ReactOS 0.4.15-dev-8102-g108db8f
security.c File Reference
#include <advapi32.h>
#include <sddl.h>
Include dependency graph for security.c:

Go to the source code of this file.

Classes

struct  _ACEFLAG
 
union  _MAX_SID
 
struct  WELLKNOWNSID
 
struct  WELLKNOWNRID
 

Macros

#define ADS_RIGHT_DS_CREATE_CHILD   0x0001
 
#define ADS_RIGHT_DS_DELETE_CHILD   0x0002
 
#define ADS_RIGHT_ACTRL_DS_LIST   0x0004
 
#define ADS_RIGHT_DS_SELF   0x0008
 
#define ADS_RIGHT_DS_READ_PROP   0x0010
 
#define ADS_RIGHT_DS_WRITE_PROP   0x0020
 
#define ADS_RIGHT_DS_DELETE_TREE   0x0040
 
#define ADS_RIGHT_DS_LIST_OBJECT   0x0080
 
#define ADS_RIGHT_DS_CONTROL_ACCESS   0x0100
 

Typedefs

typedef struct _ACEFLAG ACEFLAG
 
typedef struct _ACEFLAGLPACEFLAG
 
typedef struct _MAX_SID MAX_SID
 
typedef struct WELLKNOWNSID WELLKNOWNSID
 
typedef struct WELLKNOWNRID WELLKNOWNRID
 

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (advapi)
 
static BOOL ParseStringSidToSid (LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
 
static const chardebugstr_sid (PSID sid)
 
static __inline BOOL set_ntstatus (NTSTATUS status)
 
static LPWSTR SERV_dup (LPCSTR str)
 
BOOL ADVAPI_IsLocalComputer (LPCWSTR ServerName)
 
BOOL ADVAPI_GetComputerSid (PSID sid)
 
BOOL WINAPI OpenProcessToken (HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
 
BOOL WINAPI OpenThreadToken (HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
 
BOOL WINAPI AdjustTokenGroups (HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState, DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength)
 
BOOL WINAPI AdjustTokenPrivileges (HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
 
BOOL WINAPI GetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
 
BOOL WINAPI SetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
 
BOOL WINAPI SetThreadToken (IN PHANDLE ThreadHandle OPTIONAL, IN HANDLE TokenHandle)
 
BOOL WINAPI CreateRestrictedToken (_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
 Creates a filtered token that is a restricted one of the regular access token. A restricted token can have disabled SIDs, deleted privileges and/or restricted SIDs added.
 
BOOL WINAPI AllocateAndInitializeSid (PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
 
PVOID WINAPI FreeSid (PSID pSid)
 
BOOL WINAPI CopySid (DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
 
BOOL WINAPI CreateWellKnownSid (IN WELL_KNOWN_SID_TYPE WellKnownSidType, IN PSID DomainSid OPTIONAL, OUT PSID pSid, IN OUT DWORD *cbSid)
 
BOOL WINAPI IsWellKnownSid (IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType)
 
BOOL WINAPI IsValidSid (PSID pSid)
 
BOOL WINAPI EqualSid (PSID pSid1, PSID pSid2)
 
BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
 
DWORD WINAPI GetSidLengthRequired (UCHAR nSubAuthorityCount)
 
BOOL WINAPI InitializeSid (PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
 
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority (PSID pSid)
 
PDWORD WINAPI GetSidSubAuthority (PSID pSid, DWORD nSubAuthority)
 
PUCHAR WINAPI GetSidSubAuthorityCount (PSID pSid)
 
DWORD WINAPI GetLengthSid (PSID pSid)
 
BOOL WINAPI InitializeSecurityDescriptor (PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
 
BOOL WINAPI MakeAbsoluteSD (PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
 
BOOL WINAPI GetKernelObjectSecurity (HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI InitializeAcl (PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
 
BOOL WINAPI ImpersonateNamedPipeClient (HANDLE hNamedPipe)
 
BOOL WINAPI AddAccessAllowedAce (PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessAllowedAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessDeniedAce (PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAccessDeniedAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
 
BOOL WINAPI AddAce (PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
 
BOOL WINAPI DeleteAce (PACL pAcl, DWORD dwAceIndex)
 
BOOL WINAPI FindFirstFreeAce (PACL pAcl, LPVOID *pAce)
 
BOOL WINAPI GetAce (PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
 
BOOL WINAPI GetAclInformation (PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
 
BOOL WINAPI IsValidAcl (PACL pAcl)
 
BOOL WINAPI AllocateLocallyUniqueId (PLUID Luid)
 
BOOL WINAPI LookupPrivilegeDisplayNameA (LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
 
BOOL WINAPI LookupPrivilegeNameA (LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
 
BOOL WINAPI GetFileSecurityA (LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI GetFileSecurityW (LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
 
BOOL WINAPI SetFileSecurityA (LPCSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
 
BOOL WINAPI SetFileSecurityW (LPCWSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
 
BOOL WINAPI QueryWindows31FilesMigration (DWORD x1)
 
BOOL WINAPI SynchronizeWindows31FilesAndWindowsNTRegistry (DWORD x1, DWORD x2, DWORD x3, DWORD x4)
 
BOOL WINAPI RevertToSelf (VOID)
 
BOOL WINAPI ImpersonateSelf (SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
BOOL WINAPI AccessCheck (IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT LPDWORD PrivilegeSetLength, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus)
 
BOOL WINAPI AccessCheckByType (_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ DWORD DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ DWORD ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ LPDWORD PrivilegeSetLength, _Out_ LPDWORD GrantedAccess, _Out_ LPBOOL AccessStatus)
 Determines whether security access can be granted to a client that requests such access on the object type list. The access is either granted or denied for the whole object hierarchy in the list.
 
BOOL WINAPI AccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ DWORD DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ DWORD ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ LPDWORD PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) LPDWORD GrantedAccess, _Out_writes_(ObjectTypeListLength) LPBOOL AccessStatus)
 Determines whether security access can be granted to a client that requests such access on the object type list. Unlike the AccessCheckByType variant, this function will grant or deny access to each individual object and sub-object in the list.
 
BOOL WINAPI SetKernelObjectSecurity (HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
 
BOOL WINAPI AddAuditAccessAce (PACL pAcl, DWORD dwAceRevision, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
 
BOOL WINAPI AddAuditAccessAceEx (PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
 
BOOL WINAPI LookupAccountNameA (LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
 
BOOL WINAPI PrivilegeCheck (HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
 
DWORD WINAPI GetSecurityInfoExA (HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup)
 
DWORD WINAPI GetSecurityInfoExW (HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup)
 
VOID WINAPI BuildExplicitAccessWithNameA (PEXPLICIT_ACCESSA pExplicitAccess, LPSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
 
VOID WINAPI BuildExplicitAccessWithNameW (PEXPLICIT_ACCESSW pExplicitAccess, LPWSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
 
VOID WINAPI BuildTrusteeWithObjectsAndNameA (PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName, SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName, LPSTR InheritedObjectTypeName, LPSTR Name)
 
VOID WINAPI BuildTrusteeWithObjectsAndNameW (PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName, SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName, LPWSTR InheritedObjectTypeName, LPWSTR Name)
 
VOID WINAPI BuildTrusteeWithObjectsAndSidA (PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
 
VOID WINAPI BuildTrusteeWithObjectsAndSidW (PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
 
VOID WINAPI BuildTrusteeWithSidA (PTRUSTEE_A pTrustee, PSID pSid)
 
VOID WINAPI BuildTrusteeWithSidW (PTRUSTEE_W pTrustee, PSID pSid)
 
VOID WINAPI BuildTrusteeWithNameA (PTRUSTEE_A pTrustee, LPSTR name)
 
VOID WINAPI BuildTrusteeWithNameW (PTRUSTEE_W pTrustee, LPWSTR name)
 
TRUSTEE_FORM WINAPI GetTrusteeFormA (PTRUSTEEA pTrustee)
 
TRUSTEE_FORM WINAPI GetTrusteeFormW (PTRUSTEEW pTrustee)
 
LPSTR WINAPI GetTrusteeNameA (PTRUSTEE_A pTrustee)
 
LPWSTR WINAPI GetTrusteeNameW (PTRUSTEE_W pTrustee)
 
TRUSTEE_TYPE WINAPI GetTrusteeTypeA (PTRUSTEE_A pTrustee)
 
TRUSTEE_TYPE WINAPI GetTrusteeTypeW (PTRUSTEE_W pTrustee)
 
BOOL WINAPI SetAclInformation (PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
 
DWORD WINAPI SetNamedSecurityInfoA (LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
 
BOOL WINAPI AreAllAccessesGranted (DWORD GrantedAccess, DWORD DesiredAccess)
 
BOOL WINAPI AreAnyAccessesGranted (DWORD GrantedAccess, DWORD DesiredAccess)
 
static DWORD ParseAclStringFlags (LPCWSTR *StringAcl)
 
static BYTE ParseAceStringType (LPCWSTR *StringAcl)
 
static BYTE ParseAceStringFlags (LPCWSTR *StringAcl)
 
static DWORD ParseAceStringRights (LPCWSTR *StringAcl)
 
static BOOL ParseStringAclToAcl (LPCWSTR StringAcl, LPDWORD lpdwFlags, PACL pAcl, LPDWORD cBytes)
 
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor (LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
 
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA (LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
 
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW (LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
 
static void DumpString (LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSidNumeric (PSID psid, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSid (PSID psid, WCHAR **pwptr, ULONG *plen)
 
static void DumpRights (DWORD mask, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpAce (LPVOID pace, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpAcl (PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
 
static BOOL DumpOwner (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpGroup (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpDacl (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
static BOOL DumpSacl (PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW (PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
 
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA (PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
 
BOOL WINAPI ConvertStringSidToSidW (LPCWSTR StringSid, PSID *Sid)
 
BOOL WINAPI ConvertStringSidToSidA (LPCSTR StringSid, PSID *Sid)
 
BOOL WINAPI ConvertSidToStringSidW (PSID Sid, LPWSTR *StringSid)
 
BOOL WINAPI ConvertSidToStringSidA (PSID Sid, LPSTR *StringSid)
 
static DWORD GetUnicodeEnvironmentSize (PVOID pEnvironment)
 
static DWORD GetAnsiEnvironmentSize (PVOID pEnvironment)
 
BOOL WINAPI CreateProcessWithLogonW (_In_ LPCWSTR lpUsername, _In_opt_ LPCWSTR lpDomain, _In_ LPCWSTR lpPassword, _In_ DWORD dwLogonFlags, _In_opt_ LPCWSTR lpApplicationName, _Inout_opt_ LPWSTR lpCommandLine, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCWSTR lpCurrentDirectory, _In_ LPSTARTUPINFOW lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation)
 
BOOL WINAPI CreateProcessWithTokenW (HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line, DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info, PROCESS_INFORMATION *process_information)
 
BOOL WINAPI DuplicateTokenEx (IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
 
BOOL WINAPI DuplicateToken (IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
 
static DWORD ComputeStringSidSize (LPCWSTR StringSid)
 
DWORD WINAPI GetNamedSecurityInfoA (LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
 
BOOL WINAPI GetWindowsAccountDomainSid (PSID sid, PSID domain_sid, DWORD *size)
 
BOOL WINAPI EqualDomainSid (IN PSID pSid1, IN PSID pSid2, OUT BOOL *pfEqual)
 

Variables

static const WELLKNOWNSID WellKnownSids []
 
static const WELLKNOWNRID WellKnownRids []
 
static const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }
 
static const WCHAR SDDL_NO_READ_UP [] = {'N','R',0}
 
static const WCHAR SDDL_NO_WRITE_UP [] = {'N','W',0}
 
static const WCHAR SDDL_NO_EXECUTE_UP [] = {'N','X',0}
 
static const WCHAR SDDL_ACCESS_ALLOWED [] = {'A',0}
 
static const WCHAR SDDL_ACCESS_DENIED [] = {'D',0}
 
static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED [] = {'O','A',0}
 
static const WCHAR SDDL_OBJECT_ACCESS_DENIED [] = {'O','D',0}
 
static const WCHAR SDDL_AUDIT [] = {'A','U',0}
 
static const WCHAR SDDL_ALARM [] = {'A','L',0}
 
static const WCHAR SDDL_MANDATORY_LABEL [] = {'M','L',0}
 
static const WCHAR SDDL_OBJECT_AUDIT [] = {'O','U',0}
 
static const WCHAR SDDL_OBJECT_ALARM [] = {'O','L',0}
 
static const WCHAR SDDL_CONTAINER_INHERIT [] = {'C','I',0}
 
static const WCHAR SDDL_OBJECT_INHERIT [] = {'O','I',0}
 
static const WCHAR SDDL_NO_PROPAGATE [] = {'N','P',0}
 
static const WCHAR SDDL_INHERIT_ONLY [] = {'I','O',0}
 
static const WCHAR SDDL_INHERITED [] = {'I','D',0}
 
static const WCHAR SDDL_AUDIT_SUCCESS [] = {'S','A',0}
 
static const WCHAR SDDL_AUDIT_FAILURE [] = {'F','A',0}
 
static const ACEFLAG AceType []
 
static const ACEFLAG AceFlags []
 
static const ACEFLAG AceRights []
 
static const LPCWSTR AceRightBitNames [32]
 

Macro Definition Documentation

◆ ADS_RIGHT_ACTRL_DS_LIST

#define ADS_RIGHT_ACTRL_DS_LIST   0x0004

Definition at line 155 of file security.c.

◆ ADS_RIGHT_DS_CONTROL_ACCESS

#define ADS_RIGHT_DS_CONTROL_ACCESS   0x0100

Definition at line 161 of file security.c.

◆ ADS_RIGHT_DS_CREATE_CHILD

#define ADS_RIGHT_DS_CREATE_CHILD   0x0001

Definition at line 153 of file security.c.

