ReactOS 0.4.16-dev-1276-g70732b0
Classes | Macros | Typedefs | Functions | Variables
security.c File Reference
#include <advapi32.h>
#include <sddl.h>
Include dependency graph for security.c:

Go to the source code of this file.

Classes

struct  _ACEFLAG
 
union  _MAX_SID
 
struct  WELLKNOWNSID
 
struct  WELLKNOWNRID
 

Macros

#define ADS_RIGHT_DS_CREATE_CHILD   0x0001
 
#define ADS_RIGHT_DS_DELETE_CHILD   0x0002
 
#define ADS_RIGHT_ACTRL_DS_LIST   0x0004
 
#define ADS_RIGHT_DS_SELF   0x0008
 
#define ADS_RIGHT_DS_READ_PROP   0x0010
 
#define ADS_RIGHT_DS_WRITE_PROP   0x0020
 
#define ADS_RIGHT_DS_DELETE_TREE   0x0040
 
#define ADS_RIGHT_DS_LIST_OBJECT   0x0080
 
#define ADS_RIGHT_DS_CONTROL_ACCESS   0x0100
 

Typedefs

typedef struct _ACEFLAG ACEFLAG
 
typedef struct _ACEFLAGLPACEFLAG
 
typedef struct _MAX_SID MAX_SID
 
typedef struct WELLKNOWNSID WELLKNOWNSID
 
typedef struct WELLKNOWNRID WELLKNOWNRID
 

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (advapi)
 
static BOOL ParseStringSidToSid (LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
 
static const chardebugstr_sid (PSID sid)
 
static __inline BOOL set_ntstatus (NTSTATUS status)
 
static LPWSTR SERV_dup (LPCSTR str)
 
BOOL ADVAPI_IsLocalComputer (LPCWSTR ServerName)
 
BOOL ADVAPI_GetComputerSid (PSID sid)
 
BOOL WINAPI OpenProcessToken (HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
 
BOOL WINAPI OpenThreadToken (HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
 
BOOL WINAPI AdjustTokenGroups (HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState, DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength)
 
BOOL WINAPI AdjustTokenPrivileges (HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
 
BOOL WINAPI GetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
 
BOOL WINAPI SetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
 
BOOL WINAPI SetThreadToken (IN PHANDLE ThreadHandle OPTIONAL, IN HANDLE TokenHandle)
 
BOOL WINAPI CreateRestrictedToken (_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
 Creates a filtered token that is a restricted one of the regular access token. A restricted token can have disabled SIDs, deleted privileges and/or restricted SIDs added.
 
BOOL WINAPI AllocateAndInitializeSid (PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
 
PVOID WINAPI FreeSid (PSID pSid)
 
BOOL WINAPI CopySid (DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
 
BOOL WINAPI CreateWellKnownSid (IN WELL_KNOWN_SID_TYPE WellKnownSidType, IN PSID DomainSid OPTIONAL, OUT PSID pSid, IN OUT DWORD *cbSid)
 
BOOL WINAPI IsWellKnownSid (IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType)
 
BOOL WINAPI IsValidSid (PSID pSid)
 
BOOL WINAPI EqualSid (PSID pSid1, PSID pSid2)
 
BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
 
DWORD WINAPI GetSidLengthRequired (UCHAR nSubAuthorityCount)
 
BOOL WINAPI InitializeSid (PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
 
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority (PSID pSid)
 
PDWORD WINAPI GetSidSubAuthority (PSID pSid, DWORD nSubAuthority)
 
PUCHAR WINAPI GetSidSubAuthorityCount (PSID pSid)
 
DWORD WINAPI GetLengthSid (PSID pSid)
 
BOOL WINAPI InitializeSecurityDescriptor (PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
 
BOOL WINAPI MakeAbsoluteSD (PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
 
BOOL WINAPI GetKernelObjectSecurity (HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI InitializeAcl (PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
 
BOOL WINAPI ImpersonateNamedPipeClient (HANDLE hNamedPipe)
 
BOOL WINAPI AddAccessAllowedAce (PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessAllowedAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessDeniedAce (PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessDeniedAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAce (PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
 
BOOL WINAPI DeleteAce (PACL pAcl, DWORD dwAceIndex)
 
BOOL WINAPI FindFirstFreeAce (PACL pAcl, LPVOID *pAce)
 
BOOL WINAPI GetAce (PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
 
BOOL WINAPI GetAclInformation (PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
 
BOOL WINAPI IsValidAcl (PACL pAcl)
 
BOOL WINAPI AllocateLocallyUniqueId (PLUID Luid)
 
BOOL WINAPI LookupPrivilegeDisplayNameA (LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
 
BOOL WINAPI LookupPrivilegeNameA (LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
 
BOOL WINAPI GetFileSecurityA (LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI GetFileSecurityW (LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI SetFileSecurityA (LPCSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
 
BOOL WINAPI SetFileSecurityW (LPCWSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
 
BOOL WINAPI QueryWindows31FilesMigration (DWORD x1)
 
BOOL WINAPI SynchronizeWindows31FilesAndWindowsNTRegistry (DWORD x1, DWORD x2, DWORD x3, DWORD x4)
 
BOOL WINAPI RevertToSelf (VOID)
 
BOOL WINAPI ImpersonateSelf (SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
BOOL WINAPI AccessCheck (IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT LPDWORD PrivilegeSetLength, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus)
 
BOOL WINAPI AccessCheckByType (_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ DWORD DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ DWORD ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ LPDWORD PrivilegeSetLength, _Out_ LPDWORD GrantedAccess, _Out_ LPBOOL AccessStatus)
 Determines whether security access can be granted to a client that requests such access on the object type list. The access is either granted or denied for the whole object hierarchy in the list.
 
BOOL WINAPI AccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ DWORD DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ DWORD ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ LPDWORD PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) LPDWORD GrantedAccess, _Out_writes_(ObjectTypeListLength) LPBOOL AccessStatus)
 Determines whether security access can be granted to a client that requests such access on the object type list. Unlike the AccessCheckByType variant, this function will grant or deny access to each individual object and sub-object in the list.
 
BOOL WINAPI SetKernelObjectSecurity (HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
 
BOOL WINAPI AddAuditAccessAce (PACL pAcl, DWORD dwAceRevision, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
 
BOOL WINAPI AddAuditAccessAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
 
BOOL WINAPI LookupAccountNameA (LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
 
BOOL WINAPI PrivilegeCheck (HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
 
DWORD WINAPI GetSecurityInfoExA (HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup)
 
DWORD WINAPI GetSecurityInfoExW (HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup)
 
VOID WINAPI BuildExplicitAccessWithNameA (PEXPLICIT_ACCESSA pExplicitAccess, LPSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
 
VOID WINAPI BuildExplicitAccessWithNameW (PEXPLICIT_ACCESSW pExplicitAccess, LPWSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
 
VOID WINAPI BuildTrusteeWithObjectsAndNameA (PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName, SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName, LPSTR InheritedObjectTypeName, LPSTR Name)
 
VOID WINAPI BuildTrusteeWithObjectsAndNameW (PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName, SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName, LPWSTR InheritedObjectTypeName, LPWSTR Name)
 
VOID WINAPI BuildTrusteeWithObjectsAndSidA (PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
 
VOID WINAPI BuildTrusteeWithObjectsAndSidW (PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
 
VOID WINAPI BuildTrusteeWithSidA (PTRUSTEE_A pTrustee, PSID pSid)
 
VOID WINAPI BuildTrusteeWithSidW (PTRUSTEE_W pTrustee, PSID pSid)
 
VOID WINAPI BuildTrusteeWithNameA (PTRUSTEE_A pTrustee, LPSTR name)
 
VOID WINAPI BuildTrusteeWithNameW (PTRUSTEE_W pTrustee, LPWSTR name)
 
TRUSTEE_FORM WINAPI GetTrusteeFormA (PTRUSTEEA pTrustee)
 
TRUSTEE_FORM WINAPI GetTrusteeFormW (PTRUSTEEW pTrustee)
 
LPSTR WINAPI GetTrusteeNameA (PTRUSTEE_A pTrustee)
 
LPWSTR WINAPI GetTrusteeNameW (PTRUSTEE_W pTrustee)
 
TRUSTEE_TYPE WINAPI GetTrusteeTypeA (PTRUSTEE_A pTrustee)
 
TRUSTEE_TYPE WINAPI GetTrusteeTypeW (PTRUSTEE_W pTrustee)
 
BOOL WINAPI SetAclInformation (PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
 
DWORD WINAPI SetNamedSecurityInfoA (LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
 
BOOL WINAPI AreAllAccessesGranted (DWORD GrantedAccess, DWORD DesiredAccess)
 
BOOL WINAPI AreAnyAccessesGranted (DWORD GrantedAccess, DWORD DesiredAccess)
 
static DWORD ParseAclStringFlags (LPCWSTR *StringAcl)
 
static BYTE ParseAceStringType (LPCWSTR *StringAcl)
 
static BYTE ParseAceStringFlags (LPCWSTR *StringAcl)
 
static DWORD ParseAceStringRights (LPCWSTR *StringAcl)
 
static BOOL ParseStringAclToAcl (LPCWSTR StringAcl, LPDWORD lpdwFlags, PACL pAcl, LPDWORD cBytes)
 
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor (LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
 
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA (LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
 
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW (LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
 
static void DumpString (LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSidNumeric (PSID psid, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSid (PSID psid, WCHAR **pwptr, ULONG *plen)
 
static void DumpRights (DWORD mask, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpAce (LPVOID pace, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpAcl (PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
 
static BOOL DumpOwner (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpGroup (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpDacl (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSacl (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW (PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
 
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA (PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
 
BOOL WINAPI ConvertStringSidToSidW (LPCWSTR StringSid, PSID *Sid)
 
BOOL WINAPI ConvertStringSidToSidA (LPCSTR StringSid, PSID *Sid)
 
BOOL WINAPI ConvertSidToStringSidW (PSID Sid, LPWSTR *StringSid)
 
BOOL WINAPI ConvertSidToStringSidA (PSID Sid, LPSTR *StringSid)
 
static DWORD GetUnicodeEnvironmentSize (PVOID pEnvironment)
 
static DWORD GetAnsiEnvironmentSize (PVOID pEnvironment)
 
BOOL WINAPI CreateProcessWithLogonW (_In_ LPCWSTR lpUsername, _In_opt_ LPCWSTR lpDomain, _In_ LPCWSTR lpPassword, _In_ DWORD dwLogonFlags, _In_opt_ LPCWSTR lpApplicationName, _Inout_opt_ LPWSTR lpCommandLine, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCWSTR lpCurrentDirectory, _In_ LPSTARTUPINFOW lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation)
 
BOOL WINAPI CreateProcessWithTokenW (HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line, DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info, PROCESS_INFORMATION *process_information)
 
BOOL WINAPI DuplicateTokenEx (IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
 
BOOL WINAPI DuplicateToken (IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
 
static DWORD ComputeStringSidSize (LPCWSTR StringSid)
 
DWORD WINAPI GetNamedSecurityInfoA (LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
 
BOOL WINAPI GetWindowsAccountDomainSid (PSID sid, PSID domain_sid, DWORD *size)
 
BOOL WINAPI EqualDomainSid (IN PSID pSid1, IN PSID pSid2, OUT BOOL *pfEqual)
 

Variables

static const WELLKNOWNSID WellKnownSids []
 
static const WELLKNOWNRID WellKnownRids []
 
static const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }
 
static const WCHAR SDDL_NO_READ_UP [] = {'N','R',0}
 
static const WCHAR SDDL_NO_WRITE_UP [] = {'N','W',0}
 
static const WCHAR SDDL_NO_EXECUTE_UP [] = {'N','X',0}
 
static const WCHAR SDDL_ACCESS_ALLOWED [] = {'A',0}
 
static const WCHAR SDDL_ACCESS_DENIED [] = {'D',0}
 
static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED [] = {'O','A',0}
 
static const WCHAR SDDL_OBJECT_ACCESS_DENIED [] = {'O','D',0}
 
static const WCHAR SDDL_AUDIT [] = {'A','U',0}
 
static const WCHAR SDDL_ALARM [] = {'A','L',0}
 
static const WCHAR SDDL_MANDATORY_LABEL [] = {'M','L',0}
 
static const WCHAR SDDL_OBJECT_AUDIT [] = {'O','U',0}
 
static const WCHAR SDDL_OBJECT_ALARM [] = {'O','L',0}
 
static const WCHAR SDDL_CONTAINER_INHERIT [] = {'C','I',0}
 
static const WCHAR SDDL_OBJECT_INHERIT [] = {'O','I',0}
 
static const WCHAR SDDL_NO_PROPAGATE [] = {'N','P',0}
 
static const WCHAR SDDL_INHERIT_ONLY [] = {'I','O',0}
 
static const WCHAR SDDL_INHERITED [] = {'I','D',0}
 
static const WCHAR SDDL_AUDIT_SUCCESS [] = {'S','A',0}
 
static const WCHAR SDDL_AUDIT_FAILURE [] = {'F','A',0}
 
static const ACEFLAG AceType []
 
static const ACEFLAG AceFlags []
 
static const ACEFLAG AceRights []
 
static const LPCWSTR AceRightBitNames [32]
 

Macro Definition Documentation

◆ ADS_RIGHT_ACTRL_DS_LIST

#define ADS_RIGHT_ACTRL_DS_LIST   0x0004

Definition at line 155 of file security.c.

◆ ADS_RIGHT_DS_CONTROL_ACCESS

#define ADS_RIGHT_DS_CONTROL_ACCESS   0x0100

Definition at line 161 of file security.c.

◆ ADS_RIGHT_DS_CREATE_CHILD

#define ADS_RIGHT_DS_CREATE_CHILD   0x0001

Definition at line 153 of file security.c.

◆ ADS_RIGHT_DS_DELETE_CHILD

#define ADS_RIGHT_DS_DELETE_CHILD   0x0002

Definition at line 154 of file security.c.

◆ ADS_RIGHT_DS_DELETE_TREE

#define ADS_RIGHT_DS_DELETE_TREE   0x0040

Definition at line 159 of file security.c.

◆ ADS_RIGHT_DS_LIST_OBJECT

#define ADS_RIGHT_DS_LIST_OBJECT   0x0080

Definition at line 160 of file security.c.

◆ ADS_RIGHT_DS_READ_PROP

#define ADS_RIGHT_DS_READ_PROP   0x0010

Definition at line 157 of file security.c.

◆ ADS_RIGHT_DS_SELF

#define ADS_RIGHT_DS_SELF   0x0008

Definition at line 156 of file security.c.

◆ ADS_RIGHT_DS_WRITE_PROP

#define ADS_RIGHT_DS_WRITE_PROP   0x0020

Definition at line 158 of file security.c.

Typedef Documentation

◆ ACEFLAG

typedef struct _ACEFLAG ACEFLAG

◆ LPACEFLAG

typedef struct _ACEFLAG * LPACEFLAG

◆ MAX_SID

typedef struct _MAX_SID MAX_SID

◆ WELLKNOWNRID

typedef struct WELLKNOWNRID WELLKNOWNRID

◆ WELLKNOWNSID

typedef struct WELLKNOWNSID WELLKNOWNSID

Function Documentation

◆ AccessCheck()

BOOL WINAPI AccessCheck ( IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN HANDLE  ClientToken,
IN DWORD  DesiredAccess,
IN PGENERIC_MAPPING  GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet  OPTIONAL,
IN OUT LPDWORD  PrivilegeSetLength,
OUT LPDWORD  GrantedAccess,
OUT LPBOOL  AccessStatus 
)

Definition at line 1650 of file security.c.

1658{
1659 NTSTATUS Status;
1660 NTSTATUS NtAccessStatus;
1661
1662 /* Do the access check */
1663 Status = NtAccessCheck(pSecurityDescriptor,
1664 ClientToken,
1665 DesiredAccess,
1666 GenericMapping,
1667 PrivilegeSet,
1668 (PULONG)PrivilegeSetLength,
1669 (PACCESS_MASK)GrantedAccess,
1670 &NtAccessStatus);
1671
1672 /* See if the access check operation succeeded */
1673 if (!NT_SUCCESS(Status))
1674 {
1675 /* Check failed */
1676 SetLastError(RtlNtStatusToDosError(Status));
1677 return FALSE;
1678 }
1679
1680 /* Now check the access status */
1681 if (!NT_SUCCESS(NtAccessStatus))
1682 {
1683 /* Access denied */
1684 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1685 *AccessStatus = FALSE;
1686 }
1687 else
1688 {
1689 /* Access granted */
1690 *AccessStatus = TRUE;
1691 }
1692
1693 /* Check succeeded */
1694 return TRUE;
1695}
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NtAccessCheck
NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on an object.
Definition: accesschk.c:2214
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
SetLastError
#define SetLastError(x)
Definition: compat.h:752
Status
Status
Definition: gdiplustypes.h:25
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20

Referenced by test_AccessCheck(), test_default_handle_security(), and test_FileSecurity().

◆ AccessCheckByType()

BOOL WINAPI AccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  pSecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ DWORD  DesiredAccess,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ DWORD  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ LPDWORD  PrivilegeSetLength,
_Out_ LPDWORD  GrantedAccess,
_Out_ LPBOOL  AccessStatus 
)

Determines whether security access can be granted to a client that requests such access on the object type list. The access is either granted or denied for the whole object hierarchy in the list.

Parameters
[in]pSecurityDescriptorA pointer to a security descriptor that identifies the security information of an object being accessed. This function walks through this descriptor for any ACLs and respective access rights if access can be granted.
[in]PrincipalSelfSidA pointer to a principal self SID. This parameter can be NULL if the associated object being checked for access does not represent a principal.
[in]ClientTokenA handle to an access token, that identifies the client of which requests access to the target object.
[in]DesiredAccessThe access right bitmask where the client wants to acquire. This can be an OR'ed set of multiple access rights or MAXIMUM_ALLOWED to request all of possible access rights the target object allows. If only some rights were granted but not all the access is deemed as denied.
[in]ObjectTypeListA pointer to a given object type list. If this parameter is not NULL the function will perform an access check against the main object and sub-objects of this list. If this parameter is NULL and ObjectTypeListLength is 0, the function will perform a normal access check instead.
[in]ObjectTypeListLengthThe length of the object type list array, pointed by ObjectTypeList. This length in question represents the number of elements in such array. This parameter must be 0 if no array list is provided.
[in]GenericMappingThe generic mapping of access rights of an object type.
[out]PrivilegeSetA pointer to a set of privileges that were used to perform the access check, returned to caller. This function will return no privileges (privilege count set to 0) if no privileges were used to accomplish the access check. This parameter must not be NULL!
[in,out]PrivilegeSetLengthThe total length size of a set of privileges. This length represents the count of elements in the privilege set array.
[out]GrantedAccessA pointer to granted access rights, returned to the caller.
[out]AccessStatusA pointer to a boolean value that indicates whether access is granted or denied to the client that requests access to the entire hierarchy of an object type list. If ObjectTypeList is NULL, this value represents the access that is granted or denied to the target object, just like in AccessCheck.
Returns
The function returns TRUE if the access check operation has completed successfully, otherwise it returns FALSE.

Definition at line 1767 of file security.c.

1779{
1780 NTSTATUS Status;
1781 NTSTATUS NtAccessStatus;
1782
1783 Status = NtAccessCheckByType(pSecurityDescriptor,
1784 PrincipalSelfSid,
1785 ClientToken,
1786 DesiredAccess,
1787 ObjectTypeList,
1788 ObjectTypeListLength,
1789 GenericMapping,
1790 PrivilegeSet,
1791 PrivilegeSetLength,
1792 (PACCESS_MASK)GrantedAccess,
1793 &NtAccessStatus);
1794 if (!NT_SUCCESS(Status))
1795 {
1796 SetLastError(RtlNtStatusToDosError(Status));
1797 return FALSE;
1798 }
1799
1800 if (!NT_SUCCESS(NtAccessStatus))
1801 {
1802 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1803 *AccessStatus = FALSE;
1804 }
1805 else
1806 {
1807 *AccessStatus = TRUE;
1808 }
1809
1810 return TRUE;
1811}
NtAccessCheckByType
NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2254

◆ AccessCheckByTypeResultList()

BOOL WINAPI AccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  pSecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ DWORD  DesiredAccess,
_In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ DWORD  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ LPDWORD  PrivilegeSetLength,
_Out_writes_(ObjectTypeListLength) LPDWORD  GrantedAccess,
_Out_writes_(ObjectTypeListLength) LPBOOL  AccessStatus 
)

Determines whether security access can be granted to a client that requests such access on the object type list. Unlike the AccessCheckByType variant, this function will grant or deny access to each individual object and sub-object in the list.

Parameters
[in]pSecurityDescriptorA pointer to a security descriptor that identifies the security information of an object being accessed. This function walks through this descriptor for any ACLs and respective access rights if access can be granted.
[in]PrincipalSelfSidA pointer to a principal self SID. This parameter can be NULL if the associated object being checked for access does not represent a principal.
[in]ClientTokenA handle to an access token, that identifies the client of which requests access to the target object.
[in]DesiredAccessThe access right bitmask where the client wants to acquire. This can be an OR'ed set of multiple access rights or MAXIMUM_ALLOWED to request all of possible access rights the target object allows. If only some rights were granted but not all the access is deemed as denied.
[in]ObjectTypeListA pointer to a given object type list. This function will perform an access check against the main object and sub-objects of this list. This parameter must not be NULL!
[in]ObjectTypeListLengthThe length of the object type list array, pointed by ObjectTypeList. This length in question represents the number of elements in such array. This parameter must be 0 if no array list is provided.
[in]GenericMappingThe generic mapping of access rights of an object type.
[out]PrivilegeSetA pointer to a set of privileges that were used to perform the access check, returned to caller. This function will return no privileges (privilege count set to 0) if no privileges were used to accomplish the access check. This parameter must not be NULL!
[in,out]PrivilegeSetLengthThe total length size of a set of privileges. This length represents the count of elements in the privilege set array.
[out]GrantedAccessA pointer to granted access rights. This parameter is an array of granted rights for the object and each sub-object of an object type list.
[out]AccessStatusA pointer to a boolean value that indicates whether access is granted or denied to the client that requests access to the object and sub-objects of an object type list. This parameter is an array of boolean values for the object and each individual sub-object of the list.
Returns
The function returns TRUE if the access check operation has completed successfully, otherwise it returns FALSE.

Definition at line 1881 of file security.c.

1893{
1894 NTSTATUS Status;
1895 DWORD ResultListIndex;
1896 PNTSTATUS NtAccessStatus = NULL;
1897
1898 Status = NtAccessCheckByTypeResultList(pSecurityDescriptor,
1899 PrincipalSelfSid,
1900 ClientToken,
1901 DesiredAccess,
1902 ObjectTypeList,
1903 ObjectTypeListLength,
1904 GenericMapping,
1905 PrivilegeSet,
1906 PrivilegeSetLength,
1907 (PACCESS_MASK)GrantedAccess,
1908 NtAccessStatus);
1909 if (!NT_SUCCESS(Status))
1910 {
1911 SetLastError(RtlNtStatusToDosError(Status));
1912 return FALSE;
1913 }
1914
1915 for (ResultListIndex = 0; ResultListIndex < ObjectTypeListLength; ResultListIndex++)
1916 {
1917 AccessStatus[ResultListIndex] = RtlNtStatusToDosError(NtAccessStatus[ResultListIndex]);
1918 }
1919
1920 return TRUE;
1921}
NtAccessCheckByTypeResultList
NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2297
NULL
#define NULL
Definition: types.h:112
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
PNTSTATUS
* PNTSTATUS
Definition: strlen.c:14

◆ AddAccessAllowedAce()

BOOL WINAPI AddAccessAllowedAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1039 of file security.c.

