00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
#include <ntrtlp.h>
00027
#include <seopaque.h>
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042 #define FirstAce(Acl) ((PVOID)((PUCHAR)(Acl) + sizeof(ACL)))
00043
00044
00045
00046
00047
00048
00049
00050
00051
00052
00053
00054 #define NextAce(Ace) ((PVOID)((PUCHAR)(Ace) + ((PACE_HEADER)(Ace))->AceSize))
00055
00056 #define LongAligned( ptr ) (LongAlign(ptr) == ((PVOID)(ptr)))
00057 #define WordAligned( ptr ) (WordAlign(ptr) == ((PVOID)(ptr)))
00058
00059
00060
VOID
00061
RtlpAddData (
00062 IN PVOID From,
00063 IN ULONG FromSize,
00064 IN PVOID To,
00065 IN ULONG ToSize
00066 );
00067
00068
VOID
00069
RtlpDeleteData (
00070 IN PVOID Data,
00071 IN ULONG RemoveSize,
00072 IN ULONG TotalSize
00073 );
00074
00075
#if defined(ALLOC_PRAGMA) && defined(NTOS_KERNEL_RUNTIME)
00076
#pragma alloc_text(PAGE,RtlpAddData)
00077
#pragma alloc_text(PAGE,RtlpDeleteData)
00078
#pragma alloc_text(PAGE,RtlCreateAcl)
00079
#pragma alloc_text(PAGE,RtlValidAcl)
00080
#pragma alloc_text(PAGE,RtlQueryInformationAcl)
00081
#pragma alloc_text(PAGE,RtlSetInformationAcl)
00082
#pragma alloc_text(PAGE,RtlAddAce)
00083
#pragma alloc_text(PAGE,RtlDeleteAce)
00084
#pragma alloc_text(PAGE,RtlGetAce)
00085
#pragma alloc_text(PAGE,RtlAddAccessAllowedAce)
00086
#pragma alloc_text(PAGE,RtlAddAccessAllowedAceEx)
00087
#pragma alloc_text(PAGE,RtlAddAccessAllowedObjectAce)
00088
#pragma alloc_text(PAGE,RtlAddAccessDeniedAce)
00089
#pragma alloc_text(PAGE,RtlAddAccessDeniedAceEx)
00090
#pragma alloc_text(PAGE,RtlAddAccessDeniedObjectAce)
00091
#pragma alloc_text(PAGE,RtlAddAuditAccessAce)
00092
#pragma alloc_text(PAGE,RtlAddAuditAccessAceEx)
00093
#pragma alloc_text(PAGE,RtlAddAuditAccessObjectAce)
00094
#pragma alloc_text(PAGE,RtlFirstFreeAce)
00095
#endif
00096
00097
00098
NTSTATUS
00099 RtlCreateAcl (
00100 IN PACL Acl,
00101 IN ULONG AclLength,
00102 IN ULONG AclRevision
00103 )
00104
00105
00106
00107
00108
00109
00110
00111
00112
00113
00114
00115
00116
00117
00118
00119
00120
00121
00122
00123
00124
00125
00126
00127
00128
00129
00130 {
00131
RTL_PAGED_CODE();
00132
00133
00134
00135
00136
00137
00138
if (AclLength <
sizeof(ACL)) {
00139
00140
00141
00142
00143
00144
return STATUS_BUFFER_TOO_SMALL;
00145
00146 }
00147
00148
00149
00150
00151
00152
00153
if (AclRevision < MIN_ACL_REVISION || AclRevision > MAX_ACL_REVISION) {
00154
00155
00156
00157
00158
00159
return STATUS_INVALID_PARAMETER;
00160
00161 }
00162
00163
if ( AclLength > MAXUSHORT ) {
00164
00165
return STATUS_INVALID_PARAMETER;
00166 }
00167
00168
00169
00170
00171
00172 Acl->AclRevision = (UCHAR)AclRevision;
00173 Acl->Sbz1 = 0;
00174 Acl->AclSize = (
USHORT) (AclLength & 0xfffc);
00175 Acl->AceCount = 0;
00176 Acl->Sbz2 = 0;
00177
00178
00179
00180
00181
00182
return STATUS_SUCCESS;
00183 }
00184
00185
00186 BOOLEAN
00187 RtlValidAcl (
00188 IN PACL Acl
00189 )
00190
00191
00192
00193
00194
00195
00196
00197
00198
00199
00200
00201
00202
00203
00204
00205
00206
00207
00208
00209
00210
00211 {
00212
RTL_PAGED_CODE();
00213
00214
try {
00215 PACE_HEADER Ace;
00216 PISID Sid;
00217 PISID Sid2;
00218 ULONG i;
00219 UCHAR AclRevision = ACL_REVISION2;
00220
00221
00222
00223
00224
00225
if (!ValidAclRevision(Acl)) {
00226
return(
FALSE);
00227 }
00228
00229
00230
if (!
WordAligned(&Acl->AclSize)) {
00231
return(
FALSE);
00232 }
00233
00234
if (Acl->AclSize <
sizeof(ACL)) {
00235
return(
FALSE);
00236 }
00237
00238
00239
00240
00241 Ace = ((PVOID)((PUCHAR)(Acl) +
sizeof(ACL)));
00242
00243
for (i = 0; i < Acl->AceCount; i++) {
00244
00245
00246
00247
00248
00249
00250
00251
if ((PUCHAR)Ace +
sizeof(ACE_HEADER) >= ((PUCHAR)Acl + Acl->AclSize)) {
00252
return(
FALSE);
00253 }
00254
00255
if (!
WordAligned(&Ace->AceSize)) {
00256
return(
FALSE);
00257 }
00258
00259
if ((PUCHAR)Ace + Ace->AceSize > ((PUCHAR)Acl + Acl->AclSize)) {
00260
return(
FALSE);
00261 }
00262
00263
00264
00265
00266
00267
00268
00269
00270
00271
00272
if (IsKnownAceType(Ace)) {
00273
00274
if (!
LongAligned(Ace->AceSize)) {
00275
return(
FALSE);
00276 }
00277
00278
if (Ace->AceSize <
sizeof(
KNOWN_ACE) -
sizeof(ULONG) +
sizeof(SID) -
sizeof(ULONG)) {
00279
return(
FALSE);
00280 }
00281
00282
00283
00284
00285
00286
00287 Sid = (PISID) & (((
PKNOWN_ACE)Ace)->SidStart);
00288
00289
if (Sid->Revision != SID_REVISION) {
00290
return(
FALSE);
00291 }
00292
00293
if (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) {
00294
return(
FALSE);
00295 }
00296
00297
00298
00299
00300
00301
00302
00303
if (Ace->AceSize <
sizeof(
KNOWN_ACE) -
sizeof(ULONG) +
SeLengthSid( Sid )) {
00304
return(
FALSE);
00305 }
00306
00307
00308
00309
00310
00311
00312
00313 }
else if (IsCompoundAceType(Ace)) {
00314
00315
00316
00317
00318
if ( Acl->AclRevision < ACL_REVISION3 ) {
00319
return FALSE;
00320 }
00321
00322
if (!
