155#define ADS_RIGHT_DS_CREATE_CHILD 0x0001
156#define ADS_RIGHT_DS_DELETE_CHILD 0x0002
157#define ADS_RIGHT_ACTRL_DS_LIST 0x0004
158#define ADS_RIGHT_DS_SELF 0x0008
159#define ADS_RIGHT_DS_READ_PROP 0x0010
160#define ADS_RIGHT_DS_WRITE_PROP 0x0020
161#define ADS_RIGHT_DS_DELETE_TREE 0x0040
162#define ADS_RIGHT_DS_LIST_OBJECT 0x0080
163#define ADS_RIGHT_DS_CONTROL_ACCESS 0x0100
259 if (!ServerName || !ServerName[0])
264 if (
Result && (ServerName[0] ==
'\\') && (ServerName[1] ==
'\\'))
282 DWORD SubAuthority[4];
286 memcpy(
sid, &computer_sid,
sizeof(computer_sid) );
309 ERR(
"NtOpenProcessToken failed! Status %08x.\n",
Status);
377 BOOL DisableAllPrivileges,
386 DisableAllPrivileges,
559 if (SidsToDisable !=
NULL)
562 if (DisableSids ==
NULL)
578 if (PrivilegesToDelete !=
NULL)
581 if (DeletePrivileges ==
NULL)
598 if (SidsToRestrict !=
NULL)
601 if (RestrictedSids ==
NULL)
610 RestrictedSids->
GroupCount = RestrictedSidCount;
641 if (DisableSids !=
NULL)
646 if (DeletePrivileges !=
NULL)
651 if (RestrictedSids !=
NULL)
677 BYTE nSubAuthorityCount,
685 pIdentifierAuthority, nSubAuthorityCount,
686 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
687 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
771 if (*
cbSid < output_sid_length)
773 *
cbSid = output_sid_length;
785 *
cbSid = output_sid_length;
866 BYTE nSubAuthorityCount)
871 pIdentifierAuthority,
954 LPDWORD lpdwAbsoluteSecurityDescriptorSize,
967 pAbsoluteSecurityDescriptor,
968 lpdwAbsoluteSecurityDescriptorSize,
976 lpdwPrimaryGroupSize);
996 TRACE(
"(%p,0x%08x,%p,0x%08x,%p)\n",
Handle, RequestedInformation,
997 pSecurityDescriptor,
nLength, lpnLengthNeeded);
1010 DWORD dwAclRevision)
1030 TRACE(
"(%p)\n", hNamedPipe);
1145 DWORD dwStartingAceIndex,
1147 DWORD nAceListLength)
1199 DWORD nAclInformationLength,
1203 nAclInformationLength, dwAclInformationClass));
1391 RequestedInformation,
1392 pSecurityDescriptor,
1419 TRACE(
"GetFileSecurityW() called\n");
1428 ERR(
"Invalid path\n");
1452 ERR(
"NtOpenFile() failed (Status %lx)\n",
Status);
1458 RequestedInformation,
1459 pSecurityDescriptor,
1465 ERR(
"NtQuerySecurityObject() failed (Status %lx)\n",
Status);
1496 pSecurityDescriptor);
1522 TRACE(
"SetFileSecurityW() called\n");
1531 ERR(
"Invalid path\n");
1555 ERR(
"NtOpenFile() failed (Status %lx)\n",
Status);
1562 pSecurityDescriptor);
1567 ERR(
"NtSetSecurityObject() failed (Status %lx)\n",
Status);
1601 FIXME(
"(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",
x1,
x2,x3,x4);
1670 (
PULONG)PrivilegeSetLength,
1790 ObjectTypeListLength,
1897 DWORD ResultListIndex;
1905 ObjectTypeListLength,
1917 for (ResultListIndex = 0; ResultListIndex < ObjectTypeListLength; ResultListIndex++)
2019 LPDWORD hReferencedDomainNameLength,
2033 *hReferencedDomainNameLength *
sizeof(
WCHAR));
2039 lpReferencedDomainNameW,
