ReactOS  0.4.15-dev-3165-gdf6fff7
acl.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Access control lists (ACLs) implementation
5  * COPYRIGHT: Copyright David Welch <welch@cwcom.net>
6  */
7 
8 /* INCLUDES *******************************************************************/
9 
10 #include <ntoskrnl.h>
11 #define NDEBUG
12 #include <debug.h>
13 
14 /* GLOBALS ********************************************************************/
15 
23 
24 /* FUNCTIONS ******************************************************************/
25 
35 CODE_SEG("INIT")
36 BOOLEAN
37 NTAPI
39 {
41 
42  /* create PublicDefaultDacl */
43  AclLength = sizeof(ACL) +
44  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
45  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
46  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
47 
49  AclLength,
50  TAG_ACL);
52  return FALSE;
53 
55  AclLength,
56  ACL_REVISION);
57 
61  SeWorldSid);
62 
67 
72 
73  /* create PublicDefaultUnrestrictedDacl */
74  AclLength = sizeof(ACL) +
75  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
76  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
77  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
79 
81  AclLength,
82  TAG_ACL);
84  return FALSE;
85 
87  AclLength,
88  ACL_REVISION);
89 
93  SeWorldSid);
94 
99 
101  ACL_REVISION,
102  GENERIC_ALL,
104 
106  ACL_REVISION,
109 
110  /* create PublicOpenDacl */
111  AclLength = sizeof(ACL) +
112  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
113  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
114  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
115 
117  AclLength,
118  TAG_ACL);
119  if (SePublicOpenDacl == NULL)
120  return FALSE;
121 
123  AclLength,
124  ACL_REVISION);
125 
127  ACL_REVISION,
129  SeWorldSid);
130 
132  ACL_REVISION,
133  GENERIC_ALL,
135 
137  ACL_REVISION,
138  GENERIC_ALL,
140 
141  /* create PublicOpenUnrestrictedDacl */
142  AclLength = sizeof(ACL) +
143  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
144  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
145  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
146  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
147 
149  AclLength,
150  TAG_ACL);
152  return FALSE;
153 
155  AclLength,
156  ACL_REVISION);
157 
159  ACL_REVISION,
160  GENERIC_ALL,
161  SeWorldSid);
162 
164  ACL_REVISION,
165  GENERIC_ALL,
167 
169  ACL_REVISION,
170  GENERIC_ALL,
172 
174  ACL_REVISION,
177 
178  /* create SystemDefaultDacl */
179  AclLength = sizeof(ACL) +
180  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
181  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
182 
184  AclLength,
185  TAG_ACL);
186  if (SeSystemDefaultDacl == NULL)
187  return FALSE;
188 
190  AclLength,
191  ACL_REVISION);
192 
194  ACL_REVISION,
195  GENERIC_ALL,
197 
199  ACL_REVISION,
202 
203  /* create UnrestrictedDacl */
204  AclLength = sizeof(ACL) +
205  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
206  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
207 
209  AclLength,
210  TAG_ACL);
211  if (SeUnrestrictedDacl == NULL)
212  return FALSE;
213 
215  AclLength,
216  ACL_REVISION);
217 
219  ACL_REVISION,
220  GENERIC_ALL,
221  SeWorldSid);
222 
224  ACL_REVISION,
227 
