This just seemed to be silently ignored so I'm resending The fixme's were just annoying me so I implemented these functions. ChangeLog: - Implemented RtlAddAccessAllowedAce, RtlAddAccessDeniedAce, RtlAddAce, RtlValidAcl - Added the corresponding functions in advapi32 - Grouped the ACL functions in advapi32 Rob
--- wine/dlls/ntdll/sec.c Fri Dec 13 16:05:34 2002 +++ newwine/dlls/ntdll/sec.c Tue Apr 1 00:33:16 2003 @@ -636,15 +636,114 @@ /****************************************************************************** * RtlAddAccessAllowedAce [NTDLL.@] */ -BOOL WINAPI RtlAddAccessAllowedAce( +NTSTATUS WINAPI RtlAddAccessAllowedAce( IN OUT PACL pAcl, IN DWORD dwAceRevision, IN DWORD AccessMask, IN PSID pSid) { - FIXME("(%p,0x%08lx,0x%08lx,%p),stub!\n", - pAcl, dwAceRevision, AccessMask, pSid); - return TRUE; + DWORD dwLengthSid; + ACCESS_ALLOWED_ACE * pAaAce; + DWORD dwSpaceLeft; + + TRACE("(%p,0x%08lx,0x%08lx,%p)\n", + pAcl, dwAceRevision, AccessMask, pSid); + + if (!RtlValidSid(pSid)) + return STATUS_INVALID_SID; + if (!RtlValidAcl(pAcl)) + return STATUS_INVALID_ACL; + + dwLengthSid = RtlLengthSid(pSid); + if (!RtlFirstFreeAce(pAcl, (PACE_HEADER *) &pAaAce)) + return STATUS_INVALID_ACL; + + if (!pAaAce) + return STATUS_ALLOTTED_SPACE_EXCEEDED; + + dwSpaceLeft = (DWORD)pAcl + pAcl->AclSize - (DWORD)pAaAce; + if (dwSpaceLeft < sizeof(*pAaAce) - sizeof(pAaAce->SidStart) + dwLengthSid) + return STATUS_ALLOTTED_SPACE_EXCEEDED; + + pAaAce->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; + pAaAce->Header.AceFlags = 0; + pAaAce->Header.AceSize = sizeof(*pAaAce) - sizeof(pAaAce->SidStart) + dwLengthSid; + pAaAce->Mask = AccessMask; + pAcl->AceCount++; + RtlCopySid(dwLengthSid, (PSID)&pAaAce->SidStart, pSid); + return STATUS_SUCCESS; +} + +/****************************************************************************** + * RtlAddAccessDeniedAce [NTDLL.@] + */ +NTSTATUS WINAPI RtlAddAccessDeniedAce( + IN OUT PACL pAcl, + IN DWORD dwAceRevision, + IN DWORD AccessMask, + IN PSID pSid) +{ + DWORD dwLengthSid; + DWORD dwSpaceLeft; + ACCESS_DENIED_ACE * pAdAce; + + TRACE("(%p,0x%08lx,0x%08lx,%p)\n", + pAcl, dwAceRevision, AccessMask, pSid); + + if (!RtlValidSid(pSid)) + return STATUS_INVALID_SID; + if (!RtlValidAcl(pAcl)) + return STATUS_INVALID_ACL; + + dwLengthSid = RtlLengthSid(pSid); + if (!RtlFirstFreeAce(pAcl, (PACE_HEADER *) &pAdAce)) + return STATUS_INVALID_ACL; + + if (!pAdAce) + return STATUS_ALLOTTED_SPACE_EXCEEDED; + + dwSpaceLeft = (DWORD)pAcl + pAcl->AclSize - (DWORD)pAdAce; + if (dwSpaceLeft < sizeof(*pAdAce) - sizeof(pAdAce->SidStart) + dwLengthSid) + return STATUS_ALLOTTED_SPACE_EXCEEDED; + + pAdAce->Header.AceType = ACCESS_DENIED_ACE_TYPE; + pAdAce->Header.AceFlags = 0; + pAdAce->Header.AceSize = sizeof(*pAdAce) - sizeof(pAdAce->SidStart) + dwLengthSid; + pAdAce->Mask = AccessMask; + pAcl->AceCount++; + RtlCopySid(dwLengthSid, (PSID)&pAdAce->SidStart, pSid); + return STATUS_SUCCESS; +} + +/****************************************************************************** + * RtlValidAcl [NTDLL.@] + */ +UCHAR WINAPI RtlValidAcl(PACL pAcl) +{ + TRACE("(%p)\n", pAcl); + + __TRY + { + PACE_HEADER ace; + int i; + + if (pAcl->AclRevision != ACL_REVISION) + return 0; + + ace = (PACE_HEADER)(pAcl+1); + for (i=0;i<=pAcl->AceCount;i++) { + if ((DWORD)ace>(((DWORD)pAcl)+pAcl->AclSize)) + return 0; + ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize); + } + return 1; + } + __EXCEPT(page_fault) + { + WARN("(%p): invalid pointer!