summaryrefslogtreecommitdiff
path: root/accessmask.c
diff options
context:
space:
mode:
Diffstat (limited to 'accessmask.c')
-rw-r--r--accessmask.c693
1 files changed, 693 insertions, 0 deletions
diff --git a/accessmask.c b/accessmask.c
new file mode 100644
index 0000000..e91129f
--- /dev/null
+++ b/accessmask.c
@@ -0,0 +1,693 @@
1/*
2 * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
3 *
4 * Module Name:
5 *
6 * accessmask.c
7 *
8 * Abstract:
9 *
10 * This module implements various ACCESS_MASK decoding routines.
11 *
12 * Author:
13 *
14 * Eugene Tsyrklevich 18-Mar-2004
15 *
16 * Revision History:
17 *
18 * None.
19 */
20
21
22#include "accessmask.h"
23
24
25
26/*
27 * Get_FILE_OperationType()
28 *
29 * Description:
30 * This function decodes file operation types such as GENERIC_READ and DELETE and converts them to
31 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
32 *
33 * Parameters:
34 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
35 *
36 * Returns:
37 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
38 */
39
40UCHAR
41Get_FILE_OperationType(ACCESS_MASK DesiredAccess)
42{
43 UCHAR OperationType = 0;
44// int FileAll = MAXIMUM_ALLOWED | GENERIC_ALL | STANDARD_RIGHTS_REQUIRED |
45// STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL | ACCESS_SYSTEM_SECURITY; //FILE_ALL_ACCESS
46
47
48 if ( IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
49 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
50 IS_BIT_SET(DesiredAccess, FILE_READ_DATA) ||
51// IS_BIT_SET(DesiredAccess, FILE_READ_ACCESS) ||
52// IS_BIT_SET(DesiredAccess, FILE_LIST_DIRECTORY) ||
53 IS_BIT_SET(DesiredAccess, FILE_READ_ATTRIBUTES) ||
54 IS_BIT_SET(DesiredAccess, FILE_READ_EA) ||
55 IS_BIT_SET(DesiredAccess, SYNCHRONIZE) ||
56 IS_BIT_SET(DesiredAccess, STANDARD_RIGHTS_READ) ||
57 IS_BIT_SET(DesiredAccess, FILE_ALL_ACCESS) ||
58 DesiredAccess == 0)
59
60 OperationType |= OP_READ;
61
62
63 if ( IS_BIT_SET(DesiredAccess, GENERIC_WRITE) ||
64 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
65 IS_BIT_SET(DesiredAccess, FILE_WRITE_DATA) ||
66// IS_BIT_SET(DesiredAccess, FILE_WRITE_ACCESS) ||
67// IS_BIT_SET(DesiredAccess, FILE_ADD_FILE) ||
68 IS_BIT_SET(DesiredAccess, FILE_WRITE_ATTRIBUTES) ||
69 IS_BIT_SET(DesiredAccess, FILE_WRITE_EA) ||
70 IS_BIT_SET(DesiredAccess, FILE_APPEND_DATA) ||
71// IS_BIT_SET(DesiredAccess, FILE_ADD_SUBDIRECTORY) ||
72// IS_BIT_SET(DesiredAccess, FILE_CREATE_PIPE_INSTANCE) ||
73 IS_BIT_SET(DesiredAccess, FILE_DELETE_CHILD) ||
74 IS_BIT_SET(DesiredAccess, DELETE) || //XXX it's own category now?
75 IS_BIT_SET(DesiredAccess, WRITE_DAC) ||
76 IS_BIT_SET(DesiredAccess, WRITE_OWNER) ||
77 IS_BIT_SET(DesiredAccess, FILE_ALL_ACCESS) )
78
79 OperationType |= OP_WRITE;
80
81
82 if ( IS_BIT_SET(DesiredAccess, GENERIC_EXECUTE) ||
83 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
84 IS_BIT_SET(DesiredAccess, FILE_EXECUTE) ||
85// IS_BIT_SET(DesiredAccess, FILE_TRAVERSE) ||
86 IS_BIT_SET(DesiredAccess, FILE_ALL_ACCESS) )
87
88 OperationType |= OP_EXECUTE;
89
90 if (OperationType == 0)
91// OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
92 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_FILE_OperationType: Unknown desired access mask %x\n", DesiredAccess));
93
94
95 return OperationType;
96}
97
98
99
100/*
101 * DecodeFileOperationType()
102 *
103 * Description:
104 * This function decodes file operation types such as GENERIC_READ and DELETE and prints them out (for debugging)
105 *
106 * Parameters:
107 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
108 *
109 * Returns:
110 * Nothing.
