ReactOS 0.4.15-dev-6656-gbbb33a6
security.c File Reference
#include <advapi32.h>
#include <sddl.h>
Include dependency graph for security.c:

Go to the source code of this file.

Classes

struct  _ACEFLAG
 
union  _MAX_SID
 
struct  WELLKNOWNSID
 
struct  WELLKNOWNRID
 

Macros

#define ADS_RIGHT_DS_CREATE_CHILD   0x0001
 
#define ADS_RIGHT_DS_DELETE_CHILD   0x0002
 
#define ADS_RIGHT_ACTRL_DS_LIST   0x0004
 
#define ADS_RIGHT_DS_SELF   0x0008
 
#define ADS_RIGHT_DS_READ_PROP   0x0010
 
#define ADS_RIGHT_DS_WRITE_PROP   0x0020
 
#define ADS_RIGHT_DS_DELETE_TREE   0x0040
 
#define ADS_RIGHT_DS_LIST_OBJECT   0x0080
 
#define ADS_RIGHT_DS_CONTROL_ACCESS   0x0100
 

Typedefs

typedef struct _ACEFLAG ACEFLAG
 
typedef struct _ACEFLAGLPACEFLAG
 
typedef struct _MAX_SID MAX_SID
 
typedef struct WELLKNOWNSID WELLKNOWNSID
 
typedef struct WELLKNOWNRID WELLKNOWNRID
 

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (advapi)
 
static BOOL ParseStringSidToSid (LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
 
static const chardebugstr_sid (PSID sid)
 
static __inline BOOL set_ntstatus (NTSTATUS status)
 
static LPWSTR SERV_dup (LPCSTR str)
 
BOOL ADVAPI_IsLocalComputer (LPCWSTR ServerName)
 
BOOL ADVAPI_GetComputerSid (PSID sid)
 
BOOL WINAPI OpenProcessToken (HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
 
BOOL WINAPI OpenThreadToken (HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
 
BOOL WINAPI AdjustTokenGroups (HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState, DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength)
 
BOOL WINAPI AdjustTokenPrivileges (HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
 
BOOL WINAPI GetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
 
BOOL WINAPI SetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
 
BOOL WINAPI SetThreadToken (IN PHANDLE ThreadHandle OPTIONAL, IN HANDLE TokenHandle)
 
BOOL WINAPI CreateRestrictedToken (_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
 Creates a filtered token that is a restricted one of the regular access token. A restricted token can have disabled SIDs, deleted privileges and/or restricted SIDs added.
 
BOOL WINAPI AllocateAndInitializeSid (PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
 
PVOID WINAPI FreeSid (PSID pSid)
 
BOOL WINAPI CopySid (DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
 
BOOL WINAPI CreateWellKnownSid (IN WELL_KNOWN_SID_TYPE WellKnownSidType, IN PSID DomainSid OPTIONAL, OUT PSID pSid, IN OUT DWORD *cbSid)
 
BOOL WINAPI IsWellKnownSid (IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType)
 
BOOL WINAPI IsValidSid (PSID pSid)
 
BOOL WINAPI EqualSid (PSID pSid1, PSID pSid2)
 
BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
 
DWORD WINAPI GetSidLengthRequired (UCHAR nSubAuthorityCount)
 
BOOL WINAPI InitializeSid (PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
 
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority (PSID pSid)
 
PDWORD WINAPI GetSidSubAuthority (PSID pSid, DWORD nSubAuthority)
 
PUCHAR WINAPI GetSidSubAuthorityCount (PSID pSid)
 
DWORD WINAPI GetLengthSid (PSID pSid)
 
BOOL WINAPI InitializeSecurityDescriptor (PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
 
BOOL WINAPI MakeAbsoluteSD (PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
 
BOOL WINAPI GetKernelObjectSecurity (HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI InitializeAcl (PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
 
BOOL WINAPI ImpersonateNamedPipeClient (HANDLE hNamedPipe)
 
BOOL WINAPI AddAccessAllowedAce (PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessAllowedAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessDeniedAce (PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessDeniedAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAce (PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
 
BOOL WINAPI DeleteAce (PACL pAcl, DWORD dwAceIndex)
 
BOOL WINAPI FindFirstFreeAce (PACL pAcl, LPVOID *pAce)
 
BOOL WINAPI GetAce (PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
 
BOOL WINAPI GetAclInformation (PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
 
BOOL WINAPI IsValidAcl (PACL pAcl)
 
BOOL WINAPI AllocateLocallyUniqueId (PLUID Luid)
 
BOOL WINAPI LookupPrivilegeDisplayNameA (LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
 
BOOL WINAPI LookupPrivilegeNameA (LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
 
BOOL WINAPI GetFileSecurityA (LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI GetFileSecurityW (LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI SetFileSecurityA (LPCSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
 
BOOL WINAPI SetFileSecurityW (LPCWSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
 
BOOL WINAPI QueryWindows31FilesMigration (DWORD x1)
 
BOOL WINAPI SynchronizeWindows31FilesAndWindowsNTRegistry (DWORD x1, DWORD x2, DWORD x3, DWORD x4)
 
BOOL WINAPI RevertToSelf (VOID)
 
BOOL WINAPI ImpersonateSelf (SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
BOOL WINAPI AccessCheck (IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT LPDWORD PrivilegeSetLength, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus)
 
BOOL WINAPI AccessCheckByType (_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ DWORD DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ DWORD ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ LPDWORD PrivilegeSetLength, _Out_ LPDWORD GrantedAccess, _Out_ LPBOOL AccessStatus)
 Determines whether security access can be granted to a client that requests such access on the object type list. The access is either granted or denied for the whole object hierarchy in the list.
 
BOOL WINAPI AccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ DWORD DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ DWORD ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ LPDWORD PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) LPDWORD GrantedAccess, _Out_writes_(ObjectTypeListLength) LPBOOL AccessStatus)
 Determines whether security access can be granted to a client that requests such access on the object type list. Unlike the AccessCheckByType variant, this function will grant or deny access to each individual object and sub-object in the list.
 
BOOL WINAPI SetKernelObjectSecurity (HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
 
BOOL WINAPI AddAuditAccessAce (PACL pAcl, DWORD dwAceRevision, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
 
BOOL WINAPI AddAuditAccessAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
 
BOOL WINAPI LookupAccountNameA (LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
 
BOOL WINAPI PrivilegeCheck (HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
 
DWORD WINAPI GetSecurityInfoExA (HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup)
 
DWORD WINAPI GetSecurityInfoExW (HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup)
 
VOID WINAPI BuildExplicitAccessWithNameA (PEXPLICIT_ACCESSA pExplicitAccess, LPSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
 
VOID WINAPI BuildExplicitAccessWithNameW (PEXPLICIT_ACCESSW pExplicitAccess, LPWSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
 
VOID WINAPI BuildTrusteeWithObjectsAndNameA (PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName, SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName, LPSTR InheritedObjectTypeName, LPSTR Name)
 
VOID WINAPI BuildTrusteeWithObjectsAndNameW (PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName, SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName, LPWSTR InheritedObjectTypeName, LPWSTR Name)
 
VOID WINAPI BuildTrusteeWithObjectsAndSidA (PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
 
VOID WINAPI BuildTrusteeWithObjectsAndSidW (PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
 
VOID WINAPI BuildTrusteeWithSidA (PTRUSTEE_A pTrustee, PSID pSid)
 
VOID WINAPI BuildTrusteeWithSidW (PTRUSTEE_W pTrustee, PSID pSid)
 
VOID WINAPI BuildTrusteeWithNameA (PTRUSTEE_A pTrustee, LPSTR name)
 
VOID WINAPI BuildTrusteeWithNameW (PTRUSTEE_W pTrustee, LPWSTR name)
 
TRUSTEE_FORM WINAPI GetTrusteeFormA (PTRUSTEEA pTrustee)
 
TRUSTEE_FORM WINAPI GetTrusteeFormW (PTRUSTEEW pTrustee)
 
LPSTR WINAPI GetTrusteeNameA (PTRUSTEE_A pTrustee)
 
LPWSTR WINAPI GetTrusteeNameW (PTRUSTEE_W pTrustee)
 
TRUSTEE_TYPE WINAPI GetTrusteeTypeA (PTRUSTEE_A pTrustee)
 
TRUSTEE_TYPE WINAPI GetTrusteeTypeW (PTRUSTEE_W pTrustee)
 
BOOL WINAPI SetAclInformation (PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
 
DWORD WINAPI SetNamedSecurityInfoA (LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
 
BOOL WINAPI AreAllAccessesGranted (DWORD GrantedAccess, DWORD DesiredAccess)
 
BOOL WINAPI AreAnyAccessesGranted (DWORD GrantedAccess, DWORD DesiredAccess)
 
static DWORD ParseAclStringFlags (LPCWSTR *StringAcl)
 
static BYTE ParseAceStringType (LPCWSTR *StringAcl)
 
static BYTE ParseAceStringFlags (LPCWSTR *StringAcl)
 
static DWORD ParseAceStringRights (LPCWSTR *StringAcl)
 
static BOOL ParseStringAclToAcl (LPCWSTR StringAcl, LPDWORD lpdwFlags, PACL pAcl, LPDWORD cBytes)
 
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor (LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
 
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA (LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
 
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW (LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
 
static void DumpString (LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSidNumeric (PSID psid, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSid (PSID psid, WCHAR **pwptr, ULONG *plen)
 
static void DumpRights (DWORD mask, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpAce (LPVOID pace, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpAcl (PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
 
static BOOL DumpOwner (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpGroup (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpDacl (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSacl (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW (PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
 
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA (PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
 
BOOL WINAPI ConvertStringSidToSidW (LPCWSTR StringSid, PSID *Sid)
 
BOOL WINAPI ConvertStringSidToSidA (LPCSTR StringSid, PSID *Sid)
 
BOOL WINAPI ConvertSidToStringSidW (PSID Sid, LPWSTR *StringSid)
 
BOOL WINAPI ConvertSidToStringSidA (PSID Sid, LPSTR *StringSid)
 
static DWORD GetUnicodeEnvironmentSize (PVOID pEnvironment)
 
static DWORD GetAnsiEnvironmentSize (PVOID pEnvironment)
 
BOOL WINAPI CreateProcessWithLogonW (_In_ LPCWSTR lpUsername, _In_opt_ LPCWSTR lpDomain, _In_ LPCWSTR lpPassword, _In_ DWORD dwLogonFlags, _In_opt_ LPCWSTR lpApplicationName, _Inout_opt_ LPWSTR lpCommandLine, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCWSTR lpCurrentDirectory, _In_ LPSTARTUPINFOW lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation)
 
BOOL WINAPI CreateProcessWithTokenW (HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line, DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info, PROCESS_INFORMATION *process_information)
 
BOOL WINAPI DuplicateTokenEx (IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
 
BOOL WINAPI DuplicateToken (IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
 
static DWORD ComputeStringSidSize (LPCWSTR StringSid)
 
DWORD WINAPI GetNamedSecurityInfoA (LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
 
BOOL WINAPI GetWindowsAccountDomainSid (PSID sid, PSID domain_sid, DWORD *size)
 
BOOL WINAPI EqualDomainSid (IN PSID pSid1, IN PSID pSid2, OUT BOOL *pfEqual)
 

Variables

static const WELLKNOWNSID WellKnownSids []
 
static const WELLKNOWNRID WellKnownRids []
 
static const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }
 
static const WCHAR SDDL_NO_READ_UP [] = {'N','R',0}
 
static const WCHAR SDDL_NO_WRITE_UP [] = {'N','W',0}
 
static const WCHAR SDDL_NO_EXECUTE_UP [] = {'N','X',0}
 
static const WCHAR SDDL_ACCESS_ALLOWED [] = {'A',0}
 
static const WCHAR SDDL_ACCESS_DENIED [] = {'D',0}
 
static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED [] = {'O','A',0}
 
static const WCHAR SDDL_OBJECT_ACCESS_DENIED [] = {'O','D',0}
 
static const WCHAR SDDL_AUDIT [] = {'A','U',0}
 
static const WCHAR SDDL_ALARM [] = {'A','L',0}
 
static const WCHAR SDDL_MANDATORY_LABEL [] = {'M','L',0}
 
static const WCHAR SDDL_OBJECT_AUDIT [] = {'O','U',0}
 
static const WCHAR SDDL_OBJECT_ALARM [] = {'O','L',0}
 
static const WCHAR SDDL_CONTAINER_INHERIT [] = {'C','I',0}
 
static const WCHAR SDDL_OBJECT_INHERIT [] = {'O','I',0}
 
static const WCHAR SDDL_NO_PROPAGATE [] = {'N','P',0}
 
static const WCHAR SDDL_INHERIT_ONLY [] = {'I','O',0}
 
static const WCHAR SDDL_INHERITED [] = {'I','D',0}
 
static const WCHAR SDDL_AUDIT_SUCCESS [] = {'S','A',0}
 
static const WCHAR SDDL_AUDIT_FAILURE [] = {'F','A',0}
 
static const ACEFLAG AceType []
 
static const ACEFLAG AceFlags []
 
static const ACEFLAG AceRights []
 
static const LPCWSTR AceRightBitNames [32]
 

Macro Definition Documentation

◆ ADS_RIGHT_ACTRL_DS_LIST

#define ADS_RIGHT_ACTRL_DS_LIST   0x0004

Definition at line 157 of file security.c.

◆ ADS_RIGHT_DS_CONTROL_ACCESS

#define ADS_RIGHT_DS_CONTROL_ACCESS   0x0100

Definition at line 163 of file security.c.

◆ ADS_RIGHT_DS_CREATE_CHILD

#define ADS_RIGHT_DS_CREATE_CHILD   0x0001

Definition at line 155 of file security.c.

