From 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 Mon Sep 17 00:00:00 2001 From: tumagonx Date: Tue, 8 Aug 2017 10:54:53 +0700 Subject: initial commit --- accessmask.c | 693 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 693 insertions(+) create mode 100644 accessmask.c (limited to 'accessmask.c') diff --git a/accessmask.c b/accessmask.c new file mode 100644 index 0000000..e91129f --- /dev/null +++ b/accessmask.c @@ -0,0 +1,693 @@ +/* + * Copyright (c) 2004 Security Architects Corporation. All rights reserved. + * + * Module Name: + * + * accessmask.c + * + * Abstract: + * + * This module implements various ACCESS_MASK decoding routines. + * + * Author: + * + * Eugene Tsyrklevich 18-Mar-2004 + * + * Revision History: + * + * None. + */ + + +#include "accessmask.h" + + + +/* + * Get_FILE_OperationType() + * + * Description: + * This function decodes file operation types such as GENERIC_READ and DELETE and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_FILE_OperationType(ACCESS_MASK DesiredAccess) +{ + UCHAR OperationType = 0; +// int FileAll = MAXIMUM_ALLOWED | GENERIC_ALL | STANDARD_RIGHTS_REQUIRED | +// STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL | ACCESS_SYSTEM_SECURITY; //FILE_ALL_ACCESS + + + if ( IS_BIT_SET(DesiredAccess, GENERIC_READ) || + IS_BIT_SET(DesiredAccess, GENERIC_ALL) || + IS_BIT_SET(DesiredAccess, FILE_READ_DATA) || +// IS_BIT_SET(DesiredAccess, FILE_READ_ACCESS) || +// IS_BIT_SET(DesiredAccess, FILE_LIST_DIRECTORY) || + IS_BIT_SET(DesiredAccess, FILE_READ_ATTRIBUTES) || + IS_BIT_SET(DesiredAccess, FILE_READ_EA) || + IS_BIT_SET(DesiredAccess, SYNCHRONIZE) || + IS_BIT_SET(DesiredAccess, STANDARD_RIGHTS_READ) || + IS_BIT_SET(DesiredAccess, FILE_ALL_ACCESS) || + DesiredAccess == 0) + + OperationType |= OP_READ; + + + if ( IS_BIT_SET(DesiredAccess, GENERIC_WRITE) || + IS_BIT_SET(DesiredAccess, GENERIC_ALL) || + IS_BIT_SET(DesiredAccess, FILE_WRITE_DATA) || +// IS_BIT_SET(DesiredAccess, FILE_WRITE_ACCESS) || +// IS_BIT_SET(DesiredAccess, FILE_ADD_FILE) || + IS_BIT_SET(DesiredAccess, FILE_WRITE_ATTRIBUTES) || + IS_BIT_SET(DesiredAccess, FILE_WRITE_EA) || + IS_BIT_SET(DesiredAccess, FILE_APPEND_DATA) || +// IS_BIT_SET(DesiredAccess, FILE_ADD_SUBDIRECTORY) || +// IS_BIT_SET(DesiredAccess, FILE_CREATE_PIPE_INSTANCE) || + IS_BIT_SET(DesiredAccess, FILE_DELETE_CHILD) || + IS_BIT_SET(DesiredAccess, DELETE) || //XXX it's own category now? + IS_BIT_SET(DesiredAccess, WRITE_DAC) || + IS_BIT_SET(DesiredAccess, WRITE_OWNER) || + IS_BIT_SET(DesiredAccess, FILE_ALL_ACCESS) ) + + OperationType |= OP_WRITE; + + + if ( IS_BIT_SET(DesiredAccess, GENERIC_EXECUTE) || + IS_BIT_SET(DesiredAccess, GENERIC_ALL) || + IS_BIT_SET(DesiredAccess, FILE_EXECUTE) || +// IS_BIT_SET(DesiredAccess, FILE_TRAVERSE) || + IS_BIT_SET(DesiredAccess, FILE_ALL_ACCESS) ) + + OperationType |= OP_EXECUTE; + + if (OperationType == 0) +// OperationType = OP_READ | OP_WRITE | OP_EXECUTE; + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_FILE_OperationType: Unknown desired access mask %x\n", DesiredAccess)); + + + return OperationType; +} + + + +/* + * DecodeFileOperationType() + * + * Description: + * This function decodes file operation types such as GENERIC_READ and DELETE and prints them out (for debugging) + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * Nothing. + */ + +void +DecodeFileOperationType(ACCESS_MASK DesiredAccess) +{ + UCHAR OperationType = 0; + int FileAll = MAXIMUM_ALLOWED | GENERIC_ALL | STANDARD_RIGHTS_REQUIRED | + STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL | ACCESS_SYSTEM_SECURITY; + + + if ( (DesiredAccess & GENERIC_READ) == GENERIC_READ) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("GENERIC_READ %x\n", GENERIC_READ)); + + if ( (DesiredAccess & GENERIC_WRITE) == GENERIC_WRITE) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("GENERIC_WRITE %x\n", GENERIC_WRITE)); + + if ( (DesiredAccess & GENERIC_EXECUTE) == GENERIC_EXECUTE) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("GENERIC_EXECUTE %x\n", GENERIC_EXECUTE)); + + if ( (DesiredAccess & STANDARD_RIGHTS_READ) == STANDARD_RIGHTS_READ) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("STANDARD_RIGHTS_READ %x\n", STANDARD_RIGHTS_READ)); + + if ( (DesiredAccess & SYNCHRONIZE) == SYNCHRONIZE) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("SYNCHRONIZE %x\n", SYNCHRONIZE)); + + if ( (DesiredAccess & MAXIMUM_ALLOWED) == MAXIMUM_ALLOWED) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("MAXIMUM_ALLOWED %x\n", MAXIMUM_ALLOWED)); + + if ( (DesiredAccess & GENERIC_ALL) == GENERIC_ALL) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("GENERIC_ALL %x\n", GENERIC_ALL)); + + if ( (DesiredAccess & STANDARD_RIGHTS_REQUIRED) == STANDARD_RIGHTS_REQUIRED) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("STANDARD_RIGHTS_REQUIRED %x\n", STANDARD_RIGHTS_REQUIRED)); + + if ( (DesiredAccess & STANDARD_RIGHTS_ALL) == STANDARD_RIGHTS_ALL) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("STANDARD_RIGHTS_ALL %x\n", STANDARD_RIGHTS_ALL)); + + if ( (DesiredAccess & SPECIFIC_RIGHTS_ALL) == SPECIFIC_RIGHTS_ALL) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("SPECIFIC_RIGHTS_ALL %x\n", SPECIFIC_RIGHTS_ALL)); + + if ( (DesiredAccess & ACCESS_SYSTEM_SECURITY) == ACCESS_SYSTEM_SECURITY) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("ACCESS_SYSTEM_SECURITY %x\n", ACCESS_SYSTEM_SECURITY)); + + if ( (DesiredAccess & WRITE_OWNER) == WRITE_OWNER) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("WRITE_OWNER %x\n", WRITE_OWNER)); + + if ( (DesiredAccess & WRITE_DAC) == WRITE_DAC) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("WRITE_DAC %x\n", WRITE_DAC)); + + if ( (DesiredAccess & DELETE) == DELETE) + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("DELETE %x\n", DELETE)); + + + if ( IS_BIT_SET(DesiredAccess, GENERIC_READ) || + IS_BIT_SET(DesiredAccess, (STANDARD_RIGHTS_READ | SYNCHRONIZE )) || + IS_BIT_SET(DesiredAccess, FileAll) ) + + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("OP_READ\n")); + + + if ( IS_BIT_SET(DesiredAccess, GENERIC_WRITE) || + IS_BIT_SET(DesiredAccess, (DELETE | WRITE_DAC | WRITE_OWNER)) || + IS_BIT_SET(DesiredAccess, FileAll) ) + + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("OP_WRITE\n")); + + + if ( IS_BIT_SET(DesiredAccess, GENERIC_EXECUTE) || + IS_BIT_SET(DesiredAccess, FileAll) ) + + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("OP_EXECUTE\n")); +} + + + +/* + * Get_NAMEDPIPE_OperationType() + * + * Description: + * This function decodes named pipe operation types such as GENERIC_READ and DELETE and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_NAMEDPIPE_OperationType(ACCESS_MASK DesiredAccess) +{ + return Get_FILE_OperationType(DesiredAccess); +} + + + +/* + * Get_MAILSLOT_OperationType() + * + * Description: + * This function decodes mailslot operation types such as GENERIC_READ and DELETE and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_MAILSLOT_OperationType(ACCESS_MASK