ReactOS 0.4.16-dev-1506-g117cd33
misc.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * WINE COPYRIGHT:
4 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
5 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
6 * Copyright 2006 Robert Reif
7 *
8 * PROJECT: ReactOS system libraries
9 * FILE: dll/win32/advapi32/sec/misc.c
10 * PURPOSE: Miscellaneous security functions (some ported from Wine)
11 */
12
13#include <advapi32.h>
14
15WINE_DEFAULT_DEBUG_CHANNEL(advapi);
16
17/* Interface to ntmarta.dll ***************************************************/
18
19NTMARTA NtMartaStatic = { 0 };
20static PNTMARTA NtMarta = NULL;
21
22#define FindNtMartaProc(Name) \
23 NtMartaStatic.Name = (PVOID)GetProcAddress(NtMartaStatic.hDllInstance, \
24 "Acc" # Name ); \
25 if (NtMartaStatic.Name == NULL) \
26 { \
27 return GetLastError(); \
28 }
29
30
31static DWORD
32LoadAndInitializeNtMarta(VOID)
33{
34 /* this code may be executed simultaneously by multiple threads in case they're
35 trying to initialize the interface at the same time, but that's no problem
36 because the pointers returned by GetProcAddress will be the same. However,
37 only one of the threads will change the NtMarta pointer to the NtMartaStatic
38 structure, the others threads will detect that there were other threads
39 initializing the structure faster and will release the reference to the
40 DLL */
41
42 NtMartaStatic.hDllInstance = LoadLibraryW(L"ntmarta.dll");
43 if (NtMartaStatic.hDllInstance == NULL)
44 {
45 return GetLastError();
46 }
47
48#if 0
49 FindNtMartaProc(LookupAccountTrustee);
50 FindNtMartaProc(LookupAccountName);
51 FindNtMartaProc(LookupAccountSid);
52 FindNtMartaProc(SetEntriesInAList);
53 FindNtMartaProc(ConvertAccessToSecurityDescriptor);
54 FindNtMartaProc(ConvertSDToAccess);
55 FindNtMartaProc(ConvertAclToAccess);
56 FindNtMartaProc(GetAccessForTrustee);
57 FindNtMartaProc(GetExplicitEntries);
58#endif
59 FindNtMartaProc(RewriteGetNamedRights);
60 FindNtMartaProc(RewriteSetNamedRights);
61 FindNtMartaProc(RewriteGetHandleRights);
62 FindNtMartaProc(RewriteSetHandleRights);
63 FindNtMartaProc(RewriteSetEntriesInAcl);
64 FindNtMartaProc(RewriteGetExplicitEntriesFromAcl);
65 FindNtMartaProc(TreeResetNamedSecurityInfo);
66 FindNtMartaProc(GetInheritanceSource);
67 FindNtMartaProc(FreeIndexArray);
68
69 return ERROR_SUCCESS;
70}
71
72
73DWORD
74CheckNtMartaPresent(VOID)
75{
76 DWORD ErrorCode;
77
78 if (InterlockedCompareExchangePointer((PVOID)&NtMarta,
79 NULL,
80 NULL) == NULL)
81 {
82 /* we're the first one trying to use ntmarta, initialize it and change
83 the pointer after initialization */
84 ErrorCode = LoadAndInitializeNtMarta();
85
86 if (ErrorCode == ERROR_SUCCESS)
87 {
88 /* try change the NtMarta pointer */
89 if (InterlockedCompareExchangePointer((PVOID)&NtMarta,
90 &NtMartaStatic,
91 NULL) != NULL)
92 {
93 /* another thread initialized ntmarta in the meanwhile, release
94 the reference of the dll loaded. */
95 FreeLibrary(NtMartaStatic.hDllInstance);
96 }
97 }
98#if DBG
99 else
100 {
101 ERR("Failed to initialize ntmarta.dll! Error: 0x%x\n", ErrorCode);
102 }
103#endif
104 }
105 else
106 {
107 /* ntmarta was already initialized */
108 ErrorCode = ERROR_SUCCESS;
109 }
110
111 return ErrorCode;
112}
113
114
115VOID
116UnloadNtMarta(VOID)
117{
118 if (InterlockedExchangePointer((PVOID)&NtMarta,
119 NULL) != NULL)
120 {
121 FreeLibrary(NtMartaStatic.hDllInstance);
122 }
123}
124
125
126/******************************************************************************/
127
128/*
129 * @implemented
130 */
131BOOL
132WINAPI
133ImpersonateAnonymousToken(IN HANDLE ThreadHandle)
134{
135 NTSTATUS Status;
136
137 Status = NtImpersonateAnonymousToken(ThreadHandle);
138 if (!NT_SUCCESS(Status))
139 {
140 SetLastError(RtlNtStatusToDosError(Status));
141 return FALSE;
142 }
143
144 return TRUE;
145}
146
147/*
148 * @implemented
149 */
150BOOL
151WINAPI
152ImpersonateLoggedOnUser(HANDLE hToken)
153{
154 SECURITY_QUALITY_OF_SERVICE Qos;
155 OBJECT_ATTRIBUTES ObjectAttributes;
156 HANDLE NewToken;
157 TOKEN_TYPE Type;
158 ULONG ReturnLength;
159 BOOL Duplicated;
160 NTSTATUS Status;
161
162 /* Get the token type */
163 Status = NtQueryInformationToken(hToken,
164 TokenType,
165 &Type,
166 sizeof(TOKEN_TYPE),
167 &ReturnLength);
168 if (!NT_SUCCESS(Status))
169 {
170 SetLastError(RtlNtStatusToDosError(Status));
171 return FALSE;
172 }
173
174 if (Type == TokenPrimary)
175 {
176 /* Create a duplicate impersonation token */
177 Qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
178 Qos.ImpersonationLevel = SecurityImpersonation;
179 Qos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
180 Qos.EffectiveOnly = FALSE;
181
182 ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES);
183 ObjectAttributes.RootDirectory = NULL;
184 ObjectAttributes.ObjectName = NULL;
185 ObjectAttributes.Attributes = 0;
186 ObjectAttributes.SecurityDescriptor = NULL;
187 ObjectAttributes.SecurityQualityOfService = &Qos;
188
189 Status = NtDuplicateToken(hToken,
190 TOKEN_IMPERSONATE | TOKEN_QUERY,
191 &ObjectAttributes,
192 FALSE,
193 TokenImpersonation,
194 &NewToken);
195 if (!NT_SUCCESS(Status))
196 {
197 ERR("NtDuplicateToken failed: Status %08x\n", Status);
198 SetLastError(RtlNtStatusToDosError(Status));
199 return FALSE;
200 }
201
202 Duplicated = TRUE;
203 }
204 else
205 {
206 /* User the original impersonation token */
207 NewToken = hToken;
208 Duplicated = FALSE;
209 }
210
211 /* Impersonate the the current thread */
212 Status = NtSetInformationThread(NtCurrentThread(),
213 ThreadImpersonationToken,
214 &NewToken,
215 sizeof(HANDLE));
216
217 if (Duplicated != FALSE)
218 {
219 NtClose(NewToken);
220 }
221
222 if (!NT_SUCCESS(Status))
223 {
224 ERR("NtSetInformationThread failed: Status %08x\n", Status);
225 SetLastError(RtlNtStatusToDosError(Status));
226 return FALSE;
227 }
228
229 return TRUE;
230}
231
232/******************************************************************************
233 * GetUserNameA [ADVAPI32.@]
234 *
235 * Get the current user name.
236 *
237 * PARAMS
238 * lpszName [O] Destination for the user name.
239 * lpSize [I/O] Size of lpszName.
240 *
241 *
242 * @implemented
243 */
244BOOL
245WINAPI
246GetUserNameA(LPSTR lpszName,
247 LPDWORD lpSize)
248{
249 UNICODE_STRING NameW;
250 ANSI_STRING NameA;
251 BOOL Ret;
252
253 /* apparently Win doesn't check whether lpSize is valid at all! */
254
255 NameW.MaximumLength = (*lpSize) * sizeof(WCHAR);
256 NameW.Buffer = LocalAlloc(LMEM_FIXED, NameW.MaximumLength);
257 if(NameW.Buffer == NULL)
258 {
259 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
260 return FALSE;
261 }
262
263 NameA.Length = 0;
264 NameA.MaximumLength = ((*lpSize) < 0xFFFF ? (USHORT)(*lpSize) : 0xFFFF);
265 NameA.Buffer = lpszName;
266
267 Ret = GetUserNameW(NameW.Buffer,
268 lpSize);
269 if(Ret)
270 {
271 NameW.Length = (*lpSize - 1) * sizeof(WCHAR);
272 RtlUnicodeStringToAnsiString(&NameA, &NameW, FALSE);
273
274 *lpSize = NameA.Length + 1;
275 }
276
277 LocalFree(NameW.Buffer);
278
279 return Ret;
280}
281
282/******************************************************************************
283 * GetUserNameW [ADVAPI32.@]
284 *
285 * See GetUserNameA.