LongAligned(Ace->AceSize)) {
00323
return(
FALSE);
00324 }
00325
00326
if (Ace->AceSize <
sizeof(KNOWN_COMPOUND_ACE) -
sizeof(ULONG) +
sizeof(SID)) {
00327
return(
FALSE);
00328 }
00329
00330
00331
00332
00333
00334
if (((PKNOWN_COMPOUND_ACE)Ace)->CompoundAceType != COMPOUND_ACE_IMPERSONATION) {
00335
return(
FALSE);
00336 }
00337
00338
00339
00340
00341
00342
00343 Sid = (PISID) & (((PKNOWN_COMPOUND_ACE)Ace)->SidStart);
00344
00345
if (Sid->Revision != SID_REVISION) {
00346
return(
FALSE);
00347 }
00348
00349
if (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) {
00350
return(
FALSE);
00351 }
00352
00353
00354
00355
00356
00357
00358
if (Ace->AceSize <
sizeof(KNOWN_COMPOUND_ACE) -
sizeof(ULONG) +
SeLengthSid( Sid ) +
sizeof(SID)) {
00359
return(
FALSE);
00360 }
00361
00362
00363
00364
00365
00366 Sid2 = (PISID) ((PUCHAR)Sid +
SeLengthSid( Sid ));
00367
00368
if (Sid2->Revision != SID_REVISION) {
00369
return(
FALSE);
00370 }
00371
00372
if (Sid2->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) {
00373
return(
FALSE);
00374 }
00375
00376
if (Ace->AceSize <
sizeof(KNOWN_COMPOUND_ACE) -
sizeof(ULONG) +
SeLengthSid( Sid ) +
SeLengthSid( Sid2 )) {
00377
return(
FALSE);
00378 }
00379
00380
00381
00382
00383
00384
00385 }
else if (IsObjectAceType(Ace)) {
00386 ULONG GuidSize=0;
00387
00388
00389
00390
00391
if ( Acl->AclRevision < ACL_REVISION4 ) {
00392
return FALSE;
00393 }
00394
00395
if (!
LongAligned(Ace->AceSize)) {
00396
return(
FALSE);
00397 }
00398
00399
00400
00401
00402
if (Ace->AceSize <
sizeof(KNOWN_OBJECT_ACE) -
sizeof(ULONG)) {
00403
return(
FALSE);
00404 }
00405
00406
00407
00408
00409
00410
if ( RtlObjectAceObjectTypePresent( Ace ) ) {
00411 GuidSize +=
sizeof(GUID);
00412 }
00413
00414
if ( RtlObjectAceInheritedObjectTypePresent( Ace ) ) {
00415 GuidSize +=
sizeof(GUID);
00416 }
00417
00418
if (Ace->AceSize <
sizeof(KNOWN_OBJECT_ACE) -
sizeof(ULONG) + GuidSize +
sizeof(SID)) {
00419
return(
FALSE);
00420 }
00421
00422
00423
00424
00425
00426
00427 Sid = (PISID) RtlObjectAceSid( Ace );
00428
00429
if (Sid->Revision != SID_REVISION) {
00430
return(
FALSE);
00431 }
00432
00433
if (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) {
00434
return(
FALSE);
00435 }
00436
00437
if (Ace->AceSize <
sizeof(KNOWN_OBJECT_ACE) -
sizeof(ULONG) + GuidSize +
SeLengthSid( Sid ) ) {
00438
return(
FALSE);
00439 }
00440 }
00441
00442
00443
00444
00445
00446 Ace = ((PVOID)((PUCHAR)(Ace) + ((PACE_HEADER)(Ace))->AceSize));
00447 }
00448
00449
return(
TRUE);
00450
00451 } except(
EXCEPTION_EXECUTE_HANDLER) {
00452
00453
return FALSE;
00454 }
00455
00456 }
00457
00458
00459
NTSTATUS
00460 RtlQueryInformationAcl (
00461 IN PACL Acl,
00462 OUT PVOID AclInformation,
00463 IN ULONG AclInformationLength,
00464 IN ACL_INFORMATION_CLASS AclInformationClass
00465 )
00466
00467
00468
00469
00470
00471
00472
00473
00474
00475
00476
00477
00478
00479
00480
00481
00482
00483
00484
00485
00486
00487
00488
00489
00490
00491
00492
00493 {
00494 PACL_REVISION_INFORMATION RevisionInfo;
00495 PACL_SIZE_INFORMATION SizeInfo;
00496
00497
00498 PVOID FirstFree;
00499
NTSTATUS Status;
00500
00501
RTL_PAGED_CODE();
00502
00503
00504
00505
00506
00507
if (!ValidAclRevision( Acl )) {
00508
00509
return STATUS_INVALID_PARAMETER;
00510
00511 }
00512
00513
00514
00515
00516
00517
switch (AclInformationClass) {
00518
00519
case AclRevisionInformation:
00520
00521
00522
00523
00524
00525
if (AclInformationLength <
sizeof(ACL_REVISION_INFORMATION)) {
00526
00527
return STATUS_BUFFER_TOO_SMALL;
00528
00529 }
00530
00531
00532
00533
00534
00535 RevisionInfo = (PACL_REVISION_INFORMATION)AclInformation;
00536 RevisionInfo->AclRevision = Acl->AclRevision;
00537
00538
break;
00539
00540
case AclSizeInformation:
00541
00542
00543
00544
00545
00546
if (AclInformationLength <
sizeof(ACL_SIZE_INFORMATION)) {
00547
00548
return STATUS_BUFFER_TOO_SMALL;
00549
00550 }
00551
00552
00553
00554
00555
00556
if (!
