ReactOS 0.4.15-dev-7677-g8209aa5
misc.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * WINE COPYRIGHT:
4 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
5 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
6 * Copyright 2006 Robert Reif
7 *
8 * PROJECT: ReactOS system libraries
9 * FILE: dll/win32/advapi32/sec/misc.c
10 * PURPOSE: Miscellaneous security functions (some ported from Wine)
11 */
12
13#include <advapi32.h>
14
16
17/* Interface to ntmarta.dll ***************************************************/
18
21
22#define FindNtMartaProc(Name) \
23 NtMartaStatic.Name = (PVOID)GetProcAddress(NtMartaStatic.hDllInstance, \
24 "Acc" # Name ); \
25 if (NtMartaStatic.Name == NULL) \
26 { \
27 return GetLastError(); \
28 }
29
30
31static DWORD
33{
34 /* this code may be executed simultaneously by multiple threads in case they're
35 trying to initialize the interface at the same time, but that's no problem
36 because the pointers returned by GetProcAddress will be the same. However,
37 only one of the threads will change the NtMarta pointer to the NtMartaStatic
38 structure, the others threads will detect that there were other threads
39 initializing the structure faster and will release the reference to the
40 DLL */
41
44 {
45 return GetLastError();
46 }
47
48#if 0
49 FindNtMartaProc(LookupAccountTrustee);
52 FindNtMartaProc(SetEntriesInAList);
53 FindNtMartaProc(ConvertAccessToSecurityDescriptor);
54 FindNtMartaProc(ConvertSDToAccess);
55 FindNtMartaProc(ConvertAclToAccess);
56 FindNtMartaProc(GetAccessForTrustee);
57 FindNtMartaProc(GetExplicitEntries);
58#endif
59 FindNtMartaProc(RewriteGetNamedRights);
60 FindNtMartaProc(RewriteSetNamedRights);
61 FindNtMartaProc(RewriteGetHandleRights);
62 FindNtMartaProc(RewriteSetHandleRights);
63 FindNtMartaProc(RewriteSetEntriesInAcl);
64 FindNtMartaProc(RewriteGetExplicitEntriesFromAcl);
65 FindNtMartaProc(TreeResetNamedSecurityInfo);
67 FindNtMartaProc(FreeIndexArray);
68
69 return ERROR_SUCCESS;
70}
71
72
75{
77
79 NULL,
80 NULL) == NULL)
81 {
82 /* we're the first one trying to use ntmarta, initialize it and change
83 the pointer after initialization */
85
87 {
88 /* try change the NtMarta pointer */
91 NULL) != NULL)
92 {
93 /* another thread initialized ntmarta in the meanwhile, release
94 the reference of the dll loaded. */
96 }
97 }
98#if DBG
99 else
100 {
101 ERR("Failed to initialize ntmarta.dll! Error: 0x%x\n", ErrorCode);
102 }
103#endif
104 }
105 else
106 {
107 /* ntmarta was already initialized */
109 }
110
111 return ErrorCode;
112}
113
114
115VOID
117{
119 NULL) != NULL)
120 {
122 }
123}
124
125
126/******************************************************************************/
127
128/*
129 * @implemented
130 */
131BOOL
132WINAPI
134{
136
137 Status = NtImpersonateAnonymousToken(ThreadHandle);
138 if (!NT_SUCCESS(Status))
139 {
141 return FALSE;
142 }
143
144 return TRUE;
145}
146
147/*
148 * @implemented
149 */
150BOOL
151WINAPI
153{
156 HANDLE NewToken;
159 BOOL Duplicated;
161
162 /* Get the token type */
164 TokenType,
165 &Type,
166 sizeof(TOKEN_TYPE),
167 &ReturnLength);
168 if (!NT_SUCCESS(Status))
169 {
171 return FALSE;
172 }
173
174 if (Type == TokenPrimary)
175 {
176 /* Create a duplicate impersonation token */
180 Qos.EffectiveOnly = FALSE;
181
183 ObjectAttributes.RootDirectory = NULL;
184 ObjectAttributes.ObjectName = NULL;
185 ObjectAttributes.Attributes = 0;
186 ObjectAttributes.SecurityDescriptor = NULL;
187 ObjectAttributes.SecurityQualityOfService = &Qos;
188
189 Status = NtDuplicateToken(hToken,
192 FALSE,
194 &NewToken);
195 if (!NT_SUCCESS(Status))
196 {
197 ERR("NtDuplicateToken failed: Status %08x\n", Status);
199 return FALSE;
200 }
201
202 Duplicated = TRUE;
203 }
204 else
205 {
206 /* User the original impersonation token */
207 NewToken = hToken;
208 Duplicated = FALSE;
209 }
210
211 /* Impersonate the the current thread */
214 &NewToken,
215 sizeof(HANDLE));
216
217 if (Duplicated != FALSE)
218 {
219 NtClose(NewToken);
220 }
221
222 if (!NT_SUCCESS(Status))
223 {
224 ERR("NtSetInformationThread failed: Status %08x\n", Status);
226 return FALSE;
227 }
228
229 return TRUE;
230}
231
232/******************************************************************************
233 * GetUserNameA [ADVAPI32.@]
234 *
235 * Get the current user name.
236 *
237 * PARAMS
238 * lpszName [O] Destination for the user name.
239 * lpSize [I/O] Size of lpszName.
240 *
241 *
242 * @implemented
243 */
244BOOL
245WINAPI
247 LPDWORD lpSize)
248{
249 UNICODE_STRING NameW;
250 ANSI_STRING NameA;
251 BOOL Ret;
252
253 /* apparently Win doesn't check whether lpSize is valid at all! */
254
255 NameW.MaximumLength = (*lpSize) * sizeof(WCHAR);
257 if(NameW.Buffer == NULL)
258 {
260 return FALSE;
261 }
262
263 NameA.Length = 0;
264 NameA.MaximumLength = ((*lpSize) < 0xFFFF ? (USHORT)(*lpSize) : 0xFFFF);
265 NameA.Buffer = lpszName;
266
267 Ret = GetUserNameW(NameW.Buffer,
268 lpSize);
269 if(Ret)
270 {
271 NameW.Length = (*lpSize - 1) * sizeof(WCHAR);
272 RtlUnicodeStringToAnsiString(&NameA, &NameW, FALSE);
273
274 *lpSize = NameA.Length + 1;
275 }
276
277 LocalFree(NameW.Buffer);
278
279 return Ret;
280}
281
282/******************************************************************************
283 * GetUserNameW [ADVAPI32.@]
284 *
285 * See GetUserNameA.
