summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormidipix <writeonce@midipix.org>2018-10-20 21:17:47 (GMT)
committermidipix <writeonce@midipix.org>2018-10-21 03:37:39 (GMT)
commitca4b1f76d46b8e250839cbe1012a96be20e05efc (patch)
treed34f18889c731752086bbca3fac04b8499365388
parenta399853c13f8cd00de6e9b4afbe776de36a4be65 (diff)
downloadntapi-ca4b1f76d4.tar.bz2
ntapi-ca4b1f76d4.tar.xz
__acl_init_common_meta_impl(): ace interp.: account for system-owned entities.
-rw-r--r--src/acl/ntapi_acl_helper.c20
1 files changed, 18 insertions, 2 deletions
diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c
index 9d24554..f2d6b6b 100644
--- a/src/acl/ntapi_acl_helper.c
+++ b/src/acl/ntapi_acl_helper.c
@@ -107,6 +107,8 @@ static int32_t __acl_init_common_meta_impl(
nt_sid * sid;
nt_acl * acl;
nt_access_allowed_ace * ace;
+ nt_access_allowed_ace * sysace;
+ nt_sid * syssid;
unsigned char * value;
unsigned char sacnt;
char * mark = (char *)sd;
@@ -154,10 +156,13 @@ static int32_t __acl_init_common_meta_impl(
sid = (nt_sid *)&ace->sid_start;
value = sid->identifier_authority.value;
- if (!(__ntapi->tt_sid_compare(sid,&sid_system)))
+ if (!(__ntapi->tt_sid_compare(sid,&sid_system))) {
meta->system_acc = ace->mask;
- else if (!(__ntapi->tt_sid_compare(sid,&sid_owner_rights))) {
+ sysace = ace;
+ syssid = sid;
+
+ } else if (!(__ntapi->tt_sid_compare(sid,&sid_owner_rights))) {
if (meta->owner_ace)
return NT_STATUS_INVALID_ACL;
@@ -215,6 +220,17 @@ static int32_t __acl_init_common_meta_impl(
ace = (nt_access_allowed_ace *)mark;
}
+ if (!meta->group_ace && meta->owner_ace) {
+ if (meta->owner_ace->mask != meta->system_acc) {
+ if (!__ntapi->tt_sid_compare(meta->owner,&sid_system)) {
+ meta->group_ace = sysace;
+ meta->group_sid = syssid;
+ meta->group = syssid;
+ meta->system_acc = meta->owner_ace->mask;
+ }
+ }
+ }
+
return NT_STATUS_SUCCESS;
}