Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
841b8862
Commit
841b8862
authored
Jan 25, 2022
by
Alexandre Julliard
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
server: Define a server-side structure for ACE.
Signed-off-by:
Alexandre Julliard
<
julliard@winehq.org
>
parent
c36f81fa
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
88 additions
and
143 deletions
+88
-143
file.c
server/file.c
+28
-66
process.c
server/process.c
+6
-16
registry.c
server/registry.c
+5
-15
security.h
server/security.h
+30
-2
token.c
server/token.c
+0
-0
trace.c
server/trace.c
+19
-44
No files found.
server/file.c
View file @
841b8862
...
...
@@ -309,25 +309,21 @@ static struct fd *file_get_fd( struct object *obj )
struct
security_descriptor
*
mode_to_sd
(
mode_t
mode
,
const
SID
*
user
,
const
SID
*
group
)
{
struct
security_descriptor
*
sd
;
unsigned
char
flags
;
size_t
dacl_size
;
ACE_HEADER
*
current_ace
;
ACCESS_ALLOWED_ACE
*
aaa
;
struct
ace
*
ace
;
struct
acl
*
dacl
;
SID
*
sid
;
char
*
ptr
;
const
SID
*
world_sid
=
security_world_sid
;
const
SID
*
local_system_sid
=
security_local_system_sid
;
dacl_size
=
sizeof
(
*
dacl
)
+
FIELD_OFFSET
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
security_sid_len
(
local_system_sid
);
if
(
mode
&
S_IRWXU
)
dacl_size
+=
FIELD_OFFSET
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
security_sid_len
(
user
);
dacl_size
=
sizeof
(
*
dacl
)
+
sizeof
(
*
ace
)
+
security_sid_len
(
local_system_sid
);
if
(
mode
&
S_IRWXU
)
dacl_size
+=
sizeof
(
*
ace
)
+
security_sid_len
(
user
);
if
((
!
(
mode
&
S_IRUSR
)
&&
(
mode
&
(
S_IRGRP
|
S_IROTH
)))
||
(
!
(
mode
&
S_IWUSR
)
&&
(
mode
&
(
S_IWGRP
|
S_IWOTH
)))
||
(
!
(
mode
&
S_IXUSR
)
&&
(
mode
&
(
S_IXGRP
|
S_IXOTH
))))
dacl_size
+=
FIELD_OFFSET
(
ACCESS_DENIED_ACE
,
SidStart
)
+
security_sid_len
(
user
);
if
(
mode
&
S_IRWXO
)
dacl_size
+=
FIELD_OFFSET
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
security_sid_len
(
world_sid
);
dacl_size
+=
sizeof
(
*
ace
)
+
security_sid_len
(
user
);
if
(
mode
&
S_IRWXO
)
dacl_size
+=
sizeof
(
*
ace
)
+
security_sid_len
(
world_sid
);
sd
=
mem_alloc
(
sizeof
(
struct
security_descriptor
)
+
security_sid_len
(
user
)
+
security_sid_len
(
group
)
+
...
...
@@ -359,66 +355,37 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
dacl
->
count
++
;
if
(
mode
&
S_IRWXO
)
dacl
->
count
++
;
flags
=
(
mode
&
S_IFDIR
)
?
OBJECT_INHERIT_ACE
|
CONTAINER_INHERIT_ACE
:
0
;
/* always give FILE_ALL_ACCESS for Local System */
aaa
=
(
ACCESS_ALLOWED_ACE
*
)(
dacl
+
1
);
current_ace
=
&
aaa
->
Header
;
aaa
->
Header
.
AceType
=
ACCESS_ALLOWED_ACE_TYPE
;
aaa
->
Header
.
AceFlags
=
(
mode
&
S_IFDIR
)
?
OBJECT_INHERIT_ACE
|
CONTAINER_INHERIT_ACE
:
0
;
aaa
->
Header
.
