Hans Leidekker : advapi32: Support parsing mandatory label ACE strings.
Alexandre Julliard
julliard at wine.codeweavers.com
Fri Apr 17 04:22:21 CDT 2015
Module: wine
Branch: master
Commit: 985e226c07c3d1dce70ee2794bab29c37188ea96
URL: http://source.winehq.org/git/wine.git/?a=commit;h=985e226c07c3d1dce70ee2794bab29c37188ea96
Author: Hans Leidekker <hans at codeweavers.com>
Date: Thu Apr 16 17:02:29 2015 +0200
advapi32: Support parsing mandatory label ACE strings.
---
dlls/advapi32/security.c | 10 ++++++++++
dlls/advapi32/tests/security.c | 7 +++++++
include/winnt.h | 11 +++++++++++
3 files changed, 28 insertions(+)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index 2cd3f74..d27b2e7 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -311,6 +311,10 @@ static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
+static const WCHAR SDDL_NO_READ_UP[] = {'N','R',0};
+static const WCHAR SDDL_NO_WRITE_UP[] = {'N','W',0};
+static const WCHAR SDDL_NO_EXECUTE_UP[] = {'N','X',0};
+
/*
* ACL flags
*/
@@ -325,6 +329,7 @@ static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
static const WCHAR SDDL_AUDIT[] = {'A','U',0};
static const WCHAR SDDL_ALARM[] = {'A','L',0};
+static const WCHAR SDDL_MANDATORY_LABEL[] = {'M','L',0};
/*
* ACE flags
@@ -4147,6 +4152,7 @@ static const ACEFLAG AceType[] =
{ SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
{ SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
{ SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
+ { SDDL_MANDATORY_LABEL,SYSTEM_MANDATORY_LABEL_ACE_TYPE },
/*
{ SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
{ SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
@@ -4257,6 +4263,10 @@ static const ACEFLAG AceRights[] =
{ SDDL_KEY_READ, KEY_READ },
{ SDDL_KEY_WRITE, KEY_WRITE },
{ SDDL_KEY_EXECUTE, KEY_EXECUTE },
+
+ { SDDL_NO_READ_UP, SYSTEM_MANDATORY_LABEL_NO_READ_UP },
+ { SDDL_NO_WRITE_UP, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP },
+ { SDDL_NO_EXECUTE_UP, SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP },
{ NULL, 0 },
};
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 466100d..b43f212 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3901,6 +3901,13 @@ static void test_ConvertStringSecurityDescriptor(void)
Blank, SDDL_REVISION_1, &pSD, NULL);
ok(ret, "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %d\n", GetLastError());
LocalFree(pSD);
+
+ SetLastError(0xdeadbeef);
+ ret = pConvertStringSecurityDescriptorToSecurityDescriptorA(
+ "D:P(A;;GRGW;;;BA)(A;;GRGW;;;S-1-5-21-0-0-0-1000)S:(ML;;NWNR;;;S-1-16-12288)", SDDL_REVISION_1, &pSD, NULL);
+ ok(ret || broken(!ret && GetLastError() == ERROR_INVALID_DATATYPE) /* win2k */,
+ "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %u\n", GetLastError());
+ if (ret) LocalFree(pSD);
}
static void test_ConvertSecurityDescriptorToString(void)
diff --git a/include/winnt.h b/include/winnt.h
index c2aa50e..9b08544 100644
--- a/include/winnt.h
+++ b/include/winnt.h
@@ -4445,6 +4445,7 @@ typedef struct _ACE_HEADER {
#define ACCESS_DENIED_ACE_TYPE 1
#define SYSTEM_AUDIT_ACE_TYPE 2
#define SYSTEM_ALARM_ACE_TYPE 3
+#define SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11
/* inherit AceFlags */
#define OBJECT_INHERIT_ACE 0x01
@@ -4489,6 +4490,16 @@ typedef struct _SYSTEM_ALARM_ACE {
DWORD SidStart;
} SYSTEM_ALARM_ACE,*PSYSTEM_ALARM_ACE;
+typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ DWORD SidStart;
+} SYSTEM_MANDATORY_LABEL_ACE,*PSYSTEM_MANDATORY_LABEL_ACE;
+
+#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
+#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
+#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
+
typedef enum tagSID_NAME_USE {
SidTypeUser = 1,
SidTypeGroup,
More information about the wine-cvs
mailing list