◆ ADS_RIGHT_DS_DELETE_CHILD

#define ADS_RIGHT_DS_DELETE_CHILD   0x0002

Definition at line 154 of file security.c.

◆ ADS_RIGHT_DS_DELETE_TREE

#define ADS_RIGHT_DS_DELETE_TREE   0x0040

Definition at line 159 of file security.c.

◆ ADS_RIGHT_DS_LIST_OBJECT

#define ADS_RIGHT_DS_LIST_OBJECT   0x0080

Definition at line 160 of file security.c.

◆ ADS_RIGHT_DS_READ_PROP

#define ADS_RIGHT_DS_READ_PROP   0x0010

Definition at line 157 of file security.c.

◆ ADS_RIGHT_DS_SELF

#define ADS_RIGHT_DS_SELF   0x0008

Definition at line 156 of file security.c.

◆ ADS_RIGHT_DS_WRITE_PROP

#define ADS_RIGHT_DS_WRITE_PROP   0x0020

Definition at line 158 of file security.c.

Typedef Documentation

◆ ACEFLAG

◆ LPACEFLAG

◆ MAX_SID

◆ WELLKNOWNRID

◆ WELLKNOWNSID

Function Documentation

◆ AccessCheck()

BOOL WINAPI AccessCheck ( IN PSECURITY_DESCRIPTOR  pSecurityDescriptor,
IN HANDLE  ClientToken,
IN DWORD  DesiredAccess,
IN PGENERIC_MAPPING  GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet  OPTIONAL,
IN OUT LPDWORD  PrivilegeSetLength,
OUT LPDWORD  GrantedAccess,
OUT LPBOOL  AccessStatus 
)

Definition at line 1650 of file security.c.

1658{
1660 NTSTATUS NtAccessStatus;
1661
1662 /* Do the access check */
1663 Status = NtAccessCheck(pSecurityDescriptor,
1664 ClientToken,
1667 PrivilegeSet,
1668 (PULONG)PrivilegeSetLength,
1670 &NtAccessStatus);
1671
1672 /* See if the access check operation succeeded */
1673 if (!NT_SUCCESS(Status))
1674 {
1675 /* Check failed */
1677 return FALSE;
1678 }
1679
1680 /* Now check the access status */
1681 if (!NT_SUCCESS(NtAccessStatus))
1682 {
1683 /* Access denied */
1684 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1686 }
1687 else
1688 {
1689 /* Access granted */
1690 *AccessStatus = TRUE;
1691 }
1692
1693 /* Check succeeded */
1694 return TRUE;
1695}
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on an object.
Definition: accesschk.c:2214
LONG NTSTATUS
Definition: precomp.h:26
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SetLastError(x)
Definition: compat.h:752
Status
Definition: gdiplustypes.h:25
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
uint32_t * PULONG
Definition: typedefs.h:59
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20

Referenced by test_AccessCheck(), test_default_handle_security(), and test_FileSecurity().

◆ AccessCheckByType()

BOOL WINAPI AccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  pSecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ DWORD  DesiredAccess,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ DWORD  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ LPDWORD  PrivilegeSetLength,
_Out_ LPDWORD  GrantedAccess,
_Out_ LPBOOL  AccessStatus 
)

Determines whether security access can be granted to a client that requests such access on the object type list. The access is either granted or denied for the whole object hierarchy in the list.

Parameters
[in]pSecurityDescriptorA pointer to a security descriptor that identifies the security information of an object being accessed. This function walks through this descriptor for any ACLs and respective access rights if access can be granted.
[in]PrincipalSelfSidA pointer to a principal self SID. This parameter can be NULL if the associated object being checked for access does not represent a principal.
[in]ClientTokenA handle to an access token, that identifies the client of which requests access to the target object.
[in]DesiredAccessThe access right bitmask where the client wants to acquire. This can be an OR'ed set of multiple access rights or MAXIMUM_ALLOWED to request all of possible access rights the target object allows. If only some rights were granted but not all the access is deemed as denied.
[in]ObjectTypeListA pointer to a given object type list. If this parameter is not NULL the function will perform an access check against the main object and sub-objects of this list. If this parameter is NULL and ObjectTypeListLength is 0, the function will perform a normal access check instead.
[in]ObjectTypeListLengthThe length of the object type list array, pointed by ObjectTypeList. This length in question represents the number of elements in such array. This parameter must be 0 if no array list is provided.
[in]GenericMappingThe generic mapping of access rights of an object type.
[out]PrivilegeSetA pointer to a set of privileges that were used to perform the access check, returned to caller. This function will return no privileges (privilege count set to 0) if no privileges were used to accomplish the access check. This parameter must not be NULL!
[in,out]PrivilegeSetLengthThe total length size of a set of privileges. This length represents the count of elements in the privilege set array.
[out]GrantedAccessA pointer to granted access rights, returned to the caller.
[out]AccessStatusA pointer to a boolean value that indicates whether access is granted or denied to the client that requests access to the entire hierarchy of an object type list. If ObjectTypeList is NULL, this value represents the access that is granted or denied to the target object, just like in AccessCheck.
Returns
The function returns TRUE if the access check operation has completed successfully, otherwise it returns FALSE.

Definition at line 1767 of file security.c.

1779{
1781 NTSTATUS NtAccessStatus;
1782
1783 Status = NtAccessCheckByType(pSecurityDescriptor,
1784 PrincipalSelfSid,
1785 ClientToken,
1787 ObjectTypeList,
1788 ObjectTypeListLength,
1790 PrivilegeSet,
1791 PrivilegeSetLength,
1793 &NtAccessStatus);
1794 if (!NT_SUCCESS(Status))
1795 {
1797 return FALSE;
1798 }
1799
1800 if (!NT_SUCCESS(NtAccessStatus))
1801 {
1802 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1804 }
1805 else
1806 {
1807 *AccessStatus = TRUE;
1808 }
1809
1810 return TRUE;
1811}
NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2254

◆ AccessCheckByTypeResultList()

BOOL WINAPI AccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  pSecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ DWORD  DesiredAccess,
_In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ DWORD  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ LPDWORD  PrivilegeSetLength,
_Out_writes_(ObjectTypeListLength) LPDWORD  GrantedAccess,
_Out_writes_(ObjectTypeListLength) LPBOOL  AccessStatus 
)

Determines whether security access can be granted to a client that requests such access on the object type list. Unlike the AccessCheckByType variant, this function will grant or deny access to each individual object and sub-object in the list.

Parameters
[in]pSecurityDescriptorA pointer to a security descriptor that identifies the security information of an object being accessed. This function walks through this descriptor for any ACLs and respective access rights if access can be granted.
[in]PrincipalSelfSidA pointer to a principal self SID. This parameter can be NULL if the associated object being checked for access does not represent a principal.
[in]ClientTokenA handle to an access token, that identifies the client of which requests access to the target object.
[in]DesiredAccessThe access right bitmask where the client wants to acquire. This can be an OR'ed set of multiple access rights or MAXIMUM_ALLOWED to request all of possible access rights the target object allows. If only some rights were granted but not all the access is deemed as denied.
[in]ObjectTypeListA pointer to a given object type list. This function will perform an access check against the main object and sub-objects of this list. This parameter must not be NULL!
[in]ObjectTypeListLengthThe length of the object type list array, pointed by ObjectTypeList. This length in question represents the number of elements in such array. This parameter must be 0 if no array list is provided.
[in]GenericMappingThe generic mapping of access rights of an object type.
[out]PrivilegeSetA pointer to a set of privileges that were used to perform the access check, returned to caller. This function will return no privileges (privilege count set to 0) if no privileges were used to accomplish the access check. This parameter must not be NULL!
[in,out]PrivilegeSetLengthThe total length size of a set of privileges. This length represents the count of elements in the privilege set array.
[out]GrantedAccessA pointer to granted access rights. This parameter is an array of granted rights for the object and each sub-object of an object type list.
[out]AccessStatusA pointer to a boolean value that indicates whether access is granted or denied to the client that requests access to the object and sub-objects of an object type list. This parameter is an array of boolean values for the object and each individual sub-object of the list.
Returns
The function returns TRUE if the access check operation has completed successfully, otherwise it returns FALSE.

Definition at line 1881 of file security.c.

1893{
1895 DWORD ResultListIndex;
1896 PNTSTATUS NtAccessStatus = NULL;
1897
1898 Status = NtAccessCheckByTypeResultList(pSecurityDescriptor,
1899 PrincipalSelfSid,
1900 ClientToken,
1902 ObjectTypeList,
1903 ObjectTypeListLength,
1905 PrivilegeSet,
1906 PrivilegeSetLength,
1908 NtAccessStatus);
1909 if (!NT_SUCCESS(Status))
1910 {
1912 return FALSE;
1913 }
1914
1915 for (ResultListIndex = 0; ResultListIndex < ObjectTypeListLength; ResultListIndex++)
1916 {
1917 AccessStatus[ResultListIndex] = RtlNtStatusToDosError(NtAccessStatus[ResultListIndex]);
1918 }
1919
1920 return TRUE;
1921}
NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2297
#define NULL
Definition: types.h:112
unsigned long DWORD
Definition: ntddk_ex.h:95
* PNTSTATUS
Definition: strlen.c:14

◆ AddAccessAllowedAce()

BOOL WINAPI AddAccessAllowedAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AccessMask,
PSID  pSid 
)

◆ AddAccessAllowedAceEx()

BOOL WINAPI AddAccessAllowedAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1063 of file security.c.

1068{
1070
1073 AceFlags,
1074 AccessMask,
1075 pSid);
1076 if (!NT_SUCCESS(Status))
1077 {
1079 return FALSE;
1080 }
1081
1082 return TRUE;
1083}
static const ACEFLAG AceFlags[]
Definition: security.c:2624
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), CreateApplicationDesktopSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), get_sd(), and GetShellSecurityDescriptor().

◆ AddAccessDeniedAce()

BOOL WINAPI AddAccessDeniedAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1090 of file security.c.

1094{
1096
1099 AccessMask,
1100 pSid);
1101 if (!NT_SUCCESS(Status))
1102 {
1104 return FALSE;
1105 }
1106
1107 return TRUE;
1108}
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)

Referenced by AccRewriteSetEntriesInAcl(), convert_nfs4acl_2_dacl(), GetShellSecurityDescriptor(), test_AccessCheck(), and test_process_security().

◆ AddAccessDeniedAceEx()

BOOL WINAPI AddAccessDeniedAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  AccessMask,
PSID  pSid 
)

Definition at line 1114 of file security.c.

1119{
1121
1124 AceFlags,
1125 AccessMask,
1126 pSid);
1127 if (!NT_SUCCESS(Status))
1128 {
1130 return FALSE;
1131 }
1132
1133 return TRUE;
1134}
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)

Referenced by GetShellSecurityDescriptor().

◆ AddAce()

BOOL WINAPI AddAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  dwStartingAceIndex,
LPVOID  pAceList,
DWORD  nAceListLength 
)

Definition at line 1141 of file security.c.

1146{
1148
1149 Status = RtlAddAce(pAcl,
1151 dwStartingAceIndex,
1152 pAceList,
1153 nAceListLength);
1154 if (!NT_SUCCESS(Status))
1155 {
1157 return FALSE;
1158 }
1159
1160 return TRUE;
1161}
NTSYSAPI NTSTATUS NTAPI RtlAddAce(_Inout_ PACL Acl, _In_ ULONG AceRevision, _In_ ULONG StartingAceIndex, _In_reads_bytes_(AceListLength) PVOID AceList, _In_ ULONG AceListLength)

Referenced by test_AddAce().

◆ AddAuditAccessAce()

BOOL WINAPI AddAuditAccessAce ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  dwAccessMask,
PSID  pSid,
BOOL  bAuditSuccess,
BOOL  bAuditFailure 
)

Definition at line 1951 of file security.c.

1957{
1959
1962 dwAccessMask,
1963 pSid,
1964 bAuditSuccess,
1965 bAuditFailure);
1966 if (!NT_SUCCESS(Status))
1967 {
1969 return FALSE;
1970 }
1971
1972 return TRUE;
1973}
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)

◆ AddAuditAccessAceEx()

BOOL WINAPI AddAuditAccessAceEx ( PACL  pAcl,
DWORD  dwAceRevision,
DWORD  AceFlags,
DWORD  dwAccessMask,
PSID  pSid,
BOOL  bAuditSuccess,
BOOL  bAuditFailure 
)

Definition at line 1979 of file security.c.

1986{
1988
1991 AceFlags,
1992 dwAccessMask,
1993 pSid,
1994 bAuditSuccess,
1995 bAuditFailure);
1996 if (!NT_SUCCESS(Status))
1997 {
1999 return FALSE;
2000 }
2001
2002 return TRUE;
2003}
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)

◆ AdjustTokenGroups()

BOOL WINAPI AdjustTokenGroups ( HANDLE  TokenHandle,
BOOL  ResetToDefault,
PTOKEN_GROUPS  NewState,
DWORD  BufferLength,
PTOKEN_GROUPS  PreviousState,
PDWORD  ReturnLength 
)

Definition at line 346 of file security.c.

352{
354
356 ResetToDefault,
357 NewState,
361 if (!NT_SUCCESS(Status))
362 {
364 return FALSE;
365 }
366
367 return TRUE;
368}
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:43
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
NTSTATUS NTAPI NtAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
Changes the list of groups by enabling or disabling them in an access token. Unlike NtAdjustPrivilege...
Definition: tokenadj.c:695
_In_ WDF_POWER_DEVICE_STATE PreviousState
Definition: wdfdevice.h:829
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771

◆ AdjustTokenPrivileges()

BOOL WINAPI AdjustTokenPrivileges ( HANDLE  TokenHandle,
BOOL  DisableAllPrivileges,
PTOKEN_PRIVILEGES  NewState,
DWORD  BufferLength,
PTOKEN_PRIVILEGES  PreviousState,
PDWORD  ReturnLength 
)

Definition at line 374 of file security.c.

