summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--include/ntapi/nt_acl.h12
-rw-r--r--include/ntapi/ntapi.h4
-rw-r--r--project/common.mk1
-rw-r--r--project/tree.mk1
-rw-r--r--src/acl/ntapi_acl_helper.c91
-rw-r--r--src/internal/ntapi.c3
-rw-r--r--src/internal/ntapi_fnapi.h3
7 files changed, 115 insertions, 0 deletions
diff --git a/include/ntapi/nt_acl.h b/include/ntapi/nt_acl.h
index 0ae8509..ae04b0e 100644
--- a/include/ntapi/nt_acl.h
+++ b/include/ntapi/nt_acl.h
@@ -145,4 +145,16 @@ typedef struct _nt_sd_common_buffer {
uint32_t buffer[64];
} nt_sd_common_buffer;
+
+/* extension functions */
+typedef void __stdcall ntapi_acl_init_common_descriptor(
+ __out nt_sd_common_buffer * sd,
+ __in const nt_sid * owner,
+ __in const nt_sid * group,
+ __in const nt_sid * other,
+ __in uint32_t owner_access,
+ __in uint32_t group_access,
+ __in uint32_t other_access,
+ __in uint32_t system_access);
+
#endif
diff --git a/include/ntapi/ntapi.h b/include/ntapi/ntapi.h
index 4b695d9..d25116c 100644
--- a/include/ntapi/ntapi.h
+++ b/include/ntapi/ntapi.h
@@ -42,6 +42,7 @@
#include "nt_statfs.h"
#include "nt_daemon.h"
#include "nt_sem.h"
+#include "nt_acl.h"
#include "nt_vfd.h"
#include "nt_tty.h"
#include "nt_hash.h"
@@ -557,6 +558,9 @@ typedef struct _ntapi_vtbl {
ntapi_dsr_connect_internal_client * dsr_connect_internal_client;
ntapi_dsr_internal_client_connect * dsr_internal_client_connect;
+ /* nt_acl.h */
+ ntapi_acl_init_common_descriptor * acl_init_common_descriptor;
+
/* nt_vfd.h */
ntapi_vfd_dev_name_init * vfd_dev_name_init;
diff --git a/project/common.mk b/project/common.mk
index 5f9f4fd..adafe4b 100644
--- a/project/common.mk
+++ b/project/common.mk
@@ -1,4 +1,5 @@
COMMON_SRCS = \
+ src/acl/ntapi_acl_helper.c \
src/argv/ntapi_tt_argv_envp.c \
src/argv/ntapi_tt_array_utf16.c \
src/argv/ntapi_tt_array_utf8.c \
diff --git a/project/tree.mk b/project/tree.mk
index 3a431ec..76fecca 100644
--- a/project/tree.mk
+++ b/project/tree.mk
@@ -1,5 +1,6 @@
tree.tag:
mkdir -p src
+ mkdir -p src/acl
mkdir -p src/argv
mkdir -p src/blitter
mkdir -p src/daemon
diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c
new file mode 100644
index 0000000..c1a8dc8
--- /dev/null
+++ b/src/acl/ntapi_acl_helper.c
@@ -0,0 +1,91 @@
+/********************************************************/
+/* ntapi: Native API core library */
+/* Copyright (C) 2013--2017 Z. Gilboa */
+/* Released under GPLv2 and GPLv3; see COPYING.NTAPI. */
+/********************************************************/
+
+#include <psxtypes/psxtypes.h>
+#include <ntapi/nt_status.h>
+#include <ntapi/nt_object.h>
+#include <ntapi/nt_acl.h>
+#include "ntapi_impl.h"
+
+#define __SID_SYSTEM {1,1,{{0,0,0,0,0,5}},{18}}
+#define __SID_OWNER_RIGHTS {1,1,{{0,0,0,0,0,3}},{4}}
+#define __SID_AUTHENTICATED_USERS {1,1,{{0,0,0,0,0,5}},{11}}
+
+static nt_access_allowed_ace * __acl_ace_init(
+ nt_access_allowed_ace * ace,
+ uint32_t mask,
+ const nt_sid * sid,
+ uint16_t * aces)
+{
+ if (mask == 0)
+ return ace;
+
+ ace->mask = mask;
+ ace->header.ace_type = NT_ACE_TYPE_ACCESS_ALLOWED;
+ ace->header.ace_flags = 0;
+ ace->header.ace_size = sizeof(uint32_t) * sid->sub_authority_count
+ + __offsetof(nt_access_allowed_ace,sid_start)
+ + __offsetof(nt_sid,sub_authority);
+
+ __ntapi->tt_sid_copy(
+ (nt_sid *)&ace->sid_start,
+ sid);
+
+ (*aces)++;
+
+ return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size);
+}
+
+void __stdcall __ntapi_acl_init_common_descriptor(
+ __out nt_sd_common_buffer * sd,
+ __in const nt_sid * owner,
+ __in const nt_sid * group,
+ __in const nt_sid * other,
+ __in uint32_t owner_access,
+ __in uint32_t group_access,
+ __in uint32_t other_access,
+ __in uint32_t system_access)
+{
+ nt_access_allowed_ace * ace;
+ uint16_t ace_count = 0;
+ nt_sid sid_system = __SID_SYSTEM;
+ nt_sid sid_owner_rights = __SID_OWNER_RIGHTS;
+ nt_sid sid_auth_users = __SID_AUTHENTICATED_USERS;
+
+ /* sd header */
+ sd->sd.revision = 1;
+ sd->sd.sbz_1st = 0;
+ sd->sd.control = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT;
+ sd->sd.offset_owner = __offsetof(nt_sd_common_buffer,owner);
+ sd->sd.offset_group = 0;
+ sd->sd.offset_dacl = __offsetof(nt_sd_common_buffer,dacl);
+ sd->sd.offset_sacl = 0;
+
+ /* owner, group, other: default sid's */
+ owner = owner ? owner : __ntapi_internals()->sid;
+ group = group ? group : &sid_owner_rights;
+ other = other ? other : &sid_auth_users;
+
+ /* owner sid */
+ __ntapi->tt_sid_copy(
+ (nt_sid *)&sd->owner,
+ owner);
+
+ /* ace's */
+ ace = (nt_access_allowed_ace *)&sd->buffer;
+ ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count);
+ ace = __acl_ace_init(ace,owner_access,owner,&ace_count);
+ ace = __acl_ace_init(ace,group_access,group,&ace_count);
+ ace = __acl_ace_init(ace,other_access,other,&ace_count);
+
+ /* dacl */
+ sd->dacl.acl_revision = 0x02;
+ sd->dacl.sbz_1st = 0;
+ sd->dacl.acl_size = (uint16_t)((char *)ace - (char *)&sd->dacl);
+ sd->dacl.ace_count = ace_count;
+ sd->dacl.sbz_2nd = 0;
+
+}
diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c
index 88f3f14..6421cb1 100644
--- a/src/internal/ntapi.c
+++ b/src/internal/ntapi.c
@@ -350,6 +350,9 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl)
__ntapi->dsr_connect_internal_client = __ntapi_dsr_connect_internal_client;
__ntapi->dsr_internal_client_connect = __ntapi_dsr_internal_client_connect;
+ /* nt_acl.h */
+ __ntapi->acl_init_common_descriptor = __ntapi_acl_init_common_descriptor;
+
/* nt_vfd.h */
__ntapi->vfd_dev_name_init = __ntapi_vfd_dev_name_init;
diff --git a/src/internal/ntapi_fnapi.h b/src/internal/ntapi_fnapi.h
index 901ecd6..c8567f1 100644
--- a/src/internal/ntapi_fnapi.h
+++ b/src/internal/ntapi_fnapi.h
@@ -219,6 +219,9 @@ ntapi_dsr_create_port __ntapi_dsr_create_port;
ntapi_dsr_connect_internal_client __ntapi_dsr_connect_internal_client;
ntapi_dsr_internal_client_connect __ntapi_dsr_internal_client_connect;
+/* nt_acl.h */
+ntapi_acl_init_common_descriptor __ntapi_acl_init_common_descriptor;
+
/* nt_vfd.h */
ntapi_vfd_dev_name_init __ntapi_vfd_dev_name_init;