summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--include/ntapi/nt_acl.h8
-rw-r--r--src/acl/ntapi_acl_helper.c16
2 files changed, 20 insertions, 4 deletions
diff --git a/include/ntapi/nt_acl.h b/include/ntapi/nt_acl.h
index ae04b0e..fac3109 100644
--- a/include/ntapi/nt_acl.h
+++ b/include/ntapi/nt_acl.h
@@ -120,6 +120,8 @@ typedef struct _nt_sd_common_data {
nt_sid_any group_sid;
nt_access_allowed_ace other_ace;
nt_sid_any other_sid;
+ nt_access_allowed_ace admin_ace;
+ nt_sid_any admin_sid;
} nt_sd_common_data;
typedef struct _nt_sd_common_meta {
@@ -135,6 +137,8 @@ typedef struct _nt_sd_common_meta {
nt_sid * group_sid;
nt_access_allowed_ace * other_ace;
nt_sid * other_sid;
+ nt_access_allowed_ace * admin_ace;
+ nt_sid * admin_sid;
} nt_sd_common_meta;
typedef struct _nt_sd_common_buffer {
@@ -142,7 +146,7 @@ typedef struct _nt_sd_common_buffer {
nt_sid_any owner;
nt_sid_any group;
nt_acl dacl;
- uint32_t buffer[64];
+ uint32_t buffer[80];
} nt_sd_common_buffer;
@@ -152,9 +156,11 @@ typedef void __stdcall ntapi_acl_init_common_descriptor(
__in const nt_sid * owner,
__in const nt_sid * group,
__in const nt_sid * other,
+ __in const nt_sid * admin,
__in uint32_t owner_access,
__in uint32_t group_access,
__in uint32_t other_access,
+ __in uint32_t admin_access,
__in uint32_t system_access);
#endif
diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c
index c495dc5..40fe4c4 100644
--- a/src/acl/ntapi_acl_helper.c
+++ b/src/acl/ntapi_acl_helper.c
@@ -13,6 +13,12 @@
#define __SID_SYSTEM {1,1,{{0,0,0,0,0,5}},{18}}
#define __SID_OWNER_RIGHTS {1,1,{{0,0,0,0,0,3}},{4}}
#define __SID_AUTHENTICATED_USERS {1,1,{{0,0,0,0,0,5}},{11}}
+#define __SID_ADMINISTRATORS {1,2,{{0,0,0,0,0,5}},{32,544}}
+
+static const nt_sid sid_system = __SID_SYSTEM;
+static const nt_sid sid_owner_rights = __SID_OWNER_RIGHTS;
+static const nt_sid sid_auth_users = __SID_AUTHENTICATED_USERS;
+static const nt_sid_os sid_admins = __SID_ADMINISTRATORS;
static nt_access_allowed_ace * __acl_ace_init(
nt_access_allowed_ace * ace,
@@ -44,16 +50,15 @@ void __stdcall __ntapi_acl_init_common_descriptor(
__in const nt_sid * owner,
__in const nt_sid * group,
__in const nt_sid * other,
+ __in const nt_sid * admin,
__in uint32_t owner_access,
__in uint32_t group_access,
__in uint32_t other_access,
+ __in uint32_t admin_access,
__in uint32_t system_access)
{
nt_access_allowed_ace * ace;
uint16_t ace_count = 0;
- nt_sid sid_system = __SID_SYSTEM;
- nt_sid sid_owner_rights = __SID_OWNER_RIGHTS;
- nt_sid sid_auth_users = __SID_AUTHENTICATED_USERS;
/* sd header */
sd->sd.revision = 1;
@@ -81,6 +86,11 @@ void __stdcall __ntapi_acl_init_common_descriptor(
ace = __acl_ace_init(ace,group_access,group,&ace_count);
ace = __acl_ace_init(ace,other_access,other,&ace_count);
+ if (admin_access) {
+ admin = admin ? admin : (nt_sid *)&sid_admins;
+ ace = __acl_ace_init(ace,admin_access,admin,&ace_count);
+ }
+
/* dacl */
sd->dacl.acl_revision = 0x02;
sd->dacl.sbz_1st = 0;