|
 |
60ddd3 |
/********************************************************/
|
|
|
60ddd3 |
/* ntapi: Native API core library */
|
|
|
60ddd3 |
/* Copyright (C) 2013--2017 Z. Gilboa */
|
|
|
60ddd3 |
/* Released under GPLv2 and GPLv3; see COPYING.NTAPI. */
|
|
|
60ddd3 |
/********************************************************/
|
|
|
60ddd3 |
|
|
|
60ddd3 |
#include <psxtypes/psxtypes.h>
|
|
|
60ddd3 |
#include <ntapi/nt_status.h>
|
|
|
60ddd3 |
#include <ntapi/nt_object.h>
|
|
|
60ddd3 |
#include <ntapi/nt_acl.h>
|
|
|
60ddd3 |
#include "ntapi_impl.h"
|
|
|
60ddd3 |
|
|
|
60ddd3 |
#define __SID_SYSTEM {1,1,{{0,0,0,0,0,5}},{18}}
|
|
|
60ddd3 |
#define __SID_OWNER_RIGHTS {1,1,{{0,0,0,0,0,3}},{4}}
|
|
|
60ddd3 |
#define __SID_AUTHENTICATED_USERS {1,1,{{0,0,0,0,0,5}},{11}}
|
|
|
60ddd3 |
|
|
|
60ddd3 |
static nt_access_allowed_ace * __acl_ace_init(
|
|
|
60ddd3 |
nt_access_allowed_ace * ace,
|
|
|
60ddd3 |
uint32_t mask,
|
|
|
60ddd3 |
const nt_sid * sid,
|
|
|
60ddd3 |
uint16_t * aces)
|
|
|
60ddd3 |
{
|
|
|
60ddd3 |
if (mask == 0)
|
|
|
60ddd3 |
return ace;
|
|
|
60ddd3 |
|
|
|
60ddd3 |
ace->mask = mask;
|
|
|
60ddd3 |
ace->header.ace_type = NT_ACE_TYPE_ACCESS_ALLOWED;
|
|
|
60ddd3 |
ace->header.ace_flags = 0;
|
|
|
60ddd3 |
ace->header.ace_size = sizeof(uint32_t) * sid->sub_authority_count
|
|
|
60ddd3 |
+ __offsetof(nt_access_allowed_ace,sid_start)
|
|
|
60ddd3 |
+ __offsetof(nt_sid,sub_authority);
|
|
|
60ddd3 |
|
|
|
60ddd3 |
__ntapi->tt_sid_copy(
|
|
|
60ddd3 |
(nt_sid *)&ace->sid_start,
|
|
|
60ddd3 |
sid);
|
|
|
60ddd3 |
|
|
|
60ddd3 |
(*aces)++;
|
|
|
60ddd3 |
|
|
|
60ddd3 |
return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size);
|
|
|
60ddd3 |
}
|
|
|
60ddd3 |
|
|
|
60ddd3 |
void __stdcall __ntapi_acl_init_common_descriptor(
|
|
|
60ddd3 |
__out nt_sd_common_buffer * sd,
|
|
|
60ddd3 |
__in const nt_sid * owner,
|
|
|
60ddd3 |
__in const nt_sid * group,
|
|
|
60ddd3 |
__in const nt_sid * other,
|
|
|
60ddd3 |
__in uint32_t owner_access,
|
|
|
60ddd3 |
__in uint32_t group_access,
|
|
|
60ddd3 |
__in uint32_t other_access,
|
|
|
60ddd3 |
__in uint32_t system_access)
|
|
|
60ddd3 |
{
|
|
|
60ddd3 |
nt_access_allowed_ace * ace;
|
|
|
60ddd3 |
uint16_t ace_count = 0;
|
|
|
60ddd3 |
nt_sid sid_system = __SID_SYSTEM;
|
|
|
60ddd3 |
nt_sid sid_owner_rights = __SID_OWNER_RIGHTS;
|
|
|
60ddd3 |
nt_sid sid_auth_users = __SID_AUTHENTICATED_USERS;
|
|
|
60ddd3 |
|
|
|
60ddd3 |
/* sd header */
|
|
|
60ddd3 |
sd->sd.revision = 1;
|
|
|
60ddd3 |
sd->sd.sbz_1st = 0;
|
|
|
60ddd3 |
sd->sd.control = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT;
|
|
|
60ddd3 |
sd->sd.offset_owner = __offsetof(nt_sd_common_buffer,owner);
|
|
|
60ddd3 |
sd->sd.offset_group = 0;
|
|
|
60ddd3 |
sd->sd.offset_dacl = __offsetof(nt_sd_common_buffer,dacl);
|
|
|
60ddd3 |
sd->sd.offset_sacl = 0;
|
|
|
60ddd3 |
|
|
|
60ddd3 |
/* owner, group, other: default sid's */
|
|
|
0a8487 |
owner = owner ? owner : __ntapi_internals()->user;
|
|
|
808392 |
group = group ? group : owner;
|
|
|
60ddd3 |
other = other ? other : &sid_auth_users;
|
|
|
60ddd3 |
|
|
|
60ddd3 |
/* owner sid */
|
|
|
60ddd3 |
__ntapi->tt_sid_copy(
|
|
|
60ddd3 |
(nt_sid *)&sd->owner,
|
|
|
60ddd3 |
owner);
|
|
|
60ddd3 |
|
|
|
60ddd3 |
/* ace's */
|
|
|
60ddd3 |
ace = (nt_access_allowed_ace *)&sd->buffer;
|
|
|
60ddd3 |
ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count);
|
|
|
808392 |
ace = __acl_ace_init(ace,owner_access,&sid_owner_rights,&ace_count);
|
|
|
60ddd3 |
ace = __acl_ace_init(ace,group_access,group,&ace_count);
|
|
|
60ddd3 |
ace = __acl_ace_init(ace,other_access,other,&ace_count);
|
|
|
60ddd3 |
|
|
|
60ddd3 |
/* dacl */
|
|
|
60ddd3 |
sd->dacl.acl_revision = 0x02;
|
|
|
60ddd3 |
sd->dacl.sbz_1st = 0;
|
|
|
60ddd3 |
sd->dacl.acl_size = (uint16_t)((char *)ace - (char *)&sd->dacl);
|
|
|
60ddd3 |
sd->dacl.ace_count = ace_count;
|
|
|
60ddd3 |
sd->dacl.sbz_2nd = 0;
|
|
|
60ddd3 |
}
|