[akhaldi] 71297: [0.4.1] Merge the SepPropagateAcl() unknown ACE types handling by Thomas in r71296. CORE-10694
9 May
2016
9 May
'16
8:56 a.m.
Author: akhaldi
Date: Mon May 9 08:56:51 2016
New Revision: 71297
URL: http://svn.reactos.org/svn/reactos?rev=71297&view=rev
Log:
[0.4.1] Merge the SepPropagateAcl() unknown ACE types handling by Thomas in r71296.
CORE-10694
Modified:
branches/ros-branch-0_4_1/ (props changed)
branches/ros-branch-0_4_1/reactos/ (props changed)
branches/ros-branch-0_4_1/reactos/ntoskrnl/se/acl.c
branches/ros-branch-0_4_1/rostests/ (props changed)
branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/SeHelpers.c
branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/SeInheritance.c
branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/se.h
Propchange: branches/ros-branch-0_4_1/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon May 9 08:56:51 2016
@@ -1 +1 @@
-/trunk:71217,71231,71245,71252,71255
+/trunk:71217,71231,71245,71252,71255,71296
Propchange: branches/ros-branch-0_4_1/reactos/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon May 9 08:56:51 2016
@@ -20,4 +20,4 @@
/branches/usb-bringup:51335,51337,51341-51343,51348,51350,51353,51355,51365-51369,51372,51384-54388,54396-54398,54736-54737,54752-54754,54756-54760,54762,54764-54765,54767-54768,54772,54774-54777,54781,54787,54790-54792,54797-54798,54806,54808,54834-54838,54843,54850,54852,54856,54858-54859
/branches/usb-bringup-trunk:55019-55543,55548-55554,55556-55567
/branches/wlan-bringup:54809-54998
-/trunk/reactos:71217,71231-71232,71245,71252,71262,71279
+/trunk/reactos:71217,71231-71232,71245,71252,71262,71279,71296
Modified: branches/ros-branch-0_4_1/reactos/ntoskrnl/se/acl.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-branch-0_4_1/reactos/ntoskr…
==============================================================================
--- branches/ros-branch-0_4_1/reactos/ntoskrnl/se/acl.c [iso-8859-1] (original)
+++ branches/ros-branch-0_4_1/reactos/ntoskrnl/se/acl.c [iso-8859-1] Mon May 9 08:56:51
2016
@@ -462,10 +462,27 @@
AceDest = (PACCESS_ALLOWED_ACE)CurrentDest;
AceSource = (PACCESS_ALLOWED_ACE)CurrentSource;
+ if (AceSource->Header.AceType > ACCESS_MAX_MS_V2_ACE_TYPE)
+ {
+ /* FIXME: handle object & compound ACEs */
+ AceSize = AceSource->Header.AceSize;
+
+ if (*AclLength >= Written + AceSize)
+ {
+ RtlCopyMemory(AceDest, AceSource, AceSize);
+ }
+ CurrentDest += AceSize;
+ CurrentSource += AceSize;
+ Written += AceSize;
+ AceCount++;
+ continue;
+ }
+
/* These all have the same structure */
ASSERT(AceSource->Header.AceType == ACCESS_ALLOWED_ACE_TYPE ||
- AceSource->Header.AceType == ACCESS_DENIED_ACE_TYPE ||
- AceSource->Header.AceType == SYSTEM_AUDIT_ACE_TYPE);
+ AceSource->Header.AceType == ACCESS_DENIED_ACE_TYPE ||
+ AceSource->Header.AceType == SYSTEM_AUDIT_ACE_TYPE ||
+ AceSource->Header.AceType == SYSTEM_ALARM_ACE_TYPE);
ASSERT(AceSource->Header.AceSize % sizeof(ULONG) == 0);
ASSERT(AceSource->Header.AceSize >= sizeof(*AceSource));
Propchange: branches/ros-branch-0_4_1/rostests/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon May 9 08:56:51 2016
@@ -1,3 +1,3 @@
/branches/GSoC_2011/KMTestSuite:51165-53670
/branches/ros-amd64-bringup/rostests:44459,44462,44537
-/trunk/rostests:71232,71236,71278
+/trunk/rostests:71232,71236,71278,71296
