ReactOS 0.4.15-dev-6656-gbbb33a6
Classes | Macros | Typedefs | Functions | Variables
security.c File Reference
#include <advapi32.h>
#include <sddl.h>
Include dependency graph for security.c:

Go to the source code of this file.

Classes

struct  _ACEFLAG
 
union  _MAX_SID
 
struct  WELLKNOWNSID
 
struct  WELLKNOWNRID
 

Macros

#define ADS_RIGHT_DS_CREATE_CHILD   0x0001
 
#define ADS_RIGHT_DS_DELETE_CHILD   0x0002
 
#define ADS_RIGHT_ACTRL_DS_LIST   0x0004
 
#define ADS_RIGHT_DS_SELF   0x0008
 
#define ADS_RIGHT_DS_READ_PROP   0x0010
 
#define ADS_RIGHT_DS_WRITE_PROP   0x0020
 
#define ADS_RIGHT_DS_DELETE_TREE   0x0040
 
#define ADS_RIGHT_DS_LIST_OBJECT   0x0080
 
#define ADS_RIGHT_DS_CONTROL_ACCESS   0x0100
 

Typedefs

typedef struct _ACEFLAG ACEFLAG
 
typedef struct _ACEFLAGLPACEFLAG
 
typedef struct _MAX_SID MAX_SID
 
typedef struct WELLKNOWNSID WELLKNOWNSID
 
typedef struct WELLKNOWNRID WELLKNOWNRID
 

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (advapi)
 
static BOOL ParseStringSidToSid (LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
 
static const chardebugstr_sid (PSID sid)
 
static __inline BOOL set_ntstatus (NTSTATUS status)
 
static LPWSTR SERV_dup (LPCSTR str)
 
BOOL ADVAPI_IsLocalComputer (LPCWSTR ServerName)
 
BOOL ADVAPI_GetComputerSid (PSID sid)
 
BOOL WINAPI OpenProcessToken (HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
 
BOOL WINAPI OpenThreadToken (HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
 
BOOL WINAPI AdjustTokenGroups (HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState, DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength)
 
BOOL WINAPI AdjustTokenPrivileges (HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
 
BOOL WINAPI GetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
 
BOOL WINAPI SetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
 
BOOL WINAPI SetThreadToken (IN PHANDLE ThreadHandle OPTIONAL, IN HANDLE TokenHandle)
 
BOOL WINAPI CreateRestrictedToken (_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
 Creates a filtered token that is a restricted one of the regular access token. A restricted token can have disabled SIDs, deleted privileges and/or restricted SIDs added.
 
BOOL WINAPI AllocateAndInitializeSid (PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
 
PVOID WINAPI FreeSid (PSID pSid)
 
BOOL WINAPI CopySid (DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
 
BOOL WINAPI CreateWellKnownSid (IN WELL_KNOWN_SID_TYPE WellKnownSidType, IN PSID DomainSid OPTIONAL, OUT PSID pSid, IN OUT DWORD *cbSid)
 
BOOL WINAPI IsWellKnownSid (IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType)
 
BOOL WINAPI IsValidSid (PSID pSid)
 
BOOL WINAPI EqualSid (PSID pSid1, PSID pSid2)
 
BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
 
DWORD WINAPI GetSidLengthRequired (UCHAR nSubAuthorityCount)
 
BOOL WINAPI InitializeSid (PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
 
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority (PSID pSid)
 
PDWORD WINAPI GetSidSubAuthority (PSID pSid, DWORD nSubAuthority)
 
PUCHAR WINAPI GetSidSubAuthorityCount (PSID pSid)
 
DWORD WINAPI GetLengthSid (PSID pSid)
 
BOOL WINAPI InitializeSecurityDescriptor (PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
 
BOOL WINAPI MakeAbsoluteSD (PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
 
BOOL WINAPI GetKernelObjectSecurity (HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI InitializeAcl (PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
 
BOOL WINAPI ImpersonateNamedPipeClient (HANDLE hNamedPipe)
 
BOOL WINAPI AddAccessAllowedAce (PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessAllowedAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessDeniedAce (PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessDeniedAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAce (PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
 
BOOL WINAPI DeleteAce (PACL pAcl, DWORD dwAceIndex)
 
BOOL WINAPI FindFirstFreeAce (PACL pAcl, LPVOID *pAce)
 
BOOL WINAPI GetAce (PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
 
BOOL WINAPI GetAclInformation (PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
 
BOOL WINAPI IsValidAcl (PACL pAcl)
 
BOOL WINAPI AllocateLocallyUniqueId (PLUID Luid)
 
BOOL WINAPI LookupPrivilegeDisplayNameA (LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
 
BOOL WINAPI LookupPrivilegeNameA (LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
 
BOOL WINAPI GetFileSecurityA (LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI GetFileSecurityW (LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI SetFileSecurityA (LPCSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
 
BOOL WINAPI SetFileSecurityW (LPCWSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
 
BOOL WINAPI QueryWindows31FilesMigration (DWORD x1)
 
BOOL WINAPI SynchronizeWindows31FilesAndWindowsNTRegistry (DWORD x1, DWORD x2, DWORD x3, DWORD x4)
 
BOOL WINAPI RevertToSelf (VOID)
 
BOOL WINAPI ImpersonateSelf (SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
BOOL WINAPI AccessCheck (IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT LPDWORD PrivilegeSetLength, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus)
 
BOOL WINAPI AccessCheckByType (_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ DWORD DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ DWORD ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ LPDWORD PrivilegeSetLength, _Out_ LPDWORD GrantedAccess, _Out_ LPBOOL AccessStatus)
 Determines whether security access can be granted to a client that requests such access on the object type list. The access is either granted or denied for the whole object hierarchy in the list.
 
BOOL WINAPI AccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ DWORD DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ DWORD ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ LPDWORD PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) LPDWORD GrantedAccess, _Out_writes_(ObjectTypeListLength) LPBOOL AccessStatus)
 Determines whether security access can be granted to a client that requests such access on the object type list. Unlike the AccessCheckByType variant, this function will grant or deny access to each individual object and sub-object in the list.
 
BOOL WINAPI SetKernelObjectSecurity (HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
 
BOOL WINAPI AddAuditAccessAce (PACL pAcl, DWORD dwAceRevision, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
 
BOOL WINAPI AddAuditAccessAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
 
BOOL WINAPI LookupAccountNameA (LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
 
BOOL WINAPI PrivilegeCheck (HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
 
DWORD WINAPI GetSecurityInfoExA (HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup)
 
DWORD WINAPI GetSecurityInfoExW (HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup)
 
VOID WINAPI BuildExplicitAccessWithNameA (PEXPLICIT_ACCESSA pExplicitAccess, LPSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
 
VOID WINAPI BuildExplicitAccessWithNameW (PEXPLICIT_ACCESSW pExplicitAccess, LPWSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
 
VOID WINAPI BuildTrusteeWithObjectsAndNameA (PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName, SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName, LPSTR InheritedObjectTypeName, LPSTR Name)
 
VOID WINAPI BuildTrusteeWithObjectsAndNameW (PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName, SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName, LPWSTR InheritedObjectTypeName, LPWSTR Name)
 
VOID WINAPI BuildTrusteeWithObjectsAndSidA (PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
 
VOID WINAPI BuildTrusteeWithObjectsAndSidW (PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
 
VOID WINAPI BuildTrusteeWithSidA (PTRUSTEE_A pTrustee, PSID pSid)
 
VOID WINAPI BuildTrusteeWithSidW (PTRUSTEE_W pTrustee, PSID pSid)
 
VOID WINAPI BuildTrusteeWithNameA (PTRUSTEE_A pTrustee, LPSTR name)
 
VOID WINAPI BuildTrusteeWithNameW (PTRUSTEE_W pTrustee, LPWSTR name)
 
TRUSTEE_FORM WINAPI GetTrusteeFormA (PTRUSTEEA pTrustee)
 
TRUSTEE_FORM WINAPI GetTrusteeFormW (PTRUSTEEW pTrustee)
 
LPSTR WINAPI GetTrusteeNameA (PTRUSTEE_A pTrustee)
 
LPWSTR WINAPI GetTrusteeNameW (PTRUSTEE_W pTrustee)
 
TRUSTEE_TYPE WINAPI GetTrusteeTypeA (PTRUSTEE_A pTrustee)
 
TRUSTEE_TYPE WINAPI GetTrusteeTypeW (PTRUSTEE_W pTrustee)
 
BOOL WINAPI SetAclInformation (PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
 
DWORD WINAPI SetNamedSecurityInfoA (LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
 
BOOL WINAPI AreAllAccessesGranted (DWORD GrantedAccess, DWORD DesiredAccess)
 
BOOL WINAPI AreAnyAccessesGranted (DWORD GrantedAccess, DWORD DesiredAccess)
 
static DWORD ParseAclStringFlags (LPCWSTR *StringAcl)
 
static BYTE ParseAceStringType (LPCWSTR *StringAcl)
 
static BYTE ParseAceStringFlags (LPCWSTR *StringAcl)
 
static DWORD ParseAceStringRights (LPCWSTR *StringAcl)
 
static BOOL ParseStringAclToAcl (LPCWSTR StringAcl, LPDWORD lpdwFlags, PACL pAcl, LPDWORD cBytes)
 
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor (LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
 
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA (LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
 
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW (LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
 
static void DumpString (LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSidNumeric (PSID psid, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSid (PSID psid, WCHAR **pwptr, ULONG *plen)
 
static void DumpRights (DWORD mask, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpAce (LPVOID pace, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpAcl (PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
 
static BOOL DumpOwner (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpGroup (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpDacl (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSacl (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW (PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
 
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA (PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
 
BOOL WINAPI ConvertStringSidToSidW (LPCWSTR StringSid, PSID *Sid)
 
BOOL WINAPI ConvertStringSidToSidA (LPCSTR StringSid, PSID *Sid)
 
BOOL WINAPI ConvertSidToStringSidW (PSID Sid, LPWSTR *StringSid)
 
BOOL WINAPI ConvertSidToStringSidA (PSID Sid, LPSTR *StringSid)
 
static DWORD GetUnicodeEnvironmentSize (PVOID pEnvironment)
 
static DWORD GetAnsiEnvironmentSize (PVOID pEnvironment)
 
BOOL WINAPI CreateProcessWithLogonW (_In_ LPCWSTR lpUsername, _In_opt_ LPCWSTR lpDomain, _In_ LPCWSTR lpPassword, _In_ DWORD dwLogonFlags, _In_opt_ LPCWSTR lpApplicationName, _Inout_opt_ LPWSTR lpCommandLine, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCWSTR lpCurrentDirectory, _In_ LPSTARTUPINFOW lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation)
 
BOOL WINAPI CreateProcessWithTokenW (HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line, DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info, PROCESS_INFORMATION *process_information)
 
BOOL WINAPI DuplicateTokenEx (IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
 
BOOL WINAPI DuplicateToken (IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
 
static DWORD ComputeStringSidSize (LPCWSTR StringSid)
 
DWORD WINAPI GetNamedSecurityInfoA (LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
 
BOOL WINAPI GetWindowsAccountDomainSid (PSID sid, PSID domain_sid, DWORD *size)
 
BOOL WINAPI EqualDomainSid (IN PSID pSid1, IN PSID pSid2, OUT BOOL *pfEqual)
 

Variables

static const WELLKNOWNSID WellKnownSids []
 
static const WELLKNOWNRID WellKnownRids []
 
static const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }
 
static const WCHAR SDDL_NO_READ_UP [] = {'N','R',0}
 
static const WCHAR SDDL_NO_WRITE_UP [] = {'N','W',0}
 
static const WCHAR SDDL_NO_EXECUTE_UP [] = {'N','X',0}
 
static const WCHAR SDDL_ACCESS_ALLOWED [] = {'A',0}
 
static const WCHAR SDDL_ACCESS_DENIED [] = {'D',0}
 
static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED [] = {'O','A',0}
 
static const WCHAR SDDL_OBJECT_ACCESS_DENIED [] = {'O','D',0}
 
static const WCHAR SDDL_AUDIT [] = {'A','U',0}
 
static const WCHAR SDDL_ALARM [] = {'A','L',0}
 
static const WCHAR SDDL_MANDATORY_LABEL [] = {'M','L',0}
 
static const WCHAR SDDL_OBJECT_AUDIT [] = {'O','U',0}
 
static const WCHAR SDDL_OBJECT_ALARM [] = {'O','L',0}
 
static const WCHAR SDDL_CONTAINER_INHERIT [] = {'C','I',0}
 
static const WCHAR SDDL_OBJECT_INHERIT [] = {'O','I',0}
 
static const WCHAR SDDL_NO_PROPAGATE [] = {'N','P',0}
 
static const WCHAR SDDL_INHERIT_ONLY [] = {'I','O',0}
 
static const WCHAR SDDL_INHERITED [] = {'I','D',0}
 
static const WCHAR SDDL_AUDIT_SUCCESS [] = {'S','A',0}
 
static const WCHAR SDDL_AUDIT_FAILURE [] = {'F','A',0}
 
static const ACEFLAG AceType []
 
static const ACEFLAG AceFlags []
 
static const ACEFLAG AceRights []
 
static const LPCWSTR AceRightBitNames [32]
 

Macro Definition Documentation

◆ ADS_RIGHT_ACTRL_DS_LIST

#define ADS_RIGHT_ACTRL_DS_LIST   0x0004

Definition at line 157 of file security.c.

◆ ADS_RIGHT_DS_CONTROL_ACCESS

#define ADS_RIGHT_DS_CONTROL_ACCESS   0x0100

Definition at line 163 of file security.c.

◆ ADS_RIGHT_DS_CREATE_CHILD

#define ADS_RIGHT_DS_CREATE_CHILD   0x0001

Definition at line 155 of file security.c.

◆ ADS_RIGHT_DS_DELETE_CHILD

#define ADS_RIGHT_DS_DELETE_CHILD   0x0002

Definition at line 156 of file security.c.

◆ ADS_RIGHT_DS_DELETE_TREE

#define ADS_RIGHT_DS_DELETE_TREE   0x0040

Definition at line 161 of file security.c.

◆ ADS_RIGHT_DS_LIST_OBJECT

#define ADS_RIGHT_DS_LIST_OBJECT   0x0080

Definition at line 162 of file security.c.

◆ ADS_RIGHT_DS_READ_PROP

#define ADS_RIGHT_DS_READ_PROP   0x0010

Definition at line 159 of file security.c.

◆ ADS_RIGHT_DS_SELF

#define ADS_RIGHT_DS_SELF   0x0008

Definition at line 158 of file security.c.

◆ ADS_RIGHT_DS_WRITE_PROP

#define ADS_RIGHT_DS_WRITE_PROP   0x0020

Definition at line 160 of file security.c.

Typedef Documentation

◆ ACEFLAG

typedef struct _ACEFLAG ACEFLAG

◆ LPACEFLAG

typedef struct _ACEFLAG * LPACEFLAG

◆ MAX_SID

typedef struct _MAX_SID MAX_SID

◆ WELLKNOWNRID

typedef struct WELLKNOWNRID WELLKNOWNRID

◆ WELLKNOWNSID

typedef struct WELLKNOWNSID WELLKNOWNSID

Function Documentation

◆ AccessCheck()

BOOL WINAPI AccessCheck ( IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN HANDLE  ClientToken,
IN DWORD  DesiredAccess,
IN PGENERIC_MAPPING  GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet  OPTIONAL,
IN OUT LPDWORD  PrivilegeSetLength,
OUT LPDWORD  GrantedAccess,
OUT LPBOOL  AccessStatus 
)

Definition at line 1652 of file security.c.

1660{
1661 NTSTATUS Status;
1662 NTSTATUS NtAccessStatus;
1663
1664 /* Do the access check */
1665 Status = NtAccessCheck(pSecurityDescriptor,
1666 ClientToken,
1667 DesiredAccess,
1668 GenericMapping,
1669 PrivilegeSet,
1670 (PULONG)PrivilegeSetLength,
1671 (PACCESS_MASK)GrantedAccess,
1672 &NtAccessStatus);
1673
1674 /* See if the access check operation succeeded */
1675 if (!NT_SUCCESS(Status))
1676 {
1677 /* Check failed */
1678 SetLastError(RtlNtStatusToDosError(Status));
1679 return FALSE;
1680 }
1681
1682 /* Now check the access status */
1683 if (!NT_SUCCESS(NtAccessStatus))
1684 {
1685 /* Access denied */
1686 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1687 *AccessStatus = FALSE;
1688 }
1689 else
1690 {
1691 /* Access granted */
1692 *AccessStatus = TRUE;
1693 }
1694
1695 /* Check succeeded */
1696 return TRUE;
1697}
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NtAccessCheck
NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on an object.
Definition: accesschk.c:2186
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SetLastError
#define SetLastError(x)
Definition: compat.h:752
Status
Status
Definition: gdiplustypes.h:25
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20

Referenced by test_AccessCheck(), test_default_handle_security(), and test_FileSecurity().

