ReactOS  0.4.15-dev-5452-g3c95c95
Functions
token.c File Reference
#include <advapi32.h>
#include <ndk/setypes.h>
Include dependency graph for token.c:

Go to the source code of this file.

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (advapi)
 
BOOL WINAPI CheckTokenMembership (IN HANDLE ExistingTokenHandle, IN PSID SidToCheck, OUT PBOOL IsMember)
 
BOOL WINAPI IsTokenRestricted (HANDLE TokenHandle)
 
PSID WINAPI GetSiteSidFromToken (IN HANDLE TokenHandle)
 

Function Documentation

◆ CheckTokenMembership()

BOOL WINAPI CheckTokenMembership ( IN HANDLE  ExistingTokenHandle,
IN PSID  SidToCheck,
OUT PBOOL  IsMember 
)

Definition at line 21 of file token.c.

24 {
25  PISECURITY_DESCRIPTOR SecurityDescriptor = NULL;
26  ACCESS_MASK GrantedAccess;
27  struct
28  {
29  PRIVILEGE_SET PrivilegeSet;
30  LUID_AND_ATTRIBUTES Privileges[4];
31  } PrivBuffer;
32  ULONG PrivBufferSize = sizeof(PrivBuffer);
33  GENERIC_MAPPING GenericMapping =
34  {
35  STANDARD_RIGHTS_READ,
36  STANDARD_RIGHTS_WRITE,
37  STANDARD_RIGHTS_EXECUTE,
38  STANDARD_RIGHTS_ALL
39  };
40  PACL Dacl;
41  ULONG SidLen;
42  HANDLE hToken = NULL;
43  NTSTATUS Status, AccessStatus;
44 
45  /* doesn't return gracefully if IsMember is NULL! */
46  *IsMember = FALSE;
47 
48  SidLen = RtlLengthSid(SidToCheck);
49 
50  if (ExistingTokenHandle == NULL)
51  {
52  Status = NtOpenThreadToken(NtCurrentThread(),
53  TOKEN_QUERY,
54  FALSE,
55  &hToken);
56 
57  if (Status == STATUS_NO_TOKEN)
58  {
59  /* we're not impersonating, open the primary token */
60  Status = NtOpenProcessToken(NtCurrentProcess(),
61  TOKEN_QUERY | TOKEN_DUPLICATE,
62  &hToken);
63  if (NT_SUCCESS(Status))
64  {
65  HANDLE hNewToken = FALSE;
66  BOOL DupRet;
67 
68  /* duplicate the primary token to create an impersonation token */
69  DupRet = DuplicateTokenEx(hToken,
70  TOKEN_QUERY | TOKEN_IMPERSONATE,
71  NULL,
72  SecurityImpersonation,
73  TokenImpersonation,
74  &hNewToken);
75 
76  NtClose(hToken);
77 
78  if (!DupRet)
79  {
80  WARN("Failed to duplicate the primary token!\n");
81  return FALSE;
82  }
83 
84  hToken = hNewToken;
85  }
86  }
87 
88  if (!NT_SUCCESS(Status))
89  {
90  goto Cleanup;
91  }
92  }
93  else
94  {
95  hToken = ExistingTokenHandle;
96  }
97 
98  /* create a security descriptor */
99  SecurityDescriptor = RtlAllocateHeap(RtlGetProcessHeap(),
100  0,
101  sizeof(SECURITY_DESCRIPTOR) +
102  sizeof(ACL) + SidLen +
103  FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart));
104  if (SecurityDescriptor == NULL)
105  {
106  Status = STATUS_INSUFFICIENT_RESOURCES;
107  goto Cleanup;
108  }
109 
110  Status = RtlCreateSecurityDescriptor(SecurityDescriptor,
111  SECURITY_DESCRIPTOR_REVISION);
112  if (!NT_SUCCESS(Status))
113  {
114  goto Cleanup;
115  }
116 
117  /* set the owner and group */
118  Status = RtlSetOwnerSecurityDescriptor(SecurityDescriptor,
119  SidToCheck,
120  FALSE);
121  if (!NT_SUCCESS(Status))
122  {
123  goto Cleanup;
124  }
125 
126  Status = RtlSetGroupSecurityDescriptor(SecurityDescriptor,
127  SidToCheck,
128  FALSE);
129  if (!NT_SUCCESS(Status))
130  {
131  goto Cleanup;
132  }
133 
134  /* create the DACL */
135  Dacl = (PACL)(SecurityDescriptor + 1);
136  Status = RtlCreateAcl(Dacl,
137  sizeof(ACL) + SidLen + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart),
138  ACL_REVISION);
139  if (!NT_SUCCESS(Status))
140  {
141  goto Cleanup;
142  }
143 
144  Status = RtlAddAccessAllowedAce(Dacl,
145  ACL_REVISION,
146  0x1,
147  SidToCheck);
148  if (!NT_SUCCESS(Status))
149  {
150  goto Cleanup;
151  }
152 
153  /* assign the DACL to the security descriptor */
