Implement some ACE functions
Robert Shearman
R.J.Shearman at warwick.ac.uk
Tue Apr 1 15:12:50 CST 2003
The fixme's were just annoying me so I implemented these functions.
ChangeLog:
- Implemented RtlAddAccessAllowedAce, RtlAddAccessDeniedAce, RtlAddAce,
RtlValidAcl
- Added the corresponding functions in advapi32
- Grouped the ACL functions in advapi32
Rob
-------------- next part --------------
--- wine/dlls/ntdll/sec.c Fri Dec 13 16:05:34 2002
+++ newwine/dlls/ntdll/sec.c Tue Apr 1 00:33:16 2003
@@ -636,15 +636,114 @@
/******************************************************************************
* RtlAddAccessAllowedAce [NTDLL.@]
*/
-BOOL WINAPI RtlAddAccessAllowedAce(
+NTSTATUS WINAPI RtlAddAccessAllowedAce(
IN OUT PACL pAcl,
IN DWORD dwAceRevision,
IN DWORD AccessMask,
IN PSID pSid)
{
- FIXME("(%p,0x%08lx,0x%08lx,%p),stub!\n",
- pAcl, dwAceRevision, AccessMask, pSid);
- return TRUE;
+ DWORD dwLengthSid;
+ ACCESS_ALLOWED_ACE * pAaAce;
+ DWORD dwSpaceLeft;
+
+ TRACE("(%p,0x%08lx,0x%08lx,%p)\n",
+ pAcl, dwAceRevision, AccessMask, pSid);
+
+ if (!RtlValidSid(pSid))
+ return STATUS_INVALID_SID;
+ if (!RtlValidAcl(pAcl))
+ return STATUS_INVALID_ACL;
+
+ dwLengthSid = RtlLengthSid(pSid);
+ if (!RtlFirstFreeAce(pAcl, (PACE_HEADER *) &pAaAce))
+ return STATUS_INVALID_ACL;
+
+ if (!pAaAce)
+ return STATUS_ALLOTTED_SPACE_EXCEEDED;
+
+ dwSpaceLeft = (DWORD)pAcl + pAcl->AclSize - (DWORD)pAaAce;
+ if (dwSpaceLeft < sizeof(*pAaAce) - sizeof(pAaAce->SidStart) + dwLengthSid)
+ return STATUS_ALLOTTED_SPACE_EXCEEDED;
+
+ pAaAce->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
+ pAaAce->Header.AceFlags = 0;
+ pAaAce->Header.AceSize = sizeof(*pAaAce) - sizeof(pAaAce->SidStart) + dwLengthSid;
+ pAaAce->Mask = AccessMask;
+ pAcl->AceCount++;
+ RtlCopySid(dwLengthSid, (PSID)&pAaAce->SidStart, pSid);
+ return STATUS_SUCCESS;
+}
+
+/******************************************************************************
+ * RtlAddAccessDeniedAce [NTDLL.@]
+ */
+NTSTATUS WINAPI RtlAddAccessDeniedAce(
+ IN OUT PACL pAcl,
+ IN DWORD dwAceRevision,
+ IN DWORD AccessMask,
+ IN PSID pSid)
+{
+ DWORD dwLengthSid;
+ DWORD dwSpaceLeft;
+ ACCESS_DENIED_ACE * pAdAce;
+
+ TRACE("(%p,0x%08lx,0x%08lx,%p)\n",
+ pAcl, dwAceRevision, AccessMask, pSid);
+
+ if (!RtlValidSid(pSid))
+ return STATUS_INVALID_SID;
+ if (!RtlValidAcl(pAcl))
+ return STATUS_INVALID_ACL;
+
+ dwLengthSid = RtlLengthSid(pSid);
+ if (!RtlFirstFreeAce(pAcl, (PACE_HEADER *) &pAdAce))
+ return STATUS_INVALID_ACL;
+
+ if (!pAdAce)
+ return STATUS_ALLOTTED_SPACE_EXCEEDED;
+
+ dwSpaceLeft = (DWORD)pAcl + pAcl->AclSize - (DWORD)pAdAce;
+ if (dwSpaceLeft < sizeof(*pAdAce) - sizeof(pAdAce->SidStart) + dwLengthSid)
+ return STATUS_ALLOTTED_SPACE_EXCEEDED;
+
+ pAdAce->Header.AceType = ACCESS_DENIED_ACE_TYPE;
+ pAdAce->Header.AceFlags = 0;
+ pAdAce->Header.AceSize = sizeof(*pAdAce) - sizeof(pAdAce->SidStart) + dwLengthSid;
+ pAdAce->Mask = AccessMask;
+ pAcl->AceCount++;
+ RtlCopySid(dwLengthSid, (PSID)&pAdAce->SidStart, pSid);
+ return STATUS_SUCCESS;
+}
+
+/******************************************************************************
+ * RtlValidAcl [NTDLL.@]
+ */
+UCHAR WINAPI RtlValidAcl(PACL pAcl)
+{
+ TRACE("(%p)\n", pAcl);
+
+ __TRY
+ {
+ PACE_HEADER ace;
+ int i;
+
+ if (pAcl->AclRevision != ACL_REVISION)
+ return 0;
+
+ ace = (PACE_HEADER)(pAcl+1);
+ for (i=0;i<=pAcl->AceCount;i++) {
+ if ((DWORD)ace>(((DWORD)pAcl)+pAcl->AclSize))
+ return 0;
+ ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize);