RtlFirstFreeAce( Acl, &FirstFree )) {
00557
00558
00559
00560
00561
00562
return STATUS_INVALID_PARAMETER;
00563
00564 }
00565
00566
00567
00568
00569
00570
00571 SizeInfo = (PACL_SIZE_INFORMATION)AclInformation;
00572 SizeInfo->AceCount = Acl->AceCount;
00573
00574
if (FirstFree ==
NULL) {
00575
00576
00577
00578
00579
00580 SizeInfo->AclBytesInUse = Acl->AclSize;
00581
00582 SizeInfo->AclBytesFree = 0;
00583
00584 }
else {
00585
00586
00587
00588
00589
00590
00591 SizeInfo->AclBytesInUse = (ULONG)((PUCHAR)FirstFree - (PUCHAR)Acl);
00592
00593 SizeInfo->AclBytesFree = Acl->AclSize - SizeInfo->AclBytesInUse;
00594
00595 }
00596
00597
break;
00598
00599
default:
00600
00601
return STATUS_INVALID_INFO_CLASS;
00602
00603 }
00604
00605
00606
00607
00608
00609
return STATUS_SUCCESS;
00610 }
00611
00612
00613
NTSTATUS
00614 RtlSetInformationAcl (
00615 IN PACL Acl,
00616 IN PVOID AclInformation,
00617 IN ULONG AclInformationLength,
00618 IN ACL_INFORMATION_CLASS AclInformationClass
00619 )
00620
00621
00622
00623
00624
00625
00626
00627
00628
00629
00630
00631
00632
00633
00634
00635
00636
00637
00638
00639
00640
00641
00642
00643
00644
00645
00646
00647 {
00648 PACL_REVISION_INFORMATION RevisionInfo;
00649
00650
RTL_PAGED_CODE();
00651
00652
00653
00654
00655
00656
if (!ValidAclRevision( Acl )) {
00657
00658
return STATUS_INVALID_PARAMETER;
00659
00660 }
00661
00662
00663
00664
00665
00666
switch (AclInformationClass) {
00667
00668
case AclRevisionInformation:
00669
00670
00671
00672
00673
00674
if (AclInformationLength <
sizeof(ACL_REVISION_INFORMATION)) {
00675
00676
return STATUS_BUFFER_TOO_SMALL;
00677
00678 }
00679
00680
00681
00682
00683
00684 RevisionInfo = (PACL_REVISION_INFORMATION)AclInformation;
00685
00686
00687
00688
00689
00690
if (RevisionInfo->AclRevision < Acl->AclRevision ) {
00691
00692
return STATUS_INVALID_PARAMETER;
00693 }
00694
00695
00696
00697
00698
00699 Acl->AclRevision = (UCHAR)RevisionInfo->AclRevision;
00700
00701
break;
00702
00703
default:
00704
00705
return STATUS_INVALID_INFO_CLASS;
00706
00707 }
00708
00709
00710
00711
00712
00713
return STATUS_SUCCESS;
00714 }
00715
00716
00717
NTSTATUS
00718 RtlAddAce (
00719 IN OUT PACL Acl,
00720 IN ULONG AceRevision,
00721 IN ULONG StartingAceIndex,
00722 IN PVOID AceList,
00723 IN ULONG AceListLength
00724 )
00725
00726
00727
00728
00729
00730
00731
00732
00733
00734
00735
00736
00737
00738
00739
00740
00741
00742
00743
00744
00745
00746
00747
00748
00749
00750
00751
00752
00753 {
00754 PVOID FirstFree;
00755
00756 PACE_HEADER Ace;
00757 ULONG NewAceCount;
00758
00759 PVOID AcePosition;
00760 ULONG i;
00761 UCHAR NewRevision;
00762
00763
RTL_PAGED_CODE();
00764
00765
00766
00767
00768
00769
if (!
RtlValidAcl(Acl)) {
00770
00771
return STATUS_INVALID_PARAMETER;
00772
00773 }
00774
00775
00776
00777
00778
00779
00780
if (!
RtlFirstFreeAce( Acl, &FirstFree )) {
00781
00782
return STATUS_INVALID_PARAMETER;
00783
00784 }
00785
00786
00787
00788
00789
00790
00791
00792
00793
00794
00795
00796
00797 NewRevision = (UCHAR)AceRevision > Acl->AclRevision ? (UCHAR)AceRevision : Acl->AclRevision;
00798
00799
00800
00801
00802
00803
00804
00805
00806
00807
00808
00809
00810
00811
for (Ace = AceList, NewAceCount = 0;
00812 Ace < (PACE_HEADER)((PUCHAR)AceList + AceListLength);
00813 Ace =
NextAce( Ace ), NewAceCount++) {
00814
00815
00816
00817
00818
00819
if ( Ace->AceType <= ACCESS_MAX_MS_V2_ACE_TYPE ) {
00820
00821 }
else if ( Ace->AceType <= ACCESS_MAX_MS_V3_ACE_TYPE ) {
00822
if ( AceRevision < ACL_REVISION3 ) {
00823
return STATUS_INVALID_PARAMETER;
00824 }
00825 }
else if ( Ace->AceType <= ACCESS_MAX_MS_V4_ACE_TYPE ) {
00826
if ( AceRevision < ACL_REVISION4 ) {
00827
return STATUS_INVALID_PARAMETER;
00828 }
00829 }
00830 }
00831
00832
00833
00834
00835
00836
if (Ace > (PACE_HEADER)((PUCHAR)AceList + AceListLength)) {
00837
00838
return STATUS_INVALID_PARAMETER;
00839
00840 }
00841
00842
00843
00844
00845
00846
00847
if (FirstFree ==
NULL ||
00848 (PUCHAR)FirstFree + AceListLength > (PUCHAR)Acl + Acl->AclSize) {
00849
00850
return STATUS_BUFFER_TOO_SMALL;
00851
00852 }
00853
00854
00855
00856
00857
00858
00859
00860 AcePosition =
FirstAce( Acl );
00861
00862
for (i = 0; i < StartingAceIndex && i < Acl->AceCount; i++) {
00863
00864 AcePosition =
NextAce( AcePosition );
00865
00866 }
00867
00868
00869
00870
00871
00872
00873
00874
00875
RtlpAddData( AceList, AceListLength,
00876 AcePosition, (ULONG) ((PUCHAR)FirstFree - (PUCHAR)AcePosition));
00877
00878
00879
00880
00881
00882 Acl->AceCount = (
USHORT)(Acl->AceCount + NewAceCount);
00883
00884 Acl->AclRevision = NewRevision;
00885
00886
00887
00888
00889
00890
return STATUS_SUCCESS;
00891 }
00892
00893
00894
NTSTATUS
00895 RtlDeleteAce (
00896 IN OUT PACL Acl,
00897 IN ULONG AceIndex
00898 )
00899
00900
00901
00902
00903
00904
00905
00906
00907
00908
00909
00910
00911
00912
00913
00914
00915
00916
00917
00918
00919 {
00920 PVOID FirstFree;
00921
00922 PACE_HEADER Ace;
00923 ULONG i;
00924
00925
RTL_PAGED_CODE();
00926
00927
00928
00929
00930
00931
if (!
RtlValidAcl(Acl)) {
00932
00933
return STATUS_INVALID_PARAMETER;
00934
00935 }
00936
00937
00938
00939
00940
00941
00942
if (AceIndex >= Acl->AceCount) {
00943
00944
return STATUS_INVALID_PARAMETER;
00945
00946 }
00947
00948
00949
00950
00951
00952
00953
00954
if (!