1043{
1044 NTSTATUS Status;
1045
1046 Status = RtlAddAccessAllowedAce(pAcl,
1047 dwAceRevision,
1048 AccessMask,
1049 pSid);
1050 if (!NT_SUCCESS(Status))
1051 {
1052 SetLastError(RtlNtStatusToDosError(Status));
1053 return FALSE;
1054 }
1055
1056 return TRUE;
1057}
RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
pSid
static PSID pSid
Definition: security.c:74
AccessMask
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
dwAceRevision
_In_ ULONG dwAceRevision
Definition: rtlfuncs.h:1165

Referenced by AccRewriteSetEntriesInAcl(), convert_nfs4acl_2_dacl(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), GetShellSecurityDescriptor(), test_AccessCheck(), test_AddMandatoryAce(), test_GetExplicitEntriesFromAclW(), test_process_security(), test_SetEntriesInAclA(), and test_SetEntriesInAclW().

◆ AddAccessAllowedAceEx()

BOOL WINAPI AddAccessAllowedAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1063 of file security.c.

1068{
1069 NTSTATUS Status;
1070
1071 Status = RtlAddAccessAllowedAceEx(pAcl,
1072 dwAceRevision,
1073 AceFlags,
1074 AccessMask,
1075 pSid);
1076 if (!NT_SUCCESS(Status))
1077 {
1078 SetLastError(RtlNtStatusToDosError(Status));
1079 return FALSE;
1080 }
1081
1082 return TRUE;
1083}
AceFlags
static const ACEFLAG AceFlags[]
Definition: security.c:2624
RtlAddAccessAllowedAceEx
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), CreateApplicationDesktopSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), get_sd(), and GetShellSecurityDescriptor().

◆ AddAccessDeniedAce()

BOOL WINAPI AddAccessDeniedAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1090 of file security.c.

1094{
1095 NTSTATUS Status;
1096
1097 Status = RtlAddAccessDeniedAce(pAcl,
1098 dwAceRevision,
1099 AccessMask,
1100 pSid);
1101 if (!NT_SUCCESS(Status))
1102 {
1103 SetLastError(RtlNtStatusToDosError(Status));
1104 return FALSE;
1105 }
1106
1107 return TRUE;
1108}
RtlAddAccessDeniedAce
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)

Referenced by AccRewriteSetEntriesInAcl(), convert_nfs4acl_2_dacl(), GetShellSecurityDescriptor(), test_AccessCheck(), and test_process_security().

◆ AddAccessDeniedAceEx()

BOOL WINAPI AddAccessDeniedAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1114 of file security.c.

1119{
1120 NTSTATUS Status;
1121
1122 Status = RtlAddAccessDeniedAceEx(pAcl,
1123 dwAceRevision,
1124 AceFlags,
1125 AccessMask,
1126 pSid);
1127 if (!NT_SUCCESS(Status))
1128 {
1129 SetLastError(RtlNtStatusToDosError(Status));
1130 return FALSE;
1131 }
1132
1133 return TRUE;
1134}
RtlAddAccessDeniedAceEx
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)

Referenced by GetShellSecurityDescriptor().

◆ AddAce()

BOOL WINAPI AddAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  dwStartingAceIndex,
LPVOID  pAceList,
DWORD  nAceListLength 
)

Definition at line 1141 of file security.c.

1146{
1147 NTSTATUS Status;
1148
1149 Status = RtlAddAce(pAcl,
1150 dwAceRevision,
1151 dwStartingAceIndex,
1152 pAceList,
1153 nAceListLength);
1154 if (!NT_SUCCESS(Status))
1155 {
1156 SetLastError(RtlNtStatusToDosError(Status));
1157 return FALSE;
1158 }
1159
1160 return TRUE;
1161}
RtlAddAce
NTSYSAPI NTSTATUS NTAPI RtlAddAce(_Inout_ PACL Acl, _In_ ULONG AceRevision, _In_ ULONG StartingAceIndex, _In_reads_bytes_(AceListLength) PVOID AceList, _In_ ULONG AceListLength)

Referenced by test_AddAce().

◆ AddAuditAccessAce()

BOOL WINAPI AddAuditAccessAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  dwAccessMask,
PSID  pSid,
BOOL  bAuditSuccess,
BOOL  bAuditFailure 
)

Definition at line 1951 of file security.c.

1957{
1958 NTSTATUS Status;
1959
1960 Status = RtlAddAuditAccessAce(pAcl,
1961 dwAceRevision,
1962 dwAccessMask,
1963 pSid,
1964 bAuditSuccess,
1965 bAuditFailure);
1966 if (!NT_SUCCESS(Status))
1967 {
1968 SetLastError(RtlNtStatusToDosError(Status));
1969 return FALSE;
1970 }
1971
1972 return TRUE;
1973}
RtlAddAuditAccessAce
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)

◆ AddAuditAccessAceEx()

BOOL WINAPI AddAuditAccessAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  dwAccessMask,
PSID  pSid,
BOOL  bAuditSuccess,
BOOL  bAuditFailure 
)

Definition at line 1979 of file security.c.

1986{
1987 NTSTATUS Status;
1988
1989 Status = RtlAddAuditAccessAceEx(pAcl,
1990 dwAceRevision,
1991 AceFlags,
1992 dwAccessMask,
1993 pSid,
1994 bAuditSuccess,
1995 bAuditFailure);
1996 if (!NT_SUCCESS(Status))
1997 {
1998 SetLastError(RtlNtStatusToDosError(Status));
1999 return FALSE;
2000 }
2001
2002 return TRUE;
2003}
RtlAddAuditAccessAceEx
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)

◆ AdjustTokenGroups()

BOOL WINAPI AdjustTokenGroups ( HANDLE  TokenHandle,
BOOL  ResetToDefault,
PTOKEN_GROUPS  NewState,
DWORD  BufferLength,
PTOKEN_GROUPS  PreviousState,
PDWORD  ReturnLength 
)

Definition at line 346 of file security.c.

352{
353 NTSTATUS Status;
354
355 Status = NtAdjustGroupsToken(TokenHandle,
356 ResetToDefault,
357 NewState,
358 BufferLength,
359 PreviousState,
360 (PULONG)ReturnLength);
361 if (!NT_SUCCESS(Status))
362 {
363 SetLastError(RtlNtStatusToDosError(Status));
364 return FALSE;
365 }
366
367 return TRUE;
368}
ReturnLength
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
NtAdjustGroupsToken
NTSTATUS NTAPI NtAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
Changes the list of groups by enabling or disabling them in an access token. Unlike NtAdjustPrivilege...
Definition: tokenadj.c:695
PreviousState
_In_ WDF_POWER_DEVICE_STATE PreviousState
Definition: wdfdevice.h:829
BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771

◆ AdjustTokenPrivileges()

BOOL WINAPI AdjustTokenPrivileges ( HANDLE  TokenHandle,
BOOL  DisableAllPrivileges,
PTOKEN_PRIVILEGES  NewState,
DWORD  BufferLength,
PTOKEN_PRIVILEGES  PreviousState,
PDWORD  ReturnLength 
)

Definition at line 374 of file security.c.

380{
381 NTSTATUS Status;
382
383 Status = NtAdjustPrivilegesToken(TokenHandle,
384 DisableAllPrivileges,
385 NewState,
386 BufferLength,
387 PreviousState,
388 (PULONG)ReturnLength);
389 if (STATUS_NOT_ALL_ASSIGNED == Status)
390 {
391 SetLastError(ERROR_NOT_ALL_ASSIGNED);
392 return TRUE;
393 }
394
395 if (!NT_SUCCESS(Status))
396 {
397 SetLastError(RtlNtStatusToDosError(Status));
398 return FALSE;
399 }
400
401 /* AdjustTokenPrivileges is documented to do this */
402 SetLastError(ERROR_SUCCESS);
403
404 return TRUE;
405}
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
STATUS_NOT_ALL_ASSIGNED
#define STATUS_NOT_ALL_ASSIGNED
Definition: ntstatus.h:85
NtAdjustPrivilegesToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
Removes a certain amount of privileges of a token based upon the request by the caller.
Definition: tokenadj.c:451
ERROR_NOT_ALL_ASSIGNED
#define ERROR_NOT_ALL_ASSIGNED
Definition: winerror.h:782

Referenced by AcquireRemoveRestorePrivilege(), AddDeviceW(), DisablePrivilege(), DisableTokenPrivileges(), EnablePrivilege(), EnableProcessPrivileges(), enableTokenPrivilege(), CShellCommandSACL::Execute(), FormatEx2(), InstallReactOS(), named_pipe_client_func(), PauseBalanceW(), Privilege(), pSetupEnablePrivilege(), RecvSubvolGUIW(), RecvSubvolW(), RemoveDeviceW(), ResetStatsW(), ResizeDeviceW(), ScmEnableBackupRestorePrivileges(), SendSubvolGUIW(), SendSubvolW(), set_privileges(), SetDriverLoadPrivilege(), SetPrivilege(), SHInvokePrivilegedFunctionW(), ShowScrubW(), ShutdownSystem(), StartBalanceW(), StartScrubW(), StopBalanceW(), StopScrubW(), SystemSetLocalTime(), SystemSetTime(), test8(), test_AdjustTokenPrivileges(), test_SetFileValidData(), test_system_security_access(), UpdateDriver(), WinMain(), and wWinMain().

◆ ADVAPI_GetComputerSid()

BOOL ADVAPI_GetComputerSid ( PSID  sid)

Definition at line 273 of file security.c.

274{
275 static const struct /* same fields as struct SID */
276 {
277 BYTE Revision;
278 BYTE SubAuthorityCount;
279 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
280 DWORD SubAuthority[4];
281 } computer_sid =
282 { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } };
283
284 memcpy( sid, &computer_sid, sizeof(computer_sid) );
285 return TRUE;
286}
sid
FT_UInt sid
Definition: cffcmap.c:139
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
SubAuthorityCount
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
Definition: rtlfuncs.h:1539
Revision
_In_ ULONG Revision
Definition: rtlfuncs.h:1154
IdentifierAuthority
_In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: rtlfuncs.h:1537
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
SID_REVISION
#define SID_REVISION
Definition: setypes.h:481
SECURITY_NT_NON_UNIQUE
#define SECURITY_NT_NON_UNIQUE
Definition: setypes.h:577
BYTE
unsigned char BYTE
Definition: xxhash.c:193

Referenced by ComputeStringSidSize(), and ParseStringSidToSid().

◆ ADVAPI_IsLocalComputer()

BOOL ADVAPI_IsLocalComputer ( LPCWSTR  ServerName)

Definition at line 251 of file security.c.

252{
253 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
254 BOOL Result;
255 LPWSTR buf;
256
257 if (!ServerName || !ServerName[0])
258 return TRUE;
259
260 buf = heap_alloc(dwSize * sizeof(WCHAR));
261 Result = GetComputerNameW(buf, &dwSize);
262 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
263 ServerName += 2;
264 Result = Result && !lstrcmpW(ServerName, buf);
265 heap_free(buf);
266
267 return Result;
268}
heap_alloc
static void * heap_alloc(size_t len)
Definition: appwiz.h:66
heap_free
static BOOL heap_free(void *mem)
Definition: appwiz.h:76
GetComputerNameW
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
lstrcmpW
int WINAPI lstrcmpW(LPCWSTR str1, LPCWSTR str2)
Definition: locale.c:4243
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
dwSize
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
MAX_COMPUTERNAME_LENGTH
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:276
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184

◆ AllocateAndInitializeSid()

BOOL WINAPI AllocateAndInitializeSid ( PSID_IDENTIFIER_AUTHORITY  pIdentifierAuthority,
BYTE  nSubAuthorityCount,
DWORD  nSubAuthority0,
DWORD  nSubAuthority1,
DWORD  nSubAuthority2,
DWORD  nSubAuthority3,
DWORD  nSubAuthority4,
DWORD  nSubAuthority5,
DWORD  nSubAuthority6,
DWORD  nSubAuthority7,
PSID pSid 
)

Definition at line 674 of file security.c.

681{
682 return set_ntstatus( RtlAllocateAndInitializeSid(
683 pIdentifierAuthority, nSubAuthorityCount,
684 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
685 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
686 pSid ));
687}
set_ntstatus
static __inline BOOL set_ntstatus(NTSTATUS status)
Definition: security.c:227
RtlAllocateAndInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), check_wellknown_name(), CheckForGuestsAndAdmins(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreateLogoffSecurityAttributes(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), GetShellSecurityDescriptor(), Imm32IsInteractiveUserLogon(), is_process_limited(), is_token_admin(), IsCallerInteractive(), IsInteractiveUserLogon(), IsNTAdmin(), IsUserAdmin(), PerfDataInitialize(), pSetupIsUserAdmin(), SHTestTokenMembership(), START_TEST(), test_AccessCheck(), test_AddMandatoryAce(), test_CreateWellKnownSid(), test_EqualSid(), test_GetExplicitEntriesFromAclW(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_LookupAccountSid(), test_process_security(), test_reg_create_key(), test_reg_open_key(), test_SetEntriesInAclA(), test_SetEntriesInAclW(), test_sid(), and test_trustee().

◆ AllocateLocallyUniqueId()

BOOL WINAPI AllocateLocallyUniqueId ( PLUID  Luid)

Definition at line 1218 of file security.c.

1219{
1220 NTSTATUS Status;
1221
1222 Status = NtAllocateLocallyUniqueId (Luid);
1223 if (!NT_SUCCESS (Status))
1224 {
1225 SetLastError(RtlNtStatusToDosError(Status));
1226 return FALSE;
1227 }
1228
1229 return TRUE;
1230}
NtAllocateLocallyUniqueId
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:348

Referenced by CookupNodeId(), LogonUserExW(), MyLogonUser(), and wined3d_adapter_init().

◆ AreAllAccessesGranted()

BOOL WINAPI AreAllAccessesGranted ( DWORD  GrantedAccess,
DWORD  DesiredAccess 
)

Definition at line 2532 of file security.c.

2534{
2535 return (BOOL)RtlAreAllAccessesGranted(GrantedAccess,
2536 DesiredAccess);
2537}
RtlAreAllAccessesGranted
NTSYSAPI BOOLEAN NTAPI RtlAreAllAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)

◆ AreAnyAccessesGranted()

BOOL WINAPI AreAnyAccessesGranted ( DWORD  GrantedAccess,
DWORD  DesiredAccess 
)

Definition at line 2544 of file security.c.

2546{
2547 return (BOOL)RtlAreAnyAccessesGranted(GrantedAccess,
2548 DesiredAccess);
2549}
RtlAreAnyAccessesGranted
NTSYSAPI BOOLEAN NTAPI RtlAreAnyAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)

◆ BuildExplicitAccessWithNameA()

VOID WINAPI BuildExplicitAccessWithNameA ( PEXPLICIT_ACCESSA  pExplicitAccess,
LPSTR  pTrusteeName,
DWORD  AccessPermissions,
ACCESS_MODE  AccessMode,
DWORD  Inheritance 
)

Definition at line 2130 of file security.c.

2135{
2136 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2137 pExplicitAccess->grfAccessMode = AccessMode;
2138 pExplicitAccess->grfInheritance = Inheritance;
2139
2140 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2141 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2142 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2143 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2144 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2145}
TRUSTEE_IS_NAME
@ TRUSTEE_IS_NAME
Definition: accctrl.h:190
TRUSTEE_IS_UNKNOWN
@ TRUSTEE_IS_UNKNOWN
Definition: accctrl.h:176
NO_MULTIPLE_TRUSTEE
@ NO_MULTIPLE_TRUSTEE
Definition: accctrl.h:198
_EXPLICIT_ACCESS_A::grfAccessPermissions
DWORD grfAccessPermissions
Definition: accctrl.h:332
_EXPLICIT_ACCESS_A::Trustee
TRUSTEE_A Trustee
Definition: accctrl.h:335
_EXPLICIT_ACCESS_A::grfInheritance
DWORD grfInheritance
Definition: accctrl.h:334
_EXPLICIT_ACCESS_A::grfAccessMode
ACCESS_MODE grfAccessMode
Definition: accctrl.h:333
_TRUSTEE_A::MultipleTrusteeOperation
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:205
_TRUSTEE_A::TrusteeType
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:207
_TRUSTEE_A::TrusteeForm
TRUSTEE_FORM TrusteeForm
Definition: accctrl.h:206
_TRUSTEE_A::pMultipleTrustee
struct _TRUSTEE_A * pMultipleTrustee
Definition: accctrl.h:204
_TRUSTEE_A::ptstrName
LPSTR ptstrName
Definition: accctrl.h:208
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396

◆ BuildExplicitAccessWithNameW()

VOID WINAPI BuildExplicitAccessWithNameW ( PEXPLICIT_ACCESSW  pExplicitAccess,
LPWSTR  pTrusteeName,
DWORD  AccessPermissions,
ACCESS_MODE  AccessMode,
DWORD  Inheritance 
)

Definition at line 2152 of file security.c.

2157{
2158 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2159 pExplicitAccess->grfAccessMode = AccessMode;
2160 pExplicitAccess->grfInheritance = Inheritance;
2161
2162 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2163 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2164 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2165 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2166 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2167}
_EXPLICIT_ACCESS_W::grfAccessPermissions
DWORD grfAccessPermissions
Definition: accctrl.h:340
_EXPLICIT_ACCESS_W::grfInheritance
DWORD grfInheritance
Definition: accctrl.h:342
_EXPLICIT_ACCESS_W::Trustee
TRUSTEE_W Trustee
Definition: accctrl.h:343
_EXPLICIT_ACCESS_W::grfAccessMode
ACCESS_MODE grfAccessMode
Definition: accctrl.h:341
_TRUSTEE_W::ptstrName
LPWSTR ptstrName
Definition: accctrl.h:217
_TRUSTEE_W::pMultipleTrustee
struct _TRUSTEE_W * pMultipleTrustee
Definition: accctrl.h:213
_TRUSTEE_W::TrusteeType
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:216
_TRUSTEE_W::TrusteeForm
TRUSTEE_FORM TrusteeForm
Definition: accctrl.h:215
_TRUSTEE_W::MultipleTrusteeOperation
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:214

◆ BuildTrusteeWithNameA()

VOID WINAPI BuildTrusteeWithNameA ( PTRUSTEE_A  pTrustee,
LPSTR  name 
)

Definition at line 2375 of file security.c.

2377{
2378 TRACE("%p %s\n", pTrustee, name);
2379
2380 pTrustee->pMultipleTrustee = NULL;
2381 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2382 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2383 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2384 pTrustee->ptstrName = name;
2385}
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
name
Definition: name.c:39

◆ BuildTrusteeWithNameW()

VOID WINAPI BuildTrusteeWithNameW ( PTRUSTEE_W  pTrustee,
LPWSTR  name 
)

Definition at line 2391 of file security.c.

2393{
2394 TRACE("%p %s\n", pTrustee, name);
2395
2396 pTrustee->pMultipleTrustee = NULL;
2397 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2398 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2399 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2400 pTrustee->ptstrName = name;
2401}

◆ BuildTrusteeWithObjectsAndNameA()

VOID WINAPI BuildTrusteeWithObjectsAndNameA ( PTRUSTEEA  pTrustee,
POBJECTS_AND_NAME_A  pObjName,
SE_OBJECT_TYPE  ObjectType,
LPSTR  ObjectTypeName,
LPSTR  InheritedObjectTypeName,
LPSTR  Name 
)

Definition at line 2172 of file security.c.

2175{
2176 DWORD ObjectsPresent = 0;
2177
2178 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2179 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
2180
2181 /* Fill the OBJECTS_AND_NAME structure */
2182 pObjName->ObjectType = ObjectType;
2183 if (ObjectTypeName != NULL)
2184 {
2185 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2186 }
2187
2188 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2189 if (InheritedObjectTypeName != NULL)
2190 {
2191 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2192 }
2193
2194 pObjName->ObjectsPresent = ObjectsPresent;
2195 pObjName->ptstrName = Name;
2196
2197 /* Fill the TRUSTEE structure */
2198 pTrustee->pMultipleTrustee = NULL;
2199 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2200 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2201 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2202 pTrustee->ptstrName = (LPSTR)pObjName;
2203}
TRUSTEE_IS_OBJECTS_AND_NAME
@ TRUSTEE_IS_OBJECTS_AND_NAME
Definition: accctrl.h:193
Name
LPWSTR Name
Definition: desk.c:124
debugstr_a
#define debugstr_a
Definition: kernel32.h:31
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
pObjName
static POBJECTS_AND_NAME_A pObjName
Definition: security.c:77
InheritedObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR InheritedObjectTypeName
Definition: security.c:80
ObjectType
ObjectType
Definition: metafile.c:81
_OBJECTS_AND_NAME_A::ptstrName
LPSTR ptstrName
Definition: accctrl.h:360
_OBJECTS_AND_NAME_A::ObjectsPresent
DWORD ObjectsPresent
Definition: accctrl.h:356
_OBJECTS_AND_NAME_A::InheritedObjectTypeName
LPSTR InheritedObjectTypeName
Definition: accctrl.h:359
_OBJECTS_AND_NAME_A::ObjectType
SE_OBJECT_TYPE ObjectType
Definition: accctrl.h:357
ACE_INHERITED_OBJECT_TYPE_PRESENT
#define ACE_INHERITED_OBJECT_TYPE_PRESENT
Definition: setypes.h:818
ACE_OBJECT_TYPE_PRESENT
#define ACE_OBJECT_TYPE_PRESENT
Definition: setypes.h:817
LPSTR
char * LPSTR
Definition: xmlstorage.h:182

◆ BuildTrusteeWithObjectsAndNameW()

VOID WINAPI BuildTrusteeWithObjectsAndNameW ( PTRUSTEEW  pTrustee,
POBJECTS_AND_NAME_W  pObjName,
SE_OBJECT_TYPE  ObjectType,
LPWSTR  ObjectTypeName,
LPWSTR  InheritedObjectTypeName,
LPWSTR  Name 
)

Definition at line 2208 of file security.c.

2211{
2212 DWORD ObjectsPresent = 0;
2213
2214 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2215 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
2216
2217 /* Fill the OBJECTS_AND_NAME structure */
2218 pObjName->ObjectType = ObjectType;
2219 if (ObjectTypeName != NULL)
2220 {
2221 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2222 }
2223
2224 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2225 if (InheritedObjectTypeName != NULL)
2226 {
2227 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2228 }
2229
2230 pObjName->ObjectsPresent = ObjectsPresent;
2231 pObjName->ptstrName = Name;
2232
2233 /* Fill the TRUSTEE structure */
2234 pTrustee->pMultipleTrustee = NULL;
2235 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2236 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2237 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2238 pTrustee->ptstrName = (LPWSTR)pObjName;
2239}
debugstr_w
#define debugstr_w
Definition: kernel32.h:32

◆ BuildTrusteeWithObjectsAndSidA()

VOID WINAPI BuildTrusteeWithObjectsAndSidA ( PTRUSTEEA  pTrustee,
POBJECTS_AND_SID  pObjSid,
GUID pObjectGuid,
GUID pInheritedObjectGuid,
PSID  pSid 
)

Definition at line 2245 of file security.c.

