BOOLEAN
TestAddAce()
{
UCHAR AclBuffer[512];
PACL Acl;
STANDARD_ACE AceList[2];
NTSTATUS Status;
Acl = (PACL)AclBuffer;
//
// Create a good large acl
//
if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) {
DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status);
return FALSE;
}
//
// test add ace to add two aces to an empty acl
//
AceList[0].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x22222222;
CopyGuid(&AceList[0].Guid, &FredGuid);
AceList[1].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
AceList[1].Header.AceSize = sizeof(STANDARD_ACE);
AceList[1].Header.InheritFlags = 0;
AceList[1].Header.AceFlags = 0;
AceList[1].Mask = 0x44444444;
CopyGuid(&AceList[1].Guid, &WilmaGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl,
1,
0,
AceList,
2*sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to empty acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
//
// test add ace to add one to the beginning of an acl
//
AceList[0].Header.AceType = SYSTEM_AUDIT_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x11111111;
CopyGuid(&AceList[0].Guid, &PebblesGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl,
1,
0,
AceList,
sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to beginning of acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
//
// test add ace to add one to the middle of an acl
//
AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x33333333;
CopyGuid(&AceList[0].Guid, &DinoGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl,
1,
2,
AceList,
sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to middle of acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
//
// test add ace to add one to the end of an acl
//
AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x55555555;
CopyGuid(&AceList[0].Guid, &FlintstoneGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl,
1,
MAXULONG,
AceList,
sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to end of an acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
return TRUE;
}
BOOLEAN WepCreateServerObjects(
VOID
)
{
OBJECT_ATTRIBUTES objectAttributes;
WCHAR buffer[256];
UNICODE_STRING objectName;
SECURITY_DESCRIPTOR securityDescriptor;
UCHAR saclBuffer[sizeof(ACL) + FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG)];
PACL sacl;
UCHAR mandatoryLabelAceBuffer[FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG)];
PSYSTEM_MANDATORY_LABEL_ACE mandatoryLabelAce;
PSID sid;
if (!WeServerSharedSection)
{
LARGE_INTEGER maximumSize;
WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_NAME, buffer, &objectName);
InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL);
maximumSize.QuadPart = sizeof(WE_HOOK_SHARED_DATA);
if (!NT_SUCCESS(NtCreateSection(
&WeServerSharedSection,
SECTION_ALL_ACCESS,
&objectAttributes,
&maximumSize,
PAGE_READWRITE,
SEC_COMMIT,
NULL
)))
{
return FALSE;
}
}
if (!WeServerSharedData)
{
PVOID viewBase;
SIZE_T viewSize;
viewBase = NULL;
viewSize = sizeof(WE_HOOK_SHARED_DATA);
if (!NT_SUCCESS(NtMapViewOfSection(
WeServerSharedSection,
NtCurrentProcess(),
&viewBase,
0,
0,
NULL,
&viewSize,
ViewShare,
0,
PAGE_READWRITE
)))
{
WepCloseServerObjects();
return FALSE;
}
WeServerSharedData = viewBase;
}
if (!WeServerSharedSectionLock)
{
WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_LOCK_NAME, buffer, &objectName);
InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL);
if (!NT_SUCCESS(NtCreateMutant(
&WeServerSharedSectionLock,
MUTANT_ALL_ACCESS,
&objectAttributes,
FALSE
)))
{
WepCloseServerObjects();
return FALSE;
}
}
if (!WeServerSharedSectionEvent)
{
WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_EVENT_NAME, buffer, &objectName);
InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL);
if (!NT_SUCCESS(NtCreateEvent(
&WeServerSharedSectionEvent,
EVENT_ALL_ACCESS,
&objectAttributes,
NotificationEvent,
FALSE
)))
{
WepCloseServerObjects();
return FALSE;
}
}
// If mandatory labels are supported, set it to the lowest possible level.
if (WE_WindowsVersion >= WINDOWS_VISTA)
{
static SID_IDENTIFIER_AUTHORITY mandatoryLabelAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY;
RtlCreateSecurityDescriptor(&securityDescriptor, SECURITY_DESCRIPTOR_REVISION);
sacl = (PACL)saclBuffer;
RtlCreateAcl(sacl, sizeof(saclBuffer), ACL_REVISION);
mandatoryLabelAce = (PSYSTEM_MANDATORY_LABEL_ACE)mandatoryLabelAceBuffer;
mandatoryLabelAce->Header.AceType = SYSTEM_MANDATORY_LABEL_ACE_TYPE;
mandatoryLabelAce->Header.AceFlags = 0;
mandatoryLabelAce->Header.AceSize = sizeof(mandatoryLabelAceBuffer);
mandatoryLabelAce->Mask = SYSTEM_MANDATORY_LABEL_NO_WRITE_UP;
sid = (PSID)&mandatoryLabelAce->SidStart;
RtlInitializeSid(sid, &mandatoryLabelAuthority, 1);
*RtlSubAuthoritySid(sid, 0) = SECURITY_MANDATORY_LOW_RID;
if (NT_SUCCESS(RtlAddAce(sacl, ACL_REVISION, MAXULONG32, mandatoryLabelAce, sizeof(mandatoryLabelAceBuffer))))
{
if (NT_SUCCESS(RtlSetSaclSecurityDescriptor(&securityDescriptor, TRUE, sacl, FALSE)))
{
NtSetSecurityObject(WeServerSharedSection, LABEL_SECURITY_INFORMATION, &securityDescriptor);
NtSetSecurityObject(WeServerSharedSectionLock, LABEL_SECURITY_INFORMATION, &securityDescriptor);
NtSetSecurityObject(WeServerSharedSectionEvent, LABEL_SECURITY_INFORMATION, &securityDescriptor);
}
}
}
return TRUE;
}