228  /* create SystemAnonymousLogonDacl */
229  AclLength = sizeof(ACL) +
230  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
231  (sizeof(ACE) + RtlLengthSid(SeAnonymousLogonSid));
232 
234  AclLength,
235  TAG_ACL);
237  return FALSE;
238 
240  AclLength,
241  ACL_REVISION);
242 
244  ACL_REVISION,
245  GENERIC_ALL,
246  SeWorldSid);
247 
249  ACL_REVISION,
250  GENERIC_ALL,
252 
253  return TRUE;
254 }
255 
275 NTSTATUS
276 NTAPI
278  _In_ PTOKEN Token,
279  _In_ PTOKEN PrimaryToken,
280  _Out_ PACL* Dacl)
281 {
283  PACL TokenDacl;
284 
285  PAGED_CODE();
286 
287  *Dacl = NULL;
288 
289  AclLength = sizeof(ACL) +
290  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
291  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
292  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
293  (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
294  (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
295 
297  if (TokenDacl == NULL)
298  {
300  }
301 
302  RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
304  Token->UserAndGroups->Sid);
306  PrimaryToken->UserAndGroups->Sid);
311 
312  if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
313  {
316  }
317 
318  *Dacl = TokenDacl;
319 
320  return STATUS_SUCCESS;
321 }
322 
350 NTSTATUS
351 NTAPI
353  _In_ PACL InputAcl,
356  _In_ BOOLEAN CaptureIfKernel,
357  _Out_ PACL *CapturedAcl)
358 {
359  PACL NewAcl;
360  ULONG AclSize = 0;
362 
363  PAGED_CODE();
364 
365  if (AccessMode != KernelMode)
366  {
367  _SEH2_TRY
368  {
369  ProbeForRead(InputAcl,
370  sizeof(ACL),
371  sizeof(ULONG));
372  AclSize = InputAcl->AclSize;
373  ProbeForRead(InputAcl,
374  AclSize,
375  sizeof(ULONG));
376  }
378  {
379  /* Return the exception code */
381  }
382  _SEH2_END;
383 
385  AclSize,
386  TAG_ACL);
387  if (NewAcl != NULL)
388  {
389  _SEH2_TRY
390  {
391  RtlCopyMemory(NewAcl,
392  InputAcl,
393  AclSize);
394 
395  *CapturedAcl = NewAcl;
396  }
398  {
399  /* Free the ACL and return the exception code */
400  ExFreePoolWithTag(NewAcl, TAG_ACL);
402  }
403  _SEH2_END;
404  }
405  else
406  {
408  }
409  }
410  else if (!CaptureIfKernel)
411  {
412  *CapturedAcl = InputAcl;
413  }
414  else
415  {
416  AclSize = InputAcl->AclSize;
417 
419  AclSize,
420  TAG_ACL);
421 
422  if (NewAcl != NULL)
423  {
424  RtlCopyMemory(NewAcl,
425  InputAcl,
426  AclSize);
427 
428  *CapturedAcl = NewAcl;
429  }
430  else
431  {
433  }
434  }
435 
436  return Status;
437 }
438 
457 VOID
458 NTAPI
460  _In_ PACL CapturedAcl,
462  _In_ BOOLEAN CaptureIfKernel)
463 {
464  PAGED_CODE();
465 
466  if (CapturedAcl != NULL &&
467  (AccessMode != KernelMode ||
468  (AccessMode == KernelMode && CaptureIfKernel)))
469  {
470  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
471  }
472 }
473 
497 BOOLEAN
500  _Out_ PUCHAR NewAceFlags,
501  _In_ BOOLEAN IsInherited,
503 {
504  if (!IsInherited)
505  {
506  *NewAceFlags = AceFlags;
507  return TRUE;
508  }
509 
510  if (!IsDirectoryObject)
511  {
513  {
514  *NewAceFlags = AceFlags & ~VALID_INHERIT_FLAGS;
515  return TRUE;
516  }
517  return FALSE;
518  }
519 
521  {
523  {
524  *NewAceFlags = AceFlags & ~VALID_INHERIT_FLAGS;
525  return TRUE;
526  }
527  return FALSE;
528  }
529 
531  {
533  return TRUE;
534  }
535 
537  {
539  return TRUE;
540  }