◆ AccessCheckByType()

BOOL WINAPI AccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  pSecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ DWORD  DesiredAccess,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ DWORD  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ LPDWORD  PrivilegeSetLength,
_Out_ LPDWORD  GrantedAccess,
_Out_ LPBOOL  AccessStatus 
)

Determines whether security access can be granted to a client that requests such access on the object type list. The access is either granted or denied for the whole object hierarchy in the list.

Parameters
[in]pSecurityDescriptorA pointer to a security descriptor that identifies the security information of an object being accessed. This function walks through this descriptor for any ACLs and respective access rights if access can be granted.
[in]PrincipalSelfSidA pointer to a principal self SID. This parameter can be NULL if the associated object being checked for access does not represent a principal.
[in]ClientTokenA handle to an access token, that identifies the client of which requests access to the target object.
[in]DesiredAccessThe access right bitmask where the client wants to acquire. This can be an OR'ed set of multiple access rights or MAXIMUM_ALLOWED to request all of possible access rights the target object allows. If only some rights were granted but not all the access is deemed as denied.
[in]ObjectTypeListA pointer to a given object type list. If this parameter is not NULL the function will perform an access check against the main object and sub-objects of this list. If this parameter is NULL and ObjectTypeListLength is 0, the function will perform a normal access check instead.
[in]ObjectTypeListLengthThe length of the object type list array, pointed by ObjectTypeList. This length in question represents the number of elements in such array. This parameter must be 0 if no array list is provided.
[in]GenericMappingThe generic mapping of access rights of an object type.
[out]PrivilegeSetA pointer to a set of privileges that were used to perform the access check, returned to caller. This function will return no privileges (privilege count set to 0) if no privileges were used to accomplish the access check. This parameter must not be NULL!
[in,out]PrivilegeSetLengthThe total length size of a set of privileges. This length represents the count of elements in the privilege set array.
[out]GrantedAccessA pointer to granted access rights, returned to the caller.
[out]AccessStatusA pointer to a boolean value that indicates whether access is granted or denied to the client that requests access to the entire hierarchy of an object type list. If ObjectTypeList is NULL, this value represents the access that is granted or denied to the target object, just like in AccessCheck.
Returns
The function returns TRUE if the access check operation has completed successfully, otherwise it returns FALSE.

Definition at line 1769 of file security.c.

1781{
1782 NTSTATUS Status;
1783 NTSTATUS NtAccessStatus;
1784
1785 Status = NtAccessCheckByType(pSecurityDescriptor,
1786 PrincipalSelfSid,
1787 ClientToken,
1788 DesiredAccess,
1789 ObjectTypeList,
1790 ObjectTypeListLength,
1791 GenericMapping,
1792 PrivilegeSet,
1793 PrivilegeSetLength,
1794 (PACCESS_MASK)GrantedAccess,
1795 &NtAccessStatus);
1796 if (!NT_SUCCESS(Status))
1797 {
1798 SetLastError(RtlNtStatusToDosError(Status));
1799 return FALSE;
1800 }
1801
1802 if (!NT_SUCCESS(NtAccessStatus))
1803 {
1804 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1805 *AccessStatus = FALSE;
1806 }
1807 else
1808 {
1809 *AccessStatus = TRUE;
1810 }
1811
1812 return TRUE;
1813}
NtAccessCheckByType
NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2226

◆ AccessCheckByTypeResultList()

BOOL WINAPI AccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  pSecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ DWORD  DesiredAccess,
_In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ DWORD  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ LPDWORD  PrivilegeSetLength,
_Out_writes_(ObjectTypeListLength) LPDWORD  GrantedAccess,
_Out_writes_(ObjectTypeListLength) LPBOOL  AccessStatus 
)

Determines whether security access can be granted to a client that requests such access on the object type list. Unlike the AccessCheckByType variant, this function will grant or deny access to each individual object and sub-object in the list.

Parameters
[in]pSecurityDescriptorA pointer to a security descriptor that identifies the security information of an object being accessed. This function walks through this descriptor for any ACLs and respective access rights if access can be granted.
[in]PrincipalSelfSidA pointer to a principal self SID. This parameter can be NULL if the associated object being checked for access does not represent a principal.
[in]ClientTokenA handle to an access token, that identifies the client of which requests access to the target object.
[in]DesiredAccessThe access right bitmask where the client wants to acquire. This can be an OR'ed set of multiple access rights or MAXIMUM_ALLOWED to request all of possible access rights the target object allows. If only some rights were granted but not all the access is deemed as denied.
[in]ObjectTypeListA pointer to a given object type list. This function will perform an access check against the main object and sub-objects of this list. This parameter must not be NULL!
[in]ObjectTypeListLengthThe length of the object type list array, pointed by ObjectTypeList. This length in question represents the number of elements in such array. This parameter must be 0 if no array list is provided.
[in]GenericMappingThe generic mapping of access rights of an object type.
[out]PrivilegeSetA pointer to a set of privileges that were used to perform the access check, returned to caller. This function will return no privileges (privilege count set to 0) if no privileges were used to accomplish the access check. This parameter must not be NULL!
[in,out]PrivilegeSetLengthThe total length size of a set of privileges. This length represents the count of elements in the privilege set array.
[out]GrantedAccessA pointer to granted access rights. This parameter is an array of granted rights for the object and each sub-object of an object type list.
[out]AccessStatusA pointer to a boolean value that indicates whether access is granted or denied to the client that requests access to the object and sub-objects of an object type list. This parameter is an array of boolean values for the object and each individual sub-object of the list.
Returns
The function returns TRUE if the access check operation has completed successfully, otherwise it returns FALSE.

Definition at line 1883 of file security.c.

1895{
1896 NTSTATUS Status;
1897 DWORD ResultListIndex;
1898 PNTSTATUS NtAccessStatus = NULL;
1899
1900 Status = NtAccessCheckByTypeResultList(pSecurityDescriptor,
1901 PrincipalSelfSid,
1902 ClientToken,
1903 DesiredAccess,
1904 ObjectTypeList,
1905 ObjectTypeListLength,
1906 GenericMapping,
1907 PrivilegeSet,
1908 PrivilegeSetLength,
1909 (PACCESS_MASK)GrantedAccess,
1910 NtAccessStatus);
1911 if (!NT_SUCCESS(Status))
1912 {
1913 SetLastError(RtlNtStatusToDosError(Status));
1914 return FALSE;
1915 }
1916
1917 for (ResultListIndex = 0; ResultListIndex < ObjectTypeListLength; ResultListIndex++)
1918 {
1919 AccessStatus[ResultListIndex] = RtlNtStatusToDosError(NtAccessStatus[ResultListIndex]);
1920 }
1921
1922 return TRUE;
1923}
NtAccessCheckByTypeResultList
NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2269
NULL
#define NULL
Definition: types.h:112
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
PNTSTATUS
* PNTSTATUS
Definition: strlen.c:14

◆ AddAccessAllowedAce()

BOOL WINAPI AddAccessAllowedAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1041 of file security.c.

1045{
1046 NTSTATUS Status;
1047
1048 Status = RtlAddAccessAllowedAce(pAcl,
1049 dwAceRevision,
1050 AccessMask,
1051 pSid);
1052 if (!NT_SUCCESS(Status))
1053 {
1054 SetLastError(RtlNtStatusToDosError(Status));
1055 return FALSE;
1056 }
1057
1058 return TRUE;
1059}
RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
pSid
static PSID pSid
Definition: security.c:74
AccessMask
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
dwAceRevision
_In_ ULONG dwAceRevision
Definition: rtlfuncs.h:1141

Referenced by AccRewriteSetEntriesInAcl(), convert_nfs4acl_2_dacl(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), GetShellSecurityDescriptor(), test_AccessCheck(), test_AddMandatoryAce(), test_GetExplicitEntriesFromAclW(), test_process_security(), test_SetEntriesInAclA(), and test_SetEntriesInAclW().

◆ AddAccessAllowedAceEx()

BOOL WINAPI AddAccessAllowedAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1065 of file security.c.

1070{
1071 NTSTATUS Status;
1072
1073 Status = RtlAddAccessAllowedAceEx(pAcl,
1074 dwAceRevision,
1075 AceFlags,
1076 AccessMask,
1077 pSid);
1078 if (!NT_SUCCESS(Status))
1079 {
1080 SetLastError(RtlNtStatusToDosError(Status));
1081 return FALSE;
1082 }
1083
1084 return TRUE;
1085}
AceFlags
static const ACEFLAG AceFlags[]
Definition: security.c:2626
RtlAddAccessAllowedAceEx
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), CreateApplicationDesktopSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), get_sd(), and GetShellSecurityDescriptor().

◆ AddAccessDeniedAce()

BOOL WINAPI AddAccessDeniedAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1092 of file security.c.

1096{
1097 NTSTATUS Status;
1098
1099 Status = RtlAddAccessDeniedAce(pAcl,
1100 dwAceRevision,
1101 AccessMask,
1102 pSid);
1103 if (!NT_SUCCESS(Status))
1104 {
1105 SetLastError(RtlNtStatusToDosError(Status));
1106 return FALSE;
1107 }
1108
1109 return TRUE;
1110}
RtlAddAccessDeniedAce
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)

Referenced by AccRewriteSetEntriesInAcl(), convert_nfs4acl_2_dacl(), GetShellSecurityDescriptor(), test_AccessCheck(), and test_process_security().

◆ AddAccessDeniedAceEx()

BOOL WINAPI AddAccessDeniedAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1116 of file security.c.

1121{
1122 NTSTATUS Status;
1123
1124 Status = RtlAddAccessDeniedAceEx(pAcl,
1125 dwAceRevision,
1126 AceFlags,
1127 AccessMask,
1128 pSid);
1129 if (!NT_SUCCESS(Status))
1130 {
1131 SetLastError(RtlNtStatusToDosError(Status));
1132 return FALSE;
1133 }
1134
1135 return TRUE;
1136}
RtlAddAccessDeniedAceEx
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)

Referenced by GetShellSecurityDescriptor().

◆ AddAce()

BOOL WINAPI AddAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  dwStartingAceIndex,
LPVOID  pAceList,
DWORD  nAceListLength 
)

Definition at line 1143 of file security.c.

1148{
1149 NTSTATUS Status;
1150
1151 Status = RtlAddAce(pAcl,
1152 dwAceRevision,
1153 dwStartingAceIndex,
1154 pAceList,
1155 nAceListLength);
1156 if (!NT_SUCCESS(Status))
1157 {
1158 SetLastError(RtlNtStatusToDosError(Status));
1159 return FALSE;
1160 }
1161
1162 return TRUE;
1163}
RtlAddAce
NTSYSAPI NTSTATUS NTAPI RtlAddAce(_Inout_ PACL Acl, _In_ ULONG AceRevision, _In_ ULONG StartingAceIndex, _In_reads_bytes_(AceListLength) PVOID AceList, _In_ ULONG AceListLength)

Referenced by test_AddAce().

◆ AddAuditAccessAce()

BOOL WINAPI AddAuditAccessAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  dwAccessMask,
PSID  pSid,
BOOL  bAuditSuccess,
BOOL  bAuditFailure 
)

Definition at line 1953 of file security.c.

1959{
1960 NTSTATUS Status;
1961
1962 Status = RtlAddAuditAccessAce(pAcl,
1963 dwAceRevision,
1964 dwAccessMask,
1965 pSid,
1966 bAuditSuccess,
1967 bAuditFailure);
1968 if (!NT_SUCCESS(Status))
1969 {
1970 SetLastError(RtlNtStatusToDosError(Status));
1971 return FALSE;
1972 }
1973
1974 return TRUE;
1975}
RtlAddAuditAccessAce
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)

◆ AddAuditAccessAceEx()

BOOL WINAPI AddAuditAccessAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  dwAccessMask,
PSID  pSid,
BOOL  bAuditSuccess,
BOOL  bAuditFailure 
)

Definition at line 1981 of file security.c.

1988{
1989 NTSTATUS Status;
1990
1991 Status = RtlAddAuditAccessAceEx(pAcl,
1992 dwAceRevision,
1993 AceFlags,
1994 dwAccessMask,
1995 pSid,
1996 bAuditSuccess,
1997 bAuditFailure);
1998 if (!NT_SUCCESS(Status))
1999 {
2000 SetLastError(RtlNtStatusToDosError(Status));
2001 return FALSE;
2002 }
2003
2004 return TRUE;
2005}
RtlAddAuditAccessAceEx
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)

◆ AdjustTokenGroups()

BOOL WINAPI AdjustTokenGroups ( HANDLE  TokenHandle,
BOOL  ResetToDefault,
PTOKEN_GROUPS  NewState,
DWORD  BufferLength,
PTOKEN_GROUPS  PreviousState,
PDWORD  ReturnLength 
)

Definition at line 348 of file security.c.

354{
355 NTSTATUS Status;
356
357 Status = NtAdjustGroupsToken(TokenHandle,
358 ResetToDefault,
359 NewState,
360 BufferLength,
361 PreviousState,
362 (PULONG)ReturnLength);
363 if (!NT_SUCCESS(Status))
364 {
365 SetLastError(RtlNtStatusToDosError(Status));
366 return FALSE;
367 }
368
369 return TRUE;
370}
ReturnLength
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:43
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:718
NtAdjustGroupsToken
NTSTATUS NTAPI NtAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
Changes the list of groups by enabling or disabling them in an access token. Unlike NtAdjustPrivilege...
Definition: tokenadj.c:695
PreviousState
_In_ WDF_POWER_DEVICE_STATE PreviousState
Definition: wdfdevice.h:829
BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771

◆ AdjustTokenPrivileges()

BOOL WINAPI AdjustTokenPrivileges ( HANDLE  TokenHandle,
BOOL  DisableAllPrivileges,
PTOKEN_PRIVILEGES  NewState,
DWORD  BufferLength,
PTOKEN_PRIVILEGES  PreviousState,
PDWORD  ReturnLength 
)

Definition at line 376 of file security.c.

382{
383 NTSTATUS Status;
384
385 Status = NtAdjustPrivilegesToken(TokenHandle,
386 DisableAllPrivileges,
387 NewState,
388 BufferLength,
389 PreviousState,
390 (PULONG)ReturnLength);
391 if (STATUS_NOT_ALL_ASSIGNED == Status)
392 {
393 SetLastError(ERROR_NOT_ALL_ASSIGNED);
394 return TRUE;
395 }
396
397 if (!NT_SUCCESS(Status))
398 {
399 SetLastError(RtlNtStatusToDosError(Status));
400 return FALSE;
401 }
402
403 /* AdjustTokenPrivileges is documented to do this */
404 SetLastError(ERROR_SUCCESS);
405
406 return TRUE;
407}
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
STATUS_NOT_ALL_ASSIGNED
#define STATUS_NOT_ALL_ASSIGNED
Definition: ntstatus.h:85
NtAdjustPrivilegesToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
Removes a certain amount of privileges of a token based upon the request by the caller.
Definition: tokenadj.c:451
ERROR_NOT_ALL_ASSIGNED
#define ERROR_NOT_ALL_ASSIGNED
Definition: winerror.h:782

Referenced by AcquireRemoveRestorePrivilege(), AddDeviceW(), DisablePrivilege(), DisableTokenPrivileges(), EnablePrivilege(), EnableProcessPrivileges(), CShellCommandSACL::Execute(), FormatEx2(), InstallReactOS(), named_pipe_client_func(), PauseBalanceW(), Privilege(), pSetupEnablePrivilege(), RecvSubvolGUIW(), RecvSubvolW(), RemoveDeviceW(), ResetStatsW(), ResizeDeviceW(), ScmEnableBackupRestorePrivileges(), SendSubvolGUIW(), SendSubvolW(), set_privileges(), SetDriverLoadPrivilege(), SetPrivilege(), ShowScrubW(), ShutdownSystem(), StartBalanceW(), StartScrubW(), StopBalanceW(), StopScrubW(), SystemSetLocalTime(), SystemSetTime(), test8(), test_AdjustTokenPrivileges(), test_SetFileValidData(), test_system_security_access(), UpdateDriver(), WinMain(), and wWinMain().

◆ ADVAPI_GetComputerSid()

BOOL ADVAPI_GetComputerSid ( PSID  sid)

Definition at line 275 of file security.c.

276{
277 static const struct /* same fields as struct SID */
278 {
279 BYTE Revision;
280 BYTE SubAuthorityCount;
281 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
282 DWORD SubAuthority[4];
283 } computer_sid =
284 { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } };
285
286 memcpy( sid, &computer_sid, sizeof(computer_sid) );
287 return TRUE;
288}
sid
FT_UInt sid
Definition: cffcmap.c:139
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
SubAuthorityCount
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
Definition: rtlfuncs.h:1515
Revision
_In_ ULONG Revision
Definition: rtlfuncs.h:1130
IdentifierAuthority
_In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: rtlfuncs.h:1513
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
SID_REVISION
#define SID_REVISION
Definition: setypes.h:481
SECURITY_NT_NON_UNIQUE
#define SECURITY_NT_NON_UNIQUE
Definition: setypes.h:577
BYTE
unsigned char BYTE
Definition: xxhash.c:193

Referenced by ComputeStringSidSize(), and ParseStringSidToSid().

