diff --git a/reactos/lib/rtl/acl.c b/reactos/lib/rtl/acl.c index e8f7fc122d6..1f628e0ca1a 100644 --- a/reactos/lib/rtl/acl.c +++ b/reactos/lib/rtl/acl.c @@ -14,264 +14,265 @@ /* FUNCTIONS ***************************************************************/ -BOOLEAN NTAPI -RtlFirstFreeAce(PACL Acl, - PACE* Ace) +BOOLEAN +NTAPI +RtlFirstFreeAce( + PACL Acl, + PACE* Ace) { - PACE Current; - ULONG_PTR AclEnd; - ULONG i; + PACE Current; + ULONG_PTR AclEnd; + ULONG i; + PAGED_CODE_RTL(); - PAGED_CODE_RTL(); + Current = (PACE)(Acl + 1); + *Ace = NULL; - Current = (PACE)(Acl + 1); - *Ace = NULL; + if (Acl->AceCount == 0) + { + *Ace = Current; + return TRUE; + } - if (Acl->AceCount == 0) - { - *Ace = Current; - return(TRUE); - } + i = 0; + AclEnd = (ULONG_PTR)Acl + Acl->AclSize; + do + { + if ((ULONG_PTR)Current >= AclEnd) + { + return FALSE; + } + if (Current->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE && + Acl->AclRevision < ACL_REVISION3) + { + return FALSE; + } + Current = (PACE)((ULONG_PTR)Current + Current->Header.AceSize); + } + while (++i < Acl->AceCount); - i = 0; - AclEnd = (ULONG_PTR)Acl + Acl->AclSize; - do - { - if ((ULONG_PTR)Current >= AclEnd) - { - return(FALSE); - } - if (Current->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE && - Acl->AclRevision < ACL_REVISION3) - { - return(FALSE); - } - Current = (PACE)((ULONG_PTR)Current + Current->Header.AceSize); - } - while (++i < Acl->AceCount); + if ((ULONG_PTR)Current < AclEnd) + { + *Ace = Current; + } - if ((ULONG_PTR)Current < AclEnd) - { - *Ace = Current; - } - - return(TRUE); + return TRUE; } /* * @implemented */ -NTSTATUS NTAPI -RtlGetAce(PACL Acl, - ULONG AceIndex, - PVOID *Ace) +NTSTATUS +NTAPI +RtlGetAce( + PACL Acl, + ULONG AceIndex, + PVOID *Ace) { - ULONG i; + ULONG i; + PAGED_CODE_RTL(); - PAGED_CODE_RTL(); + if (Acl->AclRevision < MIN_ACL_REVISION || + Acl->AclRevision > MAX_ACL_REVISION || + AceIndex >= Acl->AceCount) + { + return STATUS_INVALID_PARAMETER; + } - if (Acl->AclRevision < MIN_ACL_REVISION || - Acl->AclRevision > MAX_ACL_REVISION || - AceIndex >= Acl->AceCount) - { - return(STATUS_INVALID_PARAMETER); - } + *Ace = (PVOID)((PACE)(Acl + 1)); - *Ace = (PVOID)((PACE)(Acl + 1)); + for (i = 0; i < AceIndex; i++) + { + if ((ULONG_PTR)*Ace >= (ULONG_PTR)Acl + Acl->AclSize) + { + return STATUS_INVALID_PARAMETER; + } + *Ace = (PVOID)((PACE)((ULONG_PTR)(*Ace) + ((PACE)(*Ace))->Header.AceSize)); + } - for (i = 0; i < AceIndex; i++) - { - if ((ULONG_PTR)*Ace >= (ULONG_PTR)Acl + Acl->AclSize) - { - return(STATUS_INVALID_PARAMETER); - } - *Ace = (PVOID)((PACE)((ULONG_PTR)(*Ace) + ((PACE)(*Ace))->Header.AceSize)); - } + if ((ULONG_PTR)*Ace >= (ULONG_PTR)Acl + Acl->AclSize) + { + return STATUS_INVALID_PARAMETER; + } - if ((ULONG_PTR)*Ace >= (ULONG_PTR)Acl + Acl->AclSize) - { - return(STATUS_INVALID_PARAMETER); - } - - return(STATUS_SUCCESS); + return STATUS_SUCCESS; } -static NTSTATUS -RtlpAddKnownAce (PACL Acl, - ULONG Revision, - ULONG Flags, - ACCESS_MASK AccessMask, - GUID *ObjectTypeGuid OPTIONAL, - GUID *InheritedObjectTypeGuid OPTIONAL, - PSID Sid, - ULONG Type) +static +NTSTATUS +RtlpAddKnownAce( + PACL Acl, + ULONG Revision, + ULONG Flags, + ACCESS_MASK AccessMask, + GUID *ObjectTypeGuid OPTIONAL, + GUID *InheritedObjectTypeGuid OPTIONAL, + PSID Sid, + ULONG Type) { - PACE Ace; - PSID SidStart; - ULONG AceSize, InvalidFlags; - ULONG AceObjectFlags = 0; - - PAGED_CODE_RTL(); + PACE Ace; + PSID SidStart; + ULONG AceSize, InvalidFlags; + ULONG AceObjectFlags = 