ReactOS  0.4.11-dev-195-gef016bf
security.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * WINE COPYRIGHT:
4  * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
5  * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
6  * Copyright 2006 Robert Reif
7  * Copyright 2006 Hervé Poussineau
8  *
9  * PROJECT: ReactOS system libraries
10  * FILE: dll/win32/advapi32/wine/security.c
11  */
12 
13 #include <advapi32.h>
14 
15 #include <sddl.h>
16 
18 
19 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
20 
21 typedef struct _ACEFLAG
22 {
25 } ACEFLAG, *LPACEFLAG;
26 
27 typedef struct _MAX_SID
28 {
29  /* same fields as struct _SID */
34 } MAX_SID;
35 
36 typedef struct WELLKNOWNSID
37 {
38  WCHAR wstr[2];
41 } WELLKNOWNSID;
42 
43 static const WELLKNOWNSID WellKnownSids[] =
44 {
45  { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
46  { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
47  { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
48  { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
49  { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
50  { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
51  { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
52  { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
53  { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
54  { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
55  { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
56  { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
57  { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
58  { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
59  { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
60  { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
61  { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
62  { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
63  { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
64  { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
65  { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
66  { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
67  { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
68  { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
69  { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
70  { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
71  { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
72  { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
73  { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
74  { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
75  { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
76  { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
77  { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
78  { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
79  { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
80  { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
81  { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
82  { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
83  { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
84  { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
85  { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
86  { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
87  { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
88  { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
89  { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
90  { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
91  { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
92  { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
93  { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
94  { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
95  { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
96  { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
97 };
98 
99 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
100 typedef struct WELLKNOWNRID
101 {
105 } WELLKNOWNRID;
106 
107 static const WELLKNOWNRID WellKnownRids[] = {
108  { {'L','A'}, WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
109  { {'L','G'}, WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
110  { {0,0}, WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
111  { {'D','A'}, WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
112  { {'D','U'}, WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
113  { {'D','G'}, WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
114  { {'D','C'}, WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
115  { {'D','D'}, WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
116  { {'C','A'}, WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
117  { {'S','A'}, WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
118  { {'E','A'}, WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
119  { {'P','A'}, WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
120  { {'R','S'}, WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
121 };
122 
123 #ifndef __REACTOS__
125 #endif
126 
127 static const WCHAR SDDL_NO_READ_UP[] = {'N','R',0};
128 static const WCHAR SDDL_NO_WRITE_UP[] = {'N','W',0};
129 static const WCHAR SDDL_NO_EXECUTE_UP[] = {'N','X',0};
130 
131 /*
132  * ACE types
133  */
134 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
135 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
136 #ifndef __REACTOS__
137 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
138 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
139 #endif
140 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
141 static const WCHAR SDDL_ALARM[] = {'A','L',0};
142 static const WCHAR SDDL_MANDATORY_LABEL[] = {'M','L',0};
143 #ifndef __REACTOS__
144 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
145 static const WCHAR SDDL_OBJECT_ALARM[] = {'O','L',0};
146 #endif
147 
148 /*
149  * SDDL ADS Rights
150  */
151 #define ADS_RIGHT_DS_CREATE_CHILD 0x0001
152 #define ADS_RIGHT_DS_DELETE_CHILD 0x0002
153 #define ADS_RIGHT_ACTRL_DS_LIST 0x0004
154 #define ADS_RIGHT_DS_SELF 0x0008
155 #define ADS_RIGHT_DS_READ_PROP 0x0010
156 #define ADS_RIGHT_DS_WRITE_PROP 0x0020
157 #define ADS_RIGHT_DS_DELETE_TREE 0x0040
158 #define ADS_RIGHT_DS_LIST_OBJECT 0x0080
159 #define ADS_RIGHT_DS_CONTROL_ACCESS 0x0100
160 
161 /*
162  * ACE flags
163  */
164 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
165 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
166 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
167 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
168 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
169 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
170 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
171 
172 static const char * debugstr_sid(PSID sid)
173 {
174  int auth = 0;
175  SID * psid = (SID *)sid;
176 
177  if (psid == NULL)
178  return "(null)";
179 
180  auth = psid->IdentifierAuthority.Value[5] +
181  (psid->IdentifierAuthority.Value[4] << 8) +
182  (psid->IdentifierAuthority.Value[3] << 16) +
183  (psid->IdentifierAuthority.Value[2] << 24);
184 
185  switch (psid->SubAuthorityCount) {
186  case 0:
187  return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
188  case 1:
189  return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
190  psid->SubAuthority[0]);
191  case 2:
192  return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
193  psid->SubAuthority[0], psid->SubAuthority[1]);
194  case 3:
195  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
196  psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
197  case 4:
198  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
199  psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
200  psid->SubAuthority[3]);
201  case 5:
202  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
203  psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
204  psid->SubAuthority[3], psid->SubAuthority[4]);
205  case 6:
206  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
207  psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
208  psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
209  case 7:
210  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
211  psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
212  psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
213  psid->SubAuthority[6]);
214  case 8:
215  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
216  psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
217  psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
218  psid->SubAuthority[6], psid->SubAuthority[7]);
219  }
220  return "(too-big)";
221 }
222 
223 /* set last error code from NT status and get the proper boolean return value */
224 /* used for functions that are a simple wrapper around the corresponding ntdll API */
225 static __inline BOOL set_ntstatus( NTSTATUS status )
226 {
227  if (!NT_SUCCESS(status)) SetLastError( RtlNtStatusToDosError( status ));
228  return NT_SUCCESS(status);
229 }
230 
232 {
233  UINT len;
234  LPWSTR wstr;
235 
236  if( !str )
237  return NULL;
238  len = MultiByteToWideChar( CP_ACP, 0, str, -1, NULL, 0 );
239  wstr = heap_alloc( len*sizeof (WCHAR) );
240  MultiByteToWideChar( CP_ACP, 0, str, -1, wstr, len );
241  return wstr;
242 }
243 
244 /************************************************************
245  * ADVAPI_IsLocalComputer
246  *
247  * Checks whether the server name indicates local machine.
248  */
250 {
252  BOOL Result;
253  LPWSTR buf;
254 
255  if (!ServerName || !ServerName[0])
256  return TRUE;
257 
258  buf = heap_alloc(dwSize * sizeof(WCHAR));
259  Result = GetComputerNameW(buf, &dwSize);
260  if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
261  ServerName += 2;
262  Result = Result && !lstrcmpW(ServerName, buf);
263  heap_free(buf);
264 
265  return Result;
266 }
267 
268 /************************************************************
269  * ADVAPI_GetComputerSid
270  */
272 {
273  static const struct /* same fields as struct SID */
274  {
275  BYTE Revision;
278  DWORD SubAuthority[4];
279  } computer_sid =
281 
282  memcpy( sid, &computer_sid, sizeof(computer_sid) );
283  return TRUE;
284 }
285 
286 /* Exported functions */
287 
288 /*
289  * @implemented
290  */
291 BOOL WINAPI
295 {
297 
298  TRACE("%p, %x, %p.\n", ProcessHandle, DesiredAccess, TokenHandle);
299 
300  Status = NtOpenProcessToken(ProcessHandle,
301  DesiredAccess,
302  TokenHandle);
303  if (!NT_SUCCESS(Status))
304  {
305  ERR("NtOpenProcessToken failed! Status %08x.\n", Status);
307  return FALSE;
308  }
309 
310  TRACE("Returning token %p.\n", *TokenHandle);
311 
312  return TRUE;
313 }
314 
315 /******************************************************************************
316  * OpenThreadToken [ADVAPI32.@]
317  *
318  * Opens the access token associated with a thread handle.
319  *
320  * PARAMS
321  * ThreadHandle [I] Handle to process
322  * DesiredAccess [I] Desired access to the thread
323  * OpenAsSelf [I] ???
324  * TokenHandle [O] Destination for the token handle
325  *
326  * RETURNS
327  * Success: TRUE. TokenHandle contains the access token.
328  * Failure: FALSE.
329  *
330  * NOTES
331  * See NtOpenThreadToken.
332  */
333 BOOL WINAPI
336 {
337  return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
338 }
339 
340 /*
341  * @implemented
342  */
343 BOOL WINAPI
345  BOOL ResetToDefault,
346  PTOKEN_GROUPS NewState,
350 {
352 
353  Status = NtAdjustGroupsToken(TokenHandle,
354  ResetToDefault,
355  NewState,
356  BufferLength,
357  PreviousState,
358  (PULONG)ReturnLength);
359  if (!NT_SUCCESS(Status))
360  {
362  return FALSE;
363  }
364 
365  return TRUE;
366 }
367 
368 /*
369  * @implemented
370  */
371 BOOL WINAPI
373  BOOL DisableAllPrivileges,
374  PTOKEN_PRIVILEGES NewState,
378 {
380 
381  Status = NtAdjustPrivilegesToken(TokenHandle,
382  DisableAllPrivileges,
383  NewState,
384  BufferLength,
385  PreviousState,
386  (PULONG)ReturnLength);
387  if (STATUS_NOT_ALL_ASSIGNED == Status)
388  {
390  return TRUE;
391  }
392 
393  if (!NT_SUCCESS(Status))
394  {
396  return FALSE;
397  }
398 
399  /* AdjustTokenPrivileges is documented to do this */
401 
402  return TRUE;
403 }
404 
405 /*
406  * @implemented
407  */
408 BOOL WINAPI
411  LPVOID TokenInformation,
414 {
416 
417  Status = NtQueryInformationToken(TokenHandle,
418  TokenInformationClass,
419  TokenInformation,
420  TokenInformationLength,
421  (PULONG)ReturnLength);
422  if (!NT_SUCCESS(Status))
423  {
425  return FALSE;
426  }
427 
428  return TRUE;
429 }
430 
431 /*
432  * @implemented
433  */
434 BOOL WINAPI
437  LPVOID TokenInformation,
439 {
441 
442  Status = NtSetInformationToken(TokenHandle,
443  TokenInformationClass,
444  TokenInformation,
445  TokenInformationLength);
446  if (!NT_SUCCESS(Status))
447  {
449  return FALSE;
450  }
451 
452  return TRUE;
453 }
454 
455 /*
456  * @implemented
457  */
458 BOOL WINAPI
461 {
463  HANDLE hThread;
464 
465  hThread = (ThreadHandle != NULL) ? *ThreadHandle : NtCurrentThread();
466 
467  Status = NtSetInformationThread(hThread,
469  &TokenHandle,
470  sizeof(HANDLE));
471  if (!NT_SUCCESS(Status))
472  {
474  return FALSE;
475  }
476 
477  return TRUE;
478 }
479 
480 /*************************************************************************
481  * CreateRestrictedToken [ADVAPI32.@]
482  *
483  * Create a new more restricted token from an existing token.