AceSize
=
FIELD_OFFSET
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
security_sid_len
(
local_system_sid
);
aaa
->
Mask
=
FILE_ALL_ACCESS
;
sid
=
(
SID
*
)
&
aaa
->
SidStart
;
memcpy
(
sid
,
local_system_sid
,
security_sid_len
(
local_system_sid
));
ace
=
set_ace
(
(
struct
ace
*
)(
dacl
+
1
),
local_system_sid
,
ACCESS_ALLOWED_ACE_TYPE
,
flags
,
FILE_ALL_ACCESS
);
if
(
mode
&
S_IRWXU
)
{
/* appropriate access rights for the user */
aaa
=
(
ACCESS_ALLOWED_ACE
*
)
ace_next
(
current_ace
);
current_ace
=
&
aaa
->
Header
;
aaa
->
Header
.
AceType
=
ACCESS_ALLOWED_ACE_TYPE
;
aaa
->
Header
.
AceFlags
=
(
mode
&
S_IFDIR
)
?
OBJECT_INHERIT_ACE
|
CONTAINER_INHERIT_ACE
:
0
;
aaa
->
Header
.
AceSize
=
FIELD_OFFSET
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
security_sid_len
(
user
);
aaa
->
Mask
=
WRITE_DAC
|
WRITE_OWNER
;
if
(
mode
&
S_IRUSR
)
aaa
->
Mask
|=
FILE_GENERIC_READ
|
FILE_GENERIC_EXECUTE
;
if
(
mode
&
S_IWUSR
)
aaa
->
Mask
|=
FILE_GENERIC_WRITE
|
DELETE
|
FILE_DELETE_CHILD
;
sid
=
(
SID
*
)
&
aaa
->
SidStart
;
memcpy
(
sid
,
user
,
security_sid_len
(
user
));
ace
=
set_ace
(
ace_next
(
ace
),
user
,
ACCESS_ALLOWED_ACE_TYPE
,
flags
,
WRITE_DAC
|
WRITE_OWNER
);
if
(
mode
&
S_IRUSR
)
ace
->
mask
|=
FILE_GENERIC_READ
|
FILE_GENERIC_EXECUTE
;
if
(
mode
&
S_IWUSR
)
ace
->
mask
|=
FILE_GENERIC_WRITE
|
DELETE
|
FILE_DELETE_CHILD
;
}
if
((
!
(
mode
&
S_IRUSR
)
&&
(
mode
&
(
S_IRGRP
|
S_IROTH
)))
||
(
!
(
mode
&
S_IWUSR
)
&&
(
mode
&
(
S_IWGRP
|
S_IWOTH
)))
||
(
!
(
mode
&
S_IXUSR
)
&&
(
mode
&
(
S_IXGRP
|
S_IXOTH
))))
{
/* deny just in case the user is a member of the group */
ACCESS_DENIED_ACE
*
ada
=
(
ACCESS_DENIED_ACE
*
)
ace_next
(
current_ace
);
current_ace
=
&
ada
->
Header
;
ada
->
Header
.
AceType
=
ACCESS_DENIED_ACE_TYPE
;
ada
->
Header
.
AceFlags
=
(
mode
&
S_IFDIR
)
?
OBJECT_INHERIT_ACE
|
CONTAINER_INHERIT_ACE
:
0
;
ada
->
Header
.
AceSize
=
FIELD_OFFSET
(
ACCESS_DENIED_ACE
,
SidStart
)
+
security_sid_len
(
user
);
ada
->
Mask
=
0
;
ace
=
set_ace
(
ace_next
(
ace
),
user
,
ACCESS_DENIED_ACE_TYPE
,
flags
,
0
);
if
(
!
(
mode
&
S_IRUSR
)
&&
(
mode
&
(
S_IRGRP
|
S_IROTH
)))
a
da
->
M
ask
|=
FILE_GENERIC_READ
|
FILE_GENERIC_EXECUTE
;
a
ce
->
m
ask
|=
FILE_GENERIC_READ
|
FILE_GENERIC_EXECUTE
;
if
(
!