380{
382
384 DisableAllPrivileges,
385 NewState,
390 {
392 return TRUE;
393 }
394
395 if (!NT_SUCCESS(Status))
396 {
398 return FALSE;
399 }
400
401 /* AdjustTokenPrivileges is documented to do this */
403
404 return TRUE;
405}
#define ERROR_SUCCESS
Definition: deptool.c:10
#define STATUS_NOT_ALL_ASSIGNED
Definition: ntstatus.h:85
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
Removes a certain amount of privileges of a token based upon the request by the caller.
Definition: tokenadj.c:451
#define ERROR_NOT_ALL_ASSIGNED
Definition: winerror.h:782

Referenced by AcquireRemoveRestorePrivilege(), AddDeviceW(), DisablePrivilege(), DisableTokenPrivileges(), EnablePrivilege(), EnableProcessPrivileges(), enableTokenPrivilege(), CShellCommandSACL::Execute(), FormatEx2(), InstallReactOS(), named_pipe_client_func(), PauseBalanceW(), Privilege(), pSetupEnablePrivilege(), RecvSubvolGUIW(), RecvSubvolW(), RemoveDeviceW(), ResetStatsW(), ResizeDeviceW(), ScmEnableBackupRestorePrivileges(), SendSubvolGUIW(), SendSubvolW(), set_privileges(), SetDriverLoadPrivilege(), SetPrivilege(), SHInvokePrivilegedFunctionW(), ShowScrubW(), ShutdownSystem(), StartBalanceW(), StartScrubW(), StopBalanceW(), StopScrubW(), SystemSetLocalTime(), SystemSetTime(), test8(), test_AdjustTokenPrivileges(), test_SetFileValidData(), test_system_security_access(), UpdateDriver(), WinMain(), and wWinMain().

◆ ADVAPI_GetComputerSid()

BOOL ADVAPI_GetComputerSid ( PSID  sid)

Definition at line 273 of file security.c.

274{
275 static const struct /* same fields as struct SID */
276 {
280 DWORD SubAuthority[4];
281 } computer_sid =
283
284 memcpy( sid, &computer_sid, sizeof(computer_sid) );
285 return TRUE;
286}
FT_UInt sid
Definition: cffcmap.c:139
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
Definition: rtlfuncs.h:1515
_In_ ULONG Revision
Definition: rtlfuncs.h:1130
_In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: rtlfuncs.h:1513
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
#define SID_REVISION
Definition: setypes.h:481
#define SECURITY_NT_NON_UNIQUE
Definition: setypes.h:577
unsigned char BYTE
Definition: xxhash.c:193

Referenced by ComputeStringSidSize(), and ParseStringSidToSid().

◆ ADVAPI_IsLocalComputer()

BOOL ADVAPI_IsLocalComputer ( LPCWSTR  ServerName)

Definition at line 251 of file security.c.

252{
254 BOOL Result;
255 LPWSTR buf;
256
257 if (!ServerName || !ServerName[0])
258 return TRUE;
259
260 buf = heap_alloc(dwSize * sizeof(WCHAR));
262 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
263 ServerName += 2;
264 Result = Result && !lstrcmpW(ServerName, buf);
265 heap_free(buf);
266
267 return Result;
268}
static void * heap_alloc(size_t len)
Definition: appwiz.h:66
static BOOL heap_free(void *mem)
Definition: appwiz.h:76
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
int WINAPI lstrcmpW(LPCWSTR str1, LPCWSTR str2)
Definition: locale.c:4242
unsigned int BOOL
Definition: ntddk_ex.h:94
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:243
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
__wchar_t WCHAR
Definition: xmlstorage.h:180
WCHAR * LPWSTR
Definition: xmlstorage.h:184

◆ AllocateAndInitializeSid()

BOOL WINAPI AllocateAndInitializeSid ( PSID_IDENTIFIER_AUTHORITY  pIdentifierAuthority,
BYTE  nSubAuthorityCount,
DWORD  nSubAuthority0,
DWORD  nSubAuthority1,
DWORD  nSubAuthority2,
DWORD  nSubAuthority3,
DWORD  nSubAuthority4,
DWORD  nSubAuthority5,
DWORD  nSubAuthority6,
DWORD  nSubAuthority7,
PSID pSid 
)

Definition at line 674 of file security.c.

681{
683 pIdentifierAuthority, nSubAuthorityCount,
684 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
685 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
686 pSid ));
687}
static __inline BOOL set_ntstatus(NTSTATUS status)
Definition: security.c:227
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), check_wellknown_name(), CheckForGuestsAndAdmins(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreateLogoffSecurityAttributes(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), GetShellSecurityDescriptor(), Imm32IsInteractiveUserLogon(), is_process_limited(), is_token_admin(), IsCallerInteractive(), IsInteractiveUserLogon(), IsNTAdmin(), IsUserAdmin(), PerfDataInitialize(), pSetupIsUserAdmin(), SHTestTokenMembership(), START_TEST(), test_AccessCheck(), test_AddMandatoryAce(), test_CreateWellKnownSid(), test_EqualSid(), test_GetExplicitEntriesFromAclW(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_LookupAccountSid(), test_process_security(), test_reg_create_key(), test_reg_open_key(), test_SetEntriesInAclA(), test_SetEntriesInAclW(), test_sid(), and test_trustee().

◆ AllocateLocallyUniqueId()

BOOL WINAPI AllocateLocallyUniqueId ( PLUID  Luid)

Definition at line 1218 of file security.c.

1219{
1221
1223 if (!NT_SUCCESS (Status))
1224 {
1226 return FALSE;
1227 }
1228
1229 return TRUE;
1230}
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:348

Referenced by CookupNodeId(), LogonUserExW(), MyLogonUser(), and wined3d_adapter_init().

◆ AreAllAccessesGranted()

BOOL WINAPI AreAllAccessesGranted ( DWORD  GrantedAccess,
DWORD  DesiredAccess 
)

Definition at line 2532 of file security.c.

2534{
2537}
NTSYSAPI BOOLEAN NTAPI RtlAreAllAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)

◆ AreAnyAccessesGranted()

BOOL WINAPI AreAnyAccessesGranted ( DWORD  GrantedAccess,
DWORD  DesiredAccess 
)

Definition at line 2544 of file security.c.

2546{
2549}
NTSYSAPI BOOLEAN NTAPI RtlAreAnyAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)

◆ BuildExplicitAccessWithNameA()

VOID WINAPI BuildExplicitAccessWithNameA ( PEXPLICIT_ACCESSA  pExplicitAccess,
LPSTR  pTrusteeName,
DWORD  AccessPermissions,
ACCESS_MODE  AccessMode,
DWORD  Inheritance 
)

Definition at line 2130 of file security.c.

2135{
2136 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2137 pExplicitAccess->grfAccessMode = AccessMode;
2138 pExplicitAccess->grfInheritance = Inheritance;
2139
2140 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2142 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2143 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2144 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2145}
@ TRUSTEE_IS_NAME
Definition: accctrl.h:190
@ TRUSTEE_IS_UNKNOWN
Definition: accctrl.h:176
@ NO_MULTIPLE_TRUSTEE
Definition: accctrl.h:198
DWORD grfAccessPermissions
Definition: accctrl.h:332
TRUSTEE_A Trustee
Definition: accctrl.h:335
DWORD grfInheritance
Definition: accctrl.h:334
ACCESS_MODE grfAccessMode
Definition: accctrl.h:333
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:205
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:207
TRUSTEE_FORM TrusteeForm
Definition: accctrl.h:206
struct _TRUSTEE_A * pMultipleTrustee
Definition: accctrl.h:204
LPSTR ptstrName
Definition: accctrl.h:208
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396

◆ BuildExplicitAccessWithNameW()

VOID WINAPI BuildExplicitAccessWithNameW ( PEXPLICIT_ACCESSW  pExplicitAccess,
LPWSTR  pTrusteeName,
DWORD  AccessPermissions,
ACCESS_MODE  AccessMode,
DWORD  Inheritance 
)

Definition at line 2152 of file security.c.

2157{
2158 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2159 pExplicitAccess->grfAccessMode = AccessMode;
2160 pExplicitAccess->grfInheritance = Inheritance;
2161
2162 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2164 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2165 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2166 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2167}
DWORD grfAccessPermissions
Definition: accctrl.h:340
DWORD grfInheritance
Definition: accctrl.h:342
TRUSTEE_W Trustee
Definition: accctrl.h:343
ACCESS_MODE grfAccessMode
Definition: accctrl.h:341
LPWSTR ptstrName
Definition: accctrl.h:217
struct _TRUSTEE_W * pMultipleTrustee
Definition: accctrl.h:213
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:216
TRUSTEE_FORM TrusteeForm
Definition: accctrl.h:215
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:214

◆ BuildTrusteeWithNameA()

VOID WINAPI BuildTrusteeWithNameA ( PTRUSTEE_A  pTrustee,
LPSTR  name 
)

Definition at line 2375 of file security.c.

2377{
2378 TRACE("%p %s\n", pTrustee, name);
2379
2380 pTrustee->pMultipleTrustee = NULL;
2382 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2383 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2384 pTrustee->ptstrName = name;
2385}
#define TRACE(s)
Definition: solgame.cpp:4
Definition: name.c:39

◆ BuildTrusteeWithNameW()

VOID WINAPI BuildTrusteeWithNameW ( PTRUSTEE_W  pTrustee,
LPWSTR  name 
)

Definition at line 2391 of file security.c.

2393{
2394 TRACE("%p %s\n", pTrustee, name);
2395
2396 pTrustee->pMultipleTrustee = NULL;
2398 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2399 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2400 pTrustee->ptstrName = name;
2401}

◆ BuildTrusteeWithObjectsAndNameA()

VOID WINAPI BuildTrusteeWithObjectsAndNameA ( PTRUSTEEA  pTrustee,
POBJECTS_AND_NAME_A  pObjName,
SE_OBJECT_TYPE  ObjectType,
LPSTR  ObjectTypeName,
LPSTR  InheritedObjectTypeName,
LPSTR  Name 
)

Definition at line 2172 of file security.c.

2175{
2176 DWORD ObjectsPresent = 0;
2177
2178 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2180
2181 /* Fill the OBJECTS_AND_NAME structure */
2183 if (ObjectTypeName != NULL)
2184 {
2185 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2186 }
2187
2190 {
2191 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2192 }
2193
2194 pObjName->ObjectsPresent = ObjectsPresent;
2196
2197 /* Fill the TRUSTEE structure */
2198 pTrustee->pMultipleTrustee = NULL;
2201 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2202 pTrustee->ptstrName = (LPSTR)pObjName;
2203}
@ TRUSTEE_IS_OBJECTS_AND_NAME
Definition: accctrl.h:193
struct NameRec_ * Name
Definition: cdprocs.h:460
#define debugstr_a
Definition: kernel32.h:31
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
static POBJECTS_AND_NAME_A pObjName
Definition: security.c:77
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR InheritedObjectTypeName
Definition: security.c:80
ObjectType
Definition: metafile.c:81
DWORD ObjectsPresent
Definition: accctrl.h:356
LPSTR InheritedObjectTypeName
Definition: accctrl.h:359
SE_OBJECT_TYPE ObjectType
Definition: accctrl.h:357
#define ACE_INHERITED_OBJECT_TYPE_PRESENT
Definition: setypes.h:806
#define ACE_OBJECT_TYPE_PRESENT
Definition: setypes.h:805
char * LPSTR
Definition: xmlstorage.h:182

◆ BuildTrusteeWithObjectsAndNameW()

VOID WINAPI BuildTrusteeWithObjectsAndNameW ( PTRUSTEEW  pTrustee,
POBJECTS_AND_NAME_W  pObjName,
SE_OBJECT_TYPE  ObjectType,
LPWSTR  ObjectTypeName,
LPWSTR  InheritedObjectTypeName,
LPWSTR  Name 
)

Definition at line 2208 of file security.c.

2211{
2212 DWORD ObjectsPresent = 0;
2213
2214 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2216
2217 /* Fill the OBJECTS_AND_NAME structure */
2219 if (ObjectTypeName != NULL)
2220 {
2221 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2222 }
2223
2226 {
2227 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2228 }
2229
2230 pObjName->ObjectsPresent = ObjectsPresent;
2232
2233 /* Fill the TRUSTEE structure */
2234 pTrustee->pMultipleTrustee = NULL;
2237 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2238 pTrustee->ptstrName = (LPWSTR)pObjName;
2239}
#define debugstr_w
Definition: kernel32.h:32

◆ BuildTrusteeWithObjectsAndSidA()

VOID WINAPI BuildTrusteeWithObjectsAndSidA ( PTRUSTEEA  pTrustee,
POBJECTS_AND_SID  pObjSid,
GUID pObjectGuid,
GUID pInheritedObjectGuid,
PSID  pSid 
)

Definition at line 2245 of file security.c.

2250{
2251 DWORD ObjectsPresent = 0;
2252
2253 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2254
2255 /* Fill the OBJECTS_AND_SID structure */
2256 if (pObjectGuid != NULL)
2257 {
2259 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2260 }
2261 else
2262 {
2264 sizeof(GUID));
2265 }
2266
2268 {
2270 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2271 }
2272 else
2273 {
2275 sizeof(GUID));
2276 }
2277
2278 pObjSid->ObjectsPresent = ObjectsPresent;
2279 pObjSid->pSid = pSid;
2280
2281 /* Fill the TRUSTEE structure */
2282 pTrustee->pMultipleTrustee = NULL;
2285 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2286 pTrustee->ptstrName = (LPSTR) pObjSid;
2287}
@ TRUSTEE_IS_OBJECTS_AND_SID
Definition: accctrl.h:192
static POBJECTS_AND_SID pObjSid
Definition: security.c:83
static POBJECTS_AND_SID GUID * pObjectGuid
Definition: security.c:84
static POBJECTS_AND_SID GUID GUID * pInheritedObjectGuid
Definition: security.c:85
GUID InheritedObjectTypeGuid
Definition: accctrl.h:350
GUID ObjectTypeGuid
Definition: accctrl.h:349
DWORD ObjectsPresent
Definition: accctrl.h:348
#define ZeroMemory
Definition: winbase.h:1712

◆ BuildTrusteeWithObjectsAndSidW()

VOID WINAPI BuildTrusteeWithObjectsAndSidW ( PTRUSTEEW  pTrustee,
POBJECTS_AND_SID  pObjSid,
GUID pObjectGuid,
GUID pInheritedObjectGuid,
PSID  pSid 
)

Definition at line 2294 of file security.c.