◆ ADS_RIGHT_DS_DELETE_CHILD

#define ADS_RIGHT_DS_DELETE_CHILD   0x0002

Definition at line 156 of file security.c.

◆ ADS_RIGHT_DS_DELETE_TREE

#define ADS_RIGHT_DS_DELETE_TREE   0x0040

Definition at line 161 of file security.c.

◆ ADS_RIGHT_DS_LIST_OBJECT

#define ADS_RIGHT_DS_LIST_OBJECT   0x0080

Definition at line 162 of file security.c.

◆ ADS_RIGHT_DS_READ_PROP

#define ADS_RIGHT_DS_READ_PROP   0x0010

Definition at line 159 of file security.c.

◆ ADS_RIGHT_DS_SELF

#define ADS_RIGHT_DS_SELF   0x0008

Definition at line 158 of file security.c.

◆ ADS_RIGHT_DS_WRITE_PROP

#define ADS_RIGHT_DS_WRITE_PROP   0x0020

Definition at line 160 of file security.c.

Typedef Documentation

◆ ACEFLAG

◆ LPACEFLAG

◆ MAX_SID

◆ WELLKNOWNRID

◆ WELLKNOWNSID

Function Documentation

◆ AccessCheck()

BOOL WINAPI AccessCheck ( IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN HANDLE  ClientToken,
IN DWORD  DesiredAccess,
IN PGENERIC_MAPPING  GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet  OPTIONAL,
IN OUT LPDWORD  PrivilegeSetLength,
OUT LPDWORD  GrantedAccess,
OUT LPBOOL  AccessStatus 
)

Definition at line 1652 of file security.c.

1660{
1662 NTSTATUS NtAccessStatus;
1663
1664 /* Do the access check */
1665 Status = NtAccessCheck(pSecurityDescriptor,
1666 ClientToken,
1669 PrivilegeSet,
1670 (PULONG)PrivilegeSetLength,
1672 &NtAccessStatus);
1673
1674 /* See if the access check operation succeeded */
1675 if (!NT_SUCCESS(Status))
1676 {
1677 /* Check failed */
1679 return FALSE;
1680 }
1681
1682 /* Now check the access status */
1683 if (!NT_SUCCESS(NtAccessStatus))
1684 {
1685 /* Access denied */
1686 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1688 }
1689 else
1690 {
1691 /* Access granted */
1692 *AccessStatus = TRUE;
1693 }
1694
1695 /* Check succeeded */
1696 return TRUE;
1697}
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on an object.
Definition: accesschk.c:2186
LONG NTSTATUS
Definition: precomp.h:26
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SetLastError(x)
Definition: compat.h:752
Status
Definition: gdiplustypes.h:25
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
uint32_t * PULONG
Definition: typedefs.h:59
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20

Referenced by test_AccessCheck(), test_default_handle_security(), and test_FileSecurity().

◆ AccessCheckByType()

BOOL WINAPI AccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  pSecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ DWORD  DesiredAccess,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ DWORD  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ LPDWORD  PrivilegeSetLength,
_Out_ LPDWORD  GrantedAccess,
_Out_ LPBOOL  AccessStatus 
)

Determines whether security access can be granted to a client that requests such access on the object type list. The access is either granted or denied for the whole object hierarchy in the list.

Parameters
[in]pSecurityDescriptorA pointer to a security descriptor that identifies the security information of an object being accessed. This function walks through this descriptor for any ACLs and respective access rights if access can be granted.
[in]PrincipalSelfSidA pointer to a principal self SID. This parameter can be NULL if the associated object being checked for access does not represent a principal.
[in]ClientTokenA handle to an access token, that identifies the client of which requests access to the target object.
[in]DesiredAccessThe access right bitmask where the client wants to acquire. This can be an OR'ed set of multiple access rights or MAXIMUM_ALLOWED to request all of possible access rights the target object allows. If only some rights were granted but not all the access is deemed as denied.
[in]ObjectTypeListA pointer to a given object type list. If this parameter is not NULL the function will perform an access check against the main object and sub-objects of this list. If this parameter is NULL and ObjectTypeListLength is 0, the function will perform a normal access check instead.
[in]ObjectTypeListLengthThe length of the object type list array, pointed by ObjectTypeList. This length in question represents the number of elements in such array. This parameter must be 0 if no array list is provided.
[in]GenericMappingThe generic mapping of access rights of an object type.
[out]PrivilegeSetA pointer to a set of privileges that were used to perform the access check, returned to caller. This function will return no privileges (privilege count set to 0) if no privileges were used to accomplish the access check. This parameter must not be NULL!
[in,out]PrivilegeSetLengthThe total length size of a set of privileges. This length represents the count of elements in the privilege set array.
[out]GrantedAccessA pointer to granted access rights, returned to the caller.
[out]AccessStatusA pointer to a boolean value that indicates whether access is granted or denied to the client that requests access to the entire hierarchy of an object type list. If ObjectTypeList is NULL, this value represents the access that is granted or denied to the target object, just like in AccessCheck.
Returns
The function returns TRUE if the access check operation has completed successfully, otherwise it returns FALSE.

Definition at line 1769 of file security.c.

1781{
1783 NTSTATUS NtAccessStatus;
1784
1785 Status = NtAccessCheckByType(pSecurityDescriptor,
1786 PrincipalSelfSid,
1787 ClientToken,
1789 ObjectTypeList,
1790 ObjectTypeListLength,
1792 PrivilegeSet,
1793 PrivilegeSetLength,
1795 &NtAccessStatus);
1796 if (!NT_SUCCESS(Status))
1797 {
1799 return FALSE;
1800 }
1801
1802 if (!NT_SUCCESS(NtAccessStatus))
1803 {
1804 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1806 }
1807 else
1808 {
1809 *AccessStatus = TRUE;
1810 }
1811
1812 return TRUE;
1813}
NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2226

◆ AccessCheckByTypeResultList()

BOOL WINAPI AccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  pSecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ DWORD  DesiredAccess,
_In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ DWORD  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ LPDWORD  PrivilegeSetLength,
_Out_writes_(ObjectTypeListLength) LPDWORD  GrantedAccess,
_Out_writes_(ObjectTypeListLength) LPBOOL  AccessStatus 
)

Determines whether security access can be granted to a client that requests such access on the object type list. Unlike the AccessCheckByType variant, this function will grant or deny access to each individual object and sub-object in the list.

Parameters
[in]pSecurityDescriptorA pointer to a security descriptor that identifies the security information of an object being accessed. This function walks through this descriptor for any ACLs and respective access rights if access can be granted.
[in]PrincipalSelfSidA pointer to a principal self SID. This parameter can be NULL if the associated object being checked for access does not represent a principal.
[in]ClientTokenA handle to an access token, that identifies the client of which requests access to the target object.
[in]DesiredAccessThe access right bitmask where the client wants to acquire. This can be an OR'ed set of multiple access rights or MAXIMUM_ALLOWED to request all of possible access rights the target object allows. If only some rights were granted but not all the access is deemed as denied.
[in]ObjectTypeListA pointer to a given object type list. This function will perform an access check against the main object and sub-objects of this list. This parameter must not be NULL!
[in]ObjectTypeListLengthThe length of the object type list array, pointed by ObjectTypeList. This length in question represents the number of elements in such array. This parameter must be 0 if no array list is provided.
[in]GenericMappingThe generic mapping of access rights of an object type.
[out]PrivilegeSetA pointer to a set of privileges that were used to perform the access check, returned to caller. This function will return no privileges (privilege count set to 0) if no privileges were used to accomplish the access check. This parameter must not be NULL!
[in,out]PrivilegeSetLengthThe total length size of a set of privileges. This length represents the count of elements in the privilege set array.
[out]GrantedAccessA pointer to granted access rights. This parameter is an array of granted rights for the object and each sub-object of an object type list.
[out]AccessStatusA pointer to a boolean value that indicates whether access is granted or denied to the client that requests access to the object and sub-objects of an object type list. This parameter is an array of boolean values for the object and each individual sub-object of the list.
Returns
The function returns TRUE if the access check operation has completed successfully, otherwise it returns FALSE.

Definition at line 1883 of file security.c.

1895{
1897 DWORD ResultListIndex;
1898 PNTSTATUS NtAccessStatus = NULL;
1899
1900 Status = NtAccessCheckByTypeResultList(pSecurityDescriptor,
1901 PrincipalSelfSid,
1902 ClientToken,
1904 ObjectTypeList,
1905 ObjectTypeListLength,
1907 PrivilegeSet,
1908 PrivilegeSetLength,
1910 NtAccessStatus);
1911 if (!NT_SUCCESS(Status))
1912 {
1914 return FALSE;
1915 }
1916
1917 for (ResultListIndex = 0; ResultListIndex < ObjectTypeListLength; ResultListIndex++)
1918 {
1919 AccessStatus[ResultListIndex] = RtlNtStatusToDosError(NtAccessStatus[ResultListIndex]);
1920 }
1921
1922 return TRUE;
1923}
NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2269
#define NULL
Definition: types.h:112
unsigned long DWORD
Definition: ntddk_ex.h:95
* PNTSTATUS
Definition: strlen.c:14

◆ AddAccessAllowedAce()

BOOL WINAPI AddAccessAllowedAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AccessMask,
PSID  pSid 
)

◆ AddAccessAllowedAceEx()

BOOL WINAPI AddAccessAllowedAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1065 of file security.c.

1070{
1072
1075 AceFlags,
1076 AccessMask,
1077 pSid);
1078 if (!NT_SUCCESS(Status))
1079 {
1081 return FALSE;
1082 }
1083
1084 return TRUE;
1085}
static const ACEFLAG AceFlags[]
Definition: security.c:2626
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), CreateApplicationDesktopSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), get_sd(), and GetShellSecurityDescriptor().

◆ AddAccessDeniedAce()

BOOL WINAPI AddAccessDeniedAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1092 of file security.c.

1096{
1098
1101 AccessMask,
1102 pSid);
1103 if (!NT_SUCCESS(Status))
1104 {
1106 return FALSE;
1107 }
1108
1109 return TRUE;
1110}
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)

Referenced by AccRewriteSetEntriesInAcl(), convert_nfs4acl_2_dacl(), GetShellSecurityDescriptor(), test_AccessCheck(), and test_process_security().

◆ AddAccessDeniedAceEx()

BOOL WINAPI AddAccessDeniedAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1116 of file security.c.

1121{
1123
1126 AceFlags,
1127 AccessMask,
1128 pSid);
1129 if (!NT_SUCCESS(Status))
1130 {
1132 return FALSE;
1133 }
1134
1135 return TRUE;
1136}
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)

Referenced by GetShellSecurityDescriptor().

◆ AddAce()

BOOL WINAPI AddAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  dwStartingAceIndex,
LPVOID  pAceList,
DWORD  nAceListLength 
)

Definition at line 1143 of file security.c.

1148{
1150
1151 Status = RtlAddAce(pAcl,
1153 dwStartingAceIndex,
1154 pAceList,
1155 nAceListLength);
1156 if (!NT_SUCCESS(Status))
1157 {
1159 return FALSE;
1160 }
1161
1162 return TRUE;
1163}
NTSYSAPI NTSTATUS NTAPI RtlAddAce(_Inout_ PACL Acl, _In_ ULONG AceRevision, _In_ ULONG StartingAceIndex, _In_reads_bytes_(AceListLength) PVOID AceList, _In_ ULONG AceListLength)

Referenced by test_AddAce().

◆ AddAuditAccessAce()

BOOL WINAPI AddAuditAccessAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  dwAccessMask,
PSID  pSid,
BOOL  bAuditSuccess,
BOOL  bAuditFailure 
)

Definition at line 1953 of file security.c.

1959{
1961
1964 dwAccessMask,
1965 pSid,
1966 bAuditSuccess,
1967 bAuditFailure);
1968 if (!NT_SUCCESS(Status))
1969 {
1971 return FALSE;
1972 }
1973
1974 return TRUE;
1975}
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)

◆ AddAuditAccessAceEx()

BOOL WINAPI AddAuditAccessAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  dwAccessMask,
PSID  pSid,
BOOL  bAuditSuccess,
BOOL  bAuditFailure 
)

Definition at line 1981 of file security.c.

1988{
1990
1993 AceFlags,
1994 dwAccessMask,
1995 pSid,
1996 bAuditSuccess,
1997 bAuditFailure);
1998 if (!NT_SUCCESS(Status))
1999 {
2001 return FALSE;
2002 }
2003
2004 return TRUE;
2005}
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)

◆ AdjustTokenGroups()

BOOL WINAPI AdjustTokenGroups ( HANDLE  TokenHandle,
BOOL  ResetToDefault,
PTOKEN_GROUPS  NewState,
DWORD  BufferLength,
PTOKEN_GROUPS  PreviousState,
PDWORD  ReturnLength 
)

Definition at line 348 of file security.c.

354{
356
358 ResetToDefault,
359 NewState,
363 if (!NT_SUCCESS(Status))
364 {
366 return FALSE;
367 }
368
369 return TRUE;
370}
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:43
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:718
NTSTATUS NTAPI NtAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
Changes the list of groups by enabling or disabling them in an access token. Unlike NtAdjustPrivilege...
Definition: tokenadj.c:695
_In_ WDF_POWER_DEVICE_STATE PreviousState
Definition: wdfdevice.h:829
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771

◆ AdjustTokenPrivileges()

BOOL WINAPI AdjustTokenPrivileges ( HANDLE  TokenHandle,
BOOL  DisableAllPrivileges,
PTOKEN_PRIVILEGES  NewState,
DWORD  BufferLength,
PTOKEN_PRIVILEGES  PreviousState,
PDWORD  ReturnLength 
)

Definition at line 376 of file security.c.