484  *
485  * PARAMS
486  * baseToken [I] Token to base the new restricted token on
487  * flags [I] Options
488  * nDisableSids [I] Length of disableSids array
489  * disableSids [I] Array of SIDs to disable in the new token
490  * nDeletePrivs [I] Length of deletePrivs array
491  * deletePrivs [I] Array of privileges to delete in the new token
492  * nRestrictSids [I] Length of restrictSids array
493  * restrictSids [I] Array of SIDs to restrict in the new token
494  * newToken [O] Address where the new token is stored
495  *
496  * RETURNS
497  * Success: TRUE
498  * Failure: FALSE
499  */
501  HANDLE baseToken,
502  DWORD flags,
503  DWORD nDisableSids,
504  PSID_AND_ATTRIBUTES disableSids,
505  DWORD nDeletePrivs,
506  PLUID_AND_ATTRIBUTES deletePrivs,
507  DWORD nRestrictSids,
508  PSID_AND_ATTRIBUTES restrictSids,
509  PHANDLE newToken)
510 {
513  DWORD size;
514 
515  FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n",
516  baseToken, flags, nDisableSids, disableSids,
517  nDeletePrivs, deletePrivs,
518  nRestrictSids, restrictSids,
519  newToken);
520 
521  size = sizeof(type);
522  if (!GetTokenInformation( baseToken, TokenType, &type, size, &size )) return FALSE;
523  if (type == TokenImpersonation)
524  {
525  size = sizeof(level);
526  if (!GetTokenInformation( baseToken, TokenImpersonationLevel, &level, size, &size ))
527  return FALSE;
528  }
529  return DuplicateTokenEx( baseToken, MAXIMUM_ALLOWED, NULL, level, type, newToken );
530 }
531 
532 /******************************************************************************
533  * AllocateAndInitializeSid [ADVAPI32.@]
534  *
535  * PARAMS
536  * pIdentifierAuthority []
537  * nSubAuthorityCount []
538  * nSubAuthority0 []
539  * nSubAuthority1 []
540  * nSubAuthority2 []
541  * nSubAuthority3 []
542  * nSubAuthority4 []
543  * nSubAuthority5 []
544  * nSubAuthority6 []
545  * nSubAuthority7 []
546  * pSid []
547  */
548 BOOL WINAPI
550  BYTE nSubAuthorityCount,
551  DWORD nSubAuthority0, DWORD nSubAuthority1,
552  DWORD nSubAuthority2, DWORD nSubAuthority3,
553  DWORD nSubAuthority4, DWORD nSubAuthority5,
554  DWORD nSubAuthority6, DWORD nSubAuthority7,
555  PSID *pSid )
556 {
558  pIdentifierAuthority, nSubAuthorityCount,
559  nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
560  nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
561  pSid ));
562 }
563 
564 /*
565  * @implemented
566  *
567  * RETURNS
568  * Docs says this function does NOT return a value
569  * even thou it's defined to return a PVOID...
570  */
571 PVOID
572 WINAPI
574 {
575  return RtlFreeSid(pSid);
576 }
577 
578 /******************************************************************************
579  * CopySid [ADVAPI32.@]
580  *
581  * PARAMS
582  * nDestinationSidLength []
583  * pDestinationSid []
584  * pSourceSid []
585  */
586 BOOL WINAPI
587 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
588 {
589  return set_ntstatus(RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid));
590 }
591 
592 /*
593  * @unimplemented
594  */
595 BOOL
596 WINAPI
598  IN PSID DomainSid OPTIONAL,
599  OUT PSID pSid,
600  IN OUT DWORD* cbSid)
601 {
602  unsigned int i;
603  TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
604 
605  if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
606  {
608  return FALSE;
609  }
610 
611  for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
612  if (WellKnownSids[i].Type == WellKnownSidType) {
614 
615  if (*cbSid < length)
616  {
617  *cbSid = length;
619  return FALSE;
620  }
621  if (!pSid)
622  {
624  return FALSE;
625  }
626  CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
627  *cbSid = length;
628  return TRUE;
629  }
630  }
631 
632  if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
633  {
635  return FALSE;
636  }
637 
638  for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
639  if (WellKnownRids[i].Type == WellKnownSidType) {
640  UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
641  DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
642  DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
643 
644  if (*cbSid < output_sid_length)
645  {
646  *cbSid = output_sid_length;
648  return FALSE;
649  }
650  if (!pSid)
651  {
653  return FALSE;
654  }
655  CopyMemory(pSid, DomainSid, domain_sid_length);
656  (*GetSidSubAuthorityCount(pSid))++;
657  (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
658  *cbSid = output_sid_length;
659  return TRUE;
660  }
661 
663  return FALSE;
664 }
665 
666 /*
667  * @unimplemented
668  */
669 BOOL
670 WINAPI
672  IN WELL_KNOWN_SID_TYPE WellKnownSidType)
673 {
674  unsigned int i;
675  TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
676 
677  for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
678  {
679  if (WellKnownSids[i].Type == WellKnownSidType)
680  {
681  if (EqualSid(pSid, (PSID)(&WellKnownSids[i].Sid.Revision)))
682  return TRUE;
683  }
684  }
685 
686  return FALSE;
687 }
688 
689 /*
690  * @implemented
691  */
692 BOOL
693 WINAPI
695 {
696  return (BOOL)RtlValidSid(pSid);
697 }
698 
699 /*
700  * @implemented
701  */
702 BOOL
703 WINAPI
705  PSID pSid2)
706 {
708  return RtlEqualSid (pSid1, pSid2);
709 }
710 
711 /*
712  * @implemented
713  */
714 BOOL
715 WINAPI
717  PSID pSid2)
718 {
719  return RtlEqualPrefixSid (pSid1, pSid2);
720 }
721 
722 /*
723  * @implemented
724  */
725 DWORD
726 WINAPI
727 GetSidLengthRequired(UCHAR nSubAuthorityCount)
728 {
729  return (DWORD)RtlLengthRequiredSid(nSubAuthorityCount);
730 }
731 
732 /*
733  * @implemented
734  */
735 BOOL
736 WINAPI
738  PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
739  BYTE nSubAuthorityCount)
740 {
742 
743  Status = RtlInitializeSid(Sid,
744  pIdentifierAuthority,
745  nSubAuthorityCount);
746  if (!NT_SUCCESS(Status))
747  {
749  return FALSE;
750  }
751 
752  return TRUE;
753 }
754 
755 /*
756  * @implemented
757  */
759 WINAPI
761 {
763  return RtlIdentifierAuthoritySid(pSid);
764 }
765 
766 /*
767  * @implemented
768  */
769 PDWORD
770 WINAPI
772  DWORD nSubAuthority)
773 {
775  return (PDWORD)RtlSubAuthoritySid(pSid, nSubAuthority);
776 }
777 
778 /*
779  * @implemented
780  */
781 PUCHAR
782 WINAPI
784 {
786  return RtlSubAuthorityCountSid(pSid);
787 }
788 
789 /*
790  * @implemented
791  */
792 DWORD
793 WINAPI
795 {
796  return (DWORD)RtlLengthSid(pSid);
797 }
798 
799 /*
800  * @implemented
801  */
802 BOOL
803 WINAPI
805  DWORD dwRevision)
806 {
808 
809  Status = RtlCreateSecurityDescriptor(pSecurityDescriptor,
810  dwRevision);
811  if (!NT_SUCCESS(Status))
812  {
814  return FALSE;
815  }
816 
817  return TRUE;
818 }
819 
820 /*
821  * @implemented
822  */
823 BOOL
824 WINAPI
825 MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
826  PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
827  LPDWORD lpdwAbsoluteSecurityDescriptorSize,
828  PACL pDacl,
829  LPDWORD lpdwDaclSize,
830  PACL pSacl,
831  LPDWORD lpdwSaclSize,
832  PSID pOwner,
833  LPDWORD lpdwOwnerSize,
834  PSID pPrimaryGroup,
835  LPDWORD lpdwPrimaryGroupSize)
836 {
838 
839  Status = RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
840  pAbsoluteSecurityDescriptor,
841  lpdwAbsoluteSecurityDescriptorSize,
842  pDacl,
843  lpdwDaclSize,
844  pSacl,
845  lpdwSaclSize,
846  pOwner,
847  lpdwOwnerSize,
848  pPrimaryGroup,
849  lpdwPrimaryGroupSize);
850  if (!NT_SUCCESS(Status))
851  {
853  return FALSE;
854  }
855 
856  return TRUE;
857 }
858 
859 /******************************************************************************
860  * GetKernelObjectSecurity [ADVAPI32.@]
861  */
863  HANDLE Handle,
864  SECURITY_INFORMATION RequestedInformation,
865  PSECURITY_DESCRIPTOR pSecurityDescriptor,
866  DWORD nLength,
867  LPDWORD lpnLengthNeeded )
868 {
869  TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
870  pSecurityDescriptor, nLength, lpnLengthNeeded);
871 
872  return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
873  nLength, lpnLengthNeeded ));
874 }
875 
876 /*
877  * @implemented
878  */
879 BOOL
880 WINAPI
882  DWORD nAclLength,
883  DWORD dwAclRevision)
884 {
886 
887  Status = RtlCreateAcl(pAcl,
888  nAclLength,
889  dwAclRevision);
890  if (!NT_SUCCESS(Status))
891  {
893  return FALSE;
894  }
895 
896  return TRUE;
897 }
898 
900 {
901  IO_STATUS_BLOCK io_block;
902 
903  TRACE("(%p)\n", hNamedPipe);
904 
905  return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
906  &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
907 }
908 
909 /*
910  * @implemented
911  */
912 BOOL
913 WINAPI
917  PSID pSid)
918 {
920 
921  Status = RtlAddAccessAllowedAce(pAcl,
922  dwAceRevision,
923  AccessMask,
924  pSid);
925  if (!NT_SUCCESS(Status))
926  {
928  return FALSE;
929  }
930 
931  return TRUE;
932 }
933 
934 /*
935  * @implemented
936  */
937 BOOL WINAPI
940  DWORD AceFlags,
942  PSID pSid)
943 {
945 
946  Status = RtlAddAccessAllowedAceEx(pAcl,
947  dwAceRevision,
948  AceFlags,
949  AccessMask,
950  pSid);
951  if (!NT_SUCCESS(Status))
952  {
954  return FALSE;
955  }
956 
957  return TRUE;
958 }
959 
960 /*
961  * @implemented
962  */
963 BOOL
964 WINAPI
968  PSID pSid)
969 {
971 
972  Status = RtlAddAccessDeniedAce(pAcl,
973  dwAceRevision,
974  AccessMask,
975  pSid);
976  if (!NT_SUCCESS(Status))
977  {
979  return FALSE;
980  }
981 
982  return TRUE;
983 }
984 
985 /*
986  * @implemented
987  */
988 BOOL WINAPI
991  DWORD AceFlags,
993  PSID pSid)
994 {
996 
