Blob Blame History Raw
/********************************************************/
/*  ntapi: Native API core library                      */
/*  Copyright (C) 2013--2017  Z. Gilboa                 */
/*  Released under GPLv2 and GPLv3; see COPYING.NTAPI.  */
/********************************************************/

#include <psxtypes/psxtypes.h>
#include <ntapi/nt_status.h>
#include <ntapi/nt_object.h>
#include <ntapi/nt_acl.h>
#include "ntapi_impl.h"

#define __SID_SYSTEM			{1,1,{{0,0,0,0,0,5}},{18}}
#define __SID_OWNER_RIGHTS		{1,1,{{0,0,0,0,0,3}},{4}}
#define __SID_AUTHENTICATED_USERS	{1,1,{{0,0,0,0,0,5}},{11}}

static nt_access_allowed_ace * __acl_ace_init(
	nt_access_allowed_ace * ace,
	uint32_t		mask,
	const nt_sid *		sid,
	uint16_t *		aces)
{
	if (mask == 0)
		return ace;

	ace->mask             = mask;
	ace->header.ace_type  = NT_ACE_TYPE_ACCESS_ALLOWED;
	ace->header.ace_flags = 0;
	ace->header.ace_size  = sizeof(uint32_t) * sid->sub_authority_count
	                        + __offsetof(nt_access_allowed_ace,sid_start)
	                        + __offsetof(nt_sid,sub_authority);

	__ntapi->tt_sid_copy(
		(nt_sid *)&ace->sid_start,
		sid);

	(*aces)++;

	return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size);
}

void __stdcall __ntapi_acl_init_common_descriptor(
	__out	nt_sd_common_buffer *	sd,
	__in	const nt_sid *		owner,
	__in	const nt_sid *		group,
	__in	const nt_sid *		other,
	__in	uint32_t		owner_access,
	__in	uint32_t		group_access,
	__in	uint32_t		other_access,
	__in	uint32_t		system_access)
{
	nt_access_allowed_ace * ace;
	uint16_t                ace_count        = 0;
	nt_sid                  sid_system       = __SID_SYSTEM;
	nt_sid                  sid_owner_rights = __SID_OWNER_RIGHTS;
	nt_sid                  sid_auth_users   = __SID_AUTHENTICATED_USERS;

	/* sd header */
	sd->sd.revision         = 1;
	sd->sd.sbz_1st          = 0;
	sd->sd.control          = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT;
	sd->sd.offset_owner     = __offsetof(nt_sd_common_buffer,owner);
	sd->sd.offset_group     = 0;
	sd->sd.offset_dacl      = __offsetof(nt_sd_common_buffer,dacl);
	sd->sd.offset_sacl      = 0;

	/* owner, group, other: default sid's */
	owner = owner ? owner : __ntapi_internals()->user;
	group = group ? group : owner;
	other = other ? other : &sid_auth_users;

	/* owner sid */
	__ntapi->tt_sid_copy(
		(nt_sid *)&sd->owner,
		owner);

	/* ace's */
	ace = (nt_access_allowed_ace *)&sd->buffer;
	ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count);
	ace = __acl_ace_init(ace,owner_access,&sid_owner_rights,&ace_count);
	ace = __acl_ace_init(ace,group_access,group,&ace_count);
	ace = __acl_ace_init(ace,other_access,other,&ace_count);

	/* dacl */
	sd->dacl.acl_revision   = 0x02;
	sd->dacl.sbz_1st        = 0;
	sd->dacl.acl_size       = (uint16_t)((char *)ace - (char *)&sd->dacl);
	sd->dacl.ace_count      = ace_count;
	sd->dacl.sbz_2nd        = 0;
}