◆ ADVAPI_IsLocalComputer()

BOOL ADVAPI_IsLocalComputer ( LPCWSTR  ServerName)

Definition at line 253 of file security.c.

254{
255 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
256 BOOL Result;
257 LPWSTR buf;
258
259 if (!ServerName || !ServerName[0])
260 return TRUE;
261
262 buf = heap_alloc(dwSize * sizeof(WCHAR));
263 Result = GetComputerNameW(buf, &dwSize);
264 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
265 ServerName += 2;
266 Result = Result && !lstrcmpW(ServerName, buf);
267 heap_free(buf);
268
269 return Result;
270}
heap_alloc
static void * heap_alloc(size_t len)
Definition: appwiz.h:66
heap_free
static BOOL heap_free(void *mem)
Definition: appwiz.h:76
GetComputerNameW
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
lstrcmpW
int WINAPI lstrcmpW(LPCWSTR lpString1, LPCWSTR lpString2)
Definition: lstring.c:170
dwSize
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
MAX_COMPUTERNAME_LENGTH
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:243
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184

◆ AllocateAndInitializeSid()

BOOL WINAPI AllocateAndInitializeSid ( PSID_IDENTIFIER_AUTHORITY  pIdentifierAuthority,
BYTE  nSubAuthorityCount,
DWORD  nSubAuthority0,
DWORD  nSubAuthority1,
DWORD  nSubAuthority2,
DWORD  nSubAuthority3,
DWORD  nSubAuthority4,
DWORD  nSubAuthority5,
DWORD  nSubAuthority6,
DWORD  nSubAuthority7,
PSID pSid 
)

Definition at line 676 of file security.c.

683{
684 return set_ntstatus( RtlAllocateAndInitializeSid(
685 pIdentifierAuthority, nSubAuthorityCount,
686 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
687 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
688 pSid ));
689}
set_ntstatus
static __inline BOOL set_ntstatus(NTSTATUS status)
Definition: security.c:229
RtlAllocateAndInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), check_wellknown_name(), CheckForGuestsAndAdmins(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreateLogoffSecurityAttributes(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), GetShellSecurityDescriptor(), is_process_limited(), is_token_admin(), IsCallerInteractive(), IsNTAdmin(), IsUserAdmin(), PerfDataInitialize(), pSetupIsUserAdmin(), SHTestTokenMembership(), START_TEST(), test_AccessCheck(), test_AddMandatoryAce(), test_CreateWellKnownSid(), test_EqualSid(), test_GetExplicitEntriesFromAclW(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_LookupAccountSid(), test_process_security(), test_reg_create_key(), test_reg_open_key(), test_SetEntriesInAclA(), test_SetEntriesInAclW(), test_sid(), and test_trustee().

◆ AllocateLocallyUniqueId()

BOOL WINAPI AllocateLocallyUniqueId ( PLUID  Luid)

Definition at line 1220 of file security.c.

1221{
1222 NTSTATUS Status;
1223
1224 Status = NtAllocateLocallyUniqueId (Luid);
1225 if (!NT_SUCCESS (Status))
1226 {
1227 SetLastError(RtlNtStatusToDosError(Status));
1228 return FALSE;
1229 }
1230
1231 return TRUE;
1232}
NtAllocateLocallyUniqueId
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:348

Referenced by CookupNodeId(), LogonUserExW(), MyLogonUser(), and wined3d_adapter_init().

◆ AreAllAccessesGranted()

BOOL WINAPI AreAllAccessesGranted ( DWORD  GrantedAccess,
DWORD  DesiredAccess 
)

Definition at line 2534 of file security.c.

2536{
2537 return (BOOL)RtlAreAllAccessesGranted(GrantedAccess,
2538 DesiredAccess);
2539}
RtlAreAllAccessesGranted
NTSYSAPI BOOLEAN NTAPI RtlAreAllAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)

◆ AreAnyAccessesGranted()

BOOL WINAPI AreAnyAccessesGranted ( DWORD  GrantedAccess,
DWORD  DesiredAccess 
)

Definition at line 2546 of file security.c.

2548{
2549 return (BOOL)RtlAreAnyAccessesGranted(GrantedAccess,
2550 DesiredAccess);
2551}
RtlAreAnyAccessesGranted
NTSYSAPI BOOLEAN NTAPI RtlAreAnyAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)

◆ BuildExplicitAccessWithNameA()

VOID WINAPI BuildExplicitAccessWithNameA ( PEXPLICIT_ACCESSA  pExplicitAccess,
LPSTR  pTrusteeName,
DWORD  AccessPermissions,
ACCESS_MODE  AccessMode,
DWORD  Inheritance 
)

Definition at line 2132 of file security.c.

2137{
2138 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2139 pExplicitAccess->grfAccessMode = AccessMode;
2140 pExplicitAccess->grfInheritance = Inheritance;
2141
2142 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2143 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2144 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2145 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2146 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2147}
TRUSTEE_IS_NAME
@ TRUSTEE_IS_NAME
Definition: accctrl.h:190
TRUSTEE_IS_UNKNOWN
@ TRUSTEE_IS_UNKNOWN
Definition: accctrl.h:176
NO_MULTIPLE_TRUSTEE
@ NO_MULTIPLE_TRUSTEE
Definition: accctrl.h:198
_EXPLICIT_ACCESS_A::grfAccessPermissions
DWORD grfAccessPermissions
Definition: accctrl.h:332
_EXPLICIT_ACCESS_A::Trustee
TRUSTEE_A Trustee
Definition: accctrl.h:335
_EXPLICIT_ACCESS_A::grfInheritance
DWORD grfInheritance
Definition: accctrl.h:334
_EXPLICIT_ACCESS_A::grfAccessMode
ACCESS_MODE grfAccessMode
Definition: accctrl.h:333
_TRUSTEE_A::MultipleTrusteeOperation
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:205
_TRUSTEE_A::TrusteeType
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:207
_TRUSTEE_A::TrusteeForm
TRUSTEE_FORM TrusteeForm
Definition: accctrl.h:206
_TRUSTEE_A::pMultipleTrustee
struct _TRUSTEE_A * pMultipleTrustee
Definition: accctrl.h:204
_TRUSTEE_A::ptstrName
LPSTR ptstrName
Definition: accctrl.h:208
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396

◆ BuildExplicitAccessWithNameW()

VOID WINAPI BuildExplicitAccessWithNameW ( PEXPLICIT_ACCESSW  pExplicitAccess,
LPWSTR  pTrusteeName,
DWORD  AccessPermissions,
ACCESS_MODE  AccessMode,
DWORD  Inheritance 
)

Definition at line 2154 of file security.c.

2159{
2160 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2161 pExplicitAccess->grfAccessMode = AccessMode;
2162 pExplicitAccess->grfInheritance = Inheritance;
2163
2164 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2165 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2166 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2167 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2168 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2169}
_EXPLICIT_ACCESS_W::grfAccessPermissions
DWORD grfAccessPermissions
Definition: accctrl.h:340
_EXPLICIT_ACCESS_W::grfInheritance
DWORD grfInheritance
Definition: accctrl.h:342
_EXPLICIT_ACCESS_W::Trustee
TRUSTEE_W Trustee
Definition: accctrl.h:343
_EXPLICIT_ACCESS_W::grfAccessMode
ACCESS_MODE grfAccessMode
Definition: accctrl.h:341
_TRUSTEE_W::ptstrName
LPWSTR ptstrName
Definition: accctrl.h:217
_TRUSTEE_W::pMultipleTrustee
struct _TRUSTEE_W * pMultipleTrustee
Definition: accctrl.h:213
_TRUSTEE_W::TrusteeType
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:216
_TRUSTEE_W::TrusteeForm
TRUSTEE_FORM TrusteeForm
Definition: accctrl.h:215
_TRUSTEE_W::MultipleTrusteeOperation
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:214

◆ BuildTrusteeWithNameA()

VOID WINAPI BuildTrusteeWithNameA ( PTRUSTEE_A  pTrustee,
LPSTR  name 
)

Definition at line 2377 of file security.c.

2379{
2380 TRACE("%p %s\n", pTrustee, name);
2381
2382 pTrustee->pMultipleTrustee = NULL;
2383 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2384 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2385 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2386 pTrustee->ptstrName = name;
2387}
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
name
Definition: name.c:39

◆ BuildTrusteeWithNameW()

VOID WINAPI BuildTrusteeWithNameW ( PTRUSTEE_W  pTrustee,
LPWSTR  name 
)

Definition at line 2393 of file security.c.

2395{
2396 TRACE("%p %s\n", pTrustee, name);
2397
2398 pTrustee->pMultipleTrustee = NULL;
2399 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2400 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2401 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2402 pTrustee->ptstrName = name;
2403}

◆ BuildTrusteeWithObjectsAndNameA()

VOID WINAPI BuildTrusteeWithObjectsAndNameA ( PTRUSTEEA  pTrustee,
POBJECTS_AND_NAME_A  pObjName,
SE_OBJECT_TYPE  ObjectType,
LPSTR  ObjectTypeName,
LPSTR  InheritedObjectTypeName,
LPSTR  Name 
)

Definition at line 2174 of file security.c.

2177{
2178 DWORD ObjectsPresent = 0;
2179
2180 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2181 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
2182
2183 /* Fill the OBJECTS_AND_NAME structure */
2184 pObjName->ObjectType = ObjectType;
2185 if (ObjectTypeName != NULL)
2186 {
2187 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2188 }
2189
2190 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2191 if (InheritedObjectTypeName != NULL)
2192 {
2193 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2194 }
2195
2196 pObjName->ObjectsPresent = ObjectsPresent;
2197 pObjName->ptstrName = Name;
2198
2199 /* Fill the TRUSTEE structure */
2200 pTrustee->pMultipleTrustee = NULL;
2201 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2202 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2203 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2204 pTrustee->ptstrName = (LPSTR)pObjName;
2205}
TRUSTEE_IS_OBJECTS_AND_NAME
@ TRUSTEE_IS_OBJECTS_AND_NAME
Definition: accctrl.h:193
Name
struct NameRec_ * Name
Definition: cdprocs.h:460
debugstr_a
#define debugstr_a
Definition: kernel32.h:31
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
pObjName
static POBJECTS_AND_NAME_A pObjName
Definition: security.c:77
InheritedObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR InheritedObjectTypeName
Definition: security.c:80
ObjectType
ObjectType
Definition: metafile.c:81
NameRec_
Definition: apinames.c:49
_OBJECTS_AND_NAME_A::ptstrName
LPSTR ptstrName
Definition: accctrl.h:360
_OBJECTS_AND_NAME_A::ObjectsPresent
DWORD ObjectsPresent
Definition: accctrl.h:356
_OBJECTS_AND_NAME_A::InheritedObjectTypeName
LPSTR InheritedObjectTypeName
Definition: accctrl.h:359
_OBJECTS_AND_NAME_A::ObjectType
SE_OBJECT_TYPE ObjectType
Definition: accctrl.h:357
ACE_INHERITED_OBJECT_TYPE_PRESENT
#define ACE_INHERITED_OBJECT_TYPE_PRESENT
Definition: setypes.h:806
ACE_OBJECT_TYPE_PRESENT
#define ACE_OBJECT_TYPE_PRESENT
Definition: setypes.h:805
LPSTR
char * LPSTR
Definition: xmlstorage.h:182

◆ BuildTrusteeWithObjectsAndNameW()

VOID WINAPI BuildTrusteeWithObjectsAndNameW ( PTRUSTEEW  pTrustee,
POBJECTS_AND_NAME_W  pObjName,
SE_OBJECT_TYPE  ObjectType,
LPWSTR  ObjectTypeName,
LPWSTR  InheritedObjectTypeName,
LPWSTR  Name 
)

Definition at line 2210 of file security.c.

2213{
2214 DWORD ObjectsPresent = 0;
2215
2216 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2217 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
2218
2219 /* Fill the OBJECTS_AND_NAME structure */
2220 pObjName->ObjectType = ObjectType;
2221 if (ObjectTypeName != NULL)
2222 {
2223 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2224 }
2225
2226 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2227 if (InheritedObjectTypeName != NULL)
2228 {
2229 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2230 }
2231
2232 pObjName->ObjectsPresent = ObjectsPresent;
2233 pObjName->ptstrName = Name;
2234
2235 /* Fill the TRUSTEE structure */
2236 pTrustee->pMultipleTrustee = NULL;
2237 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2238 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2239 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2240 pTrustee->ptstrName = (LPWSTR)pObjName;
2241}
debugstr_w
#define debugstr_w
Definition: kernel32.h:32

◆ BuildTrusteeWithObjectsAndSidA()

VOID WINAPI BuildTrusteeWithObjectsAndSidA ( PTRUSTEEA  pTrustee,
POBJECTS_AND_SID  pObjSid,
GUID pObjectGuid,
GUID pInheritedObjectGuid,
PSID  pSid 
)

Definition at line 2247 of file security.c.

2252{
2253 DWORD ObjectsPresent = 0;
2254
2255 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2256
2257 /* Fill the OBJECTS_AND_SID structure */
2258 if (pObjectGuid != NULL)
2259 {
2260 pObjSid->ObjectTypeGuid = *pObjectGuid;
2261 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2262 }
2263 else
2264 {
2265 ZeroMemory(&pObjSid->ObjectTypeGuid,
2266 sizeof(GUID));
2267 }
2268
2269 if (pInheritedObjectGuid != NULL)
2270 {
2271 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2272 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2273 }
2274 else
2275 {
2276 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2277 sizeof(GUID));
2278 }
2279
2280 pObjSid->ObjectsPresent = ObjectsPresent;
2281 pObjSid->pSid = pSid;
2282
2283 /* Fill the TRUSTEE structure */
2284 pTrustee->pMultipleTrustee = NULL;
2285 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2286 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2287 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2288 pTrustee->ptstrName = (LPSTR) pObjSid;
2289}
TRUSTEE_IS_OBJECTS_AND_SID
@ TRUSTEE_IS_OBJECTS_AND_SID
Definition: accctrl.h:192
pObjSid
static POBJECTS_AND_SID pObjSid
Definition: security.c:83
pObjectGuid
static POBJECTS_AND_SID GUID * pObjectGuid
Definition: security.c:84
pInheritedObjectGuid
static POBJECTS_AND_SID GUID GUID * pInheritedObjectGuid
Definition: security.c:85
_OBJECTS_AND_SID::InheritedObjectTypeGuid
GUID InheritedObjectTypeGuid
Definition: accctrl.h:350
_OBJECTS_AND_SID::pSid
SID * pSid
Definition: accctrl.h:351
_OBJECTS_AND_SID::ObjectTypeGuid
GUID ObjectTypeGuid
Definition: accctrl.h:349
_OBJECTS_AND_SID::ObjectsPresent
DWORD ObjectsPresent
Definition: accctrl.h:348
ZeroMemory
#define ZeroMemory
Definition: winbase.h:1700

◆ BuildTrusteeWithObjectsAndSidW()

VOID WINAPI BuildTrusteeWithObjectsAndSidW ( PTRUSTEEW  pTrustee,
POBJECTS_AND_SID  pObjSid,
GUID pObjectGuid,
GUID pInheritedObjectGuid,
PSID  pSid 
)

Definition at line 2296 of file security.c.

2301{
2302 DWORD ObjectsPresent = 0;
2303
2304 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2305
2306 /* Fill the OBJECTS_AND_SID structure */
2307 if (pObjectGuid != NULL)
2308 {
2309 pObjSid->ObjectTypeGuid = *pObjectGuid;
2310 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2311 }
2312 else
2313 {
2314 ZeroMemory(&pObjSid->ObjectTypeGuid,
2315 sizeof(GUID));
2316 }
2317
2318 if (pInheritedObjectGuid != NULL)
2319 {
2320 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2321 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2322 }
2323 else
2324 {
2325 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2326 sizeof(GUID));
2327 }
2328
2329 pObjSid->ObjectsPresent = ObjectsPresent;
2330 pObjSid->pSid = pSid;
2331
2332 /* Fill the TRUSTEE structure */
2333 pTrustee->pMultipleTrustee = NULL;
2334 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2335 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2336 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2337 pTrustee->ptstrName = (LPWSTR) pObjSid;
2338}

◆ BuildTrusteeWithSidA()

VOID WINAPI BuildTrusteeWithSidA ( PTRUSTEE_A  pTrustee,
PSID  pSid 
)

Definition at line 2344 of file security.c.

2346{
2347 TRACE("%p %p\n", pTrustee, pSid);
2348
2349 pTrustee->pMultipleTrustee = NULL;
2350 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2351 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2352 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2353 pTrustee->ptstrName = (LPSTR) pSid;
2354}
TRUSTEE_IS_SID
@ TRUSTEE_IS_SID
Definition: accctrl.h:189

◆ BuildTrusteeWithSidW()

VOID WINAPI BuildTrusteeWithSidW ( PTRUSTEE_W  pTrustee,
PSID  pSid 
)

Definition at line 2361 of file security.c.

