acledit.c File Reference

#include <ntrtlp.h>
#include <seopaque.h>

Go to the source code of this file.

Defines
#define	FirstAce(Acl)   ((PVOID)((PUCHAR)(Acl) + sizeof(ACL)))
#define	NextAce(Ace)   ((PVOID)((PUCHAR)(Ace) + ((PACE_HEADER)(Ace))->AceSize))
#define	LongAligned(ptr)   (LongAlign(ptr) == ((PVOID)(ptr)))
#define	WordAligned(ptr)   (WordAlign(ptr) == ((PVOID)(ptr)))
Functions
VOID	RtlpAddData (IN PVOID From, IN ULONG FromSize, IN PVOID To, IN ULONG ToSize)
VOID	RtlpDeleteData (IN PVOID Data, IN ULONG RemoveSize, IN ULONG TotalSize)
NTSTATUS	RtlCreateAcl (IN PACL Acl, IN ULONG AclLength, IN ULONG AclRevision)
BOOLEAN	RtlValidAcl (IN PACL Acl)
NTSTATUS	RtlQueryInformationAcl (IN PACL Acl, OUT PVOID AclInformation, IN ULONG AclInformationLength, IN ACL_INFORMATION_CLASS AclInformationClass)
NTSTATUS	RtlSetInformationAcl (IN PACL Acl, IN PVOID AclInformation, IN ULONG AclInformationLength, IN ACL_INFORMATION_CLASS AclInformationClass)
NTSTATUS	RtlAddAce (IN OUT PACL Acl, IN ULONG AceRevision, IN ULONG StartingAceIndex, IN PVOID AceList, IN ULONG AceListLength)
NTSTATUS	RtlDeleteAce (IN OUT PACL Acl, IN ULONG AceIndex)
NTSTATUS	RtlGetAce (IN PACL Acl, ULONG AceIndex, OUT PVOID *Ace)
NTSTATUS	RtlAddCompoundAce (IN PACL Acl, IN ULONG AceRevision, IN UCHAR CompoundAceType, IN ACCESS_MASK AccessMask, IN PSID ServerSid, IN PSID ClientSid)
NTSTATUS	RtlpAddKnownAce (IN OUT PACL Acl, IN ULONG AceRevision, IN ULONG AceFlags, IN ACCESS_MASK AccessMask, IN PSID Sid, IN UCHAR NewType)
NTSTATUS	RtlpAddKnownObjectAce (IN OUT PACL Acl, IN ULONG AceRevision, IN ULONG AceFlags, IN ACCESS_MASK AccessMask, IN GUID *ObjectTypeGuid OPTIONAL, IN GUID *InheritedObjectTypeGuid OPTIONAL, IN PSID Sid, IN UCHAR NewType)
NTSTATUS	RtlAddAccessAllowedAce (IN OUT PACL Acl, IN ULONG AceRevision, IN ACCESS_MASK AccessMask, IN PSID Sid)
NTSTATUS	RtlAddAccessAllowedAceEx (IN OUT PACL Acl, IN ULONG AceRevision, IN ULONG AceFlags, IN ACCESS_MASK AccessMask, IN PSID Sid)
NTSTATUS	RtlAddAccessDeniedAce (IN OUT PACL Acl, IN ULONG AceRevision, IN ACCESS_MASK AccessMask, IN PSID Sid)
NTSTATUS	RtlAddAccessDeniedAceEx (IN OUT PACL Acl, IN ULONG AceRevision, IN ULONG AceFlags, IN ACCESS_MASK AccessMask, IN PSID Sid)
NTSTATUS	RtlAddAuditAccessAce (IN OUT PACL Acl, IN ULONG AceRevision, IN ACCESS_MASK AccessMask, IN PSID Sid, IN BOOLEAN AuditSuccess, IN BOOLEAN AuditFailure)
NTSTATUS	RtlAddAuditAccessAceEx (IN OUT PACL Acl, IN ULONG AceRevision, IN ULONG AceFlags, IN ACCESS_MASK AccessMask, IN PSID Sid, IN BOOLEAN AuditSuccess, IN BOOLEAN AuditFailure)
NTSTATUS	RtlAddAccessAllowedObjectAce (IN OUT PACL Acl, IN ULONG AceRevision, IN ULONG AceFlags, IN ACCESS_MASK AccessMask, IN GUID *ObjectTypeGuid OPTIONAL, IN GUID *InheritedObjectTypeGuid OPTIONAL, IN PSID Sid)
NTSTATUS	RtlAddAccessDeniedObjectAce (IN OUT PACL Acl, IN ULONG AceRevision, IN ULONG AceFlags, IN ACCESS_MASK AccessMask, IN GUID *ObjectTypeGuid OPTIONAL, IN GUID *InheritedObjectTypeGuid OPTIONAL, IN PSID Sid)
NTSTATUS	RtlAddAuditAccessObjectAce (IN OUT PACL Acl, IN ULONG AceRevision, IN ULONG AceFlags, IN ACCESS_MASK AccessMask, IN GUID *ObjectTypeGuid OPTIONAL, IN GUID *InheritedObjectTypeGuid OPTIONAL, IN PSID Sid, IN BOOLEAN AuditSuccess, IN BOOLEAN AuditFailure)
BOOLEAN	RtlFirstFreeAce (IN PACL Acl, OUT PVOID *FirstFree)

---

Define Documentation

#define FirstAce (  Acl   )     ((PVOID)((PUCHAR)(Acl) + sizeof(ACL)))

Definition at line 42 of file acledit.c.

#define LongAligned (  ptr   )     (LongAlign(ptr) == ((PVOID)(ptr)))

Definition at line 56 of file acledit.c. Referenced by RtlValidAcl(), and SeValidSecurityDescriptor().

#define NextAce (  Ace   )     ((PVOID)((PUCHAR)(Ace) + ((PACE_HEADER)(Ace))->AceSize))

Definition at line 54 of file acledit.c.

#define WordAligned (  ptr   )     (WordAlign(ptr) == ((PVOID)(ptr)))

Definition at line 57 of file acledit.c. Referenced by RtlValidAcl().

---

Function Documentation

NTSTATUS RtlAddAccessAllowedAce (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ACCESS_MASK  AccessMask, IN PSID  Sid )

Definition at line 1607 of file acledit.c. References RTL_PAGED_CODE, and RtlpAddKnownAce(). Referenced by CmpHiveRootSecurityDescriptor(), CreateBSMEventSD(), IopApplySystemPartitionProt(), ObpGetDosDevicesProtection(), RtlDefaultNpAcl(), SeMakeAnonymousLogonToken(), SeMakeSystemToken(), SepCreateImpersonationTokenDacl(), SepInitializationPhase1(), SepInitSystemDacls(), SeRmInitPhase1(), and SmbTraceStart(). : This routine adds an ACCESS_ALLOWED ACE to an ACL. This is expected to be a common form of ACL modification. A very bland ACE header is placed in the ACE. It provides no inheritance and no ACE flags. Arguments: Acl - Supplies the Acl being modified AceRevision - Supplies the Acl/Ace revision of the ACE being added AccessMask - The mask of accesses to be granted to the specified SID. Sid - Pointer to the SID being granted access. Return Value: STATUS_SUCCESS - The ACE was successfully added. STATUS_INVALID_ACL - The specified ACL is not properly formed. STATUS_REVISION_MISMATCH - The specified revision is not known or is incompatible with that of the ACL. STATUS_ALLOTTED_SPACE_EXCEEDED - The new ACE does not fit into the ACL. A larger ACL buffer is required. STATUS_INVALID_SID - The provided SID is not a structurally valid SID. --*/ { RTL_PAGED_CODE(); return RtlpAddKnownAce ( Acl, AceRevision, 0, // No inherit flags AccessMask, Sid, ACCESS_ALLOWED_ACE_TYPE ); }

NTSTATUS RtlAddAccessAllowedAceEx (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ULONG  AceFlags, IN ACCESS_MASK  AccessMask, IN PSID  Sid )