286 *
287 * @implemented
288 */
289BOOL
290WINAPI
292 LPDWORD lpSize)
293{
295 DWORD tu_len = 0;
296 char* tu_buf = NULL;
297 TOKEN_USER* token_user = NULL;
298 DWORD an_len = 0;
300 WCHAR* domain_name = NULL;
301 DWORD dn_len = 0;
302
304 {
305 DWORD dwLastError = GetLastError();
306 if (dwLastError != ERROR_NO_TOKEN
307 && dwLastError != ERROR_NO_IMPERSONATION_TOKEN)
308 {
309 /* don't call SetLastError(),
310 as OpenThreadToken() ought to have set one */
311 return FALSE;
312 }
313
315 {
316 /* don't call SetLastError(),
317 as OpenProcessToken() ought to have set one */
318 return FALSE;
319 }
320 }
321
322 tu_buf = LocalAlloc(LMEM_FIXED, 36);
323 if (!tu_buf)
324 {
326 CloseHandle(hToken);
327 return FALSE;
328 }
329
330 if (!GetTokenInformation(hToken, TokenUser, tu_buf, 36, &tu_len) || tu_len > 36)
331 {
332 LocalFree(tu_buf);
333 tu_buf = LocalAlloc(LMEM_FIXED, tu_len);
334 if (!tu_buf)
335 {
337 CloseHandle(hToken);
338 return FALSE;
339 }
340
341 if (!GetTokenInformation(hToken, TokenUser, tu_buf, tu_len, &tu_len))
342 {
343 /* don't call SetLastError(),
344 as GetTokenInformation() ought to have set one */
345 LocalFree(tu_buf);
346 CloseHandle(hToken);
347 return FALSE;
348 }
349 }
350
351 CloseHandle(hToken);
352 token_user = (TOKEN_USER*)tu_buf;
353
354 an_len = *lpSize;
355 dn_len = 32;
356 domain_name = LocalAlloc(LMEM_FIXED, dn_len * sizeof(WCHAR));
357 if (!domain_name)
358 {
359 LocalFree(tu_buf);
361 return FALSE;
362 }
363
364 if (!LookupAccountSidW(NULL, token_user->User.Sid, lpszName, &an_len, domain_name, &dn_len, &snu)
365 || dn_len > 32)
366 {
367 if (dn_len > 32)
368 {
369 LocalFree(domain_name);
370 domain_name = LocalAlloc(LMEM_FIXED, dn_len * sizeof(WCHAR));
371 if (!domain_name)
372 {
373 LocalFree(tu_buf);
375 return FALSE;
376 }
377 }
378
379 an_len = *lpSize;
380 if (!LookupAccountSidW(NULL, token_user->User.Sid, lpszName, &an_len, domain_name, &dn_len, &snu))
381 {
382 /* don't call SetLastError(),
383 as LookupAccountSid() ought to have set one */
384 LocalFree(domain_name);
385 LocalFree(tu_buf);
386 *lpSize = an_len;
387 return FALSE;
388 }
389 }
390
391 LocalFree(domain_name);
392 LocalFree(tu_buf);
393 *lpSize = an_len + 1;
394 return TRUE;
395}
396
397
398/******************************************************************************
399 * LookupAccountSidA [ADVAPI32.@]
400 *
401 * @implemented
402 */
403BOOL
404WINAPI
406 PSID lpSid,
409 LPSTR lpReferencedDomainName,
412{
413 UNICODE_STRING NameW, ReferencedDomainNameW, SystemNameW;
414 LPWSTR NameBuffer = NULL;
415 LPWSTR ReferencedDomainNameBuffer = NULL;
416 DWORD dwName, dwReferencedDomainName;
417 BOOL Ret;
418
419 /*
420 * save the buffer sizes the caller passed to us, as they may get modified and
421 * we require the original values when converting back to ansi
422 */
423 dwName = *cchName;
424 dwReferencedDomainName = *cchReferencedDomainName;
425
426 /* allocate buffers for the unicode strings to receive */
427 if (dwName > 0)
428 {
429 NameBuffer = LocalAlloc(LMEM_FIXED, dwName * sizeof(WCHAR));
430 if (NameBuffer == NULL)
431 {
433 return FALSE;
434 }
435 }
436 else
437 NameBuffer = NULL;
438
439 if (dwReferencedDomainName > 0)
440 {
441 ReferencedDomainNameBuffer = LocalAlloc(LMEM_FIXED, dwReferencedDomainName * sizeof(WCHAR));
442 if (ReferencedDomainNameBuffer == NULL)
443 {
444 if (dwName > 0)
445 {
446 LocalFree(NameBuffer);
447 }
448
450 return FALSE;
451 }
452 }
453 else
454 ReferencedDomainNameBuffer = NULL;
455
456
457 /* convert the system name to unicode - if present */
458 if (lpSystemName != NULL)
459 {
460 ANSI_STRING SystemNameA;
461
462 RtlInitAnsiString(&SystemNameA, lpSystemName);
463 RtlAnsiStringToUnicodeString(&SystemNameW, &SystemNameA, TRUE);
464 }
465 else
466 SystemNameW.Buffer = NULL;
467
468 /* it's time to call the unicode version */
469 Ret = LookupAccountSidW(SystemNameW.Buffer,
470 lpSid,
471 NameBuffer,
472 cchName,
473 ReferencedDomainNameBuffer,
475 peUse);
476 if (Ret)
477 {
478 /*
479 * convert unicode strings back to ansi, don't forget that we can't convert
480 * more than 0xFFFF (USHORT) characters! Also don't forget to explicitly
481 * terminate the converted string, the Rtl functions don't do that!
482 */
483 if (lpName != NULL)
484 {
485 ANSI_STRING NameA;
486
487 NameA.Length = 0;
488 NameA.MaximumLength = ((dwName <= 0xFFFF) ? (USHORT)dwName : 0xFFFF);
489 NameA.Buffer = lpName;
490
491 RtlInitUnicodeString(&NameW, NameBuffer);
492 RtlUnicodeStringToAnsiString(&NameA, &NameW, FALSE);
493 NameA.Buffer[NameA.Length] = '\0';
494 }
495
496 if (lpReferencedDomainName != NULL)