2363{
2364 TRACE("%p %p\n", pTrustee, pSid);
2365
2366 pTrustee->pMultipleTrustee = NULL;
2367 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2368 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2369 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2370 pTrustee->ptstrName = (LPWSTR) pSid;
2371}

◆ ComputeStringSidSize()

static DWORD ComputeStringSidSize ( LPCWSTR  StringSid)
static

Definition at line 3936 of file security.c.

3937{
3938 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
3939 {
3940 int ctok = 0;
3941 while (*StringSid)
3942 {
3943 if (*StringSid == '-')
3944 ctok++;
3945 StringSid++;
3946 }
3947
3948 if (ctok >= 3)
3949 return GetSidLengthRequired(ctok - 2);
3950 }
3951 else /* String constant format - Only available in winxp and above */
3952 {
3953 unsigned int i;
3954
3955 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3956 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3957 return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
3958
3959 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3960 if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3961 {
3962 MAX_SID local;
3963 ADVAPI_GetComputerSid(&local);
3964 return GetSidLengthRequired(*GetSidSubAuthorityCount(&local) + 1);
3965 }
3966
3967 }
3968
3969 return GetSidLengthRequired(0);
3970}
WellKnownRids
static const WELLKNOWNRID WellKnownRids[]
Definition: security.c:111
GetSidLengthRequired
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:854
GetSidSubAuthorityCount
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:910
WellKnownSids
static const WELLKNOWNSID WellKnownSids[]
Definition: security.c:47
ADVAPI_GetComputerSid
BOOL ADVAPI_GetComputerSid(PSID sid)
Definition: security.c:275
local
#define local
Definition: zutil.h:30
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
strncmpW
#define strncmpW(s1, s2, n)
Definition: unicode.h:36
_MAX_SID
Definition: security.c:32
_SID::SubAuthorityCount
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200

Referenced by ParseStringSidToSid().

◆ ConvertSecurityDescriptorToStringSecurityDescriptorA()

BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  SDRevision,
SECURITY_INFORMATION  Information,
LPSTR OutputString,
PULONG  OutputLen 
)

Definition at line 3501 of file security.c.

3502{
3503 LPWSTR wstr;
3504 ULONG len;
3505 if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
3506 {
3507 int lenA;
3508
3509 lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
3510 *OutputString = heap_alloc(lenA);
3511#ifdef __REACTOS__
3512 if (*OutputString == NULL)
3513 {
3514 LocalFree(wstr);
3515 *OutputLen = 0;
3516 return FALSE;
3517 }
3518#endif
3519 WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
3520 LocalFree(wstr);
3521
3522 if (OutputLen != NULL)
3523 *OutputLen = lenA;
3524 return TRUE;
3525 }
3526 else
3527 {
3528 *OutputString = NULL;
3529 if (OutputLen)
3530 *OutputLen = 0;
3531 return FALSE;
3532 }
3533}
ConvertSecurityDescriptorToStringSecurityDescriptorW
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
Definition: security.c:3437
CP_ACP
#define CP_ACP
Definition: compat.h:109
WideCharToMultiByte
#define WideCharToMultiByte
Definition: compat.h:111
len
GLenum GLsizei len
Definition: glext.h:6722
LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
ULONG
uint32_t ULONG
Definition: typedefs.h:59
Information
_In_ WDFREQUEST _In_ NTSTATUS _In_ ULONG_PTR Information
Definition: wdfrequest.h:1049
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191

◆ ConvertSecurityDescriptorToStringSecurityDescriptorW()

BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  SDRevision,
SECURITY_INFORMATION  RequestedInformation,
LPWSTR OutputString,
PULONG  OutputLen 
)

Definition at line 3437 of file security.c.

3438{
3439 ULONG len;
3440 WCHAR *wptr, *wstr;
3441
3442 if (SDRevision != SDDL_REVISION_1)
3443 {
3444 ERR("Program requested unknown SDDL revision %d\n", SDRevision);
3445 SetLastError(ERROR_UNKNOWN_REVISION);
3446 return FALSE;
3447 }
3448
3449 len = 0;
3450 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3451 if (!DumpOwner(SecurityDescriptor, NULL, &len))
3452 return FALSE;
3453 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3454 if (!DumpGroup(SecurityDescriptor, NULL, &len))
3455 return FALSE;
3456 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3457 if (!DumpDacl(SecurityDescriptor, NULL, &len))
3458 return FALSE;
3459 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3460 if (!DumpSacl(SecurityDescriptor, NULL, &len))
3461 return FALSE;
3462
3463 wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
3464#ifdef __REACTOS__
3465 if (wstr == NULL)
3466 return FALSE;
3467#endif
3468
3469 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3470 if (!DumpOwner(SecurityDescriptor, &wptr, NULL)) {
3471 LocalFree (wstr);
3472 return FALSE;
3473 }
3474 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3475 if (!DumpGroup(SecurityDescriptor, &wptr, NULL)) {
3476 LocalFree (wstr);
3477 return FALSE;
3478 }
3479 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3480 if (!DumpDacl(SecurityDescriptor, &wptr, NULL)) {
3481 LocalFree (wstr);
3482 return FALSE;
3483 }
3484 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3485 if (!DumpSacl(SecurityDescriptor, &wptr, NULL)) {
3486 LocalFree (wstr);
3487 return FALSE;
3488 }
3489 *wptr = 0;
3490
3491 TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
3492 *OutputString = wstr;
3493 if (OutputLen)
3494 *OutputLen = strlenW(*OutputString)+1;
3495 return TRUE;
3496}
ERR
#define ERR(fmt,...)
Definition: debug.h:110
DumpSacl
static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3411
DumpGroup
static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3370
DumpOwner
static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3352
DumpDacl
static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3388
LocalAlloc
HLOCAL NTAPI LocalAlloc(UINT uFlags, SIZE_T dwBytes)
Definition: heapmem.c:1390
wine_dbgstr_w
#define wine_dbgstr_w
Definition: kernel32.h:34
strlenW
#define strlenW(s)
Definition: unicode.h:28
SDDL_REVISION_1
#define SDDL_REVISION_1
Definition: sddl.h:30
ERROR_UNKNOWN_REVISION
#define ERROR_UNKNOWN_REVISION
Definition: winerror.h:787
DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorA().

◆ ConvertSidToStringSidA()

BOOL WINAPI ConvertSidToStringSidA ( PSID  Sid,
LPSTR StringSid 
)

Definition at line 3639 of file security.c.

3641{
3642 LPWSTR StringSidW;
3643 int Len;
3644
3645 if (!ConvertSidToStringSidW(Sid, &StringSidW))
3646 {
3647 return FALSE;
3648 }
3649
3650 Len = WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, NULL, 0, NULL, NULL);
3651 if (Len <= 0)
3652 {
3653 LocalFree(StringSidW);
3654 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3655 return FALSE;
3656 }
3657
3658 *StringSid = LocalAlloc(LMEM_FIXED, Len);
3659 if (NULL == *StringSid)
3660 {
3661 LocalFree(StringSidW);
3662 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3663 return FALSE;
3664 }
3665
3666 if (!WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, *StringSid, Len, NULL, NULL))
3667 {
3668 LocalFree(StringSid);
3669 LocalFree(StringSidW);
3670 return FALSE;
3671 }
3672
3673 LocalFree(StringSidW);
3674
3675 return TRUE;
3676}
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
Len
#define Len
Definition: deflate.h:82
ConvertSidToStringSidW
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3585
LMEM_FIXED
#define LMEM_FIXED
Definition: winbase.h:368

Referenced by debugstr_sid(), get_user_sid(), map_name_2_sid(), test_CreateWellKnownSid(), test_LookupAccountSid(), test_lsa(), test_sid(), test_sid_str(), test_token_attr(), and test_token_label().

◆ ConvertSidToStringSidW()

BOOL WINAPI ConvertSidToStringSidW ( PSID  Sid,
LPWSTR StringSid 
)

Definition at line 3585 of file security.c.

3587{
3588 NTSTATUS Status;
3589 UNICODE_STRING UnicodeString;
3590 WCHAR FixedBuffer[64];
3591
3592 if (!RtlValidSid(Sid))
3593 {
3594 SetLastError(ERROR_INVALID_SID);
3595 return FALSE;
3596 }
3597
3598 UnicodeString.Length = 0;
3599 UnicodeString.MaximumLength = sizeof(FixedBuffer);
3600 UnicodeString.Buffer = FixedBuffer;
3601 Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, FALSE);
3602 if (STATUS_BUFFER_TOO_SMALL == Status)
3603 {
3604 Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, TRUE);
3605 }
3606
3607 if (!NT_SUCCESS(Status))
3608 {
3609 SetLastError(RtlNtStatusToDosError(Status));
3610 return FALSE;
3611 }
3612
3613 *StringSid = LocalAlloc(LMEM_FIXED, UnicodeString.Length + sizeof(WCHAR));
3614 if (NULL == *StringSid)
3615 {
3616 if (UnicodeString.Buffer != FixedBuffer)
3617 {
3618 RtlFreeUnicodeString(&UnicodeString);
3619 }
3620 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3621 return FALSE;
3622 }
3623
3624 MoveMemory(*StringSid, UnicodeString.Buffer, UnicodeString.Length);
3625 ZeroMemory((PCHAR) *StringSid + UnicodeString.Length, sizeof(WCHAR));
3626 if (UnicodeString.Buffer != FixedBuffer)
3627 {
3628 RtlFreeUnicodeString(&UnicodeString);
3629 }
3630
3631 return TRUE;
3632}
RtlValidSid
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
RtlConvertSidToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_UNICODE_STRING
Definition: env_spec_w32.h:368
PCHAR
char * PCHAR
Definition: typedefs.h:51
MoveMemory
#define MoveMemory
Definition: winbase.h:1697
ERROR_INVALID_SID
#define ERROR_INVALID_SID
Definition: winerror.h:819

Referenced by _GetUserSidStringFromToken(), AddUserProfiles(), ConvertSidToStringSidA(), CreateUserProfileExW(), get_user_sid(), GetEventUserName(), GetPrincipalDisplayString(), LsapGetDomainInfo(), LsapLookupAccountDomainSids(), LsapLookupBuiltinDomainSids(), LsapLookupWellKnownSids(), MsiSourceListAddSourceW(), RecycleBin5_Constructor(), SampAddMemberToAlias(), SampRemoveMemberFromAlias(), SampRemoveMemberFromAllAliases(), SampSetupAddMemberToAlias(), set_user_sid_prop(), START_TEST(), UpdatePrincipalInfo(), WhoamiGroups(), WhoamiLogonId(), and WhoamiUser().

◆ ConvertStringSecurityDescriptorToSecurityDescriptorA()

BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA ( LPCSTR  StringSecurityDescriptor,
DWORD  StringSDRevision,
PSECURITY_DESCRIPTOR SecurityDescriptor,
PULONG  SecurityDescriptorSize 
)

Definition at line 3034 of file security.c.

3038{
3039 UINT len;
3040 BOOL ret = FALSE;
3041 LPWSTR StringSecurityDescriptorW;
3042
3043 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
3044 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
3045
3046 if (StringSecurityDescriptorW)
3047 {
3048 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
3049
3050 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
3051 StringSDRevision, SecurityDescriptor,
3052 SecurityDescriptorSize);
3053 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
3054 }
3055
3056 return ret;
3057}
ConvertStringSecurityDescriptorToSecurityDescriptorW
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:3064
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:736
HeapAlloc
#define HeapAlloc
Definition: compat.h:733
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:735
MultiByteToWideChar
#define MultiByteToWideChar
Definition: compat.h:110
UINT
unsigned int UINT
Definition: ndis.h:50
ret
int ret
Definition: wcstombs-tests.c:31

Referenced by test_profile_directory_readonly().

◆ ConvertStringSecurityDescriptorToSecurityDescriptorW()

BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW ( LPCWSTR  StringSecurityDescriptor,
DWORD  StringSDRevision,
PSECURITY_DESCRIPTOR SecurityDescriptor,
PULONG  SecurityDescriptorSize 
)

Definition at line 3064 of file security.c.

3068{
3069 DWORD cBytes;
3070 SECURITY_DESCRIPTOR* psd;
3071 BOOL bret = FALSE;
3072
3073 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
3074
3075 if (GetVersion() & 0x80000000)
3076 {
3077 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3078 goto lend;
3079 }
3080 else if (!StringSecurityDescriptor || !SecurityDescriptor)
3081 {
3082 SetLastError(ERROR_INVALID_PARAMETER);
3083 goto lend;
3084 }
3085 else if (StringSDRevision != SID_REVISION)
3086 {
3087 SetLastError(ERROR_UNKNOWN_REVISION);
3088 goto lend;
3089 }
3090
3091 /* Compute security descriptor length */
3092 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3093 NULL, &cBytes))
3094 goto lend;
3095
3096 psd = *SecurityDescriptor = LocalAlloc(GMEM_ZEROINIT, cBytes);
3097 if (!psd) goto lend;
3098
3099 psd->Revision = SID_REVISION;
3100 psd->Control |= SE_SELF_RELATIVE;
3101
3102 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3103 (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
3104 {
3105 LocalFree(psd);
3106 goto lend;
3107 }
3108
3109 if (SecurityDescriptorSize)
3110 *SecurityDescriptorSize = cBytes;
3111
3112 bret = TRUE;
3113
3114lend:
3115 TRACE(" ret=%d\n", bret);
3116 return bret;
3117}
ParseStringSecurityDescriptorToSecurityDescriptor
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
Definition: security.c:2886
ERROR_CALL_NOT_IMPLEMENTED
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
GetVersion
DWORD WINAPI GetVersion()
Definition: redirtest.c:5
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:836
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
_SECURITY_DESCRIPTOR::Revision
UCHAR Revision
Definition: ms-dtyp.idl:302
_SECURITY_DESCRIPTOR::Control
USHORT Control
Definition: ms-dtyp.idl:304
GMEM_ZEROINIT
#define GMEM_ZEROINIT
Definition: winbase.h:306
SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:834

Referenced by ConvertStringSecurityDescriptorToSecurityDescriptorA(), InstallOneService(), registry_callback(), and SetupQueueCopyIndirectW().

◆ ConvertStringSidToSidA()

BOOL WINAPI ConvertStringSidToSidA ( LPCSTR  StringSid,
PSID Sid 
)

Definition at line 3562 of file security.c.

3563{
3564 BOOL bret = FALSE;
3565
3566 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
3567 if (GetVersion() & 0x80000000)
3568 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3569 else if (!StringSid || !Sid)
3570 SetLastError(ERROR_INVALID_PARAMETER);
3571 else
3572 {
3573 WCHAR *wStringSid = SERV_dup(StringSid);
3574 bret = ConvertStringSidToSidW(wStringSid, Sid);
3575 heap_free(wStringSid);
3576 }
3577 return bret;
3578}
ConvertStringSidToSidW
BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID *Sid)
Definition: security.c:3538
SERV_dup
static LPWSTR SERV_dup(LPCSTR str)
Definition: security.c:235

Referenced by test_LsaLookupSids().

◆ ConvertStringSidToSidW()

BOOL WINAPI ConvertStringSidToSidW ( LPCWSTR  StringSid,
PSID Sid 
)

Definition at line 3538 of file security.c.

3539{
3540 BOOL bret = FALSE;
3541 DWORD cBytes;
3542
3543 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
3544 if (GetVersion() & 0x80000000)
3545 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3546 else if (!StringSid || !Sid)
3547 SetLastError(ERROR_INVALID_PARAMETER);
3548 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
3549 {
3550 PSID pSid = *Sid = LocalAlloc(0, cBytes);
3551
3552 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
3553 if (!bret)
3554 LocalFree(*Sid);
3555 }
3556 return bret;
3557}
ParseStringSidToSid
static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
Definition: security.c:3975
_SID
Definition: ms-dtyp.idl:198

Referenced by ConvertStringSidToSidA(), and fill_sid().

◆ CopySid()

BOOL WINAPI CopySid ( DWORD  nDestinationSidLength,
PSID  pDestinationSid,
PSID  pSourceSid 
)

Definition at line 714 of file security.c.

715{
716 return set_ntstatus(RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid));
717}
RtlCopySid
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)

Referenced by AccpLookupSidByName(), AccRewriteGetExplicitEntriesFromAcl(), AddPrincipalToList(), AuthzGetInformationFromContext(), AuthzInitializeContextFromSid(), BuildDefaultPrincipalAce(), CachedGetUserFromSid(), CacheLookupResults(), GetUserSid(), LookupAccountNameW(), QueueSidLookup(), ReloadPrincipalsList(), and test_LookupAccountSid().

◆ CreateProcessWithLogonW()

BOOL WINAPI CreateProcessWithLogonW ( _In_ LPCWSTR  lpUsername,
_In_opt_ LPCWSTR  lpDomain,
_In_ LPCWSTR  lpPassword,
_In_ DWORD  dwLogonFlags,
_In_opt_ LPCWSTR  lpApplicationName,
_Inout_opt_ LPWSTR  lpCommandLine,
_In_ DWORD  dwCreationFlags,
_In_opt_ LPVOID  lpEnvironment,
_In_opt_ LPCWSTR  lpCurrentDirectory,
_In_ LPSTARTUPINFOW  lpStartupInfo,
_Out_ LPPROCESS_INFORMATION  lpProcessInformation 
)

Definition at line 3730 of file security.c.