111 */
112
113void
114DecodeFileOperationType(ACCESS_MASK DesiredAccess)
115{
116 UCHAR OperationType = 0;
117 int FileAll = MAXIMUM_ALLOWED | GENERIC_ALL | STANDARD_RIGHTS_REQUIRED |
118 STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL | ACCESS_SYSTEM_SECURITY;
119
120
121 if ( (DesiredAccess & GENERIC_READ) == GENERIC_READ)
122 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("GENERIC_READ %x\n", GENERIC_READ));
123
124 if ( (DesiredAccess & GENERIC_WRITE) == GENERIC_WRITE)
125 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("GENERIC_WRITE %x\n", GENERIC_WRITE));
126
127 if ( (DesiredAccess & GENERIC_EXECUTE) == GENERIC_EXECUTE)
128 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("GENERIC_EXECUTE %x\n", GENERIC_EXECUTE));
129
130 if ( (DesiredAccess & STANDARD_RIGHTS_READ) == STANDARD_RIGHTS_READ)
131 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("STANDARD_RIGHTS_READ %x\n", STANDARD_RIGHTS_READ));
132
133 if ( (DesiredAccess & SYNCHRONIZE) == SYNCHRONIZE)
134 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("SYNCHRONIZE %x\n", SYNCHRONIZE));
135
136 if ( (DesiredAccess & MAXIMUM_ALLOWED) == MAXIMUM_ALLOWED)
137 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("MAXIMUM_ALLOWED %x\n", MAXIMUM_ALLOWED));
138
139 if ( (DesiredAccess & GENERIC_ALL) == GENERIC_ALL)
140 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("GENERIC_ALL %x\n", GENERIC_ALL));
141
142 if ( (DesiredAccess & STANDARD_RIGHTS_REQUIRED) == STANDARD_RIGHTS_REQUIRED)
143 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("STANDARD_RIGHTS_REQUIRED %x\n", STANDARD_RIGHTS_REQUIRED));
144
145 if ( (DesiredAccess & STANDARD_RIGHTS_ALL) == STANDARD_RIGHTS_ALL)
146 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("STANDARD_RIGHTS_ALL %x\n", STANDARD_RIGHTS_ALL));
147
148 if ( (DesiredAccess & SPECIFIC_RIGHTS_ALL) == SPECIFIC_RIGHTS_ALL)
149 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("SPECIFIC_RIGHTS_ALL %x\n", SPECIFIC_RIGHTS_ALL));
150
151 if ( (DesiredAccess & ACCESS_SYSTEM_SECURITY) == ACCESS_SYSTEM_SECURITY)
152 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("ACCESS_SYSTEM_SECURITY %x\n", ACCESS_SYSTEM_SECURITY));
153
154 if ( (DesiredAccess & WRITE_OWNER) == WRITE_OWNER)
155 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("WRITE_OWNER %x\n", WRITE_OWNER));
156
157 if ( (DesiredAccess & WRITE_DAC) == WRITE_DAC)
158 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("WRITE_DAC %x\n", WRITE_DAC));
159
160 if ( (DesiredAccess & DELETE) == DELETE)
161 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("DELETE %x\n", DELETE));
162
163
164 if ( IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
165 IS_BIT_SET(DesiredAccess, (STANDARD_RIGHTS_READ | SYNCHRONIZE )) ||
166 IS_BIT_SET(DesiredAccess, FileAll) )
167
168 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("OP_READ\n"));
169
170
171 if ( IS_BIT_SET(DesiredAccess, GENERIC_WRITE) ||
172 IS_BIT_SET(DesiredAccess, (DELETE | WRITE_DAC | WRITE_OWNER)) ||
173 IS_BIT_SET(DesiredAccess, FileAll) )
174
175 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("OP_WRITE\n"));
176
177
178 if ( IS_BIT_SET(DesiredAccess, GENERIC_EXECUTE) ||
179 IS_BIT_SET(DesiredAccess, FileAll) )
180
181 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("OP_EXECUTE\n"));
182}
183
184
185
186/*
187 * Get_NAMEDPIPE_OperationType()
188 *
189 * Description:
190 * This function decodes named pipe operation types such as GENERIC_READ and DELETE and converts them to
