diff options
author | midipix <writeonce@midipix.org> | 2019-12-07 17:04:32 +0000 |
---|---|---|
committer | midipix <writeonce@midipix.org> | 2019-12-07 19:17:35 +0000 |
commit | 51f7759e1de67214775df7ac2c671d308ed67888 (patch) | |
tree | dbe0eb5e8ed3f302d18a92513547c96e48329265 | |
parent | 5843d8a307a9277956e96d75554d742dbca06d24 (diff) | |
download | ntapi-51f7759e1de67214775df7ac2c671d308ed67888.tar.bz2 ntapi-51f7759e1de67214775df7ac2c671d308ed67888.tar.xz |
acl: __ntapi_acl_init_common_descriptor(): allow specification of ace flags.
-rw-r--r-- | include/ntapi/nt_acl.h | 3 | ||||
-rw-r--r-- | src/acl/ntapi_acl_helper.c | 16 |
2 files changed, 11 insertions, 8 deletions
diff --git a/include/ntapi/nt_acl.h b/include/ntapi/nt_acl.h index c0ebb9f..1daa406 100644 --- a/include/ntapi/nt_acl.h +++ b/include/ntapi/nt_acl.h @@ -164,7 +164,8 @@ typedef void __stdcall ntapi_acl_init_common_descriptor( __in uint32_t group_access, __in uint32_t other_access, __in uint32_t admin_access, - __in uint32_t system_access); + __in uint32_t system_access, + __in uint32_t ace_flags); typedef int32_t __stdcall ntapi_acl_init_common_descriptor_meta( __out nt_sd_common_meta * meta, diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c index 3059cdc..455ef1f 100644 --- a/src/acl/ntapi_acl_helper.c +++ b/src/acl/ntapi_acl_helper.c @@ -24,6 +24,7 @@ static nt_access_allowed_ace * __acl_ace_init( nt_access_allowed_ace * ace, uint32_t mask, const nt_sid * sid, + uint32_t flags, uint16_t * aces) { if (mask == 0) @@ -31,7 +32,7 @@ static nt_access_allowed_ace * __acl_ace_init( ace->mask = mask; ace->header.ace_type = NT_ACE_TYPE_ACCESS_ALLOWED; - ace->header.ace_flags = 0; + ace->header.ace_flags = flags; ace->header.ace_size = sizeof(uint32_t) * sid->sub_authority_count + __offsetof(nt_access_allowed_ace,sid_start) + __offsetof(nt_sid,sub_authority); @@ -55,7 +56,8 @@ void __stdcall __ntapi_acl_init_common_descriptor( __in uint32_t group_access, __in uint32_t other_access, __in uint32_t admin_access, - __in uint32_t system_access) + __in uint32_t system_access, + __in uint32_t ace_flags) { nt_access_allowed_ace * ace; uint16_t ace_count = 0; @@ -87,14 +89,14 @@ void __stdcall __ntapi_acl_init_common_descriptor( /* ace's */ ace = (nt_access_allowed_ace *)&sd->buffer; - ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count); - ace = __acl_ace_init(ace,owner_access,&sid_owner_rights,&ace_count); - ace = __acl_ace_init(ace,group_access,group,&ace_count); - ace = __acl_ace_init(ace,other_access,other,&ace_count); + ace = __acl_ace_init(ace,system_access,&sid_system,ace_flags,&ace_count); + ace = __acl_ace_init(ace,owner_access,&sid_owner_rights,ace_flags,&ace_count); + ace = __acl_ace_init(ace,group_access,group,ace_flags,&ace_count); + ace = __acl_ace_init(ace,other_access,other,ace_flags,&ace_count); if (admin_access) { admin = admin ? admin : (nt_sid *)&sid_admins; - ace = __acl_ace_init(ace,admin_access,admin,&ace_count); + ace = __acl_ace_init(ace,admin_access,admin,ace_flags,&ace_count); } /* dacl */ |