(
mode
&
S_IWUSR
)
&&
(
mode
&
(
S_IWGRP
|
S_IROTH
)))
ada
->
Mask
|=
FILE_GENERIC_WRITE
|
DELETE
|
FILE_DELETE_CHILD
;
ada
->
Mask
&=
~
STANDARD_RIGHTS_ALL
;
/* never deny standard rights */
sid
=
(
SID
*
)
&
ada
->
SidStart
;
memcpy
(
sid
,
user
,
security_sid_len
(
user
));
ace
->
mask
|=
FILE_GENERIC_WRITE
|
DELETE
|
FILE_DELETE_CHILD
;
ace
->
mask
&=
~
STANDARD_RIGHTS_ALL
;
/* never deny standard rights */
}
if
(
mode
&
S_IRWXO
)
{
/* appropriate access rights for Everyone */
aaa
=
(
ACCESS_ALLOWED_ACE
*
)
ace_next
(
current_ace
);
current_ace
=
&
aaa
->
Header
;
aaa
->
Header
.
AceType
=
ACCESS_ALLOWED_ACE_TYPE
;
aaa
->
Header
.
AceFlags
=
(
mode
&
S_IFDIR
)
?
OBJECT_INHERIT_ACE
|
CONTAINER_INHERIT_ACE
:
0
;
aaa
->
Header
.
AceSize
=
FIELD_OFFSET
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
security_sid_len
(
world_sid
);
aaa
->
Mask
=
0
;
if
(
mode
&
S_IROTH
)
aaa
->
Mask
|=
FILE_GENERIC_READ
|
FILE_GENERIC_EXECUTE
;
if
(
mode
&
S_IWOTH
)
aaa
->
Mask
|=
FILE_GENERIC_WRITE
|
DELETE
|
FILE_DELETE_CHILD
;
sid
=
(
SID
*
)
&
aaa
->
SidStart
;
memcpy
(
sid
,
world_sid
,
security_sid_len
(
world_sid
));
ace
=
set_ace
(
ace_next
(
ace
),
world_sid
,
ACCESS_ALLOWED_ACE_TYPE
,
flags
,
0
);
if
(
mode
&
S_IROTH
)
ace
->
mask
|=
FILE_GENERIC_READ
|
FILE_GENERIC_EXECUTE
;
if
(
mode
&
S_IWOTH
)
ace
->
mask
|=
FILE_GENERIC_WRITE
|
DELETE
|
FILE_DELETE_CHILD
;
}
return
sd
;
...
...
@@ -473,24 +440,22 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
mode_t
mode
;
int
present
;
const
struct
acl
*
dacl
=
sd_get_dacl
(
sd
,
&
present
);
if
(
present
&&
dacl
)
{
const
ACE_HEADER
*
ace
=
(
const
ACE_HEADER
*
)(
dacl
+
1
);
ULONG
i
;
const
struct
ace
*
ace
=
(
const
struct
ace
*
)(
dacl
+
1
);
unsigned
int
i
;
for
(
i
=
0
;
i
<
dacl
->
count
;
i
++
,
ace
=
ace_next
(
ace
))
{
const
ACCESS_ALLOWED_ACE
*
aa_ace
;
const
ACCESS_DENIED_ACE
*
ad_ace
;
const
SID
*
sid
;
const
SID
*
sid
=
(
const
SID
*
)(
ace
+
1
);
if
(
ace
->
AceF
lags
&
INHERIT_ONLY_ACE
)
continue
;
if
(
ace
->
f
lags
&
INHERIT_ONLY_ACE
)
continue
;
switch
(
ace
->
AceType
)
mode
=
file_access_to_mode
(
ace
->
mask
);
switch
(
ace
->
type
)
{
case
ACCESS_DENIED_ACE_TYPE
:
ad_ace
=
(
const
ACCESS_DENIED_ACE
*
)
ace
;
sid
=
(
const
SID
*
)
&
ad_ace
->
SidStart
;
mode
=
file_access_to_mode
(
ad_ace
->
Mask
);
if
(
security_equal_sid
(
sid
,
security_world_sid
))
{
bits_to_set
&=
~
((
mode
<<
6
)
|
(
mode
<<
3
)
|
mode
);
/* all */
...