497 {
498 ANSI_STRING ReferencedDomainNameA;
499
500 ReferencedDomainNameA.Length = 0;
501 ReferencedDomainNameA.MaximumLength = ((dwReferencedDomainName <= 0xFFFF) ?
502 (USHORT)dwReferencedDomainName : 0xFFFF);
503 ReferencedDomainNameA.Buffer = lpReferencedDomainName;
504
505 RtlInitUnicodeString(&ReferencedDomainNameW, ReferencedDomainNameBuffer);
506 RtlUnicodeStringToAnsiString(&ReferencedDomainNameA, &ReferencedDomainNameW, FALSE);
507 ReferencedDomainNameA.Buffer[ReferencedDomainNameA.Length] = '\0';
508 }
509 }
510
511 /* free previously allocated buffers */
512 if (SystemNameW.Buffer != NULL)
513 {
514 RtlFreeUnicodeString(&SystemNameW);
515 }
516
517 if (NameBuffer != NULL)
518 {
519 LocalFree(NameBuffer);
520 }
521
522 if (ReferencedDomainNameBuffer != NULL)
523 {
524 LocalFree(ReferencedDomainNameBuffer);
525 }
526
527 return Ret;
528}
529
530
531/******************************************************************************
532 * LookupAccountSidW [ADVAPI32.@]
533 *
534 * @implemented
535 */
538 PSID pSid,
539 LPWSTR pAccountName,
540 LPDWORD pdwAccountName,
541 LPWSTR pDomainName,
542 LPDWORD pdwDomainName,
544{
545 LSA_UNICODE_STRING SystemName;
547 LSA_HANDLE PolicyHandle = NULL;
549 PLSA_REFERENCED_DOMAIN_LIST ReferencedDomain = NULL;
550 PLSA_TRANSLATED_NAME TranslatedName = NULL;
551 BOOL ret;
552 DWORD dwAccountName, dwDomainName;
553
554 RtlInitUnicodeString(&SystemName, pSystemName);
555 Status = LsaOpenPolicy(&SystemName, &ObjectAttributes, POLICY_LOOKUP_NAMES, &PolicyHandle);
556 if (!NT_SUCCESS(Status))
557 {
559 return FALSE;
560 }
561
562 Status = LsaLookupSids(PolicyHandle, 1, &pSid, &ReferencedDomain, &TranslatedName);
563
564 LsaClose(PolicyHandle);
565
567 {
569 ret = FALSE;
570 }
571 else
572 {
573 ret = TRUE;
574
575 dwAccountName = TranslatedName->Name.Length / sizeof(WCHAR);
576 if (ReferencedDomain && ReferencedDomain->Entries > 0)
577 dwDomainName = ReferencedDomain->Domains[0].Name.Length / sizeof(WCHAR);
578 else
579 dwDomainName = 0;
580
581 if (*pdwAccountName <= dwAccountName || *pdwDomainName <= dwDomainName)
582 {
583 /* One or two buffers are insufficient, add up a char for NULL termination */
584 *pdwAccountName = dwAccountName + 1;
585 *pdwDomainName = dwDomainName + 1;
586 ret = FALSE;
587 }
588 else
589 {
590 /* Lengths are sufficient, copy the data */
591 if (dwAccountName)
592 RtlCopyMemory(pAccountName, TranslatedName->Name.Buffer, dwAccountName * sizeof(WCHAR));
593 pAccountName[dwAccountName] = L'\0';
594
595 if (dwDomainName)
596 RtlCopyMemory(pDomainName, ReferencedDomain->Domains[0].Name.Buffer, dwDomainName * sizeof(WCHAR));
597 pDomainName[dwDomainName] = L'\0';
598
599 *pdwAccountName = dwAccountName;
600 *pdwDomainName = dwDomainName;
601
602 if (peUse)
603 *peUse = TranslatedName->Use;
604 }
605
606 if (!ret)
608 }
609
610 if (ReferencedDomain)
611 LsaFreeMemory(ReferencedDomain);
612
613 if (TranslatedName)
614 LsaFreeMemory(TranslatedName);
615
616 return ret;
617}
618
619/******************************************************************************
620 * LookupAccountNameW [ADVAPI32.@]
621 *
622 * @implemented
623 */
624BOOL
625WINAPI
628 PSID Sid,
633{
635 UNICODE_STRING SystemName;
636 UNICODE_STRING AccountName;
637 LSA_HANDLE PolicyHandle = NULL;
638 PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL;
639 PLSA_TRANSLATED_SID TranslatedSid = NULL;
640 PSID pDomainSid;
641 DWORD dwDomainNameLength;
642 DWORD dwSidLength;
643 UCHAR nSubAuthorities;
644 BOOL bResult;
646
647 TRACE("%s %s %p %p %p %p %p\n", lpSystemName, lpAccountName,
649
650 RtlInitUnicodeString(&SystemName,
651 lpSystemName);
652
653 Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
656 &PolicyHandle);
657 if (!NT_SUCCESS(Status))
658 {
660 return FALSE;
661 }
662
663 RtlInitUnicodeString(&AccountName,
665
666 Status = LsaLookupNames(PolicyHandle,
667 1,
668 &AccountName,
669 &ReferencedDomains,
670 &TranslatedSid);
671
672 LsaClose(PolicyHandle);
673
675 {
677 bResult = FALSE;
678 }
679 else
680 {
681 pDomainSid = ReferencedDomains->Domains[TranslatedSid->DomainIndex].Sid;
682 nSubAuthorities = *GetSidSubAuthorityCount(pDomainSid);
683 dwSidLength = GetSidLengthRequired(nSubAuthorities + 1);
684
685 dwDomainNameLength = ReferencedDomains->Domains->Name.Length / sizeof(WCHAR);
686
687 if (*cbSid < dwSidLength ||
688 *cchReferencedDomainName < dwDomainNameLength + 1)
689 {
690 *cbSid = dwSidLength;
691 *cchReferencedDomainName = dwDomainNameLength + 1;
692
693 bResult = FALSE;
694 }
695 else
696 {
697 CopySid(*cbSid, Sid, pDomainSid);
698 *GetSidSubAuthorityCount(Sid) = nSubAuthorities + 1;
699 *GetSidSubAuthority(Sid, (DWORD)nSubAuthorities) = TranslatedSid->RelativeId;
700
701 RtlCopyMemory(ReferencedDomainName, ReferencedDomains->Domains->Name.Buffer, dwDomainNameLength * sizeof(WCHAR));
702 ReferencedDomainName[dwDomainNameLength] = L'\0';
703
704 *cchReferencedDomainName = dwDomainNameLength;
705
706 *peUse = TranslatedSid->Use;
707
708 bResult = TRUE;
709 }
710
711 if (bResult == FALSE)
713 }
714
715 if (ReferencedDomains != NULL)
716 LsaFreeMemory(ReferencedDomains);
717
718 if (TranslatedSid != NULL)
719 LsaFreeMemory(TranslatedSid);
720
721 return bResult;
722}
723
724
725/**********************************************************************
726 * LookupPrivilegeValueA EXPORTED
727 *
728 * @implemented
729 */
730BOOL
731WINAPI
735{
736 UNICODE_STRING SystemName;
738 BOOL Result;
739
740 /* Remote system? */
741 if (lpSystemName != NULL)
742 {
744 (LPSTR)lpSystemName);
