[ros-diffs] [reactos] 19/21: [NTOS:SE] Implement SepGetSidFromAce

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=bac67a65f26df384f5962… commit bac67a65f26df384f5962e85f001f5984caa2b66 Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Sat Feb 5 22:01:39 2022 +0100 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:53 2022 +0200 [NTOS:SE] Implement SepGetSidFromAce This function will be used to retrieve a security identifier from a valid access control entry in the kernel. Mostly and exclusively used within access checks related code and such. --- ntoskrnl/se/sid.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/ntoskrnl/se/sid.c b/ntoskrnl/se/sid.c index 509b3777488..13aeba2662b 100644 --- a/ntoskrnl/se/sid.c +++ b/ntoskrnl/se/sid.c @@ -412,6 +412,77 @@ SepReleaseSid( } } +/** + * @brief + * Captures a security identifier from a + * given access control entry. This identifier + * is valid for the whole of its lifetime. + * + * @param[in] AceType + * The type of an access control entry. This + * type that is given by the calling thread + * must coincide with the actual ACE that is + * given in the second parameter otherwise this + * can potentially lead to UNDEFINED behavior! + * + * @param[in] Ace + * A pointer to an access control entry, which + * can be obtained from a DACL. + * + * @return + * Returns a pointer to a security identifier (SID), + * otherwise NULL is returned if an unsupported ACE + * type was given to the function. + */ +PSID +NTAPI +SepGetSidFromAce( + _In_ UCHAR AceType, + _In_ PACE Ace) +{ + PSID Sid; + PAGED_CODE(); + + /* Sanity check */ + ASSERT(Ace); + + /* Initialize the SID */ + Sid = NULL; + + /* Obtain the SID based upon ACE type */ + switch (AceType) + { + case ACCESS_DENIED_ACE_TYPE: + { + Sid = (PSID)&((PACCESS_DENIED_ACE)Ace)->SidStart; + break; + } + + case ACCESS_ALLOWED_ACE_TYPE: + { + Sid = (PSID)&((PACCESS_ALLOWED_ACE)Ace)->SidStart; + break; + } + + case ACCESS_DENIED_OBJECT_ACE_TYPE: + { + Sid = (PSID)&((PACCESS_DENIED_OBJECT_ACE)Ace)->SidStart; + break; + } + + case ACCESS_ALLOWED_OBJECT_ACE_TYPE: + { + Sid = (PSID)&((PACCESS_ALLOWED_OBJECT_ACE)Ace)->SidStart; + break; + } + + default: + break; + } + + return Sid; +} + /** * @brief * Captures a SID with attributes.