382{
384
386 DisableAllPrivileges,
387 NewState,
392 {
394 return TRUE;
395 }
396
397 if (!NT_SUCCESS(Status))
398 {
400 return FALSE;
401 }
402
403 /* AdjustTokenPrivileges is documented to do this */
405
406 return TRUE;
407}
#define ERROR_SUCCESS
Definition: deptool.c:10
#define STATUS_NOT_ALL_ASSIGNED
Definition: ntstatus.h:85
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
Removes a certain amount of privileges of a token based upon the request by the caller.
Definition: tokenadj.c:451
#define ERROR_NOT_ALL_ASSIGNED
Definition: winerror.h:782

Referenced by AcquireRemoveRestorePrivilege(), AddDeviceW(), DisablePrivilege(), DisableTokenPrivileges(), EnablePrivilege(), EnableProcessPrivileges(), CShellCommandSACL::Execute(), FormatEx2(), InstallReactOS(), named_pipe_client_func(), PauseBalanceW(), Privilege(), pSetupEnablePrivilege(), RecvSubvolGUIW(), RecvSubvolW(), RemoveDeviceW(), ResetStatsW(), ResizeDeviceW(), ScmEnableBackupRestorePrivileges(), SendSubvolGUIW(), SendSubvolW(), set_privileges(), SetDriverLoadPrivilege(), SetPrivilege(), ShowScrubW(), ShutdownSystem(), StartBalanceW(), StartScrubW(), StopBalanceW(), StopScrubW(), SystemSetLocalTime(), SystemSetTime(), test8(), test_AdjustTokenPrivileges(), test_SetFileValidData(), test_system_security_access(), UpdateDriver(), WinMain(), and wWinMain().

◆ ADVAPI_GetComputerSid()

BOOL ADVAPI_GetComputerSid ( PSID  sid)

Definition at line 275 of file security.c.

276{
277 static const struct /* same fields as struct SID */
278 {
282 DWORD SubAuthority[4];
283 } computer_sid =
285
286 memcpy( sid, &computer_sid, sizeof(computer_sid) );
287 return TRUE;
288}
FT_UInt sid
Definition: cffcmap.c:139
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
Definition: rtlfuncs.h:1515
_In_ ULONG Revision
Definition: rtlfuncs.h:1130
_In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: rtlfuncs.h:1513
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
#define SID_REVISION
Definition: setypes.h:481
#define SECURITY_NT_NON_UNIQUE
Definition: setypes.h:577
unsigned char BYTE
Definition: xxhash.c:193

Referenced by ComputeStringSidSize(), and ParseStringSidToSid().

◆ ADVAPI_IsLocalComputer()

BOOL ADVAPI_IsLocalComputer ( LPCWSTR  ServerName)

Definition at line 253 of file security.c.

254{
256 BOOL Result;
257 LPWSTR buf;
258
259 if (!ServerName || !ServerName[0])
260 return TRUE;
261
262 buf = heap_alloc(dwSize * sizeof(WCHAR));
264 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
265 ServerName += 2;
266 Result = Result && !lstrcmpW(ServerName, buf);
267 heap_free(buf);
268
269 return Result;
270}
static void * heap_alloc(size_t len)
Definition: appwiz.h:66
static BOOL heap_free(void *mem)
Definition: appwiz.h:76
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
unsigned int BOOL
Definition: ntddk_ex.h:94
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
int WINAPI lstrcmpW(LPCWSTR lpString1, LPCWSTR lpString2)
Definition: lstring.c:170
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:243
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
__wchar_t WCHAR
Definition: xmlstorage.h:180
WCHAR * LPWSTR
Definition: xmlstorage.h:184

◆ AllocateAndInitializeSid()

BOOL WINAPI AllocateAndInitializeSid ( PSID_IDENTIFIER_AUTHORITY  pIdentifierAuthority,
BYTE  nSubAuthorityCount,
DWORD  nSubAuthority0,
DWORD  nSubAuthority1,
DWORD  nSubAuthority2,
DWORD  nSubAuthority3,
DWORD  nSubAuthority4,
DWORD  nSubAuthority5,
DWORD  nSubAuthority6,
DWORD  nSubAuthority7,
PSID pSid 
)

Definition at line 676 of file security.c.

683{
685 pIdentifierAuthority, nSubAuthorityCount,
686 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
687 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
688 pSid ));
689}
static __inline BOOL set_ntstatus(NTSTATUS status)
Definition: security.c:229
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), check_wellknown_name(), CheckForGuestsAndAdmins(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreateLogoffSecurityAttributes(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), GetShellSecurityDescriptor(), is_process_limited(), is_token_admin(), IsCallerInteractive(), IsNTAdmin(), IsUserAdmin(), PerfDataInitialize(), pSetupIsUserAdmin(), SHTestTokenMembership(), START_TEST(), test_AccessCheck(), test_AddMandatoryAce(), test_CreateWellKnownSid(), test_EqualSid(), test_GetExplicitEntriesFromAclW(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_LookupAccountSid(), test_process_security(), test_reg_create_key(), test_reg_open_key(), test_SetEntriesInAclA(), test_SetEntriesInAclW(), test_sid(), and test_trustee().

◆ AllocateLocallyUniqueId()

BOOL WINAPI AllocateLocallyUniqueId ( PLUID  Luid)

Definition at line 1220 of file security.c.

1221{
1223
1225 if (!NT_SUCCESS (Status))
1226 {
1228 return FALSE;
1229 }
1230
1231 return TRUE;
1232}
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:348

Referenced by CookupNodeId(), LogonUserExW(), MyLogonUser(), and wined3d_adapter_init().

◆ AreAllAccessesGranted()

BOOL WINAPI AreAllAccessesGranted ( DWORD  GrantedAccess,
DWORD  DesiredAccess 
)

Definition at line 2534 of file security.c.

2536{
2539}
NTSYSAPI BOOLEAN NTAPI RtlAreAllAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)

◆ AreAnyAccessesGranted()

BOOL WINAPI AreAnyAccessesGranted ( DWORD  GrantedAccess,
DWORD  DesiredAccess 
)

Definition at line 2546 of file security.c.

2548{
2551}
NTSYSAPI BOOLEAN NTAPI RtlAreAnyAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)

◆ BuildExplicitAccessWithNameA()

VOID WINAPI BuildExplicitAccessWithNameA ( PEXPLICIT_ACCESSA  pExplicitAccess,
LPSTR  pTrusteeName,
DWORD  AccessPermissions,
ACCESS_MODE  AccessMode,
DWORD  Inheritance 
)

Definition at line 2132 of file security.c.

2137{
2138 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2139 pExplicitAccess->grfAccessMode = AccessMode;
2140 pExplicitAccess->grfInheritance = Inheritance;
2141
2142 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2144 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2145 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2146 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2147}
@ TRUSTEE_IS_NAME
Definition: accctrl.h:190
@ TRUSTEE_IS_UNKNOWN
Definition: accctrl.h:176
@ NO_MULTIPLE_TRUSTEE
Definition: accctrl.h:198
DWORD grfAccessPermissions
Definition: accctrl.h:332
TRUSTEE_A Trustee
Definition: accctrl.h:335
DWORD grfInheritance
Definition: accctrl.h:334
ACCESS_MODE grfAccessMode
Definition: accctrl.h:333
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:205
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:207
TRUSTEE_FORM TrusteeForm
Definition: accctrl.h:206
struct _TRUSTEE_A * pMultipleTrustee
Definition: accctrl.h:204
LPSTR ptstrName
Definition: accctrl.h:208
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396

◆ BuildExplicitAccessWithNameW()

VOID WINAPI BuildExplicitAccessWithNameW ( PEXPLICIT_ACCESSW  pExplicitAccess,
LPWSTR  pTrusteeName,
DWORD  AccessPermissions,
ACCESS_MODE  AccessMode,
DWORD  Inheritance 
)

Definition at line 2154 of file security.c.

2159{
2160 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2161 pExplicitAccess->grfAccessMode = AccessMode;
2162 pExplicitAccess->grfInheritance = Inheritance;
2163
2164 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2166 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2167 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2168 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2169}
DWORD grfAccessPermissions
Definition: accctrl.h:340
DWORD grfInheritance
Definition: accctrl.h:342
TRUSTEE_W Trustee
Definition: accctrl.h:343
ACCESS_MODE grfAccessMode
Definition: accctrl.h:341
LPWSTR ptstrName
Definition: accctrl.h:217
struct _TRUSTEE_W * pMultipleTrustee
Definition: accctrl.h:213
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:216
TRUSTEE_FORM TrusteeForm
Definition: accctrl.h:215
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:214

◆ BuildTrusteeWithNameA()

VOID WINAPI BuildTrusteeWithNameA ( PTRUSTEE_A  pTrustee,
LPSTR  name 
)

Definition at line 2377 of file security.c.

2379{
2380 TRACE("%p %s\n", pTrustee, name);
2381
2382 pTrustee->pMultipleTrustee = NULL;
2384 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2385 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2386 pTrustee->ptstrName = name;
2387}
#define TRACE(s)
Definition: solgame.cpp:4
Definition: name.c:39

◆ BuildTrusteeWithNameW()

VOID WINAPI BuildTrusteeWithNameW ( PTRUSTEE_W  pTrustee,
LPWSTR  name 
)

Definition at line 2393 of file security.c.

2395{
2396 TRACE("%p %s\n", pTrustee, name);
2397
2398 pTrustee->pMultipleTrustee = NULL;
2400 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2401 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2402 pTrustee->ptstrName = name;
2403}

◆ BuildTrusteeWithObjectsAndNameA()

VOID WINAPI BuildTrusteeWithObjectsAndNameA ( PTRUSTEEA  pTrustee,
POBJECTS_AND_NAME_A  pObjName,
SE_OBJECT_TYPE  ObjectType,
LPSTR  ObjectTypeName,
LPSTR  InheritedObjectTypeName,
LPSTR  Name 
)

Definition at line 2174 of file security.c.

2177{
2178 DWORD ObjectsPresent = 0;
2179
2180 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2182
2183 /* Fill the OBJECTS_AND_NAME structure */
2185 if (ObjectTypeName != NULL)
2186 {
2187 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2188 }
2189
2192 {
2193 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2194 }
2195
2196 pObjName->ObjectsPresent = ObjectsPresent;
2198
2199 /* Fill the TRUSTEE structure */
2200 pTrustee->pMultipleTrustee = NULL;
2203 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2204 pTrustee->ptstrName = (LPSTR)pObjName;
2205}
@ TRUSTEE_IS_OBJECTS_AND_NAME
Definition: accctrl.h:193
struct NameRec_ * Name
Definition: cdprocs.h:460
#define debugstr_a
Definition: kernel32.h:31
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
static POBJECTS_AND_NAME_A pObjName
Definition: security.c:77
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR InheritedObjectTypeName
Definition: security.c:80
ObjectType
Definition: metafile.c:81
DWORD ObjectsPresent
Definition: accctrl.h:356
LPSTR InheritedObjectTypeName
Definition: accctrl.h:359
SE_OBJECT_TYPE ObjectType
Definition: accctrl.h:357
#define ACE_INHERITED_OBJECT_TYPE_PRESENT
Definition: setypes.h:806
#define ACE_OBJECT_TYPE_PRESENT
Definition: setypes.h:805
char * LPSTR
Definition: xmlstorage.h:182

◆ BuildTrusteeWithObjectsAndNameW()

VOID WINAPI BuildTrusteeWithObjectsAndNameW ( PTRUSTEEW  pTrustee,
POBJECTS_AND_NAME_W  pObjName,
SE_OBJECT_TYPE  ObjectType,
LPWSTR  ObjectTypeName,
LPWSTR  InheritedObjectTypeName,
LPWSTR  Name 
)

Definition at line 2210 of file security.c.

2213{
2214 DWORD ObjectsPresent = 0;
2215
2216 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2218
2219 /* Fill the OBJECTS_AND_NAME structure */
2221 if (ObjectTypeName != NULL)
2222 {
2223 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2224 }
2225
2228 {
2229 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2230 }
2231
2232 pObjName->ObjectsPresent = ObjectsPresent;
2234
2235 /* Fill the TRUSTEE structure */
2236 pTrustee->pMultipleTrustee = NULL;
2239 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2240 pTrustee->ptstrName = (LPWSTR)pObjName;
2241}
#define debugstr_w
Definition: kernel32.h:32

◆ BuildTrusteeWithObjectsAndSidA()

VOID WINAPI BuildTrusteeWithObjectsAndSidA ( PTRUSTEEA  pTrustee,
POBJECTS_AND_SID  pObjSid,
GUID pObjectGuid,
GUID pInheritedObjectGuid,
PSID  pSid 
)

Definition at line 2247 of file security.c.

2252{
2253 DWORD ObjectsPresent = 0;
2254
2255 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2256
2257 /* Fill the OBJECTS_AND_SID structure */
2258 if (pObjectGuid != NULL)
2259 {
2261 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2262 }
2263 else
2264 {
2266 sizeof(GUID));
2267 }
2268
2270 {
2272 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2273 }
2274 else
2275 {
2277 sizeof(GUID));
2278 }
2279
2280 pObjSid->ObjectsPresent = ObjectsPresent;
2281 pObjSid->pSid = pSid;
2282
2283 /* Fill the TRUSTEE structure */
2284 pTrustee->pMultipleTrustee = NULL;
2287 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2288 pTrustee->ptstrName = (LPSTR) pObjSid;
2289}
@ TRUSTEE_IS_OBJECTS_AND_SID
Definition: accctrl.h:192
static POBJECTS_AND_SID pObjSid
Definition: security.c:83
static POBJECTS_AND_SID GUID * pObjectGuid
Definition: security.c:84
static POBJECTS_AND_SID GUID GUID * pInheritedObjectGuid
Definition: security.c:85
GUID InheritedObjectTypeGuid
Definition: accctrl.h:350
GUID ObjectTypeGuid
Definition: accctrl.h:349
DWORD ObjectsPresent
Definition: accctrl.h:348
#define ZeroMemory
Definition: winbase.h:1700

◆ BuildTrusteeWithObjectsAndSidW()

VOID WINAPI BuildTrusteeWithObjectsAndSidW ( PTRUSTEEW  pTrustee,
POBJECTS_AND_SID  pObjSid,
GUID pObjectGuid,
GUID pInheritedObjectGuid,
PSID  pSid 
)

Definition at line 2296 of file security.c.