745 }
746 else
747 SystemName.Buffer = NULL;
748
749 /* Check the privilege name is not NULL */
750 if (lpName == NULL)
751 {
753 return FALSE;
754 }
755
757 (LPSTR)lpName);
758
760 Name.Buffer,
761 lpLuid);
762
764
765 /* Remote system? */
766 if (SystemName.Buffer != NULL)
767 {
768 RtlFreeUnicodeString(&SystemName);
769 }
770
771 return Result;
772}
773
774
775/**********************************************************************
776 * LookupPrivilegeValueW
777 *
778 * @implemented
779 */
780BOOL
781WINAPI
783 LPCWSTR lpPrivilegeName,
785{
787 UNICODE_STRING SystemName;
788 UNICODE_STRING PrivilegeName;
789 LSA_HANDLE PolicyHandle = NULL;
791
792 TRACE("%S,%S,%p\n", lpSystemName, lpPrivilegeName, lpLuid);
793
794 RtlInitUnicodeString(&SystemName,
795 lpSystemName);
796
797 Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
800 &PolicyHandle);
801 if (!NT_SUCCESS(Status))
802 {
804 return FALSE;
805 }
806
807 RtlInitUnicodeString(&PrivilegeName,
808 lpPrivilegeName);
809
810 Status = LsaLookupPrivilegeValue(PolicyHandle,
811 &PrivilegeName,
812 lpLuid);
813
814 LsaClose(PolicyHandle);
815
816 if (!NT_SUCCESS(Status))
817 {
819 return FALSE;
820 }
821
822 return TRUE;
823}
824
825/**********************************************************************
826 * LookupPrivilegeNameW EXPORTED
827 *
828 * @implemented
829 */
830BOOL
831WINAPI
836{
838 UNICODE_STRING SystemName;
839 PUNICODE_STRING PrivilegeName = NULL;
840 LSA_HANDLE PolicyHandle = NULL;
842
843 TRACE("%S,%p,%p,%p\n", lpSystemName, lpLuid, lpName, cchName);
844
845 RtlInitUnicodeString(&SystemName,
846 lpSystemName);
847
848 Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
851 &PolicyHandle);
852 if (!NT_SUCCESS(Status))
853 {
855 return FALSE;
856 }
857
858 Status = LsaLookupPrivilegeName(PolicyHandle,
859 lpLuid,
860 &PrivilegeName);
861 if (NT_SUCCESS(Status))
862 {
863 if (PrivilegeName->Length + sizeof(WCHAR) > *cchName * sizeof(WCHAR))
864 {
866
867 *cchName = (PrivilegeName->Length + sizeof(WCHAR)) / sizeof(WCHAR);
868 }
869 else
870 {
872 PrivilegeName->Buffer,
873 PrivilegeName->Length);
874 lpName[PrivilegeName->Length / sizeof(WCHAR)] = 0;
875
876 *cchName = PrivilegeName->Length / sizeof(WCHAR);
877 }
878
879 LsaFreeMemory(PrivilegeName->Buffer);
880 LsaFreeMemory(PrivilegeName);
881 }
882
883 LsaClose(PolicyHandle);
884
885 if (!NT_SUCCESS(Status))
886 {
888 return FALSE;
889 }
890
891 return TRUE;
892}
893
894/**********************************************************************
895 * LookupPrivilegeDisplayNameW EXPORTED
896 *
897 * @unimplemented
898 */
899BOOL
900WINAPI
906{
908 UNICODE_STRING SystemName, Name;
909 PUNICODE_STRING DisplayName;
910 LSA_HANDLE PolicyHandle = NULL;
911 USHORT LanguageId;
913
914 TRACE("%S,%S,%p,%p,%p\n", lpSystemName, lpName, lpDisplayName, cchDisplayName, lpLanguageId);
915
916 RtlInitUnicodeString(&SystemName, lpSystemName);
918
919 Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
922 &PolicyHandle);
923 if (!NT_SUCCESS(Status))
924 {
926 return FALSE;
927 }
928
929 Status = LsaLookupPrivilegeDisplayName(PolicyHandle, &Name, &DisplayName, &LanguageId);
930 if (NT_SUCCESS(Status))
931 {
932 *lpLanguageId = LanguageId;
933 if (DisplayName->Length + sizeof(WCHAR) > *cchDisplayName * sizeof(WCHAR))
934 {
936
937 *cchDisplayName = (DisplayName->Length + sizeof(WCHAR)) / sizeof(WCHAR);
938 }
939 else
940 {
942 DisplayName->Buffer,
943 DisplayName->Length);
944 lpDisplayName[DisplayName->Length / sizeof(WCHAR)] = 0;
945
946 *cchDisplayName = DisplayName->Length / sizeof(WCHAR);
947 }
948
949 LsaFreeMemory(DisplayName->Buffer);
950 LsaFreeMemory(DisplayName);
951 }
952
953 LsaClose(PolicyHandle);
954
955 if (!NT_SUCCESS(Status))
956 {
958 return FALSE;
959 }
960
961 return TRUE;
962}
963
964static DWORD
966 PSID *ppsidOwner,
967 PSID *ppsidGroup,
968 PACL *ppDacl,
969 PACL *ppSacl,
970 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
971{
972 if ((SecurityInfo & (OWNER_SECURITY_INFORMATION |
976 ppSecurityDescriptor == NULL)
977 {
978 /* if one of the SIDs or ACLs are present, the security descriptor
979 most not be NULL */
981 }
982 else
983 {
984 /* reset the pointers unless they're ignored */
985 if ((SecurityInfo & OWNER_SECURITY_INFORMATION) &&
986 ppsidOwner != NULL)
987 {
988 *ppsidOwner = NULL;
989 }
990 if ((SecurityInfo & GROUP_SECURITY_INFORMATION) &&
991 ppsidGroup != NULL)
992 {
993 *ppsidGroup = NULL;
994 }
995 if ((SecurityInfo & DACL_SECURITY_INFORMATION) &&
996 ppDacl != NULL)
997 {
998 *ppDacl = NULL;
999 }
1000 if ((SecurityInfo & SACL_SECURITY_INFORMATION) &&
1001 ppSacl != NULL)
1002 {
1003 *ppSacl = NULL;
1004 }
1005
1006 if (SecurityInfo & (OWNER_SECURITY_INFORMATION |
1010 {
1011 *ppSecurityDescriptor = NULL;
1012 }
1013
1014 return ERROR_SUCCESS;
1015 }
1016}
1017
1018
1019static DWORD
1021 SECURITY_INFORMATION SecurityInfo,
1022 PSID psidOwner,
1023 PSID psidGroup,
1024 PACL pDacl,
1025 PACL pSacl)
1026{
1027 /* initialize a security descriptor on the stack */
1028 if (!InitializeSecurityDescriptor(pSecurityDescriptor,
1030 {
1031 return GetLastError();
1032 }
1033
1034 if (SecurityInfo & OWNER_SECURITY_INFORMATION)
1035 {
1036 if (RtlValidSid(psidOwner))
1037 {
1038 if (!SetSecurityDescriptorOwner(pSecurityDescriptor,
1039 psidOwner,
1040 FALSE))
1041 {
1042 return GetLastError();
1043 }
1044 }
1045 else
1046 {
1048 }
1049 }
1050
1051 if (SecurityInfo & GROUP_SECURITY_INFORMATION)
1052 {
1053 if (RtlValidSid(psidGroup))
1054 {
1055 if (!SetSecurityDescriptorGroup(pSecurityDescriptor,