RtlFirstFreeAce( Acl, &FirstFree )) {
00955
00956
return STATUS_INVALID_PARAMETER;
00957
00958 }
00959
00960
00961
00962
00963
00964
00965 Ace =
FirstAce( Acl );
00966
00967
for (i = 0; i < AceIndex; i++) {
00968
00969 Ace =
NextAce( Ace );
00970
00971 }
00972
00973
00974
00975
00976
00977
00978
00979
RtlpDeleteData( Ace, Ace->AceSize, (ULONG) ((PUCHAR)FirstFree - (PUCHAR)Ace));
00980
00981
00982
00983
00984
00985 Acl->AceCount--;
00986
00987
00988
00989
00990
00991
return STATUS_SUCCESS;
00992 }
00993
00994
00995
NTSTATUS
00996 RtlGetAce (
00997 IN PACL Acl,
00998 ULONG AceIndex,
00999 OUT PVOID *Ace
01000 )
01001
01002
01003
01004
01005
01006
01007
01008
01009
01010
01011
01012
01013
01014
01015
01016
01017
01018
01019
01020
01021
01022
01023
01024 {
01025 ULONG i;
01026
01027
RTL_PAGED_CODE();
01028
01029
01030
01031
01032
01033
if (!ValidAclRevision(Acl)) {
01034
01035
return STATUS_INVALID_PARAMETER;
01036
01037 }
01038
01039
01040
01041
01042
01043
01044
if (AceIndex >= Acl->AceCount) {
01045
01046
return STATUS_INVALID_PARAMETER;
01047
01048 }
01049
01050
01051
01052
01053
01054 *Ace =
FirstAce( Acl );
01055
01056
for (i = 0; i < AceIndex; i++) {
01057
01058
01059
01060
01061
01062
01063
if (*Ace >= (PVOID)((PUCHAR)Acl + Acl->AclSize)) {
01064
01065
return STATUS_INVALID_PARAMETER;
01066
01067 }
01068
01069
01070
01071
01072
01073 *Ace =
NextAce( *Ace );
01074
01075 }
01076
01077
01078
01079
01080
01081
01082
if (*Ace >= (PVOID)((PUCHAR)Acl + Acl->AclSize)) {
01083
01084
return STATUS_INVALID_PARAMETER;
01085
01086 }
01087
01088
01089
01090
01091
01092
return STATUS_SUCCESS;
01093
01094 }
01095
01096
01097
NTSTATUS
01098 RtlAddCompoundAce (
01099 IN PACL Acl,
01100 IN ULONG AceRevision,
01101 IN UCHAR CompoundAceType,
01102 IN ACCESS_MASK AccessMask,
01103 IN PSID ServerSid,
01104 IN PSID ClientSid
01105 )
01106
01107
01108
01109
01110
01111
01112
01113
01114
01115
01116
01117
01118
01119
01120
01121
01122
01123
01124
01125
01126
01127
01128
01129
01130
01131
01132
01133
01134
01135
01136
01137
01138
01139
01140
01141 {
01142 PVOID FirstFree;
01143
USHORT AceSize;
01144 PKNOWN_COMPOUND_ACE GrantAce;
01145 UCHAR NewRevision;
01146
01147
RTL_PAGED_CODE();
01148
01149
01150
01151
01152
01153
if (!
RtlValidSid(ServerSid) || !
RtlValidSid(ClientSid)) {
01154
return STATUS_INVALID_SID;
01155 }
01156
01157
01158
01159
01160
01161
01162
if ( Acl->AclRevision > ACL_REVISION4 ||
01163 AceRevision < ACL_REVISION3 ||
01164 AceRevision > ACL_REVISION4 ) {
01165
return STATUS_REVISION_MISMATCH;
01166 }
01167
01168
01169
01170
01171
01172
01173
01174 NewRevision = Acl->AclRevision > (UCHAR)AceRevision ? Acl->AclRevision : (UCHAR)AceRevision;
01175
01176
01177
01178
01179
01180
01181
if (!
RtlValidAcl( Acl )) {
01182
return STATUS_INVALID_ACL;
01183 }
01184
01185
if (!
RtlFirstFreeAce( Acl, &FirstFree )) {
01186
01187
return STATUS_INVALID_ACL;
01188 }
01189
01190
01191
01192
01193
01194
01195 AceSize = (
USHORT)(
sizeof(KNOWN_COMPOUND_ACE) -
01196
sizeof(ULONG) +
01197
SeLengthSid(ClientSid) +
01198
SeLengthSid(ServerSid)
01199 );
01200
01201
if ( FirstFree ==
NULL ||
01202 ((PUCHAR)FirstFree + AceSize > ((PUCHAR)Acl + Acl->AclSize))
01203 ) {
01204
01205
return STATUS_ALLOTTED_SPACE_EXCEEDED;
01206 }
01207
01208
01209
01210
01211
01212 GrantAce = (PKNOWN_COMPOUND_ACE)FirstFree;
01213 GrantAce->Header.AceFlags = 0;
01214 GrantAce->Header.AceType = ACCESS_ALLOWED_COMPOUND_ACE_TYPE;
01215 GrantAce->Header.AceSize = AceSize;
01216 GrantAce->Mask = AccessMask;
01217 GrantAce->CompoundAceType = CompoundAceType;
01218
RtlCopySid(
SeLengthSid(ServerSid), (PSID)(&GrantAce->SidStart), ServerSid );
01219
RtlCopySid(
SeLengthSid(ClientSid), (PSID)(((PCHAR)&GrantAce->SidStart) +
SeLengthSid(ServerSid)), ClientSid );
01220
01221
01222
01223
01224
01225 Acl->AceCount += 1;
01226
01227
01228
01229
01230
01231 Acl->AclRevision = NewRevision;
01232
01233
01234
01235
01236
01237
return STATUS_SUCCESS;
01238 }
01239
01240
01241
NTSTATUS
01242 RtlpAddKnownAce (
01243 IN OUT PACL Acl,
01244 IN ULONG AceRevision,
01245 IN ULONG AceFlags,
01246 IN ACCESS_MASK AccessMask,
01247 IN PSID Sid,
01248 IN UCHAR NewType
01249 )
01250
01251
01252
01253
01254
01255
01256
01257
01258
01259
01260
01261
01262
01263
01264
01265
01266
01267
01268
01269
01270
01271
01272
01273
01274
01275
01276
01277
01278
01279
01280
01281
01282
01283
01284
01285
01286
01287
01288
01289
01290
01291
01292
01293
01294 {
01295 PVOID FirstFree;
01296
USHORT AceSize;
01297
PKNOWN_ACE GrantAce;
01298 UCHAR NewRevision;
01299 ULONG TestedAceFlags;
01300
01301
RTL_PAGED_CODE();
01302
01303
01304
01305
01306
01307
if (!
RtlValidSid(Sid)) {
01308
return STATUS_INVALID_SID;
01309 }
01310
01311
01312
01313
01314
01315
if ( Acl->AclRevision > ACL_REVISION4 || AceRevision > ACL_REVISION4 ) {
01316
01317
return STATUS_REVISION_MISMATCH;
01318 }
01319
01320
01321
01322
01323
01324
01325
01326 NewRevision = Acl->AclRevision > (UCHAR)AceRevision ? Acl->AclRevision : (UCHAR)AceRevision;
01327
01328
01329
01330
01331
01332 TestedAceFlags = AceFlags & ~VALID_INHERIT_FLAGS;
01333
if ( TestedAceFlags != 0 ) {
01334
01335
if ( NewType == SYSTEM_AUDIT_ACE_TYPE ) {
01336 TestedAceFlags &=
01337 ~(SUCCESSFUL_ACCESS_ACE_FLAG|FAILED_ACCESS_ACE_FLAG);
01338 }
01339
01340
if ( TestedAceFlags != 0 ) {
01341
return STATUS_INVALID_PARAMETER;
01342 }
01343 }
01344
01345
01346
01347
01348
01349
01350
if (!
RtlValidAcl( Acl )) {
01351
return STATUS_INVALID_ACL;
01352 }
01353
if (!