Definition at line 1666 of file acledit.c. References RTL_PAGED_CODE, and RtlpAddKnownAce(). Referenced by IopInitializePlugPlayServices(), and IopOpenDeviceParametersSubkey(). : This routine adds an ACCESS_ALLOWED ACE to an ACL. This is expected to be a common form of ACL modification. Arguments: Acl - Supplies the Acl being modified AceRevision - Supplies the Acl/Ace revision of the ACE being added AceFlags - Supplies the inherit flags for the ACE. AccessMask - The mask of accesses to be granted to the specified SID. Sid - Pointer to the SID being granted access. Return Value: STATUS_SUCCESS - The ACE was successfully added. STATUS_INVALID_ACL - The specified ACL is not properly formed. STATUS_REVISION_MISMATCH - The specified revision is not known or is incompatible with that of the ACL. STATUS_ALLOTTED_SPACE_EXCEEDED - The new ACE does not fit into the ACL. A larger ACL buffer is required. STATUS_INVALID_SID - The provided SID is not a structurally valid SID. STATUS_INVALID_PARAMETER - The AceFlags parameter was invalid. --*/ { RTL_PAGED_CODE(); return RtlpAddKnownAce ( Acl, AceRevision, AceFlags, AccessMask, Sid, ACCESS_ALLOWED_ACE_TYPE ); }

NTSTATUS RtlAddAccessAllowedObjectAce (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ULONG  AceFlags, IN ACCESS_MASK  AccessMask, IN GUID *ObjectTypeGuid  OPTIONAL, IN GUID *InheritedObjectTypeGuid  OPTIONAL, IN PSID  Sid )

Definition at line 2008 of file acledit.c. References NULL, RTL_PAGED_CODE, RtlpAddKnownAce(), and RtlpAddKnownObjectAce(). : This routine adds an object specific ACCESS_ALLOWED ACE to an ACL. This is expected to be a common form of ACL modification. Arguments: Acl - Supplies the Acl being modified AceRevision - Supplies the Acl/Ace revision of the ACE being added AceFlags - Supplies the inherit flags for the ACE. AccessMask - The mask of accesses to be granted to the specified SID. ObjectTypeGuid - Supplies the GUID of the object this ACE applies to. If NULL, no object type GUID is placed in the ACE. InheritedObjectTypeGuid - Supplies the GUID of the object type that will inherit this ACE. If NULL, no inherited object type GUID is placed in the ACE. Sid - Pointer to the SID being granted access. Return Value: STATUS_SUCCESS - The ACE was successfully added. STATUS_INVALID_ACL - The specified ACL is not properly formed. STATUS_REVISION_MISMATCH - The specified revision is not known or is incompatible with that of the ACL. STATUS_ALLOTTED_SPACE_EXCEEDED - The new ACE does not fit into the ACL. A larger ACL buffer is required. STATUS_INVALID_SID - The provided SID is not a structurally valid SID. STATUS_INVALID_PARAMETER - The AceFlags parameter was invalid. --*/ { RTL_PAGED_CODE(); // // If no object types are specified, // build a non-object ACE. // if (ObjectTypeGuid == NULL && InheritedObjectTypeGuid == NULL ) { return RtlpAddKnownAce ( Acl, AceRevision, AceFlags, AccessMask, Sid, ACCESS_ALLOWED_ACE_TYPE ); } return RtlpAddKnownObjectAce ( Acl, AceRevision, AceFlags, AccessMask, ObjectTypeGuid, InheritedObjectTypeGuid, Sid, ACCESS_ALLOWED_OBJECT_ACE_TYPE ); }

NTSTATUS RtlAddAccessDeniedAce (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ACCESS_MASK  AccessMask, IN PSID  Sid )

Definition at line 1727 of file acledit.c. References RTL_PAGED_CODE, and RtlpAddKnownAce(). : This routine adds an ACCESS_DENIED ACE to an ACL. This is expected to be a common form of ACL modification. A very bland ACE header is placed in the ACE. It provides no inheritance and no ACE flags. Arguments: Acl - Supplies the Acl being modified AceRevision - Supplies the Acl/Ace revision of the ACE being added AccessMask - The mask of accesses to be denied to the specified SID. Sid - Pointer to the SID being denied access. Return Value: STATUS_SUCCESS - The ACE was successfully added. STATUS_INVALID_ACL - The specified ACL is not properly formed. STATUS_REVISION_MISMATCH - The specified revision is not known or is incompatible with that of the ACL. STATUS_ALLOTTED_SPACE_EXCEEDED - The new ACE does not fit into the ACL. A larger ACL buffer is required. STATUS_INVALID_SID - The provided SID is not a structurally valid SID. --*/ { RTL_PAGED_CODE(); return RtlpAddKnownAce ( Acl, AceRevision, 0, // No inherit flags AccessMask, Sid, ACCESS_DENIED_ACE_TYPE ); }

NTSTATUS RtlAddAccessDeniedAceEx (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ULONG  AceFlags, IN ACCESS_MASK  AccessMask, IN PSID  Sid )

Definition at line 1787 of file acledit.c. References RTL_PAGED_CODE, and RtlpAddKnownAce(). : This routine adds an ACCESS_DENIED ACE to an ACL. This is expected to be a common form of ACL modification. Arguments: Acl - Supplies the Acl being modified AceRevision - Supplies the Acl/Ace revision of the ACE being added AceFlags - Supplies the inherit flags for the ACE. AccessMask - The mask of accesses to be denied to the specified SID. Sid - Pointer to the SID being denied access. Return Value: STATUS_SUCCESS - The ACE was successfully added. STATUS_INVALID_ACL - The specified ACL is not properly formed. STATUS_REVISION_MISMATCH - The specified revision is not known or is incompatible with that of the ACL. STATUS_ALLOTTED_SPACE_EXCEEDED - The new ACE does not fit into the ACL. A larger ACL buffer is required. STATUS_INVALID_SID - The provided SID is not a structurally valid SID. STATUS_INVALID_PARAMETER - The AceFlags parameter was invalid. --*/ { RTL_PAGED_CODE(); return RtlpAddKnownAce ( Acl, AceRevision, AceFlags, AccessMask, Sid, ACCESS_DENIED_ACE_TYPE ); }

NTSTATUS RtlAddAccessDeniedObjectAce (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ULONG  AceFlags, IN ACCESS_MASK  AccessMask, IN GUID *ObjectTypeGuid  OPTIONAL, IN GUID *InheritedObjectTypeGuid  OPTIONAL, IN PSID  Sid )

Definition at line 2095 of file acledit.c. References NULL, RTL_PAGED_CODE, RtlpAddKnownAce(), and RtlpAddKnownObjectAce(). : This routine adds an object specific ACCESS_DENIED ACE to an ACL. This is expected to be a common form of ACL modification. Arguments: Acl - Supplies the Acl being modified AceRevision - Supplies the Acl/Ace revision of the ACE being added AceFlags - Supplies the inherit flags for the ACE. AccessMask - The mask of accesses to be granted to the specified SID. ObjectTypeGuid - Supplies the GUID of the object this ACE applies to. If NULL, no object type GUID is placed in the ACE. InheritedObjectTypeGuid - Supplies the GUID of the object type that will inherit this ACE. If NULL, no inherited object type GUID is placed in the ACE. Sid - Pointer to the SID being denied access. Return Value: STATUS_SUCCESS - The ACE was successfully added. STATUS_INVALID_ACL - The specified ACL is not properly formed. STATUS_REVISION_MISMATCH - The specified revision is not known or is incompatible with that of the ACL. STATUS_ALLOTTED_SPACE_EXCEEDED - The new ACE does not fit into the ACL. A larger ACL buffer is required. STATUS_INVALID_SID - The provided SID is not a structurally valid SID. STATUS_INVALID_PARAMETER - The AceFlags parameter was invalid. --*/ { RTL_PAGED_CODE(); // // If no object types are specified, // build a non-object ACE. // if (ObjectTypeGuid == NULL && InheritedObjectTypeGuid == NULL ) { return RtlpAddKnownAce ( Acl, AceRevision, AceFlags, AccessMask, Sid, ACCESS_DENIED_ACE_TYPE ); } return RtlpAddKnownObjectAce ( Acl, AceRevision, AceFlags, AccessMask, ObjectTypeGuid, InheritedObjectTypeGuid, Sid, ACCESS_DENIED_OBJECT_ACE_TYPE ); }

NTSTATUS RtlAddAce (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ULONG  StartingAceIndex, IN PVOID  AceList, IN ULONG  AceListLength )