2299{
2300 DWORD ObjectsPresent = 0;
2301
2302 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2303
2304 /* Fill the OBJECTS_AND_SID structure */
2305 if (pObjectGuid != NULL)
2306 {
2308 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2309 }
2310 else
2311 {
2313 sizeof(GUID));
2314 }
2315
2317 {
2319 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2320 }
2321 else
2322 {
2324 sizeof(GUID));
2325 }
2326
2327 pObjSid->ObjectsPresent = ObjectsPresent;
2328 pObjSid->pSid = pSid;
2329
2330 /* Fill the TRUSTEE structure */
2331 pTrustee->pMultipleTrustee = NULL;
2334 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2335 pTrustee->ptstrName = (LPWSTR) pObjSid;
2336}

◆ BuildTrusteeWithSidA()

VOID WINAPI BuildTrusteeWithSidA ( PTRUSTEE_A  pTrustee,
PSID  pSid 
)

Definition at line 2342 of file security.c.

2344{
2345 TRACE("%p %p\n", pTrustee, pSid);
2346
2347 pTrustee->pMultipleTrustee = NULL;
2349 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2350 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2351 pTrustee->ptstrName = (LPSTR) pSid;
2352}
@ TRUSTEE_IS_SID
Definition: accctrl.h:189

◆ BuildTrusteeWithSidW()

VOID WINAPI BuildTrusteeWithSidW ( PTRUSTEE_W  pTrustee,
PSID  pSid 
)

Definition at line 2359 of file security.c.

2361{
2362 TRACE("%p %p\n", pTrustee, pSid);
2363
2364 pTrustee->pMultipleTrustee = NULL;
2366 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2367 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2368 pTrustee->ptstrName = (LPWSTR) pSid;
2369}

◆ ComputeStringSidSize()

static DWORD ComputeStringSidSize ( LPCWSTR  StringSid)
static

Definition at line 3934 of file security.c.

3935{
3936 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
3937 {
3938 int ctok = 0;
3939 while (*StringSid)
3940 {
3941 if (*StringSid == '-')
3942 ctok++;
3943 StringSid++;
3944 }
3945
3946 if (ctok >= 3)
3947 return GetSidLengthRequired(ctok - 2);
3948 }
3949 else /* String constant format - Only available in winxp and above */
3950 {
3951 unsigned int i;
3952
3953 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3954 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3956
3957 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3958 if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3959 {
3960 MAX_SID local;
3963 }
3964
3965 }
3966
3967 return GetSidLengthRequired(0);
3968}
static const WELLKNOWNRID WellKnownRids[]
Definition: security.c:109
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:852
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:908
static const WELLKNOWNSID WellKnownSids[]
Definition: security.c:45
BOOL ADVAPI_GetComputerSid(PSID sid)
Definition: security.c:273
#define local
Definition: zutil.h:30
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
#define strncmpW(s1, s2, n)
Definition: unicode.h:42
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200

Referenced by ParseStringSidToSid().

◆ ConvertSecurityDescriptorToStringSecurityDescriptorA()

BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  SDRevision,
SECURITY_INFORMATION  Information,
LPSTR OutputString,
PULONG  OutputLen 
)

Definition at line 3499 of file security.c.

3500{
3501 LPWSTR wstr;
3502 ULONG len;
3504 {
3505 int lenA;
3506
3507 lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
3508 *OutputString = heap_alloc(lenA);
3509#ifdef __REACTOS__
3510 if (*OutputString == NULL)
3511 {
3512 LocalFree(wstr);
3513 *OutputLen = 0;
3514 return FALSE;
3515 }
3516#endif
3517 WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
3518 LocalFree(wstr);
3519
3520 if (OutputLen != NULL)
3521 *OutputLen = lenA;
3522 return TRUE;
3523 }
3524 else
3525 {
3526 *OutputString = NULL;
3527 if (OutputLen)
3528 *OutputLen = 0;
3529 return FALSE;
3530 }
3531}
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
Definition: security.c:3435
#define CP_ACP
Definition: compat.h:109
#define WideCharToMultiByte
Definition: compat.h:111
GLenum GLsizei len
Definition: glext.h:6722
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
uint32_t ULONG
Definition: typedefs.h:59
_In_ WDFREQUEST _In_ NTSTATUS _In_ ULONG_PTR Information
Definition: wdfrequest.h:1049
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191

◆ ConvertSecurityDescriptorToStringSecurityDescriptorW()

BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
DWORD  SDRevision,
SECURITY_INFORMATION  RequestedInformation,
LPWSTR OutputString,
PULONG  OutputLen 
)

Definition at line 3435 of file security.c.

3436{
3437 ULONG len;
3438 WCHAR *wptr, *wstr;
3439
3440 if (SDRevision != SDDL_REVISION_1)
3441 {
3442 ERR("Program requested unknown SDDL revision %d\n", SDRevision);
3444 return FALSE;
3445 }
3446
3447 len = 0;
3448 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3450 return FALSE;
3451 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3453 return FALSE;
3454 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3456 return FALSE;
3457 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3459 return FALSE;
3460
3461 wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
3462#ifdef __REACTOS__
3463 if (wstr == NULL)
3464 return FALSE;
3465#endif
3466
3467 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3468 if (!DumpOwner(SecurityDescriptor, &wptr, NULL)) {
3469 LocalFree (wstr);
3470 return FALSE;
3471 }
3472 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3473 if (!DumpGroup(SecurityDescriptor, &wptr, NULL)) {
3474 LocalFree (wstr);
3475 return FALSE;
3476 }
3477 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3478 if (!DumpDacl(SecurityDescriptor, &wptr, NULL)) {
3479 LocalFree (wstr);
3480 return FALSE;
3481 }
3482 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3483 if (!DumpSacl(SecurityDescriptor, &wptr, NULL)) {
3484 LocalFree (wstr);
3485 return FALSE;
3486 }
3487 *wptr = 0;
3488
3489 TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
3490 *OutputString = wstr;
3491 if (OutputLen)
3492 *OutputLen = strlenW(*OutputString)+1;
3493 return TRUE;
3494}
#define ERR(fmt,...)
Definition: debug.h:113
static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3409
static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3368
static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3350
static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3386
HLOCAL NTAPI LocalAlloc(UINT uFlags, SIZE_T dwBytes)
Definition: heapmem.c:1390
#define wine_dbgstr_w
Definition: kernel32.h:34
#define strlenW(s)
Definition: unicode.h:34
#define SDDL_REVISION_1
Definition: sddl.h:30
#define ERROR_UNKNOWN_REVISION
Definition: winerror.h:787
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorA().

◆ ConvertSidToStringSidA()

BOOL WINAPI ConvertSidToStringSidA ( PSID  Sid,
LPSTR StringSid 
)

Definition at line 3637 of file security.c.

3639{
3640 LPWSTR StringSidW;
3641 int Len;
3642
3643 if (!ConvertSidToStringSidW(Sid, &StringSidW))
3644 {
3645 return FALSE;
3646 }
3647
3648 Len = WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, NULL, 0, NULL, NULL);
3649 if (Len <= 0)
3650 {
3651 LocalFree(StringSidW);
3653 return FALSE;
3654 }
3655
3656 *StringSid = LocalAlloc(LMEM_FIXED, Len);
3657 if (NULL == *StringSid)
3658 {
3659 LocalFree(StringSidW);
3661 return FALSE;
3662 }
3663
3664 if (!WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, *StringSid, Len, NULL, NULL))
3665 {
3666 LocalFree(StringSid);
3667 LocalFree(StringSidW);
3668 return FALSE;
3669 }
3670
3671 LocalFree(StringSidW);
3672
3673 return TRUE;
3674}
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
#define Len
Definition: deflate.h:82
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3583
#define LMEM_FIXED
Definition: winbase.h:368

Referenced by debugstr_sid(), get_user_sid(), map_name_2_sid(), test_CreateWellKnownSid(), test_LookupAccountSid(), test_lsa(), test_sid(), test_sid_str(), test_token_attr(), and test_token_label().

◆ ConvertSidToStringSidW()

BOOL WINAPI ConvertSidToStringSidW ( PSID  Sid,
LPWSTR StringSid 
)

Definition at line 3583 of file security.c.

3585{
3588 WCHAR FixedBuffer[64];
3589
3590 if (!RtlValidSid(Sid))
3591 {
3593 return FALSE;
3594 }
3595
3596 UnicodeString.Length = 0;
3597 UnicodeString.MaximumLength = sizeof(FixedBuffer);
3598 UnicodeString.Buffer = FixedBuffer;
3601 {
3603 }
3604
3605 if (!NT_SUCCESS(Status))
3606 {
3608 return FALSE;
3609 }
3610
3611 *StringSid = LocalAlloc(LMEM_FIXED, UnicodeString.Length + sizeof(WCHAR));
3612 if (NULL == *StringSid)
3613 {
3614 if (UnicodeString.Buffer != FixedBuffer)
3615 {
3617 }
3619 return FALSE;
3620 }
3621
3622 MoveMemory(*StringSid, UnicodeString.Buffer, UnicodeString.Length);
3623 ZeroMemory((PCHAR) *StringSid + UnicodeString.Length, sizeof(WCHAR));
3624 if (UnicodeString.Buffer != FixedBuffer)
3625 {
3627 }
3628
3629 return TRUE;
3630}
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
char * PCHAR
Definition: typedefs.h:51
#define MoveMemory
Definition: winbase.h:1709
#define ERROR_INVALID_SID
Definition: winerror.h:819

Referenced by _GetUserSidStringFromToken(), AddUserProfiles(), ConvertSidToStringSidA(), CreateUserProfileExW(), get_user_sid(), GetEventUserName(), GetPrincipalDisplayString(), LsapGetDomainInfo(), LsapLookupAccountDomainSids(), LsapLookupBuiltinDomainSids(), LsapLookupWellKnownSids(), MsiSourceListAddSourceW(), RecycleBin5_Constructor(), SampAddMemberToAlias(), SampRemoveMemberFromAlias(), SampRemoveMemberFromAllAliases(), SampSetupAddMemberToAlias(), set_user_sid_prop(), START_TEST(), UpdatePrincipalInfo(), WhoamiGroups(), WhoamiLogonId(), and WhoamiUser().

◆ ConvertStringSecurityDescriptorToSecurityDescriptorA()

BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA ( LPCSTR  StringSecurityDescriptor,
DWORD  StringSDRevision,
PSECURITY_DESCRIPTOR SecurityDescriptor,
PULONG  SecurityDescriptorSize 
)

Definition at line 3032 of file security.c.

3036{
3037 UINT len;
3038 BOOL ret = FALSE;
3039 LPWSTR StringSecurityDescriptorW;
3040
3041 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
3042 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
3043
3044 if (StringSecurityDescriptorW)
3045 {
3046 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
3047
3049 StringSDRevision, SecurityDescriptor,
3050 SecurityDescriptorSize);
3051 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
3052 }
3053
3054 return ret;
3055}
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:3062
#define GetProcessHeap()
Definition: compat.h:736
#define HeapAlloc
Definition: compat.h:733
#define HeapFree(x, y, z)
Definition: compat.h:735
#define MultiByteToWideChar
Definition: compat.h:110
unsigned int UINT
Definition: ndis.h:50
int ret

Referenced by test_profile_directory_readonly().

◆ ConvertStringSecurityDescriptorToSecurityDescriptorW()

BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW ( LPCWSTR  StringSecurityDescriptor,
DWORD  StringSDRevision,
PSECURITY_DESCRIPTOR SecurityDescriptor,
PULONG  SecurityDescriptorSize 
)

Definition at line 3062 of file security.c.

3066{
3067 DWORD cBytes;
3069 BOOL bret = FALSE;
3070
3071 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
3072
3073 if (GetVersion() & 0x80000000)
3074 {
3076 goto lend;
3077 }
3078 else if (!StringSecurityDescriptor || !SecurityDescriptor)
3079 {
3081 goto lend;
3082 }
3083 else if (StringSDRevision != SID_REVISION)
3084 {
3086 goto lend;
3087 }
3088
3089 /* Compute security descriptor length */
3090 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3091 NULL, &cBytes))
3092 goto lend;
3093
3095 if (!psd) goto lend;
3096
3097 psd->Revision = SID_REVISION;
3098 psd->Control |= SE_SELF_RELATIVE;
3099
3100 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3101 (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
3102 {
3103 LocalFree(psd);
3104 goto lend;
3105 }
3106
3107 if (SecurityDescriptorSize)
3108 *SecurityDescriptorSize = cBytes;
3109
3110 bret = TRUE;
3111
3112lend:
3113 TRACE(" ret=%d\n", bret);
3114 return bret;
3115}
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
Definition: security.c:2884
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
DWORD WINAPI GetVersion()
Definition: redirtest.c:5
#define GMEM_ZEROINIT
Definition: winbase.h:306
#define SE_SELF_RELATIVE
Definition: setypes.h:834

Referenced by ConvertStringSecurityDescriptorToSecurityDescriptorA(), InstallOneService(), registry_callback(), and SetupQueueCopyIndirectW().

◆ ConvertStringSidToSidA()

BOOL WINAPI ConvertStringSidToSidA ( LPCSTR  StringSid,
PSID Sid 
)

Definition at line 3560 of file security.c.