997  Status = RtlAddAccessDeniedAceEx(pAcl,
998  dwAceRevision,
999  AceFlags,
1000  AccessMask,
1001  pSid);
1002  if (!NT_SUCCESS(Status))
1003  {
1005  return FALSE;
1006  }
1007 
1008  return TRUE;
1009 }
1010 
1011 /*
1012  * @implemented
1013  */
1014 BOOL
1015 WINAPI
1018  DWORD dwStartingAceIndex,
1019  LPVOID pAceList,
1020  DWORD nAceListLength)
1021 {
1022  NTSTATUS Status;
1023 
1024  Status = RtlAddAce(pAcl,
1025  dwAceRevision,
1026  dwStartingAceIndex,
1027  pAceList,
1028  nAceListLength);
1029  if (!NT_SUCCESS(Status))
1030  {
1032  return FALSE;
1033  }
1034 
1035  return TRUE;
1036 }
1037 
1038 /******************************************************************************
1039  * DeleteAce [ADVAPI32.@]
1040  */
1041 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
1042 {
1043  return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1044 }
1045 
1046 /*
1047  * @implemented
1048  */
1049 BOOL
1050 WINAPI
1052  LPVOID *pAce)
1053 {
1054  return RtlFirstFreeAce(pAcl,
1055  (PACE*)pAce);
1056 }
1057 
1058 /******************************************************************************
1059  * GetAce [ADVAPI32.@]
1060  */
1061 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1062 {
1063  return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1064 }
1065 
1066 /******************************************************************************
1067  * GetAclInformation [ADVAPI32.@]
1068  */
1070  PACL pAcl,
1071  LPVOID pAclInformation,
1072  DWORD nAclInformationLength,
1073  ACL_INFORMATION_CLASS dwAclInformationClass)
1074 {
1075  return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1076  nAclInformationLength, dwAclInformationClass));
1077 }
1078 
1079 /*
1080  * @implemented
1081  */
1082 BOOL
1083 WINAPI
1085 {
1086  return RtlValidAcl (pAcl);
1087 }
1088 
1089 /*
1090  * @implemented
1091  */
1092 BOOL WINAPI
1094 {
1095  NTSTATUS Status;
1096 
1097  Status = NtAllocateLocallyUniqueId (Luid);
1098  if (!NT_SUCCESS (Status))
1099  {
1101  return FALSE;
1102  }
1103 
1104  return TRUE;
1105 }
1106 
1107 /**********************************************************************
1108  * LookupPrivilegeDisplayNameA EXPORTED
1109  *
1110  * @unimplemented
1111  */
1112 BOOL
1113 WINAPI
1115  LPCSTR lpName,
1119 {
1120  UNICODE_STRING lpSystemNameW;
1121  UNICODE_STRING lpNameW;
1122  BOOL ret;
1123  DWORD wLen = 0;
1124 
1125  TRACE("%s %s %p %p %p\n", debugstr_a(lpSystemName), debugstr_a(lpName), lpName, cchDisplayName, lpLanguageId);
1126 
1127  RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1128  RtlCreateUnicodeStringFromAsciiz(&lpNameW, lpName);
1129  ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, NULL, &wLen, lpLanguageId);
1130  if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1131  {
1132  LPWSTR lpDisplayNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1133 
1134  ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, lpDisplayNameW,
1135  &wLen, lpLanguageId);
1136  if (ret)
1137  {
1138  unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpDisplayNameW, -1, lpDisplayName,
1139  *cchDisplayName, NULL, NULL);
1140 
1141  if (len == 0)
1142  {
1143  /* WideCharToMultiByte failed */
1144  ret = FALSE;
1145  }
1146  else if (len > *cchDisplayName)
1147  {
1148  *cchDisplayName = len;
1150  ret = FALSE;
1151  }
1152  else
1153  {
1154  /* WideCharToMultiByte succeeded, output length needs to be
1155  * length not including NULL terminator
1156  */
1157  *cchDisplayName = len - 1;
1158  }
1159  }
1160  HeapFree(GetProcessHeap(), 0, lpDisplayNameW);
1161  }
1162  RtlFreeUnicodeString(&lpSystemNameW);
1163  RtlFreeUnicodeString(&lpNameW);
1164  return ret;
1165 }
1166 
1167 /**********************************************************************
1168  * LookupPrivilegeNameA EXPORTED
1169  *
1170  * @implemented
1171  */
1172 BOOL
1173 WINAPI
1175  PLUID lpLuid,
1176  LPSTR lpName,
1177  LPDWORD cchName)
1178 {
1179  UNICODE_STRING lpSystemNameW;
1180  BOOL ret;
1181  DWORD wLen = 0;
1182 
1183  TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1184 
1185  RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1186  ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1187  if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1188  {
1189  LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1190 
1191  ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1192  &wLen);
1193  if (ret)
1194  {
1195  /* Windows crashes if cchName is NULL, so will I */
1196  unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1197  *cchName, NULL, NULL);
1198 
1199  if (len == 0)
1200  {
1201  /* WideCharToMultiByte failed */
1202  ret = FALSE;
1203  }
1204  else if (len > *cchName)
1205  {
1206  *cchName = len;
1208  ret = FALSE;
1209  }
1210  else
1211  {
1212  /* WideCharToMultiByte succeeded, output length needs to be
1213  * length not including NULL terminator
1214  */
1215  *cchName = len - 1;
1216  }
1217  }
1218  HeapFree(GetProcessHeap(), 0, lpNameW);
1219  }
1220  RtlFreeUnicodeString(&lpSystemNameW);
1221  return ret;
1222 }
1223 
1224 /******************************************************************************
1225  * GetFileSecurityA [ADVAPI32.@]
1226  *
1227  * Obtains Specified information about the security of a file or directory.
1228  *
1229  * PARAMS
1230  * lpFileName [I] Name of the file to get info for
1231  * RequestedInformation [I] SE_ flags from "winnt.h"
1232  * pSecurityDescriptor [O] Destination for security information
1233  * nLength [I] Length of pSecurityDescriptor
1234  * lpnLengthNeeded [O] Destination for length of returned security information
1235  *
1236  * RETURNS
1237  * Success: TRUE. pSecurityDescriptor contains the requested information.
1238  * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1239  *
1240  * NOTES
1241  * The information returned is constrained by the callers access rights and
1242  * privileges.
1243  *
1244  * @implemented
1245  */
1246 BOOL
1247 WINAPI
1249  SECURITY_INFORMATION RequestedInformation,
1250  PSECURITY_DESCRIPTOR pSecurityDescriptor,
1251  DWORD nLength,
1252  LPDWORD lpnLengthNeeded)
1253 {
1255  BOOL bResult;
1256 
1257  if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
1258  {
1260  return FALSE;
1261  }
1262 
1263  bResult = GetFileSecurityW(FileName.Buffer,
1264  RequestedInformation,
1265  pSecurityDescriptor,
1266  nLength,
1267  lpnLengthNeeded);
1268 
1269  RtlFreeUnicodeString(&FileName);
1270 
1271  return bResult;
1272 }
1273 
1274 /*
1275  * @implemented
1276  */
1277 BOOL
1278 WINAPI
1280  SECURITY_INFORMATION RequestedInformation,
1281  PSECURITY_DESCRIPTOR pSecurityDescriptor,
1282  DWORD nLength,
1283  LPDWORD lpnLengthNeeded)
1284 {
1286  IO_STATUS_BLOCK StatusBlock;
1288  ULONG AccessMask = 0;
1290  NTSTATUS Status;
1291 
1292  TRACE("GetFileSecurityW() called\n");
1293 
1294  QuerySecurityAccessMask(RequestedInformation, &AccessMask);
1295 
1296  if (!RtlDosPathNameToNtPathName_U(lpFileName,
1297  &FileName,
1298  NULL,
1299  NULL))
1300  {
1301  ERR("Invalid path\n");
1303  return FALSE;
1304  }
1305 
1306  InitializeObjectAttributes(&ObjectAttributes,
1307  &FileName,
1309  NULL,
1310  NULL);
1311 
1312  Status = NtOpenFile(&FileHandle,
1313  AccessMask,
1314  &ObjectAttributes,
1315  &StatusBlock,
1317  0);
1318 
1319  RtlFreeHeap(RtlGetProcessHeap(),
1320  0,
1321  FileName.Buffer);
1322 
1323  if (!NT_SUCCESS(Status))
1324  {
1325  ERR("NtOpenFile() failed (Status %lx)\n", Status);
1327  return FALSE;
1328  }
1329 
1330  Status = NtQuerySecurityObject(FileHandle,
1331  RequestedInformation,
1332  pSecurityDescriptor,
1333  nLength,
1334  lpnLengthNeeded);
1335  NtClose(FileHandle);
1336  if (!NT_SUCCESS(Status))
1337  {
1338  ERR("NtQuerySecurityObject() failed (Status %lx)\n", Status);
1340  return FALSE;
1341  }
1342 
1343  return TRUE;
1344 }
1345 
1346 /******************************************************************************
1347  * SetFileSecurityA [ADVAPI32.@]
1348  * Sets the security of a file or directory
1349  *
1350  * @implemented
1351  */
1352 BOOL
1353 WINAPI
1356  PSECURITY_DESCRIPTOR pSecurityDescriptor)
1357 {
1359  BOOL bResult;
1360 
1361  if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
1362  {
1364  return FALSE;
1365  }
1366 
1367  bResult = SetFileSecurityW(FileName.Buffer,
1368  SecurityInformation,
1369  pSecurityDescriptor);
1370 
1371  RtlFreeUnicodeString(&FileName);
1372 
1373  return bResult;
1374 }
1375 
1376 /******************************************************************************
1377  * SetFileSecurityW [ADVAPI32.@]
1378  * Sets the security of a file or directory
1379  *
1380  * @implemented
1381  */
1382 BOOL
1383 WINAPI
1386  PSECURITY_DESCRIPTOR pSecurityDescriptor)
1387 {
1389  IO_STATUS_BLOCK StatusBlock;
1391  ULONG AccessMask = 0;
1393  NTSTATUS Status;
1394 
1395  TRACE("SetFileSecurityW() called\n");
1396 
1397  SetSecurityAccessMask(SecurityInformation, &AccessMask);
1398 
1399  if (!RtlDosPathNameToNtPathName_U(lpFileName,
1400  &FileName,
1401  NULL,
1402  NULL))
1403  {
1404  ERR("Invalid path\n");
1406  return FALSE;
1407  }
1408 
1409  InitializeObjectAttributes(&ObjectAttributes,
1410  &FileName,
1412  NULL,
1413  NULL);
1414 
1415  Status = NtOpenFile(&FileHandle,
1416  AccessMask,
1417  &ObjectAttributes,
1418  &StatusBlock,
1420  0);
1421 
1422  RtlFreeHeap(RtlGetProcessHeap(),
1423  0,
1424  FileName.Buffer);
1425 
1426  if (!NT_SUCCESS(Status))
