|
|
dd89bb |
/********************************************************/
|
|
|
dd89bb |
/* ntapi: Native API core library */
|
|
|
dde53a |
/* Copyright (C) 2013--2017 Z. Gilboa */
|
|
|
dd89bb |
/* Released under GPLv2 and GPLv3; see COPYING.NTAPI. */
|
|
|
dd89bb |
/********************************************************/
|
|
|
dd89bb |
|
|
|
dd89bb |
#include <psxtypes/psxtypes.h>
|
|
|
dd89bb |
#include <ntapi/nt_object.h>
|
|
|
dd89bb |
#include <ntapi/nt_guid.h>
|
|
|
dd89bb |
#include <ntapi/nt_string.h>
|
|
|
b8eeed |
#include <ntapi/nt_acl.h>
|
|
|
dd89bb |
#include "ntapi_impl.h"
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef ntapi_zw_open_directory_object objdir_open_fn;
|
|
|
dd89bb |
|
|
|
1219be |
static nt_keyed_objdir_name __template_name = {__NT_BASED_NAMED_OBJECTS,
|
|
|
1219be |
0,
|
|
|
1219be |
{0,0,0,0,0,0},
|
|
|
1219be |
{0,{0},0},
|
|
|
1219be |
{0}};
|
|
|
af6bd7 |
|
|
|
661c27 |
|
|
|
b8eeed |
static nt_access_allowed_ace * __ipc_ace_init(
|
|
|
b8eeed |
nt_access_allowed_ace * ace,
|
|
|
b8eeed |
uint32_t mask,
|
|
|
b8eeed |
const nt_sid * sid)
|
|
|
b8eeed |
{
|
|
|
b8eeed |
ace->mask = mask;
|
|
|
b8eeed |
ace->header.ace_type = NT_ACE_TYPE_ACCESS_ALLOWED;
|
|
|
b8eeed |
ace->header.ace_flags = 0;
|
|
|
b8eeed |
ace->header.ace_size = sizeof(uint32_t) * sid->sub_authority_count
|
|
|
b8eeed |
+ __offsetof(nt_access_allowed_ace,sid_start)
|
|
|
b8eeed |
+ __offsetof(nt_sid,sub_authority);
|
|
|
b8eeed |
|
|
|
b8eeed |
__ntapi->tt_sid_copy(
|
|
|
b8eeed |
(nt_sid *)&ace->sid_start,
|
|
|
b8eeed |
sid);
|
|
|
b8eeed |
|
|
|
b8eeed |
return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size);
|
|
|
b8eeed |
}
|
|
|
b8eeed |
|
|
|
b8eeed |
static void __ipc_sd_init(nt_sd_common_buffer * sd, int fdir)
|
|
|
b8eeed |
{
|
|
|
b8eeed |
nt_access_allowed_ace * ace;
|
|
|
b8eeed |
uint32_t mask_system;
|
|
|
b8eeed |
uint32_t mask_owner;
|
|
|
b8eeed |
uint32_t mask_other;
|
|
|
b8eeed |
|
|
|
b8eeed |
/* access mask */
|
|
|
b8eeed |
if (fdir) {
|
|
|
b8eeed |
mask_system = NT_SEC_READ_CONTROL
|
|
|
b8eeed |
| NT_DIRECTORY_QUERY
|
|
|
b8eeed |
| NT_DIRECTORY_TRAVERSE
|
|
|
b8eeed |
| NT_DIRECTORY_CREATE_OBJECT
|
|
|
b8eeed |
| NT_DIRECTORY_CREATE_SUBDIRECTORY;
|
|
|
b8eeed |
|
|
|
b8eeed |
mask_owner = NT_DIRECTORY_ALL_ACCESS;
|
|
|
b8eeed |
mask_other = mask_system;
|
|
|
b8eeed |
} else {
|
|
|
b8eeed |