1056 psidGroup,
1057 FALSE))
1058 {
1059 return GetLastError();
1060 }
1061 }
1062 else
1063 {
1065 }
1066 }
1067
1068 if (SecurityInfo & DACL_SECURITY_INFORMATION)
1069 {
1070 if (pDacl != NULL)
1071 {
1072 if (SetSecurityDescriptorDacl(pSecurityDescriptor,
1073 TRUE,
1074 pDacl,
1075 FALSE))
1076 {
1077 /* check if the DACL needs to be protected from being
1078 modified by inheritable ACEs */
1079 if (SecurityInfo & PROTECTED_DACL_SECURITY_INFORMATION)
1080 {
1081 goto ProtectDacl;
1082 }
1083 }
1084 else
1085 {
1086 return GetLastError();
1087 }
1088 }
1089 else
1090 {
1091ProtectDacl:
1092 /* protect the DACL from being modified by inheritable ACEs */
1093 if (!SetSecurityDescriptorControl(pSecurityDescriptor,
1096 {
1097 return GetLastError();
1098 }
1099 }
1100 }
1101
1102 if (SecurityInfo & SACL_SECURITY_INFORMATION)
1103 {
1104 if (pSacl != NULL)
1105 {
1106 if (SetSecurityDescriptorSacl(pSecurityDescriptor,
1107 TRUE,
1108 pSacl,
1109 FALSE))
1110 {
1111 /* check if the SACL needs to be protected from being
1112 modified by inheritable ACEs */
1113 if (SecurityInfo & PROTECTED_SACL_SECURITY_INFORMATION)
1114 {
1115 goto ProtectSacl;
1116 }
1117 }
1118 else
1119 {
1120 return GetLastError();
1121 }
1122 }
1123 else
1124 {
1125ProtectSacl:
1126 /* protect the SACL from being modified by inheritable ACEs */
1127 if (!SetSecurityDescriptorControl(pSecurityDescriptor,
1130 {
1131 return GetLastError();
1132 }
1133 }
1134 }
1135
1136 return ERROR_SUCCESS;
1137}
1138
1139
1140/**********************************************************************
1141 * GetNamedSecurityInfoW EXPORTED
1142 *
1143 * @implemented
1144 */
1145DWORD
1146WINAPI
1149 SECURITY_INFORMATION SecurityInfo,
1150 PSID *ppsidOwner,
1151 PSID *ppsidGroup,
1152 PACL *ppDacl,
1153 PACL *ppSacl,
1154 PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
1155{
1157
1158 if (pObjectName != NULL)
1159 {
1161 if (ErrorCode == ERROR_SUCCESS)
1162 {
1163 ErrorCode = pGetSecurityInfoCheck(SecurityInfo,
1164 ppsidOwner,
1165 ppsidGroup,
1166 ppDacl,
1167 ppSacl,
1168 ppSecurityDescriptor);
1169
1170 if (ErrorCode == ERROR_SUCCESS)
1171 {
1172 /* call the MARTA provider */
1173 ErrorCode = AccRewriteGetNamedRights(pObjectName,
1174 ObjectType,
1175 SecurityInfo,
1176 ppsidOwner,
1177 ppsidGroup,
1178 ppDacl,
1179 ppSacl,
1180 ppSecurityDescriptor);
1181 }
1182 }
1183 }
1184 else
1186
1187 return ErrorCode;
1188}
1189
1190/**********************************************************************
1191 * SetNamedSecurityInfoW EXPORTED
1192 *
1193 * @implemented
1194 */
1195DWORD
1196WINAPI
1199 SECURITY_INFORMATION SecurityInfo,
1200 PSID psidOwner,
1201 PSID psidGroup,
1202 PACL pDacl,
1203 PACL pSacl)
1204{
1206
1207 if (pObjectName != NULL)
1208 {
1210 if (ErrorCode == ERROR_SUCCESS)
1211 {
1213
1215 SecurityInfo,
1216 psidOwner,
1217 psidGroup,
1218 pDacl,
1219 pSacl);
1220
1221 if (ErrorCode == ERROR_SUCCESS)
1222 {
1223 /* call the MARTA provider */
1224 ErrorCode = AccRewriteSetNamedRights(pObjectName,
1225 ObjectType,
1226 SecurityInfo,
1228 }
1229 }
1230 }
1231 else
1233
1234 return ErrorCode;
1235}
1236
1237/**********************************************************************
1238 * GetSecurityInfo EXPORTED
1239 *
1240 * @implemented
1241 */
1242DWORD
1243WINAPI
1246 SECURITY_INFORMATION SecurityInfo,
1247 PSID *ppsidOwner,
1248 PSID *ppsidGroup,
1249 PACL *ppDacl,
1250 PACL *ppSacl,
1251 PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
1252{
1254
1255 if (handle != NULL)
1256 {
1258 if (ErrorCode == ERROR_SUCCESS)
1259 {
1260 ErrorCode = pGetSecurityInfoCheck(SecurityInfo,
1261 ppsidOwner,
1262 ppsidGroup,
1263 ppDacl,
1264 ppSacl,
1265 ppSecurityDescriptor);
1266
1267 if (ErrorCode == ERROR_SUCCESS)
1268 {
1269 /* call the MARTA provider */
1271 ObjectType,
1272 SecurityInfo,
1273 ppsidOwner,
1274 ppsidGroup,
1275 ppDacl,
1276 ppSacl,
1277 ppSecurityDescriptor);
1278 }
1279 }
1280 }
1281 else
1283
1284 return ErrorCode;
1285}
1286
1287
1288/**********************************************************************
1289 * SetSecurityInfo EXPORTED
1290 *
1291 * @implemented
1292 */
1293DWORD
1294WINAPI
1297 SECURITY_INFORMATION SecurityInfo,
1298 PSID psidOwner,
1299 PSID psidGroup,
1300 PACL pDacl,
1301 PACL pSacl)
1302{
1304
1305 if (handle != NULL)
1306 {
1308 if (ErrorCode == ERROR_SUCCESS)
1309 {
1311
1313 SecurityInfo,
1314 psidOwner,
1315 psidGroup,
1316 pDacl,
1317 pSacl);
1318
1319 if (ErrorCode == ERROR_SUCCESS)
1320 {
1321 /* call the MARTA provider */
1323 ObjectType,
1324 SecurityInfo,
1326 }
1327 }
1328 }
1329 else
1331
1332 return ErrorCode;
1333}
1334
1335/*
1336 * @implemented
1337 */
1338BOOL
1339WINAPI
1341 PSECURITY_DESCRIPTOR CreatorDescriptor,
1344 HANDLE Token,
1346{
1348
1349 Status = RtlNewSecurityObject(ParentDescriptor,
1350 CreatorDescriptor,
1353 Token,
1355 if (!NT_SUCCESS(Status))
1356 {
1358 return FALSE;
1359 }
1360
1361 return TRUE;
1362}
1363
1364
1365/*
1366 * @unimplemented
1367 */
1368BOOL
1369WINAPI
1371 PSECURITY_DESCRIPTOR CreatorDescriptor,
1374 BOOL IsContainerObject,
1375 ULONG AutoInheritFlags,
1376 HANDLE Token,
1378{
1379 FIXME("%s() not implemented!\n", __FUNCTION__);
1380 return FALSE;
1381}
1382
1383
1384/*
1385 * @unimplemented
1386 */
1387BOOL
1388WINAPI
1390 PSECURITY_DESCRIPTOR CreatorDescriptor,
1392 GUID** ObjectTypes,
1393 ULONG GuidCount,
1394 BOOL IsContainerObject,
1395 ULONG AutoInheritFlags,
1396 HANDLE Token,
1398{
1399 FIXME("%s() semi-stub\n", __FUNCTION__);