1427  {
1428  ERR("NtOpenFile() failed (Status %lx)\n", Status);
1430  return FALSE;
1431  }
1432 
1433  Status = NtSetSecurityObject(FileHandle,
1434  SecurityInformation,
1435  pSecurityDescriptor);
1436  NtClose(FileHandle);
1437 
1438  if (!NT_SUCCESS(Status))
1439  {
1440  ERR("NtSetSecurityObject() failed (Status %lx)\n", Status);
1442  return FALSE;
1443  }
1444 
1445  return TRUE;
1446 }
1447 
1448 /******************************************************************************
1449  * QueryWindows31FilesMigration [ADVAPI32.@]
1450  *
1451  * PARAMS
1452  * x1 []
1453  */
1454 BOOL WINAPI
1456 {
1457  FIXME("(%d):stub\n",x1);
1458  return TRUE;
1459 }
1460 
1461 /******************************************************************************
1462  * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1463  *
1464  * PARAMS
1465  * x1 []
1466  * x2 []
1467  * x3 []
1468  * x4 []
1469  */
1470 BOOL WINAPI
1472  DWORD x4 )
1473 {
1474  FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
1475  return TRUE;
1476 }
1477 
1478 /*
1479  * @implemented
1480  */
1481 BOOL
1482 WINAPI
1484 {
1485  NTSTATUS Status;
1486  HANDLE Token = NULL;
1487 
1490  &Token,
1491  sizeof(HANDLE));
1492  if (!NT_SUCCESS(Status))
1493  {
1495  return FALSE;
1496  }
1497 
1498  return TRUE;
1499 }
1500 
1501 /*
1502  * @implemented
1503  */
1504 BOOL
1505 WINAPI
1507 {
1508  NTSTATUS Status;
1509 
1510  Status = RtlImpersonateSelf(ImpersonationLevel);
1511  if (!NT_SUCCESS(Status))
1512  {
1514  return FALSE;
1515  }
1516 
1517  return TRUE;
1518 }
1519 
1520 /*
1521  * @implemented
1522  */
1523 BOOL
1524 WINAPI
1526  IN HANDLE ClientToken,
1529  OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL,
1530  IN OUT LPDWORD PrivilegeSetLength,
1533 {
1534  NTSTATUS Status;
1535  NTSTATUS NtAccessStatus;
1536 
1537  /* Do the access check */
1538  Status = NtAccessCheck(pSecurityDescriptor,
1539  ClientToken,
1540  DesiredAccess,
1541  GenericMapping,
1542  PrivilegeSet,
1543  (PULONG)PrivilegeSetLength,
1544  (PACCESS_MASK)GrantedAccess,
1545  &NtAccessStatus);
1546 
1547  /* See if the access check operation succeeded */
1548  if (!NT_SUCCESS(Status))
1549  {
1550  /* Check failed */
1552  return FALSE;
1553  }
1554 
1555  /* Now check the access status */
1556  if (!NT_SUCCESS(NtAccessStatus))
1557  {
1558  /* Access denied */
1559  SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1560  *AccessStatus = FALSE;
1561  }
1562  else
1563  {
1564  /* Access granted */
1565  *AccessStatus = TRUE;
1566  }
1567 
1568  /* Check succeeded */
1569  return TRUE;
1570 }
1571 
1572 /*
1573  * @unimplemented
1574  */
1576  PSECURITY_DESCRIPTOR pSecurityDescriptor,
1577  PSID PrincipalSelfSid,
1578  HANDLE ClientToken,
1580  POBJECT_TYPE_LIST ObjectTypeList,
1581  DWORD ObjectTypeListLength,
1583  PPRIVILEGE_SET PrivilegeSet,
1584  LPDWORD PrivilegeSetLength,
1587 {
1588  FIXME("stub\n");
1589 
1590  *AccessStatus = TRUE;
1591 
1592  return !*AccessStatus;
1593 }
1594 
1595 /*
1596  * @implemented
1597  */
1598 BOOL
1599 WINAPI
1603 {
1604  NTSTATUS Status;
1605 
1606  Status = NtSetSecurityObject(Handle,
1607  SecurityInformation,
1608  SecurityDescriptor);
1609  if (!NT_SUCCESS(Status))
1610  {
1612  return FALSE;
1613  }
1614 
1615  return TRUE;
1616 }
1617 
1618 /*
1619  * @implemented
1620  */
1621 BOOL
1622 WINAPI
1625  DWORD dwAccessMask,
1626  PSID pSid,
1627  BOOL bAuditSuccess,
1628  BOOL bAuditFailure)
1629 {
1630  NTSTATUS Status;
1631 
1632  Status = RtlAddAuditAccessAce(pAcl,
1633  dwAceRevision,
1634  dwAccessMask,
1635  pSid,
1636  bAuditSuccess,
1637  bAuditFailure);
1638  if (!NT_SUCCESS(Status))
1639  {
1641  return FALSE;
1642  }
1643 
1644  return TRUE;
1645 }
1646 
1647 /*
1648  * @implemented
1649  */
1650 BOOL WINAPI
1653  DWORD AceFlags,
1654  DWORD dwAccessMask,
1655  PSID pSid,
1656  BOOL bAuditSuccess,
1657  BOOL bAuditFailure)
1658 {
1659  NTSTATUS Status;
1660 
1661  Status = RtlAddAuditAccessAceEx(pAcl,
1662  dwAceRevision,
1663  AceFlags,
1664  dwAccessMask,
1665  pSid,
1666  bAuditSuccess,
1667  bAuditFailure);
1668  if (!NT_SUCCESS(Status))
1669  {
1671  return FALSE;
1672  }
1673 
1674  return TRUE;
1675 }
1676 
1677 /******************************************************************************
1678  * LookupAccountNameA [ADVAPI32.@]
1679  *
1680  * @implemented
1681  */
1682 BOOL
1683 WINAPI
1685  LPCSTR AccountName,
1686  PSID Sid,
1687  LPDWORD SidLength,
1689  LPDWORD hReferencedDomainNameLength,
1690  PSID_NAME_USE SidNameUse)
1691 {
1692  BOOL ret;
1693  UNICODE_STRING lpSystemW;
1694  UNICODE_STRING lpAccountW;
1695  LPWSTR lpReferencedDomainNameW = NULL;
1696 
1697  RtlCreateUnicodeStringFromAsciiz(&lpSystemW, SystemName);
1698  RtlCreateUnicodeStringFromAsciiz(&lpAccountW, AccountName);
1699 
1700  if (ReferencedDomainName)
1701  lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(),
1702  0,
1703  *hReferencedDomainNameLength * sizeof(WCHAR));
1704 
1705  ret = LookupAccountNameW(lpSystemW.Buffer,
1706  lpAccountW.Buffer,
1707  Sid,
1708  SidLength,
1709  lpReferencedDomainNameW,
1710  hReferencedDomainNameLength,
1711  SidNameUse);
1712 
1713  if (ret && lpReferencedDomainNameW)
1714  {
1716  0,
1717  lpReferencedDomainNameW,
1718  *hReferencedDomainNameLength + 1,
1719  ReferencedDomainName,
1720  *hReferencedDomainNameLength + 1,
1721  NULL,
1722  NULL);
1723  }
1724 
1725  RtlFreeUnicodeString(&lpSystemW);
1726  RtlFreeUnicodeString(&lpAccountW);
1727  HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
1728 
1729  return ret;
1730 }
1731 
1732 /**********************************************************************
1733  * PrivilegeCheck EXPORTED
1734  *
1735  * @implemented
1736  */
1737 BOOL WINAPI
1739  PPRIVILEGE_SET RequiredPrivileges,
1740  LPBOOL pfResult)
1741 {
1742  BOOLEAN Result;
1743  NTSTATUS Status;
1744 
1745  Status = NtPrivilegeCheck(ClientToken,
1746  RequiredPrivileges,
1747  &Result);
1748  if (!NT_SUCCESS(Status))
1749  {
1751  return FALSE;
1752  }
1753 
1754  *pfResult = (BOOL)Result;
1755 
1756  return TRUE;
1757 }
1758 
1759 /******************************************************************************
1760  * GetSecurityInfoExW EXPORTED
1761  */
1762 DWORD
1763 WINAPI
1766  SECURITY_INFORMATION SecurityInfo,
1767  LPCSTR lpProvider,
1768  LPCSTR lpProperty,
1769  PACTRL_ACCESSA *ppAccessList,
1770  PACTRL_AUDITA *ppAuditList,
1771  LPSTR *lppOwner,
1772  LPSTR *lppGroup)
1773 {
1774  FIXME("%s() not implemented!\n", __FUNCTION__);
1775  return ERROR_BAD_PROVIDER;
1776 }
1777 
1778 
1779 /******************************************************************************
1780  * GetSecurityInfoExW EXPORTED
1781  */
1782 DWORD
1783 WINAPI
1786  SECURITY_INFORMATION SecurityInfo,
1787  LPCWSTR lpProvider,
1788  LPCWSTR lpProperty,
1789  PACTRL_ACCESSW *ppAccessList,
1790  PACTRL_AUDITW *ppAuditList,
1791  LPWSTR *lppOwner,
1792  LPWSTR *lppGroup)
1793 {
1794  FIXME("%s() not implemented!\n", __FUNCTION__);
1795  return ERROR_BAD_PROVIDER;
1796 }
1797 
1798 /******************************************************************************
1799  * BuildExplicitAccessWithNameA [ADVAPI32.@]
1800  */
1801 VOID WINAPI
1803  LPSTR pTrusteeName,
1804  DWORD AccessPermissions,
1806  DWORD Inheritance)
1807 {
1808  pExplicitAccess->grfAccessPermissions = AccessPermissions;
1809  pExplicitAccess->grfAccessMode = AccessMode;
1810  pExplicitAccess->grfInheritance = Inheritance;
1811 
1812  pExplicitAccess->Trustee.pMultipleTrustee = NULL;
1814  pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
1815  pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
1816  pExplicitAccess->Trustee.ptstrName = pTrusteeName;
1817 }
1818 
1819 
1820 /******************************************************************************
1821  * BuildExplicitAccessWithNameW [ADVAPI32.@]
1822  */
1823 VOID WINAPI
1825  LPWSTR pTrusteeName,
1826  DWORD AccessPermissions,
1828  DWORD Inheritance)
1829 {
1830  pExplicitAccess->grfAccessPermissions = AccessPermissions;
1831  pExplicitAccess->grfAccessMode = AccessMode;
1832  pExplicitAccess->grfInheritance = Inheritance;
1833 
1834  pExplicitAccess->Trustee.pMultipleTrustee = NULL;
1836  pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
1837  pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
1838  pExplicitAccess->Trustee.ptstrName = pTrusteeName;
1839 }
1840 
1841 /******************************************************************************
1842  * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
1843  */
1847 {
1848  DWORD ObjectsPresent = 0;
1849 
1850  TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
1851  ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
1852 
1853  /* Fill the OBJECTS_AND_NAME structure */
1854  pObjName->ObjectType = ObjectType;
1855  if (ObjectTypeName != NULL)
1856  {
1857  ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1858  }
1859 
1861  if (InheritedObjectTypeName != NULL)
1862  {
1863  ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1864  }
1865 
1866  pObjName->ObjectsPresent = ObjectsPresent;
1867  pObjName->ptstrName = Name;
1868 
1869  /* Fill the TRUSTEE structure */
1870  pTrustee->pMultipleTrustee = NULL;
1873  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1874  pTrustee->ptstrName = (LPSTR)pObjName;
1875 }
1876 
1877 /******************************************************************************