mask_system = NT_SYMBOLIC_LINK_ALL_ACCESS;
|
|
|
b8eeed |
mask_owner = NT_SYMBOLIC_LINK_ALL_ACCESS;
|
|
|
b8eeed |
mask_other = NT_SYMBOLIC_LINK_QUERY;
|
|
|
b8eeed |
}
|
|
|
b8eeed |
|
|
|
b8eeed |
/* sd header */
|
|
|
b8eeed |
sd->sd.revision = 1;
|
|
|
b8eeed |
sd->sd.sbz_1st = 0;
|
|
|
b8eeed |
sd->sd.control = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT;
|
|
|
b8eeed |
sd->sd.offset_owner = __offsetof(nt_sd_common_buffer,owner);
|
|
|
b8eeed |
sd->sd.offset_group = 0;
|
|
|
b8eeed |
sd->sd.offset_dacl = __offsetof(nt_sd_common_buffer,dacl);
|
|
|
b8eeed |
sd->sd.offset_sacl = 0;
|
|
|
b8eeed |
|
|
|
b8eeed |
/* owner sid */
|
|
|
b8eeed |
__ntapi->tt_sid_copy(
|
|
|
b8eeed |
(nt_sid *)&sd->owner,
|
|
|
0a8487 |
__ntapi_internals()->user);
|
|
|
b8eeed |
|
|
|
b8eeed |
|
|
|
b8eeed |
/* ace's for LOCAL_SYSTEM, AUTHENTICATED_USERS, and process token user */
|
|
|
b8eeed |
ace = (nt_access_allowed_ace *)&sd->buffer;
|
|
|
b8eeed |
ace = __ipc_ace_init(ace,mask_system,&(nt_sid){1,1,{{0,0,0,0,0,5}},{18}});
|
|
|
b8eeed |
ace = __ipc_ace_init(ace,mask_other,&(nt_sid){1,1,{{0,0,0,0,0,5}},{11}});
|
|
|
b8eeed |
ace = __ipc_ace_init(ace,mask_owner,(nt_sid *)&sd->owner);
|
|
|
b8eeed |
|
|
|
b8eeed |
sd->dacl.acl_revision = 0x02;
|
|
|
b8eeed |
sd->dacl.sbz_1st = 0;
|
|
|
b8eeed |
sd->dacl.acl_size = (uint16_t)((char *)ace - (char *)&sd->dacl);
|
|
|
b8eeed |
sd->dacl.ace_count = 3;
|
|
|
b8eeed |
sd->dacl.sbz_2nd = 0;
|
|
|
b8eeed |
|
|
|
b8eeed |
}
|
|
|
b8eeed |
|
|
|
661c27 |
static int32_t __stdcall __tt_create_ipc_object_directory(
|
|
|
661c27 |
__out void ** hdir,
|
|
|
661c27 |
__in uint32_t desired_access,
|
|
|
661c27 |
__in const wchar16_t prefix[6],
|
|
|
ae515f |
__in const nt_guid * guid)
|
|
|
661c27 |
{
|
|
|
661c27 |
int32_t status;
|
|
|
661c27 |
nt_ipc_objdir_name objdir_name;
|
|
|
661c27 |
nt_unicode_string name;
|
|
|
b8eeed |
nt_sd_common_buffer sd;
|
|
|
661c27 |
nt_oa oa;
|
|
|
661c27 |
nt_sqos sqos = {
|
|
|
661c27 |
sizeof(sqos),
|
|
|
661c27 |
NT_SECURITY_IMPERSONATION,
|
|
|
661c27 |
NT_SECURITY_TRACKING_DYNAMIC,
|
|
|
661c27 |
1};
|
|
|
661c27 |
|
|
|
b8eeed |
__ipc_sd_init(&sd,1);
|
|
|
b8eeed |
|
|
|
661c27 |
__ntapi->tt_generic_memcpy(
|
|
|
661c27 |
&objdir_name,
|
|
|
661c27 |
&__template_name,
|
|
|
661c27 |
sizeof(objdir_name));
|
|
|
661c27 |
|
|
|
661c27 |
__ntapi->tt_memcpy_utf16(
|
|
|
661c27 |
objdir_name.prefix,
|