2301{
2302 DWORD ObjectsPresent = 0;
2303
2304 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2305
2306 /* Fill the OBJECTS_AND_SID structure */
2307 if (pObjectGuid != NULL)
2308 {
2310 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2311 }
2312 else
2313 {
2315 sizeof(GUID));
2316 }
2317
2319 {
2321 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2322 }
2323 else
2324 {
2326 sizeof(GUID));
2327 }
2328
2329 pObjSid->ObjectsPresent = ObjectsPresent;
2330 pObjSid->pSid = pSid;
2331
2332 /* Fill the TRUSTEE structure */
2333 pTrustee->pMultipleTrustee = NULL;
2336 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2337 pTrustee->ptstrName = (LPWSTR) pObjSid;
2338}

◆ BuildTrusteeWithSidA()

VOID WINAPI BuildTrusteeWithSidA ( PTRUSTEE_A  pTrustee,
PSID  pSid 
)

Definition at line 2344 of file security.c.

2346{
2347 TRACE("%p %p\n", pTrustee, pSid);
2348
2349 pTrustee->pMultipleTrustee = NULL;
2351 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2352 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2353 pTrustee->ptstrName = (LPSTR) pSid;
2354}
@ TRUSTEE_IS_SID
Definition: accctrl.h:189

◆ BuildTrusteeWithSidW()

VOID WINAPI BuildTrusteeWithSidW ( PTRUSTEE_W  pTrustee,
PSID  pSid 
)

Definition at line 2361 of file security.c.

2363{
2364 TRACE("%p %p\n", pTrustee, pSid);
2365
2366 pTrustee->pMultipleTrustee = NULL;
2368 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2369 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2370 pTrustee->ptstrName = (LPWSTR) pSid;
2371}

◆ ComputeStringSidSize()

static DWORD ComputeStringSidSize ( LPCWSTR  StringSid)
static

Definition at line 3936 of file security.c.

3937{
3938 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
3939 {
3940 int ctok = 0;
3941 while (*StringSid)
3942 {
3943 if (*StringSid == '-')
3944 ctok++;
3945 StringSid++;
3946 }
3947
3948 if (ctok >= 3)
3949 return GetSidLengthRequired(ctok - 2);
3950 }
3951 else /* String constant format - Only available in winxp and above */
3952 {
3953 unsigned int i;
3954
3955 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3956 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3958
3959 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3960 if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3961 {
3962 MAX_SID local;
3965 }
3966
3967 }
3968
3969 return GetSidLengthRequired(0);
3970}
static const WELLKNOWNRID WellKnownRids[]
Definition: security.c:111
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:854
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:910
static const WELLKNOWNSID WellKnownSids[]
Definition: security.c:47
BOOL ADVAPI_GetComputerSid(PSID sid)
Definition: security.c:275
#define local
Definition: zutil.h:30
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
#define strncmpW(s1, s2, n)
Definition: unicode.h:36
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200

Referenced by ParseStringSidToSid().

◆ ConvertSecurityDescriptorToStringSecurityDescriptorA()

BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  SDRevision,
SECURITY_INFORMATION  Information,
LPSTR OutputString,
PULONG  OutputLen 
)

Definition at line 3501 of file security.c.

3502{
3503 LPWSTR wstr;
3504 ULONG len;
3506 {
3507 int lenA;
3508
3509 lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
3510 *OutputString = heap_alloc(lenA);
3511#ifdef __REACTOS__
3512 if (*OutputString == NULL)
3513 {
3514 LocalFree(wstr);
3515 *OutputLen = 0;
3516 return FALSE;
3517 }
3518#endif
3519 WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
3520 LocalFree(wstr);
3521
3522 if (OutputLen != NULL)
3523 *OutputLen = lenA;
3524 return TRUE;
3525 }
3526 else
3527 {
3528 *OutputString = NULL;
3529 if (OutputLen)
3530 *OutputLen = 0;
3531 return FALSE;
3532 }
3533}
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
Definition: security.c:3437
#define CP_ACP
Definition: compat.h:109
#define WideCharToMultiByte
Definition: compat.h:111
GLenum GLsizei len
Definition: glext.h:6722
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
uint32_t ULONG
Definition: typedefs.h:59
_In_ WDFREQUEST _In_ NTSTATUS _In_ ULONG_PTR Information
Definition: wdfrequest.h:1049
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191

◆ ConvertSecurityDescriptorToStringSecurityDescriptorW()

BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  SDRevision,
SECURITY_INFORMATION  RequestedInformation,
LPWSTR OutputString,
PULONG  OutputLen 
)

Definition at line 3437 of file security.c.

3438{
3439 ULONG len;
3440 WCHAR *wptr, *wstr;
3441
3442 if (SDRevision != SDDL_REVISION_1)
3443 {
3444 ERR("Program requested unknown SDDL revision %d\n", SDRevision);
3446 return FALSE;
3447 }
3448
3449 len = 0;
3450 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3452 return FALSE;
3453 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3455 return FALSE;
3456 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3458 return FALSE;
3459 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3461 return FALSE;
3462
3463 wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
3464#ifdef __REACTOS__
3465 if (wstr == NULL)
3466 return FALSE;
3467#endif
3468
3469 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3470 if (!DumpOwner(SecurityDescriptor, &wptr, NULL)) {
3471 LocalFree (wstr);
3472 return FALSE;
3473 }
3474 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3475 if (!DumpGroup(SecurityDescriptor, &wptr, NULL)) {
3476 LocalFree (wstr);
3477 return FALSE;
3478 }
3479 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3480 if (!DumpDacl(SecurityDescriptor, &wptr, NULL)) {
3481 LocalFree (wstr);
3482 return FALSE;
3483 }
3484 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3485 if (!DumpSacl(SecurityDescriptor, &wptr, NULL)) {
3486 LocalFree (wstr);
3487 return FALSE;
3488 }
3489 *wptr = 0;
3490
3491 TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
3492 *OutputString = wstr;
3493 if (OutputLen)
3494 *OutputLen = strlenW(*OutputString)+1;
3495 return TRUE;
3496}
#define ERR(fmt,...)
Definition: debug.h:110
static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3411
static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3370
static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3352
static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3388
HLOCAL NTAPI LocalAlloc(UINT uFlags, SIZE_T dwBytes)
Definition: heapmem.c:1390
#define wine_dbgstr_w
Definition: kernel32.h:34
#define strlenW(s)
Definition: unicode.h:28
#define SDDL_REVISION_1
Definition: sddl.h:30
#define ERROR_UNKNOWN_REVISION
Definition: winerror.h:787
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorA().

◆ ConvertSidToStringSidA()

BOOL WINAPI ConvertSidToStringSidA ( PSID  Sid,
LPSTR StringSid 
)

Definition at line 3639 of file security.c.

3641{
3642 LPWSTR StringSidW;
3643 int Len;
3644
3645 if (!ConvertSidToStringSidW(Sid, &StringSidW))
3646 {
3647 return FALSE;
3648 }
3649
3650 Len = WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, NULL, 0, NULL, NULL);
3651 if (Len <= 0)
3652 {
3653 LocalFree(StringSidW);
3655 return FALSE;
3656 }
3657
3658 *StringSid = LocalAlloc(LMEM_FIXED, Len);
3659 if (NULL == *StringSid)
3660 {
3661 LocalFree(StringSidW);
3663 return FALSE;
3664 }
3665
3666 if (!WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, *StringSid, Len, NULL, NULL))
3667 {
3668 LocalFree(StringSid);
3669 LocalFree(StringSidW);
3670 return FALSE;
3671 }
3672
3673 LocalFree(StringSidW);
3674
3675 return TRUE;
3676}
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
#define Len
Definition: deflate.h:82
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3585
#define LMEM_FIXED
Definition: winbase.h:368

Referenced by debugstr_sid(), get_user_sid(), map_name_2_sid(), test_CreateWellKnownSid(), test_LookupAccountSid(), test_lsa(), test_sid(), test_sid_str(), test_token_attr(), and test_token_label().

◆ ConvertSidToStringSidW()

BOOL WINAPI ConvertSidToStringSidW ( PSID  Sid,
LPWSTR StringSid 
)

Definition at line 3585 of file security.c.

3587{
3590 WCHAR FixedBuffer[64];
3591
3592 if (!RtlValidSid(Sid))
3593 {
3595 return FALSE;
3596 }
3597
3598 UnicodeString.Length = 0;
3599 UnicodeString.MaximumLength = sizeof(FixedBuffer);
3600 UnicodeString.Buffer = FixedBuffer;
3603 {
3605 }
3606
3607 if (!NT_SUCCESS(Status))
3608 {
3610 return FALSE;
3611 }
3612
3613 *StringSid = LocalAlloc(LMEM_FIXED, UnicodeString.Length + sizeof(WCHAR));
3614 if (NULL == *StringSid)
3615 {
3616 if (UnicodeString.Buffer != FixedBuffer)
3617 {
3619 }
3621 return FALSE;
3622 }
3623
3624 MoveMemory(*StringSid, UnicodeString.Buffer, UnicodeString.Length);
3625 ZeroMemory((PCHAR) *StringSid + UnicodeString.Length, sizeof(WCHAR));
3626 if (UnicodeString.Buffer != FixedBuffer)
3627 {
3629 }
3630
3631 return TRUE;
3632}
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
char * PCHAR
Definition: typedefs.h:51
#define MoveMemory
Definition: winbase.h:1697
#define ERROR_INVALID_SID
Definition: winerror.h:819

Referenced by _GetUserSidStringFromToken(), AddUserProfiles(), ConvertSidToStringSidA(), CreateUserProfileExW(), get_user_sid(), GetEventUserName(), GetPrincipalDisplayString(), LsapGetDomainInfo(), LsapLookupAccountDomainSids(), LsapLookupBuiltinDomainSids(), LsapLookupWellKnownSids(), MsiSourceListAddSourceW(), RecycleBin5_Constructor(), SampAddMemberToAlias(), SampRemoveMemberFromAlias(), SampRemoveMemberFromAllAliases(), SampSetupAddMemberToAlias(), set_user_sid_prop(), START_TEST(), UpdatePrincipalInfo(), WhoamiGroups(), WhoamiLogonId(), and WhoamiUser().

◆ ConvertStringSecurityDescriptorToSecurityDescriptorA()

BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA ( LPCSTR  StringSecurityDescriptor,
DWORD  StringSDRevision,
PSECURITY_DESCRIPTOR SecurityDescriptor,
PULONG  SecurityDescriptorSize 
)

Definition at line 3034 of file security.c.

3038{
3039 UINT len;
3040 BOOL ret = FALSE;
3041 LPWSTR StringSecurityDescriptorW;
3042
3043 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
3044 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
3045
3046 if (StringSecurityDescriptorW)
3047 {
3048 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
3049
3051 StringSDRevision, SecurityDescriptor,
3052 SecurityDescriptorSize);
3053 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
3054 }
3055
3056 return ret;
3057}
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:3064
#define GetProcessHeap()
Definition: compat.h:736
#define HeapAlloc
Definition: compat.h:733
#define HeapFree(x, y, z)
Definition: compat.h:735
#define MultiByteToWideChar
Definition: compat.h:110
unsigned int UINT
Definition: ndis.h:50
int ret

Referenced by test_profile_directory_readonly().

◆ ConvertStringSecurityDescriptorToSecurityDescriptorW()

BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW ( LPCWSTR  StringSecurityDescriptor,
DWORD  StringSDRevision,
PSECURITY_DESCRIPTOR SecurityDescriptor,
PULONG  SecurityDescriptorSize 
)

Definition at line 3064 of file security.c.

3068{
3069 DWORD cBytes;
3071 BOOL bret = FALSE;
3072
3073 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
3074
3075 if (GetVersion() & 0x80000000)
3076 {
3078 goto lend;
3079 }
3080 else if (!StringSecurityDescriptor || !SecurityDescriptor)
3081 {
3083 goto lend;
3084 }
3085 else if (StringSDRevision != SID_REVISION)
3086 {
3088 goto lend;
3089 }
3090
3091 /* Compute security descriptor length */
3092 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3093 NULL, &cBytes))
3094 goto lend;
3095
3097 if (!psd) goto lend;
3098
3099 psd->Revision = SID_REVISION;
3100 psd->Control |= SE_SELF_RELATIVE;
3101
3102 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3103 (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
3104 {
3105 LocalFree(psd);
3106 goto lend;
3107 }
3108
3109 if (SecurityDescriptorSize)
3110 *SecurityDescriptorSize = cBytes;
3111
3112 bret = TRUE;
3113
3114lend:
3115 TRACE(" ret=%d\n", bret);
3116 return bret;
3117}
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
Definition: security.c:2886
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
DWORD WINAPI GetVersion()
Definition: redirtest.c:5
#define GMEM_ZEROINIT
Definition: winbase.h:306
#define SE_SELF_RELATIVE
Definition: setypes.h:834

Referenced by ConvertStringSecurityDescriptorToSecurityDescriptorA(), InstallOneService(), registry_callback(), and SetupQueueCopyIndirectW().