286 *
287 * @implemented
288 */
289BOOL
290WINAPI
291GetUserNameW(LPWSTR lpszName,
292 LPDWORD lpSize)
293{
294 HANDLE hToken = INVALID_HANDLE_VALUE;
295 DWORD tu_len = 0;
296 char* tu_buf = NULL;
297 TOKEN_USER* token_user = NULL;
298 DWORD an_len = 0;
299 SID_NAME_USE snu = SidTypeUser;
300 WCHAR* domain_name = NULL;
301 DWORD dn_len = 0;
302
303 if (!OpenThreadToken (GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken))
304 {
305 DWORD dwLastError = GetLastError();
306 if (dwLastError != ERROR_NO_TOKEN
307 && dwLastError != ERROR_NO_IMPERSONATION_TOKEN)
308 {
309 /* don't call SetLastError(),
310 as OpenThreadToken() ought to have set one */
311 return FALSE;
312 }
313
314 if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
315 {
316 /* don't call SetLastError(),
317 as OpenProcessToken() ought to have set one */
318 return FALSE;
319 }
320 }
321
322 tu_buf = LocalAlloc(LMEM_FIXED, 36);
323 if (!tu_buf)
324 {
325 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
326 CloseHandle(hToken);
327 return FALSE;
328 }
329
330 if (!GetTokenInformation(hToken, TokenUser, tu_buf, 36, &tu_len) || tu_len > 36)
331 {
332 LocalFree(tu_buf);
333 tu_buf = LocalAlloc(LMEM_FIXED, tu_len);
334 if (!tu_buf)
335 {
336 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
337 CloseHandle(hToken);
338 return FALSE;
339 }
340
341 if (!GetTokenInformation(hToken, TokenUser, tu_buf, tu_len, &tu_len))
342 {
343 /* don't call SetLastError(),
344 as GetTokenInformation() ought to have set one */
345 LocalFree(tu_buf);
346 CloseHandle(hToken);
347 return FALSE;
348 }
349 }
350
351 CloseHandle(hToken);
352 token_user = (TOKEN_USER*)tu_buf;
353
354 an_len = *lpSize;
355 dn_len = 32;
356 domain_name = LocalAlloc(LMEM_FIXED, dn_len * sizeof(WCHAR));
357 if (!domain_name)
358 {
359 LocalFree(tu_buf);
360 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
361 return FALSE;
362 }
363
364 if (!LookupAccountSidW(NULL, token_user->User.Sid, lpszName, &an_len, domain_name, &dn_len, &snu)
365 || dn_len > 32)
366 {
367 if (dn_len > 32)
368 {
369 LocalFree(domain_name);
370 domain_name = LocalAlloc(LMEM_FIXED, dn_len * sizeof(WCHAR));
371 if (!domain_name)
372 {
373 LocalFree(tu_buf);
374 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
375 return FALSE;
376 }
377 }
378
379 an_len = *lpSize;
380 if (!LookupAccountSidW(NULL, token_user->User.Sid, lpszName, &an_len, domain_name, &dn_len, &snu))
381 {
382 /* don't call SetLastError(),
383 as LookupAccountSid() ought to have set one */
384 LocalFree(domain_name);
385 LocalFree(tu_buf);
386 *lpSize = an_len;
387 return FALSE;
388 }
389 }
390
391 LocalFree(domain_name);
392 LocalFree(tu_buf);
393 *lpSize = an_len + 1;
394 return TRUE;
395}
396
397
398/******************************************************************************
399 * LookupAccountSidA [ADVAPI32.@]
400 *
401 * @implemented
402 */
403BOOL
404WINAPI
405LookupAccountSidA(LPCSTR lpSystemName,
406 PSID lpSid,
407 LPSTR lpName,
408 LPDWORD cchName,
409 LPSTR lpReferencedDomainName,
410 LPDWORD cchReferencedDomainName,
411 PSID_NAME_USE peUse)
412{
413 UNICODE_STRING NameW, ReferencedDomainNameW, SystemNameW;
414 LPWSTR NameBuffer = NULL;
415 LPWSTR ReferencedDomainNameBuffer = NULL;
416 DWORD dwName, dwReferencedDomainName;
417 BOOL Ret;
418
419 /*
420 * save the buffer sizes the caller passed to us, as they may get modified and
421 * we require the original values when converting back to ansi
422 */
423 dwName = *cchName;
424 dwReferencedDomainName = *cchReferencedDomainName;
425
426 /* allocate buffers for the unicode strings to receive */
427 if (dwName > 0)
428 {
429 NameBuffer = LocalAlloc(LMEM_FIXED, dwName * sizeof(WCHAR));
430 if (NameBuffer == NULL)
431 {
432 SetLastError(ERROR_OUTOFMEMORY);
433 return FALSE;
434 }
435 }
436 else
437 NameBuffer = NULL;
438
439 if (dwReferencedDomainName > 0)
440 {
441 ReferencedDomainNameBuffer = LocalAlloc(LMEM_FIXED, dwReferencedDomainName * sizeof(WCHAR));
442 if (ReferencedDomainNameBuffer == NULL)
443 {
444 if (dwName > 0)
445 {
446 LocalFree(NameBuffer);
447 }
448
449 SetLastError(ERROR_OUTOFMEMORY);
450 return FALSE;
451 }
452 }
453 else
454 ReferencedDomainNameBuffer = NULL;
455
456
457 /* convert the system name to unicode - if present */
458 if (lpSystemName != NULL)
459 {
460 ANSI_STRING SystemNameA;
461
462 RtlInitAnsiString(&SystemNameA, lpSystemName);
463 RtlAnsiStringToUnicodeString(&SystemNameW, &SystemNameA, TRUE);
464 }
465 else
466 SystemNameW.Buffer = NULL;
467
468 /* it's time to call the unicode version */
469 Ret = LookupAccountSidW(SystemNameW.Buffer,
470 lpSid,
471 NameBuffer,
472 cchName,
473 ReferencedDomainNameBuffer,
474 cchReferencedDomainName,
475 peUse);
476 if (Ret)
477 {
478 /*
479 * convert unicode strings back to ansi, don't forget that we can't convert
480 * more than 0xFFFF (USHORT) characters! Also don't forget to explicitly
481 * terminate the converted string, the Rtl functions don't do that!
482 */
483 if (lpName != NULL)
484 {
485 ANSI_STRING NameA;
486
487 NameA.Length = 0;
488 NameA.MaximumLength = ((dwName <= 0xFFFF) ? (USHORT)dwName : 0xFFFF);
489 NameA.Buffer = lpName;
490
491 RtlInitUnicodeString(&NameW, NameBuffer);
492 RtlUnicodeStringToAnsiString(&NameA, &NameW, FALSE);
493 NameA.Buffer[NameA.Length] = '\0';
494 }
495
496 if (lpReferencedDomainName != NULL)