1878  * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
1879  */
1883 {
1884  DWORD ObjectsPresent = 0;
1885 
1886  TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
1887  ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
1888 
1889  /* Fill the OBJECTS_AND_NAME structure */
1890  pObjName->ObjectType = ObjectType;
1891  if (ObjectTypeName != NULL)
1892  {
1893  ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1894  }
1895 
1897  if (InheritedObjectTypeName != NULL)
1898  {
1899  ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1900  }
1901 
1902  pObjName->ObjectsPresent = ObjectsPresent;
1903  pObjName->ptstrName = Name;
1904 
1905  /* Fill the TRUSTEE structure */
1906  pTrustee->pMultipleTrustee = NULL;
1909  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1910  pTrustee->ptstrName = (LPWSTR)pObjName;
1911 }
1912 
1913 /******************************************************************************
1914  * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
1915  */
1916 VOID WINAPI
1919  GUID *pObjectGuid,
1921  PSID pSid)
1922 {
1923  DWORD ObjectsPresent = 0;
1924 
1925  TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
1926 
1927  /* Fill the OBJECTS_AND_SID structure */
1928  if (pObjectGuid != NULL)
1929  {
1930  pObjSid->ObjectTypeGuid = *pObjectGuid;
1931  ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1932  }
1933  else
1934  {
1935  ZeroMemory(&pObjSid->ObjectTypeGuid,
1936  sizeof(GUID));
1937  }
1938 
1939  if (pInheritedObjectGuid != NULL)
1940  {
1942  ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1943  }
1944  else
1945  {
1947  sizeof(GUID));
1948  }
1949 
1950  pObjSid->ObjectsPresent = ObjectsPresent;
1951  pObjSid->pSid = pSid;
1952 
1953  /* Fill the TRUSTEE structure */
1954  pTrustee->pMultipleTrustee = NULL;
1957  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1958  pTrustee->ptstrName = (LPSTR) pObjSid;
1959 }
1960 
1961 
1962 /******************************************************************************
1963  * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
1964  */
1965 VOID WINAPI
1968  GUID *pObjectGuid,
1970  PSID pSid)
1971 {
1972  DWORD ObjectsPresent = 0;
1973 
1974  TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
1975 
1976  /* Fill the OBJECTS_AND_SID structure */
1977  if (pObjectGuid != NULL)
1978  {
1979  pObjSid->ObjectTypeGuid = *pObjectGuid;
1980  ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1981  }
1982  else
1983  {
1984  ZeroMemory(&pObjSid->ObjectTypeGuid,
1985  sizeof(GUID));
1986  }
1987 
1988  if (pInheritedObjectGuid != NULL)
1989  {
1991  ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1992  }
1993  else
1994  {
1996  sizeof(GUID));
1997  }
1998 
1999  pObjSid->ObjectsPresent = ObjectsPresent;
2000  pObjSid->pSid = pSid;
2001 
2002  /* Fill the TRUSTEE structure */
2003  pTrustee->pMultipleTrustee = NULL;
2006  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2007  pTrustee->ptstrName = (LPWSTR) pObjSid;
2008 }
2009 
2010 /******************************************************************************
2011  * BuildTrusteeWithSidA [ADVAPI32.@]
2012  */
2013 VOID WINAPI
2015  PSID pSid)
2016 {
2017  TRACE("%p %p\n", pTrustee, pSid);
2018 
2019  pTrustee->pMultipleTrustee = NULL;
2021  pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2022  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2023  pTrustee->ptstrName = (LPSTR) pSid;
2024 }
2025 
2026 
2027 /******************************************************************************
2028  * BuildTrusteeWithSidW [ADVAPI32.@]
2029  */
2030 VOID WINAPI
2032  PSID pSid)
2033 {
2034  TRACE("%p %p\n", pTrustee, pSid);
2035 
2036  pTrustee->pMultipleTrustee = NULL;
2038  pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2039  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2040  pTrustee->ptstrName = (LPWSTR) pSid;
2041 }
2042 
2043 /******************************************************************************
2044  * BuildTrusteeWithNameA [ADVAPI32.@]
2045  */
2046 VOID WINAPI
2048  LPSTR name)
2049 {
2050  TRACE("%p %s\n", pTrustee, name);
2051 
2052  pTrustee->pMultipleTrustee = NULL;
2054  pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2055  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2056  pTrustee->ptstrName = name;
2057 }
2058 
2059 /******************************************************************************
2060  * BuildTrusteeWithNameW [ADVAPI32.@]
2061  */
2062 VOID WINAPI
2064  LPWSTR name)
2065 {
2066  TRACE("%p %s\n", pTrustee, name);
2067 
2068  pTrustee->pMultipleTrustee = NULL;
2070  pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2071  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2072  pTrustee->ptstrName = name;
2073 }
2074 
2075 /******************************************************************************
2076  * GetTrusteeFormA [ADVAPI32.@]
2077  */
2079 {
2080  TRACE("(%p)\n", pTrustee);
2081 
2082  if (!pTrustee)
2083  return TRUSTEE_BAD_FORM;
2084 
2085  return pTrustee->TrusteeForm;
2086 }
2087 
2088 /******************************************************************************
2089  * GetTrusteeFormW [ADVAPI32.@]
2090  */
2092 {
2093  TRACE("(%p)\n", pTrustee);
2094 
2095  if (!pTrustee)
2096  return TRUSTEE_BAD_FORM;
2097 
2098  return pTrustee->TrusteeForm;
2099 }
2100 
2101 /******************************************************************************
2102  * GetTrusteeNameA [ADVAPI32.@]
2103  */
2104 LPSTR WINAPI
2106 {
2107  return pTrustee->ptstrName;
2108 }
2109 
2110 
2111 /******************************************************************************
2112  * GetTrusteeNameW [ADVAPI32.@]
2113  */
2114 LPWSTR WINAPI
2116 {
2117  return pTrustee->ptstrName;
2118 }
2119 
2120 /******************************************************************************
2121  * GetTrusteeTypeA [ADVAPI32.@]
2122  */
2125 {
2126  return pTrustee->TrusteeType;
2127 }
2128 
2129 /******************************************************************************
2130  * GetTrusteeTypeW [ADVAPI32.@]
2131  */
2134 {
2135  return pTrustee->TrusteeType;
2136 }
2137 
2138 /*
2139  * @implemented
2140  */
2141 BOOL
2142 WINAPI
2144  LPVOID pAclInformation,
2145  DWORD nAclInformationLength,
2146  ACL_INFORMATION_CLASS dwAclInformationClass)
2147 {
2148  NTSTATUS Status;
2149 
2150  Status = RtlSetInformationAcl(pAcl,
2151  pAclInformation,
2152  nAclInformationLength,
2153  dwAclInformationClass);
2154  if (!NT_SUCCESS(Status))
2155  {
2157  return FALSE;
2158  }
2159 
2160  return TRUE;
2161 }
2162 
2163 /**********************************************************************
2164  * SetNamedSecurityInfoA EXPORTED
2165  *
2166  * @implemented
2167  */
2168 DWORD
2169 WINAPI
2172  SECURITY_INFORMATION SecurityInfo,
2173  PSID psidOwner,
2174  PSID psidGroup,
2175  PACL pDacl,
2176  PACL pSacl)
2177 {
2179  DWORD Ret;
2180 
2181  if (!RtlCreateUnicodeStringFromAsciiz(&ObjectName, pObjectName))
2182  {
2183  return ERROR_NOT_ENOUGH_MEMORY;
2184  }
2185 
2186  Ret = SetNamedSecurityInfoW(ObjectName.Buffer,
2187  ObjectType,
2188  SecurityInfo,
2189  psidOwner,
2190  psidGroup,
2191  pDacl,
2192  pSacl);
2193 
2194  RtlFreeUnicodeString(&ObjectName);
2195 
2196  return Ret;
2197 }
2198 
2199 /*
2200  * @implemented
2201  */
2202 BOOL
2203 WINAPI
2206 {
2207  return (BOOL)RtlAreAllAccessesGranted(GrantedAccess,
2208  DesiredAccess);
2209 }
2210 
2211 /*
2212  * @implemented
2213  */
2214 BOOL
2215 WINAPI
2218 {
2219  return (BOOL)RtlAreAnyAccessesGranted(GrantedAccess,
2220  DesiredAccess);
2221 }
2222 
2223 /******************************************************************************
2224  * ParseAclStringFlags
2225  */
2227 {
2228  DWORD flags = 0;
2229  LPCWSTR szAcl = *StringAcl;
2230 
2231  while (*szAcl && *szAcl != '(')
2232  {
2233  if (*szAcl == 'P')
2234  {
2235  flags |= SE_DACL_PROTECTED;
2236  }
2237  else if (*szAcl == 'A')
2238  {
2239  szAcl++;
2240  if (*szAcl == 'R')
2241  flags |= SE_DACL_AUTO_INHERIT_REQ;
2242  else if (*szAcl == 'I')
2243  flags |= SE_DACL_AUTO_INHERITED;
2244  }
2245  szAcl++;
2246  }
2247 
2248  *StringAcl = szAcl;
2249  return flags;
2250 }
2251 
2252 /******************************************************************************
2253  * ParseAceStringType
2254  */
2255 static const ACEFLAG AceType[] =
2256 {
2262  /*
2263  { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
2264  { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
2265  { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
2266  { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
2267  */
2268  { NULL, 0 },
2269 };
2270 
2271 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
2272 {
2273  UINT len = 0;
2274  LPCWSTR szAcl = *StringAcl;
2275  const ACEFLAG *lpaf = AceType;
2276 
2277  while (*szAcl == ' ')
2278  szAcl++;
2279 
2280  while (lpaf->wstr &&
2281  (len = strlenW(lpaf->wstr)) &&
2282  strncmpW(lpaf->wstr, szAcl, len))
2283  lpaf++;
2284 
2285  if (!lpaf->wstr)
2286  return 0;
2287 
2288  *StringAcl = szAcl + len;
2289  return lpaf->value;
2290 }
2291 
2292 
2293 /******************************************************************************
2294  * ParseAceStringFlags
2295  */
2296 static const ACEFLAG AceFlags[] =
2297 {
2305  { NULL, 0 },
2306 };
2307 
2309 {
2310  UINT len = 0;
2311  BYTE flags = 0;
2312  LPCWSTR szAcl = *StringAcl;
2313 
2314  while (*szAcl == ' ')
2315  szAcl++;
2316 