◆ ConvertStringSidToSidA()

BOOL WINAPI ConvertStringSidToSidA ( LPCSTR  StringSid,
PSID Sid 
)

Definition at line 3562 of file security.c.

3563{
3564 BOOL bret = FALSE;
3565
3566 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
3567 if (GetVersion() & 0x80000000)
3569 else if (!StringSid || !Sid)
3571 else
3572 {
3573 WCHAR *wStringSid = SERV_dup(StringSid);
3574 bret = ConvertStringSidToSidW(wStringSid, Sid);
3575 heap_free(wStringSid);
3576 }
3577 return bret;
3578}
BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID *Sid)
Definition: security.c:3538
static LPWSTR SERV_dup(LPCSTR str)
Definition: security.c:235

Referenced by test_LsaLookupSids().

◆ ConvertStringSidToSidW()

BOOL WINAPI ConvertStringSidToSidW ( LPCWSTR  StringSid,
PSID Sid 
)

Definition at line 3538 of file security.c.

3539{
3540 BOOL bret = FALSE;
3541 DWORD cBytes;
3542
3543 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
3544 if (GetVersion() & 0x80000000)
3546 else if (!StringSid || !Sid)
3548 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
3549 {
3550 PSID pSid = *Sid = LocalAlloc(0, cBytes);
3551
3552 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
3553 if (!bret)
3554 LocalFree(*Sid);
3555 }
3556 return bret;
3557}
static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
Definition: security.c:3975

Referenced by ConvertStringSidToSidA(), and fill_sid().

◆ CopySid()

BOOL WINAPI CopySid ( DWORD  nDestinationSidLength,
PSID  pDestinationSid,
PSID  pSourceSid 
)

◆ CreateProcessWithLogonW()

BOOL WINAPI CreateProcessWithLogonW ( _In_ LPCWSTR  lpUsername,
_In_opt_ LPCWSTR  lpDomain,
_In_ LPCWSTR  lpPassword,
_In_ DWORD  dwLogonFlags,
_In_opt_ LPCWSTR  lpApplicationName,
_Inout_opt_ LPWSTR  lpCommandLine,
_In_ DWORD  dwCreationFlags,
_In_opt_ LPVOID  lpEnvironment,
_In_opt_ LPCWSTR  lpCurrentDirectory,
_In_ LPSTARTUPINFOW  lpStartupInfo,
_Out_ LPPROCESS_INFORMATION  lpProcessInformation 
)

Definition at line 3730 of file security.c.

3742{
3743 LPWSTR pszStringBinding = NULL;
3748
3749 TRACE("CreateProcessWithLogonW(%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p)\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
3750 debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
3751 debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
3752 lpStartupInfo, lpProcessInformation);
3753
3755 L"ncacn_np",
3756 NULL,
3757 L"\\pipe\\seclogon",
3758 NULL,
3759 &pszStringBinding);
3760 if (Status != RPC_S_OK)
3761 {
3762 WARN("RpcStringBindingCompose returned 0x%x\n", Status);
3764 return FALSE;
3765 }
3766
3767 /* Set the binding handle that will be used to bind to the server. */
3768 Status = RpcBindingFromStringBindingW(pszStringBinding,
3769 &hBinding);
3770 if (Status != RPC_S_OK)
3771 {
3772 WARN("RpcBindingFromStringBinding returned 0x%x\n", Status);
3773 }
3774
3775 Status = RpcStringFreeW(&pszStringBinding);
3776 if (Status != RPC_S_OK)
3777 {
3778 WARN("RpcStringFree returned 0x%x\n", Status);
3779 }
3780
3781 Request.Username = (LPWSTR)lpUsername;
3782 Request.Domain = (LPWSTR)lpDomain;
3783 Request.Password = (LPWSTR)lpPassword;
3784 Request.ApplicationName = (LPWSTR)lpApplicationName;
3785 Request.CommandLine = (LPWSTR)lpCommandLine;
3786 Request.CurrentDirectory = (LPWSTR)lpCurrentDirectory;
3787
3788 if (dwCreationFlags & CREATE_UNICODE_ENVIRONMENT)
3789 Request.dwEnvironmentSize = GetUnicodeEnvironmentSize(lpEnvironment);
3790 else
3791 Request.dwEnvironmentSize = GetAnsiEnvironmentSize(lpEnvironment);
3792 Request.Environment = lpEnvironment;
3793
3794 TRACE("Request.dwEnvironmentSize %lu\n", Request.dwEnvironmentSize);
3795 TRACE("Request.Environment %p\n", Request.Environment);
3796
3797 Request.dwLogonFlags = dwLogonFlags;
3798 Request.dwCreationFlags = dwCreationFlags;
3799
3800 Request.dwProcessId = GetCurrentProcessId();
3801 TRACE("Request.dwProcessId %lu\n", Request.dwProcessId);
3802
3803 Response.hProcess = 0;
3804 Response.hThread = 0;
3805 Response.dwProcessId = 0;
3806 Response.dwThreadId = 0;
3807 Response.dwError = ERROR_SUCCESS;
3808
3810 {
3812 }
3814 {
3815 WARN("Exception: %lx\n", RpcExceptionCode());
3816 }
3818
3819 if (hBinding)
3820 {
3822 if (Status != RPC_S_OK)
3823 {
3824 WARN("RpcBindingFree returned 0x%x\n", Status);
3825 }
3826
3827 hBinding = NULL;
3828 }
3829
3830 TRACE("Response.hProcess %p\n", Response.hProcess);
3831 TRACE("Response.hThread %p\n", Response.hThread);
3832 TRACE("Response.dwProcessId %lu\n", Response.dwProcessId);
3833 TRACE("Response.dwThreadId %lu\n", Response.dwThreadId);
3834 TRACE("Response.dwError %lu\n", Response.dwError);
3835 if (Response.dwError != ERROR_SUCCESS)
3836 SetLastError(Response.dwError);
3837
3838 TRACE("CreateProcessWithLogonW() done\n");
3839
3840 return (Response.dwError == ERROR_SUCCESS);
3841}
VOID __stdcall SeclCreateProcessWithLogonW(_In_ handle_t hBinding, _In_ SECL_REQUEST *pRequest, _Out_ SECL_RESPONSE *pResponse)
Definition: rpcserver.c:57
#define WARN(fmt,...)
Definition: debug.h:112
handle_t hBinding
Definition: ctx_c.c:54
static DWORD GetAnsiEnvironmentSize(PVOID pEnvironment)
Definition: security.c:3704
static DWORD GetUnicodeEnvironmentSize(PVOID pEnvironment)
Definition: security.c:3681
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define L(x)
Definition: ntvdm.h:50
RPC_STATUS WINAPI RpcBindingFromStringBindingW(RPC_WSTR StringBinding, RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:880
RPC_STATUS WINAPI RpcStringBindingComposeW(RPC_WSTR ObjUuid, RPC_WSTR Protseq, RPC_WSTR NetworkAddr, RPC_WSTR Endpoint, RPC_WSTR Options, RPC_WSTR *StringBinding)
Definition: rpc_binding.c:510
RPC_STATUS WINAPI RpcBindingFree(RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:787
#define RPC_S_OK
Definition: rpcnterr.h:22
RPC_STATUS WINAPI RpcStringFreeW(RPC_WSTR *String)
Definition: rpcrt4_main.c:175
#define RpcEndExcept
Definition: rpc.h:128
#define RpcTryExcept
Definition: rpc.h:126
#define RpcExcept(expr)
Definition: rpc.h:127
long RPC_STATUS
Definition: rpc.h:52
#define RpcExceptionCode()
Definition: rpc.h:132
Definition: ncftp.h:89
_In_ WDFREQUEST Request
Definition: wdfdevice.h:547
#define CREATE_UNICODE_ENVIRONMENT
Definition: winbase.h:186
DWORD WINAPI GetCurrentProcessId(void)
Definition: proc.c:1158

Referenced by wmain().

◆ CreateProcessWithTokenW()

BOOL WINAPI CreateProcessWithTokenW ( HANDLE  token,
DWORD  logon_flags,
LPCWSTR  application_name,
LPWSTR  command_line,
DWORD  creation_flags,
void environment,
LPCWSTR  current_directory,
STARTUPINFOW startup_info,
PROCESS_INFORMATION process_information 
)

Definition at line 3843 of file security.c.

3846{
3847 FIXME("%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n", token,
3848 logon_flags, debugstr_w(application_name), debugstr_w(command_line),
3849 creation_flags, environment, debugstr_w(current_directory),
3850 startup_info, process_information);
3851
3852 /* FIXME: check if handles should be inherited */
3853 return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
3854 current_directory, startup_info, process_information );
3855}
#define FIXME(fmt,...)
Definition: debug.h:111
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
Definition: proc.c:4592
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210

◆ CreateRestrictedToken()

BOOL WINAPI CreateRestrictedToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ DWORD  Flags,
_In_ DWORD  DisableSidCount,
_In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES  SidsToDisable,
_In_ DWORD  DeletePrivilegeCount,
_In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES  PrivilegesToDelete,
_In_ DWORD  RestrictedSidCount,
_In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES  SidsToRestrict,
_Outptr_ PHANDLE  NewTokenHandle 
)

Creates a filtered token that is a restricted one of the regular access token. A restricted token can have disabled SIDs, deleted privileges and/or restricted SIDs added.

Parameters
[in]ExistingTokenHandleAn existing handle to a token where it's to be filtered.
[in]FlagsPrivilege flag options. This parameter argument influences how the token is filtered. Such parameter can be 0.
[in]DisableSidCountThe count number of SIDs to disable.
[in]SidsToDisableAn array list with SIDs that have to be disabled in a token.
[in]DeletePrivilegeCountThe count number of privileges to be deleted.
[in]PrivilegesToDeleteAn array list with privileges that have to be deleted in a token.
[in]RestrictedSidCountThe count number of restricted SIDs.
[in]SidsToRestrictAn array list with restricted SIDs to be added into the token. If the token already has restricted SIDs then the array provided by the caller is redundant information alongside with the existing restricted SIDs in the token.
[out]NewTokenHandleThe newly received handle to a restricted (filtered) token. The caller can use such handle to duplicate a new token.
Returns
Returns TRUE if the function has successfully completed the operations, otherwise FALSE is returned to indicate failure. For further details the caller has to invoke GetLastError() API call for extended information about the failure.

Definition at line 535 of file security.c.

545{
548 ULONG Index;
549 PTOKEN_GROUPS DisableSids = NULL;
550 PTOKEN_GROUPS RestrictedSids = NULL;
551 PTOKEN_PRIVILEGES DeletePrivileges = NULL;
552
553 /*
554 * Capture the elements we're being given from
555 * the caller and allocate the groups and/or
556 * privileges that have to be filtered in
557 * the token.
558 */
559 if (SidsToDisable != NULL)
560 {
561 DisableSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, DisableSidCount * sizeof(TOKEN_GROUPS));
562 if (DisableSids == NULL)
563 {
564 /* We failed, bail out */
566 return FALSE;
567 }
568
569 /* Copy the counter and loop the elements to copy the rest */
570 DisableSids->GroupCount = DisableSidCount;
571 for (Index = 0; Index < DisableSidCount; Index++)
572 {
573 DisableSids->Groups[Index].Sid = SidsToDisable[Index].Sid;
574 DisableSids->Groups[Index].Attributes = SidsToDisable[Index].Attributes;
575 }
576 }
577
578 if (PrivilegesToDelete != NULL)
579 {
580 DeletePrivileges = (PTOKEN_PRIVILEGES)LocalAlloc(LMEM_FIXED, DeletePrivilegeCount * sizeof(TOKEN_PRIVILEGES));
581 if (DeletePrivileges == NULL)
582 {
583 /* We failed, bail out */
585 Success = FALSE;
586 goto Cleanup;
587 }
588
589 /* Copy the counter and loop the elements to copy the rest */
590 DeletePrivileges->PrivilegeCount = DeletePrivilegeCount;
591 for (Index = 0; Index < DeletePrivilegeCount; Index++)
592 {
593 DeletePrivileges->Privileges[Index].Luid = PrivilegesToDelete[Index].Luid;
594 DeletePrivileges->Privileges[Index].Attributes = PrivilegesToDelete[Index].Attributes;
595 }
596 }
597
598 if (SidsToRestrict != NULL)
599 {
600 RestrictedSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, RestrictedSidCount * sizeof(TOKEN_GROUPS));
601 if (RestrictedSids == NULL)
602 {
603 /* We failed, bail out */
605 Success = FALSE;
606 goto Cleanup;
607 }
608
609 /* Copy the counter and loop the elements to copy the rest */
610 RestrictedSids->GroupCount = RestrictedSidCount;
611 for (Index = 0; Index < RestrictedSidCount; Index++)
612 {
613 RestrictedSids->Groups[Index].Sid = SidsToRestrict[Index].Sid;
614 RestrictedSids->Groups[Index].Attributes = SidsToRestrict[Index].Attributes;
615 }
616 }
617
618 /*
619 * Call the NT API to request a token filtering
620 * operation for us.
621 */
622 Status = NtFilterToken(ExistingTokenHandle,
623 Flags,
624 DisableSids,
625 DeletePrivileges,
626 RestrictedSids,
628 if (!NT_SUCCESS(Status))
629 {
630 /* We failed to do the job, bail out */
632 Success = FALSE;
633 goto Cleanup;
634 }
635
636 /* If we reach here then we've successfully filtered the token */
637 Success = TRUE;
638
639Cleanup:
640 /* Free whatever we allocated before */
641 if (DisableSids != NULL)
642 {
643 LocalFree(DisableSids);
644 }
645
646 if (DeletePrivileges != NULL)
647 {
648 LocalFree(DeletePrivileges);
649 }
650
651 if (RestrictedSids != NULL)
652 {
653 LocalFree(RestrictedSids);
654 }
655
656 return Success;
657}
static const WCHAR Cleanup[]
Definition: register.c:80
@ Success
Definition: eventcreate.c:712
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:412
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1018
$ULONG GroupCount
Definition: setypes.h:1014
$ULONG PrivilegeCount
Definition: setypes.h:1023
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:1024
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
Definition: tokenlif.c:2075
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ WDFCOLLECTION _In_ ULONG Index
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
struct _TOKEN_GROUPS * PTOKEN_GROUPS
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES

Referenced by test_token_security_descriptor().