|
|
661c27 |
prefix,
|
|
|
661c27 |
sizeof(objdir_name.prefix));
|
|
|
661c27 |
|
|
|
661c27 |
__ntapi->tt_guid_to_string_utf16(
|
|
|
661c27 |
guid,
|
|
|
661c27 |
(nt_guid_str_utf16 *)&objdir_name.objdir_guid);
|
|
|
661c27 |
|
|
|
661c27 |
objdir_name.backslash = '\\';
|
|
|
661c27 |
objdir_name.objdir_guid.uscore_guid = '_';
|
|
|
661c27 |
|
|
|
661c27 |
name.strlen = sizeof(objdir_name);
|
|
|
661c27 |
name.maxlen = 0;
|
|
|
661c27 |
name.buffer = (uint16_t *)&objdir_name;
|
|
|
661c27 |
|
|
|
661c27 |
oa.len = sizeof(oa);
|
|
|
661c27 |
oa.root_dir = 0;
|
|
|
661c27 |
oa.obj_name = &nam;;
|
|
|
661c27 |
oa.obj_attr = NT_OBJ_INHERIT
|
|
|
661c27 |
| NT_OBJ_OPENIF
|
|
|
661c27 |
| NT_OBJ_CASE_INSENSITIVE;
|
|
|
b8eeed |
oa.sec_desc = &sd.sd;
|
|
|
661c27 |
oa.sec_qos = &sqo;;
|
|
|
661c27 |
|
|
|
661c27 |
status = __ntapi->zw_create_directory_object(
|
|
|
661c27 |
hdir,desired_access,&oa);
|
|
|
661c27 |
|
|
|
661c27 |
return (status == NT_STATUS_OBJECT_NAME_EXISTS)
|
|
|
661c27 |
? NT_STATUS_SUCCESS
|
|
|
661c27 |
: status;
|
|
|
661c27 |
}
|
|
|
661c27 |
|
|
|
661c27 |
|
|
|
dd89bb |
static int32_t __stdcall __tt_create_keyed_object_directory(
|
|
|
dd89bb |
__out void ** hdir,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in const wchar16_t prefix[6],
|
|
|
ae515f |
__in const nt_guid * guid,
|
|
|
dd89bb |
__in uint32_t key,
|
|
|
dd89bb |
__in objdir_open_fn * openfn)
|
|
|
dd89bb |
{
|
|
|
af6bd7 |
nt_keyed_objdir_name objdir_name;
|
|
|
dd89bb |
nt_unicode_string name;
|
|
|
b8eeed |
nt_sd_common_buffer sd;
|
|
|
dd89bb |
nt_oa oa;
|
|
|
dd89bb |
nt_sqos sqos = {
|
|
|
dd89bb |
sizeof(sqos),
|
|
|
dd89bb |
NT_SECURITY_IMPERSONATION,
|
|
|
dd89bb |
NT_SECURITY_TRACKING_DYNAMIC,
|
|
|
dd89bb |
1};
|
|
|
dd89bb |
|
|
|
b8eeed |
__ipc_sd_init(&sd,1);
|
|
|
b8eeed |
|
|
|
af6bd7 |
__ntapi->tt_generic_memcpy(
|
|
|
af6bd7 |
&objdir_name,
|
|
|
af6bd7 |
&__template_name,
|
|
|
af6bd7 |
sizeof(__template_name));
|
|
|
af6bd7 |
|
|
|
dd89bb |
__ntapi->tt_memcpy_utf16(
|
|
|
dd89bb |
objdir_name.prefix,
|
|
|
dd89bb |
prefix,
|
|
|
dd89bb |
sizeof(objdir_name.prefix));
|
|
|
dd89bb |
|
|
|
701eb2 |
__ntapi->tt_guid_to_string_utf16(
|
|
|
dd89bb |
guid,
|
|
|
dd89bb |
(nt_guid_str_utf16 *)&objdir_name.objdir_guid);
|
|
|
dd89bb |
|
|
|
dd89bb |
__ntapi->tt_uint32_to_hex_utf16(
|
|
|
dd89bb |
key,objdir_name.key);
|
|
|
dd89bb |
|
|
|
dd89bb |
