BOOLEAN TestAddAce() { UCHAR AclBuffer[512]; PACL Acl; STANDARD_ACE AceList[2]; NTSTATUS Status; Acl = (PACL)AclBuffer; // // Create a good large acl // if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) { DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status); return FALSE; } // // test add ace to add two aces to an empty acl // AceList[0].Header.AceType = ACCESS_ALLOWED_ACE_TYPE; AceList[0].Header.AceSize = sizeof(STANDARD_ACE); AceList[0].Header.InheritFlags = 0; AceList[0].Header.AceFlags = 0; AceList[0].Mask = 0x22222222; CopyGuid(&AceList[0].Guid, &FredGuid); AceList[1].Header.AceType = ACCESS_ALLOWED_ACE_TYPE; AceList[1].Header.AceSize = sizeof(STANDARD_ACE); AceList[1].Header.InheritFlags = 0; AceList[1].Header.AceFlags = 0; AceList[1].Mask = 0x44444444; CopyGuid(&AceList[1].Guid, &WilmaGuid); if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, 0, AceList, 2*sizeof(STANDARD_ACE)))) { DbgPrint("RtlAddAce to empty acl Error : %8lx\n", Status); return FALSE; } // RtlDumpAcl(Acl); // // test add ace to add one to the beginning of an acl // AceList[0].Header.AceType = SYSTEM_AUDIT_ACE_TYPE; AceList[0].Header.AceSize = sizeof(STANDARD_ACE); AceList[0].Header.InheritFlags = 0; AceList[0].Header.AceFlags = 0; AceList[0].Mask = 0x11111111; CopyGuid(&AceList[0].Guid, &PebblesGuid); if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, 0, AceList, sizeof(STANDARD_ACE)))) { DbgPrint("RtlAddAce to beginning of acl Error : %8lx\n", Status); return FALSE; } // RtlDumpAcl(Acl); // // test add ace to add one to the middle of an acl // AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE; AceList[0].Header.AceSize = sizeof(STANDARD_ACE); AceList[0].Header.InheritFlags = 0; AceList[0].Header.AceFlags = 0; AceList[0].Mask = 0x33333333; CopyGuid(&AceList[0].Guid, &DinoGuid); if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, 2, AceList, sizeof(STANDARD_ACE)))) { DbgPrint("RtlAddAce to middle of acl Error : %8lx\n", Status); return FALSE; } // RtlDumpAcl(Acl); // // test add ace to add one to the end of an acl // AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE; AceList[0].Header.AceSize = sizeof(STANDARD_ACE); AceList[0].Header.InheritFlags = 0; AceList[0].Header.AceFlags = 0; AceList[0].Mask = 0x55555555; CopyGuid(&AceList[0].Guid, &FlintstoneGuid); if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, MAXULONG, AceList, sizeof(STANDARD_ACE)))) { DbgPrint("RtlAddAce to end of an acl Error : %8lx\n", Status); return FALSE; } // RtlDumpAcl(Acl); return TRUE; }
BOOLEAN WepCreateServerObjects( VOID ) { OBJECT_ATTRIBUTES objectAttributes; WCHAR buffer[256]; UNICODE_STRING objectName; SECURITY_DESCRIPTOR securityDescriptor; UCHAR saclBuffer[sizeof(ACL) + FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG)]; PACL sacl; UCHAR mandatoryLabelAceBuffer[FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG)]; PSYSTEM_MANDATORY_LABEL_ACE mandatoryLabelAce; PSID sid; if (!WeServerSharedSection) { LARGE_INTEGER maximumSize; WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_NAME, buffer, &objectName); InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL); maximumSize.QuadPart = sizeof(WE_HOOK_SHARED_DATA); if (!NT_SUCCESS(NtCreateSection( &WeServerSharedSection, SECTION_ALL_ACCESS, &objectAttributes, &maximumSize, PAGE_READWRITE, SEC_COMMIT, NULL ))) { return FALSE; } } if (!WeServerSharedData) { PVOID viewBase; SIZE_T viewSize; viewBase = NULL; viewSize = sizeof(WE_HOOK_SHARED_DATA); if (!NT_SUCCESS(NtMapViewOfSection( WeServerSharedSection, NtCurrentProcess(), &viewBase, 0, 0, NULL, &viewSize, ViewShare, 0, PAGE_READWRITE ))) { WepCloseServerObjects(); return FALSE; } WeServerSharedData = viewBase; } if (!WeServerSharedSectionLock) { WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_LOCK_NAME, buffer, &objectName); InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL); if (!NT_SUCCESS(NtCreateMutant( &WeServerSharedSectionLock, MUTANT_ALL_ACCESS, &objectAttributes, FALSE ))) { WepCloseServerObjects(); return FALSE; } } if (!WeServerSharedSectionEvent) { WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_EVENT_NAME, buffer, &objectName); InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL); if (!NT_SUCCESS(NtCreateEvent( &WeServerSharedSectionEvent, EVENT_ALL_ACCESS, &objectAttributes, NotificationEvent, FALSE ))) { WepCloseServerObjects(); return FALSE; } } // If mandatory labels are supported, set it to the lowest possible level. if (WE_WindowsVersion >= WINDOWS_VISTA) { static SID_IDENTIFIER_AUTHORITY mandatoryLabelAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY; RtlCreateSecurityDescriptor(&securityDescriptor, SECURITY_DESCRIPTOR_REVISION); sacl = (PACL)saclBuffer; RtlCreateAcl(sacl, sizeof(saclBuffer), ACL_REVISION); mandatoryLabelAce = (PSYSTEM_MANDATORY_LABEL_ACE)mandatoryLabelAceBuffer; mandatoryLabelAce->Header.AceType = SYSTEM_MANDATORY_LABEL_ACE_TYPE; mandatoryLabelAce->Header.AceFlags = 0; mandatoryLabelAce->Header.AceSize = sizeof(mandatoryLabelAceBuffer); mandatoryLabelAce->Mask = SYSTEM_MANDATORY_LABEL_NO_WRITE_UP; sid = (PSID)&mandatoryLabelAce->SidStart; RtlInitializeSid(sid, &mandatoryLabelAuthority, 1); *RtlSubAuthoritySid(sid, 0) = SECURITY_MANDATORY_LOW_RID; if (NT_SUCCESS(RtlAddAce(sacl, ACL_REVISION, MAXULONG32, mandatoryLabelAce, sizeof(mandatoryLabelAceBuffer)))) { if (NT_SUCCESS(RtlSetSaclSecurityDescriptor(&securityDescriptor, TRUE, sacl, FALSE))) { NtSetSecurityObject(WeServerSharedSection, LABEL_SECURITY_INFORMATION, &securityDescriptor); NtSetSecurityObject(WeServerSharedSectionLock, LABEL_SECURITY_INFORMATION, &securityDescriptor); NtSetSecurityObject(WeServerSharedSectionEvent, LABEL_SECURITY_INFORMATION, &securityDescriptor); } } } return TRUE; }