0; + PAGED_CODE_RTL(); #if DBG - /* check if RtlpAddKnownAce was called incorrectly */ - if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL) - { - ASSERT(Type == ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE || - Type == ACCESS_ALLOWED_OBJECT_ACE_TYPE || - Type == ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE || - Type == ACCESS_DENIED_OBJECT_ACE_TYPE || - Type == SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE || - Type == SYSTEM_AUDIT_OBJECT_ACE_TYPE); - } - else - { - ASSERT(Type != ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE && - Type != ACCESS_ALLOWED_OBJECT_ACE_TYPE && - Type != ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE && - Type != ACCESS_DENIED_OBJECT_ACE_TYPE && - Type != SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE && - Type != SYSTEM_AUDIT_OBJECT_ACE_TYPE); - } + /* check if RtlpAddKnownAce was called incorrectly */ + if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL) + { + ASSERT(Type == ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE || + Type == ACCESS_ALLOWED_OBJECT_ACE_TYPE || + Type == ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE || + Type == ACCESS_DENIED_OBJECT_ACE_TYPE || + Type == SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE || + Type == SYSTEM_AUDIT_OBJECT_ACE_TYPE); + } + else + { + ASSERT(Type != ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE && + Type != ACCESS_ALLOWED_OBJECT_ACE_TYPE && + Type != ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE && + Type != ACCESS_DENIED_OBJECT_ACE_TYPE && + Type != SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE && + Type != SYSTEM_AUDIT_OBJECT_ACE_TYPE); + } #endif - if (!RtlValidSid(Sid)) - { - return(STATUS_INVALID_SID); - } + if (!RtlValidSid(Sid)) + { + return STATUS_INVALID_SID; + } - if (Type == SYSTEM_MANDATORY_LABEL_ACE_TYPE) - { - static const SID_IDENTIFIER_AUTHORITY MandatoryLabelAuthority = {SECURITY_MANDATORY_LABEL_AUTHORITY}; + if (Type == SYSTEM_MANDATORY_LABEL_ACE_TYPE) + { + static const SID_IDENTIFIER_AUTHORITY MandatoryLabelAuthority = {SECURITY_MANDATORY_LABEL_AUTHORITY}; - /* The SID's identifier authority must be SECURITY_MANDATORY_LABEL_AUTHORITY! */ - if (RtlCompareMemory(&((PISID)Sid)->IdentifierAuthority, - &MandatoryLabelAuthority, - sizeof(MandatoryLabelAuthority)) != sizeof(MandatoryLabelAuthority)) - { - return STATUS_INVALID_PARAMETER; - } - } + /* The SID's identifier authority must be SECURITY_MANDATORY_LABEL_AUTHORITY! */ + if (RtlCompareMemory(&((PISID)Sid)->IdentifierAuthority, + &MandatoryLabelAuthority, + sizeof(MandatoryLabelAuthority)) != sizeof(MandatoryLabelAuthority)) + { + return STATUS_INVALID_PARAMETER; + } + } - if (Acl->AclRevision > MAX_ACL_REVISION || - Revision > MAX_ACL_REVISION) - { - return(STATUS_UNKNOWN_REVISION); - } - if (Revision < Acl->AclRevision) - { - Revision = Acl->AclRevision; - } + if (Acl->AclRevision > MAX_ACL_REVISION || + Revision > MAX_ACL_REVISION) + { + return STATUS_UNKNOWN_REVISION; + } - /* Validate the flags */ - if (Type == SYSTEM_AUDIT_ACE_TYPE || - Type == SYSTEM_AUDIT_OBJECT_ACE_TYPE || - Type == SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE) - { - InvalidFlags = Flags & ~(VALID_INHERIT_FLAGS | + if (Revision < Acl->AclRevision) + { + Revision = Acl->AclRevision; + } + + /* Validate the flags */ + if (Type == SYSTEM_AUDIT_ACE_TYPE || + Type == SYSTEM_AUDIT_OBJECT_ACE_TYPE || + Type == SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE) + { + InvalidFlags = Flags & ~(VALID_INHERIT_FLAGS | SUCCESSFUL_ACCESS_ACE_FLAG | FAILED_ACCESS_ACE_FLAG); - } - else - { - InvalidFlags = Flags & ~VALID_INHERIT_FLAGS; - } + } + else + { + InvalidFlags = Flags & ~VALID_INHERIT_FLAGS; + } - if (InvalidFlags != 0) - { - return(STATUS_INVALID_PARAMETER); - } + if (InvalidFlags != 0) + { + return STATUS_INVALID_PARAMETER; + } - if (!RtlFirstFreeAce(Acl, &Ace)) - { - return(STATUS_INVALID_ACL); - } - if (Ace == NULL) - { - return(STATUS_ALLOTTED_SPACE_EXCEEDED); - } + if (!RtlFirstFreeAce(Acl, &Ace)) + { + return STATUS_INVALID_ACL; + } + if (Ace == NULL) + { + return STATUS_ALLOTTED_SPACE_EXCEEDED; + } - /* Calculate the size of the ACE */ - AceSize = RtlLengthSid(Sid) + sizeof(ACE); - if (ObjectTypeGuid != NULL) - { - AceObjectFlags |= ACE_OBJECT_TYPE_PRESENT; - AceSize += sizeof(GUID); - } - if (InheritedObjectTypeGuid != NULL) - { - AceObjectFlags |= ACE_INHERITED_OBJECT_TYPE_PRESENT; - AceSize += sizeof(GUID); - } + /* Calculate the size of the ACE */ + AceSize = RtlLengthSid(Sid) + sizeof(ACE); + if (ObjectTypeGuid != NULL) + { + AceObjectFlags |= ACE_OBJECT_TYPE_PRESENT; + AceSize += sizeof(GUID); + } + if (InheritedObjectTypeGuid != NULL) + { + AceObjectFlags |= ACE_INHERITED_OBJECT_TYPE_PRESENT; + AceSize += sizeof(GUID); + } - if (AceObjectFlags != 0) - { - /* Don't forget the ACE object flags - (corresponds to the Flags field in the *_OBJECT_ACE structures) */ - AceSize += sizeof(ULONG); - } + if (AceObjectFlags != 0) + { + /* Don't forget the ACE object flags + (corresponds to the Flags field in the *_OBJECT_ACE structures) */ + AceSize += sizeof(ULONG); + } - if ((ULONG_PTR)Ace + AceSize > - (ULONG_PTR)Acl + Acl->AclSize) - { - return(STATUS_ALLOTTED_SPACE_EXCEEDED); - } + if ((ULONG_PTR)Ace + AceSize > + (ULONG_PTR)Acl + Acl->AclSize) + { + return STATUS_ALLOTTED_SPACE_EXCEEDED; + } - /* initialize the header and common fields */ - Ace->Header.AceFlags = Flags; - Ace->Header.AceType = Type; - Ace->Header.AceSize = (WORD)AceSize; - Ace->AccessMask = AccessMask; + /* initialize the header and common fields */ + Ace->Header.AceFlags = Flags; + Ace->Header.AceType = Type; + Ace->Header.AceSize = (WORD)AceSize; + Ace->AccessMask = AccessMask; - if (AceObjectFlags != 0) - { - /* Write the ACE flags to the ACE - (corresponds to the Flags field in the *_OBJECT_ACE structures) */ - *(PULONG)(Ace + 1) = AceObjectFlags; - SidStart = (PSID)((ULONG_PTR)(Ace + 1) + sizeof(ULONG)); - } - else - SidStart = (PSID)(Ace + 1); + if (AceObjectFlags != 0) + { + /* Write the ACE flags to the ACE + (corresponds to the Flags field in the *_OBJECT_ACE structures) */ + *(PULONG)(Ace + 1) = AceObjectFlags; + SidStart = (PSID)((ULONG_PTR)(Ace + 1) + sizeof(ULONG)); + } + else + SidStart = (PSID)(Ace + 1); - /* copy the GUIDs */ - if (ObjectTypeGuid != NULL) - { - RtlCopyMemory(SidStart, - ObjectTypeGuid, - sizeof(GUID)); - SidStart = (PSID)((ULONG_PTR)SidStart + sizeof(GUID)); - } - if (InheritedObjectTypeGuid != NULL) - { - RtlCopyMemory(SidStart, - InheritedObjectTypeGuid, - sizeof(GUID)); - SidStart = (PSID)((ULONG_PTR)SidStart + sizeof(GUID)); - } + /* copy the GUIDs */ + if (ObjectTypeGuid != NULL) + { + RtlCopyMemory(SidStart, ObjectTypeGuid, sizeof(GUID)); + SidStart = (PSID)((ULONG_PTR)SidStart + sizeof(GUID)); + } + if (InheritedObjectTypeGuid != NULL) + { + RtlCopyMemory(SidStart, InheritedObjectTypeGuid, sizeof(GUID)); + SidStart = (PSID)((ULONG_PTR)SidStart + sizeof(GUID)); + } - /* copy the SID */ - RtlCopySid(RtlLengthSid(Sid), - SidStart, - Sid); - Acl->AceCount++; - Acl->AclRevision = Revision; - return(STATUS_SUCCESS); + /* copy the SID */ + RtlCopySid(RtlLengthSid(Sid), SidStart, Sid); + Acl->AceCount++; + Acl->AclRevision = Revision; + + return STATUS_SUCCESS; } /* * @implemented */ -NTSTATUS NTAPI -RtlAddAccessAllowedAce (IN OUT PACL Acl, - IN ULONG Revision, - IN ACCESS_MASK AccessMask, - IN PSID Sid) +NTSTATUS +NTAPI +RtlAddAccessAllowedAce( + IN OUT PACL Acl, + IN ULONG Revision, + IN ACCESS_MASK AccessMask, + IN PSID Sid) { - PAGED_CODE_RTL(); + PAGED_CODE_RTL(); - return RtlpAddKnownAce (Acl, + return RtlpAddKnownAce(Acl, Revision, 0, AccessMask, @@ -285,16 +286,18 @@ RtlAddAccessAllowedAce (IN OUT PACL Acl, /* * @implemented */ -NTSTATUS NTAPI -RtlAddAccessAllowedAceEx (IN OUT PACL Acl, - IN ULONG Revision, - IN ULONG Flags, - IN ACCESS_MASK AccessMask, - IN PSID Sid) +NTSTATUS +NTAPI +RtlAddAccessAllowedAceEx( + IN OUT PACL Acl, + IN ULONG Revision, + IN ULONG Flags, + IN ACCESS_MASK AccessMask, + IN PSID Sid) { - PAGED_CODE_RTL(); + PAGED_CODE_RTL(); - return RtlpAddKnownAce (Acl, + return RtlpAddKnownAce(Acl, Revision, Flags, AccessMask, @@ -308,26 +311,27 @@ RtlAddAccessAllowedAceEx (IN OUT PACL Acl, /* * @implemented */ -NTSTATUS NTAPI -RtlAddAccessAllowedObjectAce (IN OUT PACL Acl, - IN ULONG Revision, - IN ULONG Flags, - IN ACCESS_MASK AccessMask, - IN GUID *ObjectTypeGuid OPTIONAL, - IN GUID *InheritedObjectTypeGuid OPTIONAL, - IN PSID Sid) +NTSTATUS +NTAPI +RtlAddAccessAllowedObjectAce( + IN OUT PACL Acl, + IN ULONG Revision, + IN ULONG Flags, + IN ACCESS_MASK AccessMask, + IN GUID *ObjectTypeGuid OPTIONAL, + IN GUID *InheritedObjectTypeGuid OPTIONAL, + IN PSID Sid) { - ULONG Type; + ULONG Type; + PAGED_CODE_RTL(); - PAGED_CODE_RTL(); + /* make sure we call RtlpAddKnownAce correctly */ + if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL) + Type = ACCESS_ALLOWED_OBJECT_ACE_TYPE; + else + Type = ACCESS_ALLOWED_ACE_TYPE; - /* make sure we call RtlpAddKnownAce correctly */ - if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL) - Type = ACCESS_ALLOWED_OBJECT_ACE_TYPE; - else - Type = ACCESS_ALLOWED_ACE_TYPE; - - return RtlpAddKnownAce (Acl, + return RtlpAddKnownAce(Acl, Revision, Flags, AccessMask, @@ -341,15 +345,17 @@ RtlAddAccessAllowedObjectAce (IN OUT PACL Acl, /* * @implemented */ -NTSTATUS NTAPI -RtlAddAccessDeniedAce (PACL Acl, - ULONG Revision, - ACCESS_MASK AccessMask, - PSID Sid) +NTSTATUS +NTAPI +RtlAddAccessDeniedAce( + PACL Acl, + ULONG Revision, + ACCESS_MASK AccessMask, + PSID Sid) { - PAGED_CODE_RTL(); + PAGED_CODE_RTL(); - return RtlpAddKnownAce (Acl, + return RtlpAddKnownAce(Acl, Revision, 0, AccessMask, @@ -363,16 +369,18 @@ RtlAddAccessDeniedAce (PACL Acl, /* * @implemented */ -NTSTATUS NTAPI -RtlAddAccessDeniedAceEx (IN OUT PACL Acl, - IN ULONG Revision, - IN ULONG Flags, - IN ACCESS_MASK AccessMask, - IN PSID Sid) +NTSTATUS +NTAPI +RtlAddAccessDeniedAceEx( + IN OUT PACL Acl, + IN ULONG Revision, + IN ULONG Flags, + IN ACCESS_MASK AccessMask, + IN PSID Sid) { - PAGED_CODE_RTL(); + PAGED_CODE_RTL(); - return RtlpAddKnownAce (Acl, + return RtlpAddKnownAce(Acl, Revision, Flags, AccessMask, @@ -386,26 +394,27 @@ RtlAddAccessDeniedAceEx (IN OUT PACL Acl, /* * @implemented */ -NTSTATUS NTAPI -RtlAddAccessDeniedObjectAce (IN OUT PACL Acl, - IN ULONG Revision, - IN ULONG Flags, - IN ACCESS_MASK AccessMask, - IN GUID *ObjectTypeGuid OPTIONAL, - IN GUID *InheritedObjectTypeGuid OPTIONAL, - IN PSID Sid) +NTSTATUS +NTAPI +RtlAddAccessDeniedObjectAce( + IN