2040 hReferencedDomainNameLength,
2043 if (
ret && lpReferencedDomainNameW)
2047 lpReferencedDomainNameW,
2048 *hReferencedDomainNameLength + 1,
2050 *hReferencedDomainNameLength + 1,
2134 DWORD AccessPermissions,
2156 DWORD AccessPermissions,
2178 DWORD ObjectsPresent = 0;
2214 DWORD ObjectsPresent = 0;
2253 DWORD ObjectsPresent = 0;
2302 DWORD ObjectsPresent = 0;
2410 TRACE(
"(%p)\n", pTrustee);
2423 TRACE(
"(%p)\n", pTrustee);
2475 DWORD nAclInformationLength,
2482 nAclInformationLength,
2483 dwAclInformationClass);
2561 while (*szAcl && *szAcl !=
'(')
2567 else if (*szAcl ==
'A')
2572 else if (*szAcl ==
'I')
2607 while (*szAcl ==
' ')
2610 while (lpaf->
wstr &&
2618 *StringAcl = szAcl +
len;
2644 while (*szAcl ==
' ')
2647 while (*szAcl !=
';')
2651 while (lpaf->
wstr &&
2715 while (*szAcl ==
' ')
2718 if ((*szAcl ==
'0') && (*(szAcl + 1) ==
'x'))
2722 while (*
p && *
p !=
';')
2725 if (
p - szAcl <= 10 )
2735 while (*szAcl !=
';')
2739 while (lpaf->
wstr &&
2749 rights |= lpaf->
value;
2787 while (*StringAcl ==
'(')
2795 if (*StringAcl !=
';')
2806 if (*StringAcl !=
';')
2814 if (*StringAcl !=
';')
2819 while (*StringAcl ==
' ')
2821 if (*StringAcl !=
';')
2823 FIXME(
"Support for *_OBJECT_ACE_TYPE not implemented\n");
2829 while (*StringAcl ==
' ')
2831 if (*StringAcl !=
';')
2833 FIXME(
"Support for *_OBJECT_ACE_TYPE not implemented\n");
2841 while (*StringAcl && *StringAcl !=
')')
2845 if (*StringAcl !=
')')
2863 ERR(
"ACL too large\n");
2879 WARN(
"Invalid ACE string format\n");
2887 LPCWSTR StringSecurityDescriptor,
2905 while (*StringSecurityDescriptor ==
' ')
2906 StringSecurityDescriptor++;
2908 while (*StringSecurityDescriptor)
2910 toktype = *StringSecurityDescriptor;
2913 StringSecurityDescriptor++;
2914 if (*StringSecurityDescriptor !=
':')
2919 StringSecurityDescriptor++;
2922 lptoken = StringSecurityDescriptor;
2923 while (*lptoken && *lptoken !=
':')
2929 len = lptoken - StringSecurityDescriptor;
3012 FIXME(
"Unknown token\n");
3017 StringSecurityDescriptor = lptoken;
3035 DWORD StringSDRevision,
3037 PULONG SecurityDescriptorSize)
3041 LPWSTR StringSecurityDescriptorW;
3046 if (StringSecurityDescriptorW)
3052 SecurityDescriptorSize);
3065 DWORD StringSDRevision,
3067 PULONG SecurityDescriptorSize)
3097 if (!psd)
goto lend;
3109 if (SecurityDescriptorSize)
3110 *SecurityDescriptorSize = cBytes;
3115 TRACE(
" ret=%d\n", bret);
3137 WCHAR fmt[] = {
'S',
'-',
'%',
'u',
'-',
'%',
'd',0 };
3138 WCHAR subauthfmt[] = {
'-',
'%',
'u',0 };
3151 FIXME(
"not matching MS' bugs\n");
3225 static const WCHAR fmtW[] = {
'0',
'x',
'%',
'x',0};
3245 for (
i = 0;
i < 32;
i++)
3257 for (
i = 0;
i < 32;
i++)
3258 if (
mask & (1 <<
i))
3265 static const WCHAR openbr =
'(';
3266 static const WCHAR closebr =
')';
3267 static const WCHAR semicolon =
';';
3345 if (!