3742{
3743 LPWSTR pszStringBinding = NULL;
3744 handle_t hBinding = NULL;
3745 SECL_REQUEST Request;
3746 SECL_RESPONSE Response;
3747 RPC_STATUS Status;
3748
3749 TRACE("CreateProcessWithLogonW(%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p)\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
3750 debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
3751 debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
3752 lpStartupInfo, lpProcessInformation);
3753
3754 Status = RpcStringBindingComposeW(NULL,
3755 L"ncacn_np",
3756 NULL,
3757 L"\\pipe\\seclogon",
3758 NULL,
3759 &pszStringBinding);
3760 if (Status != RPC_S_OK)
3761 {
3762 WARN("RpcStringBindingCompose returned 0x%x\n", Status);
3763 SetLastError(Status);
3764 return FALSE;
3765 }
3766
3767 /* Set the binding handle that will be used to bind to the server. */
3768 Status = RpcBindingFromStringBindingW(pszStringBinding,
3769 &hBinding);
3770 if (Status != RPC_S_OK)
3771 {
3772 WARN("RpcBindingFromStringBinding returned 0x%x\n", Status);
3773 }
3774
3775 Status = RpcStringFreeW(&pszStringBinding);
3776 if (Status != RPC_S_OK)
3777 {
3778 WARN("RpcStringFree returned 0x%x\n", Status);
3779 }
3780
3781 Request.Username = (LPWSTR)lpUsername;
3782 Request.Domain = (LPWSTR)lpDomain;
3783 Request.Password = (LPWSTR)lpPassword;
3784 Request.ApplicationName = (LPWSTR)lpApplicationName;
3785 Request.CommandLine = (LPWSTR)lpCommandLine;
3786 Request.CurrentDirectory = (LPWSTR)lpCurrentDirectory;
3787
3788 if (dwCreationFlags & CREATE_UNICODE_ENVIRONMENT)
3789 Request.dwEnvironmentSize = GetUnicodeEnvironmentSize(lpEnvironment);
3790 else
3791 Request.dwEnvironmentSize = GetAnsiEnvironmentSize(lpEnvironment);
3792 Request.Environment = lpEnvironment;
3793
3794 TRACE("Request.dwEnvironmentSize %lu\n", Request.dwEnvironmentSize);
3795 TRACE("Request.Environment %p\n", Request.Environment);
3796
3797 Request.dwLogonFlags = dwLogonFlags;
3798 Request.dwCreationFlags = dwCreationFlags;
3799
3800 Request.dwProcessId = GetCurrentProcessId();
3801 TRACE("Request.dwProcessId %lu\n", Request.dwProcessId);
3802
3803 Response.hProcess = 0;
3804 Response.hThread = 0;
3805 Response.dwProcessId = 0;
3806 Response.dwThreadId = 0;
3807 Response.dwError = ERROR_SUCCESS;
3808
3809 RpcTryExcept
3810 {
3811 SeclCreateProcessWithLogonW(hBinding, &Request, &Response);
3812 }
3813 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
3814 {
3815 WARN("Exception: %lx\n", RpcExceptionCode());
3816 }
3817 RpcEndExcept;
3818
3819 if (hBinding)
3820 {
3821 Status = RpcBindingFree(&hBinding);
3822 if (Status != RPC_S_OK)
3823 {
3824 WARN("RpcBindingFree returned 0x%x\n", Status);
3825 }
3826
3827 hBinding = NULL;
3828 }
3829
3830 TRACE("Response.hProcess %p\n", Response.hProcess);
3831 TRACE("Response.hThread %p\n", Response.hThread);
3832 TRACE("Response.dwProcessId %lu\n", Response.dwProcessId);
3833 TRACE("Response.dwThreadId %lu\n", Response.dwThreadId);
3834 TRACE("Response.dwError %lu\n", Response.dwError);
3835 if (Response.dwError != ERROR_SUCCESS)
3836 SetLastError(Response.dwError);
3837
3838 TRACE("CreateProcessWithLogonW() done\n");
3839
3840 return (Response.dwError == ERROR_SUCCESS);
3841}
SeclCreateProcessWithLogonW
VOID __stdcall SeclCreateProcessWithLogonW(_In_ handle_t hBinding, _In_ SECL_REQUEST *pRequest, _Out_ SECL_RESPONSE *pResponse)
Definition: rpcserver.c:57
WARN
#define WARN(fmt,...)
Definition: debug.h:112
hBinding
handle_t hBinding
Definition: ctx_c.c:54
GetAnsiEnvironmentSize
static DWORD GetAnsiEnvironmentSize(PVOID pEnvironment)
Definition: security.c:3704
GetUnicodeEnvironmentSize
static DWORD GetUnicodeEnvironmentSize(PVOID pEnvironment)
Definition: security.c:3681
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
L
#define L(x)
Definition: ntvdm.h:50
RpcBindingFromStringBindingW
RPC_STATUS WINAPI RpcBindingFromStringBindingW(RPC_WSTR StringBinding, RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:880
RpcStringBindingComposeW
RPC_STATUS WINAPI RpcStringBindingComposeW(RPC_WSTR ObjUuid, RPC_WSTR Protseq, RPC_WSTR NetworkAddr, RPC_WSTR Endpoint, RPC_WSTR Options, RPC_WSTR *StringBinding)
Definition: rpc_binding.c:510
RpcBindingFree
RPC_STATUS WINAPI RpcBindingFree(RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:787
RPC_S_OK
#define RPC_S_OK
Definition: rpcnterr.h:22
RpcStringFreeW
RPC_STATUS WINAPI RpcStringFreeW(RPC_WSTR *String)
Definition: rpcrt4_main.c:175
RpcEndExcept
#define RpcEndExcept
Definition: rpc.h:128
RpcTryExcept
#define RpcTryExcept
Definition: rpc.h:126
RpcExcept
#define RpcExcept(expr)
Definition: rpc.h:127
RPC_STATUS
long RPC_STATUS
Definition: rpc.h:52
RpcExceptionCode
#define RpcExceptionCode()
Definition: rpc.h:132
Response
Definition: ncftp.h:89
_SECL_REQUEST
Definition: seclogon.idl:8
_SECL_RESPONSE
Definition: seclogon.idl:23
Request
_In_ WDFREQUEST Request
Definition: wdfdevice.h:547
CREATE_UNICODE_ENVIRONMENT
#define CREATE_UNICODE_ENVIRONMENT
Definition: winbase.h:186
GetCurrentProcessId
DWORD WINAPI GetCurrentProcessId(void)
Definition: proc.c:1158

Referenced by wmain().

◆ CreateProcessWithTokenW()

BOOL WINAPI CreateProcessWithTokenW ( HANDLE  token,
DWORD  logon_flags,
LPCWSTR  application_name,
LPWSTR  command_line,
DWORD  creation_flags,
void environment,
LPCWSTR  current_directory,
STARTUPINFOW startup_info,
PROCESS_INFORMATION process_information 
)

Definition at line 3843 of file security.c.

3846{
3847 FIXME("%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n", token,
3848 logon_flags, debugstr_w(application_name), debugstr_w(command_line),
3849 creation_flags, environment, debugstr_w(current_directory),
3850 startup_info, process_information);
3851
3852 /* FIXME: check if handles should be inherited */
3853 return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
3854 current_directory, startup_info, process_information );
3855}
FIXME
#define FIXME(fmt,...)
Definition: debug.h:111
CreateProcessW
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
Definition: proc.c:4592
token
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210

◆ CreateRestrictedToken()

BOOL WINAPI CreateRestrictedToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ DWORD  Flags,
_In_ DWORD  DisableSidCount,
_In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES  SidsToDisable,
_In_ DWORD  DeletePrivilegeCount,
_In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES  PrivilegesToDelete,
_In_ DWORD  RestrictedSidCount,
_In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES  SidsToRestrict,
_Outptr_ PHANDLE  NewTokenHandle 
)

Creates a filtered token that is a restricted one of the regular access token. A restricted token can have disabled SIDs, deleted privileges and/or restricted SIDs added.

Parameters
[in]ExistingTokenHandleAn existing handle to a token where it's to be filtered.
[in]FlagsPrivilege flag options. This parameter argument influences how the token is filtered. Such parameter can be 0.
[in]DisableSidCountThe count number of SIDs to disable.
[in]SidsToDisableAn array list with SIDs that have to be disabled in a token.
[in]DeletePrivilegeCountThe count number of privileges to be deleted.
[in]PrivilegesToDeleteAn array list with privileges that have to be deleted in a token.
[in]RestrictedSidCountThe count number of restricted SIDs.
[in]SidsToRestrictAn array list with restricted SIDs to be added into the token. If the token already has restricted SIDs then the array provided by the caller is redundant information alongside with the existing restricted SIDs in the token.
[out]NewTokenHandleThe newly received handle to a restricted (filtered) token. The caller can use such handle to duplicate a new token.
Returns
Returns TRUE if the function has successfully completed the operations, otherwise FALSE is returned to indicate failure. For further details the caller has to invoke GetLastError() API call for extended information about the failure.

Definition at line 535 of file security.c.

545{
546 NTSTATUS Status;
547 BOOL Success;
548 ULONG Index;
549 PTOKEN_GROUPS DisableSids = NULL;
550 PTOKEN_GROUPS RestrictedSids = NULL;
551 PTOKEN_PRIVILEGES DeletePrivileges = NULL;
552
553 /*
554 * Capture the elements we're being given from
555 * the caller and allocate the groups and/or
556 * privileges that have to be filtered in
557 * the token.
558 */
559 if (SidsToDisable != NULL)
560 {
561 DisableSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, DisableSidCount * sizeof(TOKEN_GROUPS));
562 if (DisableSids == NULL)
563 {
564 /* We failed, bail out */
565 SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
566 return FALSE;
567 }
568
569 /* Copy the counter and loop the elements to copy the rest */
570 DisableSids->GroupCount = DisableSidCount;
571 for (Index = 0; Index < DisableSidCount; Index++)
572 {
573 DisableSids->Groups[Index].Sid = SidsToDisable[Index].Sid;
574 DisableSids->Groups[Index].Attributes = SidsToDisable[Index].Attributes;
575 }
576 }
577
578 if (PrivilegesToDelete != NULL)
579 {
580 DeletePrivileges = (PTOKEN_PRIVILEGES)LocalAlloc(LMEM_FIXED, DeletePrivilegeCount * sizeof(TOKEN_PRIVILEGES));
581 if (DeletePrivileges == NULL)
582 {
583 /* We failed, bail out */
584 SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
585 Success = FALSE;
586 goto Cleanup;
587 }
588
589 /* Copy the counter and loop the elements to copy the rest */
590 DeletePrivileges->PrivilegeCount = DeletePrivilegeCount;
591 for (Index = 0; Index < DeletePrivilegeCount; Index++)
592 {
593 DeletePrivileges->Privileges[Index].Luid = PrivilegesToDelete[Index].Luid;
594 DeletePrivileges->Privileges[Index].Attributes = PrivilegesToDelete[Index].Attributes;
595 }
596 }
597
598 if (SidsToRestrict != NULL)
599 {
600 RestrictedSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, RestrictedSidCount * sizeof(TOKEN_GROUPS));
601 if (RestrictedSids == NULL)
602 {
603 /* We failed, bail out */
604 SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
605 Success = FALSE;
606 goto Cleanup;
607 }
608
609 /* Copy the counter and loop the elements to copy the rest */
610 RestrictedSids->GroupCount = RestrictedSidCount;
611 for (Index = 0; Index < RestrictedSidCount; Index++)
612 {
613 RestrictedSids->Groups[Index].Sid = SidsToRestrict[Index].Sid;
614 RestrictedSids->Groups[Index].Attributes = SidsToRestrict[Index].Attributes;
615 }
616 }
617
618 /*
619 * Call the NT API to request a token filtering
620 * operation for us.
621 */
622 Status = NtFilterToken(ExistingTokenHandle,
623 Flags,
624 DisableSids,
625 DeletePrivileges,
626 RestrictedSids,
627 NewTokenHandle);
628 if (!NT_SUCCESS(Status))
629 {
630 /* We failed to do the job, bail out */
631 SetLastError(RtlNtStatusToDosError(Status));
632 Success = FALSE;
633 goto Cleanup;
634 }
635
636 /* If we reach here then we've successfully filtered the token */
637 Success = TRUE;
638
639Cleanup:
640 /* Free whatever we allocated before */
641 if (DisableSids != NULL)
642 {
643 LocalFree(DisableSids);
644 }
645
646 if (DeletePrivileges != NULL)
647 {
648 LocalFree(DeletePrivileges);
649 }
650
651 if (RestrictedSids != NULL)
652 {
653 LocalFree(RestrictedSids);
654 }
655
656 return Success;
657}
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
Success
@ Success
Definition: eventcreate.c:712
NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:412
_LUID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:75
_LUID_AND_ATTRIBUTES::Luid
LUID Luid
Definition: setypes.h:74
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:506
_SID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:508
_TOKEN_GROUPS
Definition: setypes.h:1013
_TOKEN_GROUPS::Groups
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1018
_TOKEN_GROUPS::GroupCount
$ULONG GroupCount
Definition: setypes.h:1014
_TOKEN_PRIVILEGES
Definition: setypes.h:1022
_TOKEN_PRIVILEGES::PrivilegeCount
$ULONG PrivilegeCount
Definition: setypes.h:1023
_TOKEN_PRIVILEGES::Privileges
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:1024
NtFilterToken
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
Definition: tokenlif.c:2075
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
Index
_In_ WDFCOLLECTION _In_ ULONG Index
Definition: wdfcollection.h:182
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
PTOKEN_GROUPS
struct _TOKEN_GROUPS * PTOKEN_GROUPS
PTOKEN_PRIVILEGES
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES

Referenced by test_token_security_descriptor().

◆ CreateWellKnownSid()

BOOL WINAPI CreateWellKnownSid ( IN WELL_KNOWN_SID_TYPE  WellKnownSidType,
IN PSID DomainSid  OPTIONAL,
OUT PSID  pSid,
IN OUT DWORD cbSid 
)

Definition at line 724 of file security.c.

728{
729 unsigned int i;
730 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
731
732 if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
733 {
734 SetLastError(ERROR_INVALID_PARAMETER);
735 return FALSE;
736 }
737
738 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
739 if (WellKnownSids[i].Type == WellKnownSidType) {
740 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
741
742 if (*cbSid < length)
743 {
744 *cbSid = length;
745 SetLastError(ERROR_INSUFFICIENT_BUFFER);
746 return FALSE;
747 }
748 if (!pSid)
749 {
750 SetLastError(ERROR_INVALID_PARAMETER);
751 return FALSE;
752 }
753 CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
754 *cbSid = length;
755 return TRUE;
756 }
757 }
758
759 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
760 {
761 SetLastError(ERROR_INVALID_PARAMETER);
762 return FALSE;
763 }
764
765 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
766 if (WellKnownRids[i].Type == WellKnownSidType) {
767 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
768 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
769 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
770
771 if (*cbSid < output_sid_length)
772 {
773 *cbSid = output_sid_length;
774 SetLastError(ERROR_INSUFFICIENT_BUFFER);
775 return FALSE;
776 }
777 if (!pSid)
778 {
779 SetLastError(ERROR_INVALID_PARAMETER);
780 return FALSE;
781 }
782 CopyMemory(pSid, DomainSid, domain_sid_length);
783 (*GetSidSubAuthorityCount(pSid))++;
784 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
785 *cbSid = output_sid_length;
786 return TRUE;
787 }
788
789 SetLastError(ERROR_INVALID_PARAMETER);
790 return FALSE;
791}
Type
Type
Definition: Type.h:7
ERROR_INSUFFICIENT_BUFFER
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
GetSidSubAuthority
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:898
IsValidSid
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:821
debugstr_sid
static const char * debugstr_sid(PSID sid)
Definition: security.c:176
length
GLuint GLsizei GLsizei * length
Definition: glext.h:6040
_SID::Revision
BYTE Revision
Definition: ms-dtyp.idl:199
cbSid
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD cbSid
Definition: winbase.h:2733
CopyMemory
#define CopyMemory
Definition: winbase.h:1698
SID_MAX_SUB_AUTHORITIES
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:482
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181

Referenced by create_unknownsid(), get_sd(), test_SystemSecurity(), and well_known_sid().

◆ debugstr_sid()

static const char * debugstr_sid ( PSID  sid)
static

Definition at line 176 of file security.c.