2250{
2251 DWORD ObjectsPresent = 0;
2252
2253 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2254
2255 /* Fill the OBJECTS_AND_SID structure */
2256 if (pObjectGuid != NULL)
2257 {
2258 pObjSid->ObjectTypeGuid = *pObjectGuid;
2259 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2260 }
2261 else
2262 {
2263 ZeroMemory(&pObjSid->ObjectTypeGuid,
2264 sizeof(GUID));
2265 }
2266
2267 if (pInheritedObjectGuid != NULL)
2268 {
2269 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2270 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2271 }
2272 else
2273 {
2274 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2275 sizeof(GUID));
2276 }
2277
2278 pObjSid->ObjectsPresent = ObjectsPresent;
2279 pObjSid->pSid = pSid;
2280
2281 /* Fill the TRUSTEE structure */
2282 pTrustee->pMultipleTrustee = NULL;
2283 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2284 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2285 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2286 pTrustee->ptstrName = (LPSTR) pObjSid;
2287}
TRUSTEE_IS_OBJECTS_AND_SID
@ TRUSTEE_IS_OBJECTS_AND_SID
Definition: accctrl.h:192
pObjSid
static POBJECTS_AND_SID pObjSid
Definition: security.c:83
pObjectGuid
static POBJECTS_AND_SID GUID * pObjectGuid
Definition: security.c:84
pInheritedObjectGuid
static POBJECTS_AND_SID GUID GUID * pInheritedObjectGuid
Definition: security.c:85
_OBJECTS_AND_SID::InheritedObjectTypeGuid
GUID InheritedObjectTypeGuid
Definition: accctrl.h:350
_OBJECTS_AND_SID::pSid
SID * pSid
Definition: accctrl.h:351
_OBJECTS_AND_SID::ObjectTypeGuid
GUID ObjectTypeGuid
Definition: accctrl.h:349
_OBJECTS_AND_SID::ObjectsPresent
DWORD ObjectsPresent
Definition: accctrl.h:348
ZeroMemory
#define ZeroMemory
Definition: winbase.h:1753

◆ BuildTrusteeWithObjectsAndSidW()

VOID WINAPI BuildTrusteeWithObjectsAndSidW ( PTRUSTEEW  pTrustee,
POBJECTS_AND_SID  pObjSid,
GUID pObjectGuid,
GUID pInheritedObjectGuid,
PSID  pSid 
)

Definition at line 2294 of file security.c.

2299{
2300 DWORD ObjectsPresent = 0;
2301
2302 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2303
2304 /* Fill the OBJECTS_AND_SID structure */
2305 if (pObjectGuid != NULL)
2306 {
2307 pObjSid->ObjectTypeGuid = *pObjectGuid;
2308 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2309 }
2310 else
2311 {
2312 ZeroMemory(&pObjSid->ObjectTypeGuid,
2313 sizeof(GUID));
2314 }
2315
2316 if (pInheritedObjectGuid != NULL)
2317 {
2318 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2319 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2320 }
2321 else
2322 {
2323 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2324 sizeof(GUID));
2325 }
2326
2327 pObjSid->ObjectsPresent = ObjectsPresent;
2328 pObjSid->pSid = pSid;
2329
2330 /* Fill the TRUSTEE structure */
2331 pTrustee->pMultipleTrustee = NULL;
2332 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2333 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2334 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2335 pTrustee->ptstrName = (LPWSTR) pObjSid;
2336}

◆ BuildTrusteeWithSidA()

VOID WINAPI BuildTrusteeWithSidA ( PTRUSTEE_A  pTrustee,
PSID  pSid 
)

Definition at line 2342 of file security.c.

2344{
2345 TRACE("%p %p\n", pTrustee, pSid);
2346
2347 pTrustee->pMultipleTrustee = NULL;
2348 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2349 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2350 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2351 pTrustee->ptstrName = (LPSTR) pSid;
2352}
TRUSTEE_IS_SID
@ TRUSTEE_IS_SID
Definition: accctrl.h:189

◆ BuildTrusteeWithSidW()

VOID WINAPI BuildTrusteeWithSidW ( PTRUSTEE_W  pTrustee,
PSID  pSid 
)

Definition at line 2359 of file security.c.

2361{
2362 TRACE("%p %p\n", pTrustee, pSid);
2363
2364 pTrustee->pMultipleTrustee = NULL;
2365 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2366 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2367 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2368 pTrustee->ptstrName = (LPWSTR) pSid;
2369}

◆ ComputeStringSidSize()

static DWORD ComputeStringSidSize ( LPCWSTR  StringSid)
static

Definition at line 3934 of file security.c.

3935{
3936 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
3937 {
3938 int ctok = 0;
3939 while (*StringSid)
3940 {
3941 if (*StringSid == '-')
3942 ctok++;
3943 StringSid++;
3944 }
3945
3946 if (ctok >= 3)
3947 return GetSidLengthRequired(ctok - 2);
3948 }
3949 else /* String constant format - Only available in winxp and above */
3950 {
3951 unsigned int i;
3952
3953 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3954 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3955 return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
3956
3957 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3958 if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3959 {
3960 MAX_SID local;
3961 ADVAPI_GetComputerSid(&local);
3962 return GetSidLengthRequired(*GetSidSubAuthorityCount(&local) + 1);
3963 }
3964
3965 }
3966
3967 return GetSidLengthRequired(0);
3968}
WellKnownRids
static const WELLKNOWNRID WellKnownRids[]
Definition: security.c:109
GetSidLengthRequired
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:852
GetSidSubAuthorityCount
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:908
WellKnownSids
static const WELLKNOWNSID WellKnownSids[]
Definition: security.c:45
ADVAPI_GetComputerSid
BOOL ADVAPI_GetComputerSid(PSID sid)
Definition: security.c:273
local
#define local
Definition: zutil.h:30
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1157
strncmpW
#define strncmpW(s1, s2, n)
Definition: unicode.h:42
_MAX_SID
Definition: security.c:30
_SID::SubAuthorityCount
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200

Referenced by ParseStringSidToSid().

◆ ConvertSecurityDescriptorToStringSecurityDescriptorA()

BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  SDRevision,
SECURITY_INFORMATION  Information,
LPSTR OutputString,
PULONG  OutputLen 
)

Definition at line 3499 of file security.c.

3500{
3501 LPWSTR wstr;
3502 ULONG len;
3503 if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
3504 {
3505 int lenA;
3506
3507 lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
3508 *OutputString = heap_alloc(lenA);
3509#ifdef __REACTOS__
3510 if (*OutputString == NULL)
3511 {
3512 LocalFree(wstr);
3513 *OutputLen = 0;
3514 return FALSE;
3515 }
3516#endif
3517 WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
3518 LocalFree(wstr);
3519
3520 if (OutputLen != NULL)
3521 *OutputLen = lenA;
3522 return TRUE;
3523 }
3524 else
3525 {
3526 *OutputString = NULL;
3527 if (OutputLen)
3528 *OutputLen = 0;
3529 return FALSE;
3530 }
3531}
ConvertSecurityDescriptorToStringSecurityDescriptorW
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
Definition: security.c:3435
CP_ACP
#define CP_ACP
Definition: compat.h:109
WideCharToMultiByte
#define WideCharToMultiByte
Definition: compat.h:111
len
GLenum GLsizei len
Definition: glext.h:6722
LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
ULONG
uint32_t ULONG
Definition: typedefs.h:59
Information
_In_ WDFREQUEST _In_ NTSTATUS _In_ ULONG_PTR Information
Definition: wdfrequest.h:1049
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191

◆ ConvertSecurityDescriptorToStringSecurityDescriptorW()

BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  SDRevision,
SECURITY_INFORMATION  RequestedInformation,
LPWSTR OutputString,
PULONG  OutputLen 
)

Definition at line 3435 of file security.c.

3436{
3437 ULONG len;
3438 WCHAR *wptr, *wstr;
3439
3440 if (SDRevision != SDDL_REVISION_1)
3441 {
3442 ERR("Program requested unknown SDDL revision %d\n", SDRevision);
3443 SetLastError(ERROR_UNKNOWN_REVISION);
3444 return FALSE;
3445 }
3446
3447 len = 0;
3448 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3449 if (!DumpOwner(SecurityDescriptor, NULL, &len))
3450 return FALSE;
3451 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3452 if (!DumpGroup(SecurityDescriptor, NULL, &len))
3453 return FALSE;
3454 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3455 if (!DumpDacl(SecurityDescriptor, NULL, &len))
3456 return FALSE;
3457 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3458 if (!DumpSacl(SecurityDescriptor, NULL, &len))
3459 return FALSE;
3460
3461 wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
3462#ifdef __REACTOS__
3463 if (wstr == NULL)
3464 return FALSE;
3465#endif
3466
3467 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3468 if (!DumpOwner(SecurityDescriptor, &wptr, NULL)) {
3469 LocalFree (wstr);
3470 return FALSE;
3471 }
3472 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3473 if (!DumpGroup(SecurityDescriptor, &wptr, NULL)) {
3474 LocalFree (wstr);
3475 return FALSE;
3476 }
3477 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3478 if (!DumpDacl(SecurityDescriptor, &wptr, NULL)) {
3479 LocalFree (wstr);
3480 return FALSE;
3481 }
3482 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3483 if (!DumpSacl(SecurityDescriptor, &wptr, NULL)) {
3484 LocalFree (wstr);
3485 return FALSE;
3486 }
3487 *wptr = 0;
3488
3489 TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
3490 *OutputString = wstr;
3491 if (OutputLen)
3492 *OutputLen = strlenW(*OutputString)+1;
3493 return TRUE;
3494}
ERR
#define ERR(fmt,...)
Definition: precomp.h:57
DumpSacl
static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3409
DumpGroup
static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3368
DumpOwner
static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3350
DumpDacl
static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3386
LocalAlloc
HLOCAL NTAPI LocalAlloc(UINT uFlags, SIZE_T dwBytes)
Definition: heapmem.c:1390
wine_dbgstr_w
#define wine_dbgstr_w
Definition: kernel32.h:34
strlenW
#define strlenW(s)
Definition: unicode.h:34
SDDL_REVISION_1
#define SDDL_REVISION_1
Definition: sddl.h:30
ERROR_UNKNOWN_REVISION
#define ERROR_UNKNOWN_REVISION
Definition: winerror.h:787
DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorA().

◆ ConvertSidToStringSidA()

BOOL WINAPI ConvertSidToStringSidA ( PSID  Sid,
LPSTR StringSid 
)

Definition at line 3637 of file security.c.

3639{
3640 LPWSTR StringSidW;
3641 int Len;
3642
3643 if (!ConvertSidToStringSidW(Sid, &StringSidW))
3644 {
3645 return FALSE;
3646 }
3647
3648 Len = WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, NULL, 0, NULL, NULL);
3649 if (Len <= 0)
3650 {
3651 LocalFree(StringSidW);
3652 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3653 return FALSE;
3654 }
3655
3656 *StringSid = LocalAlloc(LMEM_FIXED, Len);
3657 if (NULL == *StringSid)
3658 {
3659 LocalFree(StringSidW);
3660 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3661 return FALSE;
3662 }
3663
3664 if (!WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, *StringSid, Len, NULL, NULL))
3665 {
3666 LocalFree(StringSid);
3667 LocalFree(StringSidW);
3668 return FALSE;
3669 }
3670
3671 LocalFree(StringSidW);
3672
3673 return TRUE;
3674}
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
Len
#define Len
Definition: deflate.h:82
ConvertSidToStringSidW
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3583
LMEM_FIXED
#define LMEM_FIXED
Definition: winbase.h:401

Referenced by debugstr_sid(), get_user_sid(), map_name_2_sid(), test_CreateWellKnownSid(), test_LookupAccountSid(), test_lsa(), test_sid(), test_sid_str(), test_token_attr(), and test_token_label().

◆ ConvertSidToStringSidW()

BOOL WINAPI ConvertSidToStringSidW ( PSID  Sid,
LPWSTR StringSid 
)

Definition at line 3583 of file security.c.

3585{
3586 NTSTATUS Status;
3587 UNICODE_STRING UnicodeString;
3588 WCHAR FixedBuffer[64];
3589
3590 if (!RtlValidSid(Sid))
3591 {
3592 SetLastError(ERROR_INVALID_SID);
3593 return FALSE;
3594 }
3595
3596 UnicodeString.Length = 0;
3597 UnicodeString.MaximumLength = sizeof(FixedBuffer);
3598 UnicodeString.Buffer = FixedBuffer;
3599 Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, FALSE);
3600 if (STATUS_BUFFER_TOO_SMALL == Status)
3601 {
3602 Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, TRUE);
3603 }
3604
3605 if (!NT_SUCCESS(Status))
3606 {
3607 SetLastError(RtlNtStatusToDosError(Status));
3608 return FALSE;
3609 }
3610
3611 *StringSid = LocalAlloc(LMEM_FIXED, UnicodeString.Length + sizeof(WCHAR));
3612 if (NULL == *StringSid)
3613 {
3614 if (UnicodeString.Buffer != FixedBuffer)
3615 {
3616 RtlFreeUnicodeString(&UnicodeString);
3617 }
3618 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3619 return FALSE;
3620 }
3621
3622 MoveMemory(*StringSid, UnicodeString.Buffer, UnicodeString.Length);
3623 ZeroMemory((PCHAR) *StringSid + UnicodeString.Length, sizeof(WCHAR));
3624 if (UnicodeString.Buffer != FixedBuffer)
3625 {
3626 RtlFreeUnicodeString(&UnicodeString);
3627 }
3628
3629 return TRUE;
3630}
RtlValidSid
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
RtlConvertSidToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_UNICODE_STRING
Definition: env_spec_w32.h:368
PCHAR
char * PCHAR
Definition: typedefs.h:51
MoveMemory
#define MoveMemory
Definition: winbase.h:1750
ERROR_INVALID_SID
#define ERROR_INVALID_SID
Definition: winerror.h:819

Referenced by _GetUserSidStringFromToken(), AddUserProfiles(), ConvertSidToStringSidA(), CreateUserProfileExW(), get_user_sid(), GetEventUserName(), GetPrincipalDisplayString(), RecycleBin5::Init(), LsapGetDomainInfo(), LsapLookupAccountDomainSids(), LsapLookupBuiltinDomainSids(), LsapLookupWellKnownSids(), MsiSourceListAddSourceW(), SampAddMemberToAlias(), SampRemoveMemberFromAlias(), SampRemoveMemberFromAllAliases(), SampSetupAddMemberToAlias(), set_user_sid_prop(), START_TEST(), UpdatePrincipalInfo(), WhoamiGroups(), WhoamiLogonId(), and WhoamiUser().

◆ ConvertStringSecurityDescriptorToSecurityDescriptorA()

BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA ( LPCSTR  StringSecurityDescriptor,
DWORD  StringSDRevision,
PSECURITY_DESCRIPTOR SecurityDescriptor,
PULONG  SecurityDescriptorSize 
)

Definition at line 3032 of file security.c.

3036{
3037 UINT len;
3038 BOOL ret = FALSE;
3039 LPWSTR StringSecurityDescriptorW;
3040
3041 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
3042 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
3043
3044 if (StringSecurityDescriptorW)
3045 {
3046 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
3047
3048 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
3049 StringSDRevision, SecurityDescriptor,
3050 SecurityDescriptorSize);
3051 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
3052 }
3053
3054 return ret;
3055}
ConvertStringSecurityDescriptorToSecurityDescriptorW
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:3062
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:736
HeapAlloc
#define HeapAlloc
Definition: compat.h:733
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:735
MultiByteToWideChar
#define MultiByteToWideChar
Definition: compat.h:110
UINT
unsigned int UINT
Definition: ndis.h:50
ret
int ret
Definition: wcstombs-tests.c:31

Referenced by test_profile_directory_readonly().

◆ ConvertStringSecurityDescriptorToSecurityDescriptorW()

BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW ( LPCWSTR  StringSecurityDescriptor,
DWORD  StringSDRevision,
PSECURITY_DESCRIPTOR SecurityDescriptor,
PULONG  SecurityDescriptorSize 
)

Definition at line 3062 of file security.c.

3066{
3067 DWORD cBytes;
3068 SECURITY_DESCRIPTOR* psd;
3069 BOOL bret = FALSE;
3070
3071 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
3072
3073 if (GetVersion() & 0x80000000)
3074 {
3075 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3076 goto lend;
3077 }
3078 else if (!StringSecurityDescriptor || !SecurityDescriptor)
3079 {
3080 SetLastError(ERROR_INVALID_PARAMETER);
3081 goto lend;
3082 }
3083 else if (StringSDRevision != SID_REVISION)
3084 {
3085 SetLastError(ERROR_UNKNOWN_REVISION);
3086 goto lend;
3087 }
3088
3089 /* Compute security descriptor length */
3090 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3091 NULL, &cBytes))
3092 goto lend;
3093
3094 psd = *SecurityDescriptor = LocalAlloc(GMEM_ZEROINIT, cBytes);
3095 if (!psd) goto lend;
3096
3097 psd->Revision = SID_REVISION;
3098 psd->Control |= SE_SELF_RELATIVE;
3099
3100 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3101 (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
3102 {
3103 LocalFree(psd);
3104 goto lend;
3105 }
3106
3107 if (SecurityDescriptorSize)
3108 *SecurityDescriptorSize = cBytes;
3109
3110 bret = TRUE;
3111
3112lend:
3113 TRACE(" ret=%d\n", bret);
3114 return bret;
3115}
ParseStringSecurityDescriptorToSecurityDescriptor
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
Definition: security.c:2884
ERROR_CALL_NOT_IMPLEMENTED
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
GetVersion
DWORD WINAPI GetVersion(void)
Definition: version.c:1458
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:848
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
_SECURITY_DESCRIPTOR::Revision
UCHAR Revision
Definition: ms-dtyp.idl:302
_SECURITY_DESCRIPTOR::Control
USHORT Control
Definition: ms-dtyp.idl:304
GMEM_ZEROINIT
#define GMEM_ZEROINIT
Definition: winbase.h:339
SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:846

Referenced by CM_Set_Class_Registry_PropertyW(), ConvertStringSecurityDescriptorToSecurityDescriptorA(), InstallOneService(), registry_callback(), and SetupQueueCopyIndirectW().

◆ ConvertStringSidToSidA()

BOOL WINAPI ConvertStringSidToSidA ( LPCSTR  StringSid,
PSID Sid 
)

Definition at line 3560 of file security.c.

3561{
3562 BOOL bret = FALSE;
3563
3564 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
3565 if (GetVersion() & 0x80000000)
3566 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3567 else if (!StringSid || !Sid)
3568 SetLastError(ERROR_INVALID_PARAMETER);
3569 else
3570 {
3571 WCHAR *wStringSid = SERV_dup(StringSid);
3572 bret = ConvertStringSidToSidW(wStringSid, Sid);
3573 heap_free(wStringSid);
3574 }
3575 return bret;
3576}
ConvertStringSidToSidW
BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID *Sid)
Definition: security.c:3536
SERV_dup
static LPWSTR SERV_dup(LPCSTR str)
Definition: security.c:233

Referenced by test_LsaLookupSids().

◆ ConvertStringSidToSidW()

BOOL WINAPI ConvertStringSidToSidW ( LPCWSTR  StringSid,
PSID Sid 
)

Definition at line 3536 of file security.c.

3537{
3538 BOOL bret = FALSE;
3539 DWORD cBytes;
3540
3541 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
3542 if (GetVersion() & 0x80000000)
3543 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3544 else if (!StringSid || !Sid)
3545 SetLastError(ERROR_INVALID_PARAMETER);
3546 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
3547 {
3548 PSID pSid = *Sid = LocalAlloc(0, cBytes);
3549
3550 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
3551 if (!bret)
3552 LocalFree(*Sid);
3553 }
3554 return bret;
3555}
ParseStringSidToSid
static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
Definition: security.c:3973
_SID
Definition: ms-dtyp.idl:198

Referenced by ConvertStringSidToSidA(), and fill_sid().

◆ CopySid()

BOOL WINAPI CopySid ( DWORD  nDestinationSidLength,
PSID  pDestinationSid,
PSID  pSourceSid 
)

Definition at line 712 of file security.c.

713{
714 return set_ntstatus(RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid));
715}
RtlCopySid
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)

Referenced by AccpLookupSidByName(), AccRewriteGetExplicitEntriesFromAcl(), AddPrincipalToList(), AuthzGetInformationFromContext(), AuthzInitializeContextFromSid(), BuildDefaultPrincipalAce(), CachedGetUserFromSid(), CacheLookupResults(), GetUserSid(), LookupAccountNameW(), QueueSidLookup(), ReloadPrincipalsList(), and test_LookupAccountSid().

◆ CreateProcessWithLogonW()

BOOL WINAPI CreateProcessWithLogonW ( _In_ LPCWSTR  lpUsername,
_In_opt_ LPCWSTR  lpDomain,
_In_ LPCWSTR  lpPassword,
_In_ DWORD  dwLogonFlags,
_In_opt_ LPCWSTR  lpApplicationName,
_Inout_opt_ LPWSTR  lpCommandLine,
_In_ DWORD  dwCreationFlags,
_In_opt_ LPVOID  lpEnvironment,
_In_opt_ LPCWSTR  lpCurrentDirectory,
_In_ LPSTARTUPINFOW  lpStartupInfo,
_Out_ LPPROCESS_INFORMATION  lpProcessInformation 
)

Definition at line 3728 of file security.c.

3740{
3741 LPWSTR pszStringBinding = NULL;
3742 handle_t hBinding = NULL;
3743 SECL_REQUEST Request;
3744 SECL_RESPONSE Response;
3745 RPC_STATUS Status;
3746
3747 TRACE("CreateProcessWithLogonW(%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p)\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
3748 debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
3749 debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
3750 lpStartupInfo, lpProcessInformation);
3751
3752 Status = RpcStringBindingComposeW(NULL,
3753 L"ncacn_np",
3754 NULL,
3755 L"\\pipe\\seclogon",
3756 NULL,
3757 &pszStringBinding);
3758 if (Status != RPC_S_OK)
3759 {
3760 WARN("RpcStringBindingCompose returned 0x%x\n", Status);
3761 SetLastError(Status);
3762 return FALSE;
3763 }
3764
3765 /* Set the binding handle that will be used to bind to the server. */
3766 Status = RpcBindingFromStringBindingW(pszStringBinding,
3767 &hBinding);
3768 if (Status != RPC_S_OK)
3769 {
3770 WARN("RpcBindingFromStringBinding returned 0x%x\n", Status);
3771 }
3772
3773 Status = RpcStringFreeW(&pszStringBinding);
3774 if (Status != RPC_S_OK)
3775 {
3776 WARN("RpcStringFree returned 0x%x\n", Status);
3777 }
3778
3779 Request.Username = (LPWSTR)lpUsername;
3780 Request.Domain = (LPWSTR)lpDomain;
3781 Request.Password = (LPWSTR)lpPassword;
3782 Request.ApplicationName = (LPWSTR)lpApplicationName;
3783 Request.CommandLine = (LPWSTR)lpCommandLine;
3784 Request.CurrentDirectory = (LPWSTR)lpCurrentDirectory;
3785
3786 if (dwCreationFlags & CREATE_UNICODE_ENVIRONMENT)
3787 Request.dwEnvironmentSize = GetUnicodeEnvironmentSize(lpEnvironment);
3788 else
3789 Request.dwEnvironmentSize = GetAnsiEnvironmentSize(lpEnvironment);
3790 Request.Environment = lpEnvironment;
3791
3792 TRACE("Request.dwEnvironmentSize %lu\n", Request.dwEnvironmentSize);
3793 TRACE("Request.Environment %p\n", Request.Environment);
3794
3795 Request.dwLogonFlags = dwLogonFlags;
3796 Request.dwCreationFlags = dwCreationFlags;
3797
3798 Request.dwProcessId = GetCurrentProcessId();
3799 TRACE("Request.dwProcessId %lu\n", Request.dwProcessId);
3800
3801 Response.hProcess = 0;
3802 Response.hThread = 0;
3803 Response.dwProcessId = 0;
3804 Response.dwThreadId = 0;
3805 Response.dwError = ERROR_SUCCESS;
3806
3807 RpcTryExcept
3808 {
3809 SeclCreateProcessWithLogonW(hBinding, &Request, &Response);
3810 }
3811 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
3812 {
3813 WARN("Exception: %lx\n", RpcExceptionCode());
3814 }
3815 RpcEndExcept;
3816
3817 if (hBinding)
3818 {
3819 Status = RpcBindingFree(&hBinding);
3820 if (Status != RPC_S_OK)
3821 {
3822 WARN("RpcBindingFree returned 0x%x\n", Status);
3823 }
3824
3825 hBinding = NULL;
3826 }
3827
3828 TRACE("Response.hProcess %p\n", Response.hProcess);
3829 TRACE("Response.hThread %p\n", Response.hThread);
3830 TRACE("Response.dwProcessId %lu\n", Response.dwProcessId);
3831 TRACE("Response.dwThreadId %lu\n", Response.dwThreadId);
3832 TRACE("Response.dwError %lu\n", Response.dwError);
3833 if (Response.dwError != ERROR_SUCCESS)
3834 SetLastError(Response.dwError);
3835
3836 TRACE("CreateProcessWithLogonW() done\n");
3837
3838 return (Response.dwError == ERROR_SUCCESS);
3839}
SeclCreateProcessWithLogonW
VOID __stdcall SeclCreateProcessWithLogonW(_In_ handle_t hBinding, _In_ SECL_REQUEST *pRequest, _Out_ SECL_RESPONSE *pResponse)
Definition: rpcserver.c:57
WARN
#define WARN(fmt,...)
Definition: precomp.h:61
hBinding
handle_t hBinding
Definition: ctx_c.c:54
GetAnsiEnvironmentSize
static DWORD GetAnsiEnvironmentSize(PVOID pEnvironment)
Definition: security.c:3702
GetUnicodeEnvironmentSize
static DWORD GetUnicodeEnvironmentSize(PVOID pEnvironment)
Definition: security.c:3679
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
L
#define L(x)
Definition: ntvdm.h:50
RpcBindingFromStringBindingW
RPC_STATUS WINAPI RpcBindingFromStringBindingW(RPC_WSTR StringBinding, RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:880
RpcStringBindingComposeW
RPC_STATUS WINAPI RpcStringBindingComposeW(RPC_WSTR ObjUuid, RPC_WSTR Protseq, RPC_WSTR NetworkAddr, RPC_WSTR Endpoint, RPC_WSTR Options, RPC_WSTR *StringBinding)
Definition: rpc_binding.c:510
RpcBindingFree
RPC_STATUS WINAPI RpcBindingFree(RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:787
RPC_S_OK
#define RPC_S_OK
Definition: rpcnterr.h:22
RpcStringFreeW
RPC_STATUS WINAPI RpcStringFreeW(RPC_WSTR *String)
Definition: rpcrt4_main.c:175
RpcEndExcept
#define RpcEndExcept
Definition: rpc.h:123
RpcTryExcept
#define RpcTryExcept
Definition: rpc.h:121
RpcExcept
#define RpcExcept(expr)
Definition: rpc.h:122
RPC_STATUS
long RPC_STATUS
Definition: rpc.h:48
RpcExceptionCode
#define RpcExceptionCode()
Definition: rpc.h:127
Response
Definition: ncftp.h:89
_SECL_REQUEST
Definition: seclogon.idl:8
_SECL_RESPONSE
Definition: seclogon.idl:23
Request
_In_ WDFREQUEST Request
Definition: wdfdevice.h:547
CREATE_UNICODE_ENVIRONMENT
#define CREATE_UNICODE_ENVIRONMENT
Definition: winbase.h:196
GetCurrentProcessId
DWORD WINAPI GetCurrentProcessId(void)
Definition: proc.c:1158

Referenced by wmain().

