BOOL PLUGIN_WRITER_WRITEACE( _In_ PLUGIN_API_TABLE const * const api, _Inout_ PIMPORTED_ACE ace ) { DWORD i = 0; DWORD relCount = 0; LPTSTR resolvedTrustee = NULL; LPTSTR resolvedMail = NULL; resolvedTrustee = api->Resolver.ResolverGetAceTrusteeStr(ace); resolvedMail = api->Resolver.ResolverGetAceObjectMail(ace); if (!resolvedMail) { API_LOG(Dbg, _T("Object has mbx sd without mail address : <%s>"), ace->imported.objectDn); return TRUE; } for (i = 0; i < ACE_REL_COUNT; i++) { if (HAS_RELATION(ace, i)) { relCount++; if (IS_ALLOWED_ACE(ace->imported.raw)) WriteRelation(api, resolvedTrustee, resolvedMail, api->Ace.GetAceRelationStr(i), gs_hOutfile); else WriteRelation(api, resolvedTrustee, resolvedMail, api->Ace.GetAceRelationStr(i), gs_hOutDenyfile); } } return TRUE; }
BOOL PLUGIN_WRITER_WRITEACE( _In_ PLUGIN_API_TABLE const * const api, _Inout_ PIMPORTED_ACE ace ) { DWORD i = 0; DWORD relCount = 0; LPTSTR resolvedTrustee = NULL; resolvedTrustee = api->Resolver.ResolverGetAceTrusteeStr(ace); for (i = 0; i < ACE_REL_COUNT; i++) { if (HAS_RELATION(ace, i)) { relCount++; WriteRelation(api, resolvedTrustee, ace->imported.objectDn, api->Ace.GetAceRelationStr(i)); } } if (relCount == 0) { WriteRelation(api, resolvedTrustee, ace->imported.objectDn, DEFAULT_MSR_NO_RELATION_KEYWORD); } return TRUE; }
BOOL PLUGIN_FILTER_FILTERACE( _In_ PLUGIN_API_TABLE const * const api, _Inout_ PIMPORTED_ACE ace ) { /* - Generic rights : --- GENERIC_WRITE --- GENERIC_ALL - Standards rights : --- WRITE_DAC --- WRITE_OWNER - Files Specific rights (file/dir) : --- FILE_WRITE_DATA / FILE_ADD_FILE --- FILE_APPEND_DATA / FILE_ADD_SUBDIRECTORY */ DWORD dwAccessMask = 0; DWORD i = 0; // // Get properties // dwAccessMask = api->Ace.GetAccessMask(ace); // // Control case : Generic right GENERIC_WRITE // if (dwAccessMask & ADS_RIGHT_GENERIC_WRITE) SET_RELATION(ace, GEN_RIGHT_WRITE); // // Control case : Generic right GENERIC_ALL // if (dwAccessMask & ADS_RIGHT_GENERIC_ALL) SET_RELATION(ace, GEN_RIGHT_ALL); // // Control case : Standard right WRITE_DAC // if (dwAccessMask & ADS_RIGHT_WRITE_DAC) SET_RELATION(ace, STAND_RIGHT_WRITE_DAC); // // Control case : Standard right WRITE_OWNER // if (dwAccessMask & ADS_RIGHT_WRITE_OWNER) SET_RELATION(ace, STAND_RIGHT_WRITE_OWNER); // // Control case : Specific right FILE_WRITE_DATA / FILE_ADD_FILE // if (dwAccessMask & FILE_WRITEDATA_ADDFILE) SET_RELATION(ace, FS_RIGHT_WRITEDATA_ADDFILE); // // Control case : Specific right FILE_APPEND_DATA / FILE_ADD_SUBDIRECTORY // if (dwAccessMask & FILE_APPENDDATA_ADDSUBDIR) SET_RELATION(ace, FS_RIGHT_APPENDDATA_ADDSUBDIR); // // Only "*_ALLOWED_*" ace types can allow control // But DENY ace on control parameters cannot be processed on a per-ace model in the control paths approach // if (!IS_ALLOWED_ACE(ace->imported.raw)) { for (i = 0; i < ACE_REL_COUNT; i++) { if (HAS_RELATION(ace, i)) { API_LOG(Succ, _T("<%s> control is limited by a DENY %s ACE on object <%s>"), api->Resolver.ResolverGetAceTrusteeStr(ace), api->Ace.GetAceRelationStr(i), api->Resolver.ResolverGetAceObject(ace)->imported.dn); } } return FALSE; } for (i = 0; i < ACE_REL_COUNT; i++) { if (HAS_RELATION(ace, i)) { return TRUE; } } return FALSE; }