Definition at line 718 of file acledit.c. References FirstAce, NextAce, NULL, RTL_PAGED_CODE, RtlFirstFreeAce(), RtlpAddData(), RtlValidAcl(), and USHORT. Referenced by CreateDAclToken(), CreateSecurityDescriptor(), GenerateDescriptor(), IopOpenDeviceParametersSubkey(), main(), RtlCreateAndSetSD(), TestAddAce(), and TestSeAclRtl(). : This routine adds a string of ACEs to an ACL. Arguments: Acl - Supplies the Acl being modified AceRevision - Supplies the Acl/Ace revision of the ACE being added StartingAceIndex - Supplies the ACE index which will be the index of the first ace inserted in the acl. 0 for the beginning of the list and MAXULONG for the end of the list. AceList - Supplies the list of Aces to be added to the Acl AceListLength - Supplies the size, in bytes, of the AceList buffer Return Value: NTSTATUS - STATUS_SUCCESS if successful, and an appropriate error status otherwise --*/ { PVOID FirstFree; PACE_HEADER Ace; ULONG NewAceCount; PVOID AcePosition; ULONG i; UCHAR NewRevision; RTL_PAGED_CODE(); // // Check the ACL structure // if (!RtlValidAcl(Acl)) { return STATUS_INVALID_PARAMETER; } // // Locate the first free ace and check to see that the Acl is // well formed. // if (!RtlFirstFreeAce( Acl, &FirstFree )) { return STATUS_INVALID_PARAMETER; } // // If the AceRevision is greater than the ACL revision, then we want to // increase the ACL revision to be the same as the new ACE revision. // We can do this because our previously defined ACE types ( 0 -> 3 ) have // not changed structure nor been discontinued in the new revision. So // we can bump the revision and the older types will not be misinterpreted. // // Compute what the final revision of the ACL is going to be, and save it // for later so we can update it once we know we're going to succeed. // NewRevision = (UCHAR)AceRevision > Acl->AclRevision ? (UCHAR)AceRevision : Acl->AclRevision; // // Check that the AceList is well formed, we do this by simply zooming // down the Ace list until we're equal to or have exceeded the ace list // length. If we are equal to the length then we're well formed otherwise // we're ill-formed. We'll also calculate how many Ace's there are // in the AceList // // In addition, now we have to make sure that we haven't been handed an // ACE type that is inappropriate for the AceRevision that was passed // in. // for (Ace = AceList, NewAceCount = 0; Ace < (PACE_HEADER)((PUCHAR)AceList + AceListLength); Ace = NextAce( Ace ), NewAceCount++) { // // Ensure the ACL revision allows this ACE type. // if ( Ace->AceType <= ACCESS_MAX_MS_V2_ACE_TYPE ) { // V2 ACE are always valid. } else if ( Ace->AceType <= ACCESS_MAX_MS_V3_ACE_TYPE ) { if ( AceRevision < ACL_REVISION3 ) { return STATUS_INVALID_PARAMETER; } } else if ( Ace->AceType <= ACCESS_MAX_MS_V4_ACE_TYPE ) { if ( AceRevision < ACL_REVISION4 ) { return STATUS_INVALID_PARAMETER; } } } // // Check to see if we've exceeded the ace list length // if (Ace > (PACE_HEADER)((PUCHAR)AceList + AceListLength)) { return STATUS_INVALID_PARAMETER; } // // Check to see if there is enough room in the Acl to store the additional // Ace list // if (FirstFree == NULL || (PUCHAR)FirstFree + AceListLength > (PUCHAR)Acl + Acl->AclSize) { return STATUS_BUFFER_TOO_SMALL; } // // All of the input has checked okay, we now need to locate the position // where to insert the new ace list. We won't check the acl for // validity because we did earlier when got the first free ace position. // AcePosition = FirstAce( Acl ); for (i = 0; i < StartingAceIndex && i < Acl->AceCount; i++) { AcePosition = NextAce( AcePosition ); } // // Now Ace points to where we want to insert the ace list, We do the // insertion by adding ace list to the acl and shoving over the remainder // of the list down the acl. We know this will work because we earlier // check to make sure the new acl list will fit in the acl size // RtlpAddData( AceList, AceListLength, AcePosition, (ULONG) ((PUCHAR)FirstFree - (PUCHAR)AcePosition)); // // Update the Acl Header // Acl->AceCount = (USHORT)(Acl->AceCount + NewAceCount); Acl->AclRevision = NewRevision; // // And return to our caller // return STATUS_SUCCESS; }

NTSTATUS RtlAddAuditAccessAce (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ACCESS_MASK  AccessMask, IN PSID  Sid, IN BOOLEAN  AuditSuccess, IN BOOLEAN  AuditFailure )

Definition at line 1849 of file acledit.c. References RTL_PAGED_CODE, and RtlpAddKnownAce(). Referenced by ObInitSystem(). 01860 : 01861 01862 This routine adds a SYSTEM_AUDIT ACE to an ACL. This is 01863 expected to be a common form of ACL modification. 01864 01865 A very bland ACE header is placed in the ACE. It provides no 01866 inheritance. 01867 01868 Parameters are used to indicate whether auditing is to be performed 01869 on success, failure, or both. 01870 01871 Arguments: 01872 01873 Acl - Supplies the Acl being modified 01874 01875 AceRevision - Supplies the Acl/Ace revision of the ACE being added 01876 01877 AccessMask - The mask of accesses to be denied to the specified SID. 01878 01879 Sid - Pointer to the SID to be audited. 01880 01881 AuditSuccess - If TRUE, indicates successful access attempts are to be 01882 audited. 01883 01884 AuditFailure - If TRUE, indicated failed access attempts are to be 01885 audited. 01886 01887 Return Value: 01888 01889 STATUS_SUCCESS - The ACE was successfully added. 01890 01891 STATUS_INVALID_ACL - The specified ACL is not properly formed. 01892 01893 STATUS_REVISION_MISMATCH - The specified revision is not known 01894 or is incompatible with that of the ACL. 01895 01896 STATUS_ALLOTTED_SPACE_EXCEEDED - The new ACE does not fit into the 01897 ACL. A larger ACL buffer is required. 01898 01899 STATUS_INVALID_SID - The provided SID is not a structurally valid 01900 SID. 01901 01902 --*/ 01903 01904 { 01905 ULONG AceFlags = 0; 01906 RTL_PAGED_CODE(); 01907 01908 if (AuditSuccess) { 01909 AceFlags |= SUCCESSFUL_ACCESS_ACE_FLAG; 01910 } 01911 if (AuditFailure) { 01912 AceFlags |= FAILED_ACCESS_ACE_FLAG; 01913 } 01914 01915 return RtlpAddKnownAce ( 01916 Acl, 01917 AceRevision, 01918 AceFlags, 01919 AccessMask, 01920 Sid, 01921 SYSTEM_AUDIT_ACE_TYPE ); 01922 01923 }

NTSTATUS RtlAddAuditAccessAceEx (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ULONG  AceFlags, IN ACCESS_MASK  AccessMask, IN PSID  Sid, IN BOOLEAN  AuditSuccess, IN BOOLEAN  AuditFailure )

Definition at line 1926 of file acledit.c. References RTL_PAGED_CODE, and RtlpAddKnownAce(). : This routine adds a SYSTEM_AUDIT ACE to an ACL. This is expected to be a common form of ACL modification. A very bland ACE header is placed in the ACE. It provides no inheritance. Parameters are used to indicate whether auditing is to be performed on success, failure, or both. Arguments: Acl - Supplies the Acl being modified AceRevision - Supplies the Acl/Ace revision of the ACE being added AceFlags - Supplies the inherit flags for the ACE. AccessMask - The mask of accesses to be denied to the specified SID. Sid - Pointer to the SID to be audited. AuditSuccess - If TRUE, indicates successful access attempts are to be audited. AuditFailure - If TRUE, indicated failed access attempts are to be audited. Return Value: STATUS_SUCCESS - The ACE was successfully added. STATUS_INVALID_ACL - The specified ACL is not properly formed. STATUS_REVISION_MISMATCH - The specified revision is not known or is incompatible with that of the ACL. STATUS_ALLOTTED_SPACE_EXCEEDED - The new ACE does not fit into the ACL. A larger ACL buffer is required. STATUS_INVALID_SID - The provided SID is not a structurally valid SID. STATUS_INVALID_PARAMETER - The AceFlags parameter was invalid. --*/ { RTL_PAGED_CODE(); if (AuditSuccess) { AceFlags |= SUCCESSFUL_ACCESS_ACE_FLAG; } if (AuditFailure) { AceFlags |= FAILED_ACCESS_ACE_FLAG; } return RtlpAddKnownAce ( Acl, AceRevision, AceFlags, AccessMask, Sid, SYSTEM_AUDIT_ACE_TYPE ); }