Modified: branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/SeHelpers.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-branch-0_4_1/rostests/kmtes…
==============================================================================
--- branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/SeHelpers.c [iso-8859-1]
(original)
+++ branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/SeHelpers.c [iso-8859-1] Mon May 9
08:56:51 2016
@@ -34,6 +34,42 @@
Ace->Header.AceSize = AceSize;
Ace->Mask = AccessMask;
Status = RtlCopySid(AceSize - FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart),
+ (PSID)&Ace->SidStart,
+ Sid);
+ ASSERT(NT_SUCCESS(Status));
+ if (NT_SUCCESS(Status))
+ {
+ Status = RtlAddAce(Acl,
+ Revision,
+ MAXULONG,
+ Ace,
+ AceSize);
+ }
+ ExFreePoolWithTag(Ace, 'cAmK');
+ return Status;
+}
+
+NTSTATUS
+RtlxAddMandatoryLabelAceEx(
+ _Inout_ PACL Acl,
+ _In_ ULONG Revision,
+ _In_ ULONG Flags,
+ _In_ ACCESS_MASK AccessMask,
+ _In_ PSID Sid)
+{
+ NTSTATUS Status;
+ USHORT AceSize;
+ PSYSTEM_MANDATORY_LABEL_ACE Ace;
+
+ AceSize = FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + RtlLengthSid(Sid);
+ Ace = ExAllocatePoolWithTag(PagedPool, AceSize, 'cAmK');
+ if (!Ace)
+ return STATUS_INSUFFICIENT_RESOURCES;
+ Ace->Header.AceType = SYSTEM_MANDATORY_LABEL_ACE_TYPE;
+ Ace->Header.AceFlags = Flags;
+ Ace->Header.AceSize = AceSize;
+ Ace->Mask = AccessMask;
+ Status = RtlCopySid(AceSize - FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart),
(PSID)&Ace->SidStart,
Sid);
ASSERT(NT_SUCCESS(Status));
Modified: branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/SeInheritance.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-branch-0_4_1/rostests/kmtes…
==============================================================================
--- branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/SeInheritance.c [iso-8859-1]
(original)
+++ branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/SeInheritance.c [iso-8859-1] Mon
May 9 08:56:51 2016
@@ -780,6 +780,81 @@
EndTestAssign()
}
+ /* ACE type that Win2003 doesn't know about (> ACCESS_MAX_MS_ACE_TYPE) */
+ for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
+ {
+ Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
+ ok_eq_hex(Status, STATUS_SUCCESS);
+ Status = RtlxAddMandatoryLabelAceEx(Acl, ACL_REVISION, 0,
SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, SeExports->SeWorldSid);
+ ok_eq_hex(Status, STATUS_SUCCESS);
+ Status = RtlSetSaclSecurityDescriptor(&ParentDescriptor,
+ TRUE,
+ Acl,
+ BooleanFlagOn(UsingDefault, 1));
+ ok_eq_hex(Status, STATUS_SUCCESS);
+ Status = RtlSetSaclSecurityDescriptor(&ExplicitDescriptor,
+ TRUE,
+ Acl,
+ BooleanFlagOn(UsingDefault, 2));
+ ok_eq_hex(Status, STATUS_SUCCESS);
+
+ TestAssignExpectDefault(&ParentDescriptor, NULL, FALSE)
+ TestAssignExpectDefault(&ParentDescriptor, NULL, TRUE)
+ StartTestAssign(NULL, &ExplicitDescriptor, FALSE, TRUE, TRUE)
+ ok_eq_uint(DaclDefaulted, FALSE);
+ CheckAcl(Dacl, 2, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid,
STANDARD_RIGHTS_ALL | 0x800F,
+ ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid,
STANDARD_RIGHTS_READ | 0x0005);
+ ok_eq_uint(SaclDefaulted, FALSE);
+ CheckAcl(Sacl, 1, SYSTEM_MANDATORY_LABEL_ACE_TYPE, 0,
SeExports->SeWorldSid, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP);