+ }
+ return 1;
+ }
+ __EXCEPT(page_fault)
+ {
+ WARN("(%p): invalid pointer!\n", pAcl);
+ return 0;
+ }
+ __ENDTRY
}
/******************************************************************************
@@ -652,8 +751,20 @@
*/
DWORD WINAPI RtlGetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
{
- FIXME("(%p,%ld,%p),stub!\n",pAcl,dwAceIndex,pAce);
- return 0;
+ PACE_HEADER ace;
+
+ TRACE("(%p,%ld,%p)\n",pAcl,dwAceIndex,pAce);
+
+ if ((dwAceIndex < 0) || (dwAceIndex > pAcl->AceCount))
+ return STATUS_INVALID_PARAMETER;
+
+ ace = (PACE_HEADER)(pAcl + 1);
+ for (;dwAceIndex;dwAceIndex--)
+ ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize);
+
+ *pAce = (LPVOID) ace;
+
+ return STATUS_SUCCESS;
}
/*
--- wine/include/winternl.h Sun Mar 23 22:46:28 2003
+++ newwine/include/winternl.h Tue Apr 1 00:24:05 2003
@@ -877,8 +877,9 @@
BYTE WINAPI RtlAcquireResourceExclusive(LPRTL_RWLOCK,BYTE);
BYTE WINAPI RtlAcquireResourceShared(LPRTL_RWLOCK,BYTE);
NTSTATUS WINAPI RtlAddAce(PACL,DWORD,DWORD,PACE_HEADER,DWORD);
-BOOL WINAPI RtlAddAccessAllowedAce(PACL,DWORD,DWORD,PSID);
+NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL,DWORD,DWORD,PSID);
BOOL WINAPI RtlAddAccessAllowedAceEx(PACL,DWORD,DWORD,DWORD,PSID);
+NTSTATUS WINAPI RtlAddAccessDeniedAce(PACL,DWORD,DWORD,PSID);
DWORD WINAPI RtlAdjustPrivilege(DWORD,DWORD,DWORD,DWORD);
BOOLEAN WINAPI RtlAllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY,BYTE,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,PSID *);
PVOID WINAPI RtlAllocateHeap(HANDLE,ULONG,ULONG);
@@ -1077,6 +1078,7 @@
void WINAPI RtlUpperString(STRING *,const STRING *);
NTSTATUS WINAPI RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR);
+UCHAR WINAPI RtlValidAcl(PACL);
BOOL WINAPI RtlValidSid(PSID);
BOOLEAN WINAPI RtlValidateHeap(HANDLE,ULONG,LPCVOID);
--- wine/dlls/ntdll/ntdll.spec Sat Mar 22 20:03:00 2003
+++ newwine/dlls/ntdll/ntdll.spec Tue Apr 1 00:40:29 2003
@@ -265,8 +265,8 @@
@ stdcall RtlAcquirePebLock() RtlAcquirePebLock
@ stdcall RtlAcquireResourceExclusive(ptr long) RtlAcquireResourceExclusive
@ stdcall RtlAcquireResourceShared(ptr long) RtlAcquireResourceShared
-@ stdcall RtlAddAccessAllowedAce(long long long long) RtlAddAccessAllowedAce
-@ stub RtlAddAccessDeniedAce
+@ stdcall RtlAddAccessAllowedAce(ptr long long ptr) RtlAddAccessAllowedAce
+@ stdcall RtlAddAccessDeniedAce(ptr long long ptr) RtlAddAccessDeniedAce
@ stdcall RtlAddAce(ptr long long ptr long) RtlAddAce
@ stub RtlAddActionToRXact
@ stub RtlAddAttributeActionToRXact
@@ -552,7 +552,7 @@
@ stdcall RtlUpperChar(long) RtlUpperChar
@ stdcall RtlUpperString(ptr ptr) RtlUpperString
@ stub RtlUsageHeap
-@ stub RtlValidAcl
+@ stdcall RtlValidAcl(ptr) RtlValidAcl
@ stdcall RtlValidSecurityDescriptor(ptr) RtlValidSecurityDescriptor
@ stdcall RtlValidSid(ptr) RtlValidSid
@ stdcall RtlValidateHeap(long long ptr) RtlValidateHeap
--- wine/dlls/advapi32/security.c Tue Apr 1 17:40:40 2003
+++ newwine/dlls/advapi32/security.c Tue Apr 1 18:45:51 2003
@@ -601,6 +601,67 @@
CallWin32ToNt (RtlCreateAcl(acl, size, rev));
}
+/******************************************************************************
+ * AddAccessAllowedAce [ADVAPI32.@]
+ */
+BOOL WINAPI AddAccessAllowedAce(
+ IN OUT PACL pAcl,
+ IN DWORD dwAceRevision,
+ IN DWORD AccessMask,
+ IN PSID pSid)
+{
+ CallWin32ToNt(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
+}
+
+/******************************************************************************