1400 return CreatePrivateObjectSecurity(ParentDescriptor, CreatorDescriptor, NewDescriptor, IsContainerObject, Token, GenericMapping);
1401}
1402
1403
1404/*
1405 * @implemented
1406 */
1407BOOL
1408WINAPI
1410{
1412
1413 Status = RtlDeleteSecurityObject(ObjectDescriptor);
1414 if (!NT_SUCCESS(Status))
1415 {
1417 return FALSE;
1418 }
1419
1420 return TRUE;
1421}
1422
1423
1424/*
1425 * @implemented
1426 */
1427BOOL
1428WINAPI
1431 OUT PSECURITY_DESCRIPTOR ResultantDescriptor OPTIONAL,
1432 IN DWORD DescriptorLength,
1434{
1436
1437 /* Call RTL */
1438 Status = RtlQuerySecurityObject(ObjectDescriptor,
1440 ResultantDescriptor,
1441 DescriptorLength,
1442 ReturnLength);
1443 if (!NT_SUCCESS(Status))
1444 {
1445 /* Fail */
1447 return FALSE;
1448 }
1449
1450 /* Success */
1451 return TRUE;
1452}
1453
1454
1455/*
1456 * @implemented
1457 */
1458BOOL
1459WINAPI
1461 PSECURITY_DESCRIPTOR ModificationDescriptor,
1462 PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
1464 HANDLE Token)
1465{
1467
1469 ModificationDescriptor,
1470 ObjectsSecurityDescriptor,
1472 Token);
1473 if (!NT_SUCCESS(Status))
1474 {
1476 return FALSE;
1477 }
1478
1479 return TRUE;
1480}
1481
1482
1483/*
1484 * @implemented
1485 */
1486DWORD
1487WINAPI
1490 SECURITY_INFORMATION SecurityInfo,
1491 PSID pOwner,
1492 PSID pGroup,
1493 PACL pDacl,
1494 PACL pSacl,
1495 BOOL KeepExplicit,
1496 FN_PROGRESSW fnProgress,
1497 PROG_INVOKE_SETTING ProgressInvokeSetting,
1498 PVOID Args)
1499{
1501
1502 if (pObjectName != NULL)
1503 {
1505 if (ErrorCode == ERROR_SUCCESS)
1506 {
1507 switch (ObjectType)
1508 {
1509 case SE_FILE_OBJECT:
1510 case SE_REGISTRY_KEY:
1511 {
1512 /* check the SecurityInfo flags for sanity (both, the protected
1513 and unprotected dacl/sacl flag must not be passed together) */
1514 if (((SecurityInfo & DACL_SECURITY_INFORMATION) &&
1517
1518 ||
1519
1520 ((SecurityInfo & SACL_SECURITY_INFORMATION) &&
1523 {
1525 break;
1526 }
1527
1528 /* call the MARTA provider */
1530 ObjectType,
1531 SecurityInfo,
1532 pOwner,
1533 pGroup,
1534 pDacl,
1535 pSacl,
1536 KeepExplicit,
1537 fnProgress,
1538 ProgressInvokeSetting,
1539 Args);
1540 break;
1541 }
1542
1543 default:
1544 /* object type not supported */
1546 break;
1547 }
1548 }
1549 }
1550 else
1552
1553 return ErrorCode;
1554}
1555
1556#ifdef HAS_FN_PROGRESSW
1557
1558typedef struct _INTERNAL_FNPROGRESSW_DATA
1559{
1560 FN_PROGRESSA fnProgress;
1561 PVOID Args;
1562} INTERNAL_FNPROGRESSW_DATA, *PINTERNAL_FNPROGRESSW_DATA;
1563
1564static VOID WINAPI
1565InternalfnProgressW(LPWSTR pObjectName,
1566 DWORD Status,
1567 PPROG_INVOKE_SETTING pInvokeSetting,
1568 PVOID Args,
1569 BOOL SecuritySet)
1570{
1571 PINTERNAL_FNPROGRESSW_DATA pifnProgressData = (PINTERNAL_FNPROGRESSW_DATA)Args;
1572 INT ObjectNameSize;
1573 LPSTR pObjectNameA;
1574
1575 ObjectNameSize = WideCharToMultiByte(CP_ACP,
1576 0,
1577 pObjectName,
1578 -1,
1579 NULL,
1580 0,
1581 NULL,
1582 NULL);
1583
1584 if (ObjectNameSize > 0)
1585 {
1586 pObjectNameA = RtlAllocateHeap(RtlGetProcessHeap(),
1587 0,
1588 ObjectNameSize);
1589 if (pObjectNameA != NULL)
1590 {
1591 pObjectNameA[0] = '\0';
1593 0,
1594 pObjectName,
1595 -1,
1596 pObjectNameA,
1597 ObjectNameSize,
1598 NULL,
1599 NULL);
1600
1601 pifnProgressData->fnProgress((LPWSTR)pObjectNameA, /* FIXME: wrong cast!! */
1602 Status,
1603 pInvokeSetting,
1604 pifnProgressData->Args,
1605 SecuritySet);
1606
1607 RtlFreeHeap(RtlGetProcessHeap(),
1608 0,
1609 pObjectNameA);
1610 }
1611 }
1612}
1613#endif
1614
1615
1616/*
1617 * @implemented
1618 */
1619DWORD
1620WINAPI
1623 SECURITY_INFORMATION SecurityInfo,
1624 PSID pOwner,
1625 PSID pGroup,
1626 PACL pDacl,
1627 PACL pSacl,
1628 BOOL KeepExplicit,
1629 FN_PROGRESSA fnProgress,
1630 PROG_INVOKE_SETTING ProgressInvokeSetting,
1631 PVOID Args)
1632{
1633#ifndef HAS_FN_PROGRESSW
1634 /* That's all this function does, at least up to w2k3... Even MS was too
1635 lazy to implement it... */
1637#else
1638 INTERNAL_FNPROGRESSW_DATA ifnProgressData;
1640 DWORD Ret;
1641
1642 if (!RtlCreateUnicodeStringFromAsciiz(&ObjectName, pObjectName))
1643 {
1645 }
1646
1647 ifnProgressData.fnProgress = fnProgress;
1648 ifnProgressData.Args = Args;
1649
1651 ObjectType,
1652 SecurityInfo,
1653 pOwner,
1654 pGroup,
1655 pDacl,
1656 pSacl,
1657 KeepExplicit,
1658 (fnProgress != NULL ? InternalfnProgressW : NULL),
1659 ProgressInvokeSetting,
1660 &ifnProgressData);
1661
1663
1664 return Ret;
1665#endif
1666}
1667
1668/* EOF */
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
Type
Definition: Type.h:7
enum _PROG_INVOKE_SETTING * PPROG_INVOKE_SETTING
@ SE_FILE_OBJECT
Definition: accctrl.h:160
@ SE_REGISTRY_KEY
Definition: accctrl.h:163
enum _PROG_INVOKE_SETTING PROG_INVOKE_SETTING
enum _SE_OBJECT_TYPE SE_OBJECT_TYPE
Definition: security.c:104
char ** Args
Definition: acdebug.h:353
#define GetInheritanceSource
Definition: aclapi.h:234
#define FN_PROGRESSA
Definition: advapi32.h:52
#define AccTreeResetNamedSecurityInfo
Definition: advapi32.h:177
#define FN_PROGRESSW
Definition: advapi32.h:49
#define AccRewriteGetHandleRights
Definition: advapi32.h:173
#define AccRewriteSetHandleRights
Definition: advapi32.h:174
#define AccRewriteSetNamedRights
Definition: advapi32.h:172
#define AccRewriteGetNamedRights
Definition: advapi32.h:171
struct NameRec_ * Name
Definition: cdprocs.h:460
TOKEN_TYPE
Definition: asmpp.cpp:29
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
Definition: precomp.h:23
LONG NTSTATUS
Definition: precomp.h:26
#define FIXME(fmt,...)