DumpAce(ace, pwptr, plen))
3354 static const WCHAR prefix[] = {
'O',
':',0};
3365 if (!
DumpSid(psid, pwptr, plen))
3372 static const WCHAR prefix[] = {
'G',
':',0};
3383 if (!
DumpSid(psid, pwptr, plen))
3390 static const WCHAR dacl[] = {
'D',
':',0};
3392 BOOL present, defaulted;
3413 static const WCHAR sacl[] = {
'S',
':',0};
3415 BOOL present, defaulted;
3444 ERR(
"Program requested unknown SDDL revision %d\n", SDRevision);
3492 *OutputString = wstr;
3494 *OutputLen =
strlenW(*OutputString)+1;
3512 if (*OutputString ==
NULL)
3522 if (OutputLen !=
NULL)
3528 *OutputString =
NULL;
3546 else if (!StringSid || !
Sid)
3569 else if (!StringSid || !
Sid)
3590 WCHAR FixedBuffer[64];
3614 if (
NULL == *StringSid)
3659 if (
NULL == *StringSid)
3687 if (pEnvironment ==
NULL)
3710 if (pEnvironment ==
NULL)
3749 TRACE(
"CreateProcessWithLogonW(%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p)\n",
debugstr_w(lpUsername),
debugstr_w(lpDomain),
3752 lpStartupInfo, lpProcessInformation);
3757 L"\\pipe\\seclogon",
3762 WARN(
"RpcStringBindingCompose returned 0x%x\n",
Status);
3772 WARN(
"RpcBindingFromStringBinding returned 0x%x\n",
Status);
3778 WARN(
"RpcStringFree returned 0x%x\n",
Status);
3792 Request.Environment = lpEnvironment;
3794 TRACE(
"Request.dwEnvironmentSize %lu\n",
Request.dwEnvironmentSize);
3795 TRACE(
"Request.Environment %p\n",
Request.Environment);
3797 Request.dwLogonFlags = dwLogonFlags;
3798 Request.dwCreationFlags = dwCreationFlags;
3801 TRACE(
"Request.dwProcessId %lu\n",
Request.dwProcessId);
3824 WARN(
"RpcBindingFree returned 0x%x\n",
Status);
3838 TRACE(
"CreateProcessWithLogonW() done\n");
3847 FIXME(
"%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n",
token,
3849 creation_flags, environment,
debugstr_w(current_directory),
3850 startup_info, process_information);
3854 current_directory, startup_info, process_information );
3872 TRACE(
"%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3880 if (lpTokenAttributes !=
NULL)
3884 lpTokenAttributes->bInheritHandle ?
OBJ_INHERIT : 0,
3886 lpTokenAttributes->lpSecurityDescriptor);
3904 DuplicateTokenHandle);
3907 ERR(
"NtDuplicateToken failed: Status %08x\n",
Status);
3912 TRACE(
"Returning token %p.\n", *DuplicateTokenHandle);
3930 DuplicateTokenHandle);
3938 if (StringSid[0] ==
'S' && StringSid[1] ==
'-')
3943 if (*StringSid ==
'-')
3984 TRACE(
"StringSid is NULL, returning FALSE\n");
3988 while (*StringSid ==
' ')
3997 TRACE(
"only size requested, returning TRUE with %d\n", *cBytes);
4001 if (StringSid[0] ==
'S' && StringSid[1] ==
'-')
4016 TRACE(
"SubAuthorityCount is 0\n");
4023 while (*StringSid && *StringSid !=
'-')
4025 if (*StringSid ==
'-')
4033 identAuth =
atoiW(StringSid);
4040 while (*StringSid && *StringSid !=
'-')
4042 if (*StringSid ==
'-')
4049 while (*StringSid && *StringSid !=
'-')
4051 if (*StringSid ==
'-')
4093 TRACE(
"returning %s\n", bret ?