497 {
498 ANSI_STRING ReferencedDomainNameA;
499
500 ReferencedDomainNameA.Length = 0;
501 ReferencedDomainNameA.MaximumLength = ((dwReferencedDomainName <= 0xFFFF) ?
502 (USHORT)dwReferencedDomainName : 0xFFFF);
503 ReferencedDomainNameA.Buffer = lpReferencedDomainName;
504
505 RtlInitUnicodeString(&ReferencedDomainNameW, ReferencedDomainNameBuffer);
506 RtlUnicodeStringToAnsiString(&ReferencedDomainNameA, &ReferencedDomainNameW, FALSE);
507 ReferencedDomainNameA.Buffer[ReferencedDomainNameA.Length] = '\0';
508 }
509 }
510
511 /* free previously allocated buffers */
512 if (SystemNameW.Buffer != NULL)
513 {
514 RtlFreeUnicodeString(&SystemNameW);
515 }
516
517 if (NameBuffer != NULL)
518 {
519 LocalFree(NameBuffer);
520 }
521
522 if (ReferencedDomainNameBuffer != NULL)
523 {
524 LocalFree(ReferencedDomainNameBuffer);
525 }
526
527 return Ret;
528}
529
530
531/******************************************************************************
532 * LookupAccountSidW [ADVAPI32.@]
533 *
534 * @implemented
535 */
536BOOL WINAPI
537LookupAccountSidW(LPCWSTR pSystemName,
538 PSID pSid,
539 LPWSTR pAccountName,
540 LPDWORD pdwAccountName,
541 LPWSTR pDomainName,
542 LPDWORD pdwDomainName,
543 PSID_NAME_USE peUse)
544{
545 LSA_UNICODE_STRING SystemName;
546 LSA_OBJECT_ATTRIBUTES ObjectAttributes = {0};
547 LSA_HANDLE PolicyHandle = NULL;
548 NTSTATUS Status;
549 PLSA_REFERENCED_DOMAIN_LIST ReferencedDomain = NULL;
550 PLSA_TRANSLATED_NAME TranslatedName = NULL;
551 BOOL ret;
552 DWORD dwAccountName, dwDomainName;
553
554 RtlInitUnicodeString(&SystemName, pSystemName);
555 Status = LsaOpenPolicy(&SystemName, &ObjectAttributes, POLICY_LOOKUP_NAMES, &PolicyHandle);
556 if (!NT_SUCCESS(Status))
557 {
558 SetLastError(LsaNtStatusToWinError(Status));
559 return FALSE;
560 }
561
562 Status = LsaLookupSids(PolicyHandle, 1, &pSid, &ReferencedDomain, &TranslatedName);
563
564 LsaClose(PolicyHandle);
565
566 if (!NT_SUCCESS(Status) || Status == STATUS_SOME_NOT_MAPPED)
567 {
568 SetLastError(LsaNtStatusToWinError(Status));
569 ret = FALSE;
570 }
571 else
572 {
573 ret = TRUE;
574
575 dwAccountName = TranslatedName->Name.Length / sizeof(WCHAR);
576 if (ReferencedDomain && ReferencedDomain->Entries > 0)
577 dwDomainName = ReferencedDomain->Domains[0].Name.Length / sizeof(WCHAR);
578 else
579 dwDomainName = 0;
580
581 if (*pdwAccountName <= dwAccountName || *pdwDomainName <= dwDomainName)
582 {
583 /* One or two buffers are insufficient, add up a char for NULL termination */
584 *pdwAccountName = dwAccountName + 1;
585 *pdwDomainName = dwDomainName + 1;
586 ret = FALSE;
587 }
588 else
589 {
590 /* Lengths are sufficient, copy the data */
591 if (dwAccountName)
592 RtlCopyMemory(pAccountName, TranslatedName->Name.Buffer, dwAccountName * sizeof(WCHAR));
593 pAccountName[dwAccountName] = L'\0';
594
595 if (dwDomainName)
596 RtlCopyMemory(pDomainName, ReferencedDomain->Domains[0].Name.Buffer, dwDomainName * sizeof(WCHAR));
597 pDomainName[dwDomainName] = L'\0';
598
599 *pdwAccountName = dwAccountName;
600 *pdwDomainName = dwDomainName;
601
602 if (peUse)
603 *peUse = TranslatedName->Use;
604 }
605
606 if (!ret)
607 SetLastError(ERROR_INSUFFICIENT_BUFFER);
608 }
609
610 if (ReferencedDomain)
611 LsaFreeMemory(ReferencedDomain);
612
613 if (TranslatedName)
614 LsaFreeMemory(TranslatedName);
615
616 return ret;
617}
618
619/******************************************************************************
620 * LookupAccountNameW [ADVAPI32.@]
621 *
622 * @implemented
623 */
624BOOL
625WINAPI
626LookupAccountNameW(LPCWSTR lpSystemName,
627 LPCWSTR lpAccountName,
628 PSID Sid,
629 LPDWORD cbSid,
630 LPWSTR ReferencedDomainName,
631 LPDWORD cchReferencedDomainName,
632 PSID_NAME_USE peUse)
633{
634 OBJECT_ATTRIBUTES ObjectAttributes = {0};
635 UNICODE_STRING SystemName;
636 UNICODE_STRING AccountName;
637 LSA_HANDLE PolicyHandle = NULL;
638 PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL;
639 PLSA_TRANSLATED_SID TranslatedSid = NULL;
640 PSID pDomainSid;
641 DWORD dwDomainNameLength;
642 DWORD dwSidLength;
643 UCHAR nSubAuthorities;
644 BOOL bResult;
645 NTSTATUS Status;
646
647 TRACE("%s %s %p %p %p %p %p\n", lpSystemName, lpAccountName,
648 Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse);
649
650 RtlInitUnicodeString(&SystemName,
651 lpSystemName);
652
653 Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
654 &ObjectAttributes,
655 POLICY_LOOKUP_NAMES,
656 &PolicyHandle);
657 if (!NT_SUCCESS(Status))
658 {
659 SetLastError(LsaNtStatusToWinError(Status));
660 return FALSE;
661 }
662
663 RtlInitUnicodeString(&AccountName,
664 lpAccountName);
665
666 Status = LsaLookupNames(PolicyHandle,
667 1,
668 &AccountName,
669 &ReferencedDomains,
670 &TranslatedSid);
671
672 LsaClose(PolicyHandle);
673
674 if (!NT_SUCCESS(Status) || Status == STATUS_SOME_NOT_MAPPED)
675 {
676 SetLastError(LsaNtStatusToWinError(Status));
677 bResult = FALSE;
678 }
679 else
680 {
681 pDomainSid = ReferencedDomains->Domains[TranslatedSid->DomainIndex].Sid;
682 nSubAuthorities = *GetSidSubAuthorityCount(pDomainSid);
683 dwSidLength = GetSidLengthRequired(nSubAuthorities + 1);
684
685 dwDomainNameLength = ReferencedDomains->Domains->Name.Length / sizeof(WCHAR);
686
687 if (*cbSid < dwSidLength ||
688 *cchReferencedDomainName < dwDomainNameLength + 1)
689 {
690 *cbSid = dwSidLength;
691 *cchReferencedDomainName = dwDomainNameLength + 1;
692
693 bResult = FALSE;
694 }
695 else
696 {
697 CopySid(*cbSid, Sid, pDomainSid);
698 *GetSidSubAuthorityCount(Sid) = nSubAuthorities + 1;
699 *GetSidSubAuthority(Sid, (DWORD)nSubAuthorities) = TranslatedSid->RelativeId;
700
701 RtlCopyMemory(ReferencedDomainName, ReferencedDomains->Domains->Name.Buffer, dwDomainNameLength * sizeof(WCHAR));
702 ReferencedDomainName[dwDomainNameLength] = L'\0';
703
704 *cchReferencedDomainName = dwDomainNameLength;
705
706 *peUse = TranslatedSid->Use;
707
708 bResult = TRUE;
709 }
710
711 if (bResult == FALSE)
712 SetLastError(ERROR_INSUFFICIENT_BUFFER);
713 }
714
715 if (ReferencedDomains != NULL)
716 LsaFreeMemory(ReferencedDomains);
717
718 if (TranslatedSid != NULL)
719 LsaFreeMemory(TranslatedSid);
720
721 return bResult;
722}
723
724
725/**********************************************************************
726 * LookupPrivilegeValueA EXPORTED
727 *
728 * @implemented
729 */
730BOOL
731WINAPI
732LookupPrivilegeValueA(LPCSTR lpSystemName,
733 LPCSTR lpName,
734 PLUID lpLuid)
735{
736 UNICODE_STRING SystemName;
737 UNICODE_STRING Name;
738 BOOL Result;
739
740 /* Remote system? */
741 if (lpSystemName != NULL)
742 {
743 RtlCreateUnicodeStringFromAsciiz(&SystemName,
744 (LPSTR)lpSystemName);
745 }
746 else
747 SystemName.Buffer = NULL;
748
749 /* Check the privilege name is not NULL */
750 if (lpName == NULL)
751 {
752 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
753 return FALSE;
754 }
755
756 RtlCreateUnicodeStringFromAsciiz(&Name,
757 (LPSTR)lpName);
758
759 Result = LookupPrivilegeValueW(SystemName.Buffer,
760 Name.Buffer,
761 lpLuid);
762
763 RtlFreeUnicodeString(&Name);
764
765 /* Remote system? */
766 if (SystemName.Buffer != NULL)
767 {
768 RtlFreeUnicodeString(&SystemName);
769 }
770
771 return Result;
772}
773
774