177{
178 int auth = 0;
179 SID * psid = (SID *)sid;
180
181 if (psid == NULL)
182 return "(null)";
183
184 auth = psid->IdentifierAuthority.Value[5] +
185 (psid->IdentifierAuthority.Value[4] << 8) +
186 (psid->IdentifierAuthority.Value[3] << 16) +
187 (psid->IdentifierAuthority.Value[2] << 24);
188
189 switch (psid->SubAuthorityCount) {
190 case 0:
191 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
192 case 1:
193 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
194 psid->SubAuthority[0]);
195 case 2:
196 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
197 psid->SubAuthority[0], psid->SubAuthority[1]);
198 case 3:
199 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
200 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
201 case 4:
202 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
203 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
204 psid->SubAuthority[3]);
205 case 5:
206 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
207 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
208 psid->SubAuthority[3], psid->SubAuthority[4]);
209 case 6:
210 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
211 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
212 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
213 case 7:
214 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
215 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
216 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
217 psid->SubAuthority[6]);
218 case 8:
219 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
220 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
221 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
222 psid->SubAuthority[6], psid->SubAuthority[7]);
223 }
224 return "(too-big)";
225}
wine_dbg_sprintf
const char * wine_dbg_sprintf(const char *format,...)
Definition: compat.c:296
_SID_IDENTIFIER_AUTHORITY::Value
BYTE Value[6]
Definition: ms-dtyp.idl:195
_SID::SubAuthority
DWORD SubAuthority[*]
Definition: ms-dtyp.idl:202
_SID::IdentifierAuthority
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: ms-dtyp.idl:201

Referenced by check_wellknown_name(), CreateWellKnownSid(), IsWellKnownSid(), test_EqualSid(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), test_group_equal(), test_inherited_dacl(), test_owner_equal(), and test_TokenIntegrityLevel().

◆ DeleteAce()

BOOL WINAPI DeleteAce ( PACL  pAcl,
DWORD  dwAceIndex 
)

Definition at line 1168 of file security.c.

1169{
1170 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1171}
RtlDeleteAce
NTSYSAPI NTSTATUS NTAPI RtlDeleteAce(PACL Acl, ULONG AceIndex)

◆ DumpAce()

static BOOL DumpAce ( LPVOID  pace,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3262 of file security.c.

3263{
3264 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
3265 static const WCHAR openbr = '(';
3266 static const WCHAR closebr = ')';
3267 static const WCHAR semicolon = ';';
3268
3269 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
3270 {
3271 SetLastError(ERROR_INVALID_ACL);
3272 return FALSE;
3273 }
3274
3275 piace = pace;
3276 DumpString(&openbr, 1, pwptr, plen);
3277 switch (piace->Header.AceType)
3278 {
3279 case ACCESS_ALLOWED_ACE_TYPE:
3280 DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
3281 break;
3282 case ACCESS_DENIED_ACE_TYPE:
3283 DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
3284 break;
3285 case SYSTEM_AUDIT_ACE_TYPE:
3286 DumpString(SDDL_AUDIT, -1, pwptr, plen);
3287 break;
3288 case SYSTEM_ALARM_ACE_TYPE:
3289 DumpString(SDDL_ALARM, -1, pwptr, plen);
3290 break;
3291 }
3292 DumpString(&semicolon, 1, pwptr, plen);
3293
3294 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
3295 DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
3296 if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
3297 DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
3298 if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE)
3299 DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
3300 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
3301 DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
3302 if (piace->Header.AceFlags & INHERITED_ACE)
3303 DumpString(SDDL_INHERITED, -1, pwptr, plen);
3304 if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
3305 DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
3306 if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
3307 DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
3308 DumpString(&semicolon, 1, pwptr, plen);
3309 DumpRights(piace->Mask, pwptr, plen);
3310 DumpString(&semicolon, 1, pwptr, plen);
3311 /* objects not supported */
3312 DumpString(&semicolon, 1, pwptr, plen);
3313 /* objects not supported */
3314 DumpString(&semicolon, 1, pwptr, plen);
3315 if (!DumpSid((PSID)&piace->SidStart, pwptr, plen))
3316 return FALSE;
3317 DumpString(&closebr, 1, pwptr, plen);
3318 return TRUE;
3319}
SDDL_AUDIT_FAILURE
static const WCHAR SDDL_AUDIT_FAILURE[]
Definition: security.c:174
SDDL_CONTAINER_INHERIT
static const WCHAR SDDL_CONTAINER_INHERIT[]
Definition: security.c:168
SDDL_AUDIT
static const WCHAR SDDL_AUDIT[]
Definition: security.c:144
SDDL_OBJECT_INHERIT
static const WCHAR SDDL_OBJECT_INHERIT[]
Definition: security.c:169
DumpString
static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3119
DumpSid
static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3173
SDDL_ACCESS_ALLOWED
static const WCHAR SDDL_ACCESS_ALLOWED[]
Definition: security.c:138
SDDL_INHERIT_ONLY
static const WCHAR SDDL_INHERIT_ONLY[]
Definition: security.c:171
SDDL_INHERITED
static const WCHAR SDDL_INHERITED[]
Definition: security.c:172
SDDL_ACCESS_DENIED
static const WCHAR SDDL_ACCESS_DENIED[]
Definition: security.c:139
SDDL_ALARM
static const WCHAR SDDL_ALARM[]
Definition: security.c:145
SDDL_NO_PROPAGATE
static const WCHAR SDDL_NO_PROPAGATE[]
Definition: security.c:170
DumpRights
static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3223
AceType
static const ACEFLAG AceType[]
Definition: security.c:2585
SDDL_AUDIT_SUCCESS
static const WCHAR SDDL_AUDIT_SUCCESS[]
Definition: security.c:173
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
_ACCESS_ALLOWED_ACE::Header
ACE_HEADER Header
Definition: ms-dtyp.idl:216
_ACCESS_ALLOWED_ACE::SidStart
DWORD SidStart
Definition: ms-dtyp.idl:218
_ACCESS_ALLOWED_ACE::Mask
ACCESS_MASK Mask
Definition: ms-dtyp.idl:217
_ACE_HEADER
Definition: ms-dtyp.idl:209
_ACE_HEADER::AceFlags
UCHAR AceFlags
Definition: ms-dtyp.idl:211
_ACE_HEADER::AceType
UCHAR AceType
Definition: ms-dtyp.idl:210
INHERITED_ACE
#define INHERITED_ACE
Definition: ph.h:47
ERROR_INVALID_ACL
#define ERROR_INVALID_ACL
Definition: winerror.h:818
CONTAINER_INHERIT_ACE
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:747
INHERIT_ONLY_ACE
#define INHERIT_ONLY_ACE
Definition: setypes.h:749
SYSTEM_AUDIT_ACE_TYPE
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:719
ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
SYSTEM_ALARM_ACE_TYPE
#define SYSTEM_ALARM_ACE_TYPE
Definition: setypes.h:720
OBJECT_INHERIT_ACE
#define OBJECT_INHERIT_ACE
Definition: setypes.h:746
NO_PROPAGATE_INHERIT_ACE
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:748
ACCESS_DENIED_ACE_TYPE
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
FAILED_ACCESS_ACE_FLAG
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:754
SUCCESSFUL_ACCESS_ACE_FLAG
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:753

Referenced by DumpAcl().

◆ DumpAcl()

static BOOL DumpAcl ( PACL  pacl,
WCHAR **  pwptr,
ULONG plen,
BOOL  protected,
BOOL  autoInheritReq,
BOOL  autoInherited 
)
static

Definition at line 3321 of file security.c.

3322{
3323 WORD count;
3324 int i;
3325
3326 if (protected)
3327 DumpString(SDDL_PROTECTED, -1, pwptr, plen);
3328 if (autoInheritReq)
3329 DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
3330 if (autoInherited)
3331 DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
3332
3333 if (pacl == NULL)
3334 return TRUE;
3335
3336 if (!IsValidAcl(pacl))
3337 return FALSE;
3338
3339 count = pacl->AceCount;
3340 for (i = 0; i < count; i++)
3341 {
3342 LPVOID ace;
3343 if (!GetAce(pacl, i, &ace))
3344 return FALSE;
3345 if (!DumpAce(ace, pwptr, plen))
3346 return FALSE;
3347 }
3348
3349 return TRUE;
3350}
DumpAce
static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3262
GetAce
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
Definition: security.c:1188
IsValidAcl
BOOL WINAPI IsValidAcl(PACL pAcl)
Definition: security.c:1211
WORD
unsigned short WORD
Definition: ntddk_ex.h:93
count
GLuint GLuint GLsizei count
Definition: gl.h:1545
SDDL_AUTO_INHERITED
#define SDDL_AUTO_INHERITED
Definition: sddl.h:46
SDDL_AUTO_INHERIT_REQ
#define SDDL_AUTO_INHERIT_REQ
Definition: sddl.h:45
SDDL_PROTECTED
#define SDDL_PROTECTED
Definition: sddl.h:44
_ACL::AceCount
USHORT AceCount
Definition: ms-dtyp.idl:297

Referenced by DumpDacl(), and DumpSacl().

◆ DumpDacl()

static BOOL DumpDacl ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3388 of file security.c.

3389{
3390 static const WCHAR dacl[] = {'D',':',0};
3391 SECURITY_DESCRIPTOR_CONTROL control;
3392 BOOL present, defaulted;
3393 DWORD revision;
3394 PACL pacl;
3395
3396 if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
3397 return FALSE;
3398
3399 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3400 return FALSE;
3401
3402 if (!present)
3403 return TRUE;
3404
3405 DumpString(dacl, 2, pwptr, plen);
3406 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
3407 return FALSE;
3408 return TRUE;
3409}
DumpAcl
static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
Definition: security.c:3321
SECURITY_DESCRIPTOR_CONTROL
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
GetSecurityDescriptorControl
BOOL WINAPI GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
Definition: sec.c:21
GetSecurityDescriptorDacl
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
_ACL
Definition: ms-dtyp.idl:293
dacl
Definition: security.c:35
SE_DACL_PROTECTED
#define SE_DACL_PROTECTED
Definition: setypes.h:831
SE_DACL_AUTO_INHERITED
#define SE_DACL_AUTO_INHERITED
Definition: setypes.h:829
SE_DACL_AUTO_INHERIT_REQ
#define SE_DACL_AUTO_INHERIT_REQ
Definition: setypes.h:827

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpGroup()

static BOOL DumpGroup ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3370 of file security.c.

3371{
3372 static const WCHAR prefix[] = {'G',':',0};
3373 BOOL bDefaulted;
3374 PSID psid;
3375
3376 if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
3377 return FALSE;
3378
3379 if (psid == NULL)
3380 return TRUE;
3381
3382 DumpString(prefix, -1, pwptr, plen);
3383 if (!DumpSid(psid, pwptr, plen))
3384 return FALSE;
3385 return TRUE;
3386}
GetSecurityDescriptorGroup
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpOwner()

static BOOL DumpOwner ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3352 of file security.c.

3353{
3354 static const WCHAR prefix[] = {'O',':',0};
3355 BOOL bDefaulted;
3356 PSID psid;
3357
3358 if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
3359 return FALSE;
3360
3361 if (psid == NULL)
3362 return TRUE;
3363
3364 DumpString(prefix, -1, pwptr, plen);
3365 if (!DumpSid(psid, pwptr, plen))
3366 return FALSE;
3367 return TRUE;
3368}
GetSecurityDescriptorOwner
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpRights()

static void DumpRights ( DWORD  mask,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3223 of file security.c.

3224{
3225 static const WCHAR fmtW[] = {'0','x','%','x',0};
3226 WCHAR buf[15];
3227 size_t i;
3228
3229 if (mask == 0)
3230 return;
3231
3232 /* first check if the right have name */
3233 for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
3234 {
3235 if (AceRights[i].wstr == NULL)
3236 break;
3237 if (mask == AceRights[i].value)
3238 {
3239 DumpString(AceRights[i].wstr, -1, pwptr, plen);
3240 return;
3241 }
3242 }
3243
3244 /* then check if it can be built from bit names */
3245 for (i = 0; i < 32; i++)
3246 {
3247 if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
3248 {
3249 /* can't be built from bit names */
3250 sprintfW(buf, fmtW, mask);
3251 DumpString(buf, -1, pwptr, plen);
3252 return;
3253 }
3254 }
3255
3256 /* build from bit names */
3257 for (i = 0; i < 32; i++)
3258 if (mask & (1 << i))
3259 DumpString(AceRightBitNames[i], -1, pwptr, plen);
3260}
AceRights
static const ACEFLAG AceRights[]
Definition: security.c:2671
AceRightBitNames
static const LPCWSTR AceRightBitNames[32]
Definition: security.c:3188
mask
GLenum GLint GLuint mask
Definition: glext.h:6028
sprintfW
#define sprintfW
Definition: unicode.h:58
value
Definition: pdh_main.c:94

Referenced by DumpAce().

◆ DumpSacl()

static BOOL DumpSacl ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3411 of file security.c.

3412{
3413 static const WCHAR sacl[] = {'S',':',0};
3414 SECURITY_DESCRIPTOR_CONTROL control;
3415 BOOL present, defaulted;
3416 DWORD revision;
3417 PACL pacl;
3418
3419 if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
3420 return FALSE;
3421
3422 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3423 return FALSE;
3424
3425 if (!present)
3426 return TRUE;
3427
3428 DumpString(sacl, 2, pwptr, plen);
3429 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
3430 return FALSE;
3431 return TRUE;
3432}
GetSecurityDescriptorSacl
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
SE_SACL_PROTECTED
#define SE_SACL_PROTECTED
Definition: setypes.h:832
SE_SACL_AUTO_INHERITED
#define SE_SACL_AUTO_INHERITED
Definition: setypes.h:830
SE_SACL_AUTO_INHERIT_REQ
#define SE_SACL_AUTO_INHERIT_REQ
Definition: setypes.h:828

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpSid()

static BOOL DumpSid ( PSID  psid,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3173 of file security.c.

3174{
3175 size_t i;
3176 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
3177 {
3178 if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
3179 {
3180 DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
3181 return TRUE;
3182 }
3183 }
3184
3185 return DumpSidNumeric(psid, pwptr, plen);
3186}
DumpSidNumeric
static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3134
EqualSid
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:831

Referenced by DumpAce(), DumpGroup(), and DumpOwner().

◆ DumpSidNumeric()

static BOOL DumpSidNumeric ( PSID  psid,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3134 of file security.c.

3135{
3136 DWORD i;
3137 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
3138 WCHAR subauthfmt[] = { '-','%','u',0 };
3139 WCHAR buf[26];
3140 SID *pisid = psid;
3141
3142 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
3143 {
3144 SetLastError(ERROR_INVALID_SID);
3145 return FALSE;
3146 }
3147
3148 if (pisid->IdentifierAuthority.Value[0] ||
3149 pisid->IdentifierAuthority.Value[1])
3150 {
3151 FIXME("not matching MS' bugs\n");
3152 SetLastError(ERROR_INVALID_SID);
3153 return FALSE;
3154 }
3155
3156 sprintfW( buf, fmt, pisid->Revision,
3157 MAKELONG(
3158 MAKEWORD( pisid->IdentifierAuthority.Value[5],
3159 pisid->IdentifierAuthority.Value[4] ),
3160 MAKEWORD( pisid->IdentifierAuthority.Value[3],
3161 pisid->IdentifierAuthority.Value[2] )
3162 ) );
3163 DumpString(buf, -1, pwptr, plen);
3164
3165 for( i=0; i<pisid->SubAuthorityCount; i++ )
3166 {
3167 sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
3168 DumpString(buf, -1, pwptr, plen);
3169 }
3170 return TRUE;
3171}
SDDL_REVISION
#define SDDL_REVISION
Definition: sddl.h:31
fmt
Definition: dsound.c:943
MAKEWORD
#define MAKEWORD(a, b)
Definition: typedefs.h:248
MAKELONG
#define MAKELONG(a, b)
Definition: typedefs.h:249

Referenced by DumpSid().

◆ DumpString()

static void DumpString ( LPCWSTR  string,
int  cch,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3119 of file security.c.

3120{
3121 if (cch == -1)
3122 cch = strlenW(string);
3123
3124 if (plen)
3125 *plen += cch;
3126
3127 if (pwptr)
3128 {
3129 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
3130 *pwptr += cch;
3131 }
3132}
cch
static DWORD DWORD void LPSTR DWORD cch
Definition: str.c:202

Referenced by DumpAce(), DumpAcl(), DumpDacl(), DumpGroup(), DumpOwner(), DumpRights(), DumpSacl(), DumpSid(), and DumpSidNumeric().

◆ DuplicateToken()

BOOL WINAPI DuplicateToken ( IN HANDLE  ExistingTokenHandle,
IN SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel,
OUT PHANDLE  DuplicateTokenHandle 
)

Definition at line 3921 of file security.c.

3924{
3925 return DuplicateTokenEx(ExistingTokenHandle,
3926 TOKEN_IMPERSONATE | TOKEN_QUERY,
3927 NULL,
3928 ImpersonationLevel,
3929 TokenImpersonation,
3930 DuplicateTokenHandle);
3931}
DuplicateTokenEx
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3861
TokenImpersonation
@ TokenImpersonation
Definition: imports.h:274
ImpersonationLevel
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:928
TOKEN_IMPERSONATE
#define TOKEN_IMPERSONATE
Definition: setypes.h:927

Referenced by GetDuplicateToken(), test_AccessCheck(), test_CheckTokenMembership(), test_impersonation_level(), test_kernel_objects_security(), and test_token_attr().