◆ CreateWellKnownSid()

BOOL WINAPI CreateWellKnownSid ( IN WELL_KNOWN_SID_TYPE  WellKnownSidType,
IN PSID DomainSid  OPTIONAL,
OUT PSID  pSid,
IN OUT DWORD cbSid 
)

Definition at line 724 of file security.c.

728{
729 unsigned int i;
730 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
731
732 if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
733 {
735 return FALSE;
736 }
737
738 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
739 if (WellKnownSids[i].Type == WellKnownSidType) {
741
742 if (*cbSid < length)
743 {
744 *cbSid = length;
746 return FALSE;
747 }
748 if (!pSid)
749 {
751 return FALSE;
752 }
754 *cbSid = length;
755 return TRUE;
756 }
757 }
758
759 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
760 {
762 return FALSE;
763 }
764
765 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
766 if (WellKnownRids[i].Type == WellKnownSidType) {
767 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
768 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
769 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
770
771 if (*cbSid < output_sid_length)
772 {
773 *cbSid = output_sid_length;
775 return FALSE;
776 }
777 if (!pSid)
778 {
780 return FALSE;
781 }
782 CopyMemory(pSid, DomainSid, domain_sid_length);
784 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
785 *cbSid = output_sid_length;
786 return TRUE;
787 }
788
790 return FALSE;
791}
Type
Definition: Type.h:7
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:898
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:821
static const char * debugstr_sid(PSID sid)
Definition: security.c:176
GLuint GLsizei GLsizei * length
Definition: glext.h:6040
BYTE Revision
Definition: ms-dtyp.idl:199
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD cbSid
Definition: winbase.h:2733
#define CopyMemory
Definition: winbase.h:1698
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:482
unsigned char UCHAR
Definition: xmlstorage.h:181

Referenced by create_unknownsid(), get_sd(), test_SystemSecurity(), and well_known_sid().

◆ debugstr_sid()

static const char * debugstr_sid ( PSID  sid)
static

Definition at line 176 of file security.c.

177{
178 int auth = 0;
179 SID * psid = (SID *)sid;
180
181 if (psid == NULL)
182 return "(null)";
183
184 auth = psid->IdentifierAuthority.Value[5] +
185 (psid->IdentifierAuthority.Value[4] << 8) +
186 (psid->IdentifierAuthority.Value[3] << 16) +
187 (psid->IdentifierAuthority.Value[2] << 24);
188
189 switch (psid->SubAuthorityCount) {
190 case 0:
191 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
192 case 1:
193 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
194 psid->SubAuthority[0]);
195 case 2:
196 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
197 psid->SubAuthority[0], psid->SubAuthority[1]);
198 case 3:
199 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
200 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
201 case 4:
202 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
203 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
204 psid->SubAuthority[3]);
205 case 5:
206 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
207 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
208 psid->SubAuthority[3], psid->SubAuthority[4]);
209 case 6:
210 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
211 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
212 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
213 case 7:
214 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
215 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
216 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
217 psid->SubAuthority[6]);
218 case 8:
219 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
220 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
221 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
222 psid->SubAuthority[6], psid->SubAuthority[7]);
223 }
224 return "(too-big)";
225}
const char * wine_dbg_sprintf(const char *format,...)
Definition: compat.c:296
DWORD SubAuthority[*]
Definition: ms-dtyp.idl:202
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: ms-dtyp.idl:201

Referenced by check_wellknown_name(), CreateWellKnownSid(), IsWellKnownSid(), test_EqualSid(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), test_group_equal(), test_inherited_dacl(), test_owner_equal(), and test_TokenIntegrityLevel().

◆ DeleteAce()

BOOL WINAPI DeleteAce ( PACL  pAcl,
DWORD  dwAceIndex 
)

Definition at line 1168 of file security.c.

1169{
1170 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1171}
NTSYSAPI NTSTATUS NTAPI RtlDeleteAce(PACL Acl, ULONG AceIndex)

◆ DumpAce()

static BOOL DumpAce ( LPVOID  pace,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3262 of file security.c.

3263{
3264 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
3265 static const WCHAR openbr = '(';
3266 static const WCHAR closebr = ')';
3267 static const WCHAR semicolon = ';';
3268
3269 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
3270 {
3272 return FALSE;
3273 }
3274
3275 piace = pace;
3276 DumpString(&openbr, 1, pwptr, plen);
3277 switch (piace->Header.AceType)
3278 {
3280 DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
3281 break;
3283 DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
3284 break;
3286 DumpString(SDDL_AUDIT, -1, pwptr, plen);
3287 break;
3289 DumpString(SDDL_ALARM, -1, pwptr, plen);
3290 break;
3291 }
3292 DumpString(&semicolon, 1, pwptr, plen);
3293
3294 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
3295 DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
3297 DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
3299 DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
3300 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
3301 DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
3302 if (piace->Header.AceFlags & INHERITED_ACE)
3303 DumpString(SDDL_INHERITED, -1, pwptr, plen);
3305 DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
3307 DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
3308 DumpString(&semicolon, 1, pwptr, plen);
3309 DumpRights(piace->Mask, pwptr, plen);
3310 DumpString(&semicolon, 1, pwptr, plen);
3311 /* objects not supported */
3312 DumpString(&semicolon, 1, pwptr, plen);
3313 /* objects not supported */
3314 DumpString(&semicolon, 1, pwptr, plen);
3315 if (!DumpSid((PSID)&piace->SidStart, pwptr, plen))
3316 return FALSE;
3317 DumpString(&closebr, 1, pwptr, plen);
3318 return TRUE;
3319}
static const WCHAR SDDL_AUDIT_FAILURE[]
Definition: security.c:174
static const WCHAR SDDL_CONTAINER_INHERIT[]
Definition: security.c:168
static const WCHAR SDDL_AUDIT[]
Definition: security.c:144
static const WCHAR SDDL_OBJECT_INHERIT[]
Definition: security.c:169
static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3119
static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3173
static const WCHAR SDDL_ACCESS_ALLOWED[]
Definition: security.c:138
static const WCHAR SDDL_INHERIT_ONLY[]
Definition: security.c:171
static const WCHAR SDDL_INHERITED[]
Definition: security.c:172
static const WCHAR SDDL_ACCESS_DENIED[]
Definition: security.c:139
static const WCHAR SDDL_ALARM[]
Definition: security.c:145
static const WCHAR SDDL_NO_PROPAGATE[]
Definition: security.c:170
static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3223
static const ACEFLAG AceType[]
Definition: security.c:2585
static const WCHAR SDDL_AUDIT_SUCCESS[]
Definition: security.c:173
ACE_HEADER Header
Definition: ms-dtyp.idl:216
ACCESS_MASK Mask
Definition: ms-dtyp.idl:217
UCHAR AceFlags
Definition: ms-dtyp.idl:211
UCHAR AceType
Definition: ms-dtyp.idl:210
#define INHERITED_ACE
Definition: ph.h:47
#define ERROR_INVALID_ACL
Definition: winerror.h:818
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:747
#define INHERIT_ONLY_ACE
Definition: setypes.h:749
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:719
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define SYSTEM_ALARM_ACE_TYPE
Definition: setypes.h:720
#define OBJECT_INHERIT_ACE
Definition: setypes.h:746
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:748
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:754
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:753

Referenced by DumpAcl().

◆ DumpAcl()

static BOOL DumpAcl ( PACL  pacl,
WCHAR **  pwptr,
ULONG plen,
BOOL  protected,
BOOL  autoInheritReq,
BOOL  autoInherited 
)
static

Definition at line 3321 of file security.c.

3322{
3323 WORD count;
3324 int i;
3325
3326 if (protected)
3327 DumpString(SDDL_PROTECTED, -1, pwptr, plen);
3328 if (autoInheritReq)
3329 DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
3330 if (autoInherited)
3331 DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
3332
3333 if (pacl == NULL)
3334 return TRUE;
3335
3336 if (!IsValidAcl(pacl))
3337 return FALSE;
3338
3339 count = pacl->AceCount;
3340 for (i = 0; i < count; i++)
3341 {
3342 LPVOID ace;
3343 if (!GetAce(pacl, i, &ace))
3344 return FALSE;
3345 if (!DumpAce(ace, pwptr, plen))
3346 return FALSE;
3347 }
3348
3349 return TRUE;
3350}
static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3262
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
Definition: security.c:1188
BOOL WINAPI IsValidAcl(PACL pAcl)
Definition: security.c:1211
unsigned short WORD
Definition: ntddk_ex.h:93
GLuint GLuint GLsizei count
Definition: gl.h:1545
#define SDDL_AUTO_INHERITED
Definition: sddl.h:46
#define SDDL_AUTO_INHERIT_REQ
Definition: sddl.h:45
#define SDDL_PROTECTED
Definition: sddl.h:44
USHORT AceCount
Definition: ms-dtyp.idl:297

Referenced by DumpDacl(), and DumpSacl().

◆ DumpDacl()

static BOOL DumpDacl ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3388 of file security.c.

3389{
3390 static const WCHAR dacl[] = {'D',':',0};
3392 BOOL present, defaulted;
3393 DWORD revision;
3394 PACL pacl;
3395
3396 if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
3397 return FALSE;
3398
3399 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3400 return FALSE;
3401
3402 if (!present)
3403 return TRUE;
3404
3405 DumpString(dacl, 2, pwptr, plen);
3406 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
3407 return FALSE;
3408 return TRUE;
3409}
static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
Definition: security.c:3321
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
BOOL WINAPI GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
Definition: sec.c:21
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
Definition: security.c:35
#define SE_DACL_PROTECTED
Definition: setypes.h:831
#define SE_DACL_AUTO_INHERITED
Definition: setypes.h:829
#define SE_DACL_AUTO_INHERIT_REQ
Definition: setypes.h:827

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpGroup()

static BOOL DumpGroup ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3370 of file security.c.

3371{
3372 static const WCHAR prefix[] = {'G',':',0};
3373 BOOL bDefaulted;
3374 PSID psid;
3375
3376 if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
3377 return FALSE;
3378
3379 if (psid == NULL)
3380 return TRUE;
3381
3382 DumpString(prefix, -1, pwptr, plen);
3383 if (!DumpSid(psid, pwptr, plen))
3384 return FALSE;
3385 return TRUE;
3386}
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpOwner()

static BOOL DumpOwner ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3352 of file security.c.

3353{
3354 static const WCHAR prefix[] = {'O',':',0};
3355 BOOL bDefaulted;
3356 PSID psid;
3357
3358 if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
3359 return FALSE;
3360
3361 if (psid == NULL)
3362 return TRUE;
3363
3364 DumpString(prefix, -1, pwptr, plen);
3365 if (!DumpSid(psid, pwptr, plen))
3366 return FALSE;
3367 return TRUE;
3368}
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpRights()

static void DumpRights ( DWORD  mask,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3223 of file security.c.

3224{
3225 static const WCHAR fmtW[] = {'0','x','%','x',0};
3226 WCHAR buf[15];
3227 size_t i;
3228
3229 if (mask == 0)
3230 return;
3231
3232 /* first check if the right have name */
3233 for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
3234 {
3235 if (AceRights[i].wstr == NULL)
3236 break;
3237 if (mask == AceRights[i].value)
3238 {
3239 DumpString(AceRights[i].wstr, -1, pwptr, plen);
3240 return;
3241 }
3242 }
3243
3244 /* then check if it can be built from bit names */
3245 for (i = 0; i < 32; i++)
3246 {
3247 if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
3248 {
3249 /* can't be built from bit names */
3250 sprintfW(buf, fmtW, mask);
3251 DumpString(buf, -1, pwptr, plen);
3252 return;
3253 }
3254 }
3255
3256 /* build from bit names */
3257 for (i = 0; i < 32; i++)
3258 if (mask & (1 << i))
3259 DumpString(AceRightBitNames[i], -1, pwptr, plen);
3260}
static const ACEFLAG AceRights[]
Definition: security.c:2671
static const LPCWSTR AceRightBitNames[32]
Definition: security.c:3188
GLenum GLint GLuint mask
Definition: glext.h:6028
#define sprintfW
Definition: unicode.h:58
Definition: pdh_main.c:94

Referenced by DumpAce().

◆ DumpSacl()

static BOOL DumpSacl ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3411 of file security.c.

3412{
3413 static const WCHAR sacl[] = {'S',':',0};
3415 BOOL present, defaulted;
3416 DWORD revision;
3417 PACL pacl;
3418
3419 if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
3420 return FALSE;
3421
3422 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3423 return FALSE;
3424
3425 if (!present)
3426 return TRUE;
3427
3428 DumpString(sacl, 2, pwptr, plen);
3429 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
3430 return FALSE;
3431 return TRUE;
3432}
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
#define SE_SACL_PROTECTED
Definition: setypes.h:832
#define SE_SACL_AUTO_INHERITED
Definition: setypes.h:830
#define SE_SACL_AUTO_INHERIT_REQ
Definition: setypes.h:828

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpSid()

static BOOL DumpSid ( PSID  psid,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3173 of file security.c.