...
@@ -506,9 +471,6 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
}
break
;
case
ACCESS_ALLOWED_ACE_TYPE
:
aa_ace
=
(
const
ACCESS_ALLOWED_ACE
*
)
ace
;
sid
=
(
const
SID
*
)
&
aa_ace
->
SidStart
;
mode
=
file_access_to_mode
(
aa_ace
->
Mask
);
if
(
security_equal_sid
(
sid
,
security_world_sid
))
{
mode
=
(
mode
<<
6
)
|
(
mode
<<
3
)
|
mode
;
/* all */
...
...
server/process.c
View file @
841b8862
...
...
@@ -823,12 +823,11 @@ static struct security_descriptor *process_get_sd( struct object *obj )
if
(
!
process_default_sd
)
{
struct
ace
*
ace
;
struct
acl
*
dacl
;
size_t
users_sid_len
=
security_sid_len
(
security_domain_users_sid
);
size_t
admins_sid_len
=
security_sid_len
(
security_builtin_admins_sid
);
size_t
dacl_len
=
sizeof
(
struct
acl
)
+
2
*
offsetof
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
users_sid_len
+
admins_sid_len
;
ACCESS_ALLOWED_ACE
*
aaa
;
struct
acl
*
dacl
;
size_t
dacl_len
=
sizeof
(
*
dacl
)
+
2
*
sizeof
(
*
ace
)
+
users_sid_len
+
admins_sid_len
;
process_default_sd
=
mem_alloc
(
sizeof
(
*
process_default_sd
)
+
admins_sid_len
+
users_sid_len
+
dacl_len
);
...
...
@@ -846,18 +845,9 @@ static struct security_descriptor *process_get_sd( struct object *obj )
dacl
->
size
=
dacl_len
;
dacl
->
count
=
2
;
dacl
->
pad2
=
0
;
aaa
=
(
ACCESS_ALLOWED_ACE
*
)(
dacl
+
1
);
aaa
->
Header
.
AceType
=
ACCESS_ALLOWED_ACE_TYPE
;
aaa
->
Header
.
AceFlags
=
INHERIT_ONLY_ACE
|
CONTAINER_INHERIT_ACE
;
aaa
->
Header
.
AceSize
=
offsetof
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
users_sid_len
;
aaa
->
Mask
=
GENERIC_READ
;
memcpy
(
&
aaa
->
SidStart
,
security_domain_users_sid
,
users_sid_len
);
aaa
=
(
ACCESS_ALLOWED_ACE
*
)((
char
*
)
aaa
+
aaa
->
Header
.
AceSize
);
aaa
->
Header
.
AceType
=
ACCESS_ALLOWED_ACE_TYPE
;
aaa
->
Header
.
AceFlags
=
0
;
aaa
->
Header
.
AceSize
=
offsetof
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
admins_sid_len
;
aaa
->
Mask
=
PROCESS_ALL_ACCESS
;
memcpy
(
&
aaa
->
SidStart
,
security_builtin_admins_sid
,
admins_sid_len
);
ace
=
set_ace
(
ace_first
(
dacl
),
security_domain_users_sid
,
ACCESS_ALLOWED_ACE_TYPE
,
INHERIT_ONLY_ACE
|
CONTAINER_INHERIT_ACE
,
GENERIC_READ
);
set_ace
(
ace_next
(
ace
),
security_builtin_admins_sid
,
ACCESS_ALLOWED_ACE_TYPE
,
0
,
PROCESS_ALL_ACCESS
);
}
return
process_default_sd
;
}
...
...
server/registry.c
View file @
841b8862
...
...