OUT PACL Acl, + IN ULONG Revision, + IN ULONG Flags, + IN ACCESS_MASK AccessMask, + IN GUID *ObjectTypeGuid OPTIONAL, + IN GUID *InheritedObjectTypeGuid OPTIONAL, + IN PSID Sid) { - ULONG Type; + ULONG Type; + PAGED_CODE_RTL(); - PAGED_CODE_RTL(); + /* make sure we call RtlpAddKnownAce correctly */ + if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL) + Type = ACCESS_DENIED_OBJECT_ACE_TYPE; + else + Type = ACCESS_DENIED_ACE_TYPE; - /* make sure we call RtlpAddKnownAce correctly */ - if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL) - Type = ACCESS_DENIED_OBJECT_ACE_TYPE; - else - Type = ACCESS_DENIED_ACE_TYPE; - - return RtlpAddKnownAce (Acl, + return RtlpAddKnownAce(Acl, Revision, Flags, AccessMask, @@ -416,123 +425,118 @@ RtlAddAccessDeniedObjectAce (IN OUT PACL Acl, } -static VOID -RtlpAddData(PVOID AceList, - ULONG AceListLength, - PVOID Ace, - ULONG Offset) +static +VOID +RtlpAddData( + PVOID AceList, + ULONG AceListLength, + PVOID Ace, + ULONG Offset) { - if (Offset > 0) - { - RtlCopyMemory((PVOID)((ULONG_PTR)Ace + AceListLength), - Ace, - Offset); - } + if (Offset > 0) + { + RtlCopyMemory((PVOID)((ULONG_PTR)Ace + AceListLength), + Ace, + Offset); + } - if (AceListLength != 0) - { - RtlCopyMemory(Ace, - AceList, - AceListLength); - } + if (AceListLength != 0) + { + RtlCopyMemory(Ace, AceList, AceListLength); + } } /* * @implemented */ -NTSTATUS NTAPI -RtlAddAce(PACL Acl, - ULONG AclRevision, - ULONG StartingIndex, - PVOID AceList, - ULONG AceListLength) +NTSTATUS +NTAPI +RtlAddAce( + PACL Acl, + ULONG AclRevision, + ULONG StartingIndex, + PVOID AceList, + ULONG AceListLength) { - PACE Ace; - PACE Current; - ULONG NewAceCount; - ULONG Index; + PACE Ace; + PACE Current; + ULONG NewAceCount; + ULONG Index; + PAGED_CODE_RTL(); - PAGED_CODE_RTL(); + if (Acl->AclRevision < MIN_ACL_REVISION || + Acl->AclRevision > MAX_ACL_REVISION || + !RtlFirstFreeAce(Acl, &Ace)) + { + return STATUS_INVALID_PARAMETER; + } - if (Acl->AclRevision < MIN_ACL_REVISION || - Acl->AclRevision > MAX_ACL_REVISION || - !RtlFirstFreeAce(Acl, &Ace)) - { - return(STATUS_INVALID_PARAMETER); - } + if (Acl->AclRevision <= AclRevision) + { + AclRevision = Acl->AclRevision; + } - if (Acl->AclRevision <= AclRevision) - { - AclRevision = Acl->AclRevision; - } + if (((ULONG_PTR)AceList + AceListLength) <= (ULONG_PTR)AceList) + { + return STATUS_INVALID_PARAMETER; + } - if (((ULONG_PTR)AceList + AceListLength) <= (ULONG_PTR)AceList) - { - return(STATUS_INVALID_PARAMETER); - } + for (Current = AceList, NewAceCount = 0; + (ULONG_PTR)Current < ((ULONG_PTR)AceList + AceListLength); + Current = (PACE)((ULONG_PTR)Current + Current->Header.AceSize), + ++NewAceCount) + { + if (((PACE)AceList)->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE && + AclRevision < ACL_REVISION3) + { + return STATUS_INVALID_PARAMETER; + } + } - for (Current = AceList, NewAceCount = 0; - (ULONG_PTR)Current < ((ULONG_PTR)AceList + AceListLength); - Current = (PACE)((ULONG_PTR)Current + Current->Header.AceSize), - ++NewAceCount) - { - if (((PACE)AceList)->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE && - AclRevision < ACL_REVISION3) - { - return(STATUS_INVALID_PARAMETER); - } - } + if (Ace == NULL || + ((ULONG_PTR)Ace + AceListLength) > ((ULONG_PTR)Acl + Acl->AclSize)) + { + return STATUS_BUFFER_TOO_SMALL; + } - if (Ace == NULL || - ((ULONG_PTR)Ace + AceListLength) > ((ULONG_PTR)Acl + Acl->AclSize)) - { - return(STATUS_BUFFER_TOO_SMALL); - } + Current = (PACE)(Acl + 