objdir_name.backslash = '\\';
|
|
|
dd89bb |
objdir_name.objdir_guid.uscore_guid = '_';
|
|
|
dd89bb |
objdir_name.objdir_guid.uscore_key = '_';
|
|
|
dd89bb |
|
|
|
dd89bb |
name.strlen = sizeof(objdir_name);
|
|
|
dd89bb |
name.maxlen = 0;
|
|
|
dd89bb |
name.buffer = (uint16_t *)&objdir_name;
|
|
|
dd89bb |
|
|
|
dd89bb |
oa.len = sizeof(oa);
|
|
|
dd89bb |
oa.root_dir = 0;
|
|
|
dd89bb |
oa.obj_name = &nam;;
|
|
|
dd89bb |
oa.obj_attr = NT_OBJ_INHERIT;
|
|
|
b8eeed |
oa.sec_desc = &sd.sd;
|
|
|
dd89bb |
oa.sec_qos = &sqo;;
|
|
|
dd89bb |
|
|
|
dd89bb |
return openfn(hdir,desired_access,&oa);
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
661c27 |
static int32_t __stdcall __tt_create_object_directory_entry(
|
|
|
dd89bb |
__out void ** hentry,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in void * hdir,
|
|
|
dd89bb |
__in void * htarget,
|
|
|
dd89bb |
__in nt_unicode_string * target_name,
|
|
|
dd89bb |
__in uint32_t key)
|
|
|
dd89bb |
{
|
|
|
dd89bb |
int32_t status;
|
|
|
dd89bb |
nt_oa oa;
|
|
|
dd89bb |
nt_unicode_string name;
|
|
|
b8eeed |
nt_sd_common_buffer sd;
|
|
|
dd89bb |
wchar16_t keystr[8];
|
|
|
dd89bb |
uintptr_t buffer[2048/sizeof(uintptr_t)];
|
|
|
dd89bb |
nt_sqos sqos = {
|
|
|
dd89bb |
sizeof(sqos),
|
|
|
dd89bb |
NT_SECURITY_IMPERSONATION,
|
|
|
dd89bb |
NT_SECURITY_TRACKING_DYNAMIC,
|
|
|
dd89bb |
1};
|
|
|
dd89bb |
|
|
|
dd89bb |
if (!target_name) {
|
|
|
dd89bb |
if ((status = __ntapi->zw_query_object(
|
|
|
dd89bb |
htarget,
|
|
|
dd89bb |
NT_OBJECT_NAME_INFORMATION,
|
|
|
dd89bb |
buffer,sizeof(buffer),0)))
|
|
|
dd89bb |
return status;
|
|
|
dd89bb |
target_name = (nt_unicode_string *)buffer;
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
b8eeed |
__ipc_sd_init(&sd,0);
|
|
|
dd89bb |
__ntapi->tt_uint32_to_hex_utf16(key,keystr);
|
|
|
dd89bb |
|
|
|
dd89bb |
name.strlen = sizeof(keystr);
|
|
|
dd89bb |
name.maxlen = 0;
|
|
|
dd89bb |
name.buffer = keystr;
|
|
|
dd89bb |
|
|
|
dd89bb |
oa.len = sizeof(oa);
|
|
|
dd89bb |
oa.root_dir = hdir;
|
|
|
dd89bb |
oa.obj_name = &nam;;
|
|
|
dd89bb |
oa.obj_attr = 0;
|
|
|
b8eeed |
oa.sec_desc = &sd.sd;
|
|
|
dd89bb |
oa.sec_qos = &sqo;;
|
|
|
dd89bb |
|
|
|
dd89bb |
return __ntapi->zw_create_symbolic_link_object(
|
|
|
dd89bb |
hentry,
|
|
|
dd89bb |
desired_access,
|
|
|
dd89bb |
&oa,target_name);
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
661c27 |
