diff --git a/include/ntapi/nt_acl.h b/include/ntapi/nt_acl.h index 0ae8509..ae04b0e 100644 --- a/include/ntapi/nt_acl.h +++ b/include/ntapi/nt_acl.h @@ -145,4 +145,16 @@ typedef struct _nt_sd_common_buffer { uint32_t buffer[64]; } nt_sd_common_buffer; + +/* extension functions */ +typedef void __stdcall ntapi_acl_init_common_descriptor( + __out nt_sd_common_buffer * sd, + __in const nt_sid * owner, + __in const nt_sid * group, + __in const nt_sid * other, + __in uint32_t owner_access, + __in uint32_t group_access, + __in uint32_t other_access, + __in uint32_t system_access); + #endif diff --git a/include/ntapi/ntapi.h b/include/ntapi/ntapi.h index 4b695d9..d25116c 100644 --- a/include/ntapi/ntapi.h +++ b/include/ntapi/ntapi.h @@ -42,6 +42,7 @@ #include "nt_statfs.h" #include "nt_daemon.h" #include "nt_sem.h" +#include "nt_acl.h" #include "nt_vfd.h" #include "nt_tty.h" #include "nt_hash.h" @@ -557,6 +558,9 @@ typedef struct _ntapi_vtbl { ntapi_dsr_connect_internal_client * dsr_connect_internal_client; ntapi_dsr_internal_client_connect * dsr_internal_client_connect; + /* nt_acl.h */ + ntapi_acl_init_common_descriptor * acl_init_common_descriptor; + /* nt_vfd.h */ ntapi_vfd_dev_name_init * vfd_dev_name_init; diff --git a/project/common.mk b/project/common.mk index 5f9f4fd..adafe4b 100644 --- a/project/common.mk +++ b/project/common.mk @@ -1,4 +1,5 @@ COMMON_SRCS = \ + src/acl/ntapi_acl_helper.c \ src/argv/ntapi_tt_argv_envp.c \ src/argv/ntapi_tt_array_utf16.c \ src/argv/ntapi_tt_array_utf8.c \ diff --git a/project/tree.mk b/project/tree.mk index 3a431ec..76fecca 100644 --- a/project/tree.mk +++ b/project/tree.mk @@ -1,5 +1,6 @@ tree.tag: mkdir -p src + mkdir -p src/acl mkdir -p src/argv mkdir -p src/blitter mkdir -p src/daemon diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c new file mode 100644 index 0000000..c1a8dc8 --- /dev/null +++ b/src/acl/ntapi_acl_helper.c @@ -0,0 +1,91 @@ +/********************************************************/ +/* ntapi: Native API core library */ +/* Copyright (C) 2013--2017 Z. Gilboa */ +/* Released under GPLv2 and GPLv3; see COPYING.NTAPI. */ +/********************************************************/ + +#include +#include +#include +#include +#include "ntapi_impl.h" + +#define __SID_SYSTEM {1,1,{{0,0,0,0,0,5}},{18}} +#define __SID_OWNER_RIGHTS {1,1,{{0,0,0,0,0,3}},{4}} +#define __SID_AUTHENTICATED_USERS {1,1,{{0,0,0,0,0,5}},{11}} + +static nt_access_allowed_ace * __acl_ace_init( + nt_access_allowed_ace * ace, + uint32_t mask, + const nt_sid * sid, + uint16_t * aces) +{ + if (mask == 0) + return ace; + + ace->mask = mask; + ace->header.ace_type = NT_ACE_TYPE_ACCESS_ALLOWED; + ace->header.ace_flags = 0; + ace->header.ace_size = sizeof(uint32_t) * sid->sub_authority_count + + __offsetof(nt_access_allowed_ace,sid_start) + + __offsetof(nt_sid,sub_authority); + + __ntapi->tt_sid_copy( + (nt_sid *)&ace->sid_start, + sid); + + (*aces)++; + + return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size); +} + +void __stdcall __ntapi_acl_init_common_descriptor( + __out nt_sd_common_buffer * sd, + __in const nt_sid * owner, + __in const nt_sid * group, + __in const nt_sid * other, + __in uint32_t owner_access, + __in uint32_t group_access, + __in uint32_t other_access, + __in uint32_t system_access) +{ + nt_access_allowed_ace * ace; + uint16_t ace_count = 0; + nt_sid sid_system = __SID_SYSTEM; + nt_sid sid_owner_rights = __SID_OWNER_RIGHTS; + nt_sid sid_auth_users = __SID_AUTHENTICATED_USERS; + + /* sd header */ + sd->sd.revision = 1; + sd->sd.sbz_1st = 0; + sd->sd.control = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT; + sd->sd.offset_owner = __offsetof(nt_sd_common_buffer,owner); + sd->sd.offset_group = 0; + sd->sd.offset_dacl = __offsetof(nt_sd_common_buffer,dacl); + sd->sd.offset_sacl = 0; + + /* owner, group, other: default sid's */ + owner = owner ? owner : __ntapi_internals()->sid; + group = group ? group : &sid_owner_rights; + other = other ? other : &sid_auth_users; + + /* owner sid */ + __ntapi->tt_sid_copy( + (nt_sid *)&sd->owner, + owner); + + /* ace's */ + ace = (nt_access_allowed_ace *)&sd->buffer; + ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count); + ace = __acl_ace_init(ace,owner_access,owner,&ace_count); + ace = __acl_ace_init(ace,group_access,group,&ace_count); + ace = __acl_ace_init(ace,other_access,other,&ace_count); + + /* dacl */ + sd->dacl.acl_revision = 0x02; + sd->dacl.sbz_1st = 0; + sd->dacl.acl_size = (uint16_t)((char *)ace - (char *)&sd->dacl); + sd->dacl.ace_count = ace_count; + sd->dacl.sbz_2nd = 0; + +} diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c index 88f3f14..6421cb1 100644 --- a/src/internal/ntapi.c +++ b/src/internal/ntapi.c @@ -350,6 +350,9 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) __ntapi->dsr_connect_internal_client = __ntapi_dsr_connect_internal_client; __ntapi->dsr_internal_client_connect = __ntapi_dsr_internal_client_connect; + /* nt_acl.h */ + __ntapi->acl_init_common_descriptor = __ntapi_acl_init_common_descriptor; + /* nt_vfd.h */ __ntapi->vfd_dev_name_init = __ntapi_vfd_dev_name_init; diff --git a/src/internal/ntapi_fnapi.h b/src/internal/ntapi_fnapi.h index 901ecd6..c8567f1 100644 --- a/src/internal/ntapi_fnapi.h +++ b/src/internal/ntapi_fnapi.h @@ -219,6 +219,9 @@ ntapi_dsr_create_port __ntapi_dsr_create_port; ntapi_dsr_connect_internal_client __ntapi_dsr_connect_internal_client; ntapi_dsr_internal_client_connect __ntapi_dsr_internal_client_connect; +/* nt_acl.h */ +ntapi_acl_init_common_descriptor __ntapi_acl_init_common_descriptor; + /* nt_vfd.h */ ntapi_vfd_dev_name_init __ntapi_vfd_dev_name_init;