51f775 acl: __ntapi_acl_init_common_descriptor(): allow specification of ace flags.

Authored and Committed by midipix 5 years ago
    acl: __ntapi_acl_init_common_descriptor(): allow specification of ace flags.
    
        
file modified
+2 -1
include/ntapi/nt_acl.h CHANGED
@@ -164,7 +164,8 @@ typedef void __stdcall ntapi_acl_init_common_descriptor(
164
164
__in uint32_t group_access,
165
165
__in uint32_t other_access,
166
166
__in uint32_t admin_access,
167
- __in uint32_t system_access);
167
+ __in uint32_t system_access,
168
+ __in uint32_t ace_flags);
168
169
169
170
typedef int32_t __stdcall ntapi_acl_init_common_descriptor_meta(
170
171
__out nt_sd_common_meta * meta,
file modified
+9 -7
src/acl/ntapi_acl_helper.c CHANGED
@@ -24,6 +24,7 @@ static nt_access_allowed_ace * __acl_ace_init(
24
24
nt_access_allowed_ace * ace,
25
25
uint32_t mask,
26
26
const nt_sid * sid,
27
+ uint32_t flags,
27
28
uint16_t * aces)
28
29
{
29
30
if (mask == 0)
@@ -31,7 +32,7 @@ static nt_access_allowed_ace * __acl_ace_init(
31
32
32
33
ace->mask = mask;
33
34
ace->header.ace_type = NT_ACE_TYPE_ACCESS_ALLOWED;
34
- ace->header.ace_flags = 0;
35
+ ace->header.ace_flags = flags;
35
36
ace->header.ace_size = sizeof(uint32_t) * sid->sub_authority_count
36
37
+ __offsetof(nt_access_allowed_ace,sid_start)
37
38
+ __offsetof(nt_sid,sub_authority);
@@ -55,7 +56,8 @@ void __stdcall __ntapi_acl_init_common_descriptor(
55
56
__in uint32_t group_access,
56
57
__in uint32_t other_access,
57
58
__in uint32_t admin_access,
58
- __in uint32_t system_access)
59
+ __in uint32_t system_access,
60
+ __in uint32_t ace_flags)
59
61
{
60
62
nt_access_allowed_ace * ace;
61
63
uint16_t ace_count = 0;
@@ -87,14 +89,14 @@ void __stdcall __ntapi_acl_init_common_descriptor(
87
89
88
90
/* ace's */
89
91
ace = (nt_access_allowed_ace *)&sd->buffer;
90
- ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count);
91
- ace = __acl_ace_init(ace,owner_access,&sid_owner_rights,&ace_count);
92
- ace = __acl_ace_init(ace,group_access,group,&ace_count);
93
- ace = __acl_ace_init(ace,other_access,other,&ace_count);
92
+ ace = __acl_ace_init(ace,system_access,&sid_system,ace_flags,&ace_count);
93
+ ace = __acl_ace_init(ace,owner_access,&sid_owner_rights,ace_flags,&ace_count);
94
+ ace = __acl_ace_init(ace,group_access,group,ace_flags,&ace_count);
95
+ ace = __acl_ace_init(ace,other_access,other,ace_flags,&ace_count);
94
96
95
97
if (admin_access) {
96
98
admin = admin ? admin : (nt_sid *)&sid_admins;
97
- ace = __acl_ace_init(ace,admin_access,admin,&ace_count);
99
+ ace = __acl_ace_init(ace,admin_access,admin,ace_flags,&ace_count);
98
100
}
99
101
100
102
/* dacl */