775/**********************************************************************
776 * LookupPrivilegeValueW
777 *
778 * @implemented
779 */
780BOOL
781WINAPI
782LookupPrivilegeValueW(LPCWSTR lpSystemName,
783 LPCWSTR lpPrivilegeName,
784 PLUID lpLuid)
785{
786 OBJECT_ATTRIBUTES ObjectAttributes = {0};
787 UNICODE_STRING SystemName;
788 UNICODE_STRING PrivilegeName;
789 LSA_HANDLE PolicyHandle = NULL;
790 NTSTATUS Status;
791
792 TRACE("%S,%S,%p\n", lpSystemName, lpPrivilegeName, lpLuid);
793
794 RtlInitUnicodeString(&SystemName,
795 lpSystemName);
796
797 Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
798 &ObjectAttributes,
799 POLICY_LOOKUP_NAMES,
800 &PolicyHandle);
801 if (!NT_SUCCESS(Status))
802 {
803 SetLastError(LsaNtStatusToWinError(Status));
804 return FALSE;
805 }
806
807 RtlInitUnicodeString(&PrivilegeName,
808 lpPrivilegeName);
809
810 Status = LsaLookupPrivilegeValue(PolicyHandle,
811 &PrivilegeName,
812 lpLuid);
813
814 LsaClose(PolicyHandle);
815
816 if (!NT_SUCCESS(Status))
817 {
818 SetLastError(LsaNtStatusToWinError(Status));
819 return FALSE;
820 }
821
822 return TRUE;
823}
824
825/**********************************************************************
826 * LookupPrivilegeNameW EXPORTED
827 *
828 * @implemented
829 */
830BOOL
831WINAPI
832LookupPrivilegeNameW(LPCWSTR lpSystemName,
833 PLUID lpLuid,
834 LPWSTR lpName,
835 LPDWORD cchName)
836{
837 OBJECT_ATTRIBUTES ObjectAttributes = {0};
838 UNICODE_STRING SystemName;
839 PUNICODE_STRING PrivilegeName = NULL;
840 LSA_HANDLE PolicyHandle = NULL;
841 NTSTATUS Status;
842
843 TRACE("%S,%p,%p,%p\n", lpSystemName, lpLuid, lpName, cchName);
844
845 RtlInitUnicodeString(&SystemName,
846 lpSystemName);
847
848 Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
849 &ObjectAttributes,
850 POLICY_LOOKUP_NAMES,
851 &PolicyHandle);
852 if (!NT_SUCCESS(Status))
853 {
854 SetLastError(LsaNtStatusToWinError(Status));
855 return FALSE;
856 }
857
858 Status = LsaLookupPrivilegeName(PolicyHandle,
859 lpLuid,
860 &PrivilegeName);
861 if (NT_SUCCESS(Status))
862 {
863 if (PrivilegeName->Length + sizeof(WCHAR) > *cchName * sizeof(WCHAR))
864 {
865 Status = STATUS_BUFFER_TOO_SMALL;
866
867 *cchName = (PrivilegeName->Length + sizeof(WCHAR)) / sizeof(WCHAR);
868 }
869 else
870 {
871 RtlMoveMemory(lpName,
872 PrivilegeName->Buffer,
873 PrivilegeName->Length);
874 lpName[PrivilegeName->Length / sizeof(WCHAR)] = 0;
875
876 *cchName = PrivilegeName->Length / sizeof(WCHAR);
877 }
878
879 LsaFreeMemory(PrivilegeName->Buffer);
880 LsaFreeMemory(PrivilegeName);
881 }
882
883 LsaClose(PolicyHandle);
884
885 if (!NT_SUCCESS(Status))
886 {
887 SetLastError(LsaNtStatusToWinError(Status));
888 return FALSE;
889 }
890
891 return TRUE;
892}
893
894/**********************************************************************
895 * LookupPrivilegeDisplayNameW EXPORTED
896 *
897 * @unimplemented
898 */
899BOOL
900WINAPI
901LookupPrivilegeDisplayNameW(LPCWSTR lpSystemName,
902 LPCWSTR lpName,
903 LPWSTR lpDisplayName,
904 LPDWORD cchDisplayName,
905 LPDWORD lpLanguageId)
906{
907 OBJECT_ATTRIBUTES ObjectAttributes = {0};
908 UNICODE_STRING SystemName, Name;
909 PUNICODE_STRING DisplayName;
910 LSA_HANDLE PolicyHandle = NULL;
911 USHORT LanguageId;
912 NTSTATUS Status;
913
914 TRACE("%S,%S,%p,%p,%p\n", lpSystemName, lpName, lpDisplayName, cchDisplayName, lpLanguageId);
915
916 RtlInitUnicodeString(&SystemName, lpSystemName);
917 RtlInitUnicodeString(&Name, lpName);
918
919 Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
920 &ObjectAttributes,
921 POLICY_LOOKUP_NAMES,
922 &PolicyHandle);
923 if (!NT_SUCCESS(Status))
924 {
925 SetLastError(LsaNtStatusToWinError(Status));
926 return FALSE;
927 }
928
929 Status = LsaLookupPrivilegeDisplayName(PolicyHandle, &Name, &DisplayName, &LanguageId);
930 if (NT_SUCCESS(Status))
931 {
932 *lpLanguageId = LanguageId;
933 if (DisplayName->Length + sizeof(WCHAR) > *cchDisplayName * sizeof(WCHAR))
934 {
935 Status = STATUS_BUFFER_TOO_SMALL;
936
937 *cchDisplayName = (DisplayName->Length + sizeof(WCHAR)) / sizeof(WCHAR);
938 }
939 else
940 {
941 RtlMoveMemory(lpDisplayName,
942 DisplayName->Buffer,
943 DisplayName->Length);
944 lpDisplayName[DisplayName->Length / sizeof(WCHAR)] = 0;
945
946 *cchDisplayName = DisplayName->Length / sizeof(WCHAR);
947 }
948
949 LsaFreeMemory(DisplayName->Buffer);
950 LsaFreeMemory(DisplayName);
951 }
952
953 LsaClose(PolicyHandle);
954
955 if (!NT_SUCCESS(Status))
956 {
957 SetLastError(LsaNtStatusToWinError(Status));
958 return FALSE;
959 }
960
961 return TRUE;
962}
963
964static DWORD
965pGetSecurityInfoCheck(SECURITY_INFORMATION SecurityInfo,
966 PSID *ppsidOwner,
967 PSID *ppsidGroup,
968 PACL *ppDacl,
969 PACL *ppSacl,
970 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
971{
972 if ((SecurityInfo & (OWNER_SECURITY_INFORMATION |
973 GROUP_SECURITY_INFORMATION |
974 DACL_SECURITY_INFORMATION |
975 SACL_SECURITY_INFORMATION)) &&
976 ppSecurityDescriptor == NULL)
977 {
978 /* if one of the SIDs or ACLs are present, the security descriptor
979 most not be NULL */
980 return ERROR_INVALID_PARAMETER;
981 }
982 else
983 {
984 /* reset the pointers unless they're ignored */
985 if ((SecurityInfo & OWNER_SECURITY_INFORMATION) &&
986 ppsidOwner != NULL)
987 {
988 *ppsidOwner = NULL;
989 }
990 if ((SecurityInfo & GROUP_SECURITY_INFORMATION) &&
991 ppsidGroup != NULL)
992 {
993 *ppsidGroup = NULL;
994 }
995 if ((SecurityInfo & DACL_SECURITY_INFORMATION) &&
996 ppDacl != NULL)
997 {
998 *ppDacl = NULL;
999 }
1000 if ((SecurityInfo & SACL_SECURITY_INFORMATION) &&
1001 ppSacl != NULL)
1002 {
1003 *ppSacl = NULL;
1004 }
1005
1006 if (SecurityInfo & (OWNER_SECURITY_INFORMATION |
1007 GROUP_SECURITY_INFORMATION |
1008 DACL_SECURITY_INFORMATION |
1009 SACL_SECURITY_INFORMATION))
1010 {
1011 *ppSecurityDescriptor = NULL;
1012 }
1013
1014 return ERROR_SUCCESS;
1015 }
1016}
1017
1018
1019static DWORD
1020pSetSecurityInfoCheck(PSECURITY_DESCRIPTOR pSecurityDescriptor,
1021 SECURITY_INFORMATION SecurityInfo,
1022 PSID psidOwner,
1023 PSID psidGroup,
1024 PACL pDacl,
1025 PACL pSacl)
1026{
1027 /* initialize a security descriptor on the stack */
1028 if (!InitializeSecurityDescriptor(pSecurityDescriptor,
1029 SECURITY_DESCRIPTOR_REVISION))
1030 {
1031 return GetLastError();
1032 }
1033
1034 if (SecurityInfo & OWNER_SECURITY_INFORMATION)
1035 {
1036 if (RtlValidSid(psidOwner))
1037 {
1038 if (!SetSecurityDescriptorOwner(pSecurityDescriptor,
1039 psidOwner,
1040 FALSE))
1041 {
1042 return GetLastError();
1043 }
1044 }
1045 else
1046 {
1047 return ERROR_INVALID_PARAMETER;
1048 }
1049 }
1050
1051 if (SecurityInfo & GROUP_SECURITY_INFORMATION)
1052 {
1053 if (RtlValidSid(psidGroup))
1054 {
1055 if (!SetSecurityDescriptorGroup(pSecurityDescriptor,
1056 psidGroup,
1057 FALSE))
1058 {
1059 return GetLastError();
1060 }
1061 }
1062 else
1063 {
1064 return ERROR_INVALID_PARAMETER;
1065 }
1066 }
1067
1068 if (SecurityInfo & DACL_SECURITY_INFORMATION)
1069 {
1070 if (pDacl != NULL)
1071 {
1072 if (SetSecurityDescriptorDacl(pSecurityDescriptor,
1073 TRUE,
1074 pDacl,
1075 FALSE))
1076 {
1077 /* check if the DACL needs to be protected from being
1078 modified by inheritable ACEs */
1079 if (SecurityInfo & PROTECTED_DACL_SECURITY_INFORMATION)