\n", pAcl); + return 0; + } + __ENDTRY } /****************************************************************************** @@ -652,8 +751,20 @@ */ DWORD WINAPI RtlGetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce ) { - FIXME("(%p,%ld,%p),stub!\n",pAcl,dwAceIndex,pAce); - return 0; + PACE_HEADER ace; + + TRACE("(%p,%ld,%p)\n",pAcl,dwAceIndex,pAce); + + if ((dwAceIndex < 0) || (dwAceIndex > pAcl->AceCount)) + return STATUS_INVALID_PARAMETER; + + ace = (PACE_HEADER)(pAcl + 1); + for (;dwAceIndex;dwAceIndex--) + ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize); + + *pAce = (LPVOID) ace; + + return STATUS_SUCCESS; } /* --- wine/include/winternl.h Sun Mar 23 22:46:28 2003 +++ newwine/include/winternl.h Tue Apr 1 00:24:05 2003 @@ -877,8 +877,9 @@ BYTE WINAPI RtlAcquireResourceExclusive(LPRTL_RWLOCK,BYTE); BYTE WINAPI RtlAcquireResourceShared(LPRTL_RWLOCK,BYTE); NTSTATUS WINAPI RtlAddAce(PACL,DWORD,DWORD,PACE_HEADER,DWORD); -BOOL WINAPI RtlAddAccessAllowedAce(PACL,DWORD,DWORD,PSID); +NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL,DWORD,DWORD,PSID); BOOL WINAPI RtlAddAccessAllowedAceEx(PACL,DWORD,DWORD,DWORD,PSID); +NTSTATUS WINAPI RtlAddAccessDeniedAce(PACL,DWORD,DWORD,PSID); DWORD WINAPI RtlAdjustPrivilege(DWORD,DWORD,DWORD,DWORD); BOOLEAN WINAPI RtlAllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY,BYTE,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,PSID *); PVOID WINAPI RtlAllocateHeap(HANDLE,ULONG,ULONG); @@ -1077,6 +1078,7 @@ void WINAPI RtlUpperString(STRING *,const STRING *); NTSTATUS WINAPI RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR); +UCHAR WINAPI RtlValidAcl(PACL); BOOL WINAPI RtlValidSid(PSID); BOOLEAN WINAPI RtlValidateHeap(HANDLE,ULONG,LPCVOID); --- wine/dlls/ntdll/ntdll.spec Sat Mar 22 20:03:00 2003 +++ newwine/dlls/ntdll/ntdll.spec Tue Apr 1 00:40:29 2003 @@ -265,8 +265,8 @@ @ stdcall RtlAcquirePebLock() RtlAcquirePebLock @ stdcall RtlAcquireResourceExclusive(ptr long) RtlAcquireResourceExclusive @ stdcall RtlAcquireResourceShared(ptr long) RtlAcquireResourceShared -@ stdcall RtlAddAccessAllowedAce(long long long long) RtlAddAccessAllowedAce -@ stub RtlAddAccessDeniedAce +@ stdcall RtlAddAccessAllowedAce(ptr long long ptr) RtlAddAccessAllowedAce +@ stdcall RtlAddAccessDeniedAce(ptr long long ptr) RtlAddAccessDeniedAce @ stdcall RtlAddAce(ptr long long ptr long) RtlAddAce @ stub RtlAddActionToRXact @ stub RtlAddAttributeActionToRXact @@ -552,7 +552,7 @@ @ stdcall RtlUpperChar(long) RtlUpperChar @ stdcall RtlUpperString(ptr ptr) RtlUpperString @ stub RtlUsageHeap -@ stub RtlValidAcl +@ stdcall RtlValidAcl(ptr) RtlValidAcl @ stdcall RtlValidSecurityDescriptor(ptr) RtlValidSecurityDescriptor @ stdcall RtlValidSid(ptr) RtlValidSid @ stdcall RtlValidateHeap(long long ptr) RtlValidateHeap --- wine/dlls/advapi32/security.c Tue Apr 1 17:40:40 2003 +++ newwine/dlls/advapi32/security.c Tue Apr 1 18:45:51 2003 @@ -601,6 +601,67 @@ CallWin32ToNt (RtlCreateAcl(acl, size, rev)); } +/****************************************************************************** + * AddAccessAllowedAce [ADVAPI32.@] + */ +BOOL WINAPI AddAccessAllowedAce( + IN OUT PACL pAcl, + IN DWORD dwAceRevision, + IN DWORD AccessMask, + IN PSID pSid) +{ + CallWin32ToNt(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid)); +} + +/****************************************************************************** + * AddAccessDeniedAce [ADVAPI32.