2317  while (*szAcl != ';')
2318  {
2319  const ACEFLAG *lpaf = AceFlags;
2320 
2321  while (lpaf->wstr &&
2322  (len = strlenW(lpaf->wstr)) &&
2323  strncmpW(lpaf->wstr, szAcl, len))
2324  lpaf++;
2325 
2326  if (!lpaf->wstr)
2327  return 0;
2328 
2329  flags |= lpaf->value;
2330  szAcl += len;
2331  }
2332 
2333  *StringAcl = szAcl;
2334  return flags;
2335 }
2336 
2337 
2338 /******************************************************************************
2339  * ParseAceStringRights
2340  */
2341 static const ACEFLAG AceRights[] =
2342 {
2347 
2352 
2362 
2367 
2369  { SDDL_KEY_READ, KEY_READ },
2372 
2376  { NULL, 0 },
2377 };
2378 
2380 {
2381  UINT len = 0;
2382  DWORD rights = 0;
2383  LPCWSTR szAcl = *StringAcl;
2384 
2385  while (*szAcl == ' ')
2386  szAcl++;
2387 
2388  if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2389  {
2390  LPCWSTR p = szAcl;
2391 
2392  while (*p && *p != ';')
2393  p++;
2394 
2395  if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
2396  {
2397  rights = strtoulW(szAcl, NULL, 16);
2398  szAcl = p;
2399  }
2400  else
2401  WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2402  }
2403  else
2404  {
2405  while (*szAcl != ';')
2406  {
2407  const ACEFLAG *lpaf = AceRights;
2408 
2409  while (lpaf->wstr &&
2410  (len = strlenW(lpaf->wstr)) &&
2411  strncmpW(lpaf->wstr, szAcl, len))
2412  {
2413  lpaf++;
2414  }
2415 
2416  if (!lpaf->wstr)
2417  return 0;
2418 
2419  rights |= lpaf->value;
2420  szAcl += len;
2421  }
2422  }
2423 
2424  *StringAcl = szAcl;
2425  return rights;
2426 }
2427 
2428 
2429 /******************************************************************************
2430  * ParseStringAclToAcl
2431  *
2432  * dacl_flags(string_ace1)(string_ace2)... (string_acen)
2433  */
2434 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
2435  PACL pAcl, LPDWORD cBytes)
2436 {
2437  DWORD val;
2438  DWORD sidlen;
2439  DWORD length = sizeof(ACL);
2440  DWORD acesize = 0;
2441  DWORD acecount = 0;
2442  PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
2444 
2445  TRACE("%s\n", debugstr_w(StringAcl));
2446 
2447  if (!StringAcl)
2448  return FALSE;
2449 
2450  if (pAcl) /* pAce is only useful if we're setting values */
2451  pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);
2452 
2453  /* Parse ACL flags */
2454  *lpdwFlags = ParseAclStringFlags(&StringAcl);
2455 
2456  /* Parse ACE */
2457  while (*StringAcl == '(')
2458  {
2459  StringAcl++;
2460 
2461  /* Parse ACE type */
2462  val = ParseAceStringType(&StringAcl);
2463  if (pAce)
2464  pAce->Header.AceType = (BYTE) val;
2465  if (*StringAcl != ';')
2466  {
2467  error = RPC_S_INVALID_STRING_UUID;
2468  goto lerr;
2469  }
2470  StringAcl++;
2471 
2472  /* Parse ACE flags */
2473  val = ParseAceStringFlags(&StringAcl);
2474  if (pAce)
2475  pAce->Header.AceFlags = (BYTE) val;
2476  if (*StringAcl != ';')
2477  goto lerr;
2478  StringAcl++;
2479 
2480  /* Parse ACE rights */
2481  val = ParseAceStringRights(&StringAcl);
2482  if (pAce)
2483  pAce->Mask = val;
2484  if (*StringAcl != ';')
2485  goto lerr;
2486  StringAcl++;
2487 
2488  /* Parse ACE object guid */
2489  while (*StringAcl == ' ')
2490  StringAcl++;
2491  if (*StringAcl != ';')
2492  {
2493  FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2494  goto lerr;
2495  }
2496  StringAcl++;
2497 
2498  /* Parse ACE inherit object guid */
2499  while (*StringAcl == ' ')
2500  StringAcl++;
2501  if (*StringAcl != ';')
2502  {
2503  FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2504  goto lerr;
2505  }
2506  StringAcl++;
2507 
2508  /* Parse ACE account sid */
2509  if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen))
2510  {
2511  while (*StringAcl && *StringAcl != ')')
2512  StringAcl++;
2513  }
2514 
2515  if (*StringAcl != ')')
2516  goto lerr;
2517  StringAcl++;
2518 
2519  acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
2520  length += acesize;
2521  if (pAce)
2522  {
2523  pAce->Header.AceSize = acesize;
2524  pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize);
2525  }
2526  acecount++;
2527  }
2528 
2529  *cBytes = length;
2530 
2531  if (length > 0xffff)
2532  {
2533  ERR("ACL too large\n");
2534  goto lerr;
2535  }
2536 
2537  if (pAcl)
2538  {
2539  pAcl->AclRevision = ACL_REVISION;
2540  pAcl->Sbz1 = 0;
2541  pAcl->AclSize = length;
2542  pAcl->AceCount = acecount;
2543  pAcl->Sbz2 = 0;
2544  }
2545  return TRUE;
2546 
2547 lerr:
2548  SetLastError(error);
2549  WARN("Invalid ACE string format\n");
2550  return FALSE;
2551 }
2552 
2553 /******************************************************************************
2554  * ParseStringSecurityDescriptorToSecurityDescriptor
2555  */
2557  LPCWSTR StringSecurityDescriptor,
2559  LPDWORD cBytes)
2560 {
2561  BOOL bret = FALSE;
2562  WCHAR toktype;
2563  WCHAR *tok;
2564  LPCWSTR lptoken;
2565  LPBYTE lpNext = NULL;
2566  DWORD len;
2567 
2568  *cBytes = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
2569 
2570  tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
2571 
2572  if (SecurityDescriptor)
2573  lpNext = (LPBYTE)(SecurityDescriptor + 1);
2574 
2575  while (*StringSecurityDescriptor == ' ')
2576  StringSecurityDescriptor++;
2577 
2578  while (*StringSecurityDescriptor)
2579  {
2580  toktype = *StringSecurityDescriptor;
2581 
2582  /* Expect char identifier followed by ':' */
2583  StringSecurityDescriptor++;
2584  if (*StringSecurityDescriptor != ':')
2585  {
2587  goto lend;
2588  }
2589  StringSecurityDescriptor++;
2590 
2591  /* Extract token */
2592  lptoken = StringSecurityDescriptor;
2593  while (*lptoken && *lptoken != ':')
2594  lptoken++;
2595 
2596  if (*lptoken)
2597  lptoken--;
2598 
2599  len = lptoken - StringSecurityDescriptor;
2600  memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
2601  tok[len] = 0;
2602 
2603  switch (toktype)
2604  {
2605  case 'O':
2606  {
2607  DWORD bytes;
2608 
2609  if (!ParseStringSidToSid(tok, lpNext, &bytes))
2610  goto lend;
2611 
2612  if (SecurityDescriptor)
2613  {
2614  SecurityDescriptor->Owner = lpNext - (LPBYTE)SecurityDescriptor;
2615  lpNext += bytes; /* Advance to next token */
2616  }
2617 
2618  *cBytes += bytes;
2619 
2620  break;
2621  }
2622 
2623  case 'G':
2624  {
2625  DWORD bytes;
2626 
2627  if (!ParseStringSidToSid(tok, lpNext, &bytes))
2628  goto lend;
2629 
2630  if (SecurityDescriptor)
2631  {
2632  SecurityDescriptor->Group = lpNext - (LPBYTE)SecurityDescriptor;
2633  lpNext += bytes; /* Advance to next token */
2634  }
2635 
2636  *cBytes += bytes;
2637 
2638  break;
2639  }
2640 
2641  case 'D':
2642  {
2643  DWORD flags;
2644  DWORD bytes;
2645 
2646  if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2647  goto lend;
2648 
2649  if (SecurityDescriptor)
2650  {
2651  SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
2652  SecurityDescriptor->Dacl = lpNext - (LPBYTE)SecurityDescriptor;
2653  lpNext += bytes; /* Advance to next token */
2654  }
2655 
2656  *cBytes += bytes;
2657 
2658  break;
2659  }
2660 
2661  case 'S':
2662  {
2663  DWORD flags;
2664  DWORD bytes;
2665 
2666  if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2667  goto lend;
2668 
2669  if (SecurityDescriptor)
2670  {
2671  SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
2672  SecurityDescriptor->Sacl = lpNext - (LPBYTE)SecurityDescriptor;
2673  lpNext += bytes; /* Advance to next token */
2674  }
2675 
2676  *cBytes += bytes;
2677 
2678  break;
2679  }
2680 
2681  default:
2682  FIXME("Unknown token\n");
2684  goto lend;
2685  }
2686 
2687  StringSecurityDescriptor = lptoken;
2688  }
2689 
2690  bret = TRUE;
2691 
2692 lend:
2693  heap_free(tok);
2694  return bret;
2695 }
2696 
2697 /* Winehq cvs 20050916 */
2698 /******************************************************************************
2699  * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
2700  * @implemented
2701  */
2702 BOOL
2703 WINAPI
2705  DWORD StringSDRevision,
2707  PULONG SecurityDescriptorSize)
2708 {
2709  UINT len;
2710  BOOL ret = FALSE;
2711  LPWSTR StringSecurityDescriptorW;
2712 
2713  len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
2714  StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
2715 
2716  if (StringSecurityDescriptorW)
2717  {
2718  MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
2719 
2720  ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
2721  StringSDRevision, SecurityDescriptor,
2722  SecurityDescriptorSize);
2723  HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
2724  }
2725 
2726  return ret;
2727 }
2728 
2729 /******************************************************************************
2730  * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2731  * @implemented
2732  */
2733 BOOL WINAPI
2735  DWORD StringSDRevision,
2737  PULONG SecurityDescriptorSize)
2738 {
2739  DWORD cBytes;
2740  SECURITY_DESCRIPTOR* psd;
2741  BOOL bret = FALSE;
2742 
2743  TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2744 
2745  if (GetVersion() & 0x80000000)
2746  {
2748  goto lend;
2749  }
2750  else if (!StringSecurityDescriptor || !SecurityDescriptor)
2751  {
2753  goto lend;
2754  }
2755  else if (StringSDRevision != SID_REVISION)
2756  {
2758  goto lend;
2759  }
2760 
2761  /* Compute security descriptor length */
2762  if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2763  NULL, &cBytes))
2764  goto lend;
2765 
2766  psd = *SecurityDescriptor = LocalAlloc(GMEM_ZEROINIT, cBytes);