@@ -370,11 +370,10 @@ static struct security_descriptor *key_get_sd( struct object *obj )
if
(
!
key_default_sd
)
{
struct
acl
*
dacl
;
struct
ace
*
ace
;
size_t
users_sid_len
=
security_sid_len
(
security_builtin_users_sid
);
size_t
admins_sid_len
=
security_sid_len
(
security_builtin_admins_sid
);
size_t
dacl_len
=
sizeof
(
*
dacl
)
+
2
*
offsetof
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
users_sid_len
+
admins_sid_len
;
ACCESS_ALLOWED_ACE
*
aaa
;
size_t
dacl_len
=
sizeof
(
*
dacl
)
+
2
*
sizeof
(
*
ace
)
+
users_sid_len
+
admins_sid_len
;
key_default_sd
=
mem_alloc
(
sizeof
(
*
key_default_sd
)
+
2
*
admins_sid_len
+
dacl_len
);
key_default_sd
->
control
=
SE_DACL_PRESENT
;
...
...
@@ -391,18 +390,9 @@ static struct security_descriptor *key_get_sd( struct object *obj )
dacl
->
size
=
dacl_len
;
dacl
->
count
=
2
;
dacl
->
pad2
=
0
;
aaa
=
(
ACCESS_ALLOWED_ACE
*
)(
dacl
+
1
);
aaa
->
Header
.
AceType
=
ACCESS_ALLOWED_ACE_TYPE
;
aaa
->
Header
.
AceFlags
=
INHERIT_ONLY_ACE
|
CONTAINER_INHERIT_ACE
;
aaa
->
Header
.
AceSize
=
offsetof
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
users_sid_len
;
aaa
->
Mask
=
GENERIC_READ
;
memcpy
(
&
aaa
->
SidStart
,
security_builtin_users_sid
,
users_sid_len
);
aaa
=
(
ACCESS_ALLOWED_ACE
*
)((
char
*
)
aaa
+
aaa
->
Header
.
AceSize
);
aaa
->
Header
.
AceType
=
ACCESS_ALLOWED_ACE_TYPE
;
aaa
->
Header
.
AceFlags
=
0
;
aaa
->
Header
.
AceSize
=
offsetof
(
ACCESS_ALLOWED_ACE
,
SidStart
)
+
admins_sid_len
;
aaa
->
Mask
=
KEY_ALL_ACCESS
;
memcpy
(
&
aaa
->
SidStart
,
security_builtin_admins_sid
,
admins_sid_len
);
ace
=
set_ace
(
ace_first
(
dacl
),
security_builtin_users_sid
,
ACCESS_ALLOWED_ACE_TYPE
,
INHERIT_ONLY_ACE
|
CONTAINER_INHERIT_ACE
,
GENERIC_READ
);
set_ace
(
ace_next
(
ace
),
security_builtin_admins_sid
,
ACCESS_ALLOWED_ACE_TYPE
,
0
,
KEY_ALL_ACCESS
);
}
return
key_default_sd
;
}
...
...
server/security.h
View file @
841b8862
...
...
@@ -52,6 +52,13 @@ extern const PSID security_builtin_admins_sid;
extern
const
PSID
security_domain_users_sid
;
extern
const
PSID
security_high_label_sid
;
struct
ace
{
unsigned
char
type
;
unsigned
char
flags
;
unsigned
short
size
;
unsigned
int
mask
;
};
/* token functions */
...
...
@@ -71,9 +78,14 @@ extern const SID *token_get_primary_group( struct token *token );
extern
unsigned
int
token_get_session_id
(
struct
token
*
token
);
extern
int
token_sid_present
(
struct
token
*
token
,
const
SID
*
sid
,
int
deny
);
static
inline
const
ACE_HEADER
*
ace_next
(
const
ACE_HEADER
*
ace
)
static
inline
struct
ace
*
ace_first
(
const
struct
acl
*
acl
)
{
return
(
const
ACE_HEADER
*
)((
const
char
*
)
ace
+
ace
->
AceSize
);
return
(
struct
ace
*
)(
acl
+
1
);
}
static
inline
struct
ace
*
ace_next
(
const
struct
ace
*
ace
)
{
return
(
struct
ace
*
)((
char
*
)
ace
+
ace
->
size
);
}
static
inline
size_t
security_sid_len
(
const
SID
*
sid
)
...