@] + */ +BOOL WINAPI AddAccessDeniedAce( + IN OUT PACL pAcl, + IN DWORD dwAceRevision, + IN DWORD AccessMask, + IN PSID pSid) +{ + CallWin32ToNt(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid)); +} + +/****************************************************************************** + * AddAccessDeniedAce [ADVAPI32.@] + */ +BOOL WINAPI AddAce( + IN OUT PACL pAcl, + IN DWORD dwAceRevision, + IN DWORD dwStartingAceIndex, + LPVOID pAceList, + DWORD nAceListLength) +{ + CallWin32ToNt(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength)); +} + +/****************************************************************************** + * FindFirstFreeAce [ADVAPI32.@] + */ +BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce) +{ + return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce); +} + +/****************************************************************************** + * GetAce [ADVAPI32.@] + */ +BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce ) +{ + CallWin32ToNt(RtlGetAce(pAcl, dwAceIndex, pAce)); +} + +/****************************************************************************** + * IsValidAcl [ADVAPI32.@] + */ +BOOL WINAPI IsValidAcl(IN PACL pAcl) +{ + return RtlValidAcl(pAcl); +} + /* ############################## ###### MISC FUNCTIONS ###### ############################## @@ -1048,18 +1109,6 @@ } /****************************************************************************** - * AddAccessAllowedAce [ADVAPI32.@] - */ -BOOL WINAPI AddAccessAllowedAce( - IN OUT PACL pAcl, - IN DWORD dwAceRevision, - IN DWORD AccessMask, - IN PSID pSid) -{ - return RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid); -} - -/****************************************************************************** * LookupAccountNameA [ADVAPI32.@] */ BOOL WINAPI @@ -1077,14 +1126,6 @@ } /****************************************************************************** - * GetAce [ADVAPI32.@] - */ -BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce ) -{ - CallWin32ToNt(RtlGetAce(pAcl, dwAceIndex, pAce)); -} - -/****************************************************************************** * PrivilegeCheck [ADVAPI32.@] */ BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult) --- wine/dlls/advapi32/advapi32.spec Tue Apr 1 21:52:51 2003 +++ newwine/dlls/advapi32/advapi32.spec Tue Apr 1 21:55:38 2003 @@ -6,8 +6,8 @@ @ stub AccessCheckByType #(ptr ptr long long ptr long ptr ptr ptr ptr ptr) AccessCheckByType @ stdcall AddAccessAllowedAce (ptr long long ptr) @ stub AddAccessAllowedAceEx #(ptr long long long ptr) AddAccessAllowedAceEx -@ stub AddAccessDeniedAce -@ stub AddAce +@ stdcall AddAccessDeniedAce (ptr long long ptr) +@ stdcall AddAce(ptr long long ptr long) @ stub AddAuditAccessAce @ stub AdjustTokenGroups @ stdcall AdjustTokenPrivileges(long long ptr long ptr ptr) @@ -87,7 +87,7 @@ @ stdcall EnumServicesStatusW (long long long ptr long ptr ptr ptr) @ stdcall EqualPrefixSid(ptr ptr) @ stdcall EqualSid(ptr ptr) -@ stub FindFirstFreeAce +@ stdcall FindFirstFreeAce(ptr ptr) @ stdcall FreeSid(ptr) @ stdcall GetAce(ptr long ptr) @ stub GetAclInformation @@ -135,7 +135,7 @@ @ stub IsProcessRestricted @ stdcall IsTextUnicode(ptr long ptr) ntdll.RtlIsTextUnicode @ stub IsTokenRestricted -@ stub IsValidAcl +@ stdcall IsValidAcl(ptr) @ stdcall IsValidSecurityDescriptor(ptr) @ stdcall IsValidSid(ptr) @ stdcall LockServiceDatabase(ptr)