SepInitDACLs(VOID)
{
ULONG AclLength;
-
+
/* create PublicDefaultDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
+
SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicDefaultDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SePublicDefaultDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SePublicDefaultDacl,
ACL_REVISION,
GENERIC_EXECUTE,
SeWorldSid);
-
+
RtlAddAccessAllowedAce(SePublicDefaultDacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
-
-
+
/* create PublicDefaultUnrestrictedDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
- (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
- (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
+
SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicDefaultUnrestrictedDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
ACL_REVISION,
GENERIC_EXECUTE,
SeWorldSid);
-
+
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
-
+
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeAliasAdminsSid);
-
+
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
SeRestrictedCodeSid);
-
+
/* create PublicOpenDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
- (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
+
SePublicOpenDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicOpenDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SePublicOpenDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SePublicOpenDacl,
ACL_REVISION,
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
SeWorldSid);
-
+
RtlAddAccessAllowedAce(SePublicOpenDacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
-
+
RtlAddAccessAllowedAce(SePublicOpenDacl,
ACL_REVISION,
GENERIC_ALL,
SeAliasAdminsSid);
-
+
/* create PublicOpenUnrestrictedDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
- (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
- (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
+
SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicOpenUnrestrictedDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SePublicOpenUnrestrictedDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeWorldSid);
-
+
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
-
+
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeAliasAdminsSid);
-
+
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE,
SeRestrictedCodeSid);
-
+
/* create SystemDefaultDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
- (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
+
SeSystemDefaultDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SeSystemDefaultDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SeSystemDefaultDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
-
+
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
SeAliasAdminsSid);
-
+
/* create UnrestrictedDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
+
SeUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SeUnrestrictedDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SeUnrestrictedDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeWorldSid);
-
+
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE,
SeRestrictedCodeSid);
-
- return(TRUE);
+
+ return TRUE;
}
NTSTATUS NTAPI
{
ULONG AclLength;
PVOID TokenDacl;
-
+
PAGED_CODE();
-
+
AclLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
(sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
(sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
-
+
TokenDacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_ACL);
if (TokenDacl == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
-
+
RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
Token->UserAndGroups->Sid);
SeAliasAdminsSid);
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
SeLocalSystemSid);
-
+
/* FIXME */
#if 0
if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
SeRestrictedCodeSid);
}
#endif
-
+
return STATUS_SUCCESS;
}
PACL NewAcl;
ULONG AclSize = 0;
NTSTATUS Status = STATUS_SUCCESS;
-
+
PAGED_CODE();
-
+
if (AccessMode != KernelMode)
{
_SEH2_TRY
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
-
+
NewAcl = ExAllocatePool(PoolType,
AclSize);
- if(NewAcl != NULL)
+ if (NewAcl != NULL)
{
_SEH2_TRY
{
Status = STATUS_INSUFFICIENT_RESOURCES;
}
}
- else if(!CaptureIfKernel)
+ else if (!CaptureIfKernel)
{
*CapturedAcl = InputAcl;
}
else
{
AclSize = InputAcl->AclSize;
-
+
NewAcl = ExAllocatePool(PoolType,
AclSize);
-
- if(NewAcl != NULL)
+
+ if (NewAcl != NULL)
{
RtlCopyMemory(NewAcl,
InputAcl,
AclSize);
-
+
*CapturedAcl = NewAcl;
}
else
Status = STATUS_INSUFFICIENT_RESOURCES;
}
}
-
+
return Status;
}
IN BOOLEAN CaptureIfKernel)
{
PAGED_CODE();
-
- if(CapturedAcl != NULL &&
- (AccessMode != KernelMode ||
- (AccessMode == KernelMode && CaptureIfKernel)))
+
+ if (CapturedAcl != NULL &&
+ (AccessMode != KernelMode ||
+ (AccessMode == KernelMode && CaptureIfKernel)))
{
ExFreePool(CapturedAcl);
}