191 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
192 *
193 * Parameters:
194 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
195 *
196 * Returns:
197 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
198 */
199
200UCHAR
201Get_NAMEDPIPE_OperationType(ACCESS_MASK DesiredAccess)
202{
203 return Get_FILE_OperationType(DesiredAccess);
204}
205
206
207
208/*
209 * Get_MAILSLOT_OperationType()
210 *
211 * Description:
212 * This function decodes mailslot operation types such as GENERIC_READ and DELETE and converts them to
213 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
214 *
215 * Parameters:
216 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
217 *
218 * Returns:
219 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
220 */
221
222UCHAR
223Get_MAILSLOT_OperationType(ACCESS_MASK DesiredAccess)
224{
225 return Get_FILE_OperationType(DesiredAccess);
226}
227
228
229
230/*
231 * Get_REGISTRY_OperationType()
232 *
233 * Description:
234 * This function decodes registry operation types such as KEY_QUERY_VALUE and DELETE and converts them to
235 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
236 *
237 * Parameters:
238 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
239 *
240 * Returns:
241 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
242 */
243
244UCHAR
245Get_REGISTRY_OperationType(ACCESS_MASK DesiredAccess)
246{
247 UCHAR OperationType = 0;
248
249
250 if ( IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
251 IS_BIT_SET(DesiredAccess, KEY_QUERY_VALUE) ||
252 IS_BIT_SET(DesiredAccess, KEY_ENUMERATE_SUB_KEYS) ||
253 IS_BIT_SET(DesiredAccess, MAXIMUM_ALLOWED) ||
254 IS_BIT_SET(DesiredAccess, SYNCHRONIZE) ||
255 IS_BIT_SET(DesiredAccess, ACCESS_SYSTEM_SECURITY) ||
256 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
257 IS_BIT_SET(DesiredAccess, KEY_ALL_ACCESS) ||
258 DesiredAccess == 0)
259
260 OperationType |= OP_READ;
261
262
263 if ( IS_BIT_SET(DesiredAccess, GENERIC_WRITE) ||
264 IS_BIT_SET(DesiredAccess, KEY_SET_VALUE) ||
265 IS_BIT_SET(DesiredAccess, KEY_CREATE_SUB_KEY) ||
266 IS_BIT_SET(DesiredAccess, KEY_CREATE_LINK) ||
267 IS_BIT_SET(DesiredAccess, WRITE_OWNER) ||
268 IS_BIT_SET(DesiredAccess, WRITE_DAC) ||
269 IS_BIT_SET(DesiredAccess, DELETE) ||
270 IS_BIT_SET(DesiredAccess, MAXIMUM_ALLOWED) ||
271 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
272 IS_BIT_SET(DesiredAccess, KEY_ALL_ACCESS) )
273
274 OperationType |= OP_WRITE;
275
276
277 if ( IS_BIT_SET(DesiredAccess, GENERIC_EXECUTE) ||
278 IS_BIT_SET(DesiredAccess, KEY_NOTIFY) ||
279 IS_BIT_SET(DesiredAccess, MAXIMUM_ALLOWED) ||
280 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
281 IS_BIT_SET(DesiredAccess, KEY_ALL_ACCESS) )
282
283 OperationType |= OP_EXECUTE;
284
285
286 if (OperationType == 0)
287// OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
288 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_REGISTRY_OperationType: Unknown desired access mask %x\n", DesiredAccess));
289
290
291 return OperationType;
292}
293
294
295
296/*
297 * Get_EVENT_OperationType()
298 *
299 * Description:
300 * This function decodes event operation types such as EVENT_QUERY_STATE and GENERIC_WRITE and converts them to
301 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
302 *
303 * Parameters:
304 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
305 *
306 * Returns:
307 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
308 */
309
310UCHAR
311Get_EVENT_OperationType(ACCESS_MASK DesiredAccess)
312{
