advapi32: Support parsing mandatory label ACE strings.

2015-04-16 17:02:29 +02:00 · 2015-04-16 17:02:29 +02:00 · 985e226c07
parent 8969377647
commit 985e226c07
3 changed files with 28 additions and 0 deletions
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@ -311,6 +311,10 @@ static const WCHAR SDDL_GENERIC_READ[]     = {'G','R',0};
 static const WCHAR SDDL_GENERIC_WRITE[]    = {'G','W',0};
 static const WCHAR SDDL_GENERIC_EXECUTE[]  = {'G','X',0};
 static const WCHAR SDDL_NO_READ_UP[]       = {'N','R',0};
 static const WCHAR SDDL_NO_WRITE_UP[]      = {'N','W',0};
 static const WCHAR SDDL_NO_EXECUTE_UP[]    = {'N','X',0};
 /*
 * ACL flags
 */
@ -325,6 +329,7 @@ static const WCHAR SDDL_ACCESS_ALLOWED[]        = {'A',0};
 static const WCHAR SDDL_ACCESS_DENIED[]         = {'D',0};
 static const WCHAR SDDL_AUDIT[]                 = {'A','U',0};
 static const WCHAR SDDL_ALARM[]                 = {'A','L',0};
 static const WCHAR SDDL_MANDATORY_LABEL[]       = {'M','L',0};
 /*
 * ACE flags
@ -4147,6 +4152,7 @@ static const ACEFLAG AceType[] =
    { SDDL_AUDIT,          SYSTEM_AUDIT_ACE_TYPE },
    { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
    { SDDL_ACCESS_DENIED,  ACCESS_DENIED_ACE_TYPE },
    { SDDL_MANDATORY_LABEL,SYSTEM_MANDATORY_LABEL_ACE_TYPE },
    /*
    { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
    { SDDL_OBJECT_ACCESS_DENIED,  ACCESS_DENIED_OBJECT_ACE_TYPE },
@ -4257,6 +4263,10 @@ static const ACEFLAG AceRights[] =
    { SDDL_KEY_READ,        KEY_READ },
    { SDDL_KEY_WRITE,       KEY_WRITE },
    { SDDL_KEY_EXECUTE,     KEY_EXECUTE },
    { SDDL_NO_READ_UP,      SYSTEM_MANDATORY_LABEL_NO_READ_UP },
    { SDDL_NO_WRITE_UP,     SYSTEM_MANDATORY_LABEL_NO_WRITE_UP },
    { SDDL_NO_EXECUTE_UP,   SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP },
    { NULL, 0 },
 };
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@ -3901,6 +3901,13 @@ static void test_ConvertStringSecurityDescriptor(void)
        Blank, SDDL_REVISION_1, &pSD, NULL);
    ok(ret, "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %d\n", GetLastError());
    LocalFree(pSD);
    SetLastError(0xdeadbeef);
    ret = pConvertStringSecurityDescriptorToSecurityDescriptorA(
        "D:P(A;;GRGW;;;BA)(A;;GRGW;;;S-1-5-21-0-0-0-1000)S:(ML;;NWNR;;;S-1-16-12288)", SDDL_REVISION_1, &pSD, NULL);
    ok(ret || broken(!ret && GetLastError() == ERROR_INVALID_DATATYPE) /* win2k */,
       "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %u\n", GetLastError());
    if (ret) LocalFree(pSD);
 }
 static void test_ConvertSecurityDescriptorToString(void)
--- a/include/winnt.h
+++ b/include/winnt.h
@ -4445,6 +4445,7 @@ typedef struct _ACE_HEADER {
 #define	ACCESS_DENIED_ACE_TYPE		1
 #define	SYSTEM_AUDIT_ACE_TYPE		2
 #define	SYSTEM_ALARM_ACE_TYPE		3
 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11
 /* inherit AceFlags */
 #define	OBJECT_INHERIT_ACE		0x01
@ -4489,6 +4490,16 @@ typedef struct _SYSTEM_ALARM_ACE {
 	DWORD		SidStart;
 } SYSTEM_ALARM_ACE,*PSYSTEM_ALARM_ACE;
 typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
    ACE_HEADER  Header;
    ACCESS_MASK Mask;
    DWORD       SidStart;
 } SYSTEM_MANDATORY_LABEL_ACE,*PSYSTEM_MANDATORY_LABEL_ACE;
 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP      0x1
 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP       0x2
 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP    0x4
 typedef enum tagSID_NAME_USE {
 	SidTypeUser = 1,
 	SidTypeGroup,