...
@@ -87,6 +99,22 @@ static inline int security_equal_sid( const SID *sid1, const SID *sid2 )
!
memcmp
(
sid1
,
sid2
,
security_sid_len
(
sid1
)));
}
static
inline
int
sid_valid_size
(
const
SID
*
sid
,
data_size_t
size
)
{
return
(
size
>=
offsetof
(
SID
,
SubAuthority
[
0
]
)
&&
size
>=
security_sid_len
(
sid
));
}
static
inline
struct
ace
*
set_ace
(
struct
ace
*
ace
,
const
SID
*
sid
,
unsigned
char
type
,
unsigned
char
flags
,
unsigned
int
mask
)
{
ace
->
type
=
type
;
ace
->
flags
=
flags
;
ace
->
size
=
sizeof
(
*
ace
)
+
security_sid_len
(
sid
);
ace
->
mask
=
mask
;
memcpy
(
ace
+
1
,
sid
,
security_sid_len
(
sid
));
return
ace
;
}
extern
void
security_set_thread_token
(
struct
thread
*
thread
,
obj_handle_t
handle
);
extern
const
SID
*
security_unix_uid_to_sid
(
uid_t
uid
);
extern
int
check_object_access
(
struct
token
*
token
,
struct
object
*
obj
,
unsigned
int
*
access
);
...
...
server/token.c
View file @
841b8862
This diff is collapsed.
Click to expand it.
server/trace.c
View file @
841b8862
...
...
@@ -44,6 +44,7 @@
#include "winsock2.h"
#include "file.h"
#include "request.h"
#include "security.h"
#include "unicode.h"
static
const
void
*
cur_data
;
...
...
@@ -1047,7 +1048,7 @@ static void dump_varargs_SID( const char *prefix, data_size_t size )
static
void
dump_inline_acl
(
const
char
*
prefix
,
const
struct
acl
*
acl
,
data_size_t
size
)
{
const
ACE_HEADER
*
ace
;
const
struct
ace
*
ace
;
ULONG
i
;
fprintf
(
stderr
,
"%s{"
,
prefix
);
...
...
@@ -1059,56 +1060,30 @@ static void dump_inline_acl( const char *prefix, const struct acl *acl, data_siz
return
;
}
size
-=
sizeof
(
*
acl
);
ace
=
(
const
ACE_HEADER
*
)(
acl
+
1
);
for
(
i
=
0
;
i
<
acl
->
count
;
i
++
)
for
(
i
=
0
,
ace
=
ace_first
(
acl
);
i
<
acl
->
count
;
i
++
,
ace
=
ace_next
(
ace
))
{
const
SID
*
sid
=
NULL
;
data_size_t
sid_size
=
0
;
const
SID
*
sid
=
(
const
SID
*
)(
ace
+
1
)
;
data_size_t
sid_size
;
if
(
size
<
sizeof
(
ACE_HEADER
)
||
size
<
ace
->
AceSize
)
break
;
size
-=
ace
->
AceSize
;
if
(
size
<
sizeof
(
*
ace
)
||
size
<
ace
->
size
)
break
;
size
-=
ace
->
size
;
sid_size
=
ace
->
size
-
sizeof
(
*
ace
);
if
(
i
!=
0
)
fputc
(
','
,
stderr
);
fprintf
(
stderr
,
"{
AceT
ype="
);
switch
(
ace
->
AceT
ype
)
fprintf
(
stderr
,
"{
t
ype="
);
switch
(
ace
->
t
ype
)
{
case
ACCESS_DENIED_ACE_TYPE
:
sid
=
(
const
SID
*
