-/* $Id: access.c,v 1.1 2000/04/08 19:10:50 ekohl Exp $
+/*
+ * COPYRIGHT: See COPYING in the top level directory
+ * PROJECT: ReactOS kernel
+ * FILE: ntoskrnl/se/access.c
+ * PURPOSE: Access state functions
*
- * COPYRIGHT: See COPYING in the top level directory
- * PROJECT: ReactOS kernel
- * PURPOSE: Access rights handling functions
- * FILE: ntoskrnl/se/access.c
- * PROGRAMER: Eric Kohl <ekohl@rz-online.de>
- * REVISION HISTORY:
- * 07/04/2000: Created
+ * PROGRAMMERS: Alex Ionescu (alex@relsoft.net) -
+ * Based on patch by Javier M. Mellid
*/
/* INCLUDES *****************************************************************/
-#include <ddk/ntddk.h>
+#include <ntoskrnl.h>
+#define NDEBUG
+#include <internal/debug.h>
+#define GENERIC_ACCESS (GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | \
+ GENERIC_ALL)
/* FUNCTIONS ***************************************************************/
-BOOLEAN
+/*
+ * @implemented
+ */
+NTSTATUS
STDCALL
-RtlAreAllAccessesGranted (
- ACCESS_MASK GrantedAccess,
- ACCESS_MASK DesiredAccess
- )
+SeCreateAccessState(PACCESS_STATE AccessState,
+ PAUX_DATA AuxData,
+ ACCESS_MASK Access,
+ PGENERIC_MAPPING GenericMapping)
{
- return ((GrantedAccess & DesiredAccess) == DesiredAccess);
-}
+ ACCESS_MASK AccessMask = Access;
+ PTOKEN Token;
+
+ PAGED_CODE();
+ /* Map the Generic Acess to Specific Access if we have a Mapping */
+ if ((Access & GENERIC_ACCESS) && (GenericMapping))
+ {
+ RtlMapGenericMask(&AccessMask, GenericMapping);
+ }
-BOOLEAN
-STDCALL
-RtlAreAnyAccessesGranted (
- ACCESS_MASK GrantedAccess,
- ACCESS_MASK DesiredAccess
- )
-{
- return ((GrantedAccess & DesiredAccess) != 0);
-}
+ /* Initialize the Access State */
+ RtlZeroMemory(AccessState, sizeof(ACCESS_STATE));
+
+ /* Capture the Subject Context */
+ SeCaptureSubjectContext(&AccessState->SubjectSecurityContext);
+
+ /* Set Access State Data */
+ AccessState->AuxData = AuxData;
+ AccessState->RemainingDesiredAccess = AccessMask;
+ AccessState->OriginalDesiredAccess = AccessMask;
+ ExpAllocateLocallyUniqueId(&AccessState->OperationID);
+
+ /* Get the Token to use */
+ Token = AccessState->SubjectSecurityContext.ClientToken ?
+ (PTOKEN)&AccessState->SubjectSecurityContext.ClientToken :
+ (PTOKEN)&AccessState->SubjectSecurityContext.PrimaryToken;
+
+ /* Check for Travers Privilege */
+ if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
+ {
+ /* Preserve the Traverse Privilege */
+ AccessState->Flags = TOKEN_HAS_TRAVERSE_PRIVILEGE;
+ }
+
+ /* Set the Auxiliary Data */
+ AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
+ FIELD_OFFSET(ACCESS_STATE,
+ Privileges));
+ if (GenericMapping) AuxData->GenericMapping = *GenericMapping;
+ /* Return Sucess */
+ return STATUS_SUCCESS;
+}
+/*
+ * @implemented
+ */
VOID
STDCALL
-RtlMapGenericMask (
- PACCESS_MASK AccessMask,
- PGENERIC_MAPPING GenericMapping
- )
+SeDeleteAccessState(IN PACCESS_STATE AccessState)
{
- if (*AccessMask & GENERIC_READ)
- *AccessMask |= GenericMapping->GenericRead;
+ PAUX_DATA AuxData;
+ PAGED_CODE();
- if (*AccessMask & GENERIC_WRITE)
- *AccessMask |= GenericMapping->GenericWrite;
+ /* Get the Auxiliary Data */
+ AuxData = AccessState->AuxData;
- if (*AccessMask & GENERIC_EXECUTE)
- *AccessMask |= GenericMapping->GenericExecute;
+ /* Deallocate Privileges */
+ if (AccessState->PrivilegesAllocated) ExFreePool(AuxData->PrivilegeSet);
+
+ /* Deallocate Name and Type Name */
+ if (AccessState->ObjectName.Buffer)
+ {
+ ExFreePool(AccessState->ObjectName.Buffer);
+ }
+ if (AccessState->ObjectTypeName.Buffer)
+ {
+ ExFreePool(AccessState->ObjectTypeName.Buffer);
+ }
+
+ /* Release the Subject Context */
+ SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
+}
- if (*AccessMask & GENERIC_ALL)
- *AccessMask |= GenericMapping->GenericAll;
+/*
+ * @implemented
+ */
+VOID
+STDCALL
+SeSetAccessStateGenericMapping(PACCESS_STATE AccessState,
+ PGENERIC_MAPPING GenericMapping)
+{
+ PAGED_CODE();
- *AccessMask &= 0x0FFFFFFF;
+ /* Set the Generic Mapping */
+ ((PAUX_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
}
/* EOF */
projects / reactos.git / blobdiff