3174{
3175 size_t i;
3176 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
3177 {
3178 if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
3179 {
3180 DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
3181 return TRUE;
3182 }
3183 }
3184
3185 return DumpSidNumeric(psid, pwptr, plen);
3186}
static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3134
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:831

Referenced by DumpAce(), DumpGroup(), and DumpOwner().

◆ DumpSidNumeric()

static BOOL DumpSidNumeric ( PSID  psid,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3134 of file security.c.

3135{
3136 DWORD i;
3137 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
3138 WCHAR subauthfmt[] = { '-','%','u',0 };
3139 WCHAR buf[26];
3140 SID *pisid = psid;
3141
3142 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
3143 {
3145 return FALSE;
3146 }
3147
3148 if (pisid->IdentifierAuthority.Value[0] ||
3149 pisid->IdentifierAuthority.Value[1])
3150 {
3151 FIXME("not matching MS' bugs\n");
3153 return FALSE;
3154 }
3155
3156 sprintfW( buf, fmt, pisid->Revision,
3157 MAKELONG(
3159 pisid->IdentifierAuthority.Value[4] ),
3161 pisid->IdentifierAuthority.Value[2] )
3162 ) );
3163 DumpString(buf, -1, pwptr, plen);
3164
3165 for( i=0; i<pisid->SubAuthorityCount; i++ )
3166 {
3167 sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
3168 DumpString(buf, -1, pwptr, plen);
3169 }
3170 return TRUE;
3171}
#define SDDL_REVISION
Definition: sddl.h:31
Definition: dsound.c:943
#define MAKEWORD(a, b)
Definition: typedefs.h:248
#define MAKELONG(a, b)
Definition: typedefs.h:249

Referenced by DumpSid().

◆ DumpString()

static void DumpString ( LPCWSTR  string,
int  cch,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3119 of file security.c.

3120{
3121 if (cch == -1)
3122 cch = strlenW(string);
3123
3124 if (plen)
3125 *plen += cch;
3126
3127 if (pwptr)
3128 {
3129 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
3130 *pwptr += cch;
3131 }
3132}
static DWORD DWORD void LPSTR DWORD cch
Definition: str.c:202

Referenced by DumpAce(), DumpAcl(), DumpDacl(), DumpGroup(), DumpOwner(), DumpRights(), DumpSacl(), DumpSid(), and DumpSidNumeric().

◆ DuplicateToken()

BOOL WINAPI DuplicateToken ( IN HANDLE  ExistingTokenHandle,
IN SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel,
OUT PHANDLE  DuplicateTokenHandle 
)

Definition at line 3921 of file security.c.

3924{
3925 return DuplicateTokenEx(ExistingTokenHandle,
3927 NULL,
3930 DuplicateTokenHandle);
3931}
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3861
@ TokenImpersonation
Definition: imports.h:274
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156
#define TOKEN_QUERY
Definition: setypes.h:928
#define TOKEN_IMPERSONATE
Definition: setypes.h:927

Referenced by GetDuplicateToken(), test_AccessCheck(), test_CheckTokenMembership(), test_impersonation_level(), test_kernel_objects_security(), and test_token_attr().

◆ DuplicateTokenEx()

BOOL WINAPI DuplicateTokenEx ( IN HANDLE  ExistingTokenHandle,
IN DWORD  dwDesiredAccess,
IN LPSECURITY_ATTRIBUTES lpTokenAttributes  OPTIONAL,
IN SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel,
IN TOKEN_TYPE  TokenType,
OUT PHANDLE  DuplicateTokenHandle 
)

Definition at line 3861 of file security.c.

3867{
3871
3872 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3873 ImpersonationLevel, TokenType, DuplicateTokenHandle);
3874
3875 Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
3877 Sqos.ContextTrackingMode = 0;
3878 Sqos.EffectiveOnly = FALSE;
3879
3880 if (lpTokenAttributes != NULL)
3881 {
3883 NULL,
3884 lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0,
3885 NULL,
3886 lpTokenAttributes->lpSecurityDescriptor);
3887 }
3888 else
3889 {
3891 NULL,
3892 0,
3893 NULL,
3894 NULL);
3895 }
3896
3897 ObjectAttributes.SecurityQualityOfService = &Sqos;
3898
3899 Status = NtDuplicateToken(ExistingTokenHandle,
3900 dwDesiredAccess,
3902 FALSE,
3903 TokenType,
3904 DuplicateTokenHandle);
3905 if (!NT_SUCCESS(Status))
3906 {
3907 ERR("NtDuplicateToken failed: Status %08x\n", Status);
3909 return FALSE;
3910 }
3911
3912 TRACE("Returning token %p.\n", *DuplicateTokenHandle);
3913
3914 return TRUE;
3915}
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define OBJ_INHERIT
Definition: winternl.h:225
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869

Referenced by CheckTokenMembership(), DuplicateToken(), LaunchProcess(), START_TEST(), test_CreateRestrictedToken(), test_token_security_descriptor(), and WlxStartApplication().

◆ EqualDomainSid()

BOOL WINAPI EqualDomainSid ( IN PSID  pSid1,
IN PSID  pSid2,
OUT BOOL pfEqual 
)

Definition at line 4186 of file security.c.

4189{
4191 return FALSE;
4192}
#define UNIMPLEMENTED
Definition: debug.h:115

◆ EqualPrefixSid()

BOOL WINAPI EqualPrefixSid ( PSID  pSid1,
PSID  pSid2 
)

Definition at line 843 of file security.c.

845{
846 return RtlEqualPrefixSid (pSid1, pSid2);
847}
NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid(PSID Sid1, PSID Sid2)

Referenced by test_process_security().

◆ EqualSid()

◆ FindFirstFreeAce()

BOOL WINAPI FindFirstFreeAce ( PACL  pAcl,
LPVOID pAce 
)

Definition at line 1178 of file security.c.

1180{
1181 return RtlFirstFreeAce(pAcl,
1182 (PACE*)pAce);
1183}
NTSYSAPI BOOLEAN NTAPI RtlFirstFreeAce(PACL Acl, PACE *Ace)
Definition: rtltypes.h:993

◆ FreeSid()

◆ GetAce()

BOOL WINAPI GetAce ( PACL  pAcl,
DWORD  dwAceIndex,
LPVOID pAce 
)

Definition at line 1188 of file security.c.

1189{
1190 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1191}
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)

Referenced by AccRewriteGetExplicitEntriesFromAcl(), AccRewriteSetEntriesInAcl(), DumpAcl(), CSecurityDescriptor::GetDACLEntry(), CSecurityDescriptor::GetSACLEntry(), map_dacl_2_nfs4acl(), PrintFileDacl(), ReloadPrincipalsList(), and test_GetShellSecurityDescriptor().

◆ GetAclInformation()

BOOL WINAPI GetAclInformation ( PACL  pAcl,
LPVOID  pAclInformation,
DWORD  nAclInformationLength,
ACL_INFORMATION_CLASS  dwAclInformationClass 
)

Definition at line 1196 of file security.c.

1201{
1202 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1203 nAclInformationLength, dwAclInformationClass));
1204}
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationAcl(PACL, LPVOID, DWORD, ACL_INFORMATION_CLASS)

Referenced by AccRewriteSetEntriesInAcl(), CSecurityDescriptor::GetDACLEntriesCount(), CSecurityDescriptor::GetSACLEntriesCount(), and test_GetShellSecurityDescriptor().

◆ GetAnsiEnvironmentSize()

static DWORD GetAnsiEnvironmentSize ( PVOID  pEnvironment)
static

Definition at line 3704 of file security.c.

3706{
3707 INT Length, TotalLength = 0;
3708 PCHAR Ptr;
3709
3710 if (pEnvironment == NULL)
3711 return 0;
3712
3713 Ptr = (PCHAR)pEnvironment;
3714 while (*Ptr != ANSI_NULL)
3715 {
3716 Length = strlen(Ptr) + 1;
3718 Ptr = Ptr + Length;
3719 }
3720
3721 return TotalLength + 1;
3722}
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
#define PCHAR
Definition: match.c:90
#define ANSI_NULL
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
int32_t INT
Definition: typedefs.h:58
_In_ ULONG TotalLength
Definition: usbdlib.h:158

Referenced by CreateProcessWithLogonW().

◆ GetFileSecurityA()

BOOL WINAPI GetFileSecurityA ( LPCSTR  lpFileName,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 1375 of file security.c.

1380{
1382 BOOL bResult;
1383
1385 {
1387 return FALSE;
1388 }
1389
1390 bResult = GetFileSecurityW(FileName.Buffer,
1391 RequestedInformation,
1392 pSecurityDescriptor,
1393 nLength,
1394 lpnLengthNeeded);
1395
1397
1398 return bResult;
1399}
BOOL WINAPI GetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:1406
struct _FileName FileName
Definition: fatprocs.h:896
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
_In_ LPCSTR lpFileName
Definition: winbase.h:3061
_In_ DWORD nLength
Definition: wincon.h:473

Referenced by test_FileSecurity().

◆ GetFileSecurityW()

BOOL WINAPI GetFileSecurityW ( LPCWSTR  lpFileName,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 1406 of file security.c.

1411{
1413 IO_STATUS_BLOCK StatusBlock;
1415 ULONG AccessMask = 0;
1418
1419 TRACE("GetFileSecurityW() called\n");
1420
1421 QuerySecurityAccessMask(RequestedInformation, &AccessMask);
1422
1424 &FileName,
1425 NULL,
1426 NULL))
1427 {
1428 ERR("Invalid path\n");
1430 return FALSE;
1431 }
1432
1434 &FileName,
1436 NULL,
1437 NULL);
1438
1440 AccessMask,
1442 &StatusBlock,
1444 0);
1445
1446 RtlFreeHeap(RtlGetProcessHeap(),
1447 0,
1448 FileName.Buffer);
1449
1450 if (!NT_SUCCESS(Status))
1451 {
1452 ERR("NtOpenFile() failed (Status %lx)\n", Status);
1454 return FALSE;
1455 }
1456
1458 RequestedInformation,
1459 pSecurityDescriptor,
1460 nLength,
1461 lpnLengthNeeded);
1463 if (!NT_SUCCESS(Status))
1464 {
1465 ERR("NtQuerySecurityObject() failed (Status %lx)\n", Status);
1467 return FALSE;
1468 }
1469
1470 return TRUE;
1471}
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
#define FILE_SHARE_READ
Definition: compat.h:136
#define ERROR_INVALID_NAME
Definition: compat.h:103
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
NTSYSAPI NTSTATUS NTAPI NtOpenFile(OUT PHANDLE phFile, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG ShareMode, IN ULONG OpenMode)
Definition: file.c:3952
#define FILE_SHARE_WRITE
Definition: nt_native.h:681
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803
VOID WINAPI QuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
Definition: sec.c:377

Referenced by GetFileSecurityA(), and RetreiveFileSecurity().

◆ GetKernelObjectSecurity()

BOOL WINAPI GetKernelObjectSecurity ( HANDLE  Handle,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 989 of file security.c.

995{
996 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
997 pSecurityDescriptor, nLength, lpnLengthNeeded);
998
999 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
1000 nLength, lpnLengthNeeded ));
1001}
ULONG Handle
Definition: gdb_input.c:15

Referenced by test_AddMandatoryAce(), test_child_token_sd(), test_child_token_sd_medium(), test_child_token_sd_restricted(), test_default_dacl_owner_sid(), test_get_security_descriptor(), test_token_label(), and test_token_security_descriptor().

◆ GetLengthSid()

◆ GetNamedSecurityInfoA()

DWORD WINAPI GetNamedSecurityInfoA ( LPSTR  pObjectName,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
PSID ppsidOwner,
PSID ppsidGroup,
PACL ppDacl,
PACL ppSacl,
PSECURITY_DESCRIPTOR ppSecurityDescriptor 
)

Definition at line 4104 of file security.c.

4112{
4113 DWORD len;
4114 LPWSTR wstr = NULL;
4115 DWORD r;
4116
4117 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
4118 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
4119
4120 if( pObjectName )
4121 {
4122 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
4123 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
4124 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
4125 }
4126
4127 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
4128 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
4129
4130 HeapFree( GetProcessHeap(), 0, wstr );
4131
4132 return r;
4133}
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1147
GLdouble GLdouble GLdouble r
Definition: gl.h:2055

◆ GetSecurityInfoExA()

DWORD WINAPI GetSecurityInfoExA ( HANDLE  hObject,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
LPCSTR  lpProvider,
LPCSTR  lpProperty,
PACTRL_ACCESSA ppAccessList,
PACTRL_AUDITA ppAuditList,
LPSTR lppOwner,
LPSTR lppGroup 
)

Definition at line 2094 of file security.c.

2103{
2104 FIXME("%s() not implemented!\n", __FUNCTION__);
2105 return ERROR_BAD_PROVIDER;
2106}
#define __FUNCTION__
Definition: types.h:116
#define ERROR_BAD_PROVIDER
Definition: winerror.h:707

◆ GetSecurityInfoExW()

DWORD WINAPI GetSecurityInfoExW ( HANDLE  hObject,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
LPCWSTR  lpProvider,
LPCWSTR  lpProperty,
PACTRL_ACCESSW ppAccessList,
PACTRL_AUDITW ppAuditList,
LPWSTR lppOwner,
LPWSTR lppGroup 
)

Definition at line 2114 of file security.c.

2123{
2124 FIXME("%s() not implemented!\n", __FUNCTION__);
2125 return ERROR_BAD_PROVIDER;
2126}

◆ GetSidIdentifierAuthority()

PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority ( PSID  pSid)

Definition at line 887 of file security.c.

888{
891}
NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid)

Referenced by GetTextSid(), GetTextualSid(), and test_GetSidIdentifierAuthority().

◆ GetSidLengthRequired()

DWORD WINAPI GetSidLengthRequired ( UCHAR  nSubAuthorityCount)

Definition at line 854 of file security.c.