3561{
3562 BOOL bret = FALSE;
3563
3564 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
3565 if (GetVersion() & 0x80000000)
3567 else if (!StringSid || !Sid)
3569 else
3570 {
3571 WCHAR *wStringSid = SERV_dup(StringSid);
3572 bret = ConvertStringSidToSidW(wStringSid, Sid);
3573 heap_free(wStringSid);
3574 }
3575 return bret;
3576}
BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID *Sid)
Definition: security.c:3536
static LPWSTR SERV_dup(LPCSTR str)
Definition: security.c:233

Referenced by test_LsaLookupSids().

◆ ConvertStringSidToSidW()

BOOL WINAPI ConvertStringSidToSidW ( LPCWSTR  StringSid,
PSID Sid 
)

Definition at line 3536 of file security.c.

3537{
3538 BOOL bret = FALSE;
3539 DWORD cBytes;
3540
3541 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
3542 if (GetVersion() & 0x80000000)
3544 else if (!StringSid || !Sid)
3546 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
3547 {
3548 PSID pSid = *Sid = LocalAlloc(0, cBytes);
3549
3550 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
3551 if (!bret)
3552 LocalFree(*Sid);
3553 }
3554 return bret;
3555}
static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
Definition: security.c:3973

Referenced by ConvertStringSidToSidA(), and fill_sid().

◆ CopySid()

BOOL WINAPI CopySid ( DWORD  nDestinationSidLength,
PSID  pDestinationSid,
PSID  pSourceSid 
)

◆ CreateProcessWithLogonW()

BOOL WINAPI CreateProcessWithLogonW ( _In_ LPCWSTR  lpUsername,
_In_opt_ LPCWSTR  lpDomain,
_In_ LPCWSTR  lpPassword,
_In_ DWORD  dwLogonFlags,
_In_opt_ LPCWSTR  lpApplicationName,
_Inout_opt_ LPWSTR  lpCommandLine,
_In_ DWORD  dwCreationFlags,
_In_opt_ LPVOID  lpEnvironment,
_In_opt_ LPCWSTR  lpCurrentDirectory,
_In_ LPSTARTUPINFOW  lpStartupInfo,
_Out_ LPPROCESS_INFORMATION  lpProcessInformation 
)

Definition at line 3728 of file security.c.

3740{
3741 LPWSTR pszStringBinding = NULL;
3746
3747 TRACE("CreateProcessWithLogonW(%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p)\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
3748 debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
3749 debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
3750 lpStartupInfo, lpProcessInformation);
3751
3753 L"ncacn_np",
3754 NULL,
3755 L"\\pipe\\seclogon",
3756 NULL,
3757 &pszStringBinding);
3758 if (Status != RPC_S_OK)
3759 {
3760 WARN("RpcStringBindingCompose returned 0x%x\n", Status);
3762 return FALSE;
3763 }
3764
3765 /* Set the binding handle that will be used to bind to the server. */
3766 Status = RpcBindingFromStringBindingW(pszStringBinding,
3767 &hBinding);
3768 if (Status != RPC_S_OK)
3769 {
3770 WARN("RpcBindingFromStringBinding returned 0x%x\n", Status);
3771 }
3772
3773 Status = RpcStringFreeW(&pszStringBinding);
3774 if (Status != RPC_S_OK)
3775 {
3776 WARN("RpcStringFree returned 0x%x\n", Status);
3777 }
3778
3779 Request.Username = (LPWSTR)lpUsername;
3780 Request.Domain = (LPWSTR)lpDomain;
3781 Request.Password = (LPWSTR)lpPassword;
3782 Request.ApplicationName = (LPWSTR)lpApplicationName;
3783 Request.CommandLine = (LPWSTR)lpCommandLine;
3784 Request.CurrentDirectory = (LPWSTR)lpCurrentDirectory;
3785
3786 if (dwCreationFlags & CREATE_UNICODE_ENVIRONMENT)
3787 Request.dwEnvironmentSize = GetUnicodeEnvironmentSize(lpEnvironment);
3788 else
3789 Request.dwEnvironmentSize = GetAnsiEnvironmentSize(lpEnvironment);
3790 Request.Environment = lpEnvironment;
3791
3792 TRACE("Request.dwEnvironmentSize %lu\n", Request.dwEnvironmentSize);
3793 TRACE("Request.Environment %p\n", Request.Environment);
3794
3795 Request.dwLogonFlags = dwLogonFlags;
3796 Request.dwCreationFlags = dwCreationFlags;
3797
3798 Request.dwProcessId = GetCurrentProcessId();
3799 TRACE("Request.dwProcessId %lu\n", Request.dwProcessId);
3800
3801 Response.hProcess = 0;
3802 Response.hThread = 0;
3803 Response.dwProcessId = 0;
3804 Response.dwThreadId = 0;
3805 Response.dwError = ERROR_SUCCESS;
3806
3808 {
3810 }
3812 {
3813 WARN("Exception: %lx\n", RpcExceptionCode());
3814 }
3816
3817 if (hBinding)
3818 {
3820 if (Status != RPC_S_OK)
3821 {
3822 WARN("RpcBindingFree returned 0x%x\n", Status);
3823 }
3824
3825 hBinding = NULL;
3826 }
3827
3828 TRACE("Response.hProcess %p\n", Response.hProcess);
3829 TRACE("Response.hThread %p\n", Response.hThread);
3830 TRACE("Response.dwProcessId %lu\n", Response.dwProcessId);
3831 TRACE("Response.dwThreadId %lu\n", Response.dwThreadId);
3832 TRACE("Response.dwError %lu\n", Response.dwError);
3833 if (Response.dwError != ERROR_SUCCESS)
3834 SetLastError(Response.dwError);
3835
3836 TRACE("CreateProcessWithLogonW() done\n");
3837
3838 return (Response.dwError == ERROR_SUCCESS);
3839}
VOID __stdcall SeclCreateProcessWithLogonW(_In_ handle_t hBinding, _In_ SECL_REQUEST *pRequest, _Out_ SECL_RESPONSE *pResponse)
Definition: rpcserver.c:57
#define WARN(fmt,...)
Definition: debug.h:115
handle_t hBinding
Definition: ctx_c.c:54
static DWORD GetAnsiEnvironmentSize(PVOID pEnvironment)
Definition: security.c:3702
static DWORD GetUnicodeEnvironmentSize(PVOID pEnvironment)
Definition: security.c:3679
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define L(x)
Definition: ntvdm.h:50
RPC_STATUS WINAPI RpcBindingFromStringBindingW(RPC_WSTR StringBinding, RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:880
RPC_STATUS WINAPI RpcStringBindingComposeW(RPC_WSTR ObjUuid, RPC_WSTR Protseq, RPC_WSTR NetworkAddr, RPC_WSTR Endpoint, RPC_WSTR Options, RPC_WSTR *StringBinding)
Definition: rpc_binding.c:510
RPC_STATUS WINAPI RpcBindingFree(RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:787
#define RPC_S_OK
Definition: rpcnterr.h:22
RPC_STATUS WINAPI RpcStringFreeW(RPC_WSTR *String)
Definition: rpcrt4_main.c:175
#define RpcEndExcept
Definition: rpc.h:128
#define RpcTryExcept
Definition: rpc.h:126
#define RpcExcept(expr)
Definition: rpc.h:127
long RPC_STATUS
Definition: rpc.h:52
#define RpcExceptionCode()
Definition: rpc.h:132
Definition: ncftp.h:89
_In_ WDFREQUEST Request
Definition: wdfdevice.h:547
#define CREATE_UNICODE_ENVIRONMENT
Definition: winbase.h:186
DWORD WINAPI GetCurrentProcessId(void)
Definition: proc.c:1158

Referenced by wmain().

◆ CreateProcessWithTokenW()

BOOL WINAPI CreateProcessWithTokenW ( HANDLE  token,
DWORD  logon_flags,
LPCWSTR  application_name,
LPWSTR  command_line,
DWORD  creation_flags,
void environment,
LPCWSTR  current_directory,
STARTUPINFOW startup_info,
PROCESS_INFORMATION process_information 
)

Definition at line 3841 of file security.c.

3844{
3845 FIXME("%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n", token,
3846 logon_flags, debugstr_w(application_name), debugstr_w(command_line),
3847 creation_flags, environment, debugstr_w(current_directory),
3848 startup_info, process_information);
3849
3850 /* FIXME: check if handles should be inherited */
3851 return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
3852 current_directory, startup_info, process_information );
3853}
#define FIXME(fmt,...)
Definition: debug.h:114
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
Definition: proc.c:4592
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210

◆ CreateRestrictedToken()

BOOL WINAPI CreateRestrictedToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ DWORD  Flags,
_In_ DWORD  DisableSidCount,
_In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES  SidsToDisable,
_In_ DWORD  DeletePrivilegeCount,
_In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES  PrivilegesToDelete,
_In_ DWORD  RestrictedSidCount,
_In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES  SidsToRestrict,
_Outptr_ PHANDLE  NewTokenHandle 
)

Creates a filtered token that is a restricted one of the regular access token. A restricted token can have disabled SIDs, deleted privileges and/or restricted SIDs added.

Parameters
[in]ExistingTokenHandleAn existing handle to a token where it's to be filtered.
[in]FlagsPrivilege flag options. This parameter argument influences how the token is filtered. Such parameter can be 0.
[in]DisableSidCountThe count number of SIDs to disable.
[in]SidsToDisableAn array list with SIDs that have to be disabled in a token.
[in]DeletePrivilegeCountThe count number of privileges to be deleted.
[in]PrivilegesToDeleteAn array list with privileges that have to be deleted in a token.
[in]RestrictedSidCountThe count number of restricted SIDs.
[in]SidsToRestrictAn array list with restricted SIDs to be added into the token. If the token already has restricted SIDs then the array provided by the caller is redundant information alongside with the existing restricted SIDs in the token.
[out]NewTokenHandleThe newly received handle to a restricted (filtered) token. The caller can use such handle to duplicate a new token.
Returns
Returns TRUE if the function has successfully completed the operations, otherwise FALSE is returned to indicate failure. For further details the caller has to invoke GetLastError() API call for extended information about the failure.

Definition at line 533 of file security.c.

543{
546 ULONG Index;
547 PTOKEN_GROUPS DisableSids = NULL;
548 PTOKEN_GROUPS RestrictedSids = NULL;
549 PTOKEN_PRIVILEGES DeletePrivileges = NULL;
550
551 /*
552 * Capture the elements we're being given from
553 * the caller and allocate the groups and/or
554 * privileges that have to be filtered in
555 * the token.
556 */
557 if (SidsToDisable != NULL)
558 {
559 DisableSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, DisableSidCount * sizeof(TOKEN_GROUPS));
560 if (DisableSids == NULL)
561 {
562 /* We failed, bail out */
564 return FALSE;
565 }
566
567 /* Copy the counter and loop the elements to copy the rest */
568 DisableSids->GroupCount = DisableSidCount;
569 for (Index = 0; Index < DisableSidCount; Index++)
570 {
571 DisableSids->Groups[Index].Sid = SidsToDisable[Index].Sid;
572 DisableSids->Groups[Index].Attributes = SidsToDisable[Index].Attributes;
573 }
574 }
575
576 if (PrivilegesToDelete != NULL)
577 {
578 DeletePrivileges = (PTOKEN_PRIVILEGES)LocalAlloc(LMEM_FIXED, DeletePrivilegeCount * sizeof(TOKEN_PRIVILEGES));
579 if (DeletePrivileges == NULL)
580 {
581 /* We failed, bail out */
583 Success = FALSE;
584 goto Cleanup;
585 }
586
587 /* Copy the counter and loop the elements to copy the rest */
588 DeletePrivileges->PrivilegeCount = DeletePrivilegeCount;
589 for (Index = 0; Index < DeletePrivilegeCount; Index++)
590 {
591 DeletePrivileges->Privileges[Index].Luid = PrivilegesToDelete[Index].Luid;
592 DeletePrivileges->Privileges[Index].Attributes = PrivilegesToDelete[Index].Attributes;
593 }
594 }
595
596 if (SidsToRestrict != NULL)
597 {
598 RestrictedSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, RestrictedSidCount * sizeof(TOKEN_GROUPS));
599 if (RestrictedSids == NULL)
600 {
601 /* We failed, bail out */
603 Success = FALSE;
604 goto Cleanup;
605 }
606
607 /* Copy the counter and loop the elements to copy the rest */
608 RestrictedSids->GroupCount = RestrictedSidCount;
609 for (Index = 0; Index < RestrictedSidCount; Index++)
610 {
611 RestrictedSids->Groups[Index].Sid = SidsToRestrict[Index].Sid;
612 RestrictedSids->Groups[Index].Attributes = SidsToRestrict[Index].Attributes;
613 }
614 }
615
616 /*
617 * Call the NT API to request a token filtering
618 * operation for us.
619 */
620 Status = NtFilterToken(ExistingTokenHandle,
621 Flags,
622 DisableSids,
623 DeletePrivileges,
624 RestrictedSids,
626 if (!NT_SUCCESS(Status))
627 {
628 /* We failed to do the job, bail out */
630 Success = FALSE;
631 goto Cleanup;
632 }
633
634 /* If we reach here then we've successfully filtered the token */
635 Success = TRUE;
636
637Cleanup:
638 /* Free whatever we allocated before */
639 if (DisableSids != NULL)
640 {
641 LocalFree(DisableSids);
642 }
643
644 if (DeletePrivileges != NULL)
645 {
646 LocalFree(DeletePrivileges);
647 }
648
649 if (RestrictedSids != NULL)
650 {
651 LocalFree(RestrictedSids);
652 }
653
654 return Success;
655}
static const WCHAR Cleanup[]
Definition: register.c:80
@ Success
Definition: eventcreate.c:712
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:412
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1018
$ULONG GroupCount
Definition: setypes.h:1014
$ULONG PrivilegeCount
Definition: setypes.h:1023
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:1024
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
Definition: tokenlif.c:2075
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ WDFCOLLECTION _In_ ULONG Index
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
struct _TOKEN_GROUPS * PTOKEN_GROUPS
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES

Referenced by test_token_security_descriptor().

