From 2f3d748c1ddc0fd3f4cc7c0052a901bc235667a4 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Mon, 2 Feb 2004 22:38:43 +0000 Subject: [PATCH] Implement RtlAccessAllowedAceEx() and RtlAccessDeniedAceEx(). Use ACL constants and fix ACL-revision checks. svn path=/trunk/; revision=8004 --- reactos/lib/ntdll/def/ntdll.def | 14 ++-- reactos/lib/ntdll/def/ntdll.edf | 14 ++-- reactos/lib/ntdll/rtl/acl.c | 137 +++++++++++++++++++++----------- reactos/lib/ntdll/stubs/stubs.c | 25 ------ 4 files changed, 106 insertions(+), 84 deletions(-) diff --git a/reactos/lib/ntdll/def/ntdll.def b/reactos/lib/ntdll/def/ntdll.def index 8cc1261517f..57266c10cbd 100644 --- a/reactos/lib/ntdll/def/ntdll.def +++ b/reactos/lib/ntdll/def/ntdll.def @@ -1,4 +1,4 @@ -; $Id: ntdll.def,v 1.114 2004/02/01 20:48:05 ekohl Exp $ +; $Id: ntdll.def,v 1.115 2004/02/02 22:37:21 ekohl Exp $ ; ; ReactOS Operating System ; @@ -97,6 +97,7 @@ NtCreateThread@32 NtCreateTimer@16 NtCreateToken@52 NtCreateWaitablePort@20 +_NtCurrentTeb@0 NtDelayExecution@8 NtDeleteAtom@4 NtDeleteFile@4 @@ -281,7 +282,9 @@ RtlAcquirePebLock@0 RtlAcquireResourceExclusive@8 RtlAcquireResourceShared@8 RtlAddAccessAllowedAce@16 +RtlAddAccessAllowedAceEx@20 RtlAddAccessDeniedAce@16 +RtlAddAccessDeniedAceEx@20 RtlAddAce@20 ;RtlAddActionToRXact RtlAddAtomToAtomTable@12 @@ -410,9 +413,11 @@ RtlFindClearBits@12 RtlFindClearBitsAndSet@12 RtlFindClearRuns@16 RtlFindLastBackwardRunClear@12 +RtlFindLeastSignificantBit@8 RtlFindLongestRunClear@8 RtlFindLongestRunSet@8 RtlFindMessage@20 +RtlFindMostSignificantBit@8 RtlFindNextForwardRunClear@12 RtlFindRange@48 RtlFindSetBits@12 @@ -974,8 +979,6 @@ InterlockedIncrement@4 InterlockedDecrement@4 InterlockedExchange@8 InterlockedCompareExchange@12 -_NtCurrentTeb@0 -;RtlIpv4StringToAddressW ;?Allocate@CBufferAllocator@@UAEPAXK@Z ;CsrCaptureMessageMultiUnicodeStringsInPlace ;CsrGetProcessId @@ -1092,9 +1095,7 @@ NtWaitForKeyedEvent@16 ;RtlActivateActivationContext ;RtlActivateActivationContextEx ;RtlActivateActivationContextUnsafeFast -RtlAddAccessAllowedAceEx@20 ;RtlAddAccessAllowedObjectAce -RtlAddAccessDeniedAceEx@20 ;RtlAddAccessDeniedObjectAce ;RtlAddAuditAccessAceEx ;RtlAddAuditAccessObjectAce @@ -1148,8 +1149,6 @@ RtlDuplicateUnicodeString@12 ;RtlFindActivationContextSectionGuid ;RtlFindActivationContextSectionString RtlFindCharInUnicodeString@16 -RtlFindLeastSignificantBit@8 -RtlFindMostSignificantBit@8 ;RtlFirstEntrySList ;RtlFlushSecureMemoryCache ;RtlFreeThreadActivationContextStack @@ -1181,6 +1180,7 @@ RtlInterlockedPushEntrySList@8 ;RtlIpv4AddressToStringA ;RtlIpv4AddressToStringW ;RtlIpv4StringToAddressA +;RtlIpv4StringToAddressW ;RtlIpv6AddressToStringA ;RtlIpv6AddressToStringW ;RtlIpv6StringToAddressA diff --git a/reactos/lib/ntdll/def/ntdll.edf b/reactos/lib/ntdll/def/ntdll.edf index f02b65db7a5..620f8946529 100644 --- a/reactos/lib/ntdll/def/ntdll.edf +++ b/reactos/lib/ntdll/def/ntdll.edf @@ -1,4 +1,4 @@ -; $Id: ntdll.edf,v 1.104 2004/02/01 20:48:05 ekohl Exp $ +; $Id: ntdll.edf,v 1.105 2004/02/02 22:37:21 