855{
856 return (DWORD)RtlLengthRequiredSid(nSubAuthorityCount);
857}
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

Referenced by ComputeStringSidSize(), CreateWellKnownSid(), GetWindowsAccountDomainSid(), LookupAccountNameW(), ParseStringSidToSid(), test_CreateWellKnownSid(), test_GetWindowsAccountDomainSid(), and test_LookupAccountSid().

◆ GetSidSubAuthority()

PDWORD WINAPI GetSidSubAuthority ( PSID  pSid,
DWORD  nSubAuthority 
)

Definition at line 898 of file security.c.

900{
902 return (PDWORD)RtlSubAuthoritySid(pSid, nSubAuthority);
903}
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
DWORD * PDWORD
Definition: pedump.c:68

Referenced by CreateWellKnownSid(), GetTextSid(), GetTextualSid(), GetWindowsAccountDomainSid(), LookupAccountNameW(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), and test_sid().

◆ GetSidSubAuthorityCount()

PUCHAR WINAPI GetSidSubAuthorityCount ( PSID  pSid)

◆ GetTokenInformation()

BOOL WINAPI GetTokenInformation ( HANDLE  TokenHandle,
TOKEN_INFORMATION_CLASS  TokenInformationClass,
LPVOID  TokenInformation,
DWORD  TokenInformationLength,
PDWORD  ReturnLength 
)

Definition at line 413 of file security.c.

418{
420
423 TokenInformation,
426 if (!NT_SUCCESS(Status))
427 {
429 return FALSE;
430 }
431
432 return TRUE;
433}
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:317
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:319
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473

Referenced by _GetUserSidStringFromToken(), AccpLookupCurrentUser(), AddUserProfiles(), AllowAccessOnSession(), are_all_privileges_disabled(), AuthzpQueryToken(), CheckForGuestsAndAdmins(), CreateProfile(), DoesUserHavePrivilege(), DwInitializeSdFromThreadToken(), get_admin_token(), get_current_group(), get_current_owner(), get_privilege_count(), get_user_sid(), GetFromToken(), GetShellSecurityDescriptor(), GetUserAndDomainName(), GetUserNameW(), GetUserSid(), GetUserToken(), ImpersonatePrinterClient(), is_process_elevated(), is_process_limited(), is_token_admin(), IsNTAdmin(), IsUserAdmin(), LoadUserProfileW(), named_pipe_client_func(), PerfDataRefresh(), RecycleBin5_Constructor(), RunningAsSYSTEM(), SHCreateSessionKey(), SHGetUserSessionId(), START_TEST(), TakeOwnershipOfFile(), test_CheckTokenMembership(), test_child_token_sd_medium(), test_child_token_sd_restricted(), test_CreateDirectoryA(), test_CreateRestrictedToken(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetTokenInformation(), test_GetWindowsAccountDomainSid(), test_ImpersonateNamedPipeClient(), test_impersonation_level(), test_LookupAccountSid(), test_lsa(), test_LsaLookupSids(), test_process_security(), test_pseudo_tokens(), test_token_attr(), test_token_security_descriptor(), test_TokenIntegrityLevel(), TestGetUserObjectInfoW(), validate_impersonation_token(), and WhoamiGetTokenInfo().

◆ GetTrusteeFormA()

TRUSTEE_FORM WINAPI GetTrusteeFormA ( PTRUSTEEA  pTrustee)

Definition at line 2408 of file security.c.

2409{
2410 TRACE("(%p)\n", pTrustee);
2411
2412 if (!pTrustee)
2413 return TRUSTEE_BAD_FORM;
2414
2415 return pTrustee->TrusteeForm;
2416}
@ TRUSTEE_BAD_FORM
Definition: accctrl.h:191

Referenced by InternalExplicitAccessAToW(), and InternalTrusteeAToW().

◆ GetTrusteeFormW()

TRUSTEE_FORM WINAPI GetTrusteeFormW ( PTRUSTEEW  pTrustee)

Definition at line 2421 of file security.c.

2422{
2423 TRACE("(%p)\n", pTrustee);
2424
2425 if (!pTrustee)
2426 return TRUSTEE_BAD_FORM;
2427
2428 return pTrustee->TrusteeForm;
2429}

◆ GetTrusteeNameA()

LPSTR WINAPI GetTrusteeNameA ( PTRUSTEE_A  pTrustee)

Definition at line 2435 of file security.c.

2436{
2437 return pTrustee->ptstrName;
2438}

Referenced by InternalExplicitAccessAToW(), and InternalTrusteeAToW().

◆ GetTrusteeNameW()

LPWSTR WINAPI GetTrusteeNameW ( PTRUSTEE_W  pTrustee)

Definition at line 2445 of file security.c.

2446{
2447 return pTrustee->ptstrName;
2448}

◆ GetTrusteeTypeA()

TRUSTEE_TYPE WINAPI GetTrusteeTypeA ( PTRUSTEE_A  pTrustee)

Definition at line 2454 of file security.c.

2455{
2456 return pTrustee->TrusteeType;
2457}

◆ GetTrusteeTypeW()

TRUSTEE_TYPE WINAPI GetTrusteeTypeW ( PTRUSTEE_W  pTrustee)

Definition at line 2463 of file security.c.

2464{
2465 return pTrustee->TrusteeType;
2466}

◆ GetUnicodeEnvironmentSize()

static DWORD GetUnicodeEnvironmentSize ( PVOID  pEnvironment)
static

Definition at line 3681 of file security.c.

3683{
3684 INT Length, TotalLength = 0;
3685 PWCHAR Ptr;
3686
3687 if (pEnvironment == NULL)
3688 return 0;
3689
3690 Ptr = (PWCHAR)pEnvironment;
3691 while (*Ptr != UNICODE_NULL)
3692 {
3693 Length = wcslen(Ptr) + 1;
3695 Ptr = Ptr + Length;
3696 }
3697
3698 return (TotalLength + 1) * sizeof(WCHAR);
3699}
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define UNICODE_NULL
uint16_t * PWCHAR
Definition: typedefs.h:56

Referenced by CreateProcessWithLogonW().

◆ GetWindowsAccountDomainSid()

BOOL WINAPI GetWindowsAccountDomainSid ( PSID  sid,
PSID  domain_sid,
DWORD size 
)

Definition at line 4138 of file security.c.

4139{
4141 DWORD required_size;
4142 int i;
4143
4144 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
4145
4146 if (!sid || !IsValidSid( sid ))
4147 {
4149 return FALSE;
4150 }
4151
4152 if (!size)
4153 {
4155 return FALSE;
4156 }
4157
4158 if (*GetSidSubAuthorityCount( sid ) < 4)
4159 {
4161 return FALSE;
4162 }
4163
4164 required_size = GetSidLengthRequired( 4 );
4165 if (*size < required_size || !domain_sid)
4166 {
4167 *size = required_size;
4170 return FALSE;
4171 }
4172
4173 InitializeSid( domain_sid, &domain_ident, 4 );
4174 for (i = 0; i < 4; i++)
4175 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
4176
4177 *size = required_size;
4178 return TRUE;
4179}
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:864
GLsizeiptr size
Definition: glext.h:5919

◆ ImpersonateNamedPipeClient()

BOOL WINAPI ImpersonateNamedPipeClient ( HANDLE  hNamedPipe)

Definition at line 1026 of file security.c.

1027{
1028 IO_STATUS_BLOCK io_block;
1029
1030 TRACE("(%p)\n", hNamedPipe);
1031
1032 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
1033 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
1034}
NTSYSAPI NTSTATUS NTAPI NtFsControlFile(IN HANDLE hFile, IN HANDLE hEvent OPTIONAL, IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL, IN PVOID IoApcContext OPTIONAL, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG DeviceIoControlCode, IN PVOID InBuffer OPTIONAL, IN ULONG InBufferLength, OUT PVOID OutBuffer OPTIONAL, IN ULONG OutBufferLength)
#define FSCTL_PIPE_IMPERSONATE
Definition: winioctl.h:85

Referenced by rpcrt4_conn_np_impersonate_client(), and test_ImpersonateNamedPipeClient().

◆ ImpersonateSelf()

BOOL WINAPI ImpersonateSelf ( SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel)

Definition at line 1633 of file security.c.

1634{
1636
1638 if (!NT_SUCCESS(Status))
1639 {
1641 return FALSE;
1642 }
1643
1644 return TRUE;
1645}
NTSYSAPI NTSTATUS NTAPI RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: priv.c:45

Referenced by test_FileSecurity(), and test_impersonation_level().

◆ InitializeAcl()

◆ InitializeSecurityDescriptor()

BOOL WINAPI InitializeSecurityDescriptor ( PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  dwRevision 
)

Definition at line 931 of file security.c.

933{
935
936 Status = RtlCreateSecurityDescriptor(pSecurityDescriptor,
937 dwRevision);
938 if (!NT_SUCCESS(Status))
939 {
941 return FALSE;
942 }
943
944 return TRUE;
945}
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), CreateAllAccessSecurityAttributes(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreateLogoffSecurityAttributes(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateProfileMutex(), CreatePublicEvent(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), DwInitializeSdFromThreadToken(), get_sd(), GetShellSecurityDescriptor(), handle_getacl(), InitializeAudioDeviceListLock(), pSetSecurityInfoCheck(), START_TEST(), TakeOwnershipOfFile(), test_AccessCheck(), test_AddMandatoryAce(), test_BuildSecurityDescriptorW(), test_ConvertSecurityDescriptorToString(), test_CopyBindInfo(), test_CreateDirectoryA(), test_default_dacl_owner_sid(), test_event(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_maximum_allowed(), test_process_security(), test_reg_create_key(), test_reg_open_key(), test_security_descriptor(), test_security_info(), and test_token_security_descriptor().

◆ InitializeSid()

BOOL WINAPI InitializeSid ( PSID  Sid,
PSID_IDENTIFIER_AUTHORITY  pIdentifierAuthority,
BYTE  nSubAuthorityCount 
)

Definition at line 864 of file security.c.

867{
869
871 pIdentifierAuthority,
872 nSubAuthorityCount);
873 if (!NT_SUCCESS(Status))
874 {
876 return FALSE;
877 }
878
879 return TRUE;
880}
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)

Referenced by GetWindowsAccountDomainSid(), and test_GetWindowsAccountDomainSid().

◆ IsValidAcl()

BOOL WINAPI IsValidAcl ( PACL  pAcl)

Definition at line 1211 of file security.c.

1212{
1213 return RtlValidAcl (pAcl);
1214}
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)

Referenced by DumpAcl(), CSecurityDescriptor::HasValidDACL(), CSecurityDescriptor::HasValidSACL(), test_acls(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), and test_GetShellSecurityDescriptor().

◆ IsValidSid()

◆ IsWellKnownSid()

BOOL WINAPI IsWellKnownSid ( IN PSID  pSid,
IN WELL_KNOWN_SID_TYPE  WellKnownSidType 
)

Definition at line 798 of file security.c.

800{
801 unsigned int i;
802 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
803
804 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
805 {
806 if (WellKnownSids[i].Type == WellKnownSidType)
807 {
809 return TRUE;
810 }
811 }
812
813 return FALSE;
814}

Referenced by is_well_known_sid(), and test_token_attr().

◆ LookupAccountNameA()

BOOL WINAPI LookupAccountNameA ( LPCSTR  SystemName,
LPCSTR  AccountName,
PSID  Sid,
LPDWORD  SidLength,
LPSTR  ReferencedDomainName,
LPDWORD  hReferencedDomainNameLength,
PSID_NAME_USE  SidNameUse 
)

Definition at line 2014 of file security.c.

2021{
2022 BOOL ret;
2023 UNICODE_STRING lpSystemW;
2024 UNICODE_STRING lpAccountW;
2025 LPWSTR lpReferencedDomainNameW = NULL;
2026
2027 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, SystemName);
2028 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, AccountName);
2029
2031 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(),
2032 0,
2033 *hReferencedDomainNameLength * sizeof(WCHAR));
2034
2035 ret = LookupAccountNameW(lpSystemW.Buffer,
2036 lpAccountW.Buffer,
2037 Sid,
2038 SidLength,
2039 lpReferencedDomainNameW,
2040 hReferencedDomainNameLength,
2041 SidNameUse);
2042
2043 if (ret && lpReferencedDomainNameW)
2044 {
2046 0,
2047 lpReferencedDomainNameW,
2048 *hReferencedDomainNameLength + 1,
2050 *hReferencedDomainNameLength + 1,
2051 NULL,
2052 NULL);
2053 }
2054
2055 RtlFreeUnicodeString(&lpSystemW);
2056 RtlFreeUnicodeString(&lpAccountW);
2057 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
2058
2059 return ret;
2060}
BOOL WINAPI LookupAccountNameW(LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, LPDWORD cbSid, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:626
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR ReferencedDomainName
Definition: winbase.h:2734

Referenced by check_wellknown_name(), and test_LookupAccountName().

◆ LookupPrivilegeDisplayNameA()

BOOL WINAPI LookupPrivilegeDisplayNameA ( LPCSTR  lpSystemName,
LPCSTR  lpName,
LPSTR  lpDisplayName,
LPDWORD  cchDisplayName,
LPDWORD  lpLanguageId 
)

Definition at line 1241 of file security.c.

1246{
1247 UNICODE_STRING lpSystemNameW;
1248 UNICODE_STRING lpNameW;
1249 BOOL ret;
1250 DWORD wLen = 0;
1251
1252 TRACE("%s %s %p %p %p\n", debugstr_a(lpSystemName), debugstr_a(lpName), lpName, cchDisplayName, lpLanguageId);
1253
1254 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1256 ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, NULL, &wLen, lpLanguageId);
1258 {
1259 LPWSTR