1080 {
1081 goto ProtectDacl;
1082 }
1083 }
1084 else
1085 {
1086 return GetLastError();
1087 }
1088 }
1089 else
1090 {
1091ProtectDacl:
1092 /* protect the DACL from being modified by inheritable ACEs */
1093 if (!SetSecurityDescriptorControl(pSecurityDescriptor,
1094 SE_DACL_PROTECTED,
1095 SE_DACL_PROTECTED))
1096 {
1097 return GetLastError();
1098 }
1099 }
1100 }
1101
1102 if (SecurityInfo & SACL_SECURITY_INFORMATION)
1103 {
1104 if (pSacl != NULL)
1105 {
1106 if (SetSecurityDescriptorSacl(pSecurityDescriptor,
1107 TRUE,
1108 pSacl,
1109 FALSE))
1110 {
1111 /* check if the SACL needs to be protected from being
1112 modified by inheritable ACEs */
1113 if (SecurityInfo & PROTECTED_SACL_SECURITY_INFORMATION)
1114 {
1115 goto ProtectSacl;
1116 }
1117 }
1118 else
1119 {
1120 return GetLastError();
1121 }
1122 }
1123 else
1124 {
1125ProtectSacl:
1126 /* protect the SACL from being modified by inheritable ACEs */
1127 if (!SetSecurityDescriptorControl(pSecurityDescriptor,
1128 SE_SACL_PROTECTED,
1129 SE_SACL_PROTECTED))
1130 {
1131 return GetLastError();
1132 }
1133 }
1134 }
1135
1136 return ERROR_SUCCESS;
1137}
1138
1139
1140/**********************************************************************
1141 * GetNamedSecurityInfoW EXPORTED
1142 *
1143 * @implemented
1144 */
1145DWORD
1146WINAPI
1147GetNamedSecurityInfoW(LPWSTR pObjectName,
1148 SE_OBJECT_TYPE ObjectType,
1149 SECURITY_INFORMATION SecurityInfo,
1150 PSID *ppsidOwner,
1151 PSID *ppsidGroup,
1152 PACL *ppDacl,
1153 PACL *ppSacl,
1154 PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
1155{
1156 DWORD ErrorCode;
1157
1158 if (pObjectName != NULL)
1159 {
1160 ErrorCode = CheckNtMartaPresent();
1161 if (ErrorCode == ERROR_SUCCESS)
1162 {
1163 ErrorCode = pGetSecurityInfoCheck(SecurityInfo,
1164 ppsidOwner,
1165 ppsidGroup,
1166 ppDacl,
1167 ppSacl,
1168 ppSecurityDescriptor);
1169
1170 if (ErrorCode == ERROR_SUCCESS)
1171 {
1172 /* call the MARTA provider */
1173 ErrorCode = AccRewriteGetNamedRights(pObjectName,
1174 ObjectType,
1175 SecurityInfo,
1176 ppsidOwner,
1177 ppsidGroup,
1178 ppDacl,
1179 ppSacl,
1180 ppSecurityDescriptor);
1181 }
1182 }
1183 }
1184 else
1185 ErrorCode = ERROR_INVALID_PARAMETER;
1186
1187 return ErrorCode;
1188}
1189
1190/**********************************************************************
1191 * SetNamedSecurityInfoW EXPORTED
1192 *
1193 * @implemented
1194 */
1195DWORD
1196WINAPI
1197SetNamedSecurityInfoW(LPWSTR pObjectName,
1198 SE_OBJECT_TYPE ObjectType,
1199 SECURITY_INFORMATION SecurityInfo,
1200 PSID psidOwner,
1201 PSID psidGroup,
1202 PACL pDacl,
1203 PACL pSacl)
1204{
1205 DWORD ErrorCode;
1206
1207 if (pObjectName != NULL)
1208 {
1209 ErrorCode = CheckNtMartaPresent();
1210 if (ErrorCode == ERROR_SUCCESS)
1211 {
1212 SECURITY_DESCRIPTOR SecurityDescriptor;
1213
1214 ErrorCode = pSetSecurityInfoCheck(&SecurityDescriptor,
1215 SecurityInfo,
1216 psidOwner,
1217 psidGroup,
1218 pDacl,
1219 pSacl);
1220
1221 if (ErrorCode == ERROR_SUCCESS)
1222 {
1223 /* call the MARTA provider */
1224 ErrorCode = AccRewriteSetNamedRights(pObjectName,
1225 ObjectType,
1226 SecurityInfo,
1227 &SecurityDescriptor);
1228 }
1229 }
1230 }
1231 else
1232 ErrorCode = ERROR_INVALID_PARAMETER;
1233
1234 return ErrorCode;
1235}
1236
1237/**********************************************************************
1238 * GetSecurityInfo EXPORTED
1239 *
1240 * @implemented
1241 */
1242DWORD
1243WINAPI
1244GetSecurityInfo(HANDLE handle,
1245 SE_OBJECT_TYPE ObjectType,
1246 SECURITY_INFORMATION SecurityInfo,
1247 PSID *ppsidOwner,
1248 PSID *ppsidGroup,
1249 PACL *ppDacl,
1250 PACL *ppSacl,
1251 PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
1252{
1253 DWORD ErrorCode;
1254
1255 if (handle != NULL)
1256 {
1257 ErrorCode = CheckNtMartaPresent();
1258 if (ErrorCode == ERROR_SUCCESS)
1259 {
1260 ErrorCode = pGetSecurityInfoCheck(SecurityInfo,
1261 ppsidOwner,
1262 ppsidGroup,
1263 ppDacl,
1264 ppSacl,
1265 ppSecurityDescriptor);
1266
1267 if (ErrorCode == ERROR_SUCCESS)
1268 {
1269 /* call the MARTA provider */
1270 ErrorCode = AccRewriteGetHandleRights(handle,
1271 ObjectType,
1272 SecurityInfo,
1273 ppsidOwner,
1274 ppsidGroup,
1275 ppDacl,
1276 ppSacl,
1277 ppSecurityDescriptor);
1278 }
1279 }
1280 }
1281 else
1282 ErrorCode = ERROR_INVALID_HANDLE;
1283
1284 return ErrorCode;
1285}
1286
1287
1288/**********************************************************************
1289 * SetSecurityInfo EXPORTED
1290 *
1291 * @implemented
1292 */
1293DWORD
1294WINAPI
1295SetSecurityInfo(HANDLE handle,
1296 SE_OBJECT_TYPE ObjectType,
1297 SECURITY_INFORMATION SecurityInfo,
1298 PSID psidOwner,
1299 PSID psidGroup,
1300 PACL pDacl,
1301 PACL pSacl)
1302{
1303 DWORD ErrorCode;
1304
1305 if (handle != NULL)
1306 {
1307 ErrorCode = CheckNtMartaPresent();
1308 if (ErrorCode == ERROR_SUCCESS)
1309 {
1310 SECURITY_DESCRIPTOR SecurityDescriptor;
1311
1312 ErrorCode = pSetSecurityInfoCheck(&SecurityDescriptor,
1313 SecurityInfo,
1314 psidOwner,
1315 psidGroup,
1316 pDacl,
1317 pSacl);
1318
1319 if (ErrorCode == ERROR_SUCCESS)
1320 {
1321 /* call the MARTA provider */
1322 ErrorCode = AccRewriteSetHandleRights(handle,
1323 ObjectType,
1324 SecurityInfo,
1325 &SecurityDescriptor);
1326 }
1327 }
1328 }
1329 else
1330 ErrorCode = ERROR_INVALID_HANDLE;
1331
1332 return ErrorCode;
1333}
1334
1335/*
1336 * @implemented
1337 */
1338BOOL
1339WINAPI
1340CreatePrivateObjectSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
1341 PSECURITY_DESCRIPTOR CreatorDescriptor,
1342 PSECURITY_DESCRIPTOR *NewDescriptor,
1343 BOOL IsDirectoryObject,
1344 HANDLE Token,
1345 PGENERIC_MAPPING GenericMapping)
1346{
1347 NTSTATUS Status;
1348
1349 Status = RtlNewSecurityObject(ParentDescriptor,
1350 CreatorDescriptor,
1351 NewDescriptor,
1352 IsDirectoryObject,
1353 Token,
1354 GenericMapping);
1355 if (!NT_SUCCESS(Status))
1356 {
1357 SetLastError(RtlNtStatusToDosError(Status));
1358 return FALSE;
1359 }
1360
1361 return TRUE;
1362}
1363
1364
1365/*
1366 * @unimplemented
1367 */
1368BOOL
1369WINAPI
1370CreatePrivateObjectSecurityEx(PSECURITY_DESCRIPTOR ParentDescriptor,
1371 PSECURITY_DESCRIPTOR CreatorDescriptor,
1372 PSECURITY_DESCRIPTOR* NewDescriptor,
1373 GUID* ObjectType,
1374 BOOL IsContainerObject,
1375 ULONG AutoInheritFlags,
1376 HANDLE Token,
1377 PGENERIC_MAPPING GenericMapping)
1378{
1379 FIXME("%s() not implemented!\n", __FUNCTION__);
1380 return FALSE;
1381}
1382
1383
1384/*
1385 * @unimplemented
1386 */
1387BOOL
1388WINAPI
1389CreatePrivateObjectSecurityWithMultipleInheritance(PSECURITY_DESCRIPTOR ParentDescriptor,
1390 PSECURITY_DESCRIPTOR CreatorDescriptor,
1391 PSECURITY_DESCRIPTOR* NewDescriptor,
1392 GUID** ObjectTypes,
1393 ULONG GuidCount,
1394 BOOL IsContainerObject,
1395 ULONG AutoInheritFlags,
1396 HANDLE Token,
1397 PGENERIC_MAPPING GenericMapping)
1398{
1399 FIXME("%s() semi-stub\n", __FUNCTION__);
1400 return CreatePrivateObjectSecurity(ParentDescriptor, CreatorDescriptor, NewDescriptor, IsContainerObject, Token, GenericMapping);
1401}
1402
1403
1404/*
1405 * @implemented
1406 */
1407BOOL
1408WINAPI
1409DestroyPrivateObjectSecurity(PSECURITY_DESCRIPTOR *ObjectDescriptor)
1410{
1411 NTSTATUS Status;
1412