◆ CreateWellKnownSid()

BOOL WINAPI CreateWellKnownSid ( IN WELL_KNOWN_SID_TYPE  WellKnownSidType,
IN PSID DomainSid  OPTIONAL,
OUT PSID  pSid,
IN OUT DWORD cbSid 
)

Definition at line 722 of file security.c.

726{
727 unsigned int i;
728 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
729
730 if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
731 {
733 return FALSE;
734 }
735
736 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
737 if (WellKnownSids[i].Type == WellKnownSidType) {
739
740 if (*cbSid < length)
741 {
742 *cbSid = length;
744 return FALSE;
745 }
746 if (!pSid)
747 {
749 return FALSE;
750 }
752 *cbSid = length;
753 return TRUE;
754 }
755 }
756
757 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
758 {
760 return FALSE;
761 }
762
763 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
764 if (WellKnownRids[i].Type == WellKnownSidType) {
765 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
766 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
767 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
768
769 if (*cbSid < output_sid_length)
770 {
771 *cbSid = output_sid_length;
773 return FALSE;
774 }
775 if (!pSid)
776 {
778 return FALSE;
779 }
780 CopyMemory(pSid, DomainSid, domain_sid_length);
782 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
783 *cbSid = output_sid_length;
784 return TRUE;
785 }
786
788 return FALSE;
789}
Type
Definition: Type.h:7
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:896
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:819
static const char * debugstr_sid(PSID sid)
Definition: security.c:174
GLuint GLsizei GLsizei * length
Definition: glext.h:6040
BYTE Revision
Definition: ms-dtyp.idl:199
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD cbSid
Definition: winbase.h:2743
#define CopyMemory
Definition: winbase.h:1710
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:482
unsigned char UCHAR
Definition: xmlstorage.h:181

Referenced by create_unknownsid(), get_sd(), test_SystemSecurity(), and well_known_sid().

◆ debugstr_sid()

static const char * debugstr_sid ( PSID  sid)
static

Definition at line 174 of file security.c.

175{
176 int auth = 0;
177 SID * psid = (SID *)sid;
178
179 if (psid == NULL)
180 return "(null)";
181
182 auth = psid->IdentifierAuthority.Value[5] +
183 (psid->IdentifierAuthority.Value[4] << 8) +
184 (psid->IdentifierAuthority.Value[3] << 16) +
185 (psid->IdentifierAuthority.Value[2] << 24);
186
187 switch (psid->SubAuthorityCount) {
188 case 0:
189 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
190 case 1:
191 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
192 psid->SubAuthority[0]);
193 case 2:
194 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
195 psid->SubAuthority[0], psid->SubAuthority[1]);
196 case 3:
197 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
198 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
199 case 4:
200 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
201 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
202 psid->SubAuthority[3]);
203 case 5:
204 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
205 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
206 psid->SubAuthority[3], psid->SubAuthority[4]);
207 case 6:
208 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
209 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
210 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
211 case 7:
212 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
213 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
214 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
215 psid->SubAuthority[6]);
216 case 8:
217 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
218 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
219 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
220 psid->SubAuthority[6], psid->SubAuthority[7]);
221 }
222 return "(too-big)";
223}
const char * wine_dbg_sprintf(const char *format,...)
Definition: compat.c:296
DWORD SubAuthority[*]
Definition: ms-dtyp.idl:202
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: ms-dtyp.idl:201

Referenced by check_wellknown_name(), CreateWellKnownSid(), IsWellKnownSid(), test_EqualSid(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), test_group_equal(), test_inherited_dacl(), test_owner_equal(), and test_TokenIntegrityLevel().

◆ DeleteAce()

BOOL WINAPI DeleteAce ( PACL  pAcl,
DWORD  dwAceIndex 
)

Definition at line 1166 of file security.c.

1167{
1168 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1169}
NTSYSAPI NTSTATUS NTAPI RtlDeleteAce(PACL Acl, ULONG AceIndex)

◆ DumpAce()

static BOOL DumpAce ( LPVOID  pace,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3260 of file security.c.

3261{
3262 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
3263 static const WCHAR openbr = '(';
3264 static const WCHAR closebr = ')';
3265 static const WCHAR semicolon = ';';
3266
3267 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
3268 {
3270 return FALSE;
3271 }
3272
3273 piace = pace;
3274 DumpString(&openbr, 1, pwptr, plen);
3275 switch (piace->Header.AceType)
3276 {
3278 DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
3279 break;
3281 DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
3282 break;
3284 DumpString(SDDL_AUDIT, -1, pwptr, plen);
3285 break;
3287 DumpString(SDDL_ALARM, -1, pwptr, plen);
3288 break;
3289 }
3290 DumpString(&semicolon, 1, pwptr, plen);
3291
3292 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
3293 DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
3295 DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
3297 DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
3298 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
3299 DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
3300 if (piace->Header.AceFlags & INHERITED_ACE)
3301 DumpString(SDDL_INHERITED, -1, pwptr, plen);
3303 DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
3305 DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
3306 DumpString(&semicolon, 1, pwptr, plen);
3307 DumpRights(piace->Mask, pwptr, plen);
3308 DumpString(&semicolon, 1, pwptr, plen);
3309 /* objects not supported */
3310 DumpString(&semicolon, 1, pwptr, plen);
3311 /* objects not supported */
3312 DumpString(&semicolon, 1, pwptr, plen);
3313 if (!DumpSid((PSID)&piace->SidStart, pwptr, plen))
3314 return FALSE;
3315 DumpString(&closebr, 1, pwptr, plen);
3316 return TRUE;
3317}
static const WCHAR SDDL_AUDIT_FAILURE[]
Definition: security.c:172
static const WCHAR SDDL_CONTAINER_INHERIT[]
Definition: security.c:166
static const WCHAR SDDL_AUDIT[]
Definition: security.c:142
static const WCHAR SDDL_OBJECT_INHERIT[]
Definition: security.c:167
static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3117
static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3171
static const WCHAR SDDL_ACCESS_ALLOWED[]
Definition: security.c:136
static const WCHAR SDDL_INHERIT_ONLY[]
Definition: security.c:169
static const WCHAR SDDL_INHERITED[]
Definition: security.c:170
static const WCHAR SDDL_ACCESS_DENIED[]
Definition: security.c:137
static const WCHAR SDDL_ALARM[]
Definition: security.c:143
static const WCHAR SDDL_NO_PROPAGATE[]
Definition: security.c:168
static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3221
static const ACEFLAG AceType[]
Definition: security.c:2583
static const WCHAR SDDL_AUDIT_SUCCESS[]
Definition: security.c:171
ACE_HEADER Header
Definition: ms-dtyp.idl:216
ACCESS_MASK Mask
Definition: ms-dtyp.idl:217
UCHAR AceFlags
Definition: ms-dtyp.idl:211
UCHAR AceType
Definition: ms-dtyp.idl:210
#define INHERITED_ACE
Definition: ph.h:47
#define ERROR_INVALID_ACL
Definition: winerror.h:818
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:747
#define INHERIT_ONLY_ACE
Definition: setypes.h:749
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:719
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define SYSTEM_ALARM_ACE_TYPE
Definition: setypes.h:720
#define OBJECT_INHERIT_ACE
Definition: setypes.h:746
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:748
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:754
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:753

Referenced by DumpAcl().

◆ DumpAcl()

static BOOL DumpAcl ( PACL  pacl,
WCHAR **  pwptr,
ULONG plen,
BOOL  protected,
BOOL  autoInheritReq,
BOOL  autoInherited 
)
static

Definition at line 3319 of file security.c.

3320{
3321 WORD count;
3322 int i;
3323
3324 if (protected)
3325 DumpString(SDDL_PROTECTED, -1, pwptr, plen);
3326 if (autoInheritReq)
3327 DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
3328 if (autoInherited)
3329 DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
3330
3331 if (pacl == NULL)
3332 return TRUE;
3333
3334 if (!IsValidAcl(pacl))
3335 return FALSE;
3336
3337 count = pacl->AceCount;
3338 for (i = 0; i < count; i++)
3339 {
3340 LPVOID ace;
3341 if (!GetAce(pacl, i, &ace))
3342 return FALSE;
3343 if (!DumpAce(ace, pwptr, plen))
3344 return FALSE;
3345 }
3346
3347 return TRUE;
3348}
static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3260
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
Definition: security.c:1186
BOOL WINAPI IsValidAcl(PACL pAcl)
Definition: security.c:1209
unsigned short WORD
Definition: ntddk_ex.h:93
GLuint GLuint GLsizei count
Definition: gl.h:1545
#define SDDL_AUTO_INHERITED
Definition: sddl.h:46
#define SDDL_AUTO_INHERIT_REQ
Definition: sddl.h:45
#define SDDL_PROTECTED
Definition: sddl.h:44
USHORT AceCount
Definition: ms-dtyp.idl:297

Referenced by DumpDacl(), and DumpSacl().

◆ DumpDacl()

static BOOL DumpDacl ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3386 of file security.c.

3387{
3388 static const WCHAR dacl[] = {'D',':',0};
3390 BOOL present, defaulted;
3391 DWORD revision;
3392 PACL pacl;
3393
3394 if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
3395 return FALSE;
3396
3397 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3398 return FALSE;
3399
3400 if (!present)
3401 return TRUE;
3402
3403 DumpString(dacl, 2, pwptr, plen);
3404 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
3405 return FALSE;
3406 return TRUE;
3407}
static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
Definition: security.c:3319
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
BOOL WINAPI GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
Definition: sec.c:21
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
Definition: security.c:35
#define SE_DACL_PROTECTED
Definition: setypes.h:831
#define SE_DACL_AUTO_INHERITED
Definition: setypes.h:829
#define SE_DACL_AUTO_INHERIT_REQ
Definition: setypes.h:827

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpGroup()

static BOOL DumpGroup ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3368 of file security.c.

3369{
3370 static const WCHAR prefix[] = {'G',':',0};
3371 BOOL bDefaulted;
3372 PSID psid;
3373
3374 if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
3375 return FALSE;
3376
3377 if (psid == NULL)
3378 return TRUE;
3379
3380 DumpString(prefix, -1, pwptr, plen);
3381 if (!DumpSid(psid, pwptr, plen))
3382 return FALSE;
3383 return TRUE;
3384}
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpOwner()

static BOOL DumpOwner ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3350 of file security.c.

3351{
3352 static const WCHAR prefix[] = {'O',':',0};
3353 BOOL bDefaulted;
3354 PSID psid;
3355
3356 if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
3357 return FALSE;
3358
3359 if (psid == NULL)
3360 return TRUE;
3361
3362 DumpString(prefix, -1, pwptr, plen);
3363 if (!DumpSid(psid, pwptr, plen))
3364 return FALSE;
3365 return TRUE;
3366}
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpRights()

static void DumpRights ( DWORD  mask,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3221 of file security.c.

3222{
3223 static const WCHAR fmtW[] = {'0','x','%','x',0};
3224 WCHAR buf[15];
3225 size_t i;
3226
3227 if (mask == 0)
3228 return;
3229
3230 /* first check if the right have name */
3231 for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
3232 {
3233 if (AceRights[i].wstr == NULL)
3234 break;
3235 if (mask == AceRights[i].value)
3236 {
3237 DumpString(AceRights[i].wstr, -1, pwptr, plen);
3238 return;
3239 }
3240 }
3241
3242 /* then check if it can be built from bit names */
3243 for (i = 0; i < 32; i++)
3244 {
3245 if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
3246 {
3247 /* can't be built from bit names */
3248 sprintfW(buf, fmtW, mask);
3249 DumpString(buf, -1, pwptr, plen);
3250 return;
3251 }
3252 }
3253
3254 /* build from bit names */
3255 for (i = 0; i < 32; i++)
3256 if (mask & (1 << i))
3257 DumpString(AceRightBitNames[i], -1, pwptr, plen);
3258}
static const ACEFLAG AceRights[]
Definition: security.c:2669
static const LPCWSTR AceRightBitNames[32]
Definition: security.c:3186
GLenum GLint GLuint mask
Definition: glext.h:6028
#define sprintfW
Definition: unicode.h:64
Definition: pdh_main.c:94

Referenced by DumpAce().

◆ DumpSacl()

static BOOL DumpSacl ( PSECURITY_DESCRIPTOR  SecurityDescriptor,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3409 of file security.c.

3410{
3411 static const WCHAR sacl[] = {'S',':',0};
3413 BOOL present, defaulted;
3414 DWORD revision;
3415 PACL pacl;
3416
3417 if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
3418 return FALSE;
3419
3420 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3421 return FALSE;
3422
3423 if (!present)
3424 return TRUE;
3425
3426 DumpString(sacl, 2, pwptr, plen);
3427 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
3428 return FALSE;
3429 return TRUE;
3430}
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
#define SE_SACL_PROTECTED
Definition: setypes.h:832
#define SE_SACL_AUTO_INHERITED
Definition: setypes.h:830
#define SE_SACL_AUTO_INHERIT_REQ
Definition: setypes.h:828

Referenced by ConvertSecurityDescriptorToStringSecurityDescriptorW().

◆ DumpSid()

static BOOL DumpSid ( PSID  psid,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3171 of file security.c.

3172{
3173 size_t i;
3174 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
3175 {
3176 if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
3177 {
3178 DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
3179 return TRUE;
3180 }
3181 }
3182
3183 return DumpSidNumeric(psid, pwptr, plen);
3184}
static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3132
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:829

Referenced by DumpAce(), DumpGroup(), and DumpOwner().

◆ DumpSidNumeric()

static BOOL DumpSidNumeric ( PSID  psid,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3132 of file security.c.