RtlFirstFreeAce( Acl, &FirstFree )) {
01354
01355
return STATUS_INVALID_ACL;
01356 }
01357
01358
01359
01360
01361
01362
01363 AceSize = (
USHORT)(
sizeof(ACE_HEADER) +
01364
sizeof(ACCESS_MASK) +
01365
SeLengthSid(Sid));
01366
01367
if ( FirstFree ==
NULL ||
01368 ((PUCHAR)FirstFree + AceSize > ((PUCHAR)Acl + Acl->AclSize))
01369 ) {
01370
01371
return STATUS_ALLOTTED_SPACE_EXCEEDED;
01372 }
01373
01374
01375
01376
01377
01378 GrantAce = (
PKNOWN_ACE)FirstFree;
01379 GrantAce->
Header.AceFlags = (UCHAR)AceFlags;
01380 GrantAce->
Header.AceType = NewType;
01381 GrantAce->
Header.AceSize = AceSize;
01382 GrantAce->
Mask = AccessMask;
01383
RtlCopySid(
SeLengthSid(Sid), (PSID)(&GrantAce->
SidStart), Sid );
01384
01385
01386
01387
01388
01389 Acl->AceCount += 1;
01390
01391
01392
01393
01394
01395 Acl->AclRevision = NewRevision;
01396
01397
01398
01399
01400
01401
return STATUS_SUCCESS;
01402 }
01403
01404
NTSTATUS
01405 RtlpAddKnownObjectAce (
01406 IN OUT PACL Acl,
01407 IN ULONG AceRevision,
01408 IN ULONG AceFlags,
01409 IN ACCESS_MASK AccessMask,
01410 IN GUID *ObjectTypeGuid OPTIONAL,
01411 IN GUID *InheritedObjectTypeGuid OPTIONAL,
01412 IN PSID Sid,
01413 IN UCHAR NewType
01414 )
01415
01416
01417
01418
01419
01420
01421
01422
01423
01424
01425
01426
01427
01428
01429
01430
01431
01432
01433
01434
01435
01436
01437
01438
01439
01440
01441
01442
01443
01444
01445
01446
01447
01448
01449
01450
01451
01452
01453
01454
01455
01456
01457
01458
01459
01460
01461
01462
01463
01464
01465
01466 {
01467 PVOID FirstFree;
01468
USHORT AceSize;
01469 PKNOWN_OBJECT_ACE GrantAce;
01470 UCHAR NewRevision;
01471 ULONG TestedAceFlags;
01472 ULONG AceObjectFlags = 0;
01473 ULONG SidSize;
01474 PCHAR Where;
01475
01476
RTL_PAGED_CODE();
01477
01478
01479
01480
01481
01482
if (!
RtlValidSid(Sid)) {
01483
return STATUS_INVALID_SID;
01484 }
01485
01486
01487
01488
01489
01490
01491
if ( Acl->AclRevision > ACL_REVISION4 || AceRevision != ACL_REVISION4 ) {
01492
01493
return STATUS_REVISION_MISMATCH;
01494 }
01495
01496
01497
01498
01499
01500
01501
01502 NewRevision = Acl->AclRevision > (UCHAR)AceRevision ? Acl->AclRevision : (UCHAR)AceRevision;
01503
01504
01505
01506
01507
01508
01509 TestedAceFlags = AceFlags & ~VALID_INHERIT_FLAGS;
01510
if ( TestedAceFlags != 0 ) {
01511
01512
if ( NewType == SYSTEM_AUDIT_ACE_TYPE ||
01513 NewType == SYSTEM_AUDIT_OBJECT_ACE_TYPE ) {
01514 TestedAceFlags &=
01515 ~(SUCCESSFUL_ACCESS_ACE_FLAG|FAILED_ACCESS_ACE_FLAG);
01516 }
01517
01518
if ( TestedAceFlags != 0 ) {
01519
return STATUS_INVALID_PARAMETER;
01520 }
01521 }
01522
01523
01524
01525
01526
01527
01528
if (!
RtlValidAcl( Acl )) {
01529
return STATUS_INVALID_ACL;
01530 }
01531
if (!
RtlFirstFreeAce( Acl, &FirstFree )) {
01532
01533
return STATUS_INVALID_ACL;
01534 }
01535
01536
01537
01538
01539
01540
01541 SidSize =
SeLengthSid(Sid);
01542 AceSize = (
USHORT)(
sizeof(ACE_HEADER) +
01543
sizeof(ACCESS_MASK) +
01544
sizeof(ULONG) +
01545 SidSize);
01546
01547
if ( ARGUMENT_PRESENT(ObjectTypeGuid) ) {
01548 AceObjectFlags |= ACE_OBJECT_TYPE_PRESENT;
01549 AceSize +=
sizeof(GUID);
01550 }
01551
01552
if ( ARGUMENT_PRESENT(InheritedObjectTypeGuid) ) {
01553 AceObjectFlags |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
01554 AceSize +=
sizeof(GUID);
01555 }
01556
01557
if ( FirstFree ==
NULL ||
01558 ((PUCHAR)FirstFree + AceSize > ((PUCHAR)Acl + Acl->AclSize))
01559 ) {
01560
01561
return STATUS_ALLOTTED_SPACE_EXCEEDED;
01562 }
01563
01564
01565
01566
01567
01568 GrantAce = (PKNOWN_OBJECT_ACE)FirstFree;
01569 GrantAce->Header.AceFlags = (UCHAR) AceFlags;
01570 GrantAce->Header.AceType = NewType;
01571 GrantAce->Header.AceSize = AceSize;
01572 GrantAce->Mask = AccessMask;
01573 GrantAce->Flags = AceObjectFlags;
01574 Where = (PCHAR) (&GrantAce->SidStart);
01575
if ( ARGUMENT_PRESENT(ObjectTypeGuid) ) {
01576 RtlCopyMemory( Where, ObjectTypeGuid,
sizeof(GUID) );
01577 Where +=
sizeof(GUID);
01578 }
01579
if ( ARGUMENT_PRESENT(InheritedObjectTypeGuid) ) {
01580 RtlCopyMemory( Where, InheritedObjectTypeGuid,
sizeof(GUID) );
01581 Where +=
sizeof(GUID);
01582 }
01583
RtlCopySid( SidSize, (PSID)Where, Sid );
01584 Where += SidSize;
01585
01586
01587
01588
01589
01590 Acl->AceCount += 1;
01591
01592
01593
01594
01595
01596 Acl->AclRevision = NewRevision;
01597
01598
01599
01600
01601
01602
return STATUS_SUCCESS;
01603 }
01604
01605
01606
NTSTATUS
01607 RtlAddAccessAllowedAce (
01608 IN OUT PACL Acl,
01609 IN ULONG AceRevision,
01610 IN ACCESS_MASK AccessMask,
01611 IN PSID Sid
01612 )
01613
01614
01615
01616
01617
01618
01619
01620
01621
01622