◆ CreateProcessWithTokenW()

BOOL WINAPI CreateProcessWithTokenW ( HANDLE  token,
DWORD  logon_flags,
LPCWSTR  application_name,
LPWSTR  command_line,
DWORD  creation_flags,
void environment,
LPCWSTR  current_directory,
STARTUPINFOW startup_info,
PROCESS_INFORMATION process_information 
)

Definition at line 3841 of file security.c.

3844{
3845 FIXME("%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n", token,
3846 logon_flags, debugstr_w(application_name), debugstr_w(command_line),
3847 creation_flags, environment, debugstr_w(current_directory),
3848 startup_info, process_information);
3849
3850 /* FIXME: check if handles should be inherited */
3851 return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
3852 current_directory, startup_info, process_information );
3853}
FIXME
#define FIXME(fmt,...)
Definition: precomp.h:53
CreateProcessW
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
Definition: proc.c:4598
token
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210

◆ CreateRestrictedToken()

BOOL WINAPI CreateRestrictedToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ DWORD  Flags,
_In_ DWORD  DisableSidCount,
_In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES  SidsToDisable,
_In_ DWORD  DeletePrivilegeCount,
_In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES  PrivilegesToDelete,
_In_ DWORD  RestrictedSidCount,
_In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES  SidsToRestrict,
_Outptr_ PHANDLE  NewTokenHandle 
)

Creates a filtered token that is a restricted one of the regular access token. A restricted token can have disabled SIDs, deleted privileges and/or restricted SIDs added.

Parameters
[in]ExistingTokenHandleAn existing handle to a token where it's to be filtered.
[in]FlagsPrivilege flag options. This parameter argument influences how the token is filtered. Such parameter can be 0.
[in]DisableSidCountThe count number of SIDs to disable.
[in]SidsToDisableAn array list with SIDs that have to be disabled in a token.
[in]DeletePrivilegeCountThe count number of privileges to be deleted.
[in]PrivilegesToDeleteAn array list with privileges that have to be deleted in a token.
[in]RestrictedSidCountThe count number of restricted SIDs.
[in]SidsToRestrictAn array list with restricted SIDs to be added into the token. If the token already has restricted SIDs then the array provided by the caller is redundant information alongside with the existing restricted SIDs in the token.
[out]NewTokenHandleThe newly received handle to a restricted (filtered) token. The caller can use such handle to duplicate a new token.
Returns
Returns TRUE if the function has successfully completed the operations, otherwise FALSE is returned to indicate failure. For further details the caller has to invoke GetLastError() API call for extended information about the failure.

Definition at line 533 of file security.c.

543{
544 NTSTATUS Status;
545 BOOL Success;
546 ULONG Index;
547 PTOKEN_GROUPS DisableSids = NULL;
548 PTOKEN_GROUPS RestrictedSids = NULL;
549 PTOKEN_PRIVILEGES DeletePrivileges = NULL;
550
551 /*
552 * Capture the elements we're being given from
553 * the caller and allocate the groups and/or
554 * privileges that have to be filtered in
555 * the token.
556 */
557 if (SidsToDisable != NULL)
558 {
559 DisableSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, DisableSidCount * sizeof(TOKEN_GROUPS));
560 if (DisableSids == NULL)
561 {
562 /* We failed, bail out */
563 SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
564 return FALSE;
565 }
566
567 /* Copy the counter and loop the elements to copy the rest */
568 DisableSids->GroupCount = DisableSidCount;
569 for (Index = 0; Index < DisableSidCount; Index++)
570 {
571 DisableSids->Groups[Index].Sid = SidsToDisable[Index].Sid;
572 DisableSids->Groups[Index].Attributes = SidsToDisable[Index].Attributes;
573 }
574 }
575
576 if (PrivilegesToDelete != NULL)
577 {
578 DeletePrivileges = (PTOKEN_PRIVILEGES)LocalAlloc(LMEM_FIXED, DeletePrivilegeCount * sizeof(TOKEN_PRIVILEGES));
579 if (DeletePrivileges == NULL)
580 {
581 /* We failed, bail out */
582 SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
583 Success = FALSE;
584 goto Cleanup;
585 }
586
587 /* Copy the counter and loop the elements to copy the rest */
588 DeletePrivileges->PrivilegeCount = DeletePrivilegeCount;
589 for (Index = 0; Index < DeletePrivilegeCount; Index++)
590 {
591 DeletePrivileges->Privileges[Index].Luid = PrivilegesToDelete[Index].Luid;
592 DeletePrivileges->Privileges[Index].Attributes = PrivilegesToDelete[Index].Attributes;
593 }
594 }
595
596 if (SidsToRestrict != NULL)
597 {
598 RestrictedSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, RestrictedSidCount * sizeof(TOKEN_GROUPS));
599 if (RestrictedSids == NULL)
600 {
601 /* We failed, bail out */
602 SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
603 Success = FALSE;
604 goto Cleanup;
605 }
606
607 /* Copy the counter and loop the elements to copy the rest */
608 RestrictedSids->GroupCount = RestrictedSidCount;
609 for (Index = 0; Index < RestrictedSidCount; Index++)
610 {
611 RestrictedSids->Groups[Index].Sid = SidsToRestrict[Index].Sid;
612 RestrictedSids->Groups[Index].Attributes = SidsToRestrict[Index].Attributes;
613 }
614 }
615
616 /*
617 * Call the NT API to request a token filtering
618 * operation for us.
619 */
620 Status = NtFilterToken(ExistingTokenHandle,
621 Flags,
622 DisableSids,
623 DeletePrivileges,
624 RestrictedSids,
625 NewTokenHandle);
626 if (!NT_SUCCESS(Status))
627 {
628 /* We failed to do the job, bail out */
629 SetLastError(RtlNtStatusToDosError(Status));
630 Success = FALSE;
631 goto Cleanup;
632 }
633
634 /* If we reach here then we've successfully filtered the token */
635 Success = TRUE;
636
637Cleanup:
638 /* Free whatever we allocated before */
639 if (DisableSids != NULL)
640 {
641 LocalFree(DisableSids);
642 }
643
644 if (DeletePrivileges != NULL)
645 {
646 LocalFree(DeletePrivileges);
647 }
648
649 if (RestrictedSids != NULL)
650 {
651 LocalFree(RestrictedSids);
652 }
653
654 return Success;
655}
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
Success
@ Success
Definition: eventcreate.c:712
NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:412
_LUID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:75
_LUID_AND_ATTRIBUTES::Luid
LUID Luid
Definition: setypes.h:74
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:506
_SID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:508
_TOKEN_GROUPS
Definition: setypes.h:1025
_TOKEN_GROUPS::Groups
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1030
_TOKEN_GROUPS::GroupCount
$ULONG GroupCount
Definition: setypes.h:1026
_TOKEN_PRIVILEGES
Definition: setypes.h:1034
_TOKEN_PRIVILEGES::PrivilegeCount
$ULONG PrivilegeCount
Definition: setypes.h:1035
_TOKEN_PRIVILEGES::Privileges
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:1036
NtFilterToken
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
Definition: tokenlif.c:2075
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
Index
_In_ WDFCOLLECTION _In_ ULONG Index
Definition: wdfcollection.h:182
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
PTOKEN_GROUPS
struct _TOKEN_GROUPS * PTOKEN_GROUPS
PTOKEN_PRIVILEGES
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES

Referenced by test_token_security_descriptor().

◆ CreateWellKnownSid()

BOOL WINAPI CreateWellKnownSid ( IN WELL_KNOWN_SID_TYPE  WellKnownSidType,
IN PSID DomainSid  OPTIONAL,
OUT PSID  pSid,
IN OUT DWORD cbSid 
)

Definition at line 722 of file security.c.

726{
727 unsigned int i;
728 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
729
730 if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
731 {
732 SetLastError(ERROR_INVALID_PARAMETER);
733 return FALSE;
734 }
735
736 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
737 if (WellKnownSids[i].Type == WellKnownSidType) {
738 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
739
740 if (*cbSid < length)
741 {
742 *cbSid = length;
743 SetLastError(ERROR_INSUFFICIENT_BUFFER);
744 return FALSE;
745 }
746 if (!pSid)
747 {
748 SetLastError(ERROR_INVALID_PARAMETER);
749 return FALSE;
750 }
751 CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
752 *cbSid = length;
753 return TRUE;
754 }
755 }
756
757 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
758 {
759 SetLastError(ERROR_INVALID_PARAMETER);
760 return FALSE;
761 }
762
763 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
764 if (WellKnownRids[i].Type == WellKnownSidType) {
765 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
766 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
767 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
768
769 if (*cbSid < output_sid_length)
770 {
771 *cbSid = output_sid_length;
772 SetLastError(ERROR_INSUFFICIENT_BUFFER);
773 return FALSE;
774 }
775 if (!pSid)
776 {
777 SetLastError(ERROR_INVALID_PARAMETER);
778 return FALSE;
779 }
780 CopyMemory(pSid, DomainSid, domain_sid_length);
781 (*GetSidSubAuthorityCount(pSid))++;
782 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
783 *cbSid = output_sid_length;
784 return TRUE;
785 }
786
787 SetLastError(ERROR_INVALID_PARAMETER);
788 return FALSE;
789}
Type
Type
Definition: Type.h:7
ERROR_INSUFFICIENT_BUFFER
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
GetSidSubAuthority
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:896
IsValidSid
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:819
debugstr_sid
static const char * debugstr_sid(PSID sid)
Definition: security.c:174
length
GLuint GLsizei GLsizei * length
Definition: glext.h:6040
_SID::Revision
BYTE Revision
Definition: ms-dtyp.idl:199
cbSid
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD cbSid
Definition: winbase.h:2784
CopyMemory
#define CopyMemory
Definition: winbase.h:1751
SID_MAX_SUB_AUTHORITIES
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:482
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181

Referenced by create_unknownsid(), EqualDomainSid(), get_sd(), test_SystemSecurity(), and well_known_sid().

◆ debugstr_sid()

static const char * debugstr_sid ( PSID  sid)
static

Definition at line 174 of file security.c.

175{
176 int auth = 0;
177 SID * psid = (SID *)sid;
178
179 if (psid == NULL)
180 return "(null)";
181
182 auth = psid->IdentifierAuthority.Value[5] +
183 (psid->IdentifierAuthority.Value[4] << 8) +
184 (psid->IdentifierAuthority.Value[3] << 16) +
185 (psid->IdentifierAuthority.Value[2] << 24);
186
187 switch (psid->SubAuthorityCount) {
188 case 0:
189 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
190 case 1:
191 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
192 psid->SubAuthority[0]);
193 case 2:
194 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
195 psid->SubAuthority[0], psid->SubAuthority[1]);
196 case 3:
197 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
198 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
199 case 4:
200 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
201 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
202 psid->SubAuthority[3]);
203 case 5:
204 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
205 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
206 psid->SubAuthority[3], psid->SubAuthority[4]);
207 case 6:
208 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
209 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
210 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
211 case 7:
212 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
213 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
214 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
215 psid->SubAuthority[6]);
216 case 8:
217 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
218 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
219 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
220 psid->SubAuthority[6], psid->SubAuthority[7]);
221 }
222 return "(too-big)";
223}
wine_dbg_sprintf
const char * wine_dbg_sprintf(const char *format,...)
Definition: compat.c:296
_SID_IDENTIFIER_AUTHORITY::Value
BYTE Value[6]
Definition: ms-dtyp.idl:195
_SID::SubAuthority
DWORD SubAuthority[*]
Definition: ms-dtyp.idl:202
_SID::IdentifierAuthority
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: ms-dtyp.idl:201

Referenced by check_wellknown_name(), CheckTokenMembership(), CreateWellKnownSid(), IsWellKnownSid(), test_EqualSid(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), test_group_equal(), test_inherited_dacl(), test_owner_equal(), and test_TokenIntegrityLevel().

◆ DeleteAce()

BOOL WINAPI DeleteAce ( PACL  pAcl,
DWORD  dwAceIndex 
)

Definition at line 1166 of file security.c.

1167{
1168 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1169}
RtlDeleteAce
NTSYSAPI NTSTATUS NTAPI RtlDeleteAce(PACL Acl, ULONG AceIndex)

◆ DumpAce()

static BOOL DumpAce ( LPVOID  pace,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3260 of file security.c.

3261{
3262 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
3263 static const WCHAR openbr = '(';
3264 static const WCHAR closebr = ')';
3265 static const WCHAR semicolon = ';';
3266
3267 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
3268 {
3269 SetLastError(ERROR_INVALID_ACL);
3270 return FALSE;
3271 }
3272
3273 piace = pace;
3274 DumpString(&openbr, 1, pwptr, plen);
3275 switch (piace->Header.AceType)
3276 {
3277 case ACCESS_ALLOWED_ACE_TYPE:
3278 DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
3279 break;
3280 case ACCESS_DENIED_ACE_TYPE:
3281 DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
3282 break;
3283 case SYSTEM_AUDIT_ACE_TYPE:
3284 DumpString(SDDL_AUDIT, -1, pwptr, plen);
3285 break;
3286 case SYSTEM_ALARM_ACE_TYPE:
3287 DumpString(SDDL_ALARM, -1, pwptr, plen);
3288 break;
3289 }
3290 DumpString(&semicolon, 1, pwptr, plen);
3291
3292 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
3293 DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
3294 if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
3295 DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
3296 if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE)
3297 DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
3298 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
3299 DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
3300 if (piace->Header.AceFlags & INHERITED_ACE)
3301 DumpString(SDDL_INHERITED, -1, pwptr, plen);
3302 if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
3303 DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
3304 if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
3305 DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
3306 DumpString(&semicolon, 1, pwptr, plen);
3307 DumpRights(piace->Mask, pwptr, plen);
3308 DumpString(&semicolon, 1, pwptr, plen);
3309 /* objects not supported */
3310 DumpString(&semicolon, 1, pwptr, plen);
3311 /* objects not supported */
3312 DumpString(&semicolon, 1, pwptr, plen);
3313 if (!DumpSid((PSID)&piace->SidStart, pwptr, plen))
3314 return FALSE;
3315 DumpString(&closebr, 1, pwptr, plen);
3316 return TRUE;
3317}
SDDL_AUDIT_FAILURE
static const WCHAR SDDL_AUDIT_FAILURE[]
Definition: security.c:172
SDDL_CONTAINER_INHERIT
static const WCHAR SDDL_CONTAINER_INHERIT[]
Definition: security.c:166
SDDL_AUDIT
static const WCHAR SDDL_AUDIT[]
Definition: security.c:142
SDDL_OBJECT_INHERIT
static const WCHAR SDDL_OBJECT_INHERIT[]
Definition: security.c:167
DumpString
static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3117
DumpSid
static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3171
SDDL_ACCESS_ALLOWED
static const WCHAR SDDL_ACCESS_ALLOWED[]
Definition: security.c:136
SDDL_INHERIT_ONLY
static const WCHAR SDDL_INHERIT_ONLY[]
Definition: security.c:169
SDDL_INHERITED
static const WCHAR SDDL_INHERITED[]
Definition: security.c:170
SDDL_ACCESS_DENIED
static const WCHAR SDDL_ACCESS_DENIED[]
Definition: security.c:137
SDDL_ALARM
static const WCHAR SDDL_ALARM[]
Definition: security.c:143
SDDL_NO_PROPAGATE
static const WCHAR SDDL_NO_PROPAGATE[]
Definition: security.c:168
DumpRights
static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3221
AceType
static const ACEFLAG AceType[]
Definition: security.c:2583
SDDL_AUDIT_SUCCESS
static const WCHAR SDDL_AUDIT_SUCCESS[]
Definition: security.c:171
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
_ACCESS_ALLOWED_ACE::Header
ACE_HEADER Header
Definition: ms-dtyp.idl:216
_ACCESS_ALLOWED_ACE::SidStart
DWORD SidStart
Definition: ms-dtyp.idl:218
_ACCESS_ALLOWED_ACE::Mask
ACCESS_MASK Mask
Definition: ms-dtyp.idl:217
_ACE_HEADER
Definition: ms-dtyp.idl:209
_ACE_HEADER::AceFlags
UCHAR AceFlags
Definition: ms-dtyp.idl:211
_ACE_HEADER::AceType
UCHAR AceType
Definition: ms-dtyp.idl:210
INHERITED_ACE
#define INHERITED_ACE
Definition: ph.h:47
ERROR_INVALID_ACL
#define ERROR_INVALID_ACL
Definition: winerror.h:818
CONTAINER_INHERIT_ACE
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:747
INHERIT_ONLY_ACE
#define INHERIT_ONLY_ACE
Definition: setypes.h:749
SYSTEM_AUDIT_ACE_TYPE
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:719
ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
SYSTEM_ALARM_ACE_TYPE
#define SYSTEM_ALARM_ACE_TYPE
Definition: setypes.h:720
OBJECT_INHERIT_ACE
#define OBJECT_INHERIT_ACE
Definition: setypes.h:746
NO_PROPAGATE_INHERIT_ACE
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:748
ACCESS_DENIED_ACE_TYPE
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
FAILED_ACCESS_ACE_FLAG
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:754
SUCCESSFUL_ACCESS_ACE_FLAG
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:753

Referenced by DumpAcl().

◆ DumpAcl()

static BOOL DumpAcl ( PACL  pacl,
WCHAR **  pwptr,
ULONG plen,
BOOL  protected,
BOOL  autoInheritReq,
BOOL  autoInherited 
)
static

Definition at line 3319 of file security.c.

3320{
3321 WORD count;
3322 int i;
3323
3324 if (protected)
3325 DumpString(SDDL_PROTECTED, -1, pwptr, plen);
3326 if (autoInheritReq)
3327 DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
3328 if (autoInherited)
3329 DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
3330
3331 if (pacl == NULL)
3332 return TRUE;
3333
3334 if (!IsValidAcl(pacl))
3335 return FALSE;
3336
3337 count = pacl->AceCount;
3338 for (i = 0; i < count; i++)
3339 {
3340 LPVOID ace;
3341 if (!GetAce(pacl, i, &ace))
3342 return FALSE;
3343 if (!DumpAce(ace, pwptr, plen))
3344 return FALSE;
3345 }
3346
3347 return TRUE;
3348}
DumpAce
static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3260
GetAce
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
Definition: security.c:1186
IsValidAcl
BOOL WINAPI IsValidAcl(PACL pAcl)
Definition: security.c:1209
WORD
unsigned short WORD
Definition: ntddk_ex.h:93
count
GLuint GLuint GLsizei count
Definition: gl.h:1545
SDDL_AUTO_INHERITED
#define SDDL_AUTO_INHERITED
Definition: sddl.h:46
SDDL_AUTO_INHERIT_REQ
#define SDDL_AUTO_INHERIT_REQ
Definition: sddl.h:45
SDDL_PROTECTED
#define SDDL_PROTECTED
Definition: sddl.h:44
_ACL::AceCount
USHORT AceCount
Definition: ms-dtyp.idl:297

Referenced by DumpDacl(), and DumpSacl().

◆ DumpDacl()

static BOOL DumpDacl ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3386 of file security.c.

3387{
3388 static const WCHAR dacl[] = {'D',':',0};
3389 SECURITY_DESCRIPTOR_CONTROL control;
3390 BOOL present, defaulted;
3391 DWORD revision;
3392 PACL pacl;
3393
3394 if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
3395 return FALSE;
3396
3397 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3398 return FALSE;
3399
3400 if (!present)
3401 return TRUE;
3402
3403 DumpString(dacl, 2, pwptr, plen);
3404 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
3405 return FALSE;
3406 return TRUE;
3407}
DumpAcl
static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
Definition: security.c:3319
SECURITY_DESCRIPTOR_CONTROL
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
GetSecurityDescriptorControl
BOOL WINAPI GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
Definition: sec.c:21
GetSecurityDescriptorDacl
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
_ACL
Definition: ms-dtyp.idl:293
control
Definition: dialog.c:52
dacl
Definition: security.c:35
SE_DACL_PROTECTED
#define SE_DACL_PROTECTED
Definition: setypes.h:843
SE_DACL_AUTO_INHERITED
#define SE_DACL_AUTO_INHERITED
Definition: setypes.h:841
SE_DACL_AUTO_INHERIT_REQ
#define SE_DACL_AUTO_INHERIT_REQ
Definition: setypes.h:839

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpGroup()

static BOOL DumpGroup ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3368 of file security.c.

3369{
3370 static const WCHAR prefix[] = {'G',':',0};
3371 BOOL bDefaulted;
3372 PSID psid;
3373
3374 if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
3375 return FALSE;
3376
3377 if (psid == NULL)
3378 return TRUE;
3379
3380 DumpString(prefix, -1, pwptr, plen);
3381 if (!DumpSid(psid, pwptr, plen))
3382 return FALSE;
3383 return TRUE;
3384}
GetSecurityDescriptorGroup
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76
prefix
Character const *const prefix
Definition: tempnam.cpp:195

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpOwner()

static BOOL DumpOwner ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3350 of file security.c.

