diff options
author | midipix <writeonce@midipix.org> | 2018-03-27 02:48:16 +0000 |
---|---|---|
committer | midipix <writeonce@midipix.org> | 2018-03-29 21:56:34 -0400 |
commit | 17fbe4bd3e8ee1bda18e3b3b552cfaa620a551a4 (patch) | |
tree | 22c2726a515067684ed434007b329a945ff18ed0 | |
parent | 0a84879cdc3be1bbe3e09dd9fd883a4832e9443e (diff) | |
download | ntapi-17fbe4bd3e8ee1bda18e3b3b552cfaa620a551a4.tar.bz2 ntapi-17fbe4bd3e8ee1bda18e3b3b552cfaa620a551a4.tar.xz |
acl common descriptor: allow setting admin access.
-rw-r--r-- | include/ntapi/nt_acl.h | 8 | ||||
-rw-r--r-- | src/acl/ntapi_acl_helper.c | 16 |
2 files changed, 20 insertions, 4 deletions
diff --git a/include/ntapi/nt_acl.h b/include/ntapi/nt_acl.h index ae04b0e..fac3109 100644 --- a/include/ntapi/nt_acl.h +++ b/include/ntapi/nt_acl.h @@ -120,6 +120,8 @@ typedef struct _nt_sd_common_data { nt_sid_any group_sid; nt_access_allowed_ace other_ace; nt_sid_any other_sid; + nt_access_allowed_ace admin_ace; + nt_sid_any admin_sid; } nt_sd_common_data; typedef struct _nt_sd_common_meta { @@ -135,6 +137,8 @@ typedef struct _nt_sd_common_meta { nt_sid * group_sid; nt_access_allowed_ace * other_ace; nt_sid * other_sid; + nt_access_allowed_ace * admin_ace; + nt_sid * admin_sid; } nt_sd_common_meta; typedef struct _nt_sd_common_buffer { @@ -142,7 +146,7 @@ typedef struct _nt_sd_common_buffer { nt_sid_any owner; nt_sid_any group; nt_acl dacl; - uint32_t buffer[64]; + uint32_t buffer[80]; } nt_sd_common_buffer; @@ -152,9 +156,11 @@ typedef void __stdcall ntapi_acl_init_common_descriptor( __in const nt_sid * owner, __in const nt_sid * group, __in const nt_sid * other, + __in const nt_sid * admin, __in uint32_t owner_access, __in uint32_t group_access, __in uint32_t other_access, + __in uint32_t admin_access, __in uint32_t system_access); #endif diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c index c495dc5..40fe4c4 100644 --- a/src/acl/ntapi_acl_helper.c +++ b/src/acl/ntapi_acl_helper.c @@ -13,6 +13,12 @@ #define __SID_SYSTEM {1,1,{{0,0,0,0,0,5}},{18}} #define __SID_OWNER_RIGHTS {1,1,{{0,0,0,0,0,3}},{4}} #define __SID_AUTHENTICATED_USERS {1,1,{{0,0,0,0,0,5}},{11}} +#define __SID_ADMINISTRATORS {1,2,{{0,0,0,0,0,5}},{32,544}} + +static const nt_sid sid_system = __SID_SYSTEM; +static const nt_sid sid_owner_rights = __SID_OWNER_RIGHTS; +static const nt_sid sid_auth_users = __SID_AUTHENTICATED_USERS; +static const nt_sid_os sid_admins = __SID_ADMINISTRATORS; static nt_access_allowed_ace * __acl_ace_init( nt_access_allowed_ace * ace, @@ -44,16 +50,15 @@ void __stdcall __ntapi_acl_init_common_descriptor( __in const nt_sid * owner, __in const nt_sid * group, __in const nt_sid * other, + __in const nt_sid * admin, __in uint32_t owner_access, __in uint32_t group_access, __in uint32_t other_access, + __in uint32_t admin_access, __in uint32_t system_access) { nt_access_allowed_ace * ace; uint16_t ace_count = 0; - nt_sid sid_system = __SID_SYSTEM; - nt_sid sid_owner_rights = __SID_OWNER_RIGHTS; - nt_sid sid_auth_users = __SID_AUTHENTICATED_USERS; /* sd header */ sd->sd.revision = 1; @@ -81,6 +86,11 @@ void __stdcall __ntapi_acl_init_common_descriptor( ace = __acl_ace_init(ace,group_access,group,&ace_count); ace = __acl_ace_init(ace,other_access,other,&ace_count); + if (admin_access) { + admin = admin ? admin : (nt_sid *)&sid_admins; + ace = __acl_ace_init(ace,admin_access,admin,&ace_count); + } + /* dacl */ sd->dacl.acl_revision = 0x02; sd->dacl.sbz_1st = 0; |