NTSTATUS RtlAddAuditAccessObjectAce (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ULONG  AceFlags, IN ACCESS_MASK  AccessMask, IN GUID *ObjectTypeGuid  OPTIONAL, IN GUID *InheritedObjectTypeGuid  OPTIONAL, IN PSID  Sid, IN BOOLEAN  AuditSuccess, IN BOOLEAN  AuditFailure )

Definition at line 2182 of file acledit.c. References NULL, RTL_PAGED_CODE, RtlpAddKnownAce(), and RtlpAddKnownObjectAce(). : This routine adds an object specific ACCESS_DENIED ACE to an ACL. This is expected to be a common form of ACL modification. Arguments: Acl - Supplies the Acl being modified AceRevision - Supplies the Acl/Ace revision of the ACE being added AceFlags - Supplies the inherit flags for the ACE. AccessMask - The mask of accesses to be granted to the specified SID. ObjectTypeGuid - Supplies the GUID of the object this ACE applies to. If NULL, no object type GUID is placed in the ACE. InheritedObjectTypeGuid - Supplies the GUID of the object type that will inherit this ACE. If NULL, no inherited object type GUID is placed in the ACE. Sid - Pointer to the SID to be audited. AuditSuccess - If TRUE, indicates successful access attempts are to be audited. AuditFailure - If TRUE, indicated failed access attempts are to be audited. Return Value: STATUS_SUCCESS - The ACE was successfully added. STATUS_INVALID_ACL - The specified ACL is not properly formed. STATUS_REVISION_MISMATCH - The specified revision is not known or is incompatible with that of the ACL. STATUS_ALLOTTED_SPACE_EXCEEDED - The new ACE does not fit into the ACL. A larger ACL buffer is required. STATUS_INVALID_SID - The provided SID is not a structurally valid SID. STATUS_INVALID_PARAMETER - The AceFlags parameter was invalid. --*/ { RTL_PAGED_CODE(); if (AuditSuccess) { AceFlags |= SUCCESSFUL_ACCESS_ACE_FLAG; } if (AuditFailure) { AceFlags |= FAILED_ACCESS_ACE_FLAG; } // // If no object types are specified, // build a non-object ACE. // if (ObjectTypeGuid == NULL && InheritedObjectTypeGuid == NULL ) { return RtlpAddKnownAce ( Acl, AceRevision, AceFlags, AccessMask, Sid, SYSTEM_AUDIT_ACE_TYPE ); } return RtlpAddKnownObjectAce ( Acl, AceRevision, AceFlags, AccessMask, ObjectTypeGuid, InheritedObjectTypeGuid, Sid, SYSTEM_AUDIT_OBJECT_ACE_TYPE ); }

NTSTATUS RtlAddCompoundAce (  IN PACL  Acl, IN ULONG  AceRevision, IN UCHAR  CompoundAceType, IN ACCESS_MASK  AccessMask, IN PSID  ServerSid, IN PSID  ClientSid )

Definition at line 1098 of file acledit.c. References NULL, RTL_PAGED_CODE, RtlCopySid(), RtlFirstFreeAce(), RtlValidAcl(), RtlValidSid(), SeLengthSid, and USHORT. : This routine adds a KNOWN_COMPOUND_ACE to an ACL. This is expected to be a common form of ACL modification. Arguments: Acl - Supplies the Acl being modified AceRevision - Supplies the Acl/Ace revision of the ACE being added CompoundAceType - Supplies the type of compound ACE being added. Currently the only defined type is COMPOUND_ACE_IMPERSONATION. AccessMask - The mask of accesses to be granted to the specified SID pair. ServerSid - Pointer to the Server SID to be placed in the ACE. ClientSid - Pointer to the Client SID to be placed in the ACE. Return Value: NTSTATUS - STATUS_SUCCESS if successful and an appropriate error status otherwise STATUS_INVALID_PARAMETER - The AceFlags parameter was invalid. --*/ { PVOID FirstFree; USHORT AceSize; PKNOWN_COMPOUND_ACE GrantAce; UCHAR NewRevision; RTL_PAGED_CODE(); // // Validate the structure of the SID // if (!RtlValidSid(ServerSid) || !RtlValidSid(ClientSid)) { return STATUS_INVALID_SID; } // // Check the ACL & ACE revision levels // Compund ACEs become valid in version 3. // if ( Acl->AclRevision > ACL_REVISION4 || AceRevision < ACL_REVISION3 || AceRevision > ACL_REVISION4 ) { return STATUS_REVISION_MISMATCH; } // // Calculate the new revision of the ACL. The new revision is the maximum // of the old revision and and new ACE's revision. This is possible because // the format of previously defined ACEs did not change across revisions. // NewRevision = Acl->AclRevision > (UCHAR)AceRevision ? Acl->AclRevision : (UCHAR)AceRevision; // // Locate the first free ace and check to see that the Acl is // well formed. // if (!RtlValidAcl( Acl )) { return STATUS_INVALID_ACL; } if (!RtlFirstFreeAce( Acl, &FirstFree )) { return STATUS_INVALID_ACL; } // // Check to see if there is enough room in the Acl to store the new // ACE // AceSize = (USHORT)(sizeof(KNOWN_COMPOUND_ACE) - sizeof(ULONG) + SeLengthSid(ClientSid) + SeLengthSid(ServerSid) ); if ( FirstFree == NULL || ((PUCHAR)FirstFree + AceSize > ((PUCHAR)Acl + Acl->AclSize)) ) { return STATUS_ALLOTTED_SPACE_EXCEEDED; } // // Add the ACE to the end of the ACL // GrantAce = (PKNOWN_COMPOUND_ACE)FirstFree; GrantAce->Header.AceFlags = 0; GrantAce->Header.AceType = ACCESS_ALLOWED_COMPOUND_ACE_TYPE; GrantAce->Header.AceSize = AceSize; GrantAce->Mask = AccessMask; GrantAce->CompoundAceType = CompoundAceType; RtlCopySid( SeLengthSid(ServerSid), (PSID)(&GrantAce->SidStart), ServerSid ); RtlCopySid( SeLengthSid(ClientSid), (PSID)(((PCHAR)&GrantAce->SidStart) + SeLengthSid(ServerSid)), ClientSid ); // // Increment the number of ACEs by 1. // Acl->AceCount += 1; // // Adjust the Acl revision, if necessary // Acl->AclRevision = NewRevision; // // And return to our caller // return STATUS_SUCCESS; }

NTSTATUS RtlCreateAcl (  IN PACL  Acl, IN ULONG  AclLength, IN ULONG  AclRevision )