3351{
3352 static const WCHAR prefix[] = {'O',':',0};
3353 BOOL bDefaulted;
3354 PSID psid;
3355
3356 if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
3357 return FALSE;
3358
3359 if (psid == NULL)
3360 return TRUE;
3361
3362 DumpString(prefix, -1, pwptr, plen);
3363 if (!DumpSid(psid, pwptr, plen))
3364 return FALSE;
3365 return TRUE;
3366}
GetSecurityDescriptorOwner
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpRights()

static void DumpRights ( DWORD  mask,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3221 of file security.c.

3222{
3223 static const WCHAR fmtW[] = {'0','x','%','x',0};
3224 WCHAR buf[15];
3225 size_t i;
3226
3227 if (mask == 0)
3228 return;
3229
3230 /* first check if the right have name */
3231 for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
3232 {
3233 if (AceRights[i].wstr == NULL)
3234 break;
3235 if (mask == AceRights[i].value)
3236 {
3237 DumpString(AceRights[i].wstr, -1, pwptr, plen);
3238 return;
3239 }
3240 }
3241
3242 /* then check if it can be built from bit names */
3243 for (i = 0; i < 32; i++)
3244 {
3245 if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
3246 {
3247 /* can't be built from bit names */
3248 sprintfW(buf, fmtW, mask);
3249 DumpString(buf, -1, pwptr, plen);
3250 return;
3251 }
3252 }
3253
3254 /* build from bit names */
3255 for (i = 0; i < 32; i++)
3256 if (mask & (1 << i))
3257 DumpString(AceRightBitNames[i], -1, pwptr, plen);
3258}
AceRights
static const ACEFLAG AceRights[]
Definition: security.c:2669
AceRightBitNames
static const LPCWSTR AceRightBitNames[32]
Definition: security.c:3186
mask
GLenum GLint GLuint mask
Definition: glext.h:6028
sprintfW
#define sprintfW
Definition: unicode.h:64
value
Definition: pdh_main.c:96

Referenced by DumpAce().

◆ DumpSacl()

static BOOL DumpSacl ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3409 of file security.c.

3410{
3411 static const WCHAR sacl[] = {'S',':',0};
3412 SECURITY_DESCRIPTOR_CONTROL control;
3413 BOOL present, defaulted;
3414 DWORD revision;
3415 PACL pacl;
3416
3417 if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
3418 return FALSE;
3419
3420 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3421 return FALSE;
3422
3423 if (!present)
3424 return TRUE;
3425
3426 DumpString(sacl, 2, pwptr, plen);
3427 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
3428 return FALSE;
3429 return TRUE;
3430}
GetSecurityDescriptorSacl
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
SE_SACL_PROTECTED
#define SE_SACL_PROTECTED
Definition: setypes.h:844
SE_SACL_AUTO_INHERITED
#define SE_SACL_AUTO_INHERITED
Definition: setypes.h:842
SE_SACL_AUTO_INHERIT_REQ
#define SE_SACL_AUTO_INHERIT_REQ
Definition: setypes.h:840

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpSid()

static BOOL DumpSid ( PSID  psid,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3171 of file security.c.

3172{
3173 size_t i;
3174 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
3175 {
3176 if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
3177 {
3178 DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
3179 return TRUE;
3180 }
3181 }
3182
3183 return DumpSidNumeric(psid, pwptr, plen);
3184}
DumpSidNumeric
static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3132
EqualSid
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:829

Referenced by DumpAce(), DumpGroup(), and DumpOwner().

◆ DumpSidNumeric()

static BOOL DumpSidNumeric ( PSID  psid,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3132 of file security.c.

3133{
3134 DWORD i;
3135 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
3136 WCHAR subauthfmt[] = { '-','%','u',0 };
3137 WCHAR buf[26];
3138 SID *pisid = psid;
3139
3140 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
3141 {
3142 SetLastError(ERROR_INVALID_SID);
3143 return FALSE;
3144 }
3145
3146 if (pisid->IdentifierAuthority.Value[0] ||
3147 pisid->IdentifierAuthority.Value[1])
3148 {
3149 FIXME("not matching MS' bugs\n");
3150 SetLastError(ERROR_INVALID_SID);
3151 return FALSE;
3152 }
3153
3154 sprintfW( buf, fmt, pisid->Revision,
3155 MAKELONG(
3156 MAKEWORD( pisid->IdentifierAuthority.Value[5],
3157 pisid->IdentifierAuthority.Value[4] ),
3158 MAKEWORD( pisid->IdentifierAuthority.Value[3],
3159 pisid->IdentifierAuthority.Value[2] )
3160 ) );
3161 DumpString(buf, -1, pwptr, plen);
3162
3163 for( i=0; i<pisid->SubAuthorityCount; i++ )
3164 {
3165 sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
3166 DumpString(buf, -1, pwptr, plen);
3167 }
3168 return TRUE;
3169}
SDDL_REVISION
#define SDDL_REVISION
Definition: sddl.h:31
fmt
Definition: dsound.c:943
MAKEWORD
#define MAKEWORD(a, b)
Definition: typedefs.h:248
MAKELONG
#define MAKELONG(a, b)
Definition: typedefs.h:249

Referenced by DumpSid().

◆ DumpString()

static void DumpString ( LPCWSTR  string,
int  cch,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3117 of file security.c.

3118{
3119 if (cch == -1)
3120 cch = strlenW(string);
3121
3122 if (plen)
3123 *plen += cch;
3124
3125 if (pwptr)
3126 {
3127 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
3128 *pwptr += cch;
3129 }
3130}
cch
static DWORD DWORD void LPSTR DWORD cch
Definition: str.c:202

Referenced by DumpAce(), DumpAcl(), DumpDacl(), DumpGroup(), DumpOwner(), DumpRights(), DumpSacl(), DumpSid(), and DumpSidNumeric().

◆ DuplicateToken()

BOOL WINAPI DuplicateToken ( IN HANDLE  ExistingTokenHandle,
IN SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel,
OUT PHANDLE  DuplicateTokenHandle 
)

Definition at line 3919 of file security.c.

3922{
3923 return DuplicateTokenEx(ExistingTokenHandle,
3924 TOKEN_IMPERSONATE | TOKEN_QUERY,
3925 NULL,
3926 ImpersonationLevel,
3927 TokenImpersonation,
3928 DuplicateTokenHandle);
3929}
DuplicateTokenEx
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3859
TokenImpersonation
@ TokenImpersonation
Definition: imports.h:274
ImpersonationLevel
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:940
TOKEN_IMPERSONATE
#define TOKEN_IMPERSONATE
Definition: setypes.h:939

Referenced by GetDuplicateToken(), ImpersonateLoggedOnUser(), test_AccessCheck(), test_CheckTokenMembership(), test_impersonation_level(), test_kernel_objects_security(), and test_token_attr().

◆ DuplicateTokenEx()

BOOL WINAPI DuplicateTokenEx ( IN HANDLE  ExistingTokenHandle,
IN DWORD  dwDesiredAccess,
IN LPSECURITY_ATTRIBUTES lpTokenAttributes  OPTIONAL,
IN SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel,
IN TOKEN_TYPE  TokenType,
OUT PHANDLE  DuplicateTokenHandle 
)

Definition at line 3859 of file security.c.

3865{
3866 OBJECT_ATTRIBUTES ObjectAttributes;
3867 NTSTATUS Status;
3868 SECURITY_QUALITY_OF_SERVICE Sqos;
3869
3870 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3871 ImpersonationLevel, TokenType, DuplicateTokenHandle);
3872
3873 Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
3874 Sqos.ImpersonationLevel = ImpersonationLevel;
3875 Sqos.ContextTrackingMode = 0;
3876 Sqos.EffectiveOnly = FALSE;
3877
3878 if (lpTokenAttributes != NULL)
3879 {
3880 InitializeObjectAttributes(&ObjectAttributes,
3881 NULL,
3882 lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0,
3883 NULL,
3884 lpTokenAttributes->lpSecurityDescriptor);
3885 }
3886 else
3887 {
3888 InitializeObjectAttributes(&ObjectAttributes,
3889 NULL,
3890 0,
3891 NULL,
3892 NULL);
3893 }
3894
3895 ObjectAttributes.SecurityQualityOfService = &Sqos;
3896
3897 Status = NtDuplicateToken(ExistingTokenHandle,
3898 dwDesiredAccess,
3899 &ObjectAttributes,
3900 FALSE,
3901 TokenType,
3902 DuplicateTokenHandle);
3903 if (!NT_SUCCESS(Status))
3904 {
3905 ERR("NtDuplicateToken failed: Status %08x\n", Status);
3906 SetLastError(RtlNtStatusToDosError(Status));
3907 return FALSE;
3908 }
3909
3910 TRACE("Returning token %p.\n", *DuplicateTokenHandle);
3911
3912 return TRUE;
3913}
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
OBJ_INHERIT
#define OBJ_INHERIT
Definition: winternl.h:225
SECURITY_QUALITY_OF_SERVICE
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
_SECURITY_QUALITY_OF_SERVICE::ContextTrackingMode
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
_SECURITY_QUALITY_OF_SERVICE::EffectiveOnly
BOOLEAN EffectiveOnly
Definition: lsa.idl:67
_SECURITY_QUALITY_OF_SERVICE::Length
DWORD Length
Definition: lsa.idl:64
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
NtDuplicateToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869

Referenced by CheckTokenMembership(), DuplicateToken(), LaunchProcess(), START_TEST(), test_CreateRestrictedToken(), test_token_security_descriptor(), and WlxStartApplication().

◆ EqualDomainSid()

BOOL WINAPI EqualDomainSid ( IN PSID  pSid1,
IN PSID  pSid2,
OUT BOOL pfEqual 
)

Definition at line 4184 of file security.c.

4187{
4188 UNIMPLEMENTED;
4189 return FALSE;
4190}
UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: ntoskrnl.c:15

◆ EqualPrefixSid()

BOOL WINAPI EqualPrefixSid ( PSID  pSid1,
PSID  pSid2 
)

Definition at line 841 of file security.c.

843{
844 return RtlEqualPrefixSid (pSid1, pSid2);
845}
RtlEqualPrefixSid
NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid(PSID Sid1, PSID Sid2)

Referenced by test_process_security().

◆ EqualSid()

BOOL WINAPI EqualSid ( PSID  pSid1,
PSID  pSid2 
)

Definition at line 829 of file security.c.

831{
832 SetLastError(ERROR_SUCCESS);
833 return RtlEqualSid (pSid1, pSid2);
834}
RtlEqualSid
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)

Referenced by _test_group(), CachedGetUserFromSid(), check_wellknown_name(), CheckForGuestsAndAdmins(), CheckTokenMembership(), DequeueSidLookup(), DumpSid(), EqualDomainSid(), FindSidInCache(), FindSidInPrincipalsListAddAce(), GetEventUserName(), is_token_admin(), IsNTAdmin(), IsWellKnownSid(), LsapSetTokenOwner(), map_nfs4ace_who(), PrintSid(), QueueSidLookup(), RunningAsSYSTEM(), test_AddMandatoryAce(), test_child_token_sd(), test_child_token_sd_medium(), test_child_token_sd_restricted(), test_CreateRestrictedToken(), test_default_dacl_owner_sid(), test_EqualSid(), test_GetExplicitEntriesFromAclW(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), test_group_equal(), test_inherited_dacl(), test_owner_equal(), test_SystemSecurity(), test_token_label(), test_token_security_descriptor(), test_TokenIntegrityLevel(), and UpdatePrincipalInfo().

◆ FindFirstFreeAce()

BOOL WINAPI FindFirstFreeAce ( PACL  pAcl,
LPVOID pAce 
)

Definition at line 1176 of file security.c.

1178{
1179 return RtlFirstFreeAce(pAcl,
1180 (PACE*)pAce);
1181}
RtlFirstFreeAce
NTSYSAPI BOOLEAN NTAPI RtlFirstFreeAce(PACL Acl, PACE *Ace)
_ACE
Definition: rtltypes.h:987

◆ FreeSid()

PVOID WINAPI FreeSid ( PSID  pSid)

Definition at line 698 of file security.c.

699{
700 return RtlFreeSid(pSid);
701}
RtlFreeSid
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), check_wellknown_name(), CheckForGuestsAndAdmins(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), GetShellSecurityDescriptor(), Imm32IsInteractiveUserLogon(), is_token_admin(), IsCallerInteractive(), IsInteractiveUserLogon(), IsNTAdmin(), IsUserAdmin(), PerfDataUninitialize(), pSetupIsUserAdmin(), SHTestTokenMembership(), START_TEST(), test_AccessCheck(), test_AddMandatoryAce(), test_CreateWellKnownSid(), test_EqualSid(), test_GetExplicitEntriesFromAclW(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_LookupAccountSid(), test_LsaLookupSids(), test_process_security(), test_reg_create_key(), test_reg_open_key(), test_SetEntriesInAclA(), test_SetEntriesInAclW(), test_sid(), and test_trustee().

◆ GetAce()

BOOL WINAPI GetAce ( PACL  pAcl,
DWORD  dwAceIndex,
LPVOID pAce 
)

Definition at line 1186 of file security.c.

1187{
1188 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1189}
RtlGetAce
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)

Referenced by AccRewriteGetExplicitEntriesFromAcl(), AccRewriteSetEntriesInAcl(), DumpAcl(), CSecurityDescriptor::GetDACLEntry(), CSecurityDescriptor::GetSACLEntry(), map_dacl_2_nfs4acl(), PrintFileDacl(), ReloadPrincipalsList(), and test_GetShellSecurityDescriptor().

◆ GetAclInformation()

BOOL WINAPI GetAclInformation ( PACL  pAcl,
LPVOID  pAclInformation,
DWORD  nAclInformationLength,
ACL_INFORMATION_CLASS  dwAclInformationClass 
)

Definition at line 1194 of file security.c.

1199{
1200 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1201 nAclInformationLength, dwAclInformationClass));
1202}
RtlQueryInformationAcl
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationAcl(PACL, LPVOID, DWORD, ACL_INFORMATION_CLASS)

Referenced by AccRewriteSetEntriesInAcl(), CSecurityDescriptor::GetDACLEntriesCount(), CSecurityDescriptor::GetSACLEntriesCount(), and test_GetShellSecurityDescriptor().

◆ GetAnsiEnvironmentSize()

static DWORD GetAnsiEnvironmentSize ( PVOID  pEnvironment)
static

Definition at line 3702 of file security.c.

3704{
3705 INT Length, TotalLength = 0;
3706 PCHAR Ptr;
3707
3708 if (pEnvironment == NULL)
3709 return 0;
3710
3711 Ptr = (PCHAR)pEnvironment;
3712 while (*Ptr != ANSI_NULL)
3713 {
3714 Length = strlen(Ptr) + 1;
3715 TotalLength += Length;
3716 Ptr = Ptr + Length;
3717 }
3718
3719 return TotalLength + 1;
3720}
strlen
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
Ptr
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
PCHAR
#define PCHAR
Definition: match.c:90
ANSI_NULL
#define ANSI_NULL
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
INT
int32_t INT
Definition: typedefs.h:58
TotalLength
_In_ ULONG TotalLength
Definition: usbdlib.h:158

Referenced by CreateProcessWithLogonW().

◆ GetFileSecurityA()

BOOL WINAPI GetFileSecurityA ( LPCSTR  lpFileName,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 1373 of file security.c.

1378{
1379 UNICODE_STRING FileName;
1380 BOOL bResult;
1381
1382 if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
1383 {
1384 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1385 return FALSE;
1386 }
1387
1388 bResult = GetFileSecurityW(FileName.Buffer,
1389 RequestedInformation,
1390 pSecurityDescriptor,
1391 nLength,
1392 lpnLengthNeeded);
1393
1394 RtlFreeUnicodeString(&FileName);
1395
1396 return bResult;
1397}
GetFileSecurityW
BOOL WINAPI GetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:1404
FileName
struct _FileName FileName
Definition: fatprocs.h:897
RtlCreateUnicodeStringFromAsciiz
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
_FileName
Definition: filecomp.c:348
lpFileName
_In_ LPCSTR lpFileName
Definition: winbase.h:3112
nLength
WINBASEAPI _In_ DWORD nLength
Definition: wincon.h:682

Referenced by test_FileSecurity().

◆ GetFileSecurityW()

BOOL WINAPI GetFileSecurityW ( LPCWSTR  lpFileName,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 1404 of file security.c.

1409{
1410 OBJECT_ATTRIBUTES ObjectAttributes;
1411 IO_STATUS_BLOCK StatusBlock;
1412 UNICODE_STRING FileName;
1413 ULONG AccessMask = 0;
1414 HANDLE FileHandle;
1415 NTSTATUS Status;
1416
1417 TRACE("GetFileSecurityW() called\n");
1418
1419 QuerySecurityAccessMask(RequestedInformation, &AccessMask);
1420
1421 if (!RtlDosPathNameToNtPathName_U(lpFileName,
1422 &FileName,
1423 NULL,
1424 NULL))
1425 {
1426 ERR("Invalid path\n");
1427 SetLastError(ERROR_INVALID_NAME);
1428 return FALSE;
1429 }
1430
1431 InitializeObjectAttributes(&ObjectAttributes,
1432 &FileName,
1433 OBJ_CASE_INSENSITIVE,
1434 NULL,
1435 NULL);
1436
1437 Status = NtOpenFile(&FileHandle,
1438 AccessMask,
1439 &ObjectAttributes,
1440 &StatusBlock,
1441 FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
1442 0);
1443
1444 RtlFreeHeap(RtlGetProcessHeap(),
1445 0,
1446 FileName.Buffer);
1447
1448 if (!NT_SUCCESS(Status))
1449 {
1450 ERR("NtOpenFile() failed (Status %lx)\n", Status);
1451 SetLastError(RtlNtStatusToDosError(Status));
1452 return FALSE;
1453 }
1454
1455 Status = NtQuerySecurityObject(FileHandle,
1456 RequestedInformation,
1457 pSecurityDescriptor,
1458 nLength,
1459 lpnLengthNeeded);
1460 NtClose(FileHandle);
1461 if (!NT_SUCCESS(Status))
1462 {
1463 ERR("NtQuerySecurityObject() failed (Status %lx)\n", Status);
1464 SetLastError(RtlNtStatusToDosError(Status));
1465 return FALSE;
1466 }
1467
1468 return TRUE;
1469}
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:634
FILE_SHARE_READ
#define FILE_SHARE_READ
Definition: compat.h:136
ERROR_INVALID_NAME
#define ERROR_INVALID_NAME
Definition: compat.h:103
FileHandle
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
RtlDosPathNameToNtPathName_U
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
NtOpenFile
NTSYSAPI NTSTATUS NTAPI NtOpenFile(OUT PHANDLE phFile, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG ShareMode, IN ULONG OpenMode)
Definition: file.c:3953
FILE_SHARE_WRITE
#define FILE_SHARE_WRITE
Definition: nt_native.h:681
FILE_SHARE_DELETE
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
NtQuerySecurityObject
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803
QuerySecurityAccessMask
VOID WINAPI QuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
Definition: sec.c:377
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870

Referenced by GetFileSecurityA(), and RetreiveFileSecurity().

◆ GetKernelObjectSecurity()

BOOL WINAPI GetKernelObjectSecurity ( HANDLE  Handle,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 987 of file security.c.

993{
994 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
995 pSecurityDescriptor, nLength, lpnLengthNeeded);
996
997 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
998 nLength, lpnLengthNeeded ));
999}
Handle
ULONG Handle
Definition: gdb_input.c:15

Referenced by test_AddMandatoryAce(), test_child_token_sd(), test_child_token_sd_medium(), test_child_token_sd_restricted(), test_default_dacl_owner_sid(), test_get_security_descriptor(), test_token_label(), and test_token_security_descriptor().

◆ GetLengthSid()

DWORD WINAPI GetLengthSid ( PSID  pSid)

Definition at line 919 of file security.c.

920{
921 return (DWORD)RtlLengthSid(pSid);
922}
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150

Referenced by AccpCalcNeededAceSize(), AccpLookupCurrentUser(), AccpLookupSidByName(), AccRewriteGetExplicitEntriesFromAcl(), AddPrincipalToList(), AllowAccessOnSession(), AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), AuthzGetInformationFromContext(), AuthzInitializeContextFromSid(), AuthzpQueryToken(), BuildDefaultPrincipalAce(), CachedGetUserFromSid(), CacheLookupResults(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateScreenSaverSecurity(), CreateUserProfileExW(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), fill_sid(), GetShellSecurityDescriptor(), GetUserSid(), LsarpCreateAccount(), QueueSidLookup(), ReloadPrincipalsList(), and test_LookupAccountName().

◆ GetNamedSecurityInfoA()

DWORD WINAPI GetNamedSecurityInfoA ( LPSTR  pObjectName,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
PSID ppsidOwner,
PSID ppsidGroup,
PACL ppDacl,
PACL ppSacl,
PSECURITY_DESCRIPTOR ppSecurityDescriptor 
)

Definition at line 4102 of file security.c.

4110{
4111 DWORD len;
4112 LPWSTR wstr = NULL;
4113 DWORD r;
4114
4115 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
4116 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
4117
4118 if( pObjectName )
4119 {
4120 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
4121 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
4122 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
4123 }
4124
4125 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
4126 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
4127
4128 HeapFree( GetProcessHeap(), 0, wstr );
4129
4130 return r;
4131}
GetNamedSecurityInfoW
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1147
r
GLdouble GLdouble GLdouble r
Definition: gl.h:2055

◆ GetSecurityInfoExA()

DWORD WINAPI GetSecurityInfoExA ( HANDLE  hObject,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
LPCSTR  lpProvider,
LPCSTR  lpProperty,
PACTRL_ACCESSA ppAccessList,
PACTRL_AUDITA ppAuditList,
LPSTR lppOwner,
LPSTR lppGroup 
)

Definition at line 2092 of file security.c.

2101{
2102 FIXME("%s() not implemented!\n", __FUNCTION__);
2103 return ERROR_BAD_PROVIDER;
2104}
__FUNCTION__
#define __FUNCTION__
Definition: types.h:116
ERROR_BAD_PROVIDER
#define ERROR_BAD_PROVIDER
Definition: winerror.h:707

◆ GetSecurityInfoExW()

DWORD WINAPI GetSecurityInfoExW ( HANDLE  hObject,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
LPCWSTR  lpProvider,
LPCWSTR  lpProperty,
PACTRL_ACCESSW ppAccessList,
PACTRL_AUDITW ppAuditList,
LPWSTR lppOwner,
LPWSTR lppGroup 
)

Definition at line 2112 of file security.c.

2121{
2122 FIXME("%s() not implemented!\n", __FUNCTION__);
2123 return ERROR_BAD_PROVIDER;
2124}

◆ GetSidIdentifierAuthority()

PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority ( PSID  pSid)

Definition at line 885 of file security.c.

886{
887 SetLastError(ERROR_SUCCESS);
888 return RtlIdentifierAuthoritySid(pSid);
889}
RtlIdentifierAuthoritySid
NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid)

Referenced by EqualDomainSid(), GetTextSid(), GetTextualSid(), and test_GetSidIdentifierAuthority().

◆ GetSidLengthRequired()

DWORD WINAPI GetSidLengthRequired ( UCHAR  nSubAuthorityCount)

Definition at line 852 of file security.c.

853{
854 return (DWORD)RtlLengthRequiredSid(nSubAuthorityCount);
855}
RtlLengthRequiredSid
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

Referenced by ComputeStringSidSize(), CreateWellKnownSid(), GetWindowsAccountDomainSid(), LookupAccountNameW(), ParseStringSidToSid(), test_CreateWellKnownSid(), test_GetWindowsAccountDomainSid(), and test_LookupAccountSid().

◆ GetSidSubAuthority()

PDWORD WINAPI GetSidSubAuthority ( PSID  pSid,
DWORD  nSubAuthority 
)

Definition at line 896 of file security.c.