313 UCHAR OperationType = 0;
314
315
316 if ( IS_BIT_SET(DesiredAccess, EVENT_QUERY_STATE) ||
317 IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
318 IS_BIT_SET(DesiredAccess, STANDARD_RIGHTS_READ) ||
319 IS_BIT_SET(DesiredAccess, SYNCHRONIZE) ||
320 IS_BIT_SET(DesiredAccess, EVENT_ALL_ACCESS) )
321
322 OperationType |= OP_READ;
323
324
325 if ( IS_BIT_SET(DesiredAccess, EVENT_MODIFY_STATE) ||
326 IS_BIT_SET(DesiredAccess, GENERIC_WRITE) ||
327 IS_BIT_SET(DesiredAccess, WRITE_DAC) ||
328 IS_BIT_SET(DesiredAccess, WRITE_OWNER) ||
329 IS_BIT_SET(DesiredAccess, EVENT_ALL_ACCESS) )
330
331 OperationType |= OP_WRITE;
332
333
334 if (OperationType == 0)
335// OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
336 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_EVENT_OperationType: Unknown desired access mask %x\n", DesiredAccess));
337
338
339 return OperationType;
340}
341
342
343
344/*
345 * Get_SEMAPHORE_OperationType()
346 *
347 * Description:
348 * This function decodes semaphore operation types such as SEMAPHORE_QUERY_STATE and converts them to
349 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
350 *
351 * Parameters:
352 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
353 *
354 * Returns:
355 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
356 */
357
358UCHAR
359Get_SEMAPHORE_OperationType(ACCESS_MASK DesiredAccess)
360{
361 UCHAR OperationType = 0;
362
363
364 if ( IS_BIT_SET(DesiredAccess, SEMAPHORE_QUERY_STATE) ||
365 IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
366 IS_BIT_SET(DesiredAccess, READ_CONTROL) ||
367 IS_BIT_SET(DesiredAccess, SEMAPHORE_ALL_ACCESS) )
368
369 OperationType |= OP_READ;
370
371
372 if ( IS_BIT_SET(DesiredAccess, SEMAPHORE_MODIFY_STATE) ||
373 IS_BIT_SET(DesiredAccess, GENERIC_WRITE) ||
374 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
375 IS_BIT_SET(DesiredAccess, WRITE_DAC) ||
376 IS_BIT_SET(DesiredAccess, SEMAPHORE_ALL_ACCESS) )
377
378 OperationType |= OP_WRITE;
379
380
381 if (OperationType == 0)
382// OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
383 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_SEMAPHORE_OperationType: Unknown desired access mask %x\n", DesiredAccess));
384
385
386 return OperationType;
387}
388
389
390
391/*
392 * Get_SECTION_OperationType()
393 *
394 * Description:
395 * This function decodes section operation types such as SECTION_QUERY and converts them to
396 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
397 *
398 * Parameters:
399 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
400 *
401 * Returns:
402 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
403 */
404
405UCHAR
406Get_SECTION_OperationType(ACCESS_MASK DesiredAccess)
407{
408 UCHAR OperationType = 0;
409
410
411 if ( IS_BIT_SET(DesiredAccess, SECTION_QUERY) ||
412 IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
413 IS_BIT_SET(DesiredAccess, READ_CONTROL) ||
414 IS_BIT_SET(DesiredAccess, SECTION_MAP_READ) ||
415 IS_BIT_SET(DesiredAccess, SECTION_ALL_ACCESS) )
416
417 OperationType |= OP_READ;
418
419
420 if ( IS_BIT_SET(DesiredAccess, SECTION_EXTEND_SIZE) ||
421 IS_BIT_SET(DesiredAccess, GENERIC_WRITE) ||
422 IS_BIT_SET(DesiredAccess, WRITE_DAC) ||
423 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
424 IS_BIT_SET(DesiredAccess, SECTION_MAP_WRITE) ||
425 IS_BIT_SET(DesiredAccess, SECTION_ALL_ACCESS) )
426
427 OperationType |= OP_WRITE;
428
429
430 if ( IS_BIT_SET(DesiredAccess, SECTION_MAP_EXECUTE) ||
431 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