01623
01624
01625
01626
01627
01628
01629
01630
01631
01632
01633
01634
01635
01636
01637
01638
01639
01640
01641
01642
01643
01644
01645
01646
01647
01648
01649
01650
01651 {
01652
RTL_PAGED_CODE();
01653
01654
return RtlpAddKnownAce (
01655 Acl,
01656 AceRevision,
01657 0,
01658 AccessMask,
01659 Sid,
01660 ACCESS_ALLOWED_ACE_TYPE
01661 );
01662 }
01663
01664
01665
NTSTATUS
01666 RtlAddAccessAllowedAceEx (
01667 IN OUT PACL Acl,
01668 IN ULONG AceRevision,
01669 IN ULONG AceFlags,
01670 IN ACCESS_MASK AccessMask,
01671 IN PSID Sid
01672 )
01673
01674
01675
01676
01677
01678
01679
01680
01681
01682
01683
01684
01685
01686
01687
01688
01689
01690
01691
01692
01693
01694
01695
01696
01697
01698
01699
01700
01701
01702
01703
01704
01705
01706
01707
01708
01709
01710
01711
01712 {
01713
RTL_PAGED_CODE();
01714
01715
return RtlpAddKnownAce (
01716 Acl,
01717 AceRevision,
01718 AceFlags,
01719 AccessMask,
01720 Sid,
01721 ACCESS_ALLOWED_ACE_TYPE
01722 );
01723 }
01724
01725
01726
NTSTATUS
01727 RtlAddAccessDeniedAce (
01728 IN OUT PACL Acl,
01729 IN ULONG AceRevision,
01730 IN ACCESS_MASK AccessMask,
01731 IN PSID Sid
01732 )
01733
01734
01735
01736
01737
01738
01739
01740
01741
01742
01743
01744
01745
01746
01747
01748
01749
01750
01751
01752
01753
01754
01755
01756
01757
01758
01759
01760
01761
01762
01763
01764
01765
01766
01767
01768
01769
01770
01771 {
01772
RTL_PAGED_CODE();
01773
01774
return RtlpAddKnownAce (
01775 Acl,
01776 AceRevision,
01777 0,
01778 AccessMask,
01779 Sid,
01780 ACCESS_DENIED_ACE_TYPE
01781 );
01782
01783 }
01784
01785
01786
NTSTATUS
01787 RtlAddAccessDeniedAceEx (
01788 IN OUT PACL Acl,
01789 IN ULONG AceRevision,
01790 IN ULONG AceFlags,
01791 IN ACCESS_MASK AccessMask,
01792 IN PSID Sid
01793 )
01794
01795
01796
01797
01798
01799
01800
01801
01802
01803
01804
01805
01806
01807
01808
01809
01810
01811
01812
01813
01814
01815
01816
01817
01818
01819
01820
01821
01822
01823
01824
01825
01826
01827
01828
01829
01830
01831
01832
01833 {
01834
RTL_PAGED_CODE();
01835
01836
return RtlpAddKnownAce (
01837 Acl,
01838 AceRevision,
01839 AceFlags,
01840 AccessMask,
01841 Sid,
01842 ACCESS_DENIED_ACE_TYPE
01843 );
01844
01845 }
01846
01847
01848
NTSTATUS
01849 RtlAddAuditAccessAce (
01850 IN OUT PACL Acl,
01851 IN ULONG AceRevision,
01852 IN ACCESS_MASK AccessMask,
01853 IN PSID Sid,
01854 IN BOOLEAN AuditSuccess,
01855 IN BOOLEAN AuditFailure
01856 )
01857
01858
01859
01860
01861
01862
01863
01864
01865
01866
01867
01868
01869
01870
01871
01872
01873
01874
01875
01876
01877
01878
01879
01880
01881
01882
01883
01884
01885
01886
01887
01888
01889
01890
01891
01892
01893
01894
01895
01896
01897
01898
01899
01900
01901
01902
01903
01904 {
01905 ULONG AceFlags = 0;
01906
RTL_PAGED_CODE();
01907
01908
if (AuditSuccess) {
01909 AceFlags |= SUCCESSFUL_ACCESS_ACE_FLAG;
01910 }
01911
if (AuditFailure) {
01912 AceFlags |= FAILED_ACCESS_ACE_FLAG;
01913 }
01914
01915
return RtlpAddKnownAce (
01916 Acl,
01917 AceRevision,
01918 AceFlags,
01919 AccessMask,
01920 Sid,
01921 SYSTEM_AUDIT_ACE_TYPE );
01922
01923 }
01924
01925
NTSTATUS
01926 RtlAddAuditAccessAceEx (
01927 IN OUT PACL Acl,
01928 IN ULONG AceRevision,
01929 IN ULONG AceFlags,
01930 IN ACCESS_MASK AccessMask,
01931 IN PSID Sid,
01932 IN BOOLEAN AuditSuccess,
01933 IN BOOLEAN AuditFailure
01934 )
01935
01936
01937
01938
01939
01940
01941
01942
01943
01944
01945
01946
01947
01948
01949
01950
01951
01952
01953
01954
01955
01956
01957
01958
01959
01960
01961
01962
01963
01964
01965
01966
01967
01968
01969
01970
01971
01972
01973
01974
01975
01976
01977
01978
01979
01980
01981
01982
01983
01984
01985
01986 {
01987
RTL_PAGED_CODE();
01988
01989
if (AuditSuccess) {
01990 AceFlags |= SUCCESSFUL_ACCESS_ACE_FLAG;
01991 }
01992
if (AuditFailure) {
01993 AceFlags |= FAILED_ACCESS_ACE_FLAG;
01994 }
01995
01996
return RtlpAddKnownAce (
01997 Acl,
01998 AceRevision,
01999 AceFlags,
02000 AccessMask,
02001 Sid,
02002 SYSTEM_AUDIT_ACE_TYPE );
02003
02004 }
02005
02006
02007
NTSTATUS
02008 RtlAddAccessAllowedObjectAce (
02009 IN OUT PACL Acl,
02010 IN ULONG AceRevision,
02011 IN ULONG AceFlags,
02012 IN ACCESS_MASK AccessMask,
02013 IN GUID *ObjectTypeGuid OPTIONAL,
02014 IN GUID *InheritedObjectTypeGuid OPTIONAL,
02015 IN PSID Sid
02016 )
02017
02018
02019
02020
02021
02022
02023
02024
02025
02026
02027
02028
02029
02030
02031
02032
02033
02034
02035
02036
02037
02038
02039
02040
02041
02042
02043
02044
02045
02046
02047
02048
02049
02050
02051
02052
02053
02054
02055
02056
02057
02058
02059
02060
02061
02062
02063 {
02064
RTL_PAGED_CODE();
02065
02066
02067
02068