Definition at line 99 of file acledit.c. References RTL_PAGED_CODE, and USHORT. Referenced by CmpHiveRootSecurityDescriptor(), CreateBSMEventSD(), CreateDAclToken(), CreateSecurityDescriptor(), GenerateDescriptor(), IopApplySystemPartitionProt(), IopInitializePlugPlayServices(), IopOpenDeviceParametersSubkey(), main(), ObInitSystem(), ObpGetDosDevicesProtection(), RtlCreateAndSetSD(), RtlDefaultNpAcl(), RtlpComputeMergedAcl2(), RtlpConvertAclToAutoInherit(), RtlpCreateServerAcl(), RtlpInheritAcl2(), SeMakeAnonymousLogonToken(), SeMakeSystemToken(), SepCreateImpersonationTokenDacl(), SepInitializationPhase1(), SepInitSystemDacls(), SeRmInitPhase1(), SmbTraceStart(), TestAddAce(), TestCreateAcl(), TestSeAclRtl(), TestTokenAssignPrimary(), TestTokenCreate(), and TestTokenSet(). : This routine initializes an ACL data structure. After initialization it is an ACL with no ACE (i.e., a deny all access type ACL) Arguments: Acl - Supplies the buffer containing the ACL being initialized AclLength - Supplies the length of the ace buffer in bytes AclRevision - Supplies the revision for this Acl Return Value: NTSTATUS - STATUS_SUCCESS if successful STATUS_BUFFER_TOO_SMALL if the AclLength is too small, STATUS_INVALID_PARAMETER if the revision is out of range --*/ { RTL_PAGED_CODE(); // // Check to see the size of the buffer is large enough to hold at // least the ACL header // if (AclLength < sizeof(ACL)) { // // Buffer to small even for the ACL header // return STATUS_BUFFER_TOO_SMALL; } // // Check to see if the revision is currently valid. Later versions // of this procedure might accept more revision levels // if (AclRevision < MIN_ACL_REVISION || AclRevision > MAX_ACL_REVISION) { // // Revision not current // return STATUS_INVALID_PARAMETER; } if ( AclLength > MAXUSHORT ) { return STATUS_INVALID_PARAMETER; } // // Initialize the ACL // Acl->AclRevision = (UCHAR)AclRevision; // Used to hardwire ACL_REVISION2 here Acl->Sbz1 = 0; Acl->AclSize = (USHORT) (AclLength & 0xfffc); Acl->AceCount = 0; Acl->Sbz2 = 0; // // And return to our caller // return STATUS_SUCCESS; }

NTSTATUS RtlDeleteAce (  IN OUT PACL  Acl, IN ULONG  AceIndex )

Definition at line 895 of file acledit.c. References FirstAce, NextAce, RTL_PAGED_CODE, RtlFirstFreeAce(), RtlpDeleteData(), and RtlValidAcl(). Referenced by CreateDAclToken(), main(), TestDeleteAce(), and TestSeAclRtl(). : This routine deletes one ACE from an ACL. Arguments: Acl - Supplies the Acl being modified AceIndex - Supplies the index of the Ace to delete. Return Value: NTSTATUS - STATUS_SUCCESS if successful and an appropriate error status otherwise --*/ { PVOID FirstFree; PACE_HEADER Ace; ULONG i; RTL_PAGED_CODE(); // // Check the ACL structure // if (!RtlValidAcl(Acl)) { return STATUS_INVALID_PARAMETER; } // // Make sure the AceIndex is within proper range, it's ulong so we know // it can't be negative // if (AceIndex >= Acl->AceCount) { return STATUS_INVALID_PARAMETER; } // // Locate the first free spot, this will tell us how much data // we'll need to colapse. If the results is false then the acl is // ill-formed // if (!RtlFirstFreeAce( Acl, &FirstFree )) { return STATUS_INVALID_PARAMETER; } // // Now locate the ace that we're going to delete. This loop // doesn't need to check the acl for being well formed. // Ace = FirstAce( Acl ); for (i = 0; i < AceIndex; i++) { Ace = NextAce( Ace ); } // // We've found the ace to delete to simply copy over the rest of // the acl over this ace. The delete data procedure also deletes // rest of the string that it's moving over so we don't have to // RtlpDeleteData( Ace, Ace->AceSize, (ULONG) ((PUCHAR)FirstFree - (PUCHAR)Ace)); // // Update the Acl header // Acl->AceCount--; // // And return to our caller // return STATUS_SUCCESS; }

BOOLEAN RtlFirstFreeAce (  IN PACL  Acl, OUT PVOID *  FirstFree )

Definition at line 2599 of file acledit.c. References FALSE, FirstAce, NextAce, NULL, RTL_PAGED_CODE, and TRUE. Referenced by RtlAddAce(), RtlAddCompoundAce(), RtlDeleteAce(), RtlpAddKnownAce(), RtlpAddKnownObjectAce(), RtlpCopyAces(), RtlpGenerateInheritedAce(), RtlpInheritAcl2(), and RtlQueryInformationAcl(). : This routine returns a pointer to the first free byte in an Acl or NULL if the acl is ill-formed. If the Acl is full then the return pointer is to the byte immediately following the acl, and TRUE will be returned. Arguments: Acl - Supplies a pointer to the Acl to examine FirstFree - Receives a pointer to the first free position in the Acl Return Value: BOOLEAN - TRUE if the Acl is well formed and FALSE otherwise --*/ { PACE_HEADER Ace; ULONG i; RTL_PAGED_CODE(); // // To find the first free spot in the Acl we need to search for // the last ace. We do this by zooming down the list until // we've exhausted the ace count or the ace size (which ever comes // first). In the following loop Ace points to the next spot // for an Ace and I is the ace index // *FirstFree = NULL; for ( i=0, Ace = FirstAce( Acl ); i < Acl->AceCount; i++, Ace = NextAce( Ace )) { // // Check to make sure we haven't overrun the Acl buffer // with our Ace pointer. If we have then our input is bogus. // if (Ace >= (PACE_HEADER)((PUCHAR)Acl + Acl->AclSize)) { return FALSE; } } // // Now Ace points to the first free spot in the Acl so set the // output variable and check to make sure it is still in the Acl // or just one beyond the end of the acl (i.e., the acl is full). // if (Ace <= (PACE_HEADER)((PUCHAR)Acl + Acl->AclSize)) { *FirstFree = Ace; } // // The Acl is well formed so return the first free spot we've found // (or NULL if there is no free space for another ACE) // return TRUE; }

NTSTATUS RtlGetAce (  IN PACL  Acl, ULONG  AceIndex, OUT PVOID *  Ace )

Definition at line 996 of file acledit.c. References FirstAce, NextAce, and RTL_PAGED_CODE. Referenced by CmpHiveRootSecurityDescriptor(), IopCreateDefaultDeviceSecurityDescriptor(), IopOpenDeviceParametersSubkey(), main(), ObInitSystem(), ObpGetDosDevicesProtection(), TestGetAce(), and TestSeAclRtl(). : This routine returns a pointer to an ACE in an ACl referenced by ACE index Arguments: Acl - Supplies the ACL being queried AceIndex - Supplies the Ace index to locate Ace - Receives the address of the ACE within the ACL Return Value: NTSTATUS - STATUS_SUCCESS if successful and an appropriate error status otherwise --*/ { ULONG i; RTL_PAGED_CODE(); // // Check the ACL revision level // if (!ValidAclRevision(Acl)) { return STATUS_INVALID_PARAMETER; } // // Check the AceIndex against the Ace count of the Acl, it's ulong so // we know it can't be negative // if (AceIndex >= Acl->AceCount) { return STATUS_INVALID_PARAMETER; } // // To find the Ace requested by zooming down the Ace List. // *Ace = FirstAce( Acl ); for (i = 0; i < AceIndex; i++) { // // Check to make sure we haven't overrun the Acl buffer // with our ace pointer. If we have then our input is bogus // if (*Ace >= (PVOID)((PUCHAR)Acl + Acl->AclSize)) { return STATUS_INVALID_PARAMETER; } // // And move Ace to the next ace position // *Ace = NextAce( *Ace ); } // // Now Ace points to the Ace we're after, but make sure we aren't // beyond the Acl. // if (*Ace >= (PVOID)((PUCHAR)Acl + Acl->AclSize)) { return STATUS_INVALID_PARAMETER; } // // The Ace is still within the Acl so return success to our caller // return STATUS_SUCCESS; }

VOID RtlpAddData (  IN PVOID  From, IN ULONG  FromSize, IN PVOID  To, IN ULONG  ToSize )

Definition at line 2684 of file acledit.c. Referenced by RtlAddAce(). : This routine copies data to a string of bytes. It does this by moving over data in the to string so that the from string will fit. It also assumes that the checks that the data will fit in memory have already been done. Pictorally the results are as follows. Before: From -> ffffffffff To -> tttttttttttttttt After: From -> ffffffffff To -> fffffffffftttttttttttttttt Arguments: From - Supplies a pointer to the source buffer FromSize - Supplies the size of the from buffer in bytes To - Supplies a pointer to the destination buffer ToSize - Supplies the size of the to buffer in bytes Return Value: None --*/ { LONG i; // // Shift over the To buffer enough to fit in the From buffer // for (i = ToSize - 1; i >= 0; i--) { ((PUCHAR)To)[i+FromSize] = ((PUCHAR)To)[i]; } // // Now copy over the From buffer // for (i = 0; (ULONG)i < FromSize; i += 1) { ((PUCHAR)To)[i] = ((PUCHAR)From)[i]; } // // and return to our caller // return; }

