From 60ddd3f92f51e3b0bf1379ded0daed101dc30410 Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Wed, 21 Mar 2018 01:47:38 +0000
Subject: acl helper interfaces: added ntapi_acl_init_common_descriptor().

---
 src/acl/ntapi_acl_helper.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++
 src/internal/ntapi.c       |  3 ++
 src/internal/ntapi_fnapi.h |  3 ++
 3 files changed, 97 insertions(+)
 create mode 100644 src/acl/ntapi_acl_helper.c

(limited to 'src')

diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c
new file mode 100644
index 0000000..c1a8dc8
--- /dev/null
+++ b/src/acl/ntapi_acl_helper.c
@@ -0,0 +1,91 @@
+/********************************************************/
+/*  ntapi: Native API core library                      */
+/*  Copyright (C) 2013--2017  Z. Gilboa                 */
+/*  Released under GPLv2 and GPLv3; see COPYING.NTAPI.  */
+/********************************************************/
+
+#include <psxtypes/psxtypes.h>
+#include <ntapi/nt_status.h>
+#include <ntapi/nt_object.h>
+#include <ntapi/nt_acl.h>
+#include "ntapi_impl.h"
+
+#define __SID_SYSTEM			{1,1,{{0,0,0,0,0,5}},{18}}
+#define __SID_OWNER_RIGHTS		{1,1,{{0,0,0,0,0,3}},{4}}
+#define __SID_AUTHENTICATED_USERS	{1,1,{{0,0,0,0,0,5}},{11}}
+
+static nt_access_allowed_ace * __acl_ace_init(
+	nt_access_allowed_ace * ace,
+	uint32_t		mask,
+	const nt_sid *		sid,
+	uint16_t *		aces)
+{
+	if (mask == 0)
+		return ace;
+
+	ace->mask             = mask;
+	ace->header.ace_type  = NT_ACE_TYPE_ACCESS_ALLOWED;
+	ace->header.ace_flags = 0;
+	ace->header.ace_size  = sizeof(uint32_t) * sid->sub_authority_count
+	                        + __offsetof(nt_access_allowed_ace,sid_start)
+	                        + __offsetof(nt_sid,sub_authority);
+
+	__ntapi->tt_sid_copy(
+		(nt_sid *)&ace->sid_start,
+		sid);
+
+	(*aces)++;
+
+	return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size);
+}
+
+void __stdcall __ntapi_acl_init_common_descriptor(
+	__out	nt_sd_common_buffer *	sd,
+	__in	const nt_sid *		owner,
+	__in	const nt_sid *		group,
+	__in	const nt_sid *		other,
+	__in	uint32_t		owner_access,
+	__in	uint32_t		group_access,
+	__in	uint32_t		other_access,
+	__in	uint32_t		system_access)
+{
+	nt_access_allowed_ace * ace;
+	uint16_t                ace_count        = 0;
+	nt_sid                  sid_system       = __SID_SYSTEM;
+	nt_sid                  sid_owner_rights = __SID_OWNER_RIGHTS;
+	nt_sid                  sid_auth_users   = __SID_AUTHENTICATED_USERS;
+
+	/* sd header */
+	sd->sd.revision         = 1;
+	sd->sd.sbz_1st          = 0;
+	sd->sd.control          = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT;
+	sd->sd.offset_owner     = __offsetof(nt_sd_common_buffer,owner);
+	sd->sd.offset_group     = 0;
+	sd->sd.offset_dacl      = __offsetof(nt_sd_common_buffer,dacl);
+	sd->sd.offset_sacl      = 0;
+
+	/* owner, group, other: default sid's */
+	owner = owner ? owner : __ntapi_internals()->sid;
+	group = group ? group : &sid_owner_rights;
+	other = other ? other : &sid_auth_users;
+
+	/* owner sid */
+	__ntapi->tt_sid_copy(
+		(nt_sid *)&sd->owner,
+		owner);
+
+	/* ace's */
+	ace = (nt_access_allowed_ace *)&sd->buffer;
+	ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count);
+	ace = __acl_ace_init(ace,owner_access,owner,&ace_count);
+	ace = __acl_ace_init(ace,group_access,group,&ace_count);
+	ace = __acl_ace_init(ace,other_access,other,&ace_count);
+
+	/* dacl */
+	sd->dacl.acl_revision   = 0x02;
+	sd->dacl.sbz_1st        = 0;
+	sd->dacl.acl_size       = (uint16_t)((char *)ace - (char *)&sd->dacl);
+	sd->dacl.ace_count      = ace_count;
+	sd->dacl.sbz_2nd        = 0;
+
+}
diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c
index 88f3f14..6421cb1 100644
--- a/src/internal/ntapi.c
+++ b/src/internal/ntapi.c
@@ -350,6 +350,9 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl)
 	__ntapi->dsr_connect_internal_client			= __ntapi_dsr_connect_internal_client;
 	__ntapi->dsr_internal_client_connect			= __ntapi_dsr_internal_client_connect;
 
+	/* nt_acl.h */
+	__ntapi->acl_init_common_descriptor			= __ntapi_acl_init_common_descriptor;
+
 	/* nt_vfd.h */
 	__ntapi->vfd_dev_name_init				= __ntapi_vfd_dev_name_init;
 
diff --git a/src/internal/ntapi_fnapi.h b/src/internal/ntapi_fnapi.h
index 901ecd6..c8567f1 100644
--- a/src/internal/ntapi_fnapi.h
+++ b/src/internal/ntapi_fnapi.h
@@ -219,6 +219,9 @@ ntapi_dsr_create_port				__ntapi_dsr_create_port;
 ntapi_dsr_connect_internal_client		__ntapi_dsr_connect_internal_client;
 ntapi_dsr_internal_client_connect		__ntapi_dsr_internal_client_connect;
 
+/* nt_acl.h */
+ntapi_acl_init_common_descriptor		__ntapi_acl_init_common_descriptor;
+
 /* nt_vfd.h */
 ntapi_vfd_dev_name_init				__ntapi_vfd_dev_name_init;
 
-- 
cgit v1.2.3