541 
542  return FALSE;
543 }
544 
581 NTSTATUS
585  _In_reads_bytes_(AclSource->AclSize) PACL AclSource,
586  _In_ PSID Owner,
587  _In_ PSID Group,
588  _In_ BOOLEAN IsInherited,
591 {
593  PACCESS_ALLOWED_ACE AceSource;
594  PACCESS_ALLOWED_ACE AceDest;
595  PUCHAR CurrentDest;
596  PUCHAR CurrentSource;
597  ULONG i;
598  ULONG Written;
599  UCHAR AceFlags;
600  USHORT AceSize;
601  USHORT AceCount = 0;
602  PSID Sid;
603  BOOLEAN WriteTwoAces;
604 
605  ASSERT(RtlValidAcl(AclSource));
606  ASSERT(AclSource->AclSize % sizeof(ULONG) == 0);
607  ASSERT(AclSource->Sbz1 == 0);
608  ASSERT(AclSource->Sbz2 == 0);
609 
610  Written = 0;
611  if (*AclLength >= Written + sizeof(ACL))
612  {
613  RtlCopyMemory(AclDest,
614  AclSource,
615  sizeof(ACL));
616  }
617  Written += sizeof(ACL);
618 
619  CurrentDest = (PUCHAR)(AclDest + 1);
620  CurrentSource = (PUCHAR)(AclSource + 1);
621  for (i = 0; i < AclSource->AceCount; i++)
622  {
623  ASSERT((ULONG_PTR)CurrentDest % sizeof(ULONG) == 0);
624  ASSERT((ULONG_PTR)CurrentSource % sizeof(ULONG) == 0);
625  AceDest = (PACCESS_ALLOWED_ACE)CurrentDest;
626  AceSource = (PACCESS_ALLOWED_ACE)CurrentSource;
627 
628  if (AceSource->Header.AceType > ACCESS_MAX_MS_V2_ACE_TYPE)
629  {
630  /* FIXME: handle object & compound ACEs */
631  AceSize = AceSource->Header.AceSize;
632 
633  if (*AclLength >= Written + AceSize)
634  {
635  RtlCopyMemory(AceDest, AceSource, AceSize);
636  }
637  CurrentDest += AceSize;
638  CurrentSource += AceSize;
639  Written += AceSize;
640  AceCount++;
641  continue;
642  }
643 
644  /* These all have the same structure */
646  AceSource->Header.AceType == ACCESS_DENIED_ACE_TYPE ||
647  AceSource->Header.AceType == SYSTEM_AUDIT_ACE_TYPE ||
648  AceSource->Header.AceType == SYSTEM_ALARM_ACE_TYPE);
649 
650  ASSERT(AceSource->Header.AceSize % sizeof(ULONG) == 0);
651  ASSERT(AceSource->Header.AceSize >= sizeof(*AceSource));
652  if (!SepShouldPropagateAce(AceSource->Header.AceFlags,
653  &AceFlags,
654  IsInherited,
656  {
657  CurrentSource += AceSource->Header.AceSize;
658  continue;
659  }
660 
661  /* FIXME: filter out duplicate ACEs */
662  AceSize = AceSource->Header.AceSize;
663  Mask = AceSource->Mask;
664  Sid = (PSID)&AceSource->SidStart;
665  ASSERT(AceSize >= FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + RtlLengthSid(Sid));
666 
667  WriteTwoAces = FALSE;
668  /* Map effective ACE to specific rights */
669  if (!(AceFlags & INHERIT_ONLY_ACE))
670  {
673 
674  if (IsInherited)
675  {
677  Sid = Owner;
678  else if (RtlEqualSid(Sid, SeCreatorGroupSid))
679  Sid = Group;
680  AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + RtlLengthSid(Sid);
681 
682  /*
683  * A generic container ACE becomes two ACEs:
684  * - a specific effective ACE with no inheritance flags
685  * - an inherit-only ACE that keeps the generic rights
686  */
687  if (IsDirectoryObject &&
689  (Mask != AceSource->Mask || Sid != (PSID)&AceSource->SidStart))
690  {
691  WriteTwoAces = TRUE;
692  }
693  }
694  }
695 
696  while (1)
697  {
698  if (*AclLength >= Written + AceSize)
699  {
700  AceDest->Header.AceType = AceSource->Header.AceType;
701  AceDest->Header.AceFlags = WriteTwoAces ? AceFlags & ~VALID_INHERIT_FLAGS
702  : AceFlags;
703  AceDest->Header.AceSize = AceSize;