154  Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor,
155  TRUE,
156  Dacl,
157  FALSE);
158  if (!NT_SUCCESS(Status))
159  {
160  goto Cleanup;
161  }
162 
163  /* it's time to perform the access check. Just use _some_ desired access right
164  (same as for the ACE) and see if we're getting it granted. This indicates
165  our SID is a member of the token. We however can't use a generic access
166  right as those aren't mapped and return an error (STATUS_GENERIC_NOT_MAPPED). */
167  Status = NtAccessCheck(SecurityDescriptor,
168  hToken,
169  0x1,
170  &GenericMapping,
171  &PrivBuffer.PrivilegeSet,
172  &PrivBufferSize,
173  &GrantedAccess,
174  &AccessStatus);
175  if (NT_SUCCESS(Status) && NT_SUCCESS(AccessStatus) && (GrantedAccess == 0x1))
176  {
177  *IsMember = TRUE;
178  }
179 
180 Cleanup:
181  if (hToken != NULL && hToken != ExistingTokenHandle)
182  {
183  NtClose(hToken);
184  }
185 
186  if (SecurityDescriptor != NULL)
187  {
188  RtlFreeHeap(RtlGetProcessHeap(),
189  0,
190  SecurityDescriptor);
191  }
192 
193  if (!NT_SUCCESS(Status))
194  {
195  SetLastError(RtlNtStatusToDosError(Status));
196  return FALSE;
197  }
198 
199  return TRUE;
200 }
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
RtlSetGroupSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
STANDARD_RIGHTS_WRITE
#define STANDARD_RIGHTS_WRITE
Definition: nt_native.h:66
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
TRUE
#define TRUE
Definition: types.h:120
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_ACL
Definition: ms-dtyp.idl:293
x1
_In_ CLIPOBJ _In_ BRUSHOBJ _In_ LONG x1
Definition: winddi.h:3706
WARN
#define WARN(fmt,...)
Definition: debug.h:112
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NtCurrentThread
#define NtCurrentThread()
_PRIVILEGE_SET
Definition: setypes.h:85
RtlSetOwnerSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
TOKEN_IMPERSONATE
#define TOKEN_IMPERSONATE
Definition: setypes.h:923
RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NtOpenProcessToken
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350
RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
STANDARD_RIGHTS_EXECUTE
#define STANDARD_RIGHTS_EXECUTE
Definition: nt_native.h:67
RtlSetDaclSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
FALSE
#define FALSE
Definition: types.h:117
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
PACL
struct _ACL * PACL
Definition: security.c:104
Status
Status
Definition: gdiplustypes.h:24
NtAccessCheck
NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_opt_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1164
NtOpenThreadToken
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2281
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:924
_GENERIC_MAPPING
Definition: nt_native.h:564
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SetLastError
#define SetLastError(x)
Definition: compat.h:752
DuplicateTokenEx
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3602
STATUS_NO_TOKEN
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
TOKEN_DUPLICATE
#define TOKEN_DUPLICATE
Definition: setypes.h:922
Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
STANDARD_RIGHTS_READ
#define STANDARD_RIGHTS_READ
Definition: nt_native.h:65
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
STANDARD_RIGHTS_ALL
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
NULL
#define NULL
Definition: types.h:112
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39
ULONG
unsigned int ULONG
Definition: retypes.h:1
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40