NTSTATUS RtlpAddKnownAce (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ULONG  AceFlags, IN ACCESS_MASK  AccessMask, IN PSID  Sid, IN UCHAR  NewType )

Definition at line 1242 of file acledit.c. References _KNOWN_ACE::Header, _KNOWN_ACE::Mask, NULL, RTL_PAGED_CODE, RtlCopySid(), RtlFirstFreeAce(), RtlValidAcl(), RtlValidSid(), SeLengthSid, _KNOWN_ACE::SidStart, and USHORT. Referenced by RtlAddAccessAllowedAce(), RtlAddAccessAllowedAceEx(), RtlAddAccessAllowedObjectAce(), RtlAddAccessDeniedAce(), RtlAddAccessDeniedAceEx(), RtlAddAccessDeniedObjectAce(), RtlAddAuditAccessAce(), RtlAddAuditAccessAceEx(), and RtlAddAuditAccessObjectAce(). 01253 : 01254 01255 This routine adds KNOWN_ACE to an ACL. This is 01256 expected to be a common form of ACL modification. 01257 01258 A very bland ACE header is placed in the ACE. It provides no 01259 inheritance and no ACE flags. The type is specified by the caller. 01260 01261 Arguments: 01262 01263 Acl - Supplies the Acl being modified 01264 01265 AceRevision - Supplies the Acl/Ace revision of the ACE being added 01266 01267 AceFlags - Supplies the inherit flags for the ACE. 01268 01269 AccessMask - The mask of accesses to be denied to the specified SID. 01270 01271 Sid - Pointer to the SID being denied access. 01272 01273 NewType - Type of ACE to be added. 01274 01275 Return Value: 01276 01277 STATUS_SUCCESS - The ACE was successfully added. 01278 01279 STATUS_INVALID_ACL - The specified ACL is not properly formed. 01280 01281 STATUS_REVISION_MISMATCH - The specified revision is not known 01282 or is incompatible with that of the ACL. 01283 01284 STATUS_ALLOTTED_SPACE_EXCEEDED - The new ACE does not fit into the 01285 ACL. A larger ACL buffer is required. 01286 01287 STATUS_INVALID_SID - The provided SID is not a structurally valid 01288 SID. 01289 01290 STATUS_INVALID_PARAMETER - The AceFlags parameter was invalid. 01291 01292 --*/ 01293 01294 { 01295 PVOID FirstFree; 01296 USHORT AceSize; 01297 PKNOWN_ACE GrantAce; 01298 UCHAR NewRevision; 01299 ULONG TestedAceFlags; 01300 01301 RTL_PAGED_CODE(); 01302 01303 // 01304 // Validate the structure of the SID 01305 // 01306 01307 if (!RtlValidSid(Sid)) { 01308 return STATUS_INVALID_SID; 01309 } 01310 01311 // 01312 // Check the ACL & ACE revision levels 01313 // 01314 01315 if ( Acl->AclRevision > ACL_REVISION4 || AceRevision > ACL_REVISION4 ) { 01316 01317 return STATUS_REVISION_MISMATCH; 01318 } 01319 01320 // 01321 // Calculate the new revision of the ACL. The new revision is the maximum 01322 // of the old revision and and new ACE's revision. This is possible because 01323 // the format of previously defined ACEs did not change across revisions. 01324 // 01325 01326 NewRevision = Acl->AclRevision > (UCHAR)AceRevision ? Acl->AclRevision : (UCHAR)AceRevision; 01327 01328 // 01329 // Validate the AceFlags. 01330 // 01331 01332 TestedAceFlags = AceFlags & ~VALID_INHERIT_FLAGS; 01333 if ( TestedAceFlags != 0 ) { 01334 01335 if ( NewType == SYSTEM_AUDIT_ACE_TYPE ) { 01336 TestedAceFlags &= 01337 ~(SUCCESSFUL_ACCESS_ACE_FLAG|FAILED_ACCESS_ACE_FLAG); 01338 } 01339 01340 if ( TestedAceFlags != 0 ) { 01341 return STATUS_INVALID_PARAMETER; 01342 } 01343 } 01344 01345 // 01346 // Locate the first free ace and check to see that the Acl is 01347 // well formed. 01348 // 01349 01350 if (!RtlValidAcl( Acl )) { 01351 return STATUS_INVALID_ACL; 01352 } 01353 if (!RtlFirstFreeAce( Acl, &FirstFree )) { 01354 01355 return STATUS_INVALID_ACL; 01356 } 01357 01358 // 01359 // Check to see if there is enough room in the Acl to store the new 01360 // ACE 01361 // 01362 01363 AceSize = (USHORT)(sizeof(ACE_HEADER) + 01364 sizeof(ACCESS_MASK) + 01365 SeLengthSid(Sid)); 01366 01367 if ( FirstFree == NULL || 01368 ((PUCHAR)FirstFree + AceSize > ((PUCHAR)Acl + Acl->AclSize)) 01369 ) { 01370 01371 return STATUS_ALLOTTED_SPACE_EXCEEDED; 01372 } 01373 01374 // 01375 // Add the ACE to the end of the ACL 01376 // 01377 01378 GrantAce = (PKNOWN_ACE)FirstFree; 01379 GrantAce->Header.AceFlags = (UCHAR)AceFlags; 01380 GrantAce->Header.AceType = NewType; 01381 GrantAce->Header.AceSize = AceSize; 01382 GrantAce->Mask = AccessMask; 01383 RtlCopySid( SeLengthSid(Sid), (PSID)(&GrantAce->SidStart), Sid ); 01384 01385 // 01386 // Increment the number of ACEs by 1. 01387 // 01388 01389 Acl->AceCount += 1; 01390 01391 // 01392 // Adjust the Acl revision, if necessary 01393 // 01394 01395 Acl->AclRevision = NewRevision; 01396 01397 // 01398 // And return to our caller 01399 // 01400 01401 return STATUS_SUCCESS; 01402 }

NTSTATUS RtlpAddKnownObjectAce (  IN OUT PACL  Acl, IN ULONG  AceRevision, IN ULONG  AceFlags, IN ACCESS_MASK  AccessMask, IN GUID *ObjectTypeGuid  OPTIONAL, IN GUID *InheritedObjectTypeGuid  OPTIONAL, IN PSID  Sid, IN UCHAR  NewType )