◆ DuplicateTokenEx()

BOOL WINAPI DuplicateTokenEx ( IN HANDLE  ExistingTokenHandle,
IN DWORD  dwDesiredAccess,
IN LPSECURITY_ATTRIBUTES lpTokenAttributes  OPTIONAL,
IN SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel,
IN TOKEN_TYPE  TokenType,
OUT PHANDLE  DuplicateTokenHandle 
)

Definition at line 3861 of file security.c.

3867{
3868 OBJECT_ATTRIBUTES ObjectAttributes;
3869 NTSTATUS Status;
3870 SECURITY_QUALITY_OF_SERVICE Sqos;
3871
3872 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3873 ImpersonationLevel, TokenType, DuplicateTokenHandle);
3874
3875 Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
3876 Sqos.ImpersonationLevel = ImpersonationLevel;
3877 Sqos.ContextTrackingMode = 0;
3878 Sqos.EffectiveOnly = FALSE;
3879
3880 if (lpTokenAttributes != NULL)
3881 {
3882 InitializeObjectAttributes(&ObjectAttributes,
3883 NULL,
3884 lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0,
3885 NULL,
3886 lpTokenAttributes->lpSecurityDescriptor);
3887 }
3888 else
3889 {
3890 InitializeObjectAttributes(&ObjectAttributes,
3891 NULL,
3892 0,
3893 NULL,
3894 NULL);
3895 }
3896
3897 ObjectAttributes.SecurityQualityOfService = &Sqos;
3898
3899 Status = NtDuplicateToken(ExistingTokenHandle,
3900 dwDesiredAccess,
3901 &ObjectAttributes,
3902 FALSE,
3903 TokenType,
3904 DuplicateTokenHandle);
3905 if (!NT_SUCCESS(Status))
3906 {
3907 ERR("NtDuplicateToken failed: Status %08x\n", Status);
3908 SetLastError(RtlNtStatusToDosError(Status));
3909 return FALSE;
3910 }
3911
3912 TRACE("Returning token %p.\n", *DuplicateTokenHandle);
3913
3914 return TRUE;
3915}
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
OBJ_INHERIT
#define OBJ_INHERIT
Definition: winternl.h:225
SECURITY_QUALITY_OF_SERVICE
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
_SECURITY_QUALITY_OF_SERVICE::ContextTrackingMode
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
_SECURITY_QUALITY_OF_SERVICE::EffectiveOnly
BOOLEAN EffectiveOnly
Definition: lsa.idl:67
_SECURITY_QUALITY_OF_SERVICE::Length
DWORD Length
Definition: lsa.idl:64
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
NtDuplicateToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869

Referenced by CheckTokenMembership(), DuplicateToken(), LaunchProcess(), START_TEST(), test_CreateRestrictedToken(), test_token_security_descriptor(), and WlxStartApplication().

◆ EqualDomainSid()

BOOL WINAPI EqualDomainSid ( IN PSID  pSid1,
IN PSID  pSid2,
OUT BOOL pfEqual 
)

Definition at line 4186 of file security.c.

4189{
4190 UNIMPLEMENTED;
4191 return FALSE;
4192}
UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: debug.h:115

◆ EqualPrefixSid()

BOOL WINAPI EqualPrefixSid ( PSID  pSid1,
PSID  pSid2 
)

Definition at line 843 of file security.c.

845{
846 return RtlEqualPrefixSid (pSid1, pSid2);
847}
RtlEqualPrefixSid
NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid(PSID Sid1, PSID Sid2)

Referenced by test_process_security().

◆ EqualSid()

BOOL WINAPI EqualSid ( PSID  pSid1,
PSID  pSid2 
)

Definition at line 831 of file security.c.

833{
834 SetLastError(ERROR_SUCCESS);
835 return RtlEqualSid (pSid1, pSid2);
836}
RtlEqualSid
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)

Referenced by _test_group(), CachedGetUserFromSid(), check_wellknown_name(), CheckForGuestsAndAdmins(), DequeueSidLookup(), DumpSid(), FindSidInCache(), FindSidInPrincipalsListAddAce(), GetEventUserName(), is_token_admin(), IsNTAdmin(), IsUserAdmin(), IsWellKnownSid(), LsapSetTokenOwner(), map_nfs4ace_who(), PrintSid(), QueueSidLookup(), RunningAsSYSTEM(), test_AddMandatoryAce(), test_child_token_sd(), test_child_token_sd_medium(), test_child_token_sd_restricted(), test_CreateRestrictedToken(), test_default_dacl_owner_sid(), test_EqualSid(), test_GetExplicitEntriesFromAclW(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), test_group_equal(), test_inherited_dacl(), test_owner_equal(), test_SystemSecurity(), test_token_label(), test_token_security_descriptor(), test_TokenIntegrityLevel(), and UpdatePrincipalInfo().

◆ FindFirstFreeAce()

BOOL WINAPI FindFirstFreeAce ( PACL  pAcl,
LPVOID pAce 
)

Definition at line 1178 of file security.c.

1180{
1181 return RtlFirstFreeAce(pAcl,
1182 (PACE*)pAce);
1183}
RtlFirstFreeAce
NTSYSAPI BOOLEAN NTAPI RtlFirstFreeAce(PACL Acl, PACE *Ace)
_ACE
Definition: rtltypes.h:993

◆ FreeSid()

PVOID WINAPI FreeSid ( PSID  pSid)

Definition at line 700 of file security.c.

701{
702 return RtlFreeSid(pSid);
703}
RtlFreeSid
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), check_wellknown_name(), CheckForGuestsAndAdmins(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), GetShellSecurityDescriptor(), is_process_limited(), is_token_admin(), IsCallerInteractive(), IsNTAdmin(), IsUserAdmin(), PerfDataUninitialize(), pSetupIsUserAdmin(), SHTestTokenMembership(), START_TEST(), test_AccessCheck(), test_AddMandatoryAce(), test_CreateWellKnownSid(), test_EqualSid(), test_GetExplicitEntriesFromAclW(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_LookupAccountSid(), test_LsaLookupSids(), test_process_security(), test_reg_create_key(), test_reg_open_key(), test_SetEntriesInAclA(), test_SetEntriesInAclW(), test_sid(), and test_trustee().

◆ GetAce()

BOOL WINAPI GetAce ( PACL  pAcl,
DWORD  dwAceIndex,
LPVOID pAce 
)

Definition at line 1188 of file security.c.

1189{
1190 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1191}
RtlGetAce
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)

Referenced by AccRewriteGetExplicitEntriesFromAcl(), AccRewriteSetEntriesInAcl(), DumpAcl(), CSecurityDescriptor::GetDACLEntry(), CSecurityDescriptor::GetSACLEntry(), map_dacl_2_nfs4acl(), PrintFileDacl(), ReloadPrincipalsList(), and test_GetShellSecurityDescriptor().

◆ GetAclInformation()

BOOL WINAPI GetAclInformation ( PACL  pAcl,
LPVOID  pAclInformation,
DWORD  nAclInformationLength,
ACL_INFORMATION_CLASS  dwAclInformationClass 
)

Definition at line 1196 of file security.c.

1201{
1202 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1203 nAclInformationLength, dwAclInformationClass));
1204}
RtlQueryInformationAcl
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationAcl(PACL, LPVOID, DWORD, ACL_INFORMATION_CLASS)

Referenced by AccRewriteSetEntriesInAcl(), CSecurityDescriptor::GetDACLEntriesCount(), CSecurityDescriptor::GetSACLEntriesCount(), and test_GetShellSecurityDescriptor().

◆ GetAnsiEnvironmentSize()

static DWORD GetAnsiEnvironmentSize ( PVOID  pEnvironment)
static

Definition at line 3704 of file security.c.

3706{
3707 INT Length, TotalLength = 0;
3708 PCHAR Ptr;
3709
3710 if (pEnvironment == NULL)
3711 return 0;
3712
3713 Ptr = (PCHAR)pEnvironment;
3714 while (*Ptr != ANSI_NULL)
3715 {
3716 Length = strlen(Ptr) + 1;
3717 TotalLength += Length;
3718 Ptr = Ptr + Length;
3719 }
3720
3721 return TotalLength + 1;
3722}
strlen
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
Ptr
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
PCHAR
#define PCHAR
Definition: match.c:90
ANSI_NULL
#define ANSI_NULL
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
INT
int32_t INT
Definition: typedefs.h:58
TotalLength
_In_ ULONG TotalLength
Definition: usbdlib.h:158

Referenced by CreateProcessWithLogonW().

◆ GetFileSecurityA()

BOOL WINAPI GetFileSecurityA ( LPCSTR  lpFileName,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 1375 of file security.c.

1380{
1381 UNICODE_STRING FileName;
1382 BOOL bResult;
1383
1384 if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
1385 {
1386 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1387 return FALSE;
1388 }
1389
1390 bResult = GetFileSecurityW(FileName.Buffer,
1391 RequestedInformation,
1392 pSecurityDescriptor,
1393 nLength,
1394 lpnLengthNeeded);
1395
1396 RtlFreeUnicodeString(&FileName);
1397
1398 return bResult;
1399}
GetFileSecurityW
BOOL WINAPI GetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:1406
FileName
struct _FileName FileName
Definition: fatprocs.h:896
RtlCreateUnicodeStringFromAsciiz
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
_FileName
Definition: filecomp.c:348
lpFileName
_In_ LPCSTR lpFileName
Definition: winbase.h:3061
nLength
_In_ DWORD nLength
Definition: wincon.h:473

Referenced by test_FileSecurity().

◆ GetFileSecurityW()

BOOL WINAPI GetFileSecurityW ( LPCWSTR  lpFileName,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 1406 of file security.c.

1411{
1412 OBJECT_ATTRIBUTES ObjectAttributes;
1413 IO_STATUS_BLOCK StatusBlock;
1414 UNICODE_STRING FileName;
1415 ULONG AccessMask = 0;
1416 HANDLE FileHandle;
1417 NTSTATUS Status;
1418
1419 TRACE("GetFileSecurityW() called\n");
1420
1421 QuerySecurityAccessMask(RequestedInformation, &AccessMask);
1422
1423 if (!RtlDosPathNameToNtPathName_U(lpFileName,
1424 &FileName,
1425 NULL,
1426 NULL))
1427 {
1428 ERR("Invalid path\n");
1429 SetLastError(ERROR_INVALID_NAME);
1430 return FALSE;
1431 }
1432
1433 InitializeObjectAttributes(&ObjectAttributes,
1434 &FileName,
1435 OBJ_CASE_INSENSITIVE,
1436 NULL,
1437 NULL);
1438
1439 Status = NtOpenFile(&FileHandle,
1440 AccessMask,
1441 &ObjectAttributes,
1442 &StatusBlock,
1443 FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
1444 0);
1445
1446 RtlFreeHeap(RtlGetProcessHeap(),
1447 0,
1448 FileName.Buffer);
1449
1450 if (!NT_SUCCESS(Status))
1451 {
1452 ERR("NtOpenFile() failed (Status %lx)\n", Status);
1453 SetLastError(RtlNtStatusToDosError(Status));
1454 return FALSE;
1455 }
1456
1457 Status = NtQuerySecurityObject(FileHandle,
1458 RequestedInformation,
1459 pSecurityDescriptor,
1460 nLength,
1461 lpnLengthNeeded);
1462 NtClose(FileHandle);
1463 if (!NT_SUCCESS(Status))
1464 {
1465 ERR("NtQuerySecurityObject() failed (Status %lx)\n", Status);
1466 SetLastError(RtlNtStatusToDosError(Status));
1467 return FALSE;
1468 }
1469
1470 return TRUE;
1471}
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
FILE_SHARE_READ
#define FILE_SHARE_READ
Definition: compat.h:136
ERROR_INVALID_NAME
#define ERROR_INVALID_NAME
Definition: compat.h:103
FileHandle
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
RtlDosPathNameToNtPathName_U
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
NtOpenFile
NTSYSAPI NTSTATUS NTAPI NtOpenFile(OUT PHANDLE phFile, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG ShareMode, IN ULONG OpenMode)
Definition: file.c:3952
FILE_SHARE_WRITE
#define FILE_SHARE_WRITE
Definition: nt_native.h:681
FILE_SHARE_DELETE
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
NtQuerySecurityObject
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803
QuerySecurityAccessMask
VOID WINAPI QuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
Definition: sec.c:377
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870

Referenced by GetFileSecurityA(), and RetreiveFileSecurity().

◆ GetKernelObjectSecurity()

BOOL WINAPI GetKernelObjectSecurity ( HANDLE  Handle,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 989 of file security.c.

995{
996 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
997 pSecurityDescriptor, nLength, lpnLengthNeeded);
998
999 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
1000 nLength, lpnLengthNeeded ));
1001}
Handle
ULONG Handle
Definition: gdb_input.c:15

Referenced by test_AddMandatoryAce(), test_child_token_sd(), test_child_token_sd_medium(), test_child_token_sd_restricted(), test_default_dacl_owner_sid(), test_get_security_descriptor(), test_token_label(), and test_token_security_descriptor().

◆ GetLengthSid()

DWORD WINAPI GetLengthSid ( PSID  pSid)

Definition at line 921 of file security.c.

922{
923 return (DWORD)RtlLengthSid(pSid);
924}
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150

Referenced by AccpCalcNeededAceSize(), AccpLookupCurrentUser(), AccpLookupSidByName(), AccRewriteGetExplicitEntriesFromAcl(), AddPrincipalToList(), AllowAccessOnSession(), AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), AuthzGetInformationFromContext(), AuthzInitializeContextFromSid(), AuthzpQueryToken(), BuildDefaultPrincipalAce(), CachedGetUserFromSid(), CacheLookupResults(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateScreenSaverSecurity(), CreateUserProfileExW(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), fill_sid(), GetShellSecurityDescriptor(), GetUserSid(), LsarpCreateAccount(), QueueSidLookup(), ReloadPrincipalsList(), and test_LookupAccountName().

◆ GetNamedSecurityInfoA()

DWORD WINAPI GetNamedSecurityInfoA ( LPSTR  pObjectName,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
PSID ppsidOwner,
PSID ppsidGroup,
PACL ppDacl,
PACL ppSacl,
PSECURITY_DESCRIPTOR ppSecurityDescriptor 
)

Definition at line 4104 of file security.c.

4112{
4113 DWORD len;
4114 LPWSTR wstr = NULL;
4115 DWORD r;
4116
4117 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
4118 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
4119
4120 if( pObjectName )
4121 {
4122 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
4123 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
4124 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
4125 }
4126
4127 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
4128 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
4129
4130 HeapFree( GetProcessHeap(), 0, wstr );
4131
4132 return r;
4133}
GetNamedSecurityInfoW
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1147
r
GLdouble GLdouble GLdouble r
Definition: gl.h:2055

◆ GetSecurityInfoExA()

DWORD WINAPI GetSecurityInfoExA ( HANDLE  hObject,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
LPCSTR  lpProvider,
LPCSTR  lpProperty,
PACTRL_ACCESSA ppAccessList,
PACTRL_AUDITA ppAuditList,
LPSTR lppOwner,
LPSTR lppGroup 
)

Definition at line 2094 of file security.c.

2103{
2104 FIXME("%s() not implemented!\n", __FUNCTION__);
2105 return ERROR_BAD_PROVIDER;
2106}
__FUNCTION__
#define __FUNCTION__
Definition: types.h:116
ERROR_BAD_PROVIDER
#define ERROR_BAD_PROVIDER
Definition: winerror.h:707

◆ GetSecurityInfoExW()

DWORD WINAPI GetSecurityInfoExW ( HANDLE  hObject,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
LPCWSTR  lpProvider,
LPCWSTR  lpProperty,
PACTRL_ACCESSW ppAccessList,
PACTRL_AUDITW ppAuditList,
LPWSTR lppOwner,
LPWSTR lppGroup 
)

Definition at line 2114 of file security.c.

2123{
2124 FIXME("%s() not implemented!\n", __FUNCTION__);
2125 return ERROR_BAD_PROVIDER;
2126}

◆ GetSidIdentifierAuthority()

PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority ( PSID  pSid)

Definition at line 887 of file security.c.

888{
889 SetLastError(ERROR_SUCCESS);
890 return RtlIdentifierAuthoritySid(pSid);
891}
RtlIdentifierAuthoritySid
NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid)

Referenced by GetTextSid(), GetTextualSid(), and test_GetSidIdentifierAuthority().

◆ GetSidLengthRequired()

DWORD WINAPI GetSidLengthRequired ( UCHAR  nSubAuthorityCount)

Definition at line 854 of file security.c.

855{
856 return (DWORD)RtlLengthRequiredSid(nSubAuthorityCount);
857}
RtlLengthRequiredSid
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

Referenced by ComputeStringSidSize(), CreateWellKnownSid(), GetWindowsAccountDomainSid(), LookupAccountNameW(), ParseStringSidToSid(), test_CreateWellKnownSid(), test_GetWindowsAccountDomainSid(), and test_LookupAccountSid().