Referenced by is_process_limited(), IsUserAdmin(), pSetupIsUserAdmin(), and SHTestTokenMembership().

◆ GetSiteSidFromToken()

PSID WINAPI GetSiteSidFromToken ( IN HANDLE  TokenHandle)

Definition at line 274 of file token.c.

275 {
276  PTOKEN_GROUPS RestrictedSids;
277  ULONG RetLen;
278  UINT i;
279  NTSTATUS Status;
280  PSID PSiteSid = NULL;
281  SID_IDENTIFIER_AUTHORITY InternetSiteAuthority = {SECURITY_INTERNETSITE_AUTHORITY};
282 
283  Status = NtQueryInformationToken(TokenHandle,
284  TokenRestrictedSids,
285  NULL,
286  0,
287  &RetLen);
288  if (Status != STATUS_BUFFER_TOO_SMALL)
289  {
290  SetLastError(RtlNtStatusToDosError(Status));
291  return NULL;
292  }
293 
294  RestrictedSids = (PTOKEN_GROUPS)RtlAllocateHeap(RtlGetProcessHeap(),
295  0,
296  RetLen);
297  if (RestrictedSids == NULL)
298  {
299  SetLastError(ERROR_OUTOFMEMORY);
300  return NULL;
301  }
302 
303  Status = NtQueryInformationToken(TokenHandle,
304  TokenRestrictedSids,
305  RestrictedSids,
306  RetLen,
307  &RetLen);
308  if (NT_SUCCESS(Status))
309  {
310  for (i = 0; i < RestrictedSids->GroupCount; i++)
311  {
312  SID* RSSid = RestrictedSids->Groups[i].Sid;
313 
314  if (RtlCompareMemory(&(RSSid->IdentifierAuthority),
315  &InternetSiteAuthority,
316  sizeof(SID_IDENTIFIER_AUTHORITY)) ==
317  sizeof(SID_IDENTIFIER_AUTHORITY))
318  {
319  PSiteSid = RtlAllocateHeap(RtlGetProcessHeap(),
320  0,
321  RtlLengthSid((RestrictedSids->
322  Groups[i]).Sid));
323  if (PSiteSid == NULL)
324  {
325  SetLastError(ERROR_OUTOFMEMORY);
326  }
327  else
328  {
329  RtlCopySid(RtlLengthSid(RestrictedSids->Groups[i].Sid),
330  PSiteSid,
331  RestrictedSids->Groups[i].Sid);
332  }
333 
334  break;
335  }
336  }
337  }
338  else
339  {
340  SetLastError(RtlNtStatusToDosError(Status));
341  }
342 
343  RtlFreeHeap(RtlGetProcessHeap(), 0, RestrictedSids);
344  return PSiteSid;
345 }
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:506
_TOKEN_GROUPS
Definition: setypes.h:1009
_SID
Definition: ms-dtyp.idl:198
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
Groups
TOpcodeData Groups[17][8]
Definition: disassemblerdata.h:895
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
PTOKEN_GROUPS
struct _TOKEN_GROUPS * PTOKEN_GROUPS
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
Status
Status
Definition: gdiplustypes.h:24
NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SetLastError
#define SetLastError(x)
Definition: compat.h:752
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
RtlCopySid
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
SECURITY_INTERNETSITE_AUTHORITY
#define SECURITY_INTERNETSITE_AUTHORITY
Definition: setypes.h:30
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_TOKEN_GROUPS::Groups
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1014
UINT
unsigned int UINT
Definition: ndis.h:50
NULL
#define NULL
Definition: types.h:112
_TOKEN_GROUPS::GroupCount
$ULONG GroupCount
Definition: setypes.h:1010
ULONG
unsigned int ULONG
Definition: retypes.h:1
_SID::IdentifierAuthority
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: ms-dtyp.idl:201
RtlCompareMemory
#define RtlCompareMemory(s1, s2, l)
Definition: env_spec_w32.h:465
ERROR_OUTOFMEMORY
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13

◆ IsTokenRestricted()

BOOL WINAPI IsTokenRestricted ( HANDLE  TokenHandle)

Definition at line 207 of file token.c.

208 {
209  ULONG RetLength;
210  PTOKEN_GROUPS lpGroups;
211  NTSTATUS Status;
212  BOOL Ret = FALSE;
213 
214  /* determine the required buffer size and allocate enough memory to read the
215  list of restricted SIDs */
216  Status = NtQueryInformationToken(TokenHandle,
217  TokenRestrictedSids,
218  NULL,
219  0,
220  &RetLength);
221  if (Status != STATUS_BUFFER_TOO_SMALL)
222  {
223  SetLastError(RtlNtStatusToDosError(Status));
224  return FALSE;
225  }
226 
227 AllocAndReadRestrictedSids:
228  lpGroups = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeap(),
229  0,
230  RetLength);
231  if (lpGroups == NULL)
232  {
233  SetLastError(ERROR_OUTOFMEMORY);
234  return FALSE;
235  }
236 
237  /* actually read the list of the restricted SIDs */
238  Status = NtQueryInformationToken(TokenHandle,
239  TokenRestrictedSids,
240  lpGroups,
241  RetLength,
242  &RetLength);
243  if (NT_SUCCESS(Status))
244  {
245  Ret = (lpGroups->GroupCount != 0);
246  }
247  else if (Status == STATUS_BUFFER_TOO_SMALL)
248  {
249  /* looks like the token was modified in the meanwhile, let's just try again */
250  HeapFree(GetProcessHeap(),
251  0,
252  lpGroups);
253 
254  goto AllocAndReadRestrictedSids;
255  }
256  else
257  {
258  SetLastError(RtlNtStatusToDosError(Status));
259  }
260 
261  /* free allocated memory */
262  HeapFree(GetProcessHeap(),
263  0,
264  lpGroups);
265 
266  return Ret;
267 }
_TOKEN_GROUPS
Definition: setypes.h:1009
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
FALSE
#define FALSE
Definition: types.h:117
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
PTOKEN_GROUPS
struct _TOKEN_GROUPS * PTOKEN_GROUPS
Status
Status
Definition: gdiplustypes.h:24
NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:736
HeapAlloc
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SetLastError
#define SetLastError(x)
Definition: compat.h:752
NULL
#define NULL
Definition: types.h:112
_TOKEN_GROUPS::GroupCount
$ULONG GroupCount
Definition: setypes.h:1010
ULONG
unsigned int ULONG
Definition: retypes.h:1
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:735
ERROR_OUTOFMEMORY
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13

Referenced by SepAnalyzeAcesFromDacl().

◆ WINE_DEFAULT_DEBUG_CHANNEL()

WINE_DEFAULT_DEBUG_CHANNEL ( advapi  )