1); + for (Index = 0; Index < StartingIndex && Index < Acl->AceCount; Index++) + { + Current = (PACE)((ULONG_PTR)Current + Current->Header.AceSize); + } - Current = (PACE)(Acl + 1); - for (Index = 0; Index < StartingIndex && Index < Acl->AceCount; Index++) - { - Current = (PACE)((ULONG_PTR)Current + Current->Header.AceSize); - } + RtlpAddData(AceList, + AceListLength, + Current, + (ULONG)((ULONG_PTR)Ace - (ULONG_PTR)Current)); + Acl->AceCount = Acl->AceCount + NewAceCount; + Acl->AclRevision = AclRevision; - RtlpAddData(AceList, - AceListLength, - Current, - (ULONG)((ULONG_PTR)Ace - (ULONG_PTR)Current)); - Acl->AceCount = Acl->AceCount + NewAceCount; - Acl->AclRevision = AclRevision; - - return(STATUS_SUCCESS); + return STATUS_SUCCESS; } /* * @implemented */ -NTSTATUS NTAPI -RtlAddAuditAccessAce(PACL Acl, - ULONG Revision, - ACCESS_MASK AccessMask, - PSID Sid, - BOOLEAN Success, - BOOLEAN Failure) +NTSTATUS +NTAPI +RtlAddAuditAccessAce( + PACL Acl, + ULONG Revision, + ACCESS_MASK AccessMask, + PSID Sid, + BOOLEAN Success, + BOOLEAN Failure) { - ULONG Flags = 0; + ULONG Flags = 0; + PAGED_CODE_RTL(); - PAGED_CODE_RTL(); + if (Success) Flags |= SUCCESSFUL_ACCESS_ACE_FLAG; + if (Failure) Flags |= FAILED_ACCESS_ACE_FLAG; - if (Success) - { - Flags |= SUCCESSFUL_ACCESS_ACE_FLAG; - } - - if (Failure) - { - Flags |= FAILED_ACCESS_ACE_FLAG; - } - - return RtlpAddKnownAce (Acl, + return RtlpAddKnownAce(Acl, Revision, Flags, AccessMask, @@ -546,26 +550,21 @@ RtlAddAuditAccessAce(PACL Acl, /* * @implemented */ -NTSTATUS NTAPI -RtlAddAuditAccessAceEx(PACL Acl, - ULONG Revision, - ULONG Flags, - ACCESS_MASK AccessMask, - PSID Sid, - BOOLEAN Success, - BOOLEAN Failure) +NTSTATUS +NTAPI +RtlAddAuditAccessAceEx( + PACL Acl, + ULONG Revision, + ULONG Flags, + ACCESS_MASK AccessMask, + PSID Sid, + BOOLEAN Success, + BOOLEAN Failure) { - if (Success) - { - Flags |= SUCCESSFUL_ACCESS_ACE_FLAG; - } + if (Success) Flags |= SUCCESSFUL_ACCESS_ACE_FLAG; + if (Failure) Flags |= FAILED_ACCESS_ACE_FLAG; - if (Failure) - { - Flags |= FAILED_ACCESS_ACE_FLAG; - } - - return RtlpAddKnownAce (Acl, + return RtlpAddKnownAce(Acl, Revision, Flags, AccessMask, @@ -579,36 +578,38 @@ RtlAddAuditAccessAceEx(PACL Acl, /* * @implemented */ -NTSTATUS NTAPI -RtlAddAuditAccessObjectAce(PACL Acl, - ULONG Revision, - ULONG Flags, - ACCESS_MASK AccessMask, - IN GUID *ObjectTypeGuid OPTIONAL, - IN GUID *InheritedObjectTypeGuid OPTIONAL, - PSID Sid, - BOOLEAN Success, - BOOLEAN Failure) +NTSTATUS +NTAPI +RtlAddAuditAccessObjectAce( + PACL Acl, + ULONG Revision, + ULONG Flags, + ACCESS_MASK AccessMask, + IN GUID *ObjectTypeGuid OPTIONAL, + IN GUID *InheritedObjectTypeGuid OPTIONAL, + PSID Sid, + BOOLEAN Success, + BOOLEAN Failure) { - ULONG Type; + ULONG Type; - if (Success) - { - Flags |= SUCCESSFUL_ACCESS_ACE_FLAG; - } + if (Success) + { + Flags |= SUCCESSFUL_ACCESS_ACE_FLAG; + } - if (Failure) - { - Flags |= FAILED_ACCESS_ACE_FLAG; - } + if (Failure) + { + Flags |= FAILED_ACCESS_ACE_FLAG; + } - /* make sure we call RtlpAddKnownAce correctly */ - if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL) - Type = SYSTEM_AUDIT_OBJECT_ACE_TYPE; - else - Type = SYSTEM_AUDIT_ACE_TYPE; + /* make sure we call RtlpAddKnownAce correctly */ + if (ObjectTypeGuid != NULL || InheritedObjectTypeGuid != NULL) + Type = SYSTEM_AUDIT_OBJECT_ACE_TYPE; + else + Type = SYSTEM_AUDIT_ACE_TYPE; - return RtlpAddKnownAce (Acl, + return RtlpAddKnownAce(Acl, Revision, Flags, AccessMask, @@ -622,13 +623,15 @@ RtlAddAuditAccessObjectAce(PACL