◆ GetSidSubAuthority()

PDWORD WINAPI GetSidSubAuthority ( PSID  pSid,
DWORD  nSubAuthority 
)

Definition at line 898 of file security.c.

900{
901 SetLastError(ERROR_SUCCESS);
902 return (PDWORD)RtlSubAuthoritySid(pSid, nSubAuthority);
903}
RtlSubAuthoritySid
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
PDWORD
DWORD * PDWORD
Definition: pedump.c:68

Referenced by CreateWellKnownSid(), GetTextSid(), GetTextualSid(), GetWindowsAccountDomainSid(), LookupAccountNameW(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), and test_sid().

◆ GetSidSubAuthorityCount()

PUCHAR WINAPI GetSidSubAuthorityCount ( PSID  pSid)

Definition at line 910 of file security.c.

911{
912 SetLastError(ERROR_SUCCESS);
913 return RtlSubAuthorityCountSid(pSid);
914}
RtlSubAuthorityCountSid
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104

Referenced by ComputeStringSidSize(), CreateWellKnownSid(), GetTextSid(), GetTextualSid(), GetWindowsAccountDomainSid(), LookupAccountNameW(), test_CreateWellKnownSid(), and test_LookupAccountSid().

◆ GetTokenInformation()

BOOL WINAPI GetTokenInformation ( HANDLE  TokenHandle,
TOKEN_INFORMATION_CLASS  TokenInformationClass,
LPVOID  TokenInformation,
DWORD  TokenInformationLength,
PDWORD  ReturnLength 
)

Definition at line 413 of file security.c.

418{
419 NTSTATUS Status;
420
421 Status = NtQueryInformationToken(TokenHandle,
422 TokenInformationClass,
423 TokenInformation,
424 TokenInformationLength,
425 (PULONG)ReturnLength);
426 if (!NT_SUCCESS(Status))
427 {
428 SetLastError(RtlNtStatusToDosError(Status));
429 return FALSE;
430 }
431
432 return TRUE;
433}
TokenInformationClass
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:317
TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:319
NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473

Referenced by _GetUserSidStringFromToken(), AccpLookupCurrentUser(), AddUserProfiles(), AllowAccessOnSession(), are_all_privileges_disabled(), AuthzpQueryToken(), CheckForGuestsAndAdmins(), CreateProfile(), DoesUserHavePrivilege(), DwInitializeSdFromThreadToken(), get_admin_token(), get_current_group(), get_current_owner(), get_privilege_count(), get_user_sid(), GetFromToken(), GetShellSecurityDescriptor(), GetUserAndDomainName(), GetUserNameW(), GetUserSid(), GetUserToken(), ImpersonatePrinterClient(), is_process_elevated(), is_process_limited(), is_token_admin(), IsNTAdmin(), IsUserAdmin(), LoadUserProfileW(), named_pipe_client_func(), PerfDataRefresh(), RecycleBin5_Constructor(), RunningAsSYSTEM(), SHCreateSessionKey(), SHGetUserSessionId(), START_TEST(), TakeOwnershipOfFile(), test_CheckTokenMembership(), test_child_token_sd_medium(), test_child_token_sd_restricted(), test_CreateDirectoryA(), test_CreateRestrictedToken(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetTokenInformation(), test_GetWindowsAccountDomainSid(), test_ImpersonateNamedPipeClient(), test_impersonation_level(), test_LookupAccountSid(), test_lsa(), test_LsaLookupSids(), test_process_security(), test_pseudo_tokens(), test_token_attr(), test_token_security_descriptor(), test_TokenIntegrityLevel(), TestGetUserObjectInfoW(), validate_impersonation_token(), and WhoamiGetTokenInfo().

◆ GetTrusteeFormA()

TRUSTEE_FORM WINAPI GetTrusteeFormA ( PTRUSTEEA  pTrustee)

Definition at line 2408 of file security.c.

2409{
2410 TRACE("(%p)\n", pTrustee);
2411
2412 if (!pTrustee)
2413 return TRUSTEE_BAD_FORM;
2414
2415 return pTrustee->TrusteeForm;
2416}
TRUSTEE_BAD_FORM
@ TRUSTEE_BAD_FORM
Definition: accctrl.h:191

Referenced by InternalExplicitAccessAToW(), and InternalTrusteeAToW().

◆ GetTrusteeFormW()

TRUSTEE_FORM WINAPI GetTrusteeFormW ( PTRUSTEEW  pTrustee)

Definition at line 2421 of file security.c.

2422{
2423 TRACE("(%p)\n", pTrustee);
2424
2425 if (!pTrustee)
2426 return TRUSTEE_BAD_FORM;
2427
2428 return pTrustee->TrusteeForm;
2429}

◆ GetTrusteeNameA()

LPSTR WINAPI GetTrusteeNameA ( PTRUSTEE_A  pTrustee)

Definition at line 2435 of file security.c.

2436{
2437 return pTrustee->ptstrName;
2438}

Referenced by InternalExplicitAccessAToW(), and InternalTrusteeAToW().

◆ GetTrusteeNameW()

LPWSTR WINAPI GetTrusteeNameW ( PTRUSTEE_W  pTrustee)

Definition at line 2445 of file security.c.

2446{
2447 return pTrustee->ptstrName;
2448}

◆ GetTrusteeTypeA()

TRUSTEE_TYPE WINAPI GetTrusteeTypeA ( PTRUSTEE_A  pTrustee)

Definition at line 2454 of file security.c.

2455{
2456 return pTrustee->TrusteeType;
2457}

◆ GetTrusteeTypeW()

TRUSTEE_TYPE WINAPI GetTrusteeTypeW ( PTRUSTEE_W  pTrustee)

Definition at line 2463 of file security.c.

2464{
2465 return pTrustee->TrusteeType;
2466}

◆ GetUnicodeEnvironmentSize()

static DWORD GetUnicodeEnvironmentSize ( PVOID  pEnvironment)
static

Definition at line 3681 of file security.c.

3683{
3684 INT Length, TotalLength = 0;
3685 PWCHAR Ptr;
3686
3687 if (pEnvironment == NULL)
3688 return 0;
3689
3690 Ptr = (PWCHAR)pEnvironment;
3691 while (*Ptr != UNICODE_NULL)
3692 {
3693 Length = wcslen(Ptr) + 1;
3694 TotalLength += Length;
3695 Ptr = Ptr + Length;
3696 }
3697
3698 return (TotalLength + 1) * sizeof(WCHAR);
3699}
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
UNICODE_NULL
#define UNICODE_NULL
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56

Referenced by CreateProcessWithLogonW().

◆ GetWindowsAccountDomainSid()

BOOL WINAPI GetWindowsAccountDomainSid ( PSID  sid,
PSID  domain_sid,
DWORD size 
)

Definition at line 4138 of file security.c.

4139{
4140 SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
4141 DWORD required_size;
4142 int i;
4143
4144 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
4145
4146 if (!sid || !IsValidSid( sid ))
4147 {
4148 SetLastError( ERROR_INVALID_SID );
4149 return FALSE;
4150 }
4151
4152 if (!size)
4153 {
4154 SetLastError( ERROR_INVALID_PARAMETER );
4155 return FALSE;
4156 }
4157
4158 if (*GetSidSubAuthorityCount( sid ) < 4)
4159 {
4160 SetLastError( ERROR_INVALID_SID );
4161 return FALSE;
4162 }
4163
4164 required_size = GetSidLengthRequired( 4 );
4165 if (*size < required_size || !domain_sid)
4166 {
4167 *size = required_size;
4168 SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER :
4169 ERROR_INVALID_PARAMETER );
4170 return FALSE;
4171 }
4172
4173 InitializeSid( domain_sid, &domain_ident, 4 );
4174 for (i = 0; i < 4; i++)
4175 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
4176
4177 *size = required_size;
4178 return TRUE;
4179}
InitializeSid
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:864
size
GLsizeiptr size
Definition: glext.h:5919

◆ ImpersonateNamedPipeClient()

BOOL WINAPI ImpersonateNamedPipeClient ( HANDLE  hNamedPipe)

Definition at line 1026 of file security.c.

1027{
1028 IO_STATUS_BLOCK io_block;
1029
1030 TRACE("(%p)\n", hNamedPipe);
1031
1032 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
1033 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
1034}
NtFsControlFile
NTSYSAPI NTSTATUS NTAPI NtFsControlFile(IN HANDLE hFile, IN HANDLE hEvent OPTIONAL, IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL, IN PVOID IoApcContext OPTIONAL, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG DeviceIoControlCode, IN PVOID InBuffer OPTIONAL, IN ULONG InBufferLength, OUT PVOID OutBuffer OPTIONAL, IN ULONG OutBufferLength)
FSCTL_PIPE_IMPERSONATE
#define FSCTL_PIPE_IMPERSONATE
Definition: winioctl.h:85

Referenced by rpcrt4_conn_np_impersonate_client(), and test_ImpersonateNamedPipeClient().

◆ ImpersonateSelf()

BOOL WINAPI ImpersonateSelf ( SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel)

Definition at line 1633 of file security.c.

1634{
1635 NTSTATUS Status;
1636
1637 Status = RtlImpersonateSelf(ImpersonationLevel);
1638 if (!NT_SUCCESS(Status))
1639 {
1640 SetLastError(RtlNtStatusToDosError(Status));
1641 return FALSE;
1642 }
1643
1644 return TRUE;
1645}
RtlImpersonateSelf
NTSYSAPI NTSTATUS NTAPI RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: priv.c:45

Referenced by test_FileSecurity(), and test_impersonation_level().

◆ InitializeAcl()

BOOL WINAPI InitializeAcl ( PACL  pAcl,
DWORD  nAclLength,
DWORD  dwAclRevision 
)

Definition at line 1008 of file security.c.

1011{
1012 NTSTATUS Status;
1013
1014 Status = RtlCreateAcl(pAcl,
1015 nAclLength,
1016 dwAclRevision);
1017 if (!NT_SUCCESS(Status))
1018 {
1019 SetLastError(RtlNtStatusToDosError(Status));
1020 return FALSE;
1021 }
1022
1023 return TRUE;
1024}
RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)

Referenced by AccRewriteSetEntriesInAcl(), AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), convert_nfs4acl_2_dacl(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), get_sd(), GetShellSecurityDescriptor(), test_AccessCheck(), test_acls(), test_AddAce(), test_AddMandatoryAce(), test_ConvertSecurityDescriptorToString(), test_CreateDirectoryA(), test_event(), test_GetExplicitEntriesFromAclW(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_maximum_allowed(), test_process_security(), test_SetEntriesInAclA(), test_SetEntriesInAclW(), and test_token_security_descriptor().

◆ InitializeSecurityDescriptor()

BOOL WINAPI InitializeSecurityDescriptor ( PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  dwRevision 
)

Definition at line 931 of file security.c.

933{
934 NTSTATUS Status;
935
936 Status = RtlCreateSecurityDescriptor(pSecurityDescriptor,
937 dwRevision);
938 if (!NT_SUCCESS(Status))
939 {
940 SetLastError(RtlNtStatusToDosError(Status));
941 return FALSE;
942 }
943
944 return TRUE;
945}
RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), CreateAllAccessSecurityAttributes(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreateLogoffSecurityAttributes(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateProfileMutex(), CreatePublicEvent(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), DwInitializeSdFromThreadToken(), get_sd(), GetShellSecurityDescriptor(), handle_getacl(), InitializeAudioDeviceListLock(), pSetSecurityInfoCheck(), START_TEST(), TakeOwnershipOfFile(), test_AccessCheck(), test_AddMandatoryAce(), test_BuildSecurityDescriptorW(), test_ConvertSecurityDescriptorToString(), test_CopyBindInfo(), test_CreateDirectoryA(), test_default_dacl_owner_sid(), test_event(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_maximum_allowed(), test_process_security(), test_reg_create_key(), test_reg_open_key(), test_security_descriptor(), test_security_info(), and test_token_security_descriptor().

◆ InitializeSid()

BOOL WINAPI InitializeSid ( PSID  Sid,
PSID_IDENTIFIER_AUTHORITY  pIdentifierAuthority,
BYTE  nSubAuthorityCount 
)

Definition at line 864 of file security.c.

867{
868 NTSTATUS Status;
869
870 Status = RtlInitializeSid(Sid,
871 pIdentifierAuthority,
872 nSubAuthorityCount);
873 if (!NT_SUCCESS(Status))
874 {
875 SetLastError(RtlNtStatusToDosError(Status));
876 return FALSE;
877 }
878
879 return TRUE;
880}
RtlInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)

Referenced by GetWindowsAccountDomainSid(), and test_GetWindowsAccountDomainSid().

◆ IsValidAcl()

BOOL WINAPI IsValidAcl ( PACL  pAcl)

Definition at line 1211 of file security.c.

1212{
1213 return RtlValidAcl (pAcl);
1214}
RtlValidAcl
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)

Referenced by DumpAcl(), CSecurityDescriptor::HasValidDACL(), CSecurityDescriptor::HasValidSACL(), test_acls(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), and test_GetShellSecurityDescriptor().

◆ IsValidSid()

BOOL WINAPI IsValidSid ( PSID  pSid)

Definition at line 821 of file security.c.

822{
823 return (BOOL)RtlValidSid(pSid);
824}

Referenced by AuthzInitializeContextFromSid(), CreateWellKnownSid(), DumpSidNumeric(), CShellCommandDACL::Execute(), CShellCommandOwner::Execute(), CShellCommandSACL::Execute(), GetEventUserName(), GetTextualSid(), GetWindowsAccountDomainSid(), map_name_2_sid(), test_CreateWellKnownSid(), and test_GetSidIdentifierAuthority().

◆ IsWellKnownSid()

BOOL WINAPI IsWellKnownSid ( IN PSID  pSid,
IN WELL_KNOWN_SID_TYPE  WellKnownSidType 
)

Definition at line 798 of file security.c.

800{
801 unsigned int i;
802 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
803
804 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
805 {
806 if (WellKnownSids[i].Type == WellKnownSidType)
807 {
808 if (EqualSid(pSid, (PSID)(&WellKnownSids[i].Sid.Revision)))
809 return TRUE;
810 }
811 }
812
813 return FALSE;
814}

Referenced by is_well_known_sid(), and test_token_attr().

◆ LookupAccountNameA()

BOOL WINAPI LookupAccountNameA ( LPCSTR  SystemName,
LPCSTR  AccountName,
PSID  Sid,
LPDWORD  SidLength,
LPSTR  ReferencedDomainName,
LPDWORD  hReferencedDomainNameLength,
PSID_NAME_USE  SidNameUse 
)

Definition at line 2014 of file security.c.

2021{
2022 BOOL ret;
2023 UNICODE_STRING lpSystemW;
2024 UNICODE_STRING lpAccountW;
2025 LPWSTR lpReferencedDomainNameW = NULL;
2026
2027 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, SystemName);
2028 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, AccountName);
2029
2030 if (ReferencedDomainName)
2031 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(),
2032 0,
2033 *hReferencedDomainNameLength * sizeof(WCHAR));
2034
2035 ret = LookupAccountNameW(lpSystemW.Buffer,
2036 lpAccountW.Buffer,
2037 Sid,
2038 SidLength,
2039 lpReferencedDomainNameW,
2040 hReferencedDomainNameLength,
2041 SidNameUse);
2042
2043 if (ret && lpReferencedDomainNameW)
2044 {
2045 WideCharToMultiByte(CP_ACP,
2046 0,
2047 lpReferencedDomainNameW,
2048 *hReferencedDomainNameLength + 1,
2049 ReferencedDomainName,
2050 *hReferencedDomainNameLength + 1,
2051 NULL,
2052 NULL);
2053 }
2054
2055 RtlFreeUnicodeString(&lpSystemW);
2056 RtlFreeUnicodeString(&lpAccountW);
2057 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
2058
2059 return ret;
2060}
LookupAccountNameW
BOOL WINAPI LookupAccountNameW(LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, LPDWORD cbSid, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:626
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
ReferencedDomainName
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR ReferencedDomainName
Definition: winbase.h:2734

Referenced by check_wellknown_name(), and test_LookupAccountName().

◆ LookupPrivilegeDisplayNameA()

BOOL WINAPI LookupPrivilegeDisplayNameA ( LPCSTR  lpSystemName,
LPCSTR  lpName,
LPSTR  lpDisplayName,
LPDWORD  cchDisplayName,
LPDWORD  lpLanguageId 
)

Definition at line 1241 of file security.c.

1246{
1247 UNICODE_STRING lpSystemNameW;
1248 UNICODE_STRING lpNameW;
1249 BOOL ret;
1250 DWORD wLen = 0;
1251
1252 TRACE("%s %s %p %p %p\n", debugstr_a(lpSystemName), debugstr_a(lpName), lpName, cchDisplayName, lpLanguageId);
1253
1254 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1255 RtlCreateUnicodeStringFromAsciiz(&lpNameW, lpName);
1256 ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, NULL, &wLen, lpLanguageId);
1257 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1258 {
1259 LPWSTR