Definition: debug.h:111
#define ERR(fmt,...)
Definition: debug.h:110
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13
#define ERROR_SUCCESS
Definition: deptool.c:10
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS WINAPI LsaLookupPrivilegeDisplayName(IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING Name, OUT PLSA_UNICODE_STRING *DisplayName, OUT PUSHORT LanguageReturned)
Definition: lsa.c:960
NTSTATUS WINAPI LsaOpenPolicy(IN PLSA_UNICODE_STRING SystemName OPTIONAL, IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE PolicyHandle)
Definition: lsa.c:1183
NTSTATUS WINAPI LsaLookupPrivilegeName(IN LSA_HANDLE PolicyHandle, IN PLUID Value, OUT PUNICODE_STRING *Name)
Definition: lsa.c:1000
NTSTATUS WINAPI LsaLookupSids(IN LSA_HANDLE PolicyHandle, IN ULONG Count, IN PSID *Sids, OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, OUT PLSA_TRANSLATED_NAME *Names)
Definition: lsa.c:1069
ULONG WINAPI LsaNtStatusToWinError(IN NTSTATUS Status)
Definition: lsa.c:1131
NTSTATUS WINAPI LsaLookupPrivilegeValue(IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING Name, OUT PLUID Value)
Definition: lsa.c:1036
NTSTATUS WINAPI LsaFreeMemory(IN PVOID Buffer)
Definition: lsa.c:701
NTSTATUS WINAPI LsaLookupNames(IN LSA_HANDLE PolicyHandle, IN ULONG Count, IN PLSA_UNICODE_STRING Names, OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, OUT PLSA_TRANSLATED_SID *Sids)
Definition: lsa.c:855
NTSTATUS WINAPI LsaClose(IN LSA_HANDLE ObjectHandle)
Definition: lsa.c:194
BOOL WINAPI CreatePrivateObjectSecurityEx(PSECURITY_DESCRIPTOR ParentDescriptor, PSECURITY_DESCRIPTOR CreatorDescriptor, PSECURITY_DESCRIPTOR *NewDescriptor, GUID *ObjectType, BOOL IsContainerObject, ULONG AutoInheritFlags, HANDLE Token, PGENERIC_MAPPING GenericMapping)
Definition: misc.c:1370
VOID UnloadNtMarta(VOID)
Definition: misc.c:116
BOOL WINAPI DestroyPrivateObjectSecurity(PSECURITY_DESCRIPTOR *ObjectDescriptor)
Definition: misc.c:1409
BOOL WINAPI LookupPrivilegeValueW(LPCWSTR lpSystemName, LPCWSTR lpPrivilegeName, PLUID lpLuid)
Definition: misc.c:782
BOOL WINAPI LookupAccountNameW(LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, LPDWORD cbSid, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:626
BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance(PSECURITY_DESCRIPTOR ParentDescriptor, PSECURITY_DESCRIPTOR CreatorDescriptor, PSECURITY_DESCRIPTOR *NewDescriptor, GUID **ObjectTypes, ULONG GuidCount, BOOL IsContainerObject, ULONG AutoInheritFlags, HANDLE Token, PGENERIC_MAPPING GenericMapping)
Definition: misc.c:1389
BOOL WINAPI LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid)
Definition: misc.c:732
DWORD CheckNtMartaPresent(VOID)
Definition: misc.c:74
#define FindNtMartaProc(Name)
Definition: misc.c:22
BOOL WINAPI SetPrivateObjectSecurity(SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR ModificationDescriptor, PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, PGENERIC_MAPPING GenericMapping, HANDLE Token)
Definition: misc.c:1460
NTMARTA NtMartaStatic
Definition: misc.c:19
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1147
BOOL WINAPI LookupPrivilegeDisplayNameW(LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
Definition: misc.c:901
BOOL WINAPI LookupAccountSidA(LPCSTR lpSystemName, PSID lpSid, LPSTR lpName, LPDWORD cchName, LPSTR lpReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:405
BOOL WINAPI CreatePrivateObjectSecurity(PSECURITY_DESCRIPTOR ParentDescriptor, PSECURITY_DESCRIPTOR CreatorDescriptor, PSECURITY_DESCRIPTOR *NewDescriptor, BOOL IsDirectoryObject, HANDLE Token, PGENERIC_MAPPING GenericMapping)
Definition: misc.c:1340
DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1295
BOOL WINAPI LookupPrivilegeNameW(LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, LPDWORD cchName)
Definition: misc.c:832
DWORD WINAPI TreeResetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID pOwner, PSID pGroup, PACL pDacl, PACL pSacl, BOOL KeepExplicit, FN_PROGRESSW fnProgress, PROG_INVOKE_SETTING ProgressInvokeSetting, PVOID Args)
Definition: misc.c:1488
DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1197
static DWORD LoadAndInitializeNtMarta(VOID)
Definition: misc.c:32
BOOL WINAPI GetUserNameW(LPWSTR lpszName, LPDWORD lpSize)
Definition: misc.c:291
BOOL WINAPI GetPrivateObjectSecurity(IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor OPTIONAL, IN DWORD DescriptorLength, OUT PDWORD ReturnLength)
Definition: misc.c:1429
static DWORD pSetSecurityInfoCheck(PSECURITY_DESCRIPTOR pSecurityDescriptor, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1020
DWORD WINAPI GetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1244
BOOL WINAPI GetUserNameA(LPSTR lpszName, LPDWORD lpSize)
Definition: misc.c:246
DWORD WINAPI TreeResetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID pOwner, PSID pGroup, PACL pDacl, PACL pSacl, BOOL KeepExplicit, FN_PROGRESSA fnProgress, PROG_INVOKE_SETTING ProgressInvokeSetting, PVOID Args)
Definition: misc.c:1621
static DWORD pGetSecurityInfoCheck(SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:965
BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
Definition: misc.c:152
BOOL WINAPI ImpersonateAnonymousToken(IN HANDLE ThreadHandle)
Definition: misc.c:133
static PNTMARTA NtMarta
Definition: misc.c:20
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
Definition: misc.c:537
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:411
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:294
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:896
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:852
BOOL WINAPI CopySid(DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
Definition: security.c:712
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:908
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:929
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
Definition: security.c:336
#define CloseHandle
Definition: compat.h:739
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
#define CP_ACP
Definition: compat.h:109
#define SetLastError(x)
Definition: compat.h:752
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
@ ThreadImpersonationToken
Definition: compat.h:940
#define FreeLibrary(x)
Definition: compat.h:748
#define GetCurrentProcess()
Definition: compat.h:759
#define ERROR_INVALID_HANDLE
Definition: compat.h:98
#define WideCharToMultiByte
Definition: compat.h:111
#define LoadLibraryW(x)
