From 60ddd3f92f51e3b0bf1379ded0daed101dc30410 Mon Sep 17 00:00:00 2001 From: midipix Date: Wed, 21 Mar 2018 01:47:38 +0000 Subject: acl helper interfaces: added ntapi_acl_init_common_descriptor(). --- src/acl/ntapi_acl_helper.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++ src/internal/ntapi.c | 3 ++ src/internal/ntapi_fnapi.h | 3 ++ 3 files changed, 97 insertions(+) create mode 100644 src/acl/ntapi_acl_helper.c (limited to 'src') diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c new file mode 100644 index 0000000..c1a8dc8 --- /dev/null +++ b/src/acl/ntapi_acl_helper.c @@ -0,0 +1,91 @@ +/********************************************************/ +/* ntapi: Native API core library */ +/* Copyright (C) 2013--2017 Z. Gilboa */ +/* Released under GPLv2 and GPLv3; see COPYING.NTAPI. */ +/********************************************************/ + +#include +#include +#include +#include +#include "ntapi_impl.h" + +#define __SID_SYSTEM {1,1,{{0,0,0,0,0,5}},{18}} +#define __SID_OWNER_RIGHTS {1,1,{{0,0,0,0,0,3}},{4}} +#define __SID_AUTHENTICATED_USERS {1,1,{{0,0,0,0,0,5}},{11}} + +static nt_access_allowed_ace * __acl_ace_init( + nt_access_allowed_ace * ace, + uint32_t mask, + const nt_sid * sid, + uint16_t * aces) +{ + if (mask == 0) + return ace; + + ace->mask = mask; + ace->header.ace_type = NT_ACE_TYPE_ACCESS_ALLOWED; + ace->header.ace_flags = 0; + ace->header.ace_size = sizeof(uint32_t) * sid->sub_authority_count + + __offsetof(nt_access_allowed_ace,sid_start) + + __offsetof(nt_sid,sub_authority); + + __ntapi->tt_sid_copy( + (nt_sid *)&ace->sid_start, + sid); + + (*aces)++; + + return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size); +} + +void __stdcall __ntapi_acl_init_common_descriptor( + __out nt_sd_common_buffer * sd, + __in const nt_sid * owner, + __in const nt_sid * group, + __in const nt_sid * other, + __in uint32_t owner_access, + __in uint32_t group_access, + __in uint32_t other_access, + __in uint32_t system_access) +{ + nt_access_allowed_ace * ace; + uint16_t ace_count = 0; + nt_sid sid_system = __SID_SYSTEM; + nt_sid sid_owner_rights = __SID_OWNER_RIGHTS; + nt_sid sid_auth_users = __SID_AUTHENTICATED_USERS; + + /* sd header */ + sd->sd.revision = 1; + sd->sd.sbz_1st = 0; + sd->sd.control = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT; + sd->sd.offset_owner = __offsetof(nt_sd_common_buffer,owner); + sd->sd.offset_group = 0; + sd->sd.offset_dacl = __offsetof(nt_sd_common_buffer,dacl); + sd->sd.offset_sacl = 0; + + /* owner, group, other: default sid's */ + owner = owner ? owner : __ntapi_internals()->sid; + group = group ? group : &sid_owner_rights; + other = other ? other : &sid_auth_users; + + /* owner sid */ + __ntapi->tt_sid_copy( + (nt_sid *)&sd->owner, + owner); + + /* ace's */ + ace = (nt_access_allowed_ace *)&sd->buffer; + ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count); + ace = __acl_ace_init(ace,owner_access,owner,&ace_count); + ace = __acl_ace_init(ace,group_access,group,&ace_count); + ace = __acl_ace_init(ace,other_access,other,&ace_count); + + /* dacl */ + sd->dacl.acl_revision = 0x02; + sd->dacl.sbz_1st = 0; + sd->dacl.acl_size = (uint16_t)((char *)ace - (char *)&sd->dacl); + sd->dacl.ace_count = ace_count; + sd->dacl.sbz_2nd = 0; + +} diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c index 88f3f14..6421cb1 100644 --- a/src/internal/ntapi.c +++ b/src/internal/ntapi.c @@ -350,6 +350,9 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) __ntapi->dsr_connect_internal_client = __ntapi_dsr_connect_internal_client; __ntapi->dsr_internal_client_connect = __ntapi_dsr_internal_client_connect; + /* nt_acl.h */ + __ntapi->acl_init_common_descriptor = __ntapi_acl_init_common_descriptor; + /* nt_vfd.h */ __ntapi->vfd_dev_name_init = __ntapi_vfd_dev_name_init; diff --git a/src/internal/ntapi_fnapi.h b/src/internal/ntapi_fnapi.h index 901ecd6..c8567f1 100644 --- a/src/internal/ntapi_fnapi.h +++ b/src/internal/ntapi_fnapi.h @@ -219,6 +219,9 @@ ntapi_dsr_create_port __ntapi_dsr_create_port; ntapi_dsr_connect_internal_client __ntapi_dsr_connect_internal_client; ntapi_dsr_internal_client_connect __ntapi_dsr_internal_client_connect; +/* nt_acl.h */ +ntapi_acl_init_common_descriptor __ntapi_acl_init_common_descriptor; + /* nt_vfd.h */ ntapi_vfd_dev_name_init __ntapi_vfd_dev_name_init; -- cgit v1.2.3