3133{
3134 DWORD i;
3135 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
3136 WCHAR subauthfmt[] = { '-','%','u',0 };
3137 WCHAR buf[26];
3138 SID *pisid = psid;
3139
3140 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
3141 {
3143 return FALSE;
3144 }
3145
3146 if (pisid->IdentifierAuthority.Value[0] ||
3147 pisid->IdentifierAuthority.Value[1])
3148 {
3149 FIXME("not matching MS' bugs\n");
3151 return FALSE;
3152 }
3153
3154 sprintfW( buf, fmt, pisid->Revision,
3155 MAKELONG(
3157 pisid->IdentifierAuthority.Value[4] ),
3159 pisid->IdentifierAuthority.Value[2] )
3160 ) );
3161 DumpString(buf, -1, pwptr, plen);
3162
3163 for( i=0; i<pisid->SubAuthorityCount; i++ )
3164 {
3165 sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
3166 DumpString(buf, -1, pwptr, plen);
3167 }
3168 return TRUE;
3169}
#define SDDL_REVISION
Definition: sddl.h:31
Definition: dsound.c:943
#define MAKEWORD(a, b)
Definition: typedefs.h:248
#define MAKELONG(a, b)
Definition: typedefs.h:249

Referenced by DumpSid().

◆ DumpString()

static void DumpString ( LPCWSTR  string,
int  cch,
WCHAR **  pwptr,
ULONG plen 
)
static

Definition at line 3117 of file security.c.

3118{
3119 if (cch == -1)
3120 cch = strlenW(string);
3121
3122 if (plen)
3123 *plen += cch;
3124
3125 if (pwptr)
3126 {
3127 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
3128 *pwptr += cch;
3129 }
3130}
static DWORD DWORD void LPSTR DWORD cch
Definition: str.c:202

Referenced by DumpAce(), DumpAcl(), DumpDacl(), DumpGroup(), DumpOwner(), DumpRights(), DumpSacl(), DumpSid(), and DumpSidNumeric().

◆ DuplicateToken()

BOOL WINAPI DuplicateToken ( IN HANDLE  ExistingTokenHandle,
IN SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel,
OUT PHANDLE  DuplicateTokenHandle 
)

Definition at line 3919 of file security.c.

3922{
3923 return DuplicateTokenEx(ExistingTokenHandle,
3925 NULL,
3928 DuplicateTokenHandle);
3929}
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3859
@ TokenImpersonation
Definition: imports.h:274
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156
#define TOKEN_QUERY
Definition: setypes.h:928
#define TOKEN_IMPERSONATE
Definition: setypes.h:927

Referenced by GetDuplicateToken(), test_AccessCheck(), test_CheckTokenMembership(), test_impersonation_level(), test_kernel_objects_security(), and test_token_attr().

◆ DuplicateTokenEx()

BOOL WINAPI DuplicateTokenEx ( IN HANDLE  ExistingTokenHandle,
IN DWORD  dwDesiredAccess,
IN LPSECURITY_ATTRIBUTES lpTokenAttributes  OPTIONAL,
IN SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel,
IN TOKEN_TYPE  TokenType,
OUT PHANDLE  DuplicateTokenHandle 
)

Definition at line 3859 of file security.c.

3865{
3869
3870 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3871 ImpersonationLevel, TokenType, DuplicateTokenHandle);
3872
3873 Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
3875 Sqos.ContextTrackingMode = 0;
3876 Sqos.EffectiveOnly = FALSE;
3877
3878 if (lpTokenAttributes != NULL)
3879 {
3881 NULL,
3882 lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0,
3883 NULL,
3884 lpTokenAttributes->lpSecurityDescriptor);
3885 }
3886 else
3887 {
3889 NULL,
3890 0,
3891 NULL,
3892 NULL);
3893 }
3894
3895 ObjectAttributes.SecurityQualityOfService = &Sqos;
3896
3897 Status = NtDuplicateToken(ExistingTokenHandle,
3898 dwDesiredAccess,
3900 FALSE,
3901 TokenType,
3902 DuplicateTokenHandle);
3903 if (!NT_SUCCESS(Status))
3904 {
3905 ERR("NtDuplicateToken failed: Status %08x\n", Status);
3907 return FALSE;
3908 }
3909
3910 TRACE("Returning token %p.\n", *DuplicateTokenHandle);
3911
3912 return TRUE;
3913}
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define OBJ_INHERIT
Definition: winternl.h:225
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869

Referenced by CheckTokenMembership(), DuplicateToken(), LaunchProcess(), START_TEST(), test_CreateRestrictedToken(), test_token_security_descriptor(), and WlxStartApplication().

◆ EqualDomainSid()

BOOL WINAPI EqualDomainSid ( IN PSID  pSid1,
IN PSID  pSid2,
OUT BOOL pfEqual 
)

Definition at line 4184 of file security.c.

4187{
4189 return FALSE;
4190}
#define UNIMPLEMENTED
Definition: debug.h:118

◆ EqualPrefixSid()

BOOL WINAPI EqualPrefixSid ( PSID  pSid1,
PSID  pSid2 
)

Definition at line 841 of file security.c.

843{
844 return RtlEqualPrefixSid (pSid1, pSid2);
845}
NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid(PSID Sid1, PSID Sid2)

Referenced by test_process_security().

◆ EqualSid()

◆ FindFirstFreeAce()

BOOL WINAPI FindFirstFreeAce ( PACL  pAcl,
LPVOID pAce 
)

Definition at line 1176 of file security.c.

1178{
1179 return RtlFirstFreeAce(pAcl,
1180 (PACE*)pAce);
1181}
NTSYSAPI BOOLEAN NTAPI RtlFirstFreeAce(PACL Acl, PACE *Ace)
Definition: rtltypes.h:993

◆ FreeSid()

◆ GetAce()

BOOL WINAPI GetAce ( PACL  pAcl,
DWORD  dwAceIndex,
LPVOID pAce 
)

Definition at line 1186 of file security.c.

1187{
1188 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1189}
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)

Referenced by AccRewriteGetExplicitEntriesFromAcl(), AccRewriteSetEntriesInAcl(), DumpAcl(), CSecurityDescriptor::GetDACLEntry(), CSecurityDescriptor::GetSACLEntry(), map_dacl_2_nfs4acl(), PrintFileDacl(), ReloadPrincipalsList(), and test_GetShellSecurityDescriptor().

◆ GetAclInformation()

BOOL WINAPI GetAclInformation ( PACL  pAcl,
LPVOID  pAclInformation,
DWORD  nAclInformationLength,
ACL_INFORMATION_CLASS  dwAclInformationClass 
)

Definition at line 1194 of file security.c.

1199{
1200 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1201 nAclInformationLength, dwAclInformationClass));
1202}
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationAcl(PACL, LPVOID, DWORD, ACL_INFORMATION_CLASS)

Referenced by AccRewriteSetEntriesInAcl(), CSecurityDescriptor::GetDACLEntriesCount(), CSecurityDescriptor::GetSACLEntriesCount(), and test_GetShellSecurityDescriptor().

◆ GetAnsiEnvironmentSize()

static DWORD GetAnsiEnvironmentSize ( PVOID  pEnvironment)
static

Definition at line 3702 of file security.c.

3704{
3705 INT Length, TotalLength = 0;
3706 PCHAR Ptr;
3707
3708 if (pEnvironment == NULL)
3709 return 0;
3710
3711 Ptr = (PCHAR)pEnvironment;
3712 while (*Ptr != ANSI_NULL)
3713 {
3714 Length = strlen(Ptr) + 1;
3716 Ptr = Ptr + Length;
3717 }
3718
3719 return TotalLength + 1;
3720}
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
#define PCHAR
Definition: match.c:90
#define ANSI_NULL
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
int32_t INT
Definition: typedefs.h:58
_In_ ULONG TotalLength
Definition: usbdlib.h:158

Referenced by CreateProcessWithLogonW().

◆ GetFileSecurityA()

BOOL WINAPI GetFileSecurityA ( LPCSTR  lpFileName,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 1373 of file security.c.

1378{
1380 BOOL bResult;
1381
1383 {
1385 return FALSE;
1386 }
1387
1388 bResult = GetFileSecurityW(FileName.Buffer,
1389 RequestedInformation,
1390 pSecurityDescriptor,
1391 nLength,
1392 lpnLengthNeeded);
1393
1395
1396 return bResult;
1397}
BOOL WINAPI GetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:1404
struct _FileName FileName
Definition: fatprocs.h:896
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
_In_ LPCSTR lpFileName
Definition: winbase.h:3071
_In_ DWORD nLength
Definition: wincon.h:473

Referenced by test_FileSecurity().

◆ GetFileSecurityW()

BOOL WINAPI GetFileSecurityW ( LPCWSTR  lpFileName,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 1404 of file security.c.

1409{
1411 IO_STATUS_BLOCK StatusBlock;
1413 ULONG AccessMask = 0;
1416
1417 TRACE("GetFileSecurityW() called\n");
1418
1419 QuerySecurityAccessMask(RequestedInformation, &AccessMask);
1420
1422 &FileName,
1423 NULL,
1424 NULL))
1425 {
1426 ERR("Invalid path\n");
1428 return FALSE;
1429 }
1430
1432 &FileName,
1434 NULL,
1435 NULL);
1436
1438 AccessMask,
1440 &StatusBlock,
1442 0);
1443
1444 RtlFreeHeap(RtlGetProcessHeap(),
1445 0,
1446 FileName.Buffer);
1447
1448 if (!NT_SUCCESS(Status))
1449 {
1450 ERR("NtOpenFile() failed (Status %lx)\n", Status);
1452 return FALSE;
1453 }
1454
1456 RequestedInformation,
1457 pSecurityDescriptor,
1458 nLength,
1459 lpnLengthNeeded);
1461 if (!NT_SUCCESS(Status))
1462 {
1463 ERR("NtQuerySecurityObject() failed (Status %lx)\n", Status);
1465 return FALSE;
1466 }
1467
1468 return TRUE;
1469}
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:608
#define FILE_SHARE_READ
Definition: compat.h:136
#define ERROR_INVALID_NAME
Definition: compat.h:103
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
NTSYSAPI NTSTATUS NTAPI NtOpenFile(OUT PHANDLE phFile, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG ShareMode, IN ULONG OpenMode)
Definition: file.c:3952
#define FILE_SHARE_WRITE
Definition: nt_native.h:681
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803
VOID WINAPI QuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
Definition: sec.c:377

Referenced by GetFileSecurityA(), and RetreiveFileSecurity().

◆ GetKernelObjectSecurity()

BOOL WINAPI GetKernelObjectSecurity ( HANDLE  Handle,
SECURITY_INFORMATION  RequestedInformation,
PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  nLength,
LPDWORD  lpnLengthNeeded 
)

Definition at line 987 of file security.c.

993{
994 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
995 pSecurityDescriptor, nLength, lpnLengthNeeded);
996
997 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
998 nLength, lpnLengthNeeded ));
999}
ULONG Handle
Definition: gdb_input.c:15

Referenced by test_AddMandatoryAce(), test_child_token_sd(), test_child_token_sd_medium(), test_child_token_sd_restricted(), test_default_dacl_owner_sid(), test_get_security_descriptor(), test_token_label(), and test_token_security_descriptor().

◆ GetLengthSid()

◆ GetNamedSecurityInfoA()

DWORD WINAPI GetNamedSecurityInfoA ( LPSTR  pObjectName,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
PSID ppsidOwner,
PSID ppsidGroup,
PACL ppDacl,
PACL ppSacl,
PSECURITY_DESCRIPTOR ppSecurityDescriptor 
)

Definition at line 4102 of file security.c.

4110{
4111 DWORD len;
4112 LPWSTR wstr = NULL;
4113 DWORD r;
4114
4115 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
4116 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
4117
4118 if( pObjectName )
4119 {
4120 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
4121 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
4122 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
4123 }
4124
4125 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
4126 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
4127
4128 HeapFree( GetProcessHeap(), 0, wstr );
4129
4130 return r;
4131}
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1147
GLdouble GLdouble GLdouble r
Definition: gl.h:2055

◆ GetSecurityInfoExA()

DWORD WINAPI GetSecurityInfoExA ( HANDLE  hObject,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
LPCSTR  lpProvider,
LPCSTR  lpProperty,
PACTRL_ACCESSA ppAccessList,
PACTRL_AUDITA ppAuditList,
LPSTR lppOwner,
LPSTR lppGroup 
)

Definition at line 2092 of file security.c.

2101{
2102 FIXME("%s() not implemented!\n", __FUNCTION__);
2103 return ERROR_BAD_PROVIDER;
2104}
#define __FUNCTION__
Definition: types.h:116
#define ERROR_BAD_PROVIDER
Definition: winerror.h:707

◆ GetSecurityInfoExW()

DWORD WINAPI GetSecurityInfoExW ( HANDLE  hObject,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
LPCWSTR  lpProvider,
LPCWSTR  lpProperty,
PACTRL_ACCESSW ppAccessList,
PACTRL_AUDITW ppAuditList,
LPWSTR lppOwner,
LPWSTR lppGroup 
)

Definition at line 2112 of file security.c.

2121{
2122 FIXME("%s() not implemented!\n", __FUNCTION__);
2123 return ERROR_BAD_PROVIDER;
2124}

◆ GetSidIdentifierAuthority()

PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority ( PSID  pSid)

Definition at line 885 of file security.c.

886{
889}
NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid)

Referenced by GetTextSid(), GetTextualSid(), and test_GetSidIdentifierAuthority().

◆ GetSidLengthRequired()

DWORD WINAPI GetSidLengthRequired ( UCHAR  nSubAuthorityCount)

Definition at line 852 of file security.c.

853{
854 return (DWORD)RtlLengthRequiredSid(nSubAuthorityCount);
855}
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

Referenced by ComputeStringSidSize(), CreateWellKnownSid(), GetWindowsAccountDomainSid(), LookupAccountNameW(), ParseStringSidToSid(), test_CreateWellKnownSid(), test_GetWindowsAccountDomainSid(), and test_LookupAccountSid().