Definition: compat.h:747
#define __FUNCTION__
Definition: types.h:116
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:43
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
Status
Definition: gdiplustypes.h:25
HLOCAL NTAPI LocalAlloc(UINT uFlags, SIZE_T dwBytes)
Definition: heapmem.c:1390
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
enum _SID_NAME_USE SID_NAME_USE
@ SecurityImpersonation
Definition: lsa.idl:57
enum _SID_NAME_USE * PSID_NAME_USE
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
@ SidTypeUser
Definition: lsa.idl:118
@ TokenImpersonation
Definition: imports.h:274
@ TokenPrimary
Definition: imports.h:273
static PSID pSid
Definition: security.c:74
ObjectType
Definition: metafile.c:81
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
_In_ NDIS_ERROR_CODE ErrorCode
Definition: ndis.h:4436
NTSYSAPI NTSTATUS NTAPI RtlSetSecurityObject(_In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Out_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ PGENERIC_MAPPING GenericMapping, _In_ HANDLE Token)
NTSYSAPI NTSTATUS NTAPI RtlNewSecurityObject(_In_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_ PSECURITY_DESCRIPTOR CreatorDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_ BOOLEAN IsDirectoryObject, _In_ HANDLE Token, _In_ PGENERIC_MAPPING GenericMapping)
NTSYSAPI NTSTATUS NTAPI RtlDeleteSecurityObject(_In_ PSECURITY_DESCRIPTOR *ObjectDescriptor)
NTSYSAPI NTSTATUS NTAPI RtlQuerySecurityObject(_In_ PSECURITY_DESCRIPTOR ObjectDescriptor, _In_ SECURITY_INFORMATION SecurityInformation, _Out_ PSECURITY_DESCRIPTOR ResultantDescriptor, _In_ ULONG DescriptorLength, _Out_ PULONG ReturnLength)
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString(PANSI_STRING DestinationString, PUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
NTSTATUS NTAPI NtSetInformationThread(IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength)
Definition: query.c:2018
NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
Definition: token.c:2612
#define POLICY_LOOKUP_NAMES
Definition: ntsecapi.h:72
#define STATUS_SOME_NOT_MAPPED
Definition: ntstatus.h:86
#define L(x)
Definition: ntvdm.h:50
DWORD * PDWORD
Definition: pedump.c:68
unsigned short USHORT
Definition: pedump.c:61
BOOL WINAPI SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet)
Definition: sec.c:238
BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted)
Definition: sec.c:262
BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pOwner, BOOL bOwnerDefaulted)
Definition: sec.c:312
BOOL WINAPI SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bSaclPresent, PACL pSacl, BOOL bSaclDefaulted)
Definition: sec.c:351
BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pGroup, BOOL bGroupDefaulted)
Definition: sec.c:288
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
#define TRACE(s)
Definition: solgame.cpp:4
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
USHORT MaximumLength
Definition: env_spec_w32.h:377
PLSA_TRUST_INFORMATION Domains
Definition: ntsecapi.h:408
LSA_UNICODE_STRING Name
Definition: ntsecapi.h:423
SID_NAME_USE Use
Definition: ntsecapi.h:422
SID_NAME_USE Use
Definition: ntsecapi.h:411
LSA_UNICODE_STRING Name
Definition: ntsecapi.h:403
HINSTANCE hDllInstance
Definition: advapi32.h:78
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
SID_AND_ATTRIBUTES User
Definition: setypes.h:1010
USHORT MaximumLength
Definition: env_spec_w32.h:370
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869
uint32_t * LPDWORD
Definition: typedefs.h:59
int32_t INT
Definition: typedefs.h:58
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define IN
Definition: typedefs.h:39
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264
uint32_t ULONG
Definition: typedefs.h:59
#define OUT
Definition: typedefs.h:40
struct _OBJECT_ATTRIBUTES OBJECT_ATTRIBUTES
int ret
_In_ PLUID lpLuid
Definition: winbase.h:2809
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
Definition: winbase.h:2790
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
#define LookupAccountSid
Definition: winbase.h:3802
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR _Inout_ LPDWORD _Out_ LPDWORD lpLanguageId
Definition: winbase.h:2792
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD cbSid
Definition: winbase.h:2743
HANDLE WINAPI GetCurrentThread(void)
Definition: proc.c:1148
_In_ LPCSTR lpName
Definition: winbase.h:2789
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR _Inout_ LPDWORD _Out_ PSID_NAME_USE peUse
Definition: winbase.h:2746
#define LookupAccountName
Definition: winbase.h:3801
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR _Inout_ LPDWORD cchReferencedDomainName
Definition: winbase.h:2745
#define LMEM_FIXED
Definition: winbase.h:368
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR _Inout_ LPDWORD cchDisplayName
Definition: winbase.h:2791
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR ReferencedDomainName
Definition: winbase.h:2744
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2767
_In_ LPCSTR lpAccountName
Definition: winbase.h:2741
#define WINAPI
Definition: msvc.h:6
#define ERROR_NO_SUCH_PRIVILEGE
Definition: winerror.h:795
#define ERROR_NO_IMPERSONATION_TOKEN
Definition: winerror.h:791
#define ERROR_NO_TOKEN
Definition: winerror.h:587
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:31
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define SE_SACL_PROTECTED
Definition: setypes.h:832
#define SE_DACL_PROTECTED
Definition: setypes.h:831
#define TOKEN_QUERY
Definition: setypes.h:928
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define UNPROTECTED_SACL_SECURITY_INFORMATION
Definition: setypes.h:132
#define UNPROTECTED_DACL_SECURITY_INFORMATION
Definition: setypes.h:131
@ TokenUser
Definition: setypes.h:966
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define TOKEN_IMPERSONATE
Definition: setypes.h:927
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define PROTECTED_DACL_SECURITY_INFORMATION
Definition: setypes.h:129
#define PROTECTED_SACL_SECURITY_INFORMATION
Definition: setypes.h:130
#define SECURITY_DYNAMIC_TRACKING
Definition: setypes.h:103
const char * LPCSTR
Definition: xmlstorage.h:183
char * LPSTR
Definition: xmlstorage.h:182
unsigned char UCHAR
Definition: xmlstorage.h:181
__wchar_t WCHAR
Definition: xmlstorage.h:180
WCHAR * LPWSTR
Definition: xmlstorage.h:184
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
#define NtCurrentThread()