"TRUE" :
"FALSE");
4117 TRACE(
"%s %d %d %p %p %p %p %p\n", pObjectName,
ObjectType, SecurityInfo,
4118 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
4128 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
4141 DWORD required_size;
4144 FIXME(
"(%p %p %p): semi-stub\n",
sid, domain_sid,
size );
4165 if (*
size < required_size || !domain_sid)
4167 *
size = required_size;
4174 for (
i = 0;
i < 4;
i++)
4177 *
size = required_size;
static GENERIC_MAPPING GenericMapping
enum _ACCESS_MODE ACCESS_MODE
enum _TRUSTEE_FORM TRUSTEE_FORM
enum _TRUSTEE_TYPE TRUSTEE_TYPE
@ TRUSTEE_IS_OBJECTS_AND_SID
@ TRUSTEE_IS_OBJECTS_AND_NAME
enum _SE_OBJECT_TYPE SE_OBJECT_TYPE
NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on an object.
NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
ACPI_SIZE strlen(const char *String)
static unsigned char bytes[4]
static void * heap_alloc(size_t len)
static BOOL heap_free(void *mem)
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
VOID __stdcall SeclCreateProcessWithLogonW(_In_ handle_t hBinding, _In_ SECL_REQUEST *pRequest, _Out_ SECL_RESPONSE *pResponse)
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
SIZE_T LPPROCESS_INFORMATION
#define ERROR_NOT_ENOUGH_MEMORY
#define ERROR_INSUFFICIENT_BUFFER
#define NT_SUCCESS(StatCode)
BOOL WINAPI LookupAccountNameW(LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, LPDWORD cbSid, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
BOOL WINAPI LookupPrivilegeDisplayNameW(LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
BOOL WINAPI LookupPrivilegeNameW(LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, LPDWORD cchName)
DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
BOOL WINAPI GetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
static DWORD GetAnsiEnvironmentSize(PVOID pEnvironment)
#define ADS_RIGHT_DS_LIST_OBJECT
BOOL WINAPI LookupAccountNameA(LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
static const WCHAR SDDL_AUDIT_FAILURE[]
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
static const ACEFLAG AceFlags[]
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
static const WELLKNOWNRID WellKnownRids[]
BOOL WINAPI CreateRestrictedToken(_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
Creates a filtered token that is a restricted one of the regular access token. A restricted token can...
BOOL WINAPI SetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID *Sid)
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
BOOL WINAPI SetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
static DWORD ParseAclStringFlags(LPCWSTR *StringAcl)
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
BOOL WINAPI LookupPrivilegeDisplayNameA(LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEE_W pTrustee)
static const ACEFLAG AceRights[]
static BYTE ParseAceStringFlags(LPCWSTR *StringAcl)
static const WCHAR SDDL_CONTAINER_INHERIT[]
static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
struct _ACEFLAG * LPACEFLAG
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
static const WCHAR SDDL_AUDIT[]
static LPWSTR SERV_dup(LPCSTR str)
static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
DWORD WINAPI GetSecurityInfoExA(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup)
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID *Sid)
BOOL WINAPI EqualPrefixSid(PSID pSid1, PSID pSid2)
#define ADS_RIGHT_DS_DELETE_TREE
#define ADS_RIGHT_ACTRL_DS_LIST
VOID WINAPI BuildTrusteeWithSidA(PTRUSTEE_A pTrustee, PSID pSid)
DWORD WINAPI GetSecurityInfoExW(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup)
LPWSTR WINAPI GetTrusteeNameW(PTRUSTEE_W pTrustee)
static const WCHAR SDDL_NO_WRITE_UP[]
BOOL WINAPI ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
BOOL WINAPI AddAccessDeniedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
static const WCHAR SDDL_OBJECT_AUDIT[]