summaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/object/ntapi_tt_keyed_object_directory.c86
1 files changed, 83 insertions, 3 deletions
diff --git a/src/object/ntapi_tt_keyed_object_directory.c b/src/object/ntapi_tt_keyed_object_directory.c
index c744326..c34d8ec 100644
--- a/src/object/ntapi_tt_keyed_object_directory.c
+++ b/src/object/ntapi_tt_keyed_object_directory.c
@@ -8,6 +8,7 @@
#include <ntapi/nt_object.h>
#include <ntapi/nt_guid.h>
#include <ntapi/nt_string.h>
+#include <ntapi/nt_acl.h>
#include "ntapi_impl.h"
typedef ntapi_zw_open_directory_object objdir_open_fn;
@@ -19,6 +20,77 @@ static nt_keyed_objdir_name __template_name = {__NT_BASED_NAMED_OBJECTS,
{0}};
+static nt_access_allowed_ace * __ipc_ace_init(
+ nt_access_allowed_ace * ace,
+ uint32_t mask,
+ const nt_sid * sid)
+{
+ ace->mask = mask;
+ ace->header.ace_type = NT_ACE_TYPE_ACCESS_ALLOWED;
+ ace->header.ace_flags = 0;
+ ace->header.ace_size = sizeof(uint32_t) * sid->sub_authority_count
+ + __offsetof(nt_access_allowed_ace,sid_start)
+ + __offsetof(nt_sid,sub_authority);
+
+ __ntapi->tt_sid_copy(
+ (nt_sid *)&ace->sid_start,
+ sid);
+
+ return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size);
+}
+
+static void __ipc_sd_init(nt_sd_common_buffer * sd, int fdir)
+{
+ nt_access_allowed_ace * ace;
+ uint32_t mask_system;
+ uint32_t mask_owner;
+ uint32_t mask_other;
+
+ /* access mask */
+ if (fdir) {
+ mask_system = NT_SEC_READ_CONTROL
+ | NT_DIRECTORY_QUERY
+ | NT_DIRECTORY_TRAVERSE
+ | NT_DIRECTORY_CREATE_OBJECT
+ | NT_DIRECTORY_CREATE_SUBDIRECTORY;
+
+ mask_owner = NT_DIRECTORY_ALL_ACCESS;
+ mask_other = mask_system;
+ } else {
+ mask_system = NT_SYMBOLIC_LINK_ALL_ACCESS;
+ mask_owner = NT_SYMBOLIC_LINK_ALL_ACCESS;
+ mask_other = NT_SYMBOLIC_LINK_QUERY;
+ }
+
+ /* sd header */
+ sd->sd.revision = 1;
+ sd->sd.sbz_1st = 0;
+ sd->sd.control = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT;
+ sd->sd.offset_owner = __offsetof(nt_sd_common_buffer,owner);
+ sd->sd.offset_group = 0;
+ sd->sd.offset_dacl = __offsetof(nt_sd_common_buffer,dacl);
+ sd->sd.offset_sacl = 0;
+
+ /* owner sid */
+ __ntapi->tt_sid_copy(
+ (nt_sid *)&sd->owner,
+ __ntapi_internals()->sid);
+
+
+ /* ace's for LOCAL_SYSTEM, AUTHENTICATED_USERS, and process token user */
+ ace = (nt_access_allowed_ace *)&sd->buffer;
+ ace = __ipc_ace_init(ace,mask_system,&(nt_sid){1,1,{{0,0,0,0,0,5}},{18}});
+ ace = __ipc_ace_init(ace,mask_other,&(nt_sid){1,1,{{0,0,0,0,0,5}},{11}});
+ ace = __ipc_ace_init(ace,mask_owner,(nt_sid *)&sd->owner);
+
+ sd->dacl.acl_revision = 0x02;
+ sd->dacl.sbz_1st = 0;
+ sd->dacl.acl_size = (uint16_t)((char *)ace - (char *)&sd->dacl);
+ sd->dacl.ace_count = 3;
+ sd->dacl.sbz_2nd = 0;
+
+}
+
static int32_t __stdcall __tt_create_ipc_object_directory(
__out void ** hdir,
__in uint32_t desired_access,
@@ -28,6 +100,7 @@ static int32_t __stdcall __tt_create_ipc_object_directory(
int32_t status;
nt_ipc_objdir_name objdir_name;
nt_unicode_string name;
+ nt_sd_common_buffer sd;
nt_oa oa;
nt_sqos sqos = {
sizeof(sqos),
@@ -35,6 +108,8 @@ static int32_t __stdcall __tt_create_ipc_object_directory(
NT_SECURITY_TRACKING_DYNAMIC,
1};
+ __ipc_sd_init(&sd,1);
+
__ntapi->tt_generic_memcpy(
&objdir_name,
&__template_name,
@@ -62,7 +137,7 @@ static int32_t __stdcall __tt_create_ipc_object_directory(
oa.obj_attr = NT_OBJ_INHERIT
| NT_OBJ_OPENIF
| NT_OBJ_CASE_INSENSITIVE;
- oa.sec_desc = 0;
+ oa.sec_desc = &sd.sd;
oa.sec_qos = &sqos;
status = __ntapi->zw_create_directory_object(
@@ -84,6 +159,7 @@ static int32_t __stdcall __tt_create_keyed_object_directory(
{
nt_keyed_objdir_name objdir_name;
nt_unicode_string name;
+ nt_sd_common_buffer sd;
nt_oa oa;
nt_sqos sqos = {
sizeof(sqos),
@@ -91,6 +167,8 @@ static int32_t __stdcall __tt_create_keyed_object_directory(
NT_SECURITY_TRACKING_DYNAMIC,
1};
+ __ipc_sd_init(&sd,1);
+
__ntapi->tt_generic_memcpy(
&objdir_name,
&__template_name,
@@ -120,7 +198,7 @@ static int32_t __stdcall __tt_create_keyed_object_directory(
oa.root_dir = 0;
oa.obj_name = &name;
oa.obj_attr = NT_OBJ_INHERIT;
- oa.sec_desc = 0;
+ oa.sec_desc = &sd.sd;
oa.sec_qos = &sqos;
return openfn(hdir,desired_access,&oa);
@@ -138,6 +216,7 @@ static int32_t __stdcall __tt_create_object_directory_entry(
int32_t status;
nt_oa oa;
nt_unicode_string name;
+ nt_sd_common_buffer sd;
wchar16_t keystr[8];
uintptr_t buffer[2048/sizeof(uintptr_t)];
nt_sqos sqos = {
@@ -155,6 +234,7 @@ static int32_t __stdcall __tt_create_object_directory_entry(
target_name = (nt_unicode_string *)buffer;
}
+ __ipc_sd_init(&sd,0);
__ntapi->tt_uint32_to_hex_utf16(key,keystr);
name.strlen = sizeof(keystr);
@@ -165,7 +245,7 @@ static int32_t __stdcall __tt_create_object_directory_entry(
oa.root_dir = hdir;
oa.obj_name = &name;
oa.obj_attr = 0;
- oa.sec_desc = 0;
+ oa.sec_desc = &sd.sd;
oa.sec_qos = &sqos;
return __ntapi->zw_create_symbolic_link_object(