From bf7596fd0ce3f4d8dc016f19fa18c155cbecec76 Mon Sep 17 00:00:00 2001
From: James Hawkins <truiken@gmail.com>
Date: Fri, 24 Jun 2005 12:20:15 +0000
Subject: [PATCH] Implement RtlAddAuditAccessAce.

---
 dlls/ntdll/sec.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 66 insertions(+), 4 deletions(-)

diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c
index 864076c5c8e..7fe52d45e18 100644
--- a/dlls/ntdll/sec.c
+++ b/dlls/ntdll/sec.c
@@ -67,6 +67,59 @@ static BOOLEAN copy_acl(DWORD nDestinationAclLength, PACL pDestinationAcl, PACL
     return TRUE;
 }
 
+/* generically adds an ACE to an ACL */
+static NTSTATUS add_access_ace(PACL pAcl, DWORD dwAceRevision, DWORD dwAceFlags,
+                               DWORD dwAccessMask, PSID pSid, DWORD dwAceType)
+{
+    SID *sid = (SID *)pSid;
+    ACE_HEADER *pAceHeader;
+    DWORD dwAceSize;
+    DWORD dwSidStart;
+    DWORD sidLength;
+    PDWORD pAccessMask;
+
+    if (!RtlValidSid(sid))
+        return STATUS_INVALID_SID;
+
+    if (pAcl->AclRevision > MAX_ACL_REVISION || dwAceRevision > MAX_ACL_REVISION)
+        return STATUS_REVISION_MISMATCH;
+
+    /* choose the higher of the two revisions */
+    sid->IdentifierAuthority.Value[1] = pAcl->AclRevision;
+    if (dwAceRevision > pAcl->AclRevision)
+        sid->IdentifierAuthority.Value[1] = dwAceRevision;
+
+    if (!RtlValidAcl(pAcl))
+        return STATUS_INVALID_ACL;
+
+    if (!RtlFirstFreeAce(pAcl, &pAceHeader))
+        return STATUS_INVALID_ACL;
+
+    if (!pAceHeader)
+        return STATUS_ALLOTTED_SPACE_EXCEEDED;
+
+    /* calculate generic size of the ACE */
+    sidLength = RtlLengthSid(sid);
+    dwAceSize = sizeof(ACE_HEADER) + sizeof(DWORD) + sidLength;
+    if ((DWORD)(pAceHeader + dwAceSize) > (DWORD)(pAcl + pAcl->AclSize))
+        return STATUS_ALLOTTED_SPACE_EXCEEDED;
+
+    /* fill the new Ace */
+    pAceHeader->AceType = dwAceType;
+    pAceHeader->AceFlags = dwAceFlags;
+    pAceHeader->AceSize = dwAceSize;
+    pAccessMask = (DWORD *)(pAceHeader + sizeof(ACE_HEADER));
+    *pAccessMask = dwAccessMask;
+
+    dwSidStart = (DWORD)(pAceHeader + sizeof(ACE_HEADER) + sizeof(DWORD));
+    RtlCopySid(sidLength, (PSID)dwSidStart, sid);
+
+    pAcl->AclRevision = sid->IdentifierAuthority.Value[1];
+    pAcl->AceCount++;
+
+    return STATUS_SUCCESS;
+}
+
 /*
  *	SID FUNCTIONS
  */
@@ -1222,10 +1275,19 @@ NTSTATUS WINAPI RtlAddAuditAccessAce(
     IN BOOL bAuditSuccess, 
     IN BOOL bAuditFailure) 
 { 
-    FIXME("(%p,%ld,%ld,%p,%u,%u) stub\n",pAcl,dwAceRevision,dwAccessMask, 
-          pSid,bAuditSuccess,bAuditFailure); 
- 
-    return STATUS_NOT_IMPLEMENTED; 
+    DWORD dwAceFlags = 0;
+
+    TRACE("(%p,%ld,%ld,%p,%u,%u)\n",pAcl,dwAceRevision,dwAccessMask,
+          pSid,bAuditSuccess,bAuditFailure);
+
+    if (bAuditSuccess)
+        dwAceFlags |= SUCCESSFUL_ACCESS_ACE_FLAG;
+
+    if (bAuditFailure)
+        dwAceFlags |= FAILED_ACCESS_ACE_FLAG;
+
+    return add_access_ace(pAcl, dwAceRevision, dwAceFlags,
+                          dwAccessMask, pSid, SYSTEM_AUDIT_ACE_TYPE);
 } 
  
 /******************************************************************************
-- 
2.11.4.GIT