432 IS_BIT_SET(DesiredAccess, SECTION_ALL_ACCESS) )
433
434 OperationType |= OP_EXECUTE;
435
436
437 if (OperationType == 0)
438// OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
439 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_SECTION_OperationType: Unknown desired access mask %x\n", DesiredAccess));
440
441
442 return OperationType;
443}
444
445
446
447/*
448 * Get_JOB_OperationType()
449 *
450 * Description:
451 * This function decodes job object operation types such as JOB_OBJECT_QUERY and converts them to
452 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
453 *
454 * Parameters:
455 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
456 *
457 * Returns:
458 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
459 */
460
461UCHAR
462Get_JOB_OperationType(ACCESS_MASK DesiredAccess)
463{
464 UCHAR OperationType = 0;
465
466
467 if ( IS_BIT_SET(DesiredAccess, JOB_OBJECT_QUERY) ||
468 IS_BIT_SET(DesiredAccess, JOB_OBJECT_ALL_ACCESS) )
469
470 OperationType |= OP_READ;
471
472
473 if ( IS_BIT_SET(DesiredAccess, JOB_OBJECT_ASSIGN_PROCESS) ||
474 IS_BIT_SET(DesiredAccess, JOB_OBJECT_SET_ATTRIBUTES) ||
475 IS_BIT_SET(DesiredAccess, JOB_OBJECT_TERMINATE) ||
476 IS_BIT_SET(DesiredAccess, JOB_OBJECT_SET_SECURITY_ATTRIBUTES) ||
477 IS_BIT_SET(DesiredAccess, JOB_OBJECT_ALL_ACCESS) )
478
479 OperationType |= OP_WRITE;
480
481
482 if (OperationType == 0)
483// OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
484 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_JOB_OperationType: Unknown desired access mask %x\n", DesiredAccess));
485
486
487 return OperationType;
488}
489
490
491
492/*
493 * Get_MUTANT_OperationType()
494 *
495 * Description:
496 * This function decodes mutant operation types such as JOB_OBJECT_QUERY and converts them to
497 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
498 *
499 * Parameters:
500 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
501 *
502 * Returns:
503 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
504 */
505
506UCHAR
507Get_MUTANT_OperationType(ACCESS_MASK DesiredAccess)
508{
509 UCHAR OperationType = 0;
510
511
512 if ( IS_BIT_SET(DesiredAccess, MUTANT_QUERY_STATE) ||
513 IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
514 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
515 IS_BIT_SET(DesiredAccess, READ_CONTROL) ||
516 IS_BIT_SET(DesiredAccess, SYNCHRONIZE) ||
517 IS_BIT_SET(DesiredAccess, MUTANT_ALL_ACCESS) )
518
519 OperationType |= OP_READ;
520
521
522 if ( IS_BIT_SET(DesiredAccess, MUTANT_ALL_ACCESS) ||
523 IS_BIT_SET(DesiredAccess, WRITE_OWNER) ||
524 IS_BIT_SET(DesiredAccess, GENERIC_WRITE) ||
525 IS_BIT_SET(DesiredAccess, WRITE_DAC) ||
526 IS_BIT_SET(DesiredAccess, GENERIC_ALL) )
527
528 OperationType |= OP_WRITE;
529
530
531 if (OperationType == 0)
532// OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
533 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_MUTANT_OperationType: Unknown desired access mask %x\n", DesiredAccess));
534
535
536 return OperationType;
537}
538
539
540
541/*
542 * Get_SYMLINK_OperationType()
543 *
544 * Description:
545 * This function decodes symbolic link operation types such as SYMBOLIC_LINK_QUERY and converts them to
546 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
547 *
548 * Parameters:
549 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
550 *
551 * Returns:
552 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
553 */
554
555UCHAR