704  AceDest->Mask = Mask;
705  RtlCopySid(AceSize - FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart),
706  (PSID)&AceDest->SidStart,
707  Sid);
708  }
709  Written += AceSize;
710 
711  AceCount++;
712  CurrentDest += AceSize;
713 
714  if (!WriteTwoAces)
715  break;
716 
717  /* Second ACE keeps all the generics from the source ACE */
718  WriteTwoAces = FALSE;
719  AceDest = (PACCESS_ALLOWED_ACE)CurrentDest;
720  AceSize = AceSource->Header.AceSize;
721  Mask = AceSource->Mask;
722  Sid = (PSID)&AceSource->SidStart;
724  }
725 
726  CurrentSource += AceSource->Header.AceSize;
727  }
728 
729  if (*AclLength >= sizeof(ACL))
730  {
731  AclDest->AceCount = AceCount;
732  AclDest->AclSize = Written;
733  }
734 
735  if (Written > *AclLength)
736  {
737  *AclLength = Written;
739  }
740  *AclLength = Written;
741  return STATUS_SUCCESS;
742 }
743 
798 PACL
800  _In_opt_ PACL ExplicitAcl,
801  _In_ BOOLEAN ExplicitPresent,
802  _In_ BOOLEAN ExplicitDefaulted,
803  _In_opt_ PACL ParentAcl,
804  _In_opt_ PACL DefaultAcl,
806  _In_ PSID Owner,
807  _In_ PSID Group,
808  _Out_ PBOOLEAN AclPresent,
809  _Out_ PBOOLEAN IsInherited,
812 {
813  PACL Acl;
815 
816  *AclPresent = TRUE;
817  if (ExplicitPresent && !ExplicitDefaulted)
818  {
819  Acl = ExplicitAcl;
820  }
821  else
822  {
823  if (ParentAcl)
824  {
825  *IsInherited = TRUE;
826  *AclLength = 0;
828  AclLength,
829  ParentAcl,
830  Owner,
831  Group,
832  *IsInherited,
836 
837  /* Use the parent ACL only if it's not empty */
838  if (*AclLength != sizeof(ACL))
839  return ParentAcl;
840  }
841 
842  if (ExplicitPresent)
843  {
844  Acl = ExplicitAcl;
845  }
846  else if (DefaultAcl)
847  {
848  Acl = DefaultAcl;
849  }
850  else
851  {
852  *AclPresent = FALSE;
853  Acl = NULL;
854  }
855  }
856 
857  *IsInherited = FALSE;
858  *AclLength = 0;
859  if (Acl)
860  {
861  /* Get the length */
863  AclLength,
864  Acl,
865  Owner,
866  Group,
867  *IsInherited,
871  }
872  return Acl;
873 }
874 
875 /* EOF */
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Allocates a discretionary access control list based on certain properties of a regular and primary ac...
Definition: acl.c:277
#define GENERIC_ALL
Definition: nt_native.h:92
UCHAR AceFlags
Definition: ms-dtyp.idl:211
#define ACCESS_MAX_MS_V2_ACE_TYPE
Definition: setypes.h:708
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
PSID SeRestrictedCodeSid
Definition: sid.c:38
#define _In_opt_
Definition: ms_sal.h:309
#define _Inout_
Definition: ms_sal.h:378
#define VALID_INHERIT_FLAGS
Definition: setypes.h:738
#define _Out_
Definition: ms_sal.h:345
#define TRUE
Definition: types.h:120
USHORT AclSize
Definition: ms-dtyp.idl:296
PACL SeSystemDefaultDacl
Definition: acl.c:17
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
_In_opt_ PSID Group
Definition: rtlfuncs.h:1605
unsigned char * PUCHAR
Definition: retypes.h:3
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:735
ACE_HEADER Header
Definition: ms-dtyp.idl:216
USHORT AceCount
Definition: ms-dtyp.idl:297
BOOLEAN SepShouldPropagateAce(_In_ UCHAR AceFlags, _Out_ PUCHAR NewAceFlags, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject)
Determines if a certain ACE can or cannot be propagated based on ACE inheritation flags and whatnot.