898{
899 SetLastError(ERROR_SUCCESS);
900 return (PDWORD)RtlSubAuthoritySid(pSid, nSubAuthority);
901}
RtlSubAuthoritySid
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
PDWORD
DWORD * PDWORD
Definition: pedump.c:68

Referenced by CreateWellKnownSid(), EqualDomainSid(), GetTextSid(), GetTextualSid(), GetWindowsAccountDomainSid(), LookupAccountNameW(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), and test_sid().

◆ GetSidSubAuthorityCount()

PUCHAR WINAPI GetSidSubAuthorityCount ( PSID  pSid)

Definition at line 908 of file security.c.

909{
910 SetLastError(ERROR_SUCCESS);
911 return RtlSubAuthorityCountSid(pSid);
912}
RtlSubAuthorityCountSid
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104

Referenced by ComputeStringSidSize(), CreateWellKnownSid(), EqualDomainSid(), GetTextSid(), GetTextualSid(), GetWindowsAccountDomainSid(), LookupAccountNameW(), test_CreateWellKnownSid(), and test_LookupAccountSid().

◆ GetTokenInformation()

BOOL WINAPI GetTokenInformation ( HANDLE  TokenHandle,
TOKEN_INFORMATION_CLASS  TokenInformationClass,
LPVOID  TokenInformation,
DWORD  TokenInformationLength,
PDWORD  ReturnLength 
)

Definition at line 411 of file security.c.

416{
417 NTSTATUS Status;
418
419 Status = NtQueryInformationToken(TokenHandle,
420 TokenInformationClass,
421 TokenInformation,
422 TokenInformationLength,
423 (PULONG)ReturnLength);
424 if (!NT_SUCCESS(Status))
425 {
426 SetLastError(RtlNtStatusToDosError(Status));
427 return FALSE;
428 }
429
430 return TRUE;
431}
TokenInformationClass
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:317
TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:319
NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473

Referenced by _GetUserSidStringFromToken(), AccpLookupCurrentUser(), AddUserProfiles(), AllowAccessOnSession(), are_all_privileges_disabled(), AuthzpQueryToken(), CheckForGuestsAndAdmins(), CheckTokenMembership(), CreateProfile(), DoesUserHavePrivilege(), DwInitializeSdFromThreadToken(), get_admin_token(), get_current_group(), get_current_owner(), get_privilege_count(), get_user_sid(), GetFromToken(), GetShellSecurityDescriptor(), GetUserAndDomainName(), GetUserNameW(), GetUserSid(), GetUserSIDString(), GetUserToken(), ImpersonateLoggedOnUser(), ImpersonatePrinterClient(), RecycleBin5::Init(), is_process_elevated(), is_process_limited(), is_token_admin(), IsNTAdmin(), LoadUserProfileW(), named_pipe_client_func(), PerfDataRefresh(), RegOpenCurrentUser(), RunningAsSYSTEM(), SHCreateSessionKey(), SHGetUserSessionId(), SHTestTokenPrivilegeW(), START_TEST(), TakeOwnershipOfFile(), test_CheckTokenMembership(), test_child_token_sd_medium(), test_child_token_sd_restricted(), test_CreateDirectoryA(), test_CreateRestrictedToken(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetTokenInformation(), test_GetWindowsAccountDomainSid(), test_ImpersonateNamedPipeClient(), test_impersonation_level(), test_LookupAccountSid(), test_lsa(), test_LsaLookupSids(), test_process_security(), test_pseudo_tokens(), test_token_attr(), test_token_security_descriptor(), test_TokenIntegrityLevel(), TestGetUserObjectInfoW(), validate_impersonation_token(), and WhoamiGetTokenInfo().

◆ GetTrusteeFormA()

TRUSTEE_FORM WINAPI GetTrusteeFormA ( PTRUSTEEA  pTrustee)

Definition at line 2406 of file security.c.

2407{
2408 TRACE("(%p)\n", pTrustee);
2409
2410 if (!pTrustee)
2411 return TRUSTEE_BAD_FORM;
2412
2413 return pTrustee->TrusteeForm;
2414}
TRUSTEE_BAD_FORM
@ TRUSTEE_BAD_FORM
Definition: accctrl.h:191

Referenced by InternalExplicitAccessAToW(), and InternalTrusteeAToW().

◆ GetTrusteeFormW()

TRUSTEE_FORM WINAPI GetTrusteeFormW ( PTRUSTEEW  pTrustee)

Definition at line 2419 of file security.c.

2420{
2421 TRACE("(%p)\n", pTrustee);
2422
2423 if (!pTrustee)
2424 return TRUSTEE_BAD_FORM;
2425
2426 return pTrustee->TrusteeForm;
2427}

◆ GetTrusteeNameA()

LPSTR WINAPI GetTrusteeNameA ( PTRUSTEE_A  pTrustee)

Definition at line 2433 of file security.c.

2434{
2435 return pTrustee->ptstrName;
2436}

Referenced by InternalExplicitAccessAToW(), and InternalTrusteeAToW().

◆ GetTrusteeNameW()

LPWSTR WINAPI GetTrusteeNameW ( PTRUSTEE_W  pTrustee)

Definition at line 2443 of file security.c.

2444{
2445 return pTrustee->ptstrName;
2446}

◆ GetTrusteeTypeA()

TRUSTEE_TYPE WINAPI GetTrusteeTypeA ( PTRUSTEE_A  pTrustee)

Definition at line 2452 of file security.c.

2453{
2454 return pTrustee->TrusteeType;
2455}

◆ GetTrusteeTypeW()

TRUSTEE_TYPE WINAPI GetTrusteeTypeW ( PTRUSTEE_W  pTrustee)

Definition at line 2461 of file security.c.

2462{
2463 return pTrustee->TrusteeType;
2464}

◆ GetUnicodeEnvironmentSize()

static DWORD GetUnicodeEnvironmentSize ( PVOID  pEnvironment)
static

Definition at line 3679 of file security.c.

3681{
3682 INT Length, TotalLength = 0;
3683 PWCHAR Ptr;
3684
3685 if (pEnvironment == NULL)
3686 return 0;
3687
3688 Ptr = (PWCHAR)pEnvironment;
3689 while (*Ptr != UNICODE_NULL)
3690 {
3691 Length = wcslen(Ptr) + 1;
3692 TotalLength += Length;
3693 Ptr = Ptr + Length;
3694 }
3695
3696 return (TotalLength + 1) * sizeof(WCHAR);
3697}
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
UNICODE_NULL
#define UNICODE_NULL
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56

Referenced by CreateProcessWithLogonW().

◆ GetWindowsAccountDomainSid()

BOOL WINAPI GetWindowsAccountDomainSid ( PSID  sid,
PSID  domain_sid,
DWORD size 
)

Definition at line 4136 of file security.c.

4137{
4138 SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
4139 DWORD required_size;
4140 int i;
4141
4142 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
4143
4144 if (!sid || !IsValidSid( sid ))
4145 {
4146 SetLastError( ERROR_INVALID_SID );
4147 return FALSE;
4148 }
4149
4150 if (!size)
4151 {
4152 SetLastError( ERROR_INVALID_PARAMETER );
4153 return FALSE;
4154 }
4155
4156 if (*GetSidSubAuthorityCount( sid ) < 4)
4157 {
4158 SetLastError( ERROR_INVALID_SID );
4159 return FALSE;
4160 }
4161
4162 required_size = GetSidLengthRequired( 4 );
4163 if (*size < required_size || !domain_sid)
4164 {
4165 *size = required_size;
4166 SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER :
4167 ERROR_INVALID_PARAMETER );
4168 return FALSE;
4169 }
4170
4171 InitializeSid( domain_sid, &domain_ident, 4 );
4172 for (i = 0; i < 4; i++)
4173 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
4174
4175 *size = required_size;
4176 return TRUE;
4177}
InitializeSid
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:862
size
GLsizeiptr size
Definition: glext.h:5919

Referenced by EqualDomainSid().

◆ ImpersonateNamedPipeClient()

BOOL WINAPI ImpersonateNamedPipeClient ( HANDLE  hNamedPipe)

Definition at line 1024 of file security.c.

1025{
1026 IO_STATUS_BLOCK io_block;
1027
1028 TRACE("(%p)\n", hNamedPipe);
1029
1030 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
1031 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
1032}
NtFsControlFile
NTSYSAPI NTSTATUS NTAPI NtFsControlFile(IN HANDLE hFile, IN HANDLE hEvent OPTIONAL, IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL, IN PVOID IoApcContext OPTIONAL, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG DeviceIoControlCode, IN PVOID InBuffer OPTIONAL, IN ULONG InBufferLength, OUT PVOID OutBuffer OPTIONAL, IN ULONG OutBufferLength)
FSCTL_PIPE_IMPERSONATE
#define FSCTL_PIPE_IMPERSONATE
Definition: winioctl.h:734

Referenced by rpcrt4_conn_np_impersonate_client(), and test_ImpersonateNamedPipeClient().

◆ ImpersonateSelf()

BOOL WINAPI ImpersonateSelf ( SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel)

Definition at line 1631 of file security.c.

1632{
1633 NTSTATUS Status;
1634
1635 Status = RtlImpersonateSelf(ImpersonationLevel);
1636 if (!NT_SUCCESS(Status))
1637 {
1638 SetLastError(RtlNtStatusToDosError(Status));
1639 return FALSE;
1640 }
1641
1642 return TRUE;
1643}
RtlImpersonateSelf
NTSYSAPI NTSTATUS NTAPI RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: priv.c:45

Referenced by RegOpenCurrentUser(), test_FileSecurity(), and test_impersonation_level().

◆ InitializeAcl()

BOOL WINAPI InitializeAcl ( PACL  pAcl,
DWORD  nAclLength,
DWORD  dwAclRevision 
)

Definition at line 1006 of file security.c.

1009{
1010 NTSTATUS Status;
1011
1012 Status = RtlCreateAcl(pAcl,
1013 nAclLength,
1014 dwAclRevision);
1015 if (!NT_SUCCESS(Status))
1016 {
1017 SetLastError(RtlNtStatusToDosError(Status));
1018 return FALSE;
1019 }
1020
1021 return TRUE;
1022}
RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)

Referenced by AccRewriteSetEntriesInAcl(), AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), convert_nfs4acl_2_dacl(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), get_sd(), GetShellSecurityDescriptor(), test_AccessCheck(), test_acls(), test_AddAce(), test_AddMandatoryAce(), test_ConvertSecurityDescriptorToString(), test_CreateDirectoryA(), test_event(), test_GetExplicitEntriesFromAclW(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_maximum_allowed(), test_process_security(), test_SetEntriesInAclA(), test_SetEntriesInAclW(), and test_token_security_descriptor().

◆ InitializeSecurityDescriptor()

BOOL WINAPI InitializeSecurityDescriptor ( PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  dwRevision 
)

Definition at line 929 of file security.c.

931{
932 NTSTATUS Status;
933
934 Status = RtlCreateSecurityDescriptor(pSecurityDescriptor,
935 dwRevision);
936 if (!NT_SUCCESS(Status))
937 {
938 SetLastError(RtlNtStatusToDosError(Status));
939 return FALSE;
940 }
941
942 return TRUE;
943}
RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), CreateAllAccessSecurityAttributes(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreateLogoffSecurityAttributes(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateProfileMutex(), CreatePublicEvent(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), DwInitializeSdFromThreadToken(), get_sd(), GetPrivateObjectSecurity(), GetShellSecurityDescriptor(), handle_getacl(), InitializeAudioDeviceListLock(), pSetSecurityInfoCheck(), START_TEST(), TakeOwnershipOfFile(), test_AccessCheck(), test_AddMandatoryAce(), test_BuildSecurityDescriptorW(), test_ConvertSecurityDescriptorToString(), test_CopyBindInfo(), test_CreateDirectoryA(), test_default_dacl_owner_sid(), test_event(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_maximum_allowed(), test_process_security(), test_reg_create_key(), test_reg_open_key(), test_security_descriptor(), test_security_info(), and test_token_security_descriptor().

◆ InitializeSid()

BOOL WINAPI InitializeSid ( PSID  Sid,
PSID_IDENTIFIER_AUTHORITY  pIdentifierAuthority,
BYTE  nSubAuthorityCount 
)

Definition at line 862 of file security.c.

865{
866 NTSTATUS Status;
867
868 Status = RtlInitializeSid(Sid,
869 pIdentifierAuthority,
870 nSubAuthorityCount);
871 if (!NT_SUCCESS(Status))
872 {
873 SetLastError(RtlNtStatusToDosError(Status));
874 return FALSE;
875 }
876
877 return TRUE;
878}
RtlInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)

Referenced by GetWindowsAccountDomainSid(), and test_GetWindowsAccountDomainSid().

◆ IsValidAcl()

BOOL WINAPI IsValidAcl ( PACL  pAcl)

Definition at line 1209 of file security.c.

1210{
1211 return RtlValidAcl (pAcl);
1212}
RtlValidAcl
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)

Referenced by DumpAcl(), CSecurityDescriptor::HasValidDACL(), CSecurityDescriptor::HasValidSACL(), test_acls(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), and test_GetShellSecurityDescriptor().

◆ IsValidSid()

BOOL WINAPI IsValidSid ( PSID  pSid)

Definition at line 819 of file security.c.

820{
821 return (BOOL)RtlValidSid(pSid);
822}

Referenced by AuthzInitializeContextFromSid(), CreateWellKnownSid(), DumpSidNumeric(), EqualDomainSid(), CShellCommandDACL::Execute(), CShellCommandOwner::Execute(), CShellCommandSACL::Execute(), GetEventUserName(), GetTextualSid(), GetWindowsAccountDomainSid(), map_name_2_sid(), test_CreateWellKnownSid(), and test_GetSidIdentifierAuthority().

◆ IsWellKnownSid()

BOOL WINAPI IsWellKnownSid ( IN PSID  pSid,
IN WELL_KNOWN_SID_TYPE  WellKnownSidType 
)

Definition at line 796 of file security.c.

798{
799 unsigned int i;
800 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
801
802 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
803 {
804 if (WellKnownSids[i].Type == WellKnownSidType)
805 {
806 if (EqualSid(pSid, (PSID)(&WellKnownSids[i].Sid.Revision)))
807 return TRUE;
808 }
809 }
810
811 return FALSE;
812}

Referenced by is_well_known_sid(), and test_token_attr().

◆ LookupAccountNameA()

BOOL WINAPI LookupAccountNameA ( LPCSTR  SystemName,
LPCSTR  AccountName,
PSID  Sid,
LPDWORD  SidLength,
LPSTR  ReferencedDomainName,
LPDWORD  hReferencedDomainNameLength,
PSID_NAME_USE  SidNameUse 
)

Definition at line 2012 of file security.c.

2019{
2020 BOOL ret;
2021 UNICODE_STRING lpSystemW;
2022 UNICODE_STRING lpAccountW;
2023 LPWSTR lpReferencedDomainNameW = NULL;
2024
2025 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, SystemName);
2026 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, AccountName);
2027
2028 if (ReferencedDomainName)
2029 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(),
2030 0,
2031 *hReferencedDomainNameLength * sizeof(WCHAR));
2032
2033 ret = LookupAccountNameW(lpSystemW.Buffer,
2034 lpAccountW.Buffer,
2035 Sid,
2036 SidLength,
2037 lpReferencedDomainNameW,
2038 hReferencedDomainNameLength,
2039 SidNameUse);
2040
2041 if (ret && lpReferencedDomainNameW)
2042 {
2043 WideCharToMultiByte(CP_ACP,
2044 0,
2045 lpReferencedDomainNameW,
2046 *hReferencedDomainNameLength + 1,
2047 ReferencedDomainName,
2048 *hReferencedDomainNameLength + 1,
2049 NULL,
2050 NULL);
2051 }
2052
2053 RtlFreeUnicodeString(&lpSystemW);
2054 RtlFreeUnicodeString(&lpAccountW);
2055 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
2056
2057 return ret;
2058}
LookupAccountNameW
BOOL WINAPI LookupAccountNameW(LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, LPDWORD cbSid, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:626
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
ReferencedDomainName
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR ReferencedDomainName
Definition: winbase.h:2785

Referenced by check_wellknown_name(), and test_LookupAccountName().

◆ LookupPrivilegeDisplayNameA()

BOOL WINAPI LookupPrivilegeDisplayNameA ( LPCSTR  lpSystemName,
LPCSTR  lpName,
LPSTR  lpDisplayName,
LPDWORD  cchDisplayName,
LPDWORD  lpLanguageId 
)

Definition at line 1239 of file security.c.

1244{
1245 UNICODE_STRING lpSystemNameW;
1246 UNICODE_STRING lpNameW;
1247 BOOL ret;
1248 DWORD wLen = 0;
1249
1250 TRACE("%s %s %p %p %p\n", debugstr_a(lpSystemName), debugstr_a(lpName), lpName, cchDisplayName, lpLanguageId);
1251
1252 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1253 RtlCreateUnicodeStringFromAsciiz(&lpNameW, lpName);
1254 ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, NULL, &wLen, lpLanguageId);
1255 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1256 {
1257 LPWSTR lpDisplayNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1258
1259 ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, lpDisplayNameW,
1260 &wLen, lpLanguageId);
1261 if (ret)
1262 {
1263 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpDisplayNameW, -1, lpDisplayName,
1264 *cchDisplayName, NULL, NULL);
1265
1266 if (len == 0)
1267 {
1268 /* WideCharToMultiByte failed */
1269 ret = FALSE;
1270 }
1271 else if (len > *cchDisplayName)
1272 {
1273 *cchDisplayName = len;
1274 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1275 ret = FALSE;
1276 }
1277 else
1278 {
1279 /* WideCharToMultiByte succeeded, output length needs to be
1280 * length not including NULL terminator
1281 */
1282 *cchDisplayName = len - 1;
1283 }
1284 }
1285 HeapFree(GetProcessHeap(), 0, lpDisplayNameW);
1286 }
1287 RtlFreeUnicodeString(&lpSystemNameW);
1288 RtlFreeUnicodeString(&lpNameW);
1289 return ret;
1290}
LookupPrivilegeDisplayNameW
BOOL WINAPI LookupPrivilegeDisplayNameW(LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
Definition: misc.c:901
lpDisplayName
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
Definition: winbase.h:2831
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
lpLanguageId
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR _Inout_ LPDWORD _Out_ LPDWORD lpLanguageId
Definition: winbase.h:2833
lpName
_In_ LPCSTR lpName
Definition: winbase.h:2830
cchDisplayName
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR _Inout_ LPDWORD cchDisplayName
Definition: winbase.h:2832

◆ LookupPrivilegeNameA()

BOOL WINAPI LookupPrivilegeNameA ( LPCSTR  lpSystemName,
PLUID  lpLuid,
LPSTR  lpName,
LPDWORD  cchName 
)

Definition at line 1299 of file security.c.

1303{
1304 UNICODE_STRING lpSystemNameW;
1305 BOOL ret;
1306 DWORD wLen = 0;
1307
1308 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1309
1310 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1311 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1312 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1313 {
1314 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1315
1316 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1317 &wLen);
1318 if (ret)
1319 {
1320 /* Windows crashes if cchName is NULL, so will I */
1321 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1322 *cchName, NULL, NULL);
1323
1324 if (len == 0)
1325 {
1326 /* WideCharToMultiByte failed */
1327 ret = FALSE;
1328 }
1329 else if (len > *cchName)
1330 {
1331 *cchName = len;
1332 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1333 ret = FALSE;
1334 }
1335 else
1336 {
1337 /* WideCharToMultiByte succeeded, output length needs to be
1338 * length not including NULL terminator
1339 */
1340 *cchName = len - 1;
1341 }
1342 }
1343 HeapFree(GetProcessHeap(), 0, lpNameW);
1344 }
1345 RtlFreeUnicodeString(&lpSystemNameW);
1346 return ret;
1347}
LookupPrivilegeNameW
BOOL WINAPI LookupPrivilegeNameW(LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, LPDWORD cchName)
Definition: misc.c:832
lpLuid
_In_ PLUID lpLuid
Definition: winbase.h:2850
cchName
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2808

Referenced by test_token_attr().

◆ MakeAbsoluteSD()

BOOL WINAPI MakeAbsoluteSD ( PSECURITY_DESCRIPTOR  pSelfRelativeSecurityDescriptor,
PSECURITY_DESCRIPTOR  pAbsoluteSecurityDescriptor,
LPDWORD  lpdwAbsoluteSecurityDescriptorSize,
PACL  pDacl,
LPDWORD  lpdwDaclSize,
PACL  pSacl,
LPDWORD  lpdwSaclSize,
PSID  pOwner,
LPDWORD  lpdwOwnerSize,
PSID  pPrimaryGroup,
LPDWORD  lpdwPrimaryGroupSize 
)

Definition at line 950 of file security.c.

961{
962 NTSTATUS Status;
963
964 Status = RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
965 pAbsoluteSecurityDescriptor,
966 lpdwAbsoluteSecurityDescriptorSize,
967 pDacl,
968 lpdwDaclSize,
969 pSacl,
970 lpdwSaclSize,
971 pOwner,
972 lpdwOwnerSize,
973 pPrimaryGroup,
974 lpdwPrimaryGroupSize);
975 if (!NT_SUCCESS(Status))
976 {
977 SetLastError(RtlNtStatusToDosError(Status));
978 return FALSE;
979 }
980
981 return TRUE;
982}
RtlSelfRelativeToAbsoluteSD
NTSYSAPI NTSTATUS WINAPI RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PDWORD, PACL, PDWORD, PACL, PDWORD, PSID, PDWORD, PSID, PDWORD)

Referenced by test_security_descriptor().

◆ OpenProcessToken()

BOOL WINAPI OpenProcessToken ( HANDLE  ProcessHandle,
DWORD  DesiredAccess,
PHANDLE  TokenHandle 
)

Definition at line 294 of file security.c.

297{
298 NTSTATUS Status;
299
300 TRACE("%p, %x, %p.\n", ProcessHandle, DesiredAccess, TokenHandle);
301
302 Status = NtOpenProcessToken(ProcessHandle,
303 DesiredAccess,
304 TokenHandle);
305 if (!NT_SUCCESS(Status))
306 {
307 WARN("NtOpenProcessToken failed! Status %08x\n", Status);
308 SetLastError(RtlNtStatusToDosError(Status));
309 return FALSE;
310 }
311
312 TRACE("Returning token %p.\n", *TokenHandle);
313
314 return TRUE;
315}
ProcessHandle
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
NtOpenProcessToken
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350

Referenced by _SHGetUserProfileDirectoryW(), AccpLookupCurrentUser(), AcquireRemoveRestorePrivilege(), AddDeviceW(), AddUserProfiles(), AdjustEnableDefaultPriv(), AuthzpInitSelf(), CheckTokenMembership(), CopySystemProfile(), DoesUserHavePrivilege(), DwInitializeSdFromThreadToken(), EnablePrivilege(), EnableProcessPrivileges(), enableTokenPrivilege(), CShellCommandSACL::Execute(), FormatEx2(), get_current_group(), get_current_owner(), get_user_sid(), GetProcessToken(), GetProfileType(), GetShellSecurityDescriptor(), GetTokenFromCurrentProcess(), GetTokenProcess(), GetUserAndDomainName(), GetUserNameW(), GetUserSIDString(), GetUserToken(), RecycleBin5::Init(), InstallReactOS(), is_process_elevated(), IsNTAdmin(), LaunchProcess(), make_impersonation_token(), named_pipe_client_func(), OpenCurrentToken(), OpenEffectiveToken(), OpenTokenFromProcess(), PauseBalanceW(), PerfDataRefresh(), PNP_ReportLogOn(), Privilege(), pSetupEnablePrivilege(), RecvSubvolGUIW(), RecvSubvolW(), RegenerateUserEnvironment(), RemoveDeviceW(), ResetStatsW(), ResizeDeviceW(), RevertToPrinterSelf(), RunningAsSYSTEM(), SendSubvolGUIW(), SendSubvolW(), set_privileges(), SetDriverLoadPrivilege(), SetPrivilege(), SHCreateSessionKey(), ShowScrubW(), ShutdownSystem(), START_TEST(), StartBalanceW(), StartScrubW(), StopBalanceW(), StopScrubW(), SystemSetLocalTime(), SystemSetTime(), TakeOwnershipOfFile(), test_AccessCheck(), test_AdjustTokenPrivileges(), test_CheckTokenMembership(), test_child_token_sd(), test_child_token_sd_medium(), test_child_token_sd_restricted(), test_create_env(), test_CreateDirectoryA(), test_CreateRestrictedToken(), test_get_user_profile_dir(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetTokenInformation(), test_GetWindowsAccountDomainSid(), test_impersonation(), test_impersonation_level(), test_kernel_objects_security(), test_LookupAccountSid(), test_lsa(), test_LsaLookupSids(), test_process_security(), test_pseudo_tokens(), test_RtlQueryPackageIdentity(), test_SetFileValidData(), test_system_security_access(), test_token_attr(), test_token_label(), test_token_security_descriptor(), test_TokenIntegrityLevel(), TestGetUserObjectInfoW(), UpdateDriver(), WhoamiGetTokenInfo(), WinMain(), and wWinMain().