02069
02070
if (ObjectTypeGuid ==
NULL && InheritedObjectTypeGuid ==
NULL ) {
02071
return RtlpAddKnownAce (
02072 Acl,
02073 AceRevision,
02074 AceFlags,
02075 AccessMask,
02076 Sid,
02077 ACCESS_ALLOWED_ACE_TYPE
02078 );
02079 }
02080
02081
return RtlpAddKnownObjectAce (
02082 Acl,
02083 AceRevision,
02084 AceFlags,
02085 AccessMask,
02086 ObjectTypeGuid,
02087 InheritedObjectTypeGuid,
02088 Sid,
02089 ACCESS_ALLOWED_OBJECT_ACE_TYPE
02090 );
02091 }
02092
02093
02094
NTSTATUS
02095 RtlAddAccessDeniedObjectAce (
02096 IN OUT PACL Acl,
02097 IN ULONG AceRevision,
02098 IN ULONG AceFlags,
02099 IN ACCESS_MASK AccessMask,
02100 IN GUID *ObjectTypeGuid OPTIONAL,
02101 IN GUID *InheritedObjectTypeGuid OPTIONAL,
02102 IN PSID Sid
02103 )
02104
02105
02106
02107
02108
02109
02110
02111
02112
02113
02114
02115
02116
02117
02118
02119
02120
02121
02122
02123
02124
02125
02126
02127
02128
02129
02130
02131
02132
02133
02134
02135
02136
02137
02138
02139
02140
02141
02142
02143
02144
02145
02146
02147
02148
02149
02150 {
02151
RTL_PAGED_CODE();
02152
02153
02154
02155
02156
02157
if (ObjectTypeGuid ==
NULL && InheritedObjectTypeGuid ==
NULL ) {
02158
return RtlpAddKnownAce (
02159 Acl,
02160 AceRevision,
02161 AceFlags,
02162 AccessMask,
02163 Sid,
02164 ACCESS_DENIED_ACE_TYPE
02165 );
02166 }
02167
02168
return RtlpAddKnownObjectAce (
02169 Acl,
02170 AceRevision,
02171 AceFlags,
02172 AccessMask,
02173 ObjectTypeGuid,
02174 InheritedObjectTypeGuid,
02175 Sid,
02176 ACCESS_DENIED_OBJECT_ACE_TYPE
02177 );
02178 }
02179
02180
02181
NTSTATUS
02182 RtlAddAuditAccessObjectAce (
02183 IN OUT PACL Acl,
02184 IN ULONG AceRevision,
02185 IN ULONG AceFlags,
02186 IN ACCESS_MASK AccessMask,
02187 IN GUID *ObjectTypeGuid OPTIONAL,
02188 IN GUID *InheritedObjectTypeGuid OPTIONAL,
02189 IN PSID Sid,
02190 IN BOOLEAN AuditSuccess,
02191 IN BOOLEAN AuditFailure
02192 )
02193
02194
02195
02196
02197
02198
02199
02200
02201
02202
02203
02204
02205
02206
02207
02208
02209
02210
02211
02212
02213
02214
02215
02216
02217
02218
02219
02220
02221
02222
02223
02224
02225
02226
02227
02228
02229
02230
02231
02232
02233
02234
02235
02236
02237
02238
02239
02240
02241
02242
02243
02244
02245 {
02246
RTL_PAGED_CODE();
02247
02248
if (AuditSuccess) {
02249 AceFlags |= SUCCESSFUL_ACCESS_ACE_FLAG;
02250 }
02251
if (AuditFailure) {
02252 AceFlags |= FAILED_ACCESS_ACE_FLAG;
02253 }
02254
02255
02256
02257
02258
02259
if (ObjectTypeGuid ==
NULL && InheritedObjectTypeGuid ==
NULL ) {
02260
return RtlpAddKnownAce (
02261 Acl,
02262 AceRevision,
02263 AceFlags,
02264 AccessMask,
02265 Sid,
02266 SYSTEM_AUDIT_ACE_TYPE
02267 );
02268 }
02269
02270
return RtlpAddKnownObjectAce (
02271 Acl,
02272 AceRevision,
02273 AceFlags,
02274 AccessMask,
02275 ObjectTypeGuid,
02276 InheritedObjectTypeGuid,
02277 Sid,
02278 SYSTEM_AUDIT_OBJECT_ACE_TYPE
02279 );
02280 }
02281
02282
#if 0
02283
02284
NTSTATUS
02285 RtlMakePosixAcl(
02286 IN ULONG AclRevision,
02287 IN PSID UserSid,
02288 IN PSID GroupSid,
02289 IN ACCESS_MASK UserAccess,
02290 IN ACCESS_MASK GroupAccess,
02291 IN ACCESS_MASK OtherAccess,
02292 IN ULONG AclLength,
02293 OUT PACL Acl,
02294 OUT PULONG ReturnLength
02295 )
02296
02297
02298
02299
02300
02301
02302
02303
02304
02305
02306
02307
02308
02309
02310
02311
02312
02313
02314
02315
02316
02317
02318
02319
02320
02321
02322
02323
02324
02325
02326
02327
02328
02329
02330
02331
02332
02333
02334
02335
02336
02337
02338
02339
02340
02341
02342 {
02343
02344 SID_IDENTIFIER_AUTHORITY WorldSidAuthority = SECURITY_WORLD_SID_AUTHORITY;
02345
02346 ULONG UserSidLength;
02347 ULONG GroupSidLength;
02348 ULONG WorldSidLength;
02349 ULONG RequiredAclSize;
02350 ULONG AceSize;
02351 ULONG CurrentAce;
02352 PACCESS_ALLOWED_ACE Ace;
02353
NTSTATUS Status;
02354
02355
RTL_PAGED_CODE();
02356
02357
if (!
RtlValidSid( UserSid ) || !
RtlValidSid( GroupSid )) {
02358
return( STATUS_INVALID_SID );
02359 }
02360
02361 UserSidLength =
SeLengthSid( UserSid );
02362 GroupSidLength =
SeLengthSid( GroupSid );
02363 WorldSidLength =
RtlLengthRequiredSid( 1 );
02364
02365
02366
02367
02368
02369
02370 RequiredAclSize =
sizeof( ACL );
02371
02372 AceSize =
sizeof( ACCESS_ALLOWED_ACE ) -
sizeof( ULONG );
02373
02374 RequiredAclSize += (AceSize * 3) +
02375 UserSidLength +
02376 GroupSidLength +
02377 WorldSidLength ;
02378
02379
if (RequiredAclSize > AclLength) {
02380 *ReturnLength = RequiredAclSize;
02381
return( STATUS_BUFFER_TOO_SMALL );
02382 }
02383
02384
02385
02386
02387
02388
Status =
RtlCreateAcl(
02389 Acl,
02390 RequiredAclSize,
02391 AclRevision
02392 );
02393
02394
if (!
