Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-03 13:56:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

Implemented AddMandatoryAce

Browse source 
svn path=/trunk/; revision=24526
This commit is contained in:
Thomas Bluemel 2006-10-15 16:52:25 +00:00
parent 0414f87d02
commit ef9ac412e7
6 changed files with 97 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
reactos/dll/ntdll/def/ntdll.def
View file

@ -314,6 +314,7 @@ RtlAddAuditAccessAce@24
RtlAddAuditAccessAceEx@28 RtlAddAuditAccessAceEx@28
RtlAddAuditAccessObjectAce@36 RtlAddAuditAccessObjectAce@36
;RtlAddCompoundAce ;RtlAddCompoundAce
RtlAddMandatoryAce@24
RtlAddRange@36 RtlAddRange@36
RtlAddVectoredExceptionHandler@8 RtlAddVectoredExceptionHandler@8
RtlAdjustPrivilege@16 RtlAdjustPrivilege@16

1
reactos/dll/win32/advapi32/advapi32.def
View file

@ -32,6 +32,7 @@ AddAce@20
AddAuditAccessAce@24 AddAuditAccessAce@24
AddAuditAccessAceEx@28 AddAuditAccessAceEx@28
AddAuditAccessObjectAce@36 AddAuditAccessObjectAce@36
AddMandatoryAce@20
AddUsersToEncryptedFile@8 AddUsersToEncryptedFile@8
AdjustTokenGroups@24 AdjustTokenGroups@24
AdjustTokenPrivileges@24 AdjustTokenPrivileges@24

29
reactos/dll/win32/advapi32/sec/ac.c
View file

@ -416,6 +416,35 @@ AddAuditAccessObjectAce(
} }
/*
* @implemented
*/
BOOL
WINAPI
AddMandatoryAce(IN OUT PACL pAcl,
IN DWORD dwAceRevision,
IN DWORD AceFlags,
IN DWORD MandatoryPolicy,
IN PSID pLabelSid)
{
NTSTATUS Status;
Status = RtlAddMandatoryAce(pAcl,
dwAceRevision,
AceFlags,
MandatoryPolicy,
SYSTEM_MANDATORY_LABEL_ACE_TYPE,
pLabelSid);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/* /*
* @implemented * @implemented
*/ */

11
reactos/include/ndk/rtlfuncs.h
View file

@ -759,6 +759,17 @@ RtlAddAuditAccessObjectAce(
IN BOOLEAN Failure IN BOOLEAN Failure
); );
NTSYSAPI
NTSTATUS
NTAPI
RtlAddMandatoryAce(
IN OUT PACL Acl,
IN ULONG Revision,
IN ULONG Flags,
IN ULONG MandatoryFlags,
IN ULONG AceType,
IN PSID LabelSid);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
NTAPI NTAPI

14
reactos/include/psdk/winnt.h
View file

@ -572,6 +572,8 @@ typedef DWORD FLONG;
#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS 0x00000231L #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS 0x00000231L
#define DOMAIN_ALIAS_RID_DCOM_USERS 0x00000232L #define DOMAIN_ALIAS_RID_DCOM_USERS 0x00000232L
#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
typedef enum typedef enum
{ {
WinNullSid = 0, WinNullSid = 0,
@ -1622,7 +1624,8 @@ typedef struct _GUID {
#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE) #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF) #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10) #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
#define ACCESS_MAX_MS_V5_ACE_TYPE (0x10) #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
#define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
/* end ntifs.h */ /* end ntifs.h */
typedef struct _GENERIC_MAPPING { typedef struct _GENERIC_MAPPING {
ACCESS_MASK GenericRead; ACCESS_MASK GenericRead;
@ -1659,6 +1662,15 @@ typedef struct _SYSTEM_ALARM_ACE {
ACCESS_MASK Mask; ACCESS_MASK Mask;
DWORD SidStart; DWORD SidStart;
} SYSTEM_ALARM_ACE,*PSYSTEM_ALARM_ACE; } SYSTEM_ALARM_ACE,*PSYSTEM_ALARM_ACE;
typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD SidStart;
} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | SYSTEM_MANDATORY_LABEL_NO_READ_UP | SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
typedef struct _ACCESS_ALLOWED_OBJECT_ACE { typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
ACE_HEADER Header; ACE_HEADER Header;
ACCESS_MASK Mask; ACCESS_MASK Mask;

42
reactos/lib/rtl/acl.c
View file

@ -141,6 +141,20 @@ RtlpAddKnownAce (PACL Acl,
{ {
return(STATUS_INVALID_SID); return(STATUS_INVALID_SID);
} }
if (Type == SYSTEM_MANDATORY_LABEL_ACE_TYPE)
{
static const SID_IDENTIFIER_AUTHORITY MandatoryLabelAuthority = {SECURITY_MANDATORY_LABEL_AUTHORITY};
/* The SID's identifier authority must be SECURITY_MANDATORY_LABEL_AUTHORITY! */
if (RtlCompareMemory(&((PISID)Sid)->IdentifierAuthority,
&MandatoryLabelAuthority,
sizeof(MandatoryLabelAuthority)) != sizeof(MandatoryLabelAuthority))
{
return STATUS_INVALID_PARAMETER;
}
}
if (Acl->AclRevision > MAX_ACL_REVISION || if (Acl->AclRevision > MAX_ACL_REVISION ||
Revision > MAX_ACL_REVISION) Revision > MAX_ACL_REVISION)
{ {
@ -605,6 +619,34 @@ RtlAddAuditAccessObjectAce(PACL Acl,
} }
/*
* @implemented
*/
NTSTATUS NTAPI
RtlAddMandatoryAce(IN OUT PACL Acl,
IN ULONG Revision,
IN ULONG Flags,
IN ULONG MandatoryFlags,
IN ULONG AceType,
IN PSID LabelSid)
{
if (MandatoryFlags & ~SYSTEM_MANDATORY_LABEL_VALID_MASK)
return STATUS_INVALID_PARAMETER;
if (AceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE)
return STATUS_INVALID_PARAMETER;
return RtlpAddKnownAce (Acl,
Revision,
Flags,
(ACCESS_MASK)MandatoryFlags,
NULL,
NULL,
LabelSid,
AceType);
}
static VOID static VOID
RtlpDeleteData(PVOID Ace, RtlpDeleteData(PVOID Ace,
ULONG AceSize, ULONG AceSize,