)
&
((
const
ACCESS_DENIED_ACE
*
)
ace
)
->
SidStart
;
sid_size
=
ace
->
AceSize
-
FIELD_OFFSET
(
ACCESS_DENIED_ACE
,
SidStart
);
fprintf
(
stderr
,
"ACCESS_DENIED_ACE_TYPE,Mask=%x"
,
((
const
ACCESS_DENIED_ACE
*
)
ace
)
->
Mask
);
break
;
case
ACCESS_ALLOWED_ACE_TYPE
:
sid
=
(
const
SID
*
)
&
((
const
ACCESS_ALLOWED_ACE
*
)
ace
)
->
SidStart
;
sid_size
=
ace
->
AceSize
-
FIELD_OFFSET
(
ACCESS_ALLOWED_ACE
,
SidStart
);
fprintf
(
stderr
,
"ACCESS_ALLOWED_ACE_TYPE,Mask=%x"
,
((
const
ACCESS_ALLOWED_ACE
*
)
ace
)
->
Mask
);
break
;
case
SYSTEM_AUDIT_ACE_TYPE
:
sid
=
(
const
SID
*
)
&
((
const
SYSTEM_AUDIT_ACE
*
)
ace
)
->
SidStart
;
sid_size
=
ace
->
AceSize
-
FIELD_OFFSET
(
SYSTEM_AUDIT_ACE
,
SidStart
);
fprintf
(
stderr
,
"SYSTEM_AUDIT_ACE_TYPE,Mask=%x"
,
((
const
SYSTEM_AUDIT_ACE
*
)
ace
)
->
Mask
);
break
;
case
SYSTEM_ALARM_ACE_TYPE
:
sid
=
(
const
SID
*
)
&
((
const
SYSTEM_ALARM_ACE
*
)
ace
)
->
SidStart
;
sid_size
=
ace
->
AceSize
-
FIELD_OFFSET
(
SYSTEM_ALARM_ACE
,
SidStart
);
fprintf
(
stderr
,
"SYSTEM_ALARM_ACE_TYPE,Mask=%x"
,
((
const
SYSTEM_ALARM_ACE
*
)
ace
)
->
Mask
);
break
;
case
SYSTEM_MANDATORY_LABEL_ACE_TYPE
:
sid
=
(
const
SID
*
)
&
((
const
SYSTEM_MANDATORY_LABEL_ACE
*
)
ace
)
->
SidStart
;
sid_size
=
ace
->
AceSize
-
FIELD_OFFSET
(
SYSTEM_MANDATORY_LABEL_ACE
,
SidStart
);
fprintf
(
stderr
,
"SYSTEM_MANDATORY_LABEL_ACE_TYPE,Mask=%x"
,
((
const
SYSTEM_MANDATORY_LABEL_ACE
*
)
ace
)
->
Mask
);
break
;
case
ACCESS_DENIED_ACE_TYPE
:
fprintf
(
stderr
,
"ACCESS_DENIED"
);
break
;
case
ACCESS_ALLOWED_ACE_TYPE
:
fprintf
(
stderr
,
"ACCESS_ALLOWED"
);
break
;
case
SYSTEM_AUDIT_ACE_TYPE
:
fprintf
(
stderr
,
"SYSTEM_AUDIT"
);
break
;
case
SYSTEM_ALARM_ACE_TYPE
:
fprintf
(
stderr
,
"SYSTEM_ALARM"
);
break
;
case
SYSTEM_MANDATORY_LABEL_ACE_TYPE
:
fprintf
(
stderr
,
"SYSTEM_MANDATORY_LABEL"
);
break
;
default:
fprintf
(
stderr
,
"unknown<%d>"
,
ace
->
AceType
);
fprintf
(
stderr
,
"%02x"
,
ace
->
type
);
sid
=
NULL
;
break
;
}
fprintf
(
stderr
,
",AceFlags=%x"
,
ace
->
AceFlags
);
if
(
sid
)
dump_inline_sid
(
",Sid="
,
sid
,
sid_size
);
ace
=
(
const
ACE_HEADER
*
)((
const
char
*
)
ace
+
ace
->
AceSize
);
fprintf
(
stderr
,
",flags=%x,mask=%x"
,
ace
->
flags
,
ace
->
mask
);
if
(
sid
)
dump_inline_sid
(
",sid="
,
sid
,
sid_size
);
fputc
(
'}'
,
stderr
);
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment