Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-08-06 19:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement RtlAccessAllowedAceEx() and RtlAccessDeniedAceEx().

Browse source 
Use ACL constants and fix ACL-revision checks.

svn path=/trunk/; revision=8004
This commit is contained in:
Eric Kohl 2004-02-02 22:38:43 +00:00
parent 7b7b608822
commit 2f3d748c1d
4 changed files with 106 additions and 84 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
reactos/lib/ntdll/def/ntdll.def
View file

@ -1,4 +1,4 @@
; $Id: ntdll.def,v 1.114 2004/02/01 20:48:05 ekohl Exp $ ; $Id: ntdll.def,v 1.115 2004/02/02 22:37:21 ekohl Exp $
; ;
; ReactOS Operating System ; ReactOS Operating System
; ;
@ -97,6 +97,7 @@ NtCreateThread@32
NtCreateTimer@16 NtCreateTimer@16
NtCreateToken@52 NtCreateToken@52
NtCreateWaitablePort@20 NtCreateWaitablePort@20
_NtCurrentTeb@0
NtDelayExecution@8 NtDelayExecution@8
NtDeleteAtom@4 NtDeleteAtom@4
NtDeleteFile@4 NtDeleteFile@4
@ -281,7 +282,9 @@ RtlAcquirePebLock@0
RtlAcquireResourceExclusive@8 RtlAcquireResourceExclusive@8
RtlAcquireResourceShared@8 RtlAcquireResourceShared@8
RtlAddAccessAllowedAce@16 RtlAddAccessAllowedAce@16
RtlAddAccessAllowedAceEx@20
RtlAddAccessDeniedAce@16 RtlAddAccessDeniedAce@16
RtlAddAccessDeniedAceEx@20
RtlAddAce@20 RtlAddAce@20
;RtlAddActionToRXact ;RtlAddActionToRXact
RtlAddAtomToAtomTable@12 RtlAddAtomToAtomTable@12
@ -410,9 +413,11 @@ RtlFindClearBits@12
RtlFindClearBitsAndSet@12 RtlFindClearBitsAndSet@12
RtlFindClearRuns@16 RtlFindClearRuns@16
RtlFindLastBackwardRunClear@12 RtlFindLastBackwardRunClear@12
RtlFindLeastSignificantBit@8
RtlFindLongestRunClear@8 RtlFindLongestRunClear@8
RtlFindLongestRunSet@8 RtlFindLongestRunSet@8
RtlFindMessage@20 RtlFindMessage@20
RtlFindMostSignificantBit@8
RtlFindNextForwardRunClear@12 RtlFindNextForwardRunClear@12
RtlFindRange@48 RtlFindRange@48
RtlFindSetBits@12 RtlFindSetBits@12
@ -974,8 +979,6 @@ InterlockedIncrement@4
InterlockedDecrement@4 InterlockedDecrement@4
InterlockedExchange@8 InterlockedExchange@8
InterlockedCompareExchange@12 InterlockedCompareExchange@12
_NtCurrentTeb@0
;RtlIpv4StringToAddressW
;?Allocate@CBufferAllocator@@UAEPAXK@Z ;?Allocate@CBufferAllocator@@UAEPAXK@Z
;CsrCaptureMessageMultiUnicodeStringsInPlace ;CsrCaptureMessageMultiUnicodeStringsInPlace
;CsrGetProcessId ;CsrGetProcessId
@ -1092,9 +1095,7 @@ NtWaitForKeyedEvent@16
;RtlActivateActivationContext ;RtlActivateActivationContext
;RtlActivateActivationContextEx ;RtlActivateActivationContextEx
;RtlActivateActivationContextUnsafeFast ;RtlActivateActivationContextUnsafeFast
