mirror of
https://github.com/reactos/reactos.git
synced 2024-10-04 16:36:11 +00:00
Implemented AddMandatoryAce
svn path=/trunk/; revision=24526
This commit is contained in:
parent
0414f87d02
commit
ef9ac412e7
|
@ -314,6 +314,7 @@ RtlAddAuditAccessAce@24
|
|||
RtlAddAuditAccessAceEx@28
|
||||
RtlAddAuditAccessObjectAce@36
|
||||
;RtlAddCompoundAce
|
||||
RtlAddMandatoryAce@24
|
||||
RtlAddRange@36
|
||||
RtlAddVectoredExceptionHandler@8
|
||||
RtlAdjustPrivilege@16
|
||||
|
|
|
@ -32,6 +32,7 @@ AddAce@20
|
|||
AddAuditAccessAce@24
|
||||
AddAuditAccessAceEx@28
|
||||
AddAuditAccessObjectAce@36
|
||||
AddMandatoryAce@20
|
||||
AddUsersToEncryptedFile@8
|
||||
AdjustTokenGroups@24
|
||||
AdjustTokenPrivileges@24
|
||||
|
|
|
@ -416,6 +416,35 @@ AddAuditAccessObjectAce(
|
|||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOL
|
||||
WINAPI
|
||||
AddMandatoryAce(IN OUT PACL pAcl,
|
||||
IN DWORD dwAceRevision,
|
||||
IN DWORD AceFlags,
|
||||
IN DWORD MandatoryPolicy,
|
||||
IN PSID pLabelSid)
|
||||
{
|
||||
NTSTATUS Status;
|
||||
|
||||
Status = RtlAddMandatoryAce(pAcl,
|
||||
dwAceRevision,
|
||||
AceFlags,
|
||||
MandatoryPolicy,
|
||||
SYSTEM_MANDATORY_LABEL_ACE_TYPE,
|
||||
pLabelSid);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
SetLastError(RtlNtStatusToDosError(Status));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
|
|
|
@ -759,6 +759,17 @@ RtlAddAuditAccessObjectAce(
|
|||
IN BOOLEAN Failure
|
||||
);
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
RtlAddMandatoryAce(
|
||||
IN OUT PACL Acl,
|
||||
IN ULONG Revision,
|
||||
IN ULONG Flags,
|
||||
IN ULONG MandatoryFlags,
|
||||
IN ULONG AceType,
|
||||
IN PSID LabelSid);
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
|
|
@ -572,6 +572,8 @@ typedef DWORD FLONG;
|
|||
#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS 0x00000231L
|
||||
#define DOMAIN_ALIAS_RID_DCOM_USERS 0x00000232L
|
||||
|
||||
#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
|
||||
|
||||
typedef enum
|
||||
{
|
||||
WinNullSid = 0,
|
||||
|
@ -1622,7 +1624,8 @@ typedef struct _GUID {
|
|||
#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
|
||||
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
|
||||
#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
|
||||
#define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
|
||||
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
|
||||
#define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
|
||||
/* end ntifs.h */
|
||||
typedef struct _GENERIC_MAPPING {
|
||||
ACCESS_MASK GenericRead;
|
||||
|
@ -1659,6 +1662,15 @@ typedef struct _SYSTEM_ALARM_ACE {
|
|||
ACCESS_MASK Mask;
|
||||
DWORD SidStart;
|
||||
} SYSTEM_ALARM_ACE,*PSYSTEM_ALARM_ACE;
|
||||
typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
|
||||
ACE_HEADER Header;
|
||||
ACCESS_MASK Mask;
|
||||
DWORD SidStart;
|
||||
} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
|
||||
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
|
||||
#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
|
||||
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
|
||||
#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | SYSTEM_MANDATORY_LABEL_NO_READ_UP | SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
|
||||
typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
|
||||
ACE_HEADER Header;
|
||||
ACCESS_MASK Mask;
|
||||
|
|
|
@ -141,6 +141,20 @@ RtlpAddKnownAce (PACL Acl,
|
|||
{
|
||||
return(STATUS_INVALID_SID);
|
||||
}
|
||||
|
||||
if (Type == SYSTEM_MANDATORY_LABEL_ACE_TYPE)
|
||||
{
|
||||
static const SID_IDENTIFIER_AUTHORITY MandatoryLabelAuthority = {SECURITY_MANDATORY_LABEL_AUTHORITY};
|
||||
|
||||
/* The SID's identifier authority must be SECURITY_MANDATORY_LABEL_AUTHORITY! */
|
||||
if (RtlCompareMemory(&((PISID)Sid)->IdentifierAuthority,
|
||||
&MandatoryLabelAuthority,
|
||||
sizeof(MandatoryLabelAuthority)) != sizeof(MandatoryLabelAuthority))
|
||||
{
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
|
||||
if (Acl->AclRevision > MAX_ACL_REVISION ||
|
||||
Revision > MAX_ACL_REVISION)
|
||||
{
|
||||
|
@ -605,6 +619,34 @@ RtlAddAuditAccessObjectAce(PACL Acl,
|
|||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS NTAPI
|
||||
RtlAddMandatoryAce(IN OUT PACL Acl,
|
||||
IN ULONG Revision,
|
||||
IN ULONG Flags,
|
||||
IN ULONG MandatoryFlags,
|
||||
IN ULONG AceType,
|
||||
IN PSID LabelSid)
|
||||
{
|
||||
if (MandatoryFlags & ~SYSTEM_MANDATORY_LABEL_VALID_MASK)
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
if (AceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE)
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
return RtlpAddKnownAce (Acl,
|
||||
Revision,
|
||||
Flags,
|
||||
(ACCESS_MASK)MandatoryFlags,
|
||||
NULL,
|
||||
NULL,
|
||||
LabelSid,
|
||||
AceType);
|
||||
}
|
||||
|
||||
|
||||
static VOID
|
||||
RtlpDeleteData(PVOID Ace,
|
||||
ULONG AceSize,
|
||||
|
|
Loading…
Reference in a new issue