ekohl Exp $ ; ; ReactOS Operating System ; @@ -97,6 +97,7 @@ NtCreateThread=NtCreateThread@32 NtCreateTimer=NtCreateTimer@16 NtCreateToken=NtCreateToken@52 NtCreateWaitablePort=NtCreateWaitablePort@20 +NtCurrentTeb=_NtCurrentTeb@0 NtDelayExecution=NtDelayExecution@8 NtDeleteAtom=NtDeleteAtom@4 NtDeleteFile=NtDeleteFile@4 @@ -281,7 +282,9 @@ RtlAcquirePebLock=RtlAcquirePebLock@0 RtlAcquireResourceExclusive=RtlAcquireResourceExclusive@8 RtlAcquireResourceShared=RtlAcquireResourceShared@8 RtlAddAccessAllowedAce=RtlAddAccessAllowedAce@16 +RtlAddAccessAllowedAceEx=RtlAddAccessAllowedAceEx@20 RtlAddAccessDeniedAce=RtlAddAccessDeniedAce@16 +RtlAddAccessDeniedAceEx=RtlAddAccessDeniedAceEx@20 RtlAddAce=RtlAddAce@20 ;RtlAddActionToRXact RtlAddAtomToAtomTable=RtlAddAtomToAtomTable@12 @@ -410,9 +413,11 @@ RtlFindClearBits=RtlFindClearBits@12 RtlFindClearBitsAndSet=RtlFindClearBitsAndSet@12 RtlFindClearRuns=RtlFindClearRuns@16 RtlFindLastBackwardRunClear=RtlFindLastBackwardRunClear@12 +RtlFindLeastSignificantBit=RtlFindLeastSignificantBit@8 RtlFindLongestRunClear=RtlFindLongestRunClear@8 RtlFindLongestRunSet=RtlFindLongestRunSet@8 RtlFindMessage=RtlFindMessage@20 +RtlFindMostSignificantBit=RtlFindMostSignificantBit@8 RtlFindNextForwardRunClear=RtlFindNextForwardRunClear@12 RtlFindRange=RtlFindRange@48 RtlFindSetBits=RtlFindSetBits@12 @@ -974,8 +979,6 @@ wcsstr wcstol wcstombs wcstoul -NtCurrentTeb=_NtCurrentTeb@0 -;RtlIpv4StringToAddressW ;?Allocate@CBufferAllocator@@UAEPAXK@Z ;CsrCaptureMessageMultiUnicodeStringsInPlace ;CsrGetProcessId @@ -1092,9 +1095,7 @@ NtWaitForKeyedEvent=NtWaitForKeyedEvent@16 ;RtlActivateActivationContext ;RtlActivateActivationContextEx ;RtlActivateActivationContextUnsafeFast -RtlAddAccessAllowedAceEx=RtlAddAccessAllowedAceEx@20 ;RtlAddAccessAllowedObjectAce -RtlAddAccessDeniedAceEx=RtlAddAccessDeniedAceEx@20 ;RtlAddAccessDeniedObjectAce ;RtlAddAuditAccessAceEx ;RtlAddAuditAccessObjectAce @@ -1148,8 +1149,6 @@ RtlDuplicateUnicodeString=RtlDuplicateUnicodeString@12 ;RtlFindActivationContextSectionGuid ;RtlFindActivationContextSectionString RtlFindCharInUnicodeString=RtlFindCharInUnicodeString@16 -RtlFindLeastSignificantBit=RtlFindLeastSignificantBit@8 -RtlFindMostSignificantBit=RtlFindMostSignificantBit@8 ;RtlFirstEntrySList ;RtlFlushSecureMemoryCache ;RtlFreeThreadActivationContextStack @@ -1181,6 +1180,7 @@ RtlInterlockedPushEntrySList=RtlInterlockedPushEntrySList@8 ;RtlIpv4AddressToStringA ;RtlIpv4AddressToStringW ;RtlIpv4StringToAddressA +;RtlIpv4StringToAddressW ;RtlIpv6AddressToStringA ;RtlIpv6AddressToStringW ;RtlIpv6StringToAddressA diff --git a/reactos/lib/ntdll/rtl/acl.c b/reactos/lib/ntdll/rtl/acl.c index e582672a84f..c8288f64cfe 100644 --- a/reactos/lib/ntdll/rtl/acl.c +++ b/reactos/lib/ntdll/rtl/acl.c @@ -1,9 +1,9 @@ -/* $Id: acl.c,v 1.10 2003/07/11 13:50:23 royce Exp $ +/* $Id: acl.c,v 1.11 2004/02/02 22:38:12 ekohl Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel * PURPOSE: Security manager - * FILE: kernel/se/acl.c + * FILE: lib/ntdll/rtl/acl.c * PROGRAMER: David Welch * REVISION HISTORY: * 26/07/98: Added stubs for security functions @@ -40,12 +40,10 @@ RtlFirstFreeAce(PACL Acl, { return(FALSE); } - if (Current->Header.AceType == 4) + if (Current->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE && + Acl->AclRevision < ACL_REVISION3) { - if (Acl->AclRevision < 3) - { - return(FALSE); - } + return(FALSE); } Current = (PACE)((PVOID)Current + (ULONG)Current->Header.AceSize); i++; @@ -73,8 +71,8 @@ RtlGetAce(PACL Acl, *Ace = (PACE)(Acl + 1); - if (Acl->AclRevision != 2 && - Acl->AclRevision != 3) + if (Acl->AclRevision < MIN_ACL_REVISION || + Acl->AclRevision > MAX_ACL_REVISION) { return(STATUS_INVALID_PARAMETER); } @@ -103,11 +101,12 @@ RtlGetAce(PACL Acl, static NTSTATUS -RtlpAddKnownAce(PACL Acl, - ULONG Revision, - ACCESS_MASK AccessMask, - PSID Sid, - ULONG Type) +RtlpAddKnownAce (PACL Acl, + ULONG Revision, + ULONG Flags, + ACCESS_MASK AccessMask, + PSID Sid, + ULONG Type) { PACE Ace; @@ -115,8 +114,8 @@ RtlpAddKnownAce(PACL Acl, { return(STATUS_INVALID_SID); } - if (Acl->AclRevision > 3 || - Revision > 3) + if (Acl->AclRevision > MAX_ACL_REVISION || + Revision > MAX_ACL_REVISION) { return(STATUS_UNKNOWN_REVISION); } @@ -137,7 +136,7 @@ RtlpAddKnownAce(PACL Acl, { return(STATUS_ALLOTTED_SPACE_EXCEEDED); } - Ace->Header.AceFlags = 0; + Ace->Header.AceFlags = Flags; Ace->Header.AceType = Type; Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE); Ace->AccessMask = AccessMask; @@ -152,12 +151,17 @@ RtlpAddKnownAce(PACL Acl, * @implemented */ NTSTATUS STDCALL -RtlAddAccessAllowedAce(PACL Acl, - ULONG Revision, - ACCESS_MASK AccessMask, - PSID Sid) +RtlAddAccessAllowedAce (IN OUT PACL Acl, + IN ULONG Revision, + IN ACCESS_MASK AccessMask, + IN PSID Sid) { - return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 0)); + return RtlpAddKnownAce (Acl, + Revision, + 0, + AccessMask, + Sid, + ACCESS_ALLOWED_ACE_TYPE); } @@ -165,12 +169,55 @@ RtlAddAccessAllowedAce(PACL Acl, * @implemented */ NTSTATUS STDCALL -RtlAddAccessDeniedAce(PACL Acl, - ULONG Revision, - ACCESS_MASK AccessMask, - PSID Sid) +RtlAddAccessAllowedAceEx (IN OUT PACL Acl, + IN ULONG Revision, + IN ULONG Flags, + IN ACCESS_MASK AccessMask, + IN PSID Sid) { - return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 1)); + return RtlpAddKnownAce (Acl, + Revision, + Flags, + AccessMask, + Sid, + ACCESS_ALLOWED_ACE_TYPE); +} + + +/* + * @implemented + */ +NTSTATUS STDCALL +RtlAddAccessDeniedAce (PACL Acl, + ULONG Revision, + ACCESS_MASK AccessMask, + PSID Sid) +{ + return RtlpAddKnownAce (Acl, + Revision, + 0, + AccessMask, + Sid, + ACCESS_DENIED_ACE_TYPE); +} + + +/* + * @implemented + */ +NTSTATUS STDCALL +RtlAddAccessDeniedAceEx (IN OUT PACL Acl, + IN ULONG Revision, + IN ULONG Flags, + IN ACCESS_MASK AccessMask, + IN PSID Sid) +{ + return RtlpAddKnownAce (Acl, + Revision, + Flags, + AccessMask, + Sid, + ACCESS_DENIED_ACE_TYPE); } @@ -211,8 +258,8 @@ RtlAddAce(PACL Acl, PACE Current; ULONG j; - if (Acl->AclRevision != 2 && - Acl->AclRevision != 3) + if (Acl->AclRevision < MIN_ACL_REVISION || + Acl->AclRevision > MAX_ACL_REVISION) { return(STATUS_INVALID_PARAMETER); } @@ -236,8 +283,8 @@ RtlAddAce(PACL Acl, Current = (PACE)(Acl + 1); while ((PVOID)Current < ((PVOID)AceList + AceListLength)) { - if (AceList->Header.AceType == 4 && - AclRevision < 3) + if (AceList->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE && + AclRevision < ACL_REVISION3) { return(STATUS_INVALID_PARAMETER); } @@ -306,8 +353,8 @@ RtlAddAuditAccessAce(PACL Acl, return(STATUS_INVALID_SID); } - if (Acl->AclRevision > 3 || - Revision > 3) + if (Acl->AclRevision > MAX_ACL_REVISION || + Revision > MAX_ACL_REVISION) { return(STATUS_REVISION_MISMATCH); } @@ -333,7 +380,7 @@ RtlAddAuditAccessAce(PACL Acl, } Ace->Header.AceFlags = Flags; - Ace->Header.AceType = 2; + Ace->Header.AceType = SYSTEM_AUDIT_ACE_TYPE; Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE); Ace->AccessMask = AccessMask; RtlCopySid(RtlLengthSid(Sid), @@ -377,8 +424,8 @@ RtlDeleteAce(PACL Acl, PACE Ace; PACE Current; - if (Acl->AclRevision != 2 && - Acl->AclRevision != 3) + if (Acl->AclRevision < MIN_ACL_REVISION || + Acl->AclRevision > MAX_ACL_REVISION) { return(STATUS_INVALID_PARAMETER); } @@ -422,8 +469,8 @@ RtlCreateAcl(PACL Acl, return(STATUS_BUFFER_TOO_SMALL); } - if (AclRevision != 2 && - AclRevision != 3) + if (AclRevision < MIN_ACL_REVISION || + AclRevision > MAX_ACL_REVISION) { return(STATUS_INVALID_PARAMETER); } @@ -455,8 +502,8 @@ RtlQueryInformationAcl(PACL Acl, { PACE Ace; - if (Acl->AclRevision != 2 && - Acl->AclRevision != 3) + if (Acl->AclRevision < MIN_ACL_REVISION || + Acl->AclRevision > MAX_ACL_REVISION) { return(STATUS_INVALID_PARAMETER); } @@ -520,8 +567,8 @@ RtlSetInformationAcl(PACL Acl, ULONG InformationLength, ACL_INFORMATION_CLASS InformationClass) { - if (Acl->AclRevision != 2 && - Acl->AclRevision != 3) + if (Acl->AclRevision < MIN_ACL_REVISION || + Acl->AclRevision > MAX_ACL_REVISION) { return(STATUS_INVALID_PARAMETER); } @@ -558,15 +605,15 @@ RtlSetInformationAcl(PACL Acl, * @implemented */ BOOLEAN STDCALL -RtlValidAcl(PACL Acl) +RtlValidAcl (PACL Acl) { PACE Ace; USHORT Size; Size = (Acl->AclSize + 3) & ~3; - if (Acl->AclRevision != 2 && - Acl->AclRevision != 3) + if (Acl->AclRevision < MIN_ACL_REVISION || + Acl->AclRevision > MAX_ACL_REVISION) { return(FALSE); } diff --git a/reactos/lib/ntdll/stubs/stubs.c b/reactos/lib/ntdll/stubs/stubs.c index 013530403e1..c50bcb4869f 100644 --- a/reactos/lib/ntdll/stubs/stubs.c +++ b/reactos/lib/ntdll/stubs/stubs.c @@ -159,31 +159,6 @@ NTSTATUS STDCALL NtPowerInformation(DWORD x1,DWORD x2,DWORD x3,DWORD x4,DWORD x5 return(FALSE); } -/* - * @unimplemented - */ -NTSTATUS STDCALL RtlAddAccessAllowedAceEx( - IN OUT PACL pAcl, - IN DWORD dwAceRevision, - IN DWORD AceFlags, - IN DWORD AccessMask, - IN PSID pSid) -{ - return(FALSE); -} - -/* - * @unimplemented - */ -NTSTATUS STDCALL RtlAddAccessDeniedAceEx( - IN OUT PACL pAcl, - IN DWORD dwAceRevision, - IN DWORD AceFlags, - IN DWORD AccessMask, - IN PSID pSid) -{ - return(FALSE); -} /* * @unimplemented