Acl, /* * @implemented */ -NTSTATUS NTAPI -RtlAddMandatoryAce(IN OUT PACL Acl, - IN ULONG Revision, - IN ULONG Flags, - IN ULONG MandatoryFlags, - IN ULONG AceType, - IN PSID LabelSid) +NTSTATUS +NTAPI +RtlAddMandatoryAce( + IN OUT PACL Acl, + IN ULONG Revision, + IN ULONG Flags, + IN ULONG MandatoryFlags, + IN ULONG AceType, + IN PSID LabelSid) { if (MandatoryFlags & ~SYSTEM_MANDATORY_LABEL_VALID_MASK) return STATUS_INVALID_PARAMETER; @@ -636,151 +639,156 @@ RtlAddMandatoryAce(IN OUT PACL Acl, if (AceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE) return STATUS_INVALID_PARAMETER; - return RtlpAddKnownAce (Acl, - Revision, - Flags, - (ACCESS_MASK)MandatoryFlags, - NULL, - NULL, - LabelSid, - AceType); + return RtlpAddKnownAce(Acl, + Revision, + Flags, + (ACCESS_MASK)MandatoryFlags, + NULL, + NULL, + LabelSid, + AceType); } -static VOID -RtlpDeleteData(PVOID Ace, - ULONG AceSize, - ULONG Offset) +static +VOID +RtlpDeleteData( + PVOID Ace, + ULONG AceSize, + ULONG Offset) { - if (AceSize < Offset) - { - RtlMoveMemory(Ace, - (PVOID)((ULONG_PTR)Ace + AceSize), - Offset - AceSize); - } + if (AceSize < Offset) + { + RtlMoveMemory(Ace, + (PVOID)((ULONG_PTR)Ace + AceSize), + Offset - AceSize); + } - if (Offset - AceSize < Offset) - { - RtlZeroMemory((PVOID)((ULONG_PTR)Ace + Offset - AceSize), - AceSize); - } + if (Offset - AceSize < Offset) + { + RtlZeroMemory((PVOID)((ULONG_PTR)Ace + Offset - AceSize), AceSize); + } } /* * @implemented */ -NTSTATUS NTAPI -RtlDeleteAce(PACL Acl, - ULONG AceIndex) +NTSTATUS +NTAPI +RtlDeleteAce( + PACL Acl, + ULONG AceIndex) { - PACE Ace; - PACE Current; + PACE Ace; + PACE Current; + PAGED_CODE_RTL(); - PAGED_CODE_RTL(); + if (Acl->AclRevision < MIN_ACL_REVISION || + Acl->AclRevision > MAX_ACL_REVISION || + Acl->AceCount <= AceIndex || + !RtlFirstFreeAce(Acl, &Ace)) + { + return STATUS_INVALID_PARAMETER; + } - if (Acl->AclRevision < MIN_ACL_REVISION || - Acl->AclRevision > MAX_ACL_REVISION || - Acl->AceCount <= AceIndex || - !RtlFirstFreeAce(Acl, &Ace)) - { - return(STATUS_INVALID_PARAMETER); - } + Current = (PACE)(Acl + 1); - Current = (PACE)(Acl + 1); + while(AceIndex--) + { + Current = (PACE)((ULONG_PTR)Current + Current->Header.AceSize); + } - while(AceIndex--) - { - Current = (PACE)((ULONG_PTR)Current + Current->Header.AceSize); - } + RtlpDeleteData(Current, + Current->Header.AceSize, + (ULONG)((ULONG_PTR)Ace - (ULONG_PTR)Current)); + Acl->AceCount--; - RtlpDeleteData(Current, - Current->Header.AceSize, - (ULONG)((ULONG_PTR)Ace - (ULONG_PTR)Current)); - Acl->AceCount--; - - return(STATUS_SUCCESS); + return STATUS_SUCCESS; } /* * @implemented */ -NTSTATUS NTAPI -RtlCreateAcl(PACL Acl, - ULONG AclSize, - ULONG AclRevision) +NTSTATUS +NTAPI +RtlCreateAcl( + PACL Acl, + ULONG AclSize, + ULONG AclRevision) { - PAGED_CODE_RTL(); + PAGED_CODE_RTL(); - if (AclSize < sizeof(ACL)) - { - return(STATUS_BUFFER_TOO_SMALL); - } + if (AclSize < sizeof(ACL)) + { + return STATUS_BUFFER_TOO_SMALL; + } - if (AclRevision < MIN_ACL_REVISION || - AclRevision > MAX_ACL_REVISION || - AclSize > 0xffff) - { - return(STATUS_INVALID_PARAMETER); - } + if (AclRevision < MIN_ACL_REVISION || + AclRevision > MAX_ACL_REVISION || + AclSize > 0xffff) + { + return STATUS_INVALID_PARAMETER; + } - AclSize = ROUND_UP(AclSize, 4); - Acl->AclSize = AclSize; - Acl->AclRevision = AclRevision; - Acl->AceCount = 0; - Acl->Sbz1 = 0; - Acl->Sbz2 = 0; + AclSize = ROUND_UP(AclSize, 4); + Acl->AclSize = AclSize; + Acl->AclRevision = AclRevision; + Acl->AceCount = 0; + Acl->Sbz1 = 0; + Acl->Sbz2 = 0; - return(STATUS_SUCCESS); + return STATUS_SUCCESS; } /* * @implemented */ -NTSTATUS NTAPI -RtlQueryInformationAcl(PACL Acl, - PVOID Information, - ULONG InformationLength, - ACL_INFORMATION_CLASS InformationClass) +NTSTATUS +NTAPI +RtlQueryInformationAcl( + PACL Acl, + PVOID Information, + ULONG InformationLength, + ACL_INFORMATION_CLASS InformationClass) { - PACE Ace; + PACE Ace; + PAGED_CODE_RTL(); - PAGED_CODE_RTL(); - - if (Acl->AclRevision < MIN_ACL_REVISION || + if (Acl->AclRevision < MIN_ACL_REVISION || Acl->AclRevision > MAX_ACL_REVISION) - { - return(STATUS_INVALID_PARAMETER); - } + { + return STATUS_INVALID_PARAMETER; + } - switch (InformationClass) - { - case AclRevisionInformation: - { + switch (InformationClass) + { + case AclRevisionInformation: + { PACL_REVISION_INFORMATION Info = (PACL_REVISION_INFORMATION)Information; if (InformationLength < sizeof(ACL_REVISION_INFORMATION)) { - return(STATUS_BUFFER_TOO_SMALL); + return STATUS_BUFFER_TOO_SMALL; } Info->AclRevision = Acl->AclRevision; - } - break; + } + break; - case AclSizeInformation: - { + case AclSizeInformation: + { PACL_SIZE_INFORMATION Info = (PACL_SIZE_INFORMATION)Information; if (InformationLength < sizeof(ACL_SIZE_INFORMATION)) { - return(STATUS_BUFFER_TOO_SMALL); + return STATUS_BUFFER_TOO_SMALL; } if (!RtlFirstFreeAce(Acl, &Ace)) { - return(STATUS_INVALID_PARAMETER); + return STATUS_INVALID_PARAMETER; } Info->AceCount = Acl->AceCount; @@ -794,14 +802,14 @@ RtlQueryInformationAcl(PACL Acl, Info->AclBytesInUse = Acl->AclSize; Info->AclBytesFree = 0; } - } - break; + } + break; - default: - return(STATUS_INVALID_INFO_CLASS); - } + default: + return STATUS_INVALID_INFO_CLASS; + } - return(STATUS_SUCCESS); + return STATUS_SUCCESS; } @@ -814,67 +822,67 @@ RtlSetInformationAcl(PACL Acl, ULONG InformationLength, ACL_INFORMATION_CLASS InformationClass) { - PAGED_CODE_RTL(); + PAGED_CODE_RTL(); - if (Acl->AclRevision < MIN_ACL_REVISION || + if (Acl->AclRevision < MIN_ACL_REVISION || Acl->AclRevision > MAX_ACL_REVISION) - { - return(STATUS_INVALID_PARAMETER); - } + { + return STATUS_INVALID_PARAMETER; + } - switch (InformationClass) - { - case AclRevisionInformation: - { + switch (InformationClass) + { + case AclRevisionInformation: + { PACL_REVISION_INFORMATION Info = (PACL_REVISION_INFORMATION)Information; if (InformationLength < sizeof(ACL_REVISION_INFORMATION)) { - return(STATUS_BUFFER_TOO_SMALL); + return STATUS_BUFFER_TOO_SMALL; } if (Acl->AclRevision >= Info->AclRevision) { - return(STATUS_INVALID_PARAMETER); + return STATUS_INVALID_PARAMETER; } Acl->AclRevision = Info->AclRevision; - } - break; + } + break; - default: - return(STATUS_INVALID_INFO_CLASS); + default: + return STATUS_INVALID_INFO_CLASS; } - return(STATUS_SUCCESS); + return STATUS_SUCCESS; } /* * @implemented */ -BOOLEAN NTAPI -RtlValidAcl (PACL Acl) +BOOLEAN +NTAPI +RtlValidAcl(PACL Acl) { - PACE Ace; - USHORT Size; + PACE Ace; + USHORT Size; + PAGED_CODE_RTL(); - PAGED_CODE_RTL(); + Size = ROUND_UP(Acl->AclSize, 4); - Size = ROUND_UP(Acl->AclSize, 4); + if (Acl->AclRevision < MIN_ACL_REVISION || + Acl->AclRevision > MAX_ACL_REVISION) + { + return FALSE; + } - if (Acl->AclRevision < MIN_ACL_REVISION || - Acl->AclRevision > MAX_ACL_REVISION) - { - return(FALSE); - } + if (Size != Acl->AclSize) + { + return FALSE; + } - if (Size != Acl->AclSize) - { - return(FALSE); - } - - return(RtlFirstFreeAce(Acl, &Ace)); + return RtlFirstFreeAce(Acl, &Ace); } /* EOF */