1413 Status = RtlDeleteSecurityObject(ObjectDescriptor);
1414 if (!NT_SUCCESS(Status))
1415 {
1416 SetLastError(RtlNtStatusToDosError(Status));
1417 return FALSE;
1418 }
1419
1420 return TRUE;
1421}
1422
1423
1424/*
1425 * @implemented
1426 */
1427BOOL
1428WINAPI
1429GetPrivateObjectSecurity(IN PSECURITY_DESCRIPTOR ObjectDescriptor,
1430 IN SECURITY_INFORMATION SecurityInformation,
1431 OUT PSECURITY_DESCRIPTOR ResultantDescriptor OPTIONAL,
1432 IN DWORD DescriptorLength,
1433 OUT PDWORD ReturnLength)
1434{
1435 NTSTATUS Status;
1436
1437 /* Call RTL */
1438 Status = RtlQuerySecurityObject(ObjectDescriptor,
1439 SecurityInformation,
1440 ResultantDescriptor,
1441 DescriptorLength,
1442 ReturnLength);
1443 if (!NT_SUCCESS(Status))
1444 {
1445 /* Fail */
1446 SetLastError(RtlNtStatusToDosError(Status));
1447 return FALSE;
1448 }
1449
1450 /* Success */
1451 return TRUE;
1452}
1453
1454
1455/*
1456 * @implemented
1457 */
1458BOOL
1459WINAPI
1460SetPrivateObjectSecurity(SECURITY_INFORMATION SecurityInformation,
1461 PSECURITY_DESCRIPTOR ModificationDescriptor,
1462 PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
1463 PGENERIC_MAPPING GenericMapping,
1464 HANDLE Token)
1465{
1466 NTSTATUS Status;
1467
1468 Status = RtlSetSecurityObject(SecurityInformation,
1469 ModificationDescriptor,
1470 ObjectsSecurityDescriptor,
1471 GenericMapping,
1472 Token);
1473 if (!NT_SUCCESS(Status))
1474 {
1475 SetLastError(RtlNtStatusToDosError(Status));
1476 return FALSE;
1477 }
1478
1479 return TRUE;
1480}
1481
1482
1483/*
1484 * @implemented
1485 */
1486DWORD
1487WINAPI
1488TreeResetNamedSecurityInfoW(LPWSTR pObjectName,
1489 SE_OBJECT_TYPE ObjectType,
1490 SECURITY_INFORMATION SecurityInfo,
1491 PSID pOwner,
1492 PSID pGroup,
1493 PACL pDacl,
1494 PACL pSacl,
1495 BOOL KeepExplicit,
1496 FN_PROGRESSW fnProgress,
1497 PROG_INVOKE_SETTING ProgressInvokeSetting,
1498 PVOID Args)
1499{
1500 DWORD ErrorCode;
1501
1502 if (pObjectName != NULL)
1503 {
1504 ErrorCode = CheckNtMartaPresent();
1505 if (ErrorCode == ERROR_SUCCESS)
1506 {
1507 switch (ObjectType)
1508 {
1509 case SE_FILE_OBJECT:
1510 case SE_REGISTRY_KEY:
1511 {
1512 /* check the SecurityInfo flags for sanity (both, the protected
1513 and unprotected dacl/sacl flag must not be passed together) */
1514 if (((SecurityInfo & DACL_SECURITY_INFORMATION) &&
1515 (SecurityInfo & (PROTECTED_DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION)) ==
1516 (PROTECTED_DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION))
1517
1518 ||
1519
1520 ((SecurityInfo & SACL_SECURITY_INFORMATION) &&
1521 (SecurityInfo & (PROTECTED_SACL_SECURITY_INFORMATION | UNPROTECTED_SACL_SECURITY_INFORMATION)) ==
1522 (PROTECTED_SACL_SECURITY_INFORMATION | UNPROTECTED_SACL_SECURITY_INFORMATION)))
1523 {
1524 ErrorCode = ERROR_INVALID_PARAMETER;
1525 break;
1526 }
1527
1528 /* call the MARTA provider */
1529 ErrorCode = AccTreeResetNamedSecurityInfo(pObjectName,
1530 ObjectType,
1531 SecurityInfo,
1532 pOwner,
1533 pGroup,
1534 pDacl,
1535 pSacl,
1536 KeepExplicit,
1537 fnProgress,
1538 ProgressInvokeSetting,
1539 Args);
1540 break;
1541 }
1542
1543 default:
1544 /* object type not supported */
1545 ErrorCode = ERROR_INVALID_PARAMETER;
1546 break;
1547 }
1548 }
1549 }
1550 else
1551 ErrorCode = ERROR_INVALID_PARAMETER;
1552
1553 return ErrorCode;
1554}
1555
1556#ifdef HAS_FN_PROGRESSW
1557
1558typedef struct _INTERNAL_FNPROGRESSW_DATA
1559{
1560 FN_PROGRESSA fnProgress;
1561 PVOID Args;
1562} INTERNAL_FNPROGRESSW_DATA, *PINTERNAL_FNPROGRESSW_DATA;
1563
1564static VOID WINAPI
1565InternalfnProgressW(LPWSTR pObjectName,
1566 DWORD Status,
1567 PPROG_INVOKE_SETTING pInvokeSetting,
1568 PVOID Args,
1569 BOOL SecuritySet)
1570{
1571 PINTERNAL_FNPROGRESSW_DATA pifnProgressData = (PINTERNAL_FNPROGRESSW_DATA)Args;
1572 INT ObjectNameSize;
1573 LPSTR pObjectNameA;
1574
1575 ObjectNameSize = WideCharToMultiByte(CP_ACP,
1576 0,
1577 pObjectName,
1578 -1,
1579 NULL,
1580 0,
1581 NULL,
1582 NULL);
1583
1584 if (ObjectNameSize > 0)
1585 {
1586 pObjectNameA = RtlAllocateHeap(RtlGetProcessHeap(),
1587 0,
1588 ObjectNameSize);
1589 if (pObjectNameA != NULL)
1590 {
1591 pObjectNameA[0] = '\0';
1592 WideCharToMultiByte(CP_ACP,
1593 0,
1594 pObjectName,
1595 -1,
1596 pObjectNameA,
1597 ObjectNameSize,
1598 NULL,
1599 NULL);
1600
1601 pifnProgressData->fnProgress((LPWSTR)pObjectNameA, /* FIXME: wrong cast!! */
1602 Status,
1603 pInvokeSetting,
1604 pifnProgressData->Args,
1605 SecuritySet);
1606
1607 RtlFreeHeap(RtlGetProcessHeap(),
1608 0,
1609 pObjectNameA);
1610 }
1611 }
1612}
1613#endif
1614
1615
1616/*
1617 * @implemented
1618 */
1619DWORD
1620WINAPI
1621TreeResetNamedSecurityInfoA(LPSTR pObjectName,
1622 SE_OBJECT_TYPE ObjectType,
1623 SECURITY_INFORMATION SecurityInfo,
1624 PSID pOwner,
1625 PSID pGroup,
1626 PACL pDacl,
1627 PACL pSacl,
1628 BOOL KeepExplicit,
1629 FN_PROGRESSA fnProgress,
1630 PROG_INVOKE_SETTING ProgressInvokeSetting,
1631 PVOID Args)
1632{
1633#ifndef HAS_FN_PROGRESSW
1634 /* That's all this function does, at least up to w2k3... Even MS was too
1635 lazy to implement it... */
1636 return ERROR_CALL_NOT_IMPLEMENTED;
1637#else
1638 INTERNAL_FNPROGRESSW_DATA ifnProgressData;
1639 UNICODE_STRING ObjectName;
1640 DWORD Ret;
1641
1642 if (!RtlCreateUnicodeStringFromAsciiz(&ObjectName, pObjectName))
1643 {
1644 return ERROR_NOT_ENOUGH_MEMORY;
1645 }
1646
1647 ifnProgressData.fnProgress = fnProgress;
1648 ifnProgressData.Args = Args;
1649
1650 Ret = TreeResetNamedSecurityInfoW(ObjectName.Buffer,
1651 ObjectType,
1652 SecurityInfo,
1653 pOwner,
1654 pGroup,
1655 pDacl,
1656 pSacl,
1657 KeepExplicit,
1658 (fnProgress != NULL ? InternalfnProgressW : NULL),
1659 ProgressInvokeSetting,
1660 &ifnProgressData);
1661
1662 RtlFreeUnicodeString(&ObjectName);
1663
1664 return Ret;
1665#endif
1666}
1667
1668/* EOF */
ReturnLength
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
Type
Type
Definition: Type.h:7
PPROG_INVOKE_SETTING
enum _PROG_INVOKE_SETTING * PPROG_INVOKE_SETTING
SE_FILE_OBJECT
@ SE_FILE_OBJECT
Definition: accctrl.h:160
SE_REGISTRY_KEY
@ SE_REGISTRY_KEY
Definition: accctrl.h:163
PROG_INVOKE_SETTING
enum _PROG_INVOKE_SETTING PROG_INVOKE_SETTING
SE_OBJECT_TYPE
enum _SE_OBJECT_TYPE SE_OBJECT_TYPE
Definition: security.c:104
Args
char ** Args
Definition: acdebug.h:353
GetInheritanceSource
#define GetInheritanceSource
Definition: aclapi.h:234
FN_PROGRESSA
#define FN_PROGRESSA
Definition: advapi32.h:54
AccTreeResetNamedSecurityInfo
#define AccTreeResetNamedSecurityInfo
Definition: advapi32.h:179
FN_PROGRESSW
#define FN_PROGRESSW
Definition: advapi32.h:51
AccRewriteGetHandleRights
#define AccRewriteGetHandleRights
Definition: advapi32.h:175
AccRewriteSetHandleRights
#define AccRewriteSetHandleRights
Definition: advapi32.h:176
AccRewriteSetNamedRights
#define AccRewriteSetNamedRights
Definition: advapi32.h:174
AccRewriteGetNamedRights
#define AccRewriteGetNamedRights
Definition: advapi32.h:173
TOKEN_TYPE
TOKEN_TYPE
Definition: asmpp.cpp:29
WINE_DEFAULT_DEBUG_CHANNEL
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
Definition: precomp.h:23
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
FIXME
#define FIXME(fmt,...)
Definition: precomp.h:53
ERR
#define ERR(fmt,...)