2767  if (!psd) goto lend;
2768 
2769  psd->Revision = SID_REVISION;
2770  psd->Control |= SE_SELF_RELATIVE;
2771 
2772  if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2773  (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
2774  {
2775  LocalFree(psd);
2776  goto lend;
2777  }
2778 
2779  if (SecurityDescriptorSize)
2780  *SecurityDescriptorSize = cBytes;
2781 
2782  bret = TRUE;
2783 
2784 lend:
2785  TRACE(" ret=%d\n", bret);
2786  return bret;
2787 }
2788 
2789 static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
2790 {
2791  if (cch == -1)
2792  cch = strlenW(string);
2793 
2794  if (plen)
2795  *plen += cch;
2796 
2797  if (pwptr)
2798  {
2799  memcpy(*pwptr, string, sizeof(WCHAR)*cch);
2800  *pwptr += cch;
2801  }
2802 }
2803 
2804 static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
2805 {
2806  DWORD i;
2807  WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
2808  WCHAR subauthfmt[] = { '-','%','u',0 };
2809  WCHAR buf[26];
2810  SID *pisid = psid;
2811 
2812  if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
2813  {
2815  return FALSE;
2816  }
2817 
2818  if (pisid->IdentifierAuthority.Value[0] ||
2819  pisid->IdentifierAuthority.Value[1])
2820  {
2821  FIXME("not matching MS' bugs\n");
2823  return FALSE;
2824  }
2825 
2826  sprintfW( buf, fmt, pisid->Revision,
2827  MAKELONG(
2828  MAKEWORD( pisid->IdentifierAuthority.Value[5],
2829  pisid->IdentifierAuthority.Value[4] ),
2830  MAKEWORD( pisid->IdentifierAuthority.Value[3],
2831  pisid->IdentifierAuthority.Value[2] )
2832  ) );
2833  DumpString(buf, -1, pwptr, plen);
2834 
2835  for( i=0; i<pisid->SubAuthorityCount; i++ )
2836  {
2837  sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
2838  DumpString(buf, -1, pwptr, plen);
2839  }
2840  return TRUE;
2841 }
2842 
2843 static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
2844 {
2845  size_t i;
2846  for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
2847  {
2848  if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
2849  {
2850  DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
2851  return TRUE;
2852  }
2853  }
2854 
2855  return DumpSidNumeric(psid, pwptr, plen);
2856 }
2857 
2858 static const LPCWSTR AceRightBitNames[32] = {
2859  SDDL_CREATE_CHILD, /* 0 */
2863  SDDL_READ_PROPERTY, /* 4 */
2867  SDDL_CONTROL_ACCESS, /* 8 */
2868  NULL,
2869  NULL,
2870  NULL,
2871  NULL, /* 12 */
2872  NULL,
2873  NULL,
2874  NULL,
2875  SDDL_STANDARD_DELETE, /* 16 */
2879  NULL, /* 20 */
2880  NULL,
2881  NULL,
2882  NULL,
2883  NULL, /* 24 */
2884  NULL,
2885  NULL,
2886  NULL,
2887  SDDL_GENERIC_ALL, /* 28 */
2891 };
2892 
2893 static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
2894 {
2895  static const WCHAR fmtW[] = {'0','x','%','x',0};
2896  WCHAR buf[15];
2897  size_t i;
2898 
2899  if (mask == 0)
2900  return;
2901 
2902  /* first check if the right have name */
2903  for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
2904  {
2905  if (AceRights[i].wstr == NULL)
2906  break;
2907  if (mask == AceRights[i].value)
2908  {
2909  DumpString(AceRights[i].wstr, -1, pwptr, plen);
2910  return;
2911  }
2912  }
2913 
2914  /* then check if it can be built from bit names */
2915  for (i = 0; i < 32; i++)
2916  {
2917  if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
2918  {
2919  /* can't be built from bit names */
2920  sprintfW(buf, fmtW, mask);
2921  DumpString(buf, -1, pwptr, plen);
2922  return;
2923  }
2924  }
2925 
2926  /* build from bit names */
2927  for (i = 0; i < 32; i++)
2928  if (mask & (1 << i))
2929  DumpString(AceRightBitNames[i], -1, pwptr, plen);
2930 }
2931 
2932 static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
2933 {
2934  ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
2935  static const WCHAR openbr = '(';
2936  static const WCHAR closebr = ')';
2937  static const WCHAR semicolon = ';';
2938 
2939  if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
2940  {
2942  return FALSE;
2943  }
2944 
2945  piace = pace;
2946  DumpString(&openbr, 1, pwptr, plen);
2947  switch (piace->Header.AceType)
2948  {
2950  DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
2951  break;
2953  DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
2954  break;
2955  case SYSTEM_AUDIT_ACE_TYPE:
2956  DumpString(SDDL_AUDIT, -1, pwptr, plen);
2957  break;
2958  case SYSTEM_ALARM_ACE_TYPE:
2959  DumpString(SDDL_ALARM, -1, pwptr, plen);
2960  break;
2961  }
2962  DumpString(&semicolon, 1, pwptr, plen);
2963 
2964  if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
2965  DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
2966  if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
2967  DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
2969  DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
2970  if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
2971  DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
2972  if (piace->Header.AceFlags & INHERITED_ACE)
2973  DumpString(SDDL_INHERITED, -1, pwptr, plen);
2975  DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
2976  if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
2977  DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
2978  DumpString(&semicolon, 1, pwptr, plen);
2979  DumpRights(piace->Mask, pwptr, plen);
2980  DumpString(&semicolon, 1, pwptr, plen);
2981  /* objects not supported */
2982  DumpString(&semicolon, 1, pwptr, plen);
2983  /* objects not supported */
2984  DumpString(&semicolon, 1, pwptr, plen);
2985  if (!DumpSid((PSID)&piace->SidStart, pwptr, plen))
2986  return FALSE;
2987  DumpString(&closebr, 1, pwptr, plen);
2988  return TRUE;
2989 }
2990 
2991 static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
2992 {
2993  WORD count;
2994  int i;
2995 
2996  if (protected)
2997  DumpString(SDDL_PROTECTED, -1, pwptr, plen);
2998  if (autoInheritReq)
2999  DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
3000  if (autoInherited)
3001  DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
3002 
3003  if (pacl == NULL)
3004  return TRUE;
3005 
3006  if (!IsValidAcl(pacl))
3007  return FALSE;
3008 
3009  count = pacl->AceCount;
3010  for (i = 0; i < count; i++)
3011  {
3012  LPVOID ace;
3013  if (!GetAce(pacl, i, &ace))
3014  return FALSE;
3015  if (!DumpAce(ace, pwptr, plen))
3016  return FALSE;
3017  }
3018 
3019  return TRUE;
3020 }
3021 
3023 {
3024  static const WCHAR prefix[] = {'O',':',0};
3025  BOOL bDefaulted;
3026  PSID psid;
3027 
3028  if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
3029  return FALSE;
3030 
3031  if (psid == NULL)
3032  return TRUE;
3033 
3034  DumpString(prefix, -1, pwptr, plen);
3035  if (!DumpSid(psid, pwptr, plen))
3036  return FALSE;
3037  return TRUE;
3038 }
3039 
3041 {
3042  static const WCHAR prefix[] = {'G',':',0};
3043  BOOL bDefaulted;
3044  PSID psid;
3045 
3046  if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
3047  return FALSE;
3048 
3049  if (psid == NULL)
3050  return TRUE;
3051 
3052  DumpString(prefix, -1, pwptr, plen);
3053  if (!DumpSid(psid, pwptr, plen))
3054  return FALSE;
3055  return TRUE;
3056 }
3057 
3059 {
3060  static const WCHAR dacl[] = {'D',':',0};
3062  BOOL present, defaulted;
3063  DWORD revision;
3064  PACL pacl;
3065 
3066  if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
3067  return FALSE;
3068 
3069  if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3070  return FALSE;
3071 
3072  if (!present)
3073  return TRUE;
3074 
3075  DumpString(dacl, 2, pwptr, plen);
3076  if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
3077  return FALSE;
3078  return TRUE;
3079 }
3080 
3082 {
3083  static const WCHAR sacl[] = {'S',':',0};
3085  BOOL present, defaulted;
3086  DWORD revision;
3087  PACL pacl;
3088 
3089  if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
3090  return FALSE;
3091 
3092  if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3093  return FALSE;
3094 
3095  if (!present)
3096  return TRUE;
3097 
3098  DumpString(sacl, 2, pwptr, plen);
3099  if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
3100  return FALSE;
3101  return TRUE;
3102 }
3103 
3104 /******************************************************************************
3105  * ConvertSecurityDescriptorToStringSecurityDescriptorW [ADVAPI32.@]
3106  */
3108 {
3109  ULONG len;
3110  WCHAR *wptr, *wstr;
3111 
3112  if (SDRevision != SDDL_REVISION_1)
3113  {
3114  ERR("Program requested unknown SDDL revision %d\n", SDRevision);
3116  return FALSE;
3117  }
3118 
3119  len = 0;
3120  if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3121  if (!DumpOwner(SecurityDescriptor, NULL, &len))
3122  return FALSE;
3123  if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3124  if (!DumpGroup(SecurityDescriptor, NULL, &len))
3125  return FALSE;
3126  if (RequestedInformation & DACL_SECURITY_INFORMATION)
3127  if (!DumpDacl(SecurityDescriptor, NULL, &len))
3128  return FALSE;
3129  if (RequestedInformation & SACL_SECURITY_INFORMATION)
3130  if (!DumpSacl(SecurityDescriptor, NULL, &len))
3131  return FALSE;
3132 
3133  wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
3134 #ifdef __REACTOS__
3135  if (wstr == NULL)
3136  return FALSE;
3137 #endif
3138 
3139  if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3140  if (!DumpOwner(SecurityDescriptor, &wptr, NULL)) {
3141  LocalFree (wstr);
3142  return FALSE;
3143  }
3144  if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3145  if (!DumpGroup(SecurityDescriptor, &wptr, NULL)) {