◆ GetSidSubAuthority()

PDWORD WINAPI GetSidSubAuthority ( PSID  pSid,
DWORD  nSubAuthority 
)

Definition at line 896 of file security.c.

898{
900 return (PDWORD)RtlSubAuthoritySid(pSid, nSubAuthority);
901}
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
DWORD * PDWORD
Definition: pedump.c:68

Referenced by CreateWellKnownSid(), GetTextSid(), GetTextualSid(), GetWindowsAccountDomainSid(), LookupAccountNameW(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), and test_sid().

◆ GetSidSubAuthorityCount()

PUCHAR WINAPI GetSidSubAuthorityCount ( PSID  pSid)

◆ GetTokenInformation()

BOOL WINAPI GetTokenInformation ( HANDLE  TokenHandle,
TOKEN_INFORMATION_CLASS  TokenInformationClass,
LPVOID  TokenInformation,
DWORD  TokenInformationLength,
PDWORD  ReturnLength 
)

Definition at line 411 of file security.c.

416{
418
421 TokenInformation,
424 if (!NT_SUCCESS(Status))
425 {
427 return FALSE;
428 }
429
430 return TRUE;
431}
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:317
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:319
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473

Referenced by _GetUserSidStringFromToken(), AccpLookupCurrentUser(), AddUserProfiles(), AllowAccessOnSession(), are_all_privileges_disabled(), AuthzpQueryToken(), CheckForGuestsAndAdmins(), CreateProfile(), DoesUserHavePrivilege(), DwInitializeSdFromThreadToken(), get_admin_token(), get_current_group(), get_current_owner(), get_privilege_count(), get_user_sid(), GetFromToken(), GetShellSecurityDescriptor(), GetUserAndDomainName(), GetUserNameW(), GetUserSid(), GetUserSIDString(), GetUserToken(), ImpersonatePrinterClient(), is_process_elevated(), is_process_limited(), is_token_admin(), IsNTAdmin(), LoadUserProfileW(), named_pipe_client_func(), PerfDataRefresh(), RecycleBin5_Constructor(), RunningAsSYSTEM(), SHCreateSessionKey(), SHGetUserSessionId(), SHTestTokenPrivilegeW(), START_TEST(), TakeOwnershipOfFile(), test_CheckTokenMembership(), test_child_token_sd_medium(), test_child_token_sd_restricted(), test_CreateDirectoryA(), test_CreateRestrictedToken(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetTokenInformation(), test_GetWindowsAccountDomainSid(), test_ImpersonateNamedPipeClient(), test_impersonation_level(), test_LookupAccountSid(), test_lsa(), test_LsaLookupSids(), test_process_security(), test_pseudo_tokens(), test_token_attr(), test_token_security_descriptor(), test_TokenIntegrityLevel(), TestGetUserObjectInfoW(), validate_impersonation_token(), and WhoamiGetTokenInfo().

◆ GetTrusteeFormA()

TRUSTEE_FORM WINAPI GetTrusteeFormA ( PTRUSTEEA  pTrustee)

Definition at line 2406 of file security.c.

2407{
2408 TRACE("(%p)\n", pTrustee);
2409
2410 if (!pTrustee)
2411 return TRUSTEE_BAD_FORM;
2412
2413 return pTrustee->TrusteeForm;
2414}
@ TRUSTEE_BAD_FORM
Definition: accctrl.h:191

Referenced by InternalExplicitAccessAToW(), and InternalTrusteeAToW().

◆ GetTrusteeFormW()

TRUSTEE_FORM WINAPI GetTrusteeFormW ( PTRUSTEEW  pTrustee)

Definition at line 2419 of file security.c.

2420{
2421 TRACE("(%p)\n", pTrustee);
2422
2423 if (!pTrustee)
2424 return TRUSTEE_BAD_FORM;
2425
2426 return pTrustee->TrusteeForm;
2427}

◆ GetTrusteeNameA()

LPSTR WINAPI GetTrusteeNameA ( PTRUSTEE_A  pTrustee)

Definition at line 2433 of file security.c.

2434{
2435 return pTrustee->ptstrName;
2436}

Referenced by InternalExplicitAccessAToW(), and InternalTrusteeAToW().

◆ GetTrusteeNameW()

LPWSTR WINAPI GetTrusteeNameW ( PTRUSTEE_W  pTrustee)

Definition at line 2443 of file security.c.

2444{
2445 return pTrustee->ptstrName;
2446}

◆ GetTrusteeTypeA()

TRUSTEE_TYPE WINAPI GetTrusteeTypeA ( PTRUSTEE_A  pTrustee)

Definition at line 2452 of file security.c.

2453{
2454 return pTrustee->TrusteeType;
2455}

◆ GetTrusteeTypeW()

TRUSTEE_TYPE WINAPI GetTrusteeTypeW ( PTRUSTEE_W  pTrustee)

Definition at line 2461 of file security.c.

2462{
2463 return pTrustee->TrusteeType;
2464}

◆ GetUnicodeEnvironmentSize()

static DWORD GetUnicodeEnvironmentSize ( PVOID  pEnvironment)
static

Definition at line 3679 of file security.c.

3681{
3682 INT Length, TotalLength = 0;
3683 PWCHAR Ptr;
3684
3685 if (pEnvironment == NULL)
3686 return 0;
3687
3688 Ptr = (PWCHAR)pEnvironment;
3689 while (*Ptr != UNICODE_NULL)
3690 {
3691 Length = wcslen(Ptr) + 1;
3693 Ptr = Ptr + Length;
3694 }
3695
3696 return (TotalLength + 1) * sizeof(WCHAR);
3697}
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define UNICODE_NULL
uint16_t * PWCHAR
Definition: typedefs.h:56

Referenced by CreateProcessWithLogonW().

◆ GetWindowsAccountDomainSid()

BOOL WINAPI GetWindowsAccountDomainSid ( PSID  sid,
PSID  domain_sid,
DWORD size 
)

Definition at line 4136 of file security.c.

4137{
4139 DWORD required_size;
4140 int i;
4141
4142 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
4143
4144 if (!sid || !IsValidSid( sid ))
4145 {
4147 return FALSE;
4148 }
4149
4150 if (!size)
4151 {
4153 return FALSE;
4154 }
4155
4156 if (*GetSidSubAuthorityCount( sid ) < 4)
4157 {
4159 return FALSE;
4160 }
4161
4162 required_size = GetSidLengthRequired( 4 );
4163 if (*size < required_size || !domain_sid)
4164 {
4165 *size = required_size;
4168 return FALSE;
4169 }
4170
4171 InitializeSid( domain_sid, &domain_ident, 4 );
4172 for (i = 0; i < 4; i++)
4173 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
4174
4175 *size = required_size;
4176 return TRUE;
4177}
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:862
GLsizeiptr size
Definition: glext.h:5919

◆ ImpersonateNamedPipeClient()

BOOL WINAPI ImpersonateNamedPipeClient ( HANDLE  hNamedPipe)

Definition at line 1024 of file security.c.

1025{
1026 IO_STATUS_BLOCK io_block;
1027
1028 TRACE("(%p)\n", hNamedPipe);
1029
1030 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
1031 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
1032}
NTSYSAPI NTSTATUS NTAPI NtFsControlFile(IN HANDLE hFile, IN HANDLE hEvent OPTIONAL, IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL, IN PVOID IoApcContext OPTIONAL, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG DeviceIoControlCode, IN PVOID InBuffer OPTIONAL, IN ULONG InBufferLength, OUT PVOID OutBuffer OPTIONAL, IN ULONG OutBufferLength)
#define FSCTL_PIPE_IMPERSONATE
Definition: winioctl.h:85

Referenced by rpcrt4_conn_np_impersonate_client(), and test_ImpersonateNamedPipeClient().

◆ ImpersonateSelf()

BOOL WINAPI ImpersonateSelf ( SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel)

Definition at line 1631 of file security.c.

1632{
1634
1636 if (!NT_SUCCESS(Status))
1637 {
1639 return FALSE;
1640 }
1641
1642 return TRUE;
1643}
NTSYSAPI NTSTATUS NTAPI RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: priv.c:45

Referenced by test_FileSecurity(), and test_impersonation_level().

◆ InitializeAcl()

◆ InitializeSecurityDescriptor()

BOOL WINAPI InitializeSecurityDescriptor ( PSECURITY_DESCRIPTOR  pSecurityDescriptor,
DWORD  dwRevision 
)

Definition at line 929 of file security.c.

931{
933
934 Status = RtlCreateSecurityDescriptor(pSecurityDescriptor,
935 dwRevision);
936 if (!NT_SUCCESS(Status))
937 {
939 return FALSE;
940 }
941
942 return TRUE;
943}
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)

Referenced by AllowDesktopAccessToUser(), AllowWinstaAccessToUser(), CreateAllAccessSecurityAttributes(), CreateApplicationDesktopSecurity(), CreateDefaultProcessSecurityCommon(), CreateDefaultSecurityDescriptor(), CreateDhcpPipeSecurity(), CreateLogoffSecurityAttributes(), CreatePnpInstallEventSecurity(), CreatePowrProfSemaphoreSecurity(), CreateProfileMutex(), CreatePublicEvent(), CreateScreenSaverSecurity(), CreateWinlogonDesktopSecurity(), CreateWinstaSecurity(), DwInitializeSdFromThreadToken(), get_sd(), GetShellSecurityDescriptor(), handle_getacl(), InitializeAudioDeviceListLock(), pSetSecurityInfoCheck(), START_TEST(), TakeOwnershipOfFile(), test_AccessCheck(), test_AddMandatoryAce(), test_BuildSecurityDescriptorW(), test_ConvertSecurityDescriptorToString(), test_CopyBindInfo(), test_CreateDirectoryA(), test_default_dacl_owner_sid(), test_event(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_maximum_allowed(), test_process_security(), test_reg_create_key(), test_reg_open_key(), test_security_descriptor(), test_security_info(), and test_token_security_descriptor().

◆ InitializeSid()

BOOL WINAPI InitializeSid ( PSID  Sid,
PSID_IDENTIFIER_AUTHORITY  pIdentifierAuthority,
BYTE  nSubAuthorityCount 
)

Definition at line 862 of file security.c.

865{
867
869 pIdentifierAuthority,
870 nSubAuthorityCount);
871 if (!NT_SUCCESS(Status))
872 {
874 return FALSE;
875 }
876
877 return TRUE;
878}
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)

Referenced by GetWindowsAccountDomainSid(), and test_GetWindowsAccountDomainSid().

◆ IsValidAcl()

BOOL WINAPI IsValidAcl ( PACL  pAcl)

Definition at line 1209 of file security.c.

1210{
1211 return RtlValidAcl (pAcl);
1212}
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)

Referenced by DumpAcl(), CSecurityDescriptor::HasValidDACL(), CSecurityDescriptor::HasValidSACL(), test_acls(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), and test_GetShellSecurityDescriptor().

◆ IsValidSid()

◆ IsWellKnownSid()

BOOL WINAPI IsWellKnownSid ( IN PSID  pSid,
IN WELL_KNOWN_SID_TYPE  WellKnownSidType 
)

Definition at line 796 of file security.c.

798{
799 unsigned int i;
800 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
801
802 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
803 {
804 if (WellKnownSids[i].Type == WellKnownSidType)
805 {
807 return TRUE;
808 }
809 }
810
811 return FALSE;
812}

Referenced by is_well_known_sid(), and test_token_attr().

◆ LookupAccountNameA()

BOOL WINAPI LookupAccountNameA ( LPCSTR  SystemName,
LPCSTR  AccountName,
PSID  Sid,
LPDWORD  SidLength,
LPSTR  ReferencedDomainName,
LPDWORD  hReferencedDomainNameLength,
PSID_NAME_USE  SidNameUse 
)

Definition at line 2012 of file security.c.

2019{
2020 BOOL ret;
2021 UNICODE_STRING lpSystemW;
2022 UNICODE_STRING lpAccountW;
2023 LPWSTR lpReferencedDomainNameW = NULL;
2024
2025 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, SystemName);
2026 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, AccountName);
2027
2029 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(),
2030 0,
2031 *hReferencedDomainNameLength * sizeof(WCHAR));
2032
2033 ret = LookupAccountNameW(lpSystemW.Buffer,
2034 lpAccountW.Buffer,
2035 Sid,
2036 SidLength,
2037 lpReferencedDomainNameW,
2038 hReferencedDomainNameLength,
2039 SidNameUse);
2040
2041 if (ret && lpReferencedDomainNameW)
2042 {
2044 0,
2045 lpReferencedDomainNameW,
2046 *hReferencedDomainNameLength + 1,
2048 *hReferencedDomainNameLength + 1,
2049 NULL,
2050 NULL);
2051 }
2052
2053 RtlFreeUnicodeString(&lpSystemW);
2054 RtlFreeUnicodeString(&lpAccountW);
2055 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
2056
2057 return ret;
2058}
BOOL WINAPI LookupAccountNameW(LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, LPDWORD cbSid, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:626
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR ReferencedDomainName
Definition: winbase.h:2744

Referenced by check_wellknown_name(), and test_LookupAccountName().

◆ LookupPrivilegeDisplayNameA()

BOOL WINAPI LookupPrivilegeDisplayNameA ( LPCSTR  lpSystemName,
LPCSTR  lpName,
LPSTR  lpDisplayName,
LPDWORD  cchDisplayName,
LPDWORD  lpLanguageId 
)

Definition at line 1239 of file security.c.

1244{
1245 UNICODE_STRING lpSystemNameW;
1246 UNICODE_STRING lpNameW;
1247 BOOL ret;
1248 DWORD wLen = 0;
1249
1250 TRACE("%s %s %p %p %p\n", debugstr_a(lpSystemName), debugstr_a(lpName), lpName, cchDisplayName, lpLanguageId);
1251
1252 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1254 ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, NULL, &wLen,