RtlAddAccessAllowedAceEx@20
;RtlAddAccessAllowedObjectAce ;RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedAceEx@20
;RtlAddAccessDeniedObjectAce ;RtlAddAccessDeniedObjectAce
;RtlAddAuditAccessAceEx ;RtlAddAuditAccessAceEx
;RtlAddAuditAccessObjectAce ;RtlAddAuditAccessObjectAce
@ -1148,8 +1149,6 @@ RtlDuplicateUnicodeString@12
;RtlFindActivationContextSectionGuid ;RtlFindActivationContextSectionGuid
;RtlFindActivationContextSectionString ;RtlFindActivationContextSectionString
RtlFindCharInUnicodeString@16 RtlFindCharInUnicodeString@16
RtlFindLeastSignificantBit@8
RtlFindMostSignificantBit@8
;RtlFirstEntrySList ;RtlFirstEntrySList
;RtlFlushSecureMemoryCache ;RtlFlushSecureMemoryCache
;RtlFreeThreadActivationContextStack ;RtlFreeThreadActivationContextStack
@ -1181,6 +1180,7 @@ RtlInterlockedPushEntrySList@8
;RtlIpv4AddressToStringA ;RtlIpv4AddressToStringA
;RtlIpv4AddressToStringW ;RtlIpv4AddressToStringW
;RtlIpv4StringToAddressA ;RtlIpv4StringToAddressA
;RtlIpv4StringToAddressW
;RtlIpv6AddressToStringA ;RtlIpv6AddressToStringA
;RtlIpv6AddressToStringW ;RtlIpv6AddressToStringW
;RtlIpv6StringToAddressA ;RtlIpv6StringToAddressA

14
reactos/lib/ntdll/def/ntdll.edf
View file

@ -1,4 +1,4 @@
; $Id: ntdll.edf,v 1.104 2004/02/01 20:48:05 ekohl Exp $ ; $Id: ntdll.edf,v 1.105 2004/02/02 22:37:21 ekohl Exp $
; ;
; ReactOS Operating System ; ReactOS Operating System
; ;
@ -97,6 +97,7 @@ NtCreateThread=NtCreateThread@32
NtCreateTimer=NtCreateTimer@16 NtCreateTimer=NtCreateTimer@16
NtCreateToken=NtCreateToken@52 NtCreateToken=NtCreateToken@52
NtCreateWaitablePort=NtCreateWaitablePort@20 NtCreateWaitablePort=NtCreateWaitablePort@20
NtCurrentTeb=_NtCurrentTeb@0
NtDelayExecution=NtDelayExecution@8 NtDelayExecution=NtDelayExecution@8
NtDeleteAtom=NtDeleteAtom@4 NtDeleteAtom=NtDeleteAtom@4
NtDeleteFile=NtDeleteFile@4 NtDeleteFile=NtDeleteFile@4
@ -281,7 +282,9 @@ RtlAcquirePebLock=RtlAcquirePebLock@0
RtlAcquireResourceExclusive=RtlAcquireResourceExclusive@8 RtlAcquireResourceExclusive=RtlAcquireResourceExclusive@8
RtlAcquireResourceShared=RtlAcquireResourceShared@8 RtlAcquireResourceShared=RtlAcquireResourceShared@8
RtlAddAccessAllowedAce=RtlAddAccessAllowedAce@16 RtlAddAccessAllowedAce=RtlAddAccessAllowedAce@16
RtlAddAccessAllowedAceEx=RtlAddAccessAllowedAceEx@20
RtlAddAccessDeniedAce=RtlAddAccessDeniedAce@16 RtlAddAccessDeniedAce=RtlAddAccessDeniedAce@16
RtlAddAccessDeniedAceEx=RtlAddAccessDeniedAceEx@20
RtlAddAce=RtlAddAce@20 RtlAddAce=RtlAddAce@20
;RtlAddActionToRXact ;RtlAddActionToRXact
RtlAddAtomToAtomTable=RtlAddAtomToAtomTable@12 RtlAddAtomToAtomTable=RtlAddAtomToAtomTable@12