Definition: precomp.h:57
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:616
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:634
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
ERROR_INSUFFICIENT_BUFFER
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
ERROR_OUTOFMEMORY
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
Name
LPWSTR Name
Definition: desk.c:124
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
LsaLookupPrivilegeDisplayName
NTSTATUS WINAPI LsaLookupPrivilegeDisplayName(IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING Name, OUT PLSA_UNICODE_STRING *DisplayName, OUT PUSHORT LanguageReturned)
Definition: lsa.c:960
LsaOpenPolicy
NTSTATUS WINAPI LsaOpenPolicy(IN PLSA_UNICODE_STRING SystemName OPTIONAL, IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE PolicyHandle)
Definition: lsa.c:1183
LsaLookupPrivilegeName
NTSTATUS WINAPI LsaLookupPrivilegeName(IN LSA_HANDLE PolicyHandle, IN PLUID Value, OUT PUNICODE_STRING *Name)
Definition: lsa.c:1000
LsaLookupSids
NTSTATUS WINAPI LsaLookupSids(IN LSA_HANDLE PolicyHandle, IN ULONG Count, IN PSID *Sids, OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, OUT PLSA_TRANSLATED_NAME *Names)
Definition: lsa.c:1069
LsaNtStatusToWinError
ULONG WINAPI LsaNtStatusToWinError(IN NTSTATUS Status)
Definition: lsa.c:1131
LsaLookupPrivilegeValue
NTSTATUS WINAPI LsaLookupPrivilegeValue(IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING Name, OUT PLUID Value)
Definition: lsa.c:1036
LsaFreeMemory
NTSTATUS WINAPI LsaFreeMemory(IN PVOID Buffer)
Definition: lsa.c:701
LsaLookupNames
NTSTATUS WINAPI LsaLookupNames(IN LSA_HANDLE PolicyHandle, IN ULONG Count, IN PLSA_UNICODE_STRING Names, OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, OUT PLSA_TRANSLATED_SID *Sids)
Definition: lsa.c:855
LsaClose
NTSTATUS WINAPI LsaClose(IN LSA_HANDLE ObjectHandle)
Definition: lsa.c:194
CreatePrivateObjectSecurityEx
BOOL WINAPI CreatePrivateObjectSecurityEx(PSECURITY_DESCRIPTOR ParentDescriptor, PSECURITY_DESCRIPTOR CreatorDescriptor, PSECURITY_DESCRIPTOR *NewDescriptor, GUID *ObjectType, BOOL IsContainerObject, ULONG AutoInheritFlags, HANDLE Token, PGENERIC_MAPPING GenericMapping)
Definition: misc.c:1370
UnloadNtMarta
VOID UnloadNtMarta(VOID)
Definition: misc.c:116
DestroyPrivateObjectSecurity
BOOL WINAPI DestroyPrivateObjectSecurity(PSECURITY_DESCRIPTOR *ObjectDescriptor)
Definition: misc.c:1409
LookupPrivilegeValueW
BOOL WINAPI LookupPrivilegeValueW(LPCWSTR lpSystemName, LPCWSTR lpPrivilegeName, PLUID lpLuid)
Definition: misc.c:782
LookupAccountNameW
BOOL WINAPI LookupAccountNameW(LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, LPDWORD cbSid, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:626
CreatePrivateObjectSecurityWithMultipleInheritance
BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance(PSECURITY_DESCRIPTOR ParentDescriptor, PSECURITY_DESCRIPTOR CreatorDescriptor, PSECURITY_DESCRIPTOR *NewDescriptor, GUID **ObjectTypes, ULONG GuidCount, BOOL IsContainerObject, ULONG AutoInheritFlags, HANDLE Token, PGENERIC_MAPPING GenericMapping)
Definition: misc.c:1389
LookupPrivilegeValueA
BOOL WINAPI LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid)
Definition: misc.c:732
CheckNtMartaPresent
DWORD CheckNtMartaPresent(VOID)
Definition: misc.c:74
FindNtMartaProc
#define FindNtMartaProc(Name)
Definition: misc.c:22
SetPrivateObjectSecurity
BOOL WINAPI SetPrivateObjectSecurity(SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR ModificationDescriptor, PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, PGENERIC_MAPPING GenericMapping, HANDLE Token)
Definition: misc.c:1460
NtMartaStatic
NTMARTA NtMartaStatic
Definition: misc.c:19
GetNamedSecurityInfoW
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1147
LookupPrivilegeDisplayNameW
BOOL WINAPI LookupPrivilegeDisplayNameW(LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
Definition: misc.c:901
LookupAccountSidA
BOOL WINAPI LookupAccountSidA(LPCSTR lpSystemName, PSID lpSid, LPSTR lpName, LPDWORD cchName, LPSTR lpReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:405
CreatePrivateObjectSecurity
BOOL WINAPI CreatePrivateObjectSecurity(PSECURITY_DESCRIPTOR ParentDescriptor, PSECURITY_DESCRIPTOR CreatorDescriptor, PSECURITY_DESCRIPTOR *NewDescriptor, BOOL IsDirectoryObject, HANDLE Token, PGENERIC_MAPPING GenericMapping)
Definition: misc.c:1340
SetSecurityInfo
DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1295
LookupPrivilegeNameW
BOOL WINAPI LookupPrivilegeNameW(LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, LPDWORD cchName)
Definition: misc.c:832
TreeResetNamedSecurityInfoW
DWORD WINAPI TreeResetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID pOwner, PSID pGroup, PACL pDacl, PACL pSacl, BOOL KeepExplicit, FN_PROGRESSW fnProgress, PROG_INVOKE_SETTING ProgressInvokeSetting, PVOID Args)
Definition: misc.c:1488
SetNamedSecurityInfoW
DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1197
LoadAndInitializeNtMarta
static DWORD LoadAndInitializeNtMarta(VOID)
Definition: misc.c:32
GetUserNameW
BOOL WINAPI GetUserNameW(LPWSTR lpszName, LPDWORD lpSize)
Definition: misc.c:291
GetPrivateObjectSecurity
BOOL WINAPI GetPrivateObjectSecurity(IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor OPTIONAL, IN DWORD DescriptorLength, OUT PDWORD ReturnLength)
Definition: misc.c:1429
pSetSecurityInfoCheck
static DWORD pSetSecurityInfoCheck(PSECURITY_DESCRIPTOR pSecurityDescriptor, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1020
GetSecurityInfo
DWORD WINAPI GetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1244
GetUserNameA
BOOL WINAPI GetUserNameA(LPSTR lpszName, LPDWORD lpSize)
Definition: misc.c:246
TreeResetNamedSecurityInfoA
DWORD WINAPI TreeResetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID pOwner, PSID pGroup, PACL pDacl, PACL pSacl, BOOL KeepExplicit, FN_PROGRESSA fnProgress, PROG_INVOKE_SETTING ProgressInvokeSetting, PVOID Args)
Definition: misc.c:1621
pGetSecurityInfoCheck
static DWORD pGetSecurityInfoCheck(SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:965
ImpersonateLoggedOnUser
BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
Definition: misc.c:152
ImpersonateAnonymousToken
BOOL WINAPI ImpersonateAnonymousToken(IN HANDLE ThreadHandle)
Definition: misc.c:133
NtMarta
static PNTMARTA NtMarta
Definition: misc.c:20
LookupAccountSidW
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
Definition: misc.c:537
GetTokenInformation
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:411
OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:294
GetSidSubAuthority
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:896
GetSidLengthRequired
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:852
CopySid
BOOL WINAPI CopySid(DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
Definition: security.c:712
GetSidSubAuthorityCount
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:908
InitializeSecurityDescriptor
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:929
OpenThreadToken
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
Definition: security.c:336
CloseHandle
#define CloseHandle
Definition: compat.h:739
ERROR_CALL_NOT_IMPLEMENTED
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
CP_ACP
#define CP_ACP
Definition: compat.h:109
SetLastError
#define SetLastError(x)
Definition: compat.h:752
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
ThreadImpersonationToken
@ ThreadImpersonationToken
Definition: compat.h:940
FreeLibrary
#define FreeLibrary(x)
Definition: compat.h:748
GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:759
ERROR_INVALID_HANDLE
#define ERROR_INVALID_HANDLE
Definition: compat.h:98
WideCharToMultiByte
#define WideCharToMultiByte
Definition: compat.h:111
LoadLibraryW
#define LoadLibraryW(x)
Definition: compat.h:747
ret
return ret
Definition: mutex.c:146
L
#define L(x)
Definition: resources.c:13
__FUNCTION__
#define __FUNCTION__
Definition: types.h:116
InterlockedExchangePointer
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
Status
Status
Definition: gdiplustypes.h:25
LocalAlloc
HLOCAL NTAPI LocalAlloc(UINT uFlags, SIZE_T dwBytes)
Definition: heapmem.c:1390
LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
NtCurrentThread
#define NtCurrentThread()
Definition: winternl.h:5362
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
InterlockedCompareExchangePointer
#define InterlockedCompareExchangePointer
Definition: interlocked.h:144
SID_NAME_USE
enum _SID_NAME_USE SID_NAME_USE
SecurityImpersonation
@ SecurityImpersonation
Definition: lsa.idl:57
PSID_NAME_USE
enum _SID_NAME_USE * PSID_NAME_USE
SECURITY_QUALITY_OF_SERVICE
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
SidTypeUser