Definition: acl.c:498
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4226
uint32_t ULONG_PTR
Definition: typedefs.h:65
PACL SePublicOpenDacl
Definition: acl.c:19
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
USHORT AceSize
Definition: ms-dtyp.idl:212
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:20
#define FALSE
Definition: types.h:117
PACL SeUnrestrictedDacl
Definition: acl.c:21
PSID SeCreatorGroupSid
Definition: sid.c:26
#define GENERIC_WRITE
Definition: nt_native.h:90
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
unsigned char BOOLEAN
struct _ACL ACL
#define _In_
Definition: ms_sal.h:308
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define _Out_writes_bytes_opt_(size)
Definition: ms_sal.h:351
Status
Definition: gdiplustypes.h:24
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:734
#define ASSERT(a)
Definition: mode.c:44
BOOLEAN NTAPI SepInitDACLs(VOID)
Initializes known discretionary access control lists in the system upon kernel and Executive initiali...
Definition: acl.c:38
INT POOL_TYPE
Definition: typedefs.h:78
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
BOOLEAN NTAPI RtlValidAcl(IN PACL Acl)
Definition: acl.c:837
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(AclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Propagates (copies) an access control list.
Definition: acl.c:582
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:704
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
Definition: acl.c:459
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:705
struct _SID * PSID
Definition: eventlog.c:35
#define READ_CONTROL
Definition: nt_native.h:58
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
unsigned char UCHAR
Definition: xmlstorage.h:181
UCHAR AceType
Definition: ms-dtyp.idl:210
char * PBOOLEAN
Definition: retypes.h:11
PSID SeAliasAdminsSid
Definition: sid.c:39
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
PSID SeCreatorOwnerSid
Definition: sid.c:25
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:18
USHORT Sbz2
Definition: ms-dtyp.idl:298
#define GENERIC_READ
Definition: compat.h:135
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
PSID SeWorldSid
Definition: sid.c:23
processorSet Mask
UCHAR Sbz1
Definition: ms-dtyp.idl:295
#define TAG_ACL
Definition: tag.h:174
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define SYSTEM_ALARM_ACE_TYPE
Definition: setypes.h:707
_SEH2_END
Definition: create.c:4400
struct _ACCESS_ALLOWED_ACE * PACCESS_ALLOWED_ACE
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
ACCESS_MASK Mask
Definition: ms-dtyp.idl:217
unsigned short USHORT
Definition: pedump.c:61
PACL SePublicDefaultDacl
Definition: acl.c:16
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
unsigned int * PULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
#define ACL_REVISION
Definition: setypes.h:39
PSID SeLocalSystemSid
Definition: sid.c:36
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:706
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define INHERIT_ONLY_ACE
Definition: setypes.h:736
PSID SeAnonymousLogonSid
Definition: se.h:159
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
ACCESS_MASK GenericAll
Definition: nt_native.h:568
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Selects an ACL and returns it to the caller.
Definition: acl.c:799
#define GENERIC_EXECUTE
Definition: nt_native.h:91
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
Definition: rtltypes.h:990
#define OBJECT_INHERIT_ACE
Definition: setypes.h:733
ULONG ACCESS_MASK
Definition: nt_native.h:40
_In_ ULONG AclLength
Definition: rtlfuncs.h:1842
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
static const ACEFLAG AceFlags[]
Definition: security.c:2300
#define PAGED_CODE()
#define _In_reads_bytes_(size)
Definition: ms_sal.h:321