@ -410,9 +413,11 @@ RtlFindClearBits=RtlFindClearBits@12
RtlFindClearBitsAndSet=RtlFindClearBitsAndSet@12 RtlFindClearBitsAndSet=RtlFindClearBitsAndSet@12
RtlFindClearRuns=RtlFindClearRuns@16 RtlFindClearRuns=RtlFindClearRuns@16
RtlFindLastBackwardRunClear=RtlFindLastBackwardRunClear@12 RtlFindLastBackwardRunClear=RtlFindLastBackwardRunClear@12
RtlFindLeastSignificantBit=RtlFindLeastSignificantBit@8
RtlFindLongestRunClear=RtlFindLongestRunClear@8 RtlFindLongestRunClear=RtlFindLongestRunClear@8
RtlFindLongestRunSet=RtlFindLongestRunSet@8 RtlFindLongestRunSet=RtlFindLongestRunSet@8
RtlFindMessage=RtlFindMessage@20 RtlFindMessage=RtlFindMessage@20
RtlFindMostSignificantBit=RtlFindMostSignificantBit@8
RtlFindNextForwardRunClear=RtlFindNextForwardRunClear@12 RtlFindNextForwardRunClear=RtlFindNextForwardRunClear@12
RtlFindRange=RtlFindRange@48 RtlFindRange=RtlFindRange@48
RtlFindSetBits=RtlFindSetBits@12 RtlFindSetBits=RtlFindSetBits@12
@ -974,8 +979,6 @@ wcsstr
wcstol wcstol
wcstombs wcstombs
wcstoul wcstoul
NtCurrentTeb=_NtCurrentTeb@0
;RtlIpv4StringToAddressW
;?Allocate@CBufferAllocator@@UAEPAXK@Z ;?Allocate@CBufferAllocator@@UAEPAXK@Z
;CsrCaptureMessageMultiUnicodeStringsInPlace ;CsrCaptureMessageMultiUnicodeStringsInPlace
;CsrGetProcessId ;CsrGetProcessId
@ -1092,9 +1095,7 @@ NtWaitForKeyedEvent=NtWaitForKeyedEvent@16
;RtlActivateActivationContext ;RtlActivateActivationContext
;RtlActivateActivationContextEx ;RtlActivateActivationContextEx
;RtlActivateActivationContextUnsafeFast ;RtlActivateActivationContextUnsafeFast
RtlAddAccessAllowedAceEx=RtlAddAccessAllowedAceEx@20
;RtlAddAccessAllowedObjectAce ;RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedAceEx=RtlAddAccessDeniedAceEx@20
;RtlAddAccessDeniedObjectAce ;RtlAddAccessDeniedObjectAce
;RtlAddAuditAccessAceEx ;RtlAddAuditAccessAceEx
;RtlAddAuditAccessObjectAce ;RtlAddAuditAccessObjectAce
@ -1148,8 +1149,6 @@ RtlDuplicateUnicodeString=RtlDuplicateUnicodeString@12
;RtlFindActivationContextSectionGuid ;RtlFindActivationContextSectionGuid
;RtlFindActivationContextSectionString ;RtlFindActivationContextSectionString
RtlFindCharInUnicodeString=RtlFindCharInUnicodeString@16 RtlFindCharInUnicodeString=RtlFindCharInUnicodeString@16
RtlFindLeastSignificantBit=RtlFindLeastSignificantBit@8
RtlFindMostSignificantBit=RtlFindMostSignificantBit@8
;RtlFirstEntrySList ;RtlFirstEntrySList
;RtlFlushSecureMemoryCache ;RtlFlushSecureMemoryCache
;RtlFreeThreadActivationContextStack ;RtlFreeThreadActivationContextStack
@ -1181,6 +1180,7 @@ RtlInterlockedPushEntrySList=RtlInterlockedPushEntrySList@8
;RtlIpv4AddressToStringA ;RtlIpv4AddressToStringA
;RtlIpv4AddressToStringW ;RtlIpv4AddressToStringW
;RtlIpv4StringToAddressA ;RtlIpv4StringToAddressA
;RtlIpv4StringToAddressW
;RtlIpv6AddressToStringA ;RtlIpv6AddressToStringA
;RtlIpv6AddressToStringW ;RtlIpv6AddressToStringW
;RtlIpv6StringToAddressA ;RtlIpv6StringToAddressA

137
reactos/lib/ntdll/rtl/acl.c
View file

@ -1,9 +1,9 @@
/* $Id: acl.c,v 1.10 2003/07/11 13:50:23 royce Exp $ /* $Id: acl.c,v 1.11 2004/02/02 22:38:12 ekohl Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
* PURPOSE: Security manager * PURPOSE: Security manager
* FILE: kernel/se/acl.c * FILE: lib/ntdll/rtl/acl.c
* PROGRAMER: David Welch <welch@cwcom.net> * PROGRAMER: David Welch <welch@cwcom.net>
* REVISION HISTORY: * REVISION HISTORY:
* 26/07/98: Added stubs for security functions * 26/07/98: Added stubs for security functions
@ -40,12 +40,10 @@ RtlFirstFreeAce(PACL Acl,
{ {
return(FALSE); return(FALSE);
} }
if (Current->Header.AceType == 4) if (Current->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE &&
Acl->AclRevision < ACL_REVISION3)
{ {
if (Acl->AclRevision < 3) return(FALSE);
{
return(FALSE);
}
} }
Current = (PACE)((PVOID)Current + (ULONG)Current->Header.AceSize); Current = (PACE)((PVOID)Current + (ULONG)Current->Header.AceSize);
i++; i++;
@ -73,8 +71,8 @@ RtlGetAce(PACL Acl,
*Ace = (PACE)(Acl + 1); *Ace = (PACE)(Acl + 1);
if (Acl->AclRevision != 2 && if (Acl->AclRevision < MIN_ACL_REVISION ||
Acl->AclRevision != 3) Acl->AclRevision > MAX_ACL_REVISION)
{ {
return(STATUS_INVALID_PARAMETER); return(STATUS_INVALID_PARAMETER);
} }
@ -103,11 +101,12 @@ RtlGetAce(PACL Acl,
static NTSTATUS static NTSTATUS
RtlpAddKnownAce(PACL Acl, RtlpAddKnownAce (PACL Acl,
ULONG Revision, ULONG Revision,
ACCESS_MASK AccessMask, ULONG Flags,
PSID Sid, ACCESS_MASK AccessMask,
ULONG Type) PSID Sid,
ULONG Type)
{ {
PACE Ace; PACE Ace;
@ -115,8 +114,8 @@ RtlpAddKnownAce(PACL Acl,
{ {
return(STATUS_INVALID_SID); return(STATUS_INVALID_SID);
} }
if (Acl->AclRevision > 3 || if (Acl->AclRevision > MAX_ACL_REVISION ||
Revision > 3) Revision > MAX_ACL_REVISION)
{ {
return(STATUS_UNKNOWN_REVISION); return(STATUS_UNKNOWN_REVISION);
} }
@ -137,7 +136,7 @@ RtlpAddKnownAce(PACL Acl,
{ {
return(STATUS_ALLOTTED_SPACE_EXCEEDED); return(STATUS_ALLOTTED_SPACE_EXCEEDED);
} }
Ace->Header.AceFlags = 0; Ace->Header.AceFlags = Flags;
Ace->Header.AceType = Type; Ace->Header.AceType = Type;
Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE); Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
Ace->AccessMask = AccessMask; Ace->AccessMask = AccessMask;
@ -152,12 +151,17 @@ RtlpAddKnownAce(PACL Acl,
* @implemented * @implemented
*/ */
NTSTATUS STDCALL NTSTATUS STDCALL
RtlAddAccessAllowedAce(PACL Acl, RtlAddAccessAllowedAce (IN OUT PACL Acl,
ULONG Revision, IN ULONG Revision,
ACCESS_MASK AccessMask, IN ACCESS_MASK AccessMask,
PSID Sid) IN PSID Sid)
{ {
return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 0)); return RtlpAddKnownAce (Acl,
Revision,
0,
AccessMask,
Sid,
ACCESS_ALLOWED_ACE_TYPE);
} }
@ -165,12 +169,55 @@ RtlAddAccessAllowedAce(PACL Acl,
* @implemented * @implemented
*/ */
NTSTATUS STDCALL NTSTATUS STDCALL
RtlAddAccessDeniedAce(PACL Acl, RtlAddAccessAllowedAceEx (IN OUT PACL Acl,
ULONG Revision, IN ULONG Revision,
ACCESS_MASK AccessMask, IN ULONG Flags,
PSID Sid) IN ACCESS_MASK AccessMask,
IN PSID Sid)
{ {
return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 1)); return RtlpAddKnownAce (Acl,
Revision,
Flags,
AccessMask,
Sid,
ACCESS_ALLOWED_ACE_TYPE);
}
/*
* @implemented
*/
NTSTATUS STDCALL
RtlAddAccessDeniedAce (PACL Acl,
ULONG Revision,
ACCESS_MASK AccessMask,
PSID Sid)
{
return RtlpAddKnownAce (Acl,
Revision,
0,
AccessMask,
Sid,
ACCESS_DENIED_ACE_TYPE);
}
/*
* @implemented
*/
NTSTATUS STDCALL
RtlAddAccessDeniedAceEx (IN OUT PACL Acl,
IN ULONG Revision,
IN ULONG Flags,
IN ACCESS_MASK AccessMask,
IN PSID Sid)
{
return RtlpAddKnownAce (Acl,
Revision,
Flags,
AccessMask,
Sid,
ACCESS_DENIED_ACE_TYPE);
} }
@ -211,8 +258,8 @@ RtlAddAce(PACL Acl,
PACE Current; PACE Current;
ULONG j; ULONG j;
if (Acl->AclRevision != 2 && if (Acl->AclRevision < MIN_ACL_REVISION ||
Acl->AclRevision != 3) Acl->AclRevision > MAX_ACL_REVISION)
{ {
return(STATUS_INVALID_PARAMETER); return(STATUS_INVALID_PARAMETER);
} }
@ -236,8 +283,8 @@ RtlAddAce(PACL Acl,
Current = (PACE)(Acl + 1); Current = (PACE)(Acl + 1);
while ((PVOID)Current < ((PVOID)AceList + AceListLength)) while ((PVOID)Current < ((PVOID)AceList + AceListLength))
{ {
if (AceList->Header.AceType == 4 && if (AceList->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE &&
AclRevision < 3) AclRevision < ACL_REVISION3)
{ {
return(STATUS_INVALID_PARAMETER); return(STATUS_INVALID_PARAMETER);
} }
@ -306,8 +353,8 @@ RtlAddAuditAccessAce(PACL Acl,
return(STATUS_INVALID_SID); return(STATUS_INVALID_SID);
} }
if (Acl->AclRevision > 3 || if (Acl->AclRevision > MAX_ACL_REVISION ||
Revision > 3) Revision > MAX_ACL_REVISION)
{ {
return(STATUS_REVISION_MISMATCH); return(STATUS_REVISION_MISMATCH);
} }
@ -333,7 +380,7 @@ RtlAddAuditAccessAce(PACL Acl,
} }
Ace->Header.AceFlags = Flags; Ace->Header.AceFlags = Flags;
Ace->Header.AceType = 2; Ace->Header.AceType = SYSTEM_AUDIT_ACE_TYPE;
Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE); Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
Ace->AccessMask = AccessMask; Ace->AccessMask = AccessMask;
RtlCopySid(RtlLengthSid(Sid), RtlCopySid(RtlLengthSid(Sid),
@ -377,8 +424,8 @@ RtlDeleteAce(PACL Acl,
PACE Ace; PACE Ace;
PACE Current; PACE Current;
if (Acl->AclRevision != 2 && if (Acl->AclRevision < MIN_ACL_REVISION ||
Acl->AclRevision != 3) Acl->AclRevision > MAX_ACL_REVISION)
{ {
return(STATUS_INVALID_PARAMETER); return(STATUS_INVALID_PARAMETER);
} }
@ -422,8 +469,8 @@ RtlCreateAcl(PACL Acl,
return(STATUS_BUFFER_TOO_SMALL); return(STATUS_BUFFER_TOO_SMALL);
} }
if (AclRevision != 2 && if (AclRevision < MIN_ACL_REVISION ||
AclRevision != 3) AclRevision > MAX_ACL_REVISION)
{ {
return(STATUS_INVALID_PARAMETER); return(STATUS_INVALID_PARAMETER);
} }
@ -455,8 +502,8 @@ RtlQueryInformationAcl(PACL Acl,
{ {
PACE Ace; PACE Ace;
if (Acl->AclRevision != 2 && if (Acl->AclRevision < MIN_ACL_REVISION ||
Acl->AclRevision != 3) Acl->AclRevision > MAX_ACL_REVISION)
{ {
return(STATUS_INVALID_PARAMETER); return(STATUS_INVALID_PARAMETER);
} }
@ -520,8 +567,8 @@ RtlSetInformationAcl(PACL Acl,
ULONG InformationLength, ULONG InformationLength,
ACL_INFORMATION_CLASS InformationClass) ACL_INFORMATION_CLASS InformationClass)
{ {
if (Acl->AclRevision != 2 && if (Acl->AclRevision < MIN_ACL_REVISION ||
Acl->AclRevision != 3) Acl->AclRevision > MAX_ACL_REVISION)
{ {
return(STATUS_INVALID_PARAMETER); return(STATUS_INVALID_PARAMETER);
} }
@ -558,15 +605,15 @@ RtlSetInformationAcl(PACL Acl,
* @implemented * @implemented
*/ */
BOOLEAN STDCALL BOOLEAN STDCALL
RtlValidAcl(PACL Acl) RtlValidAcl (PACL Acl)
{ {
PACE Ace; PACE Ace;
USHORT Size; USHORT Size;
Size = (Acl->AclSize + 3) & ~3; Size = (Acl->AclSize + 3) & ~3;
if (Acl->AclRevision != 2 && if (Acl->AclRevision < MIN_ACL_REVISION ||
Acl->AclRevision != 3) Acl->AclRevision > MAX_ACL_REVISION)
{ {
return(FALSE); return(FALSE);
} }

25
reactos/lib/ntdll/stubs/stubs.c
View file

@ -159,31 +159,6 @@ NTSTATUS STDCALL NtPowerInformation(DWORD x1,DWORD x2,DWORD x3,DWORD x4,DWORD x5
return(FALSE); return(FALSE);
} }
/*
* @unimplemented
*/
NTSTATUS STDCALL RtlAddAccessAllowedAceEx(
IN OUT PACL pAcl,
IN DWORD dwAceRevision,
IN DWORD AceFlags,
IN DWORD AccessMask,
IN PSID pSid)
{
return(FALSE);
}
/*
* @unimplemented
*/
NTSTATUS STDCALL RtlAddAccessDeniedAceEx(
IN OUT PACL pAcl,
IN DWORD dwAceRevision,
IN DWORD AceFlags,
IN DWORD AccessMask,
IN PSID pSid)
{
return(FALSE);
}
/* /*
* @unimplemented * @unimplemented