◆ OpenThreadToken()

BOOL WINAPI OpenThreadToken ( HANDLE  ThreadHandle,
DWORD  DesiredAccess,
BOOL  OpenAsSelf,
HANDLE TokenHandle 
)

Definition at line 336 of file security.c.

338{
339 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
340}
NtOpenThreadToken
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2474
OpenAsSelf
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
Definition: zwfuncs.h:700

Referenced by AccpLookupCurrentUser(), AuthzpInitUnderImpersonation(), CheckTokenMembership(), DwInitializeSdFromThreadToken(), CShellCommandSACL::Execute(), GetProfileType(), GetUserNameW(), IsCallerInteractive(), OpenEffectiveToken(), PlaySound_ExpandEnvironmentStrings(), Privilege(), RegOpenCurrentUser(), RevertToPrinterSelf(), START_TEST(), test_CreateDirectoryA(), test_FileSecurity(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), test_ImpersonateNamedPipeClient(), test_impersonation_level(), and test_pseudo_tokens().

◆ ParseAceStringFlags()

static BYTE ParseAceStringFlags ( LPCWSTR StringAcl)
static

Definition at line 2636 of file security.c.

2637{
2638 UINT len = 0;
2639 BYTE flags = 0;
2640 LPCWSTR szAcl = *StringAcl;
2641
2642 while (*szAcl == ' ')
2643 szAcl++;
2644
2645 while (*szAcl != ';')
2646 {
2647 const ACEFLAG *lpaf = AceFlags;
2648
2649 while (lpaf->wstr &&
2650 (len = strlenW(lpaf->wstr)) &&
2651 strncmpW(lpaf->wstr, szAcl, len))
2652 lpaf++;
2653
2654 if (!lpaf->wstr)
2655 return 0;
2656
2657 flags |= lpaf->value;
2658 szAcl += len;
2659 }
2660
2661 *StringAcl = szAcl;
2662 return flags;
2663}
flags
GLbitfield flags
Definition: glext.h:7161
_ACEFLAG
Definition: security.c:24
_ACEFLAG::value
DWORD value
Definition: security.c:26
_ACEFLAG::wstr
LPCWSTR wstr
Definition: security.c:25
LPCWSTR
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185

Referenced by ParseStringAclToAcl().

◆ ParseAceStringRights()

static DWORD ParseAceStringRights ( LPCWSTR StringAcl)
static

Definition at line 2707 of file security.c.

2708{
2709 UINT len = 0;
2710 DWORD rights = 0;
2711 LPCWSTR szAcl = *StringAcl;
2712
2713 while (*szAcl == ' ')
2714 szAcl++;
2715
2716 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2717 {
2718 LPCWSTR p = szAcl;
2719
2720 while (*p && *p != ';')
2721 p++;
2722
2723 if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
2724 {
2725 rights = strtoulW(szAcl, NULL, 16);
2726 szAcl = p;
2727 }
2728 else
2729 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2730 }
2731 else
2732 {
2733 while (*szAcl != ';')
2734 {
2735 const ACEFLAG *lpaf = AceRights;
2736
2737 while (lpaf->wstr &&
2738 (len = strlenW(lpaf->wstr)) &&
2739 strncmpW(lpaf->wstr, szAcl, len))
2740 {
2741 lpaf++;
2742 }
2743
2744 if (!lpaf->wstr)
2745 return 0;
2746
2747 rights |= lpaf->value;
2748 szAcl += len;
2749 }
2750 }
2751
2752 *StringAcl = szAcl;
2753 return rights;
2754}
p
GLfloat GLfloat p
Definition: glext.h:8902
debugstr_wn
#define debugstr_wn
Definition: kernel32.h:33
strtoulW
#define strtoulW(s1, s2, b)
Definition: unicode.h:47

Referenced by ParseStringAclToAcl().

◆ ParseAceStringType()

static BYTE ParseAceStringType ( LPCWSTR StringAcl)
static

Definition at line 2599 of file security.c.

2600{
2601 UINT len = 0;
2602 LPCWSTR szAcl = *StringAcl;
2603 const ACEFLAG *lpaf = AceType;
2604
2605 while (*szAcl == ' ')
2606 szAcl++;
2607
2608 while (lpaf->wstr &&
2609 (len = strlenW(lpaf->wstr)) &&
2610 strncmpW(lpaf->wstr, szAcl, len))
2611 lpaf++;
2612
2613 if (!lpaf->wstr)
2614 return 0;
2615
2616 *StringAcl = szAcl + len;
2617 return lpaf->value;
2618}

Referenced by ParseStringAclToAcl().

◆ ParseAclStringFlags()

static DWORD ParseAclStringFlags ( LPCWSTR StringAcl)
static

Definition at line 2554 of file security.c.

2555{
2556 DWORD flags = 0;
2557 LPCWSTR szAcl = *StringAcl;
2558
2559 while (*szAcl && *szAcl != '(')
2560 {
2561 if (*szAcl == 'P')
2562 {
2563 flags |= SE_DACL_PROTECTED;
2564 }
2565 else if (*szAcl == 'A')
2566 {
2567 szAcl++;
2568 if (*szAcl == 'R')
2569 flags |= SE_DACL_AUTO_INHERIT_REQ;
2570 else if (*szAcl == 'I')
2571 flags |= SE_DACL_AUTO_INHERITED;
2572 }
2573 szAcl++;
2574 }
2575
2576 *StringAcl = szAcl;
2577 return flags;
2578}

Referenced by ParseStringAclToAcl().

◆ ParseStringAclToAcl()

static BOOL ParseStringAclToAcl ( LPCWSTR  StringAcl,
LPDWORD  lpdwFlags,
PACL  pAcl,
LPDWORD  cBytes 
)
static

Definition at line 2762 of file security.c.

2764{
2765 DWORD val;
2766 DWORD sidlen;
2767 DWORD length = sizeof(ACL);
2768 DWORD acesize = 0;
2769 DWORD acecount = 0;
2770 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
2771 DWORD error = ERROR_INVALID_ACL;
2772
2773 TRACE("%s\n", debugstr_w(StringAcl));
2774
2775 if (!StringAcl)
2776 return FALSE;
2777
2778 if (pAcl) /* pAce is only useful if we're setting values */
2779 pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);
2780
2781 /* Parse ACL flags */
2782 *lpdwFlags = ParseAclStringFlags(&StringAcl);
2783
2784 /* Parse ACE */
2785 while (*StringAcl == '(')
2786 {
2787 StringAcl++;
2788
2789 /* Parse ACE type */
2790 val = ParseAceStringType(&StringAcl);
2791 if (pAce)
2792 pAce->Header.AceType = (BYTE) val;
2793 if (*StringAcl != ';')
2794 {
2795 error = RPC_S_INVALID_STRING_UUID;
2796 goto lerr;
2797 }
2798 StringAcl++;
2799
2800 /* Parse ACE flags */
2801 val = ParseAceStringFlags(&StringAcl);
2802 if (pAce)
2803 pAce->Header.AceFlags = (BYTE) val;
2804 if (*StringAcl != ';')
2805 goto lerr;
2806 StringAcl++;
2807
2808 /* Parse ACE rights */
2809 val = ParseAceStringRights(&StringAcl);
2810 if (pAce)
2811 pAce->Mask = val;
2812 if (*StringAcl != ';')
2813 goto lerr;
2814 StringAcl++;
2815
2816 /* Parse ACE object guid */
2817 while (*StringAcl == ' ')
2818 StringAcl++;
2819 if (*StringAcl != ';')
2820 {
2821 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2822 goto lerr;
2823 }
2824 StringAcl++;
2825
2826 /* Parse ACE inherit object guid */
2827 while (*StringAcl == ' ')
2828 StringAcl++;
2829 if (*StringAcl != ';')
2830 {
2831 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2832 goto lerr;
2833 }
2834 StringAcl++;
2835
2836 /* Parse ACE account sid */
2837 if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen))
2838 {
2839 while (*StringAcl && *StringAcl != ')')
2840 StringAcl++;
2841 }
2842
2843 if (*StringAcl != ')')
2844 goto lerr;
2845 StringAcl++;
2846
2847 acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
2848 length += acesize;
2849 if (pAce)
2850 {
2851 pAce->Header.AceSize = acesize;
2852 pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize);
2853 }
2854 acecount++;
2855 }
2856
2857 *cBytes = length;
2858
2859 if (length > 0xffff)
2860 {
2861 ERR("ACL too large\n");
2862 goto lerr;
2863 }
2864
2865 if (pAcl)
2866 {
2867 pAcl->AclRevision = ACL_REVISION;
2868 pAcl->Sbz1 = 0;
2869 pAcl->AclSize = length;
2870 pAcl->AceCount = acecount;
2871 pAcl->Sbz2 = 0;
2872 }
2873 return TRUE;
2874
2875lerr:
2876 SetLastError(error);
2877 WARN("Invalid ACE string format\n");
2878 return FALSE;
2879}
ParseAclStringFlags
static DWORD ParseAclStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2554
ParseAceStringFlags
static BYTE ParseAceStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2636
ParseAceStringType
static BYTE ParseAceStringType(LPCWSTR *StringAcl)
Definition: security.c:2599
ParseAceStringRights
static DWORD ParseAceStringRights(LPCWSTR *StringAcl)
Definition: security.c:2707
val
GLuint GLfloat * val
Definition: glext.h:7180
error
#define error(str)
Definition: mkdosfs.c:1605
ACL
struct _ACL ACL
ACCESS_ALLOWED_ACE
struct _ACCESS_ALLOWED_ACE ACCESS_ALLOWED_ACE
PACCESS_ALLOWED_ACE
struct _ACCESS_ALLOWED_ACE * PACCESS_ALLOWED_ACE
_ACE_HEADER::AceSize
USHORT AceSize
Definition: ms-dtyp.idl:212
_ACL::Sbz2
USHORT Sbz2
Definition: ms-dtyp.idl:298
_ACL::Sbz1
UCHAR Sbz1
Definition: ms-dtyp.idl:295
_ACL::AclSize
USHORT AclSize
Definition: ms-dtyp.idl:296
_ACL::AclRevision
UCHAR AclRevision
Definition: ms-dtyp.idl:294
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53
RPC_S_INVALID_STRING_UUID
#define RPC_S_INVALID_STRING_UUID
Definition: winerror.h:1016
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39

Referenced by ParseStringSecurityDescriptorToSecurityDescriptor().

◆ ParseStringSecurityDescriptorToSecurityDescriptor()

static BOOL ParseStringSecurityDescriptorToSecurityDescriptor ( LPCWSTR  StringSecurityDescriptor,
SECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
LPDWORD  cBytes 
)
static

Definition at line 2884 of file security.c.

2888{
2889 BOOL bret = FALSE;
2890 WCHAR toktype;
2891 WCHAR *tok;
2892 LPCWSTR lptoken;
2893 LPBYTE lpNext = NULL;
2894 DWORD len;
2895
2896 *cBytes = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
2897
2898 tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
2899
2900 if (SecurityDescriptor)
2901 lpNext = (LPBYTE)(SecurityDescriptor + 1);
2902
2903 while (*StringSecurityDescriptor == ' ')
2904 StringSecurityDescriptor++;
2905
2906 while (*StringSecurityDescriptor)
2907 {
2908 toktype = *StringSecurityDescriptor;
2909
2910 /* Expect char identifier followed by ':' */
2911 StringSecurityDescriptor++;
2912 if (*StringSecurityDescriptor != ':')
2913 {
2914 SetLastError(ERROR_INVALID_PARAMETER);
2915 goto lend;
2916 }
2917 StringSecurityDescriptor++;
2918
2919 /* Extract token */
2920 lptoken = StringSecurityDescriptor;
2921 while (*lptoken && *lptoken != ':')
2922 lptoken++;
2923
2924 if (*lptoken)
2925 lptoken--;
2926
2927 len = lptoken - StringSecurityDescriptor;
2928 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
2929 tok[len] = 0;
2930
2931 switch (toktype)
2932 {
2933 case 'O':
2934 {
2935 DWORD bytes;
2936
2937 if (!ParseStringSidToSid(tok, lpNext, &bytes))
2938 goto lend;
2939
2940 if (SecurityDescriptor)
2941 {
2942 SecurityDescriptor->Owner = lpNext - (LPBYTE)SecurityDescriptor;
2943 lpNext += bytes; /* Advance to next token */
2944 }
2945
2946 *cBytes += bytes;
2947
2948 break;
2949 }
2950
2951 case 'G':
2952 {
2953 DWORD bytes;
2954
2955 if (!ParseStringSidToSid(tok, lpNext, &bytes))
2956 goto lend;
2957
2958 if (SecurityDescriptor)
2959 {
2960 SecurityDescriptor->Group = lpNext - (LPBYTE)SecurityDescriptor;
2961 lpNext += bytes; /* Advance to next token */
2962 }
2963
2964 *cBytes += bytes;
2965
2966 break;
2967 }
2968
2969 case 'D':
2970 {
2971 DWORD flags;
2972 DWORD bytes;
2973
2974 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2975 goto lend;
2976
2977 if (SecurityDescriptor)
2978 {
2979 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
2980 SecurityDescriptor->Dacl = lpNext - (LPBYTE)SecurityDescriptor;
2981 lpNext += bytes; /* Advance to next token */
2982 }
2983
2984 *cBytes += bytes;
2985
2986 break;
2987 }
2988
2989 case 'S':
2990 {
2991 DWORD flags;
2992 DWORD bytes;
2993
2994 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2995 goto lend;
2996
2997 if (SecurityDescriptor)
2998 {
2999 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
3000 SecurityDescriptor->Sacl = lpNext - (LPBYTE)SecurityDescriptor;
3001 lpNext += bytes; /* Advance to next token */
3002 }
3003
3004 *cBytes += bytes;
3005
3006 break;
3007 }
3008
3009 default:
3010 FIXME("Unknown token\n");
3011 SetLastError(ERROR_INVALID_PARAMETER);
3012 goto lend;
3013 }
3014
3015 StringSecurityDescriptor = lptoken;
3016 }
3017
3018 bret = TRUE;
3019
3020lend:
3021 heap_free(tok);
3022 return bret;
3023}
bytes
static unsigned char bytes[4]
Definition: adnsresfilter.c:74
ParseStringAclToAcl
static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags, PACL pAcl, LPDWORD cBytes)
Definition: security.c:2762
lstrlenW
#define lstrlenW
Definition: compat.h:750
SECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
SE_SACL_PRESENT
#define SE_SACL_PRESENT
Definition: setypes.h:835
SE_DACL_PRESENT
#define SE_DACL_PRESENT
Definition: setypes.h:833

Referenced by ConvertStringSecurityDescriptorToSecurityDescriptorW().

◆ ParseStringSidToSid()

static BOOL ParseStringSidToSid ( LPCWSTR  StringSid,
PSID  pSid,
LPDWORD  cBytes 
)
static

Definition at line 3973 of file security.c.

3974{
3975 BOOL bret = FALSE;
3976 SID* pisid=pSid;
3977
3978 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
3979 if (!StringSid)
3980 {
3981 SetLastError(ERROR_INVALID_PARAMETER);
3982 TRACE("StringSid is NULL, returning FALSE\n");
3983 return FALSE;
3984 }
3985
3986 while (*StringSid == ' ')
3987 StringSid++;
3988
3989 if (!*StringSid)
3990 goto lend; /* ERROR_INVALID_SID */
3991
3992 *cBytes = ComputeStringSidSize(StringSid);
3993 if (!pisid) /* Simply compute the size */
3994 {
3995 TRACE("only size requested, returning TRUE with %d\n", *cBytes);
3996 return TRUE;
3997 }
3998
3999 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
4000 {
4001 DWORD i = 0, identAuth;
4002 DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD));
4003
4004 StringSid += 2; /* Advance to Revision */
4005 pisid->Revision = atoiW(StringSid);
4006
4007 if (pisid->Revision != SDDL_REVISION)
4008 {
4009 TRACE("Revision %d is unknown\n", pisid->Revision);
4010 goto lend; /* ERROR_INVALID_SID */
4011 }
4012 if (csubauth == 0)
4013 {
4014 TRACE("SubAuthorityCount is 0\n");
4015 goto lend; /* ERROR_INVALID_SID */
4016 }
4017
4018 pisid->SubAuthorityCount = csubauth;
4019
4020 /* Advance to identifier authority */
4021 while (*StringSid && *StringSid != '-')
4022 StringSid++;
4023 if (*StringSid == '-')
4024 StringSid++;
4025
4026 /* MS' implementation can't handle values greater than 2^32 - 1, so
4027 * we don't either; assume most significant bytes are always 0
4028 */
4029 pisid->IdentifierAuthority.Value[0] = 0;
4030 pisid->IdentifierAuthority.Value[1] = 0;
4031 identAuth = atoiW(StringSid);
4032 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
4033 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
4034 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
4035 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
4036
4037 /* Advance to first sub authority */
4038 while (*StringSid && *StringSid != '-')
4039 StringSid++;
4040 if (*StringSid == '-')
4041 StringSid++;
4042
4043 while (*StringSid)
4044 {
4045 pisid->SubAuthority[i++] = atoiW(StringSid);
4046
4047 while (*StringSid && *StringSid != '-')
4048 StringSid++;
4049 if (*StringSid == '-')
4050 StringSid++;
4051 }
4052
4053 if (i != pisid->SubAuthorityCount)
4054 goto lend; /* ERROR_INVALID_SID */
4055
4056 bret = TRUE;
4057 }
4058 else /* String constant format - Only available in winxp and above */
4059 {
4060 unsigned int i;
4061 pisid->Revision = SDDL_REVISION;
4062
4063 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
4064 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
4065 {
4066 DWORD j;
4067 pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount;
4068 pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority;
4069 for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
4070 pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j];
4071 bret = TRUE;
4072 }
4073
4074 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
4075 if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
4076 {
4077 ADVAPI_GetComputerSid(pisid);
4078 pisid->SubAuthority[pisid->SubAuthorityCount] = WellKnownRids[i].Rid;
4079 pisid->SubAuthorityCount++;
4080 bret = TRUE;
4081 }
4082
4083 if (!bret)
4084 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
4085 }
4086
4087lend:
4088 if (!bret)
4089 SetLastError(ERROR_INVALID_SID);
4090
4091 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
4092 return bret;
4093}
ComputeStringSidSize
static DWORD ComputeStringSidSize(LPCWSTR StringSid)
Definition: security.c:3934
j
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
atoiW
#define atoiW(s)
Definition: unicode.h:60
WELLKNOWNRID::Rid
DWORD Rid
Definition: security.c:106
WELLKNOWNSID::Sid
MAX_SID Sid
Definition: security.c:42
_MAX_SID::IdentifierAuthority
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: security.c:34
_MAX_SID::SubAuthorityCount
BYTE SubAuthorityCount
Definition: security.c:33
_MAX_SID::SubAuthority
DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES]
Definition: security.c:35

Referenced by ConvertStringSidToSidW(), ParseStringAclToAcl(), and ParseStringSecurityDescriptorToSecurityDescriptor().

◆ PrivilegeCheck()

BOOL WINAPI PrivilegeCheck ( HANDLE  ClientToken,
PPRIVILEGE_SET  RequiredPrivileges,
LPBOOL  pfResult 
)

Definition at line 2066 of file security.c.

2069{
2070 BOOLEAN Result;
2071 NTSTATUS Status;
2072
2073 Status = NtPrivilegeCheck(ClientToken,
2074 RequiredPrivileges,
2075 &Result);
2076 if (!NT_SUCCESS(Status))
2077 {
2078 SetLastError(RtlNtStatusToDosError(Status));
2079 return FALSE;
2080 }
2081
2082 *pfResult = (BOOL)Result;
2083
2084 return TRUE;
2085}
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
BOOL
#define BOOL
Definition: nt_native.h:43
NtPrivilegeCheck
NTSTATUS NTAPI NtPrivilegeCheck(_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
Checks a client access token if it has the required set of privileges.
Definition: priv.c:868

Referenced by IsPrivilegeEnabled(), test_CreateRestrictedToken(), and test_impersonation_level().

◆ QueryWindows31FilesMigration()

BOOL WINAPI QueryWindows31FilesMigration ( DWORD  x1)

Definition at line 1580 of file security.c.

1581{
1582 FIXME("(%d):stub\n",x1);
1583 return TRUE;
1584}
x1
_In_ CLIPOBJ _In_ BRUSHOBJ _In_ LONG x1
Definition: winddi.h:3708

◆ RevertToSelf()

BOOL WINAPI RevertToSelf ( VOID  )

Definition at line 1608 of file security.c.

1609{
1610 NTSTATUS Status;
1611 HANDLE Token = NULL;
1612
1613 Status = NtSetInformationThread(NtCurrentThread(),
1614 ThreadImpersonationToken,
1615 &Token,
1616 sizeof(HANDLE));
1617 if (!NT_SUCCESS(Status))
1618 {
1619 SetLastError(RtlNtStatusToDosError(Status));
1620 return FALSE;
1621 }
1622
1623 return TRUE;
1624}
ThreadImpersonationToken
@ ThreadImpersonationToken
Definition: compat.h:940
NtSetInformationThread
NTSTATUS NTAPI NtSetInformationThread(IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength)
Definition: query.c:2067
NtCurrentThread
#define NtCurrentThread()

◆ SERV_dup()

static LPWSTR SERV_dup ( LPCSTR  str)
static

Definition at line 233 of file security.c.

234{
235 UINT len;
236 LPWSTR wstr;
237
238 if( !str )
239 return NULL;
240 len = MultiByteToWideChar( CP_ACP, 0, str, -1, NULL, 0 );
241 wstr = heap_alloc( len*sizeof (WCHAR) );
242 MultiByteToWideChar( CP_ACP, 0, str, -1, wstr, len );
243 return wstr;
244}
str
const WCHAR * str
Definition: rpc_transport.c:2724

Referenced by ConvertStringSidToSidA().

◆ set_ntstatus()

static __inline BOOL set_ntstatus ( NTSTATUS  status)
static

Definition at line 227 of file security.c.

