevision != 3)
|
||||
if (AclRevision < MIN_ACL_REVISION ||
|
||||
AclRevision > MAX_ACL_REVISION)
|
||||
{
|
||||
return(STATUS_INVALID_PARAMETER);
|
||||
}
|
||||
|
|
@ -455,8 +502,8 @@ RtlQueryInformationAcl(PACL Acl,
|
|||
{
|
||||
PACE Ace;
|
||||
|
||||
if (Acl->AclRevision != 2 &&
|
||||
Acl->AclRevision != 3)
|
||||
if (Acl->AclRevision < MIN_ACL_REVISION ||
|
||||
Acl->AclRevision > MAX_ACL_REVISION)
|
||||
{
|
||||
return(STATUS_INVALID_PARAMETER);
|
||||
}
|
||||
|
|
@ -520,8 +567,8 @@ RtlSetInformationAcl(PACL Acl,
|
|||
ULONG InformationLength,
|
||||
ACL_INFORMATION_CLASS InformationClass)
|
||||
{
|
||||
if (Acl->AclRevision != 2 &&
|
||||
Acl->AclRevision != 3)
|
||||
if (Acl->AclRevision < MIN_ACL_REVISION ||
|
||||
Acl->AclRevision > MAX_ACL_REVISION)
|
||||
{
|
||||
return(STATUS_INVALID_PARAMETER);
|
||||
}
|
||||
|
|
@ -558,15 +605,15 @@ RtlSetInformationAcl(PACL Acl,
|
|||
* @implemented
|
||||
*/
|
||||
BOOLEAN STDCALL
|
||||
RtlValidAcl(PACL Acl)
|
||||
RtlValidAcl (PACL Acl)
|
||||
{
|
||||
PACE Ace;
|
||||
USHORT Size;
|
||||
|
||||
Size = (Acl->AclSize + 3) & ~3;
|
||||
|
||||
if (Acl->AclRevision != 2 &&
|
||||
Acl->AclRevision != 3)
|
||||
if (Acl->AclRevision < MIN_ACL_REVISION ||
|
||||
Acl->AclRevision > MAX_ACL_REVISION)
|
||||
{
|
||||
return(FALSE);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -159,31 +159,6 @@ NTSTATUS STDCALL NtPowerInformation(DWORD x1,DWORD x2,DWORD x3,DWORD x4,DWORD x5
|
|||
return(FALSE);
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS STDCALL RtlAddAccessAllowedAceEx(
|
||||
IN OUT PACL pAcl,
|
||||
IN DWORD dwAceRevision,
|
||||
IN DWORD AceFlags,
|
||||
IN DWORD AccessMask,
|
||||
IN PSID pSid)
|
||||
{
|
||||
return(FALSE);
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS STDCALL RtlAddAccessDeniedAceEx(
|
||||
IN OUT PACL pAcl,
|
||||
IN DWORD dwAceRevision,
|
||||
IN DWORD AceFlags,
|
||||
IN DWORD AccessMask,
|
||||
IN PSID pSid)
|
||||
{
|
||||
return(FALSE);
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
|
|
|
|||
Loading…
Reference in a new issue