+ ok_eq_uint(OwnerDefaulted, FALSE);
+ CheckSid(Owner, NO_SIZE,
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
+ ok_eq_uint(GroupDefaulted, FALSE);
+ CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
+ EndTestAssign()
+ }
+
+ for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
+ {
+ Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
+ ok_eq_hex(Status, STATUS_SUCCESS);
+ Status = RtlxAddMandatoryLabelAceEx(Acl, ACL_REVISION, OBJECT_INHERIT_ACE,
SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, SeExports->SeCreatorOwnerSid);
+ ok_eq_hex(Status, STATUS_SUCCESS);
+ Status = RtlSetSaclSecurityDescriptor(&ParentDescriptor,
+ TRUE,
+ Acl,
+ BooleanFlagOn(UsingDefault, 1));
+ ok_eq_hex(Status, STATUS_SUCCESS);
+ Status = RtlSetSaclSecurityDescriptor(&ExplicitDescriptor,
+ TRUE,
+ Acl,
+ BooleanFlagOn(UsingDefault, 2));
+ ok_eq_hex(Status, STATUS_SUCCESS);
+
+ StartTestAssign(&ParentDescriptor, NULL, FALSE, TRUE, TRUE)
+ ok_eq_uint(DaclDefaulted, FALSE);
+ CheckAcl(Dacl, 2, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid,
STANDARD_RIGHTS_ALL | 0x800F,
+ ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid,
STANDARD_RIGHTS_READ | 0x0005);
+ ok_eq_uint(SaclDefaulted, FALSE);
+ CheckAcl(Sacl, 1, SYSTEM_MANDATORY_LABEL_ACE_TYPE, 0,
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid,
SYSTEM_MANDATORY_LABEL_NO_WRITE_UP);
+ ok_eq_uint(OwnerDefaulted, FALSE);
+ CheckSid(Owner, NO_SIZE,
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
+ ok_eq_uint(GroupDefaulted, FALSE);
+ CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
+ EndTestAssign()
+ StartTestAssign(NULL, &ExplicitDescriptor, FALSE, TRUE, TRUE)
+ ok_eq_uint(DaclDefaulted, FALSE);
+ CheckAcl(Dacl, 2, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid,
STANDARD_RIGHTS_ALL | 0x800F,
+ ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid,
STANDARD_RIGHTS_READ | 0x0005);
+ ok_eq_uint(SaclDefaulted, FALSE);
+ CheckAcl(Sacl, 1, SYSTEM_MANDATORY_LABEL_ACE_TYPE, OBJECT_INHERIT_ACE,
SeExports->SeCreatorOwnerSid, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP);
+ ok_eq_uint(OwnerDefaulted, FALSE);
+ CheckSid(Owner, NO_SIZE,
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
+ ok_eq_uint(GroupDefaulted, FALSE);
+ CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
+ EndTestAssign()
+ }
+
+ /* TODO: Test object/compound ACEs */
/* TODO: Test duplicate ACEs */
/* TODO: Test INHERITED_ACE flag */
/* TODO: Test invalid ACE flags */
Modified: branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/se.h
URL:
http://svn.reactos.org/svn/reactos/branches/ros-branch-0_4_1/rostests/kmtes…
==============================================================================
--- branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/se.h [iso-8859-1] (original)
+++ branches/ros-branch-0_4_1/rostests/kmtests/ntos_se/se.h [iso-8859-1] Mon May 9
08:56:51 2016
@@ -33,6 +33,14 @@
_In_ BOOLEAN Success,
_In_ BOOLEAN Failure);
+NTSTATUS
+RtlxAddMandatoryLabelAceEx(
+ _Inout_ PACL Acl,
+ _In_ ULONG Revision,
+ _In_ ULONG Flags,
+ _In_ ACCESS_MASK AccessMask,
+ _In_ PSID Sid);
+
#define NO_SIZE ((ULONG)-1)
#define CheckSid(Sid, SidSize, ExpectedSid) CheckSid_(Sid, SidSize, ExpectedSid,
__FILE__, __LINE__)
3153
days inactive
3153
days old
0 comments
1 participants
participants (1)
-
akhaldi@svn.reactos.org