From 51f7759e1de67214775df7ac2c671d308ed67888 Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Sat, 7 Dec 2019 17:04:32 +0000
Subject: acl: __ntapi_acl_init_common_descriptor(): allow specification of ace
 flags.

---
 include/ntapi/nt_acl.h     |  3 ++-
 src/acl/ntapi_acl_helper.c | 16 +++++++++-------
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/include/ntapi/nt_acl.h b/include/ntapi/nt_acl.h
index c0ebb9f..1daa406 100644
--- a/include/ntapi/nt_acl.h
+++ b/include/ntapi/nt_acl.h
@@ -164,7 +164,8 @@ typedef void    __stdcall ntapi_acl_init_common_descriptor(
 	__in	uint32_t		group_access,
 	__in	uint32_t		other_access,
 	__in	uint32_t		admin_access,
-	__in	uint32_t		system_access);
+	__in	uint32_t		system_access,
+	__in	uint32_t		ace_flags);
 
 typedef int32_t __stdcall ntapi_acl_init_common_descriptor_meta(
 	__out	nt_sd_common_meta *	meta,
diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c
index 3059cdc..455ef1f 100644
--- a/src/acl/ntapi_acl_helper.c
+++ b/src/acl/ntapi_acl_helper.c
@@ -24,6 +24,7 @@ static nt_access_allowed_ace * __acl_ace_init(
 	nt_access_allowed_ace * ace,
 	uint32_t		mask,
 	const nt_sid *		sid,
+	uint32_t		flags,
 	uint16_t *		aces)
 {
 	if (mask == 0)
@@ -31,7 +32,7 @@ static nt_access_allowed_ace * __acl_ace_init(
 
 	ace->mask             = mask;
 	ace->header.ace_type  = NT_ACE_TYPE_ACCESS_ALLOWED;
-	ace->header.ace_flags = 0;
+	ace->header.ace_flags = flags;
 	ace->header.ace_size  = sizeof(uint32_t) * sid->sub_authority_count
 	                        + __offsetof(nt_access_allowed_ace,sid_start)
 	                        + __offsetof(nt_sid,sub_authority);
@@ -55,7 +56,8 @@ void __stdcall __ntapi_acl_init_common_descriptor(
 	__in	uint32_t		group_access,
 	__in	uint32_t		other_access,
 	__in	uint32_t		admin_access,
-	__in	uint32_t		system_access)
+	__in	uint32_t		system_access,
+	__in	uint32_t		ace_flags)
 {
 	nt_access_allowed_ace * ace;
 	uint16_t                ace_count        = 0;
@@ -87,14 +89,14 @@ void __stdcall __ntapi_acl_init_common_descriptor(
 
 	/* ace's */
 	ace = (nt_access_allowed_ace *)&sd->buffer;
-	ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count);
-	ace = __acl_ace_init(ace,owner_access,&sid_owner_rights,&ace_count);
-	ace = __acl_ace_init(ace,group_access,group,&ace_count);
-	ace = __acl_ace_init(ace,other_access,other,&ace_count);
+	ace = __acl_ace_init(ace,system_access,&sid_system,ace_flags,&ace_count);
+	ace = __acl_ace_init(ace,owner_access,&sid_owner_rights,ace_flags,&ace_count);
+	ace = __acl_ace_init(ace,group_access,group,ace_flags,&ace_count);
+	ace = __acl_ace_init(ace,other_access,other,ace_flags,&ace_count);
 
 	if (admin_access) {
 		admin = admin ? admin : (nt_sid *)&sid_admins;
-		ace   = __acl_ace_init(ace,admin_access,admin,&ace_count);
+		ace   = __acl_ace_init(ace,admin_access,admin,ace_flags,&ace_count);
 	}
 
 	/* dacl */
-- 
cgit v1.2.3