DesiredAccess) +{ + return Get_FILE_OperationType(DesiredAccess); +} + + + +/* + * Get_REGISTRY_OperationType() + * + * Description: + * This function decodes registry operation types such as KEY_QUERY_VALUE and DELETE and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_REGISTRY_OperationType(ACCESS_MASK DesiredAccess) +{ + UCHAR OperationType = 0; + + + if ( IS_BIT_SET(DesiredAccess, GENERIC_READ) || + IS_BIT_SET(DesiredAccess, KEY_QUERY_VALUE) || + IS_BIT_SET(DesiredAccess, KEY_ENUMERATE_SUB_KEYS) || + IS_BIT_SET(DesiredAccess, MAXIMUM_ALLOWED) || + IS_BIT_SET(DesiredAccess, SYNCHRONIZE) || + IS_BIT_SET(DesiredAccess, ACCESS_SYSTEM_SECURITY) || + IS_BIT_SET(DesiredAccess, GENERIC_ALL) || + IS_BIT_SET(DesiredAccess, KEY_ALL_ACCESS) || + DesiredAccess == 0) + + OperationType |= OP_READ; + + + if ( IS_BIT_SET(DesiredAccess, GENERIC_WRITE) || + IS_BIT_SET(DesiredAccess, KEY_SET_VALUE) || + IS_BIT_SET(DesiredAccess, KEY_CREATE_SUB_KEY) || + IS_BIT_SET(DesiredAccess, KEY_CREATE_LINK) || + IS_BIT_SET(DesiredAccess, WRITE_OWNER) || + IS_BIT_SET(DesiredAccess, WRITE_DAC) || + IS_BIT_SET(DesiredAccess, DELETE) || + IS_BIT_SET(DesiredAccess, MAXIMUM_ALLOWED) || + IS_BIT_SET(DesiredAccess, GENERIC_ALL) || + IS_BIT_SET(DesiredAccess, KEY_ALL_ACCESS) ) + + OperationType |= OP_WRITE; + + + if ( IS_BIT_SET(DesiredAccess, GENERIC_EXECUTE) || + IS_BIT_SET(DesiredAccess, KEY_NOTIFY) || + IS_BIT_SET(DesiredAccess, MAXIMUM_ALLOWED) || + IS_BIT_SET(DesiredAccess, GENERIC_ALL) || + IS_BIT_SET(DesiredAccess, KEY_ALL_ACCESS) ) + + OperationType |= OP_EXECUTE; + + + if (OperationType == 0) +// OperationType = OP_READ | OP_WRITE | OP_EXECUTE; + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_REGISTRY_OperationType: Unknown desired access mask %x\n", DesiredAccess)); + + + return OperationType; +} + + + +/* + * Get_EVENT_OperationType() + * + * Description: + * This function decodes event operation types such as EVENT_QUERY_STATE and GENERIC_WRITE and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_EVENT_OperationType(ACCESS_MASK DesiredAccess) +{ + UCHAR OperationType = 0; + + + if ( IS_BIT_SET(DesiredAccess, EVENT_QUERY_STATE) || + IS_BIT_SET(DesiredAccess, GENERIC_READ) || + IS_BIT_SET(DesiredAccess, STANDARD_RIGHTS_READ) || + IS_BIT_SET(DesiredAccess, SYNCHRONIZE) || + IS_BIT_SET(DesiredAccess, EVENT_ALL_ACCESS) ) + + OperationType |= OP_READ; + + + if ( IS_BIT_SET(DesiredAccess, EVENT_MODIFY_STATE) || + IS_BIT_SET(DesiredAccess, GENERIC_WRITE) || + IS_BIT_SET(DesiredAccess, WRITE_DAC) || + IS_BIT_SET(DesiredAccess, WRITE_OWNER) || + IS_BIT_SET(DesiredAccess, EVENT_ALL_ACCESS) ) + + OperationType |= OP_WRITE; + + + if (OperationType == 0) +// OperationType = OP_READ | OP_WRITE | OP_EXECUTE; + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_EVENT_OperationType: Unknown desired access mask %x\n", DesiredAccess)); + + + return OperationType; +} + + + +/* + * Get_SEMAPHORE_OperationType() + * + * Description: + * This function decodes semaphore operation types such as SEMAPHORE_QUERY_STATE and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_SEMAPHORE_OperationType(ACCESS_MASK DesiredAccess) +{ + UCHAR OperationType = 0; + + + if ( IS_BIT_SET(DesiredAccess, SEMAPHORE_QUERY_STATE) || + IS_BIT_SET(DesiredAccess, GENERIC_READ) || + IS_BIT_SET(DesiredAccess, READ_CONTROL) || + IS_BIT_SET(DesiredAccess, SEMAPHORE_ALL_ACCESS) ) + + OperationType |= OP_READ; + + + if ( IS_BIT_SET(DesiredAccess, SEMAPHORE_MODIFY_STATE) || + IS_BIT_SET(DesiredAccess, GENERIC_WRITE) || + IS_BIT_SET(DesiredAccess, GENERIC_ALL) || + IS_BIT_SET(DesiredAccess, WRITE_DAC) || + IS_BIT_SET(DesiredAccess, SEMAPHORE_ALL_ACCESS) ) + + OperationType |= OP_WRITE; + + + if (OperationType == 0) +// OperationType = OP_READ | OP_WRITE | OP_EXECUTE; + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_SEMAPHORE_OperationType: Unknown desired access mask %x\n", DesiredAccess)); + + + return OperationType; +} + + + +/* + * Get_SECTION_OperationType() + * + * Description: + * This function decodes section operation types such as SECTION_QUERY and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_SECTION_OperationType(ACCESS_MASK DesiredAccess) +{ + UCHAR OperationType = 0; + + + if ( IS_BIT_SET(DesiredAccess, SECTION_QUERY) || + IS_BIT_SET(DesiredAccess, GENERIC_READ) || + IS_BIT_SET(DesiredAccess, READ_CONTROL) || + IS_BIT_SET(DesiredAccess, SECTION_MAP_READ) || + IS_BIT_SET(DesiredAccess, SECTION_ALL_ACCESS) ) + + OperationType |= OP_READ; + + + if ( IS_BIT_SET(DesiredAccess, SECTION_EXTEND_SIZE) || + IS_BIT_SET(DesiredAccess, GENERIC_WRITE) || + IS_BIT_SET(DesiredAccess, WRITE_DAC) || + IS_BIT_SET(DesiredAccess, GENERIC_ALL) || + IS_BIT_SET(DesiredAccess, SECTION_MAP_WRITE) || + IS_BIT_SET(DesiredAccess, SECTION_ALL_ACCESS) ) + + OperationType |= OP_WRITE; + + + if ( IS_BIT_SET(DesiredAccess, SECTION_MAP_EXECUTE) || + IS_BIT_SET(DesiredAccess, GENERIC_ALL) || + IS_BIT_SET(DesiredAccess, SECTION_ALL_ACCESS) ) + + OperationType |= OP_EXECUTE; + + + if (OperationType == 0) +// OperationType = OP_READ | OP_WRITE | OP_EXECUTE; + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_SECTION_OperationType: Unknown desired access mask %x\n", DesiredAccess)); + + + return OperationType; +} + + + +/* + * Get_JOB_OperationType() + * + * Description: + * This function decodes job object operation types such as JOB_OBJECT_QUERY and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_JOB_OperationType(ACCESS_MASK DesiredAccess) +{ + UCHAR OperationType = 0; + + + if ( IS_BIT_SET(DesiredAccess, JOB_OBJECT_QUERY) || + IS_BIT_SET(DesiredAccess, JOB_OBJECT_ALL_ACCESS) ) + + OperationType |= OP_READ; + + + if ( IS_BIT_SET(DesiredAccess, JOB_OBJECT_ASSIGN_PROCESS) || + IS_BIT_SET(DesiredAccess, JOB_OBJECT_SET_ATTRIBUTES) || + IS_BIT_SET(DesiredAccess, JOB_OBJECT_TERMINATE) || + IS_BIT_SET(DesiredAccess, JOB_OBJECT_SET_SECURITY_ATTRIBUTES) || + IS_BIT_SET(DesiredAccess, JOB_OBJECT_ALL_ACCESS) ) + + OperationType |= OP_WRITE; + + + if (OperationType == 0) +// OperationType = OP_READ | OP_WRITE | OP_EXECUTE; + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_JOB_OperationType: Unknown desired access mask %x\n", DesiredAccess)); + + + return OperationType; +} + + + +/* + * Get_MUTANT_OperationType() + * + * Description: + * This function decodes mutant operation types such as JOB_OBJECT_QUERY and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_MUTANT_OperationType(ACCESS_MASK DesiredAccess) +{ + UCHAR OperationType = 0; + + + if ( IS_BIT_SET(DesiredAccess, MUTANT_QUERY_STATE) || + IS_BIT_SET(DesiredAccess, GENERIC_READ) || + IS_BIT_SET(DesiredAccess, GENERIC_ALL) || + IS_BIT_SET(DesiredAccess, READ_CONTROL) || + IS_BIT_SET(DesiredAccess, SYNCHRONIZE) || + IS_BIT_SET(DesiredAccess, MUTANT_ALL_ACCESS) ) + + OperationType |= OP_READ; + + + if ( IS_BIT_SET(DesiredAccess, MUTANT_ALL_ACCESS) || + IS_BIT_SET(DesiredAccess, WRITE_OWNER) || + IS_BIT_SET(DesiredAccess, GENERIC_WRITE) || + IS_BIT_SET(DesiredAccess, WRITE_DAC) || + IS_BIT_SET(DesiredAccess, GENERIC_ALL) ) + + OperationType |= OP_WRITE; + + + if (OperationType == 0) +// OperationType = OP_READ | OP_WRITE | OP_EXECUTE; + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_MUTANT_OperationType: Unknown desired access mask %x\n", DesiredAccess)); + + + return OperationType; +} + + + +/* + * Get_SYMLINK_OperationType() + * + * Description: + * This function decodes symbolic link operation types such as SYMBOLIC_LINK_QUERY and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_SYMLINK_OperationType(ACCESS_MASK DesiredAccess) +{ + UCHAR OperationType = 0; + + + if ( IS_BIT_SET(DesiredAccess, SYMBOLIC_LINK_QUERY) || + IS_BIT_SET(DesiredAccess, GENERIC_READ) || + IS_BIT_SET(DesiredAccess, SYNCHRONIZE) || + IS_BIT_SET(DesiredAccess, SYMBOLIC_LINK_ALL_ACCESS) ) + + OperationType |= OP_READ; + + + if ( IS_BIT_SET(DesiredAccess, DELETE) || + IS_BIT_SET(DesiredAccess, MAXIMUM_ALLOWED) || + IS_BIT_SET(DesiredAccess, SYMBOLIC_LINK_ALL_ACCESS) ) + + OperationType |= OP_WRITE; + + + if (OperationType == 0) +// OperationType = OP_READ | OP_WRITE | OP_EXECUTE; + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_SYMLINK_OperationType: Unknown desired access mask %x\n", DesiredAccess)); + + + return OperationType; +} + + + +/* + * Get_TIMER_OperationType() + * + * Description: + * This function decodes timer operation types such as JOB_OBJECT_QUERY and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_TIMER_OperationType(ACCESS_MASK DesiredAccess) +{ + UCHAR OperationType = 0; + + + if ( IS_BIT_SET(DesiredAccess, TIMER_QUERY_STATE) || + IS_BIT_SET(DesiredAccess, TIMER_ALL_ACCESS) ) + + OperationType |= OP_READ; + + + if ( IS_BIT_SET(DesiredAccess, TIMER_MODIFY_STATE) || + IS_BIT_SET(DesiredAccess, TIMER_ALL_ACCESS) ) + + OperationType |= OP_WRITE; + + + if (OperationType == 0) +// OperationType = OP_READ | OP_WRITE | OP_EXECUTE; + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_TIMER_OperationType: Unknown desired access mask %x\n", DesiredAccess)); + + + return OperationType; +} + + + +/* + * Get_PORT_OperationType() + * + * Description: + * This function decodes port operation types and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * OP_WRITE. + */ + +UCHAR +Get_PORT_OperationType(ACCESS_MASK DesiredAccess) +{ + return OP_WRITE; +} + + + +/* + * Get_DIROBJ_OperationType() + * + * Description: + * This function decodes directory operation types such as DIRECTORY_QUERY and converts them to + * 3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE. + * + * Parameters: + * DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights). + * + * Returns: + * A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument. + */ + +UCHAR +Get_DIROBJ_OperationType(ACCESS_MASK DesiredAccess) +{ + UCHAR OperationType = 0; + + + if ( IS_BIT_SET(DesiredAccess, DIRECTORY_QUERY) || + IS_BIT_SET(DesiredAccess, DIRECTORY_TRAVERSE) || + IS_BIT_SET(DesiredAccess, DIRECTORY_ALL_ACCESS) ) + + OperationType |= OP_READ; + + + if ( IS_BIT_SET(DesiredAccess, DIRECTORY_CREATE_OBJECT) || + IS_BIT_SET(DesiredAccess, DIRECTORY_CREATE_SUBDIRECTORY) || + IS_BIT_SET(DesiredAccess, DIRECTORY_ALL_ACCESS) ) + + OperationType |= OP_WRITE; + + + if (OperationType == 0) +// OperationType = OP_READ | OP_WRITE | OP_EXECUTE; + LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_DIROBJ_OperationType: Unknown desired access mask %x\n", DesiredAccess)); + + + return OperationType; +} + + + -- cgit v1.3