Blame src/acl/ntapi_acl_helper.c

60ddd3
/********************************************************/
60ddd3
/*  ntapi: Native API core library                      */
60ddd3
/*  Copyright (C) 2013--2017  Z. Gilboa                 */
60ddd3
/*  Released under GPLv2 and GPLv3; see COPYING.NTAPI.  */
60ddd3
/********************************************************/
60ddd3
60ddd3
#include <psxtypes/psxtypes.h>
60ddd3
#include <ntapi/nt_status.h>
60ddd3
#include <ntapi/nt_object.h>
60ddd3
#include <ntapi/nt_acl.h>
60ddd3
#include "ntapi_impl.h"
60ddd3
60ddd3
#define __SID_SYSTEM			{1,1,{{0,0,0,0,0,5}},{18}}
60ddd3
#define __SID_OWNER_RIGHTS		{1,1,{{0,0,0,0,0,3}},{4}}
60ddd3
#define __SID_AUTHENTICATED_USERS	{1,1,{{0,0,0,0,0,5}},{11}}
60ddd3
60ddd3
static nt_access_allowed_ace * __acl_ace_init(
60ddd3
	nt_access_allowed_ace * ace,
60ddd3
	uint32_t		mask,
60ddd3
	const nt_sid *		sid,
60ddd3
	uint16_t *		aces)
60ddd3
{
60ddd3
	if (mask == 0)
60ddd3
		return ace;
60ddd3
60ddd3
	ace->mask             = mask;
60ddd3
	ace->header.ace_type  = NT_ACE_TYPE_ACCESS_ALLOWED;
60ddd3
	ace->header.ace_flags = 0;
60ddd3
	ace->header.ace_size  = sizeof(uint32_t) * sid->sub_authority_count
60ddd3
	                        + __offsetof(nt_access_allowed_ace,sid_start)
60ddd3
	                        + __offsetof(nt_sid,sub_authority);
60ddd3
60ddd3
	__ntapi->tt_sid_copy(
60ddd3
		(nt_sid *)&ace->sid_start,
60ddd3
		sid);
60ddd3
60ddd3
	(*aces)++;
60ddd3
60ddd3
	return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size);
60ddd3
}
60ddd3
60ddd3
void __stdcall __ntapi_acl_init_common_descriptor(
60ddd3
	__out	nt_sd_common_buffer *	sd,
60ddd3
	__in	const nt_sid *		owner,
60ddd3
	__in	const nt_sid *		group,
60ddd3
	__in	const nt_sid *		other,
60ddd3
	__in	uint32_t		owner_access,
60ddd3
	__in	uint32_t		group_access,
60ddd3
	__in	uint32_t		other_access,
60ddd3
	__in	uint32_t		system_access)
60ddd3
{
60ddd3
	nt_access_allowed_ace * ace;
60ddd3
	uint16_t                ace_count        = 0;
60ddd3
	nt_sid                  sid_system       = __SID_SYSTEM;
60ddd3
	nt_sid                  sid_owner_rights = __SID_OWNER_RIGHTS;
60ddd3
	nt_sid                  sid_auth_users   = __SID_AUTHENTICATED_USERS;
60ddd3
60ddd3
	/* sd header */
60ddd3
	sd->sd.revision         = 1;
60ddd3
	sd->sd.sbz_1st          = 0;
60ddd3
	sd->sd.control          = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT;
60ddd3
	sd->sd.offset_owner     = __offsetof(nt_sd_common_buffer,owner);
60ddd3
	sd->sd.offset_group     = 0;
60ddd3
	sd->sd.offset_dacl      = __offsetof(nt_sd_common_buffer,dacl);
60ddd3
	sd->sd.offset_sacl      = 0;
60ddd3
60ddd3
	/* owner, group, other: default sid's */
60ddd3
	owner = owner ? owner : __ntapi_internals()->sid;
60ddd3
	group = group ? group : &sid_owner_rights;
60ddd3
	other = other ? other : &sid_auth_users;
60ddd3
60ddd3
	/* owner sid */
60ddd3
	__ntapi->tt_sid_copy(
60ddd3
		(nt_sid *)&sd->owner,
60ddd3
		owner);
60ddd3
60ddd3
	/* ace's */
60ddd3
	ace = (nt_access_allowed_ace *)&sd->buffer;
60ddd3
	ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count);
60ddd3
	ace = __acl_ace_init(ace,owner_access,owner,&ace_count);
60ddd3
	ace = __acl_ace_init(ace,group_access,group,&ace_count);
60ddd3
	ace = __acl_ace_init(ace,other_access,other,&ace_count);
60ddd3
60ddd3
	/* dacl */
60ddd3
	sd->dacl.acl_revision   = 0x02;
60ddd3
	sd->dacl.sbz_1st        = 0;
60ddd3
	sd->dacl.acl_size       = (uint16_t)((char *)ace - (char *)&sd->dacl);
60ddd3
	sd->dacl.ace_count      = ace_count;
60ddd3
	sd->dacl.sbz_2nd        = 0;
60ddd3
60ddd3
}