556Get_SYMLINK_OperationType(ACCESS_MASK DesiredAccess)
557{
558 UCHAR OperationType = 0;
559
560
561 if ( IS_BIT_SET(DesiredAccess, SYMBOLIC_LINK_QUERY) ||
562 IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
563 IS_BIT_SET(DesiredAccess, SYNCHRONIZE) ||
564 IS_BIT_SET(DesiredAccess, SYMBOLIC_LINK_ALL_ACCESS) )
565
566 OperationType |= OP_READ;
567
568
569 if ( IS_BIT_SET(DesiredAccess, DELETE) ||
570 IS_BIT_SET(DesiredAccess, MAXIMUM_ALLOWED) ||
571 IS_BIT_SET(DesiredAccess, SYMBOLIC_LINK_ALL_ACCESS) )
572
573 OperationType |= OP_WRITE;
574
575
576 if (OperationType == 0)
577// OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
578 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_SYMLINK_OperationType: Unknown desired access mask %x\n", DesiredAccess));
579
580
581 return OperationType;
582}
583
584
585
586/*
587 * Get_TIMER_OperationType()
588 *
589 * Description:
590 * This function decodes timer operation types such as JOB_OBJECT_QUERY and converts them to
591 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
592 *
593 * Parameters:
594 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
595 *
596 * Returns:
597 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
598 */
599
600UCHAR
601Get_TIMER_OperationType(ACCESS_MASK DesiredAccess)
602{
603 UCHAR OperationType = 0;
604
605
606 if ( IS_BIT_SET(DesiredAccess, TIMER_QUERY_STATE) ||
607 IS_BIT_SET(DesiredAccess, TIMER_ALL_ACCESS) )
608
609 OperationType |= OP_READ;
610
611
612 if ( IS_BIT_SET(DesiredAccess, TIMER_MODIFY_STATE) ||
613 IS_BIT_SET(DesiredAccess, TIMER_ALL_ACCESS) )
614
615 OperationType |= OP_WRITE;
616
617
618 if (OperationType == 0)
619// OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
620 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_TIMER_OperationType: Unknown desired access mask %x\n", DesiredAccess));
621
622
623 return OperationType;
624}
625
626
627
628/*
629 * Get_PORT_OperationType()
630 *
631 * Description:
632 * This function decodes port operation types and converts them to
633 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
634 *
635 * Parameters:
636 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
637 *
638 * Returns:
639 * OP_WRITE.
640 */
641
642UCHAR
643Get_PORT_OperationType(ACCESS_MASK DesiredAccess)
644{
645 return OP_WRITE;
646}
647
648
649
650/*
651 * Get_DIROBJ_OperationType()
652 *
653 * Description:
654 * This function decodes directory operation types such as DIRECTORY_QUERY and converts them to
655 * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
656 *
657 * Parameters:
658 * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
659 *
660 * Returns:
661 * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
662 */
663
664UCHAR
665Get_DIROBJ_OperationType(ACCESS_MASK DesiredAccess)
666{
667 UCHAR OperationType = 0;
668
669
670 if ( IS_BIT_SET(DesiredAccess, DIRECTORY_QUERY) ||
671 IS_BIT_SET(DesiredAccess, DIRECTORY_TRAVERSE) ||
672 IS_BIT_SET(DesiredAccess, DIRECTORY_ALL_ACCESS) )
673
674 OperationType |= OP_READ;
675
676
677 if ( IS_BIT_SET(DesiredAccess, DIRECTORY_CREATE_OBJECT) ||
678 IS_BIT_SET(DesiredAccess, DIRECTORY_CREATE_SUBDIRECTORY) ||
679 IS_BIT_SET(DesiredAccess, DIRECTORY_ALL_ACCESS) )
680
681 OperationType |= OP_WRITE;
682
683
684 if (OperationType == 0)
685// OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
686 LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_DIROBJ_OperationType: Unknown desired access mask %x\n", DesiredAccess));
687
688
689 return OperationType;
690}
691
692
693