int32_t __stdcall __ntapi_tt_open_ipc_object_directory(
|
|
|
661c27 |
__out void ** hdir,
|
|
|
661c27 |
__in uint32_t desired_access,
|
|
|
661c27 |
__in const wchar16_t prefix[6],
|
|
|
ae515f |
__in const nt_guid * guid)
|
|
|
661c27 |
{
|
|
|
661c27 |
return __tt_create_ipc_object_directory(
|
|
|
661c27 |
hdir,desired_access,
|
|
|
661c27 |
prefix,guid);
|
|
|
661c27 |
}
|
|
|
661c27 |
|
|
|
661c27 |
int32_t __stdcall __ntapi_tt_create_ipc_object_directory_entry(
|
|
|
661c27 |
__out void ** hentry,
|
|
|
661c27 |
__in uint32_t desired_access,
|
|
|
661c27 |
__in void * hdir,
|
|
|
661c27 |
__in void * htarget,
|
|
|
661c27 |
__in nt_unicode_string * target_name,
|
|
|
661c27 |
__in uint32_t key)
|
|
|
661c27 |
{
|
|
|
661c27 |
return __tt_create_object_directory_entry(
|
|
|
661c27 |
hentry,desired_access,
|
|
|
661c27 |
hdir,htarget,target_name,key);
|
|
|
661c27 |
}
|
|
|
661c27 |
|
|
|
dd89bb |
int32_t __stdcall __ntapi_tt_create_keyed_object_directory(
|
|
|
dd89bb |
__out void ** hdir,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in const wchar16_t prefix[6],
|
|
|
ae515f |
__in const nt_guid * guid,
|
|
|
dd89bb |
__in uint32_t key)
|
|
|
dd89bb |
{
|
|
|
dd89bb |
return __tt_create_keyed_object_directory(
|
|
|
dd89bb |
hdir,desired_access,
|
|
|
dd89bb |
prefix,guid,key,
|
|
|
dd89bb |
__ntapi->zw_create_directory_object);
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
int32_t __stdcall __ntapi_tt_open_keyed_object_directory(
|
|
|
dd89bb |
__out void ** hdir,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in const wchar16_t prefix[6],
|
|
|
ae515f |
__in const nt_guid * guid,
|
|
|
dd89bb |
__in uint32_t key)
|
|
|
dd89bb |
{
|
|
|
dd89bb |
return __tt_create_keyed_object_directory(
|
|
|
dd89bb |
hdir,desired_access,
|
|
|
dd89bb |
prefix,guid,key,
|
|
|
dd89bb |
__ntapi->zw_open_directory_object);
|
|
|
dd89bb |
}
|
|
|
661c27 |
|
|
|
661c27 |
int32_t __stdcall __ntapi_tt_create_keyed_object_directory_entry(
|
|
|
661c27 |
__out void ** hentry,
|
|
|
661c27 |
__in uint32_t desired_access,
|
|
|
661c27 |
__in void * hdir,
|
|
|
661c27 |
__in void * htarget,
|
|
|
661c27 |
__in nt_unicode_string * target_name,
|
|
|
661c27 |
__in uint32_t key)
|
|
|
661c27 |
{
|
|
|
661c27 |
return __tt_create_object_directory_entry(
|
|
|
661c27 |
hentry,desired_access,
|
|
|
661c27 |
hdir,htarget,target_name,key);
|
|
|
661c27 |
}
|