+ * AddAccessDeniedAce [ADVAPI32.@]
+ */
+BOOL WINAPI AddAccessDeniedAce(
+ IN OUT PACL pAcl,
+ IN DWORD dwAceRevision,
+ IN DWORD AccessMask,
+ IN PSID pSid)
+{
+ CallWin32ToNt(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
+}
+
+/******************************************************************************
+ * AddAccessDeniedAce [ADVAPI32.@]
+ */
+BOOL WINAPI AddAce(
+ IN OUT PACL pAcl,
+ IN DWORD dwAceRevision,
+ IN DWORD dwStartingAceIndex,
+ LPVOID pAceList,
+ DWORD nAceListLength)
+{
+ CallWin32ToNt(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
+}
+
+/******************************************************************************
+ * FindFirstFreeAce [ADVAPI32.@]
+ */
+BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
+{
+ return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
+}
+
+/******************************************************************************
+ * GetAce [ADVAPI32.@]
+ */
+BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
+{
+ CallWin32ToNt(RtlGetAce(pAcl, dwAceIndex, pAce));
+}
+
+/******************************************************************************
+ * IsValidAcl [ADVAPI32.@]
+ */
+BOOL WINAPI IsValidAcl(IN PACL pAcl)
+{
+ return RtlValidAcl(pAcl);
+}
+
/* ##############################
###### MISC FUNCTIONS ######
##############################
@@ -1048,18 +1109,6 @@
}
/******************************************************************************
- * AddAccessAllowedAce [ADVAPI32.@]
- */
-BOOL WINAPI AddAccessAllowedAce(
- IN OUT PACL pAcl,
- IN DWORD dwAceRevision,
- IN DWORD AccessMask,
- IN PSID pSid)
-{
- return RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid);
-}
-
-/******************************************************************************
* LookupAccountNameA [ADVAPI32.@]
*/
BOOL WINAPI
@@ -1077,14 +1126,6 @@
}
/******************************************************************************
- * GetAce [ADVAPI32.@]
- */
-BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
-{
- CallWin32ToNt(RtlGetAce(pAcl, dwAceIndex, pAce));
-}
-
-/******************************************************************************
* PrivilegeCheck [ADVAPI32.@]
*/
BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
--- wine/dlls/advapi32/advapi32.spec Tue Apr 1 21:52:51 2003
+++ newwine/dlls/advapi32/advapi32.spec Tue Apr 1 21:55:38 2003
@@ -6,8 +6,8 @@
@ stub AccessCheckByType #(ptr ptr long long ptr long ptr ptr ptr ptr ptr) AccessCheckByType
@ stdcall AddAccessAllowedAce (ptr long long ptr)
@ stub AddAccessAllowedAceEx #(ptr long long long ptr) AddAccessAllowedAceEx
-@ stub AddAccessDeniedAce
-@ stub AddAce
+@ stdcall AddAccessDeniedAce (ptr long long ptr)
+@ stdcall AddAce(ptr long long ptr long)
@ stub AddAuditAccessAce
@ stub AdjustTokenGroups
@ stdcall AdjustTokenPrivileges(long long ptr long ptr ptr)
@@ -87,7 +87,7 @@
@ stdcall EnumServicesStatusW (long long long ptr long ptr ptr ptr)
@ stdcall EqualPrefixSid(ptr ptr)
@ stdcall EqualSid(ptr ptr)
-@ stub FindFirstFreeAce
+@ stdcall FindFirstFreeAce(ptr ptr)
@ stdcall FreeSid(ptr)
@ stdcall GetAce(ptr long ptr)
@ stub GetAclInformation
@@ -135,7 +135,7 @@
@ stub IsProcessRestricted
@ stdcall IsTextUnicode(ptr long ptr) ntdll.RtlIsTextUnicode
@ stub IsTokenRestricted
-@ stub IsValidAcl
+@ stdcall IsValidAcl(ptr)
@ stdcall IsValidSecurityDescriptor(ptr)
@ stdcall IsValidSid(ptr)
@ stdcall LockServiceDatabase(ptr)
More information about the wine-patches
mailing list