@ SidTypeUser
Definition: lsa.idl:118
TokenImpersonation
@ TokenImpersonation
Definition: imports.h:274
TokenPrimary
@ TokenPrimary
Definition: imports.h:273
pSid
static PSID pSid
Definition: security.c:74
ObjectType
ObjectType
Definition: metafile.c:81
SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
ErrorCode
_In_ NDIS_ERROR_CODE ErrorCode
Definition: ndis.h:4436
RtlSetSecurityObject
NTSYSAPI NTSTATUS NTAPI RtlSetSecurityObject(_In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Out_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ PGENERIC_MAPPING GenericMapping, _In_ HANDLE Token)
RtlNewSecurityObject
NTSYSAPI NTSTATUS NTAPI RtlNewSecurityObject(_In_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_ PSECURITY_DESCRIPTOR CreatorDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_ BOOLEAN IsDirectoryObject, _In_ HANDLE Token, _In_ PGENERIC_MAPPING GenericMapping)
RtlDeleteSecurityObject
NTSYSAPI NTSTATUS NTAPI RtlDeleteSecurityObject(_In_ PSECURITY_DESCRIPTOR *ObjectDescriptor)
RtlQuerySecurityObject
NTSYSAPI NTSTATUS NTAPI RtlQuerySecurityObject(_In_ PSECURITY_DESCRIPTOR ObjectDescriptor, _In_ SECURITY_INFORMATION SecurityInformation, _Out_ PSECURITY_DESCRIPTOR ResultantDescriptor, _In_ ULONG DescriptorLength, _Out_ PULONG ReturnLength)
RtlValidSid
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1157
RtlCreateUnicodeStringFromAsciiz
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
RtlUnicodeStringToAnsiString
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString(PANSI_STRING DestinationString, PUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
RtlAnsiStringToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
NtSetInformationThread
NTSTATUS NTAPI NtSetInformationThread(IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength)
Definition: query.c:2074
NtImpersonateAnonymousToken
NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
Definition: token.c:2612
POLICY_LOOKUP_NAMES
#define POLICY_LOOKUP_NAMES
Definition: ntsecapi.h:72
STATUS_SOME_NOT_MAPPED
#define STATUS_SOME_NOT_MAPPED
Definition: ntstatus.h:86
PDWORD
DWORD * PDWORD
Definition: pedump.c:68
USHORT
unsigned short USHORT
Definition: pedump.c:61
SetSecurityDescriptorControl
BOOL WINAPI SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet)
Definition: sec.c:238
SetSecurityDescriptorDacl
BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted)
Definition: sec.c:262
SetSecurityDescriptorOwner
BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pOwner, BOOL bOwnerDefaulted)
Definition: sec.c:312
SetSecurityDescriptorSacl
BOOL WINAPI SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bSaclPresent, PACL pSacl, BOOL bSaclDefaulted)
Definition: sec.c:351
SetSecurityDescriptorGroup
BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pGroup, BOOL bGroupDefaulted)
Definition: sec.c:288
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
_ACL
Definition: ms-dtyp.idl:293
_ANSI_STRING
Definition: env_spec_w32.h:375
_ANSI_STRING::Buffer
PSTR Buffer
Definition: env_spec_w32.h:378
_ANSI_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:377
_ANSI_STRING::Length
USHORT Length
Definition: env_spec_w32.h:376
_GENERIC_MAPPING
Definition: nt_native.h:564
_LSA_OBJECT_ATTRIBUTES
Definition: ntsecapi.h:177
_LSA_REFERENCED_DOMAIN_LIST
Definition: ntsecapi.h:406
_LSA_REFERENCED_DOMAIN_LIST::Entries
ULONG Entries
Definition: ntsecapi.h:407
_LSA_REFERENCED_DOMAIN_LIST::Domains
PLSA_TRUST_INFORMATION Domains
Definition: ntsecapi.h:408
_LSA_TRANSLATED_NAME
Definition: ntsecapi.h:421
_LSA_TRANSLATED_NAME::Name
LSA_UNICODE_STRING Name
Definition: ntsecapi.h:423
_LSA_TRANSLATED_NAME::Use
SID_NAME_USE Use
Definition: ntsecapi.h:422
_LSA_TRANSLATED_SID
Definition: ntsecapi.h:410
_LSA_TRANSLATED_SID::RelativeId
ULONG RelativeId
Definition: ntsecapi.h:412
_LSA_TRANSLATED_SID::DomainIndex
LONG DomainIndex
Definition: ntsecapi.h:413
_LSA_TRANSLATED_SID::Use
SID_NAME_USE Use
Definition: ntsecapi.h:411
_LSA_TRUST_INFORMATION::Sid
PSID Sid
Definition: ntsecapi.h:404
_LSA_TRUST_INFORMATION::Name
LSA_UNICODE_STRING Name
Definition: ntsecapi.h:403
_LSA_UNICODE_STRING
Definition: ntsecapi.h:162
_LSA_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: ntsecapi.h:168
_LSA_UNICODE_STRING::Length
USHORT Length
Definition: ntsecapi.h:163
_LUID
Definition: devicetopology.idl:137
_NTMARTA
Definition: advapi32.h:79
_NTMARTA::hDllInstance
HINSTANCE hDllInstance
Definition: advapi32.h:80
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
_SECURITY_QUALITY_OF_SERVICE::ContextTrackingMode
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
_SECURITY_QUALITY_OF_SERVICE::EffectiveOnly
BOOLEAN EffectiveOnly
Definition: lsa.idl:67
_SECURITY_QUALITY_OF_SERVICE::Length
DWORD Length
Definition: lsa.idl:64
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:506
_SID
Definition: ms-dtyp.idl:198
_TOKEN_USER
Definition: setypes.h:1021
_TOKEN_USER::User
SID_AND_ATTRIBUTES User
Definition: setypes.h:1022
_UNICODE_STRING
Definition: env_spec_w32.h:368
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
NtDuplicateToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869
LPDWORD
uint32_t * LPDWORD
Definition: typedefs.h:59
INT
int32_t INT
Definition: typedefs.h:58
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
IN
#define IN
Definition: typedefs.h:39
RtlMoveMemory
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264
ULONG
uint32_t ULONG
Definition: typedefs.h:59
OUT
#define OUT
Definition: typedefs.h:40
OBJECT_ATTRIBUTES
struct _OBJECT_ATTRIBUTES OBJECT_ATTRIBUTES
lpLuid
_In_ PLUID lpLuid
Definition: winbase.h:2850
lpDisplayName
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
Definition: winbase.h:2831
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
LookupAccountSid
#define LookupAccountSid
Definition: winbase.h:3908
lpLanguageId
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR _Inout_ LPDWORD _Out_ LPDWORD lpLanguageId
Definition: winbase.h:2833
cbSid
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD cbSid
Definition: winbase.h:2784
GetCurrentThread
HANDLE WINAPI GetCurrentThread(void)
Definition: proc.c:1148
lpName
_In_ LPCSTR lpName
Definition: winbase.h:2830
peUse
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR _Inout_ LPDWORD _Out_ PSID_NAME_USE peUse
Definition: winbase.h:2787
LookupAccountName
#define LookupAccountName
Definition: winbase.h:3907
cchReferencedDomainName
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR _Inout_ LPDWORD cchReferencedDomainName
Definition: winbase.h:2786
LMEM_FIXED
#define LMEM_FIXED
Definition: winbase.h:401
cchDisplayName
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR _Inout_ LPDWORD cchDisplayName
Definition: winbase.h:2832
ReferencedDomainName
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR ReferencedDomainName
Definition: winbase.h:2785
cchName
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2808
lpAccountName
_In_ LPCSTR lpAccountName
Definition: winbase.h:2782
WINAPI
#define WINAPI
Definition: msvc.h:6
ERROR_NO_SUCH_PRIVILEGE
#define ERROR_NO_SUCH_PRIVILEGE
Definition: winerror.h:1141
ERROR_NO_IMPERSONATION_TOKEN
#define ERROR_NO_IMPERSONATION_TOKEN
Definition: winerror.h:1137
ERROR_NO_TOKEN
#define ERROR_NO_TOKEN
Definition: winerror.h:912
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
IsDirectoryObject
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:31
NewDescriptor
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30
DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
SE_SACL_PROTECTED
#define SE_SACL_PROTECTED
Definition: setypes.h:844
SE_DACL_PROTECTED
#define SE_DACL_PROTECTED
Definition: setypes.h:843
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:940
OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
UNPROTECTED_SACL_SECURITY_INFORMATION
#define UNPROTECTED_SACL_SECURITY_INFORMATION
Definition: setypes.h:132
UNPROTECTED_DACL_SECURITY_INFORMATION
#define UNPROTECTED_DACL_SECURITY_INFORMATION
Definition: setypes.h:131
TokenUser
@ TokenUser
Definition: setypes.h:978
SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
TOKEN_IMPERSONATE
#define TOKEN_IMPERSONATE
Definition: setypes.h:939
SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
PROTECTED_DACL_SECURITY_INFORMATION
#define PROTECTED_DACL_SECURITY_INFORMATION
Definition: setypes.h:129
PROTECTED_SACL_SECURITY_INFORMATION
#define PROTECTED_SACL_SECURITY_INFORMATION
Definition: setypes.h:130
SECURITY_DYNAMIC_TRACKING
#define SECURITY_DYNAMIC_TRACKING
Definition: setypes.h:103
LPCSTR
const char * LPCSTR
Definition: xmlstorage.h:183
LPSTR
char * LPSTR
Definition: xmlstorage.h:182
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPCWSTR
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185