[reactos] 19/21: [NTOS:SE] Implement SepGetSidFromAce - Ros-diffs

6 May 2022

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=bac67a65f26df384f5962e...
commit bac67a65f26df384f5962e85f001f5984caa2b66
Author:     George Bișoc george.bisoc@reactos.org
AuthorDate: Sat Feb 5 22:01:39 2022 +0100
Commit:     George Bișoc george.bisoc@reactos.org
CommitDate: Fri May 6 10:09:53 2022 +0200
[NTOS:SE] Implement SepGetSidFromAce
This function will be used to retrieve a security identifier from a valid access control entry in the kernel. Mostly and exclusively used within access checks related code and such.
---
 ntoskrnl/se/sid.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/ntoskrnl/se/sid.c b/ntoskrnl/se/sid.c
index 509b3777488..13aeba2662b 100644
--- a/ntoskrnl/se/sid.c
+++ b/ntoskrnl/se/sid.c
@@ -412,6 +412,77 @@ SepReleaseSid(
     }
 }
+/**
+ * @brief
+ * Captures a security identifier from a
+ * given access control entry. This identifier
+ * is valid for the whole of its lifetime.
+ *
+ * @param[in] AceType
+ * The type of an access control entry. This
+ * type that is given by the calling thread
+ * must coincide with the actual ACE that is
+ * given in the second parameter otherwise this
+ * can potentially lead to UNDEFINED behavior!
+ *
+ * @param[in] Ace
+ * A pointer to an access control entry, which
+ * can be obtained from a DACL.
+ *
+ * @return
+ * Returns a pointer to a security identifier (SID),
+ * otherwise NULL is returned if an unsupported ACE
+ * type was given to the function.
+ */
+PSID
+NTAPI
+SepGetSidFromAce(
+    _In_ UCHAR AceType,
+    _In_ PACE Ace)
+{
+    PSID Sid;
+    PAGED_CODE();
+
+    /* Sanity check */
+    ASSERT(Ace);
+
+    /* Initialize the SID */
+    Sid = NULL;
+
+    /* Obtain the SID based upon ACE type */
+    switch (AceType)
+    {
+        case ACCESS_DENIED_ACE_TYPE:
+        {
+            Sid = (PSID)&((PACCESS_DENIED_ACE)Ace)->SidStart;
+            break;
+        }
+
+        case ACCESS_ALLOWED_ACE_TYPE:
+        {
+            Sid = (PSID)&((PACCESS_ALLOWED_ACE)Ace)->SidStart;
+            break;
+        }
+
+        case ACCESS_DENIED_OBJECT_ACE_TYPE:
+        {
+            Sid = (PSID)&((PACCESS_DENIED_OBJECT_ACE)Ace)->SidStart;
+            break;
+        }
+
+        case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
+        {
+            Sid = (PSID)&((PACCESS_ALLOWED_OBJECT_ACE)Ace)->SidStart;
+            break;
+        }
+
+        default:
+            break;
+    }
+
+    return Sid;
+}
+
 /**
  * @brief
  * Captures a SID with attributes.

    