advapi32: Support parsing mandatory label ACE strings.
This commit is contained in:
Hans Leidekker
Alexandre Julliard
parent
8969377647
commit
985e226c07
|
|
@ -311,6 +311,10 @@ static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
|
|||
static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
|
||||
static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
|
||||
|
||||
static const WCHAR SDDL_NO_READ_UP[] = {'N','R',0};
|
||||
static const WCHAR SDDL_NO_WRITE_UP[] = {'N','W',0};
|
||||
static const WCHAR SDDL_NO_EXECUTE_UP[] = {'N','X',0};
|
||||
|
||||
/*
|
||||
* ACL flags
|
||||
*/
|
||||
|
|
@ -325,6 +329,7 @@ static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
|
|||
static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
|
||||
static const WCHAR SDDL_AUDIT[] = {'A','U',0};
|
||||
static const WCHAR SDDL_ALARM[] = {'A','L',0};
|
||||
static const WCHAR SDDL_MANDATORY_LABEL[] = {'M','L',0};
|
||||
|
||||
/*
|
||||
* ACE flags
|
||||
|
|
@ -4147,6 +4152,7 @@ static const ACEFLAG AceType[] =
|
|||
{ SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
|
||||
{ SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
|
||||
{ SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
|
||||
{ SDDL_MANDATORY_LABEL,SYSTEM_MANDATORY_LABEL_ACE_TYPE },
|
||||
/*
|
||||
{ SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
|
||||
{ SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
|
||||
|
|
@ -4257,6 +4263,10 @@ static const ACEFLAG AceRights[] =
|
|||
{ SDDL_KEY_READ, KEY_READ },
|
||||
{ SDDL_KEY_WRITE, KEY_WRITE },
|
||||
{ SDDL_KEY_EXECUTE, KEY_EXECUTE },
|
||||
|
||||
{ SDDL_NO_READ_UP, SYSTEM_MANDATORY_LABEL_NO_READ_UP },
|
||||
{ SDDL_NO_WRITE_UP, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP },
|
||||
{ SDDL_NO_EXECUTE_UP, SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP },
|
||||
{ NULL, 0 },
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -3901,6 +3901,13 @@ static void test_ConvertStringSecurityDescriptor(void)
|
|||
Blank, SDDL_REVISION_1, &pSD, NULL);
|
||||
ok(ret, "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %d\n", GetLastError());
|
||||
LocalFree(pSD);
|
||||
|
||||
SetLastError(0xdeadbeef);
|
||||
ret = pConvertStringSecurityDescriptorToSecurityDescriptorA(
|
||||
"D:P(A;;GRGW;;;BA)(A;;GRGW;;;S-1-5-21-0-0-0-1000)S:(ML;;NWNR;;;S-1-16-12288)", SDDL_REVISION_1, &pSD, NULL);
|
||||
ok(ret || broken(!ret && GetLastError() == ERROR_INVALID_DATATYPE) /* win2k */,
|
||||
"ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %u\n", GetLastError());
|
||||
if (ret) LocalFree(pSD);
|
||||
}
|
||||
|
||||
static void test_ConvertSecurityDescriptorToString(void)
|
||||
|
|
|
|||
|
|
@ -4445,6 +4445,7 @@ typedef struct _ACE_HEADER {
|
|||
#define ACCESS_DENIED_ACE_TYPE 1
|
||||
#define SYSTEM_AUDIT_ACE_TYPE 2
|
||||
#define SYSTEM_ALARM_ACE_TYPE 3
|
||||
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11
|
||||
|
||||
/* inherit AceFlags */
|
||||
#define OBJECT_INHERIT_ACE 0x01
|
||||
|
|
@ -4489,6 +4490,16 @@ typedef struct _SYSTEM_ALARM_ACE {
|
|||
DWORD SidStart;
|
||||
} SYSTEM_ALARM_ACE,*PSYSTEM_ALARM_ACE;
|
||||
|
||||
typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
|
||||
ACE_HEADER Header;
|
||||
ACCESS_MASK Mask;
|
||||
DWORD SidStart;
|
||||
} SYSTEM_MANDATORY_LABEL_ACE,*PSYSTEM_MANDATORY_LABEL_ACE;
|
||||
|
||||
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
|
||||
#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
|
||||
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
|
||||
|
||||
typedef enum tagSID_NAME_USE {
|
||||
SidTypeUser = 1,
|
||||
SidTypeGroup,
|
||||
|
|
|
|||
Loading…
Reference in New Issue