NT_SUCCESS( Status )) {
02395
return(
Status );
02396 }
02397
02398 CurrentAce = (ULONG)Acl +
sizeof( ACL );
02399 Ace = (PACCESS_ALLOWED_ACE)CurrentAce;
02400
02401
02402
02403
02404
02405 Ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
02406 Ace->Header.AceSize = (
USHORT)(UserSidLength + AceSize);
02407 Ace->Header.AceFlags = 0;
02408
02409 Ace->Mask = UserAccess;
02410
02411 RtlMoveMemory(
02412 (PVOID)(Ace->SidStart),
02413 UserSid,
02414 UserSidLength
02415 );
02416
02417 CurrentAce += (ULONG)(Ace->Header.AceSize);
02418 Ace = (PACCESS_ALLOWED_ACE)CurrentAce;
02419
02420
02421
02422
02423
02424 Ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
02425 Ace->Header.AceSize = (
USHORT)(GroupSidLength + AceSize);
02426 Ace->Header.AceFlags = 0;
02427
02428 Ace->Mask = GroupAccess;
02429
02430 RtlMoveMemory(
02431 (PVOID)(Ace->SidStart),
02432 GroupSid,
02433 GroupSidLength
02434 );
02435
02436 CurrentAce += (ULONG)(Ace->Header.AceSize);
02437 Ace = (PACCESS_ALLOWED_ACE)CurrentAce;
02438
02439
02440
02441
02442
02443 Ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
02444 Ace->Header.AceSize = (
USHORT)(GroupSidLength + AceSize);
02445 Ace->Header.AceFlags = 0;
02446
02447 Ace->Mask = OtherAccess;
02448
02449
RtlInitializeSid(
02450 (PSID)(Ace->SidStart),
02451 &WorldSidAuthority,
02452 1
02453 );
02454
02455 *(
RtlSubAuthoritySid((PSID)(Ace->SidStart), 0 )) = SECURITY_WORLD_RID;
02456
02457
return( STATUS_SUCCESS );
02458
02459 }
02460
02461
NTSTATUS
02462 RtlInterpretPosixAcl(
02463 IN ULONG AclRevision,
02464 IN PSID UserSid,
02465 IN PSID GroupSid,
02466 IN PACL Acl,
02467 OUT PACCESS_MASK UserAccess,
02468 OUT PACCESS_MASK GroupAccess,
02469 OUT PACCESS_MASK OtherAccess
02470 )
02471
02472
02473
02474
02475
02476
02477
02478
02479
02480
02481
02482
02483
02484
02485
02486
02487
02488
02489
02490
02491
02492
02493
02494
02495
02496
02497
02498
02499
02500
02501
02502
02503
02504
02505
02506
02507
02508
02509
02510
02511
02512
02513
02514
02515
02516
02517
02518
02519 {
02520
NTSTATUS Status = STATUS_SUCCESS;
02521 BOOLEAN UserFound =
FALSE;
02522 BOOLEAN GroupFound =
FALSE;
02523 BOOLEAN OtherFound =
FALSE;
02524 ULONG i;
02525
PKNOWN_ACE Ace;
02526
02527
RTL_PAGED_CODE();
02528
02529
if (AclRevision != ACL_REVISION2) {
02530
return( STATUS_UNKNOWN_REVISION );
02531 }
02532
02533
if (Acl->AceCount > 3) {
02534
Status = STATUS_EXTRANEOUS_INFORMATION;
02535 }
02536
02537
for (i=0, Ace =
FirstAce( Acl );
02538 (i < Acl->AceCount) && (!UserFound || !GroupFound || !OtherFound);
02539 i++, Ace =
NextAce( Ace )) {
02540
02541
if (Ace->Header.AceType != ACCESS_ALLOWED_ACE_TYPE) {
02542
Status = STATUS_EXTRANEOUS_INFORMATION;
02543
continue;
02544 }
02545
02546
if (
RtlEqualSid(
02547 (PSID)(Ace->SidStart),
02548 UserSid
02549 ) && !UserFound) {
02550
02551 *UserAccess = Ace->Mask;
02552 UserFound =
TRUE;
02553
continue;
02554 }
02555
02556
if (
RtlEqualSid(
02557 (PSID)(Ace->SidStart),
02558 GroupSid
02559 ) && !GroupFound) {
02560
02561 *GroupAccess = Ace->Mask;
02562 GroupFound =
TRUE;
02563
continue;
02564 }
02565
02566
02567
02568
02569
02570
02571
if (!OtherFound) {
02572 *OtherAccess = Ace->Mask;
02573 OtherFound =
TRUE;
02574
continue;
02575 }
02576
02577 }
02578
02579
02580
02581
02582
02583
if (!UserFound || !GroupFound || !OtherFound) {
02584
Status = STATUS_COULD_NOT_INTERPRET;
02585 }
02586
02587
return(
Status );
02588
02589 }
02590
02591
#endif // 0
02592
02593
02594
02595
02596
02597
02598 BOOLEAN
02599 RtlFirstFreeAce (
02600 IN PACL Acl,
02601 OUT PVOID *FirstFree
02602 )
02603
02604
02605
02606
02607
02608
02609
02610
02611
02612
02613
02614
02615
02616
02617
02618
02619
02620
02621
02622
02623
02624
02625 {
02626 PACE_HEADER Ace;
02627 ULONG i;
02628
02629
RTL_PAGED_CODE();
02630
02631
02632
02633
02634
02635
02636
02637
02638
02639 *FirstFree =
NULL;
02640
02641
for ( i=0, Ace =
FirstAce( Acl );
02642 i < Acl->AceCount;
02643 i++, Ace =
NextAce( Ace )) {
02644
02645
02646
02647
02648
02649
02650
if (Ace >= (PACE_HEADER)((PUCHAR)Acl + Acl->AclSize)) {
02651
02652
return FALSE;
02653
02654 }
02655
02656 }
02657
02658
02659
02660
02661
02662
02663
02664
if (Ace <= (PACE_HEADER)((PUCHAR)Acl + Acl->AclSize)) {
02665
02666 *FirstFree = Ace;
02667 }
02668
02669
02670
02671
02672
02673
02674
return TRUE;
02675
02676 }
02677
02678
02679
02680
02681
02682
02683
VOID
02684 RtlpAddData (
02685 IN PVOID From,
02686 IN ULONG FromSize,
02687 IN PVOID To,
02688 IN ULONG ToSize
02689 )
02690
02691
02692
02693
02694
02695
02696
02697
02698
02699
02700
02701
02702
02703
02704
02705
02706
02707
02708
02709
02710
02711
02712
02713
02714
02715
02716
02717
02718
02719
02720
02721
02722
02723
02724
02725
02726
02727
02728 {
02729 LONG i;
02730
02731
02732
02733
02734
02735
for (i = ToSize - 1; i >= 0; i--) {
02736
02737 ((PUCHAR)To)[i+FromSize] = ((PUCHAR)To)[i];
02738 }
02739
02740
02741
02742
02743
02744
for (i = 0; (ULONG)i < FromSize; i += 1) {
02745
02746 ((PUCHAR)To)[i] = ((PUCHAR)From)[i];
02747
02748 }
02749
02750
02751
02752
02753
02754
return;
02755
02756 }
02757
02758
02759
02760
02761
02762
02763
VOID
02764 RtlpDeleteData (
02765 IN PVOID Data,
02766 IN ULONG RemoveSize,
02767 IN ULONG TotalSize
02768 )
02769
02770
02771
02772
02773
02774
02775
02776
02777
02778
02779
02780
02781
02782
02783
02784
02785
02786
02787
02788
02789
02790
02791
02792
02793
02794
02795
02796
02797
02798
02799
02800
02801
02802
02803
02804 {
02805 ULONG i;
02806
02807
02808
02809
02810
02811
for (i = RemoveSize; i < TotalSize; i++) {
02812
02813 ((PUCHAR)Data)[i-RemoveSize] = ((PUCHAR)Data)[i];
02814
02815 }
02816
02817
02818
02819
02820
02821
for (i = TotalSize - RemoveSize; i < TotalSize; i++) {
02822
02823 ((PUCHAR)Data)[i] = 0;
02824 }
02825
02826
02827
02828
02829
02830
return;
02831
02832 }