228{
229 if (!NT_SUCCESS(status)) SetLastError( RtlNtStatusToDosError( status ));
230 return NT_SUCCESS(status);
231}
status
Definition: ps.c:97

Referenced by AccessCheck(), ActivateActCtx(), AddAccessAllowedAce(), AddAccessAllowedAceEx(), AddAccessAllowedObjectAce(), AddAccessDeniedAce(), AddAccessDeniedAceEx(), AddAccessDeniedObjectAce(), AddAce(), AddAuditAccessAce(), AddAuditAccessAceEx(), AddAuditAccessObjectAce(), AddDllDirectory(), AddMandatoryAce(), AdjustTokenGroups(), AllocateAndInitializeSid(), AllocateLocallyUniqueId(), CallbackMayRunLong(), CancelIo(), CancelIoEx(), CancelSynchronousIo(), CancelWaitableTimer(), ChangeTimerQueueTimer(), CheckRemoteDebuggerPresent(), CloseHandle(), CompareObjectHandles(), ConnectNamedPipe(), console_ioctl(), ContinueDebugEvent(), ConvertToAutoInheritPrivateObjectSecurity(), copy_file(), CopyContext(), CopySid(), create_console_connection(), create_console_reference(), create_console_server(), CreateActCtxW(), CreateConsoleScreenBuffer(), CreateDirectoryW(), CreateFiberEx(), CreateHardLinkW(), CreateIoCompletionPort(), CreateMemoryResourceNotification(), CreateNamedPipeW(), CreatePipe(), CreatePrivateObjectSecurity(), CreatePrivateObjectSecurityEx(), CreatePrivateObjectSecurityWithMultipleInheritance(), CreateProcessInternalW(), CreateRemoteThreadEx(), CreateRestrictedToken(), CreateThreadpool(), CreateThreadpoolCleanupGroup(), CreateThreadpoolIo(), CreateThreadpoolTimer(), CreateThreadpoolWait(), CreateThreadpoolWork(), CreateTimerQueue(), CreateTimerQueueTimer(), DebugActiveProcess(), DebugActiveProcessStop(), DefineDosDeviceW(), DeleteAce(), DeleteFileW(), DeleteTimerQueueEx(), DeleteTimerQueueTimer(), DestroyPrivateObjectSecurity(), DeviceIoControl(), DisableThreadLibraryCalls(), DisconnectNamedPipe(), DuplicateHandle(), DuplicateTokenEx(), EnumProcesses(), EnumResourceTypesExA(), EnumResourceTypesExW(), ExpandEnvironmentStringsW(), FileTimeToLocalFileTime(), find_exe_file(), FindActCtxSectionGuid(), FindActCtxSectionStringW(), FindFirstChangeNotificationW(), FindNextChangeNotification(), FindNextFileW(), FlsAlloc(), FlsFree(), FlsGetValue(), FlsSetValue(), FlushFileBuffers(), FlushInstructionCache(), FlushViewOfFile(), FoldStringW(), FormatMessageA(), FormatMessageW(), FreeLibrary(), get_firmware_table(), get_message(), get_proc_address(), GetAce(), GetAclInformation(), GetCompressedFileSizeW(), GetConsoleProcessList(), GetCurrentActCtx(), GetDiskFreeSpaceExW(), GetDiskFreeSpaceW(), GetDynamicTimeZoneInformation(), GetEnvironmentVariableA(), GetEnvironmentVariableW(), GetExitCodeProcess(), GetExitCodeThread(), GetFileAttributesExW(), GetFileInformationByHandle(), GetFileInformationByHandleEx(), GetFileSecurityW(), GetFileSizeEx(), GetFileTime(), GetFileType(), GetFinalPathNameByHandleW(), GetHandleInformation(), GetKernelObjectSecurity(), GetLogicalProcessorInformation(), GetLogicalProcessorInformationEx(), GetMappedFileNameW(), GetModuleHandleExW(), GetNamedPipeHandleStateW(), GetNamedPipeInfo(), GetNativeSystemInfo(), GetOverlappedResultEx(), GetPerformanceInfo(), GetPriorityClass(), GetProcessHandleCount(), GetProcessId(), GetProcessIdOfThread(), GetProcessInformation(), GetProcessMemoryInfo(), GetProcessPreferredUILanguages(), GetProcessTimes(), GetProcessVersion(), GetSecurityDescriptorControl(), GetSecurityDescriptorDacl(), GetSecurityDescriptorGroup(), GetSecurityDescriptorOwner(), GetSecurityDescriptorSacl(), GetSystemCpuSetInformation(), GetSystemInfo(), GetSystemPreferredUILanguages(), GetSystemTimeAdjustment(), GetSystemTimes(), GetThreadContext(), GetThreadGroupAffinity(), GetThreadId(), GetThreadIdealProcessorEx(), GetThreadIOPendingFlag(), GetThreadPreferredUILanguages(), GetThreadPriority(), GetThreadPriorityBoost(), GetThreadTimes(), GetTokenInformation(), GetUserPreferredUILanguages(), GetVolumeInformationByHandleW(), GetVolumeInformationW(), GetWriteWatch(), GetWsChanges(), GlobalMemoryStatusEx(), HeapQueryInformation(), HeapSetInformation(), HeapWalk(), IdnToAscii(), IdnToNameprepUnicode(), IdnToUnicode(), ImpersonateAnonymousToken(), ImpersonateNamedPipeClient(), ImpersonateSelf(), init_console_std_handles(), init_current_version(), init_module_iterator(), init_module_iterator_wow64(), InitializeAcl(), InitializeContext2(), InitializeSecurityDescriptor(), InitializeSid(), InitOnceComplete(), IsNormalizedString(), IsProcessInJob(), IsTokenRestricted(), IsValidSecurityDescriptor(), IsWow64Process(), IsWow64Process2(), kernelbase_Wow64EnableWow64FsRedirection(), load_library(), LoadResource(), LocalFileTimeToFileTime(), LockFile(), LockFileEx(), MakeAbsoluteSD(), MakeSelfRelativeSD(), MapViewOfFile3(), mbstowcs_utf8(), MoveFileWithProgressW(), open_device_root(), OpenEventW(), OpenFileById(), OpenFileMappingFromApp(), OpenFileMappingW(), OpenMutexW(), OpenProcess(), OpenProcessToken(), OpenSemaphoreW(), OpenThread(), OpenThreadToken(), OpenWaitableTimerW(), PostQueuedCompletionStatus(), PrefetchVirtualMemory(), PrivilegeCheck(), ProcessIdToSessionId(), PulseEvent(), QueryActCtxSettingsW(), QueryActCtxW(), QueryDosDeviceW(), QueryFullProcessImageNameW(), QueryProcessCycleTime(), QueryThreadpoolStackInformation(), QueryVirtualMemoryInformation(), QueryWorkingSet(), QueryWorkingSetEx(), QueueUserAPC(), QueueUserWorkItem(), ReadDirectoryChangesW(), ReadFileEx(), ReadFileScatter(), ReadProcessMemory(), RegisterWaitForSingleObjectEx(), ReleaseMutex(), ReleaseSemaphore(), RemoveDirectoryW(), RemoveDllDirectory(), ReOpenFile(), ReplaceFileW(), ResetEvent(), ResetWriteWatch(), ResumeThread(), SetCurrentDirectoryA(), SetCurrentDirectoryW(), SetDefaultDllDirectories(), SetEndOfFile(), SetEnvironmentStringsW(), SetEnvironmentVariableW(), SetEvent(), SetFileAttributesW(), SetFileInformationByHandle(), SetFilePointerEx(), SetFileSecurityW(), SetFileTime(), SetFileValidData(), SetHandleInformation(), SetKernelObjectSecurity(), SetLocalTime(), SetNamedPipeHandleState(), SetPriorityClass(), SetProcessInformation(), SetProcessPreferredUILanguages(), SetSecurityDescriptorControl(), SetSecurityDescriptorDacl(), SetSecurityDescriptorGroup(), SetSecurityDescriptorOwner(), SetSecurityDescriptorSacl(), SetSystemTime(), SetSystemTimeAdjustment(), SetThreadContext(), SetThreadErrorMode(), SetThreadGroupAffinity(), SetThreadInformation(), SetThreadpoolStackInformation(), SetThreadPreferredUILanguages(), SetThreadPriority(), SetThreadPriorityBoost(), SetThreadToken(), SetTimeZoneInformation(), SetTokenInformation(), SetWaitableTimer(), SleepConditionVariableCS(), SleepConditionVariableSRW(), SuspendThread(), TerminateProcess(), TerminateThread(), TransactNamedPipe(), TrySubmitThreadpoolCallback(), UnlockFile(), UnmapViewOfFile(), UnmapViewOfFile2(), UnmapViewOfFileEx(), UnregisterWaitEx(), VirtualAlloc2(), VirtualAlloc2FromApp(), VirtualAllocEx(), VirtualAllocFromApp(), VirtualFreeEx(), VirtualLock(), VirtualProtectEx(), VirtualQueryEx(), VirtualUnlock(), WaitForDebugEvent(), WaitForDebugEventEx(), WaitNamedPipeW(), WaitOnAddress(), wcstombs_utf8(), Wow64DisableWow64FsRedirection(), Wow64GetThreadContext(), Wow64RevertWow64FsRedirection(), Wow64SetThreadContext(), WriteFileEx(), WriteFileGather(), WriteProcessMemory(), and ZombifyActCtx().

◆ SetAclInformation()

BOOL WINAPI SetAclInformation ( PACL  pAcl,
LPVOID  pAclInformation,
DWORD  nAclInformationLength,
ACL_INFORMATION_CLASS  dwAclInformationClass 
)

Definition at line 2471 of file security.c.

2475{
2476 NTSTATUS Status;
2477
2478 Status = RtlSetInformationAcl(pAcl,
2479 pAclInformation,
2480 nAclInformationLength,
2481 dwAclInformationClass);
2482 if (!NT_SUCCESS(Status))
2483 {
2484 SetLastError(RtlNtStatusToDosError(Status));
2485 return FALSE;
2486 }
2487
2488 return TRUE;
2489}
RtlSetInformationAcl
NTSTATUS NTAPI RtlSetInformationAcl(IN PACL Acl, IN PVOID Information, IN ULONG InformationLength, IN ACL_INFORMATION_CLASS InformationClass)
Definition: acl.c:785

◆ SetFileSecurityA()

BOOL WINAPI SetFileSecurityA ( LPCSTR  lpFileName,
SECURITY_INFORMATION  SecurityInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor 
)

Definition at line 1479 of file security.c.

1482{
1483 UNICODE_STRING FileName;
1484 BOOL bResult;
1485
1486 if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
1487 {
1488 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1489 return FALSE;
1490 }
1491
1492 bResult = SetFileSecurityW(FileName.Buffer,
1493 SecurityInformation,
1494 pSecurityDescriptor);
1495
1496 RtlFreeUnicodeString(&FileName);
1497
1498 return bResult;
1499}
SetFileSecurityW
BOOL WINAPI SetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: security.c:1509
SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340

◆ SetFileSecurityW()

BOOL WINAPI SetFileSecurityW ( LPCWSTR  lpFileName,
SECURITY_INFORMATION  SecurityInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor 
)

Definition at line 1509 of file security.c.

1512{
1513 OBJECT_ATTRIBUTES ObjectAttributes;
1514 IO_STATUS_BLOCK StatusBlock;
1515 UNICODE_STRING FileName;
1516 ULONG AccessMask = 0;
1517 HANDLE FileHandle;
1518 NTSTATUS Status;
1519
1520 TRACE("SetFileSecurityW() called\n");
1521
1522 SetSecurityAccessMask(SecurityInformation, &AccessMask);
1523
1524 if (!RtlDosPathNameToNtPathName_U(lpFileName,
1525 &FileName,
1526 NULL,
1527 NULL))
1528 {
1529 ERR("Invalid path\n");
1530 SetLastError(ERROR_INVALID_NAME);
1531 return FALSE;
1532 }
1533
1534 InitializeObjectAttributes(&ObjectAttributes,
1535 &FileName,
1536 OBJ_CASE_INSENSITIVE,
1537 NULL,
1538 NULL);
1539
1540 Status = NtOpenFile(&FileHandle,
1541 AccessMask,
1542 &ObjectAttributes,
1543 &StatusBlock,
1544 FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
1545 0);
1546
1547 RtlFreeHeap(RtlGetProcessHeap(),
1548 0,
1549 FileName.Buffer);
1550
1551 if (!NT_SUCCESS(Status))
1552 {
1553 ERR("NtOpenFile() failed (Status %lx)\n", Status);
1554 SetLastError(RtlNtStatusToDosError(Status));
1555 return FALSE;
1556 }
1557
1558 Status = NtSetSecurityObject(FileHandle,
1559 SecurityInformation,
1560 pSecurityDescriptor);
1561 NtClose(FileHandle);
1562
1563 if (!NT_SUCCESS(Status))
1564 {
1565 ERR("NtSetSecurityObject() failed (Status %lx)\n", Status);
1566 SetLastError(RtlNtStatusToDosError(Status));
1567 return FALSE;
1568 }
1569
1570 return TRUE;
1571}
SetSecurityAccessMask
VOID WINAPI SetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
Definition: sec.c:398
NtSetSecurityObject
NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)

Referenced by SetFileSecurityA(), StampFileSecurity(), and TakeOwnershipOfFile().

◆ SetKernelObjectSecurity()

BOOL WINAPI SetKernelObjectSecurity ( HANDLE  Handle,
SECURITY_INFORMATION  SecurityInformation,
PSECURITY_DESCRIPTOR  SecurityDescriptor 
)

Definition at line 1928 of file security.c.

1931{
1932 NTSTATUS Status;
1933
1934 Status = NtSetSecurityObject(Handle,
1935 SecurityInformation,
1936 SecurityDescriptor);
1937 if (!NT_SUCCESS(Status))
1938 {
1939 SetLastError(RtlNtStatusToDosError(Status));
1940 return FALSE;
1941 }
1942
1943 return TRUE;
1944}

Referenced by InsertProcessSecurityCommon(), test_AddMandatoryAce(), and test_token_security_descriptor().

◆ SetNamedSecurityInfoA()

DWORD WINAPI SetNamedSecurityInfoA ( LPSTR  pObjectName,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
PSID  psidOwner,
PSID  psidGroup,
PACL  pDacl,
PACL  pSacl 
)

Definition at line 2498 of file security.c.

2505{
2506 UNICODE_STRING ObjectName;
2507 DWORD Ret;
2508
2509 if (!RtlCreateUnicodeStringFromAsciiz(&ObjectName, pObjectName))
2510 {
2511 return ERROR_NOT_ENOUGH_MEMORY;
2512 }
2513
2514 Ret = SetNamedSecurityInfoW(ObjectName.Buffer,
2515 ObjectType,
2516 SecurityInfo,
2517 psidOwner,
2518 psidGroup,
2519 pDacl,
2520 pSacl);
2521
2522 RtlFreeUnicodeString(&ObjectName);
2523
2524 return Ret;
2525}
SetNamedSecurityInfoW
DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1197
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64

◆ SetThreadToken()

BOOL WINAPI SetThreadToken ( IN PHANDLE ThreadHandle  OPTIONAL,
IN HANDLE  TokenHandle 
)

Definition at line 461 of file security.c.

463{
464 NTSTATUS Status;
465 HANDLE hThread;
466
467 hThread = (ThreadHandle != NULL) ? *ThreadHandle : NtCurrentThread();
468
469 Status = NtSetInformationThread(hThread,
470 ThreadImpersonationToken,
471 &TokenHandle,
472 sizeof(HANDLE));
473 if (!NT_SUCCESS(Status))
474 {
475 SetLastError(RtlNtStatusToDosError(Status));
476 return FALSE;
477 }
478
479 return TRUE;
480}
hThread
HANDLE hThread
Definition: wizard.c:28

Referenced by ImpersonateLoggedOnUser(), ImpersonatePrinterClient(), named_pipe_client_func(), RevertToPrinterSelf(), RevertToSelf(), and test_token_security_descriptor().

◆ SetTokenInformation()

BOOL WINAPI SetTokenInformation ( HANDLE  TokenHandle,
TOKEN_INFORMATION_CLASS  TokenInformationClass,
LPVOID  TokenInformation,
DWORD  TokenInformationLength 
)

Definition at line 437 of file security.c.

441{
442 NTSTATUS Status;
443
444 Status = NtSetInformationToken(TokenHandle,
445 TokenInformationClass,
446 TokenInformation,
447 TokenInformationLength);
448 if (!NT_SUCCESS(Status))
449 {
450 SetLastError(RtlNtStatusToDosError(Status));
451 return FALSE;
452 }
453
454 return TRUE;
455}
NtSetInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Sets (modifies) some specific information in regard of an access token. The calling thread must have ...
Definition: tokencls.c:1125

Referenced by test_token_attr().

◆ SynchronizeWindows31FilesAndWindowsNTRegistry()

BOOL WINAPI SynchronizeWindows31FilesAndWindowsNTRegistry ( DWORD  x1,
DWORD  x2,
DWORD  x3,
DWORD  x4 
)

Definition at line 1596 of file security.c.

1598{
1599 FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
1600 return TRUE;
1601}
x2
_In_ CLIPOBJ _In_ BRUSHOBJ _In_ LONG _In_ LONG _In_ LONG x2
Definition: winddi.h:3710

◆ WINE_DEFAULT_DEBUG_CHANNEL()

WINE_DEFAULT_DEBUG_CHANNEL ( advapi  )

Variable Documentation

◆ AceFlags

const ACEFLAG AceFlags[]
static
Initial value:
=
{
{ SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
{ SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
{ SDDL_INHERITED, INHERITED_ACE },
{ SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
{ SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
{ SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
{ SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
{ NULL, 0 },
}

Definition at line 2624 of file security.c.

Referenced by AddAccessAllowedAceEx(), AddAccessAllowedObjectAce(), AddAccessDeniedAceEx(), AddAccessDeniedObjectAce(), AddAuditAccessAceEx(), AddAuditAccessObjectAce(), ParseAceStringFlags(), SepPropagateAcl(), SepShouldPropagateAce(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_pack_ACE_HEADER(), TestSeAssignSecurity(), and VCheckAcl__().

◆ AceRightBitNames

const LPCWSTR AceRightBitNames[32]
static

Definition at line 3186 of file security.c.

Referenced by DumpRights().

◆ AceRights

const ACEFLAG AceRights[]
static

Definition at line 2669 of file security.c.

Referenced by DumpRights(), and ParseAceStringRights().

◆ AceType

const ACEFLAG AceType[]
static
Initial value:
=
{
{ SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
{ SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
{ SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
{ SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
{ SDDL_MANDATORY_LABEL,SYSTEM_MANDATORY_LABEL_ACE_TYPE },
{ NULL, 0 },
}
SDDL_MANDATORY_LABEL
static const WCHAR SDDL_MANDATORY_LABEL[]
Definition: security.c:144
SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:741

Definition at line 2583 of file security.c.

Referenced by DumpAce(), GetAllowedWorldAce(), ParseAceStringType(), test_pack_ACE_HEADER(), and VCheckAcl__().

◆ SDDL_ACCESS_ALLOWED

const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0}
static

Definition at line 136 of file security.c.

Referenced by DumpAce().

◆ SDDL_ACCESS_DENIED

const WCHAR SDDL_ACCESS_DENIED[] = {'D',0}
static

Definition at line 137 of file security.c.

Referenced by DumpAce().

◆ SDDL_ALARM

const WCHAR SDDL_ALARM[] = {'A','L',0}
static

Definition at line 143 of file security.c.

Referenced by DumpAce().

◆ SDDL_AUDIT

const WCHAR SDDL_AUDIT[] = {'A','U',0}
static

Definition at line 142 of file security.c.

Referenced by DumpAce().

◆ SDDL_AUDIT_FAILURE

const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0}
static

Definition at line 172 of file security.c.

Referenced by DumpAce().

◆ SDDL_AUDIT_SUCCESS

const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0}
static

Definition at line 171 of file security.c.

Referenced by DumpAce().

◆ SDDL_CONTAINER_INHERIT

const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0}
static

Definition at line 166 of file security.c.

Referenced by DumpAce().

◆ SDDL_INHERIT_ONLY

const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0}
static

Definition at line 169 of file security.c.

Referenced by DumpAce().

◆ SDDL_INHERITED

const WCHAR SDDL_INHERITED[] = {'I','D',0}
static

Definition at line 170 of file security.c.

Referenced by DumpAce().

◆ SDDL_MANDATORY_LABEL

const WCHAR SDDL_MANDATORY_LABEL[] = {'M','L',0}
static

Definition at line 144 of file security.c.

◆ SDDL_NO_EXECUTE_UP

const WCHAR SDDL_NO_EXECUTE_UP[] = {'N','X',0}
static

Definition at line 131 of file security.c.

◆ SDDL_NO_PROPAGATE

const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0}
static

Definition at line 168 of file security.c.

Referenced by DumpAce().

◆ SDDL_NO_READ_UP

const WCHAR SDDL_NO_READ_UP[] = {'N','R',0}
static

Definition at line 129 of file security.c.

◆ SDDL_NO_WRITE_UP

const WCHAR SDDL_NO_WRITE_UP[] = {'N','W',0}
static

Definition at line 130 of file security.c.

◆ SDDL_OBJECT_ACCESS_ALLOWED

const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0}
static

Definition at line 139 of file security.c.

◆ SDDL_OBJECT_ACCESS_DENIED

const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0}
static

Definition at line 140 of file security.c.

◆ SDDL_OBJECT_ALARM

const WCHAR SDDL_OBJECT_ALARM[] = {'O','L',0}
static

Definition at line 147 of file security.c.

◆ SDDL_OBJECT_AUDIT

const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0}
static

Definition at line 146 of file security.c.

◆ SDDL_OBJECT_INHERIT

const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0}
static

Definition at line 167 of file security.c.

Referenced by DumpAce().

◆ sidWorld

const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }
static

Definition at line 126 of file security.c.

Referenced by test_AddAce().

◆ WellKnownRids

const WELLKNOWNRID WellKnownRids[]
static
Initial value:
= {
{ {'L','A'}, WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
{ {'L','G'}, WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
{ {0,0}, WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
{ {'D','A'}, WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
{ {'D','U'}, WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
{ {'D','G'}, WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
{ {'D','C'}, WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
{ {'D','D'}, WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
{ {'C','A'}, WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
{ {'S','A'}, WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
{ {'E','A'}, WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
{ {'P','A'}, WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
{ {'R','S'}, WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
}
DOMAIN_GROUP_RID_SCHEMA_ADMINS
#define DOMAIN_GROUP_RID_SCHEMA_ADMINS
Definition: setypes.h:645
DOMAIN_USER_RID_ADMIN
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:631
DOMAIN_GROUP_RID_CONTROLLERS
#define DOMAIN_GROUP_RID_CONTROLLERS
Definition: setypes.h:643
DOMAIN_GROUP_RID_COMPUTERS
#define DOMAIN_GROUP_RID_COMPUTERS
Definition: setypes.h:642
DOMAIN_GROUP_RID_POLICY_ADMINS
#define DOMAIN_GROUP_RID_POLICY_ADMINS
Definition: setypes.h:647
DOMAIN_GROUP_RID_GUESTS
#define DOMAIN_GROUP_RID_GUESTS
Definition: setypes.h:641
DOMAIN_USER_RID_GUEST
#define DOMAIN_USER_RID_GUEST
Definition: setypes.h:632
DOMAIN_ALIAS_RID_RAS_SERVERS
#define DOMAIN_ALIAS_RID_RAS_SERVERS
Definition: setypes.h:663
DOMAIN_GROUP_RID_CERT_ADMINS
#define DOMAIN_GROUP_RID_CERT_ADMINS
Definition: setypes.h:644
DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
Definition: setypes.h:646
DOMAIN_USER_RID_KRBTGT
#define DOMAIN_USER_RID_KRBTGT
Definition: setypes.h:633
DOMAIN_GROUP_RID_ADMINS
#define DOMAIN_GROUP_RID_ADMINS
Definition: setypes.h:639
DOMAIN_GROUP_RID_USERS
#define DOMAIN_GROUP_RID_USERS
Definition: setypes.h:640

Definition at line 109 of file security.c.

Referenced by ComputeStringSidSize(), CreateWellKnownSid(), and ParseStringSidToSid().

◆ WellKnownSids

const WELLKNOWNSID WellKnownSids[]
static

Definition at line 45 of file security.c.

Referenced by ComputeStringSidSize(), CreateWellKnownSid(), DumpSid(), IsWellKnownSid(), and ParseStringSidToSid().