Definition at line 1405 of file acledit.c. References NULL, RTL_PAGED_CODE, RtlCopySid(), RtlFirstFreeAce(), RtlValidAcl(), RtlValidSid(), SeLengthSid, and USHORT. Referenced by RtlAddAccessAllowedObjectAce(), RtlAddAccessDeniedObjectAce(), and RtlAddAuditAccessObjectAce(). : This routine adds KNOWN_ACE to an ACL. This is expected to be a common form of ACL modification. A very bland ACE header is placed in the ACE. It provides no inheritance and no ACE flags. The type is specified by the caller. Arguments: Acl - Supplies the Acl being modified AceRevision - Supplies the Acl/Ace revision of the ACE being added AceFlags - Supplies the inherit flags for the ACE. AccessMask - The mask of accesses to be denied to the specified SID. ObjectTypeGuid - Supplies the GUID of the object this ACE applies to. If NULL, no object type GUID is placed in the ACE. InheritedObjectTypeGuid - Supplies the GUID of the object type that will inherit this ACE. If NULL, no inherited object type GUID is placed in the ACE. Sid - Pointer to the SID being denied access. NewType - Type of ACE to be added. Return Value: STATUS_SUCCESS - The ACE was successfully added. STATUS_INVALID_ACL - The specified ACL is not properly formed. STATUS_REVISION_MISMATCH - The specified revision is not known or is incompatible with that of the ACL. STATUS_ALLOTTED_SPACE_EXCEEDED - The new ACE does not fit into the ACL. A larger ACL buffer is required. STATUS_INVALID_SID - The provided SID is not a structurally valid SID. STATUS_INVALID_PARAMETER - The AceFlags parameter was invalid. --*/ { PVOID FirstFree; USHORT AceSize; PKNOWN_OBJECT_ACE GrantAce; UCHAR NewRevision; ULONG TestedAceFlags; ULONG AceObjectFlags = 0; ULONG SidSize; PCHAR Where; RTL_PAGED_CODE(); // // Validate the structure of the SID // if (!RtlValidSid(Sid)) { return STATUS_INVALID_SID; } // // Check the ACL & ACE revision levels // Object ACEs became valid in version 4. // if ( Acl->AclRevision > ACL_REVISION4 || AceRevision != ACL_REVISION4 ) { return STATUS_REVISION_MISMATCH; } // // Calculate the new revision of the ACL. The new revision is the maximum // of the old revision and and new ACE's revision. This is possible because // the format of previously defined ACEs did not change across revisions. // NewRevision = Acl->AclRevision > (UCHAR)AceRevision ? Acl->AclRevision : (UCHAR)AceRevision; // // Validate the AceFlags. // TestedAceFlags = AceFlags & ~VALID_INHERIT_FLAGS; if ( TestedAceFlags != 0 ) { if ( NewType == SYSTEM_AUDIT_ACE_TYPE || NewType == SYSTEM_AUDIT_OBJECT_ACE_TYPE ) { TestedAceFlags &= ~(SUCCESSFUL_ACCESS_ACE_FLAG|FAILED_ACCESS_ACE_FLAG); } if ( TestedAceFlags != 0 ) { return STATUS_INVALID_PARAMETER; } } // // Locate the first free ace and check to see that the Acl is // well formed. // if (!RtlValidAcl( Acl )) { return STATUS_INVALID_ACL; } if (!RtlFirstFreeAce( Acl, &FirstFree )) { return STATUS_INVALID_ACL; } // // Check to see if there is enough room in the Acl to store the new // ACE // SidSize = SeLengthSid(Sid); AceSize = (USHORT)(sizeof(ACE_HEADER) + sizeof(ACCESS_MASK) + sizeof(ULONG) + SidSize); if ( ARGUMENT_PRESENT(ObjectTypeGuid) ) { AceObjectFlags |= ACE_OBJECT_TYPE_PRESENT; AceSize += sizeof(GUID); } if ( ARGUMENT_PRESENT(InheritedObjectTypeGuid) ) { AceObjectFlags |= ACE_INHERITED_OBJECT_TYPE_PRESENT; AceSize += sizeof(GUID); } if ( FirstFree == NULL || ((PUCHAR)FirstFree + AceSize > ((PUCHAR)Acl + Acl->AclSize)) ) { return STATUS_ALLOTTED_SPACE_EXCEEDED; } // // Add the ACE to the end of the ACL // GrantAce = (PKNOWN_OBJECT_ACE)FirstFree; GrantAce->Header.AceFlags = (UCHAR) AceFlags; GrantAce->Header.AceType = NewType; GrantAce->Header.AceSize = AceSize; GrantAce->Mask = AccessMask; GrantAce->Flags = AceObjectFlags; Where = (PCHAR) (&GrantAce->SidStart); if ( ARGUMENT_PRESENT(ObjectTypeGuid) ) { RtlCopyMemory( Where, ObjectTypeGuid, sizeof(GUID) ); Where += sizeof(GUID); } if ( ARGUMENT_PRESENT(InheritedObjectTypeGuid) ) { RtlCopyMemory( Where, InheritedObjectTypeGuid, sizeof(GUID) ); Where += sizeof(GUID); } RtlCopySid( SidSize, (PSID)Where, Sid ); Where += SidSize; // // Increment the number of ACEs by 1. // Acl->AceCount += 1; // // Adjust the Acl revision, if necessary // Acl->AclRevision = NewRevision; // // And return to our caller // return STATUS_SUCCESS; }

VOID RtlpDeleteData (  IN PVOID  Data, IN ULONG  RemoveSize, IN ULONG  TotalSize )

Definition at line 2764 of file acledit.c. Referenced by RtlDeleteAce(). 02772 : 02773 02774 This routine deletes a string of bytes from the front of a data buffer 02775 and compresses the data. It also zeros out the part of the string 02776 that is no longer in use. Pictorially the results are as follows 02777 02778 Before: 02779 02780 Data = DDDDDddddd 02781 RemoveSize = 5 02782 TotalSize = 10 02783 02784 After: 02785 02786 Data = ddddd00000 02787 02788 Arguments: 02789 02790 Data - Supplies a pointer to the data being altered 02791 02792 RemoveSize - Supplies the number of bytes to delete from the front 02793 of the data buffer 02794 02795 TotalSize - Supplies the total number of bytes in the data buffer 02796 before the delete operation 02797 02798 Return Value: 02799 02800 None 02801 02802 --*/ 02803 02804 { 02805 ULONG i; 02806 02807 // 02808 // Shift over the buffer to remove the amount 02809 // 02810 02811 for (i = RemoveSize; i < TotalSize; i++) { 02812 02813 ((PUCHAR)Data)[i-RemoveSize] = ((PUCHAR)Data)[i]; 02814 02815 } 02816 02817 // 02818 // Now as a safety precaution we'll zero out the rest of the string 02819 // 02820 02821 for (i = TotalSize - RemoveSize; i < TotalSize; i++) { 02822 02823 ((PUCHAR)Data)[i] = 0; 02824 } 02825 02826 // 02827 // And return to our caller 02828 // 02829 02830 return; 02831 02832 } }

NTSTATUS RtlQueryInformationAcl (  IN PACL  Acl, OUT PVOID  AclInformation, IN ULONG  AclInformationLength, IN ACL_INFORMATION_CLASS  AclInformationClass )

Definition at line 460 of file acledit.c. References NTSTATUS(), NULL, RTL_PAGED_CODE, RtlFirstFreeAce(), and Status. Referenced by IopOpenDeviceParametersSubkey(), main(), RtlLengthUsedSecurityDescriptor(), TestQueryInformationAcl(), and TestSeAclRtl(). : This routine returns to the caller information about an ACL. The requested information can be AclRevisionInformation, or AclSizeInformation. Arguments: Acl - Supplies the Acl being examined AclInformation - Supplies the buffer to receive the information being requested AclInformationLength - Supplies the length of the AclInformation buffer in bytes AclInformationClass - Supplies the type of information being requested Return Value: NTSTATUS - STATUS_SUCCESS if successful and an appropriate error status otherwise --*/ { PACL_REVISION_INFORMATION RevisionInfo; PACL_SIZE_INFORMATION SizeInfo; PVOID FirstFree; NTSTATUS Status; RTL_PAGED_CODE(); // // Check the ACL revision level // if (!ValidAclRevision( Acl )) { return STATUS_INVALID_PARAMETER; } // // Case on the information class being requested // switch (AclInformationClass) { case AclRevisionInformation: // // Make sure the buffer size is correct // if (AclInformationLength < sizeof(ACL_REVISION_INFORMATION)) { return STATUS_BUFFER_TOO_SMALL; } // // Get the Acl revision and return // RevisionInfo = (PACL_REVISION_INFORMATION)AclInformation; RevisionInfo->AclRevision = Acl->AclRevision; break; case AclSizeInformation: // // Make sure the buffer size is correct // if (AclInformationLength < sizeof(ACL_SIZE_INFORMATION)) { return STATUS_BUFFER_TOO_SMALL; } // // Locate the first free spot in the Acl // if (!RtlFirstFreeAce( Acl, &FirstFree )) { // // The input Acl is ill-formed // return STATUS_INVALID_PARAMETER; } // // Given a pointer to the first free spot we can now easily compute // the number of free bytes and used bytes in the Acl. // SizeInfo = (PACL_SIZE_INFORMATION)AclInformation; SizeInfo->AceCount = Acl->AceCount; if (FirstFree == NULL) { // // With a null first free we don't have any free space in the Acl // SizeInfo->AclBytesInUse = Acl->AclSize; SizeInfo->AclBytesFree = 0; } else { // // The first free is not null so we have some free room left in // the acl // SizeInfo->AclBytesInUse = (ULONG)((PUCHAR)FirstFree - (PUCHAR)Acl); SizeInfo->AclBytesFree = Acl->AclSize - SizeInfo->AclBytesInUse; } break; default: return STATUS_INVALID_INFO_CLASS; } // // and return to our caller // return STATUS_SUCCESS; }

