From 0fea2d1ed763d9f38afad60a8d2babce97ac897e Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Mon, 17 Oct 2022 14:43:06 +0200
Subject: [PATCH] Add SetEntriesInAcl()

Signed-off-by: Simon Rozman <simon@rozman.si>
---
 UnitTests/Win.cpp    | 11 ++++++++++-
 include/WinStd/Win.h | 25 +++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/UnitTests/Win.cpp b/UnitTests/Win.cpp
index 2677eb80..c359eddc 100644
--- a/UnitTests/Win.cpp
+++ b/UnitTests/Win.cpp
@@ -81,18 +81,27 @@ namespace UnitTests
 				Assert::IsTrue(!system_impersonator && GetLastError() == ERROR_ACCESS_DENIED);
 		}
 
-		TEST_METHOD(AllocateAndInitializeSid)
+		TEST_METHOD(ACLsAndSIDs)
 		{
+			vector<EXPLICIT_ACCESS> eas;
+			eas.reserve(3);
+
 			SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
 			winstd::security_id pSIDEveryone;
 			Assert::IsTrue(::AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, pSIDEveryone));
+			eas.push_back(EXPLICIT_ACCESS{ GENERIC_READ, SET_ACCESS, NO_INHERITANCE, { NULL, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_WELL_KNOWN_GROUP, (LPTSTR)(PSID)pSIDEveryone } });
 
 			SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
 			winstd::security_id pSIDSystem;
 			Assert::IsTrue(::AllocateAndInitializeSid(&SIDAuthNT, 1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, pSIDSystem));
+			eas.push_back(EXPLICIT_ACCESS{ GENERIC_ALL, SET_ACCESS, NO_INHERITANCE, { NULL, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_WELL_KNOWN_GROUP, (LPTSTR)(PSID)pSIDSystem } });
 
 			winstd::security_id pSIDAdmin;
 			Assert::IsTrue(::AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, pSIDAdmin));
+			eas.push_back(EXPLICIT_ACCESS{ GENERIC_ALL, SET_ACCESS, NO_INHERITANCE, { NULL, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_GROUP, (LPTSTR)(PSID)pSIDAdmin } });
+
+			unique_ptr<ACL, winstd::LocalFree_delete<ACL>> acl;
+			Assert::AreEqual<DWORD>(ERROR_SUCCESS, ::SetEntriesInAcl((ULONG)eas.size(), eas.data(), NULL, acl));
 		}
 	};
 }
diff --git a/include/WinStd/Win.h b/include/WinStd/Win.h
index e5c9c9bf..f7350240 100644
--- a/include/WinStd/Win.h
+++ b/include/WinStd/Win.h
@@ -9,6 +9,7 @@
 #pragma once
 
 #include "Common.h"
+#include <AclAPI.h>
 #include <tlhelp32.h>
 #include <string>
 #include <vector>
@@ -2444,6 +2445,30 @@ static BOOL AllocateAndInitializeSid(_In_ PSID_IDENTIFIER_AUTHORITY pIdentifierA
     return FALSE;
 }
 
+/// @copydoc SetEntriesInAclW()
+static DWORD SetEntriesInAclA(_In_ ULONG cCountOfExplicitEntries, _In_reads_opt_(cCountOfExplicitEntries) PEXPLICIT_ACCESS_A pListOfExplicitEntries, _In_opt_ PACL OldAcl, _Inout_ std::unique_ptr<ACL, winstd::LocalFree_delete<ACL>>& Acl)
+{
+    PACL h;
+    DWORD dwResult = SetEntriesInAclA(cCountOfExplicitEntries, pListOfExplicitEntries, OldAcl, &h);
+    if (dwResult == ERROR_SUCCESS)
+        Acl.reset(h);
+    return ERROR_SUCCESS;
+}
+
+///
+/// Creates a new access control list (ACL) by merging new access control or audit control information into an existing ACL structure.
+///
+/// \sa [SetEntriesInAclW function](https://learn.microsoft.com/en-us/windows/win32/api/aclapi/nf-aclapi-setentriesinaclw)
+///
+static DWORD SetEntriesInAclW(_In_ ULONG cCountOfExplicitEntries, _In_reads_opt_(cCountOfExplicitEntries) PEXPLICIT_ACCESS_W pListOfExplicitEntries, _In_opt_ PACL OldAcl, _Inout_ std::unique_ptr<ACL, winstd::LocalFree_delete<ACL>>& Acl)
+{
+    PACL h;
+    DWORD dwResult = SetEntriesInAclW(cCountOfExplicitEntries, pListOfExplicitEntries, OldAcl, &h);
+    if (dwResult == ERROR_SUCCESS)
+        Acl.reset(h);
+    return ERROR_SUCCESS;
+}
+
 #pragma warning(pop)
 
 /// @}