NTSTATUS RtlSetInformationAcl (  IN PACL  Acl, IN PVOID  AclInformation, IN ULONG  AclInformationLength, IN ACL_INFORMATION_CLASS  AclInformationClass )

Definition at line 614 of file acledit.c. References RTL_PAGED_CODE. Referenced by TestSeAclRtl(), and TestSetInformationAcl(). : This routine sets the state of an ACL. For now only the revision level can be set and for now only a revision level of 1 is accepted so this procedure is rather simple Arguments: Acl - Supplies the Acl being altered AclInformation - Supplies the buffer containing the information being set AclInformationLength - Supplies the length of the Acl information buffer AclInformationClass - Supplies the type of information begin set Return Value: NTSTATUS - STATUS_SUCCESS if successful and an appropriate error status otherwise --*/ { PACL_REVISION_INFORMATION RevisionInfo; RTL_PAGED_CODE(); // // Check the ACL revision level // if (!ValidAclRevision( Acl )) { return STATUS_INVALID_PARAMETER; } // // Case on the information class being requested // switch (AclInformationClass) { case AclRevisionInformation: // // Make sure the buffer size is correct // if (AclInformationLength < sizeof(ACL_REVISION_INFORMATION)) { return STATUS_BUFFER_TOO_SMALL; } // // Get the Acl requested ACL revision level // RevisionInfo = (PACL_REVISION_INFORMATION)AclInformation; // // Don't let them lower the revision of an ACL. // if (RevisionInfo->AclRevision < Acl->AclRevision ) { return STATUS_INVALID_PARAMETER; } // // Assign the new revision. // Acl->AclRevision = (UCHAR)RevisionInfo->AclRevision; break; default: return STATUS_INVALID_INFO_CLASS; } // // and return to our caller // return STATUS_SUCCESS; }

BOOLEAN RtlValidAcl (  IN PACL  Acl  )

Definition at line 187 of file acledit.c. References EXCEPTION_EXECUTE_HANDLER, FALSE, KNOWN_ACE, LongAligned, PKNOWN_ACE, RTL_PAGED_CODE, SeLengthSid, TRUE, and WordAligned. Referenced by RtlAddAce(), RtlAddCompoundAce(), RtlDeleteAce(), RtlpAddKnownAce(), RtlpAddKnownObjectAce(), RtlpConvertAclToAutoInherit(), RtlValidRelativeSecurityDescriptor(), RtlValidSecurityDescriptor(), SepCheckAcl(), SeValidSecurityDescriptor(), TestSeAclRtl(), and TestTokenQuery(). : This procedure validates an ACL. This involves validating the revision level of the ACL and ensuring that the number of ACEs specified in the AceCount fit in the space specified by the AclSize field of the ACL header. Arguments: Acl - Pointer to the ACL structure to validate. Return Value: BOOLEAN - TRUE if the structure of Acl is valid. --*/ { RTL_PAGED_CODE(); try { PACE_HEADER Ace; PISID Sid; PISID Sid2; ULONG i; UCHAR AclRevision = ACL_REVISION2; // // Check the ACL revision level // if (!ValidAclRevision(Acl)) { return(FALSE); } if (!WordAligned(&Acl->AclSize)) { return(FALSE); } if (Acl->AclSize < sizeof(ACL)) { return(FALSE); } // // Validate all of the ACEs. // Ace = ((PVOID)((PUCHAR)(Acl) + sizeof(ACL))); for (i = 0; i < Acl->AceCount; i++) { // // Check to make sure we haven't overrun the Acl buffer // with our ace pointer. Make sure the ACE_HEADER is in // the ACL also. // if ((PUCHAR)Ace + sizeof(ACE_HEADER) >= ((PUCHAR)Acl + Acl->AclSize)) { return(FALSE); } if (!WordAligned(&Ace->AceSize)) { return(FALSE); } if ((PUCHAR)Ace + Ace->AceSize > ((PUCHAR)Acl + Acl->AclSize)) { return(FALSE); } // // It is now safe to reference fields in the ACE header. // // // The ACE header fits into the ACL, if this is a known type of ACE, // make sure the SID is within the bounds of the ACE // if (IsKnownAceType(Ace)) { if (!LongAligned(Ace->AceSize)) { return(FALSE); } if (Ace->AceSize < sizeof(KNOWN_ACE) - sizeof(ULONG) + sizeof(SID) - sizeof(ULONG)) { return(FALSE); } // // It's now safe to reference the parts of the SID structure, though // not the SID itself. // Sid = (PISID) & (((PKNOWN_ACE)Ace)->SidStart); if (Sid->Revision != SID_REVISION) { return(FALSE); } if (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) { return(FALSE); } // // SeLengthSid computes the size of the SID based on the subauthority count, // so it is safe to use even though we don't know that the body of the SID // is safe to reference. // if (Ace->AceSize < sizeof(KNOWN_ACE) - sizeof(ULONG) + SeLengthSid( Sid )) { return(FALSE); } // // If it's a compound ACE, then perform roughly the same set of tests, but // check the validity of both SIDs. // } else if (IsCompoundAceType(Ace)) { // // Compound ACEs became valid in revision 3 // if ( Acl->AclRevision < ACL_REVISION3 ) { return FALSE; } if (!LongAligned(Ace->AceSize)) { return(FALSE); } if (Ace->AceSize < sizeof(KNOWN_COMPOUND_ACE) - sizeof(ULONG) + sizeof(SID)) { return(FALSE); } // // The only currently defined Compound ACE is an Impersonation ACE. // if (((PKNOWN_COMPOUND_ACE)Ace)->CompoundAceType != COMPOUND_ACE_IMPERSONATION) { return(FALSE); } // // Examine the first SID and make sure it's structurally valid, // and it lies within the boundaries of the ACE. // Sid = (PISID) & (((PKNOWN_COMPOUND_ACE)Ace)->SidStart); if (Sid->Revision != SID_REVISION) { return(FALSE); } if (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) { return(FALSE); } // // Compound ACEs contain two SIDs. Make sure this ACE is large enough to contain // not only the first SID, but the body of the 2nd. // if (Ace->AceSize < sizeof(KNOWN_COMPOUND_ACE) - sizeof(ULONG) + SeLengthSid( Sid ) + sizeof(SID)) { return(FALSE); } // // It is safe to reference the interior of the 2nd SID. // Sid2 = (PISID) ((PUCHAR)Sid + SeLengthSid( Sid )); if (Sid2->Revision != SID_REVISION) { return(FALSE); } if (Sid2->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) { return(FALSE); } if (Ace->AceSize < sizeof(KNOWN_COMPOUND_ACE) - sizeof(ULONG) + SeLengthSid( Sid ) + SeLengthSid( Sid2 )) { return(FALSE); } // // If it's an object ACE, then perform roughly the same set of tests. // } else if (IsObjectAceType(Ace)) { ULONG GuidSize=0; // // Object ACEs became valid in revision 4 // if ( Acl->AclRevision < ACL_REVISION4 ) { return FALSE; } if (!LongAligned(Ace->AceSize)) { return(FALSE); } // // Ensure there is room for the ACE header. // if (Ace->AceSize < sizeof(KNOWN_OBJECT_ACE) - sizeof(ULONG)) { return(FALSE); } // // Ensure there is room for the GUIDs and SID header // if ( RtlObjectAceObjectTypePresent( Ace ) ) { GuidSize += sizeof(GUID); } if ( RtlObjectAceInheritedObjectTypePresent( Ace ) ) { GuidSize += sizeof(GUID); } if (Ace->AceSize < sizeof(KNOWN_OBJECT_ACE) - sizeof(ULONG) + GuidSize + sizeof(SID)) { return(FALSE); } // // It's now safe to reference the parts of the SID structure, though // not the SID itself. // Sid = (PISID) RtlObjectAceSid( Ace ); if (Sid->Revision != SID_REVISION) { return(FALSE); } if (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) { return(FALSE); } if (Ace->AceSize < sizeof(KNOWN_OBJECT_ACE) - sizeof(ULONG) + GuidSize + SeLengthSid( Sid ) ) { return(FALSE); } } // // And move Ace to the next ace position // Ace = ((PVOID)((PUCHAR)(Ace) + ((PACE_HEADER)(Ace))->AceSize)); } return(TRUE); } except(EXCEPTION_EXECUTE_HANDLER) { return FALSE; } }

---