3146  LocalFree (wstr);
3147  return FALSE;
3148  }
3149  if (RequestedInformation & DACL_SECURITY_INFORMATION)
3150  if (!DumpDacl(SecurityDescriptor, &wptr, NULL)) {
3151  LocalFree (wstr);
3152  return FALSE;
3153  }
3154  if (RequestedInformation & SACL_SECURITY_INFORMATION)
3155  if (!DumpSacl(SecurityDescriptor, &wptr, NULL)) {
3156  LocalFree (wstr);
3157  return FALSE;
3158  }
3159  *wptr = 0;
3160 
3161  TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
3162  *OutputString = wstr;
3163  if (OutputLen)
3164  *OutputLen = strlenW(*OutputString)+1;
3165  return TRUE;
3166 }
3167 
3168 /******************************************************************************
3169  * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
3170  */
3172 {
3173  LPWSTR wstr;
3174  ULONG len;
3175  if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
3176  {
3177  int lenA;
3178 
3179  lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
3180  *OutputString = heap_alloc(lenA);
3181 #ifdef __REACTOS__
3182  if (*OutputString == NULL)
3183  {
3184  LocalFree(wstr);
3185  *OutputLen = 0;
3186  return FALSE;
3187  }
3188 #endif
3189  WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
3190  LocalFree(wstr);
3191 
3192  if (OutputLen != NULL)
3193  *OutputLen = lenA;
3194  return TRUE;
3195  }
3196  else
3197  {
3198  *OutputString = NULL;
3199  if (OutputLen)
3200  *OutputLen = 0;
3201  return FALSE;
3202  }
3203 }
3204 
3205 /******************************************************************************
3206  * ConvertStringSidToSidW [ADVAPI32.@]
3207  */
3209 {
3210  BOOL bret = FALSE;
3211  DWORD cBytes;
3212 
3213  TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
3214  if (GetVersion() & 0x80000000)
3216  else if (!StringSid || !Sid)
3218  else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
3219  {
3220  PSID pSid = *Sid = LocalAlloc(0, cBytes);
3221 
3222  bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
3223  if (!bret)
3224  LocalFree(*Sid);
3225  }
3226  return bret;
3227 }
3228 
3229 /******************************************************************************
3230  * ConvertStringSidToSidA [ADVAPI32.@]
3231  */
3233 {
3234  BOOL bret = FALSE;
3235 
3236  TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
3237  if (GetVersion() & 0x80000000)
3239  else if (!StringSid || !Sid)
3241  else
3242  {
3243  WCHAR *wStringSid = SERV_dup(StringSid);
3244  bret = ConvertStringSidToSidW(wStringSid, Sid);
3245  heap_free(wStringSid);
3246  }
3247  return bret;
3248 }
3249 
3250 /*
3251  * @implemented
3252  */
3253 BOOL
3254 WINAPI
3256  LPWSTR *StringSid)
3257 {
3258  NTSTATUS Status;
3260  WCHAR FixedBuffer[64];
3261 
3262  if (!RtlValidSid(Sid))
3263  {
3265  return FALSE;
3266  }
3267 
3268  UnicodeString.Length = 0;
3269  UnicodeString.MaximumLength = sizeof(FixedBuffer);
3270  UnicodeString.Buffer = FixedBuffer;
3271  Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, FALSE);
3272  if (STATUS_BUFFER_TOO_SMALL == Status)
3273  {
3274  Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, TRUE);
3275  }
3276 
3277  if (!NT_SUCCESS(Status))
3278  {
3280  return FALSE;
3281  }
3282 
3283  *StringSid = LocalAlloc(LMEM_FIXED, UnicodeString.Length + sizeof(WCHAR));
3284  if (NULL == *StringSid)
3285  {
3286  if (UnicodeString.Buffer != FixedBuffer)
3287  {
3288  RtlFreeUnicodeString(&UnicodeString);
3289  }
3291  return FALSE;
3292  }
3293 
3294  MoveMemory(*StringSid, UnicodeString.Buffer, UnicodeString.Length);
3295  ZeroMemory((PCHAR) *StringSid + UnicodeString.Length, sizeof(WCHAR));
3296  if (UnicodeString.Buffer != FixedBuffer)
3297  {
3298  RtlFreeUnicodeString(&UnicodeString);
3299  }
3300 
3301  return TRUE;
3302 }
3303 
3304 /*
3305  * @implemented
3306  */
3307 BOOL
3308 WINAPI
3310  LPSTR *StringSid)
3311 {
3312  LPWSTR StringSidW;
3313  int Len;
3314 
3315  if (!ConvertSidToStringSidW(Sid, &StringSidW))
3316  {
3317  return FALSE;
3318  }
3319 
3320  Len = WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, NULL, 0, NULL, NULL);
3321  if (Len <= 0)
3322  {
3323  LocalFree(StringSidW);
3325  return FALSE;
3326  }
3327 
3328  *StringSid = LocalAlloc(LMEM_FIXED, Len);
3329  if (NULL == *StringSid)
3330  {
3331  LocalFree(StringSidW);
3333  return FALSE;
3334  }
3335 
3336  if (!WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, *StringSid, Len, NULL, NULL))
3337  {
3338  LocalFree(StringSid);
3339  LocalFree(StringSidW);
3340  return FALSE;
3341  }
3342 
3343  LocalFree(StringSidW);
3344 
3345  return TRUE;
3346 }
3347 
3348 /*
3349  * @unimplemented
3350  */
3351 BOOL WINAPI
3353  LPCWSTR lpDomain,
3354  LPCWSTR lpPassword,
3355  DWORD dwLogonFlags,
3356  LPCWSTR lpApplicationName,
3357  LPWSTR lpCommandLine,
3358  DWORD dwCreationFlags,
3359  LPVOID lpEnvironment,
3360  LPCWSTR lpCurrentDirectory,
3361  LPSTARTUPINFOW lpStartupInfo,
3362  LPPROCESS_INFORMATION lpProcessInformation)
3363 {
3364  FIXME("%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p stub\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
3365  debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
3366  debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
3367  lpStartupInfo, lpProcessInformation);
3368 
3369  return FALSE;
3370 }
3371 
3372 BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line,
3373  DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info,
3374  PROCESS_INFORMATION *process_information )
3375 {
3376  FIXME("%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n", token,
3377  logon_flags, debugstr_w(application_name), debugstr_w(command_line),
3378  creation_flags, environment, debugstr_w(current_directory),
3379  startup_info, process_information);
3380 
3381  /* FIXME: check if handles should be inherited */
3382  return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
3383  current_directory, startup_info, process_information );
3384 }
3385 
3386 /*
3387  * @implemented
3388  */
3389 BOOL WINAPI
3390 DuplicateTokenEx(IN HANDLE ExistingTokenHandle,
3391  IN DWORD dwDesiredAccess,
3392  IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL,
3395  OUT PHANDLE DuplicateTokenHandle)
3396 {
3398  NTSTATUS Status;
3400 
3401  TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3402  ImpersonationLevel, TokenType, DuplicateTokenHandle);
3403 
3404  Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
3406  Sqos.ContextTrackingMode = 0;
3407  Sqos.EffectiveOnly = FALSE;
3408 
3409  if (lpTokenAttributes != NULL)
3410  {
3411  InitializeObjectAttributes(&ObjectAttributes,
3412  NULL,
3413  lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0,
3414  NULL,
3415  lpTokenAttributes->lpSecurityDescriptor);
3416  }
3417  else
3418  {
3419  InitializeObjectAttributes(&ObjectAttributes,
3420  NULL,
3421  0,
3422  NULL,
3423  NULL);
3424  }
3425 
3426  ObjectAttributes.SecurityQualityOfService = &Sqos;
3427 
3428  Status = NtDuplicateToken(ExistingTokenHandle,
3429  dwDesiredAccess,
3430  &ObjectAttributes,
3431  FALSE,
3432  TokenType,
3433  DuplicateTokenHandle);
3434  if (!NT_SUCCESS(Status))
3435  {
3436  ERR("NtDuplicateToken failed: Status %08x\n", Status);
3438  return FALSE;
3439  }
3440 
3441  TRACE("Returning token %p.\n", *DuplicateTokenHandle);
3442 
3443  return TRUE;
3444 }
3445 
3446 /*
3447  * @implemented
3448  */
3449 BOOL WINAPI
3450 DuplicateToken(IN HANDLE ExistingTokenHandle,
3452  OUT PHANDLE DuplicateTokenHandle)
3453 {
3454  return DuplicateTokenEx(ExistingTokenHandle,
3456  NULL,
3457  ImpersonationLevel,
3459  DuplicateTokenHandle);
3460 }
3461 
3462 /******************************************************************************
3463  * ComputeStringSidSize
3464  */
3466 {
3467  if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
3468  {
3469  int ctok = 0;
3470  while (*StringSid)
3471  {
3472  if (*StringSid == '-')
3473  ctok++;
3474  StringSid++;
3475  }
3476 
3477  if (ctok >= 3)
3478  return GetSidLengthRequired(ctok - 2);
3479  }
3480  else /* String constant format - Only available in winxp and above */
3481  {
3482  unsigned int i;
3483 
3484  for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3485  if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3486  return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
3487 
3488  for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3489  if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3490  {
3491  MAX_SID local;
3492  ADVAPI_GetComputerSid(&local);
3493  return GetSidLengthRequired(*GetSidSubAuthorityCount(&local) + 1);
3494  }
3495 
3496  }
3497 
3498  return GetSidLengthRequired(0);
3499 }
3500 
3501 /******************************************************************************
3502  * ParseStringSidToSid
3503  */
3504 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
3505 {
3506  BOOL bret = FALSE;
3507  SID* pisid=pSid;
3508 
3509  TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
3510  if (!StringSid)
3511  {
3513  TRACE("StringSid is NULL, returning FALSE\n");
3514  return FALSE;
3515  }
3516 
3517  while (*StringSid == ' ')
3518  StringSid++;
3519 
3520  if (!*StringSid)
3521  goto lend; /* ERROR_INVALID_SID */
3522 
3523  *cBytes = ComputeStringSidSize(StringSid);
3524  if (!pisid) /* Simply compute the size */
3525  {
3526  TRACE("only size requested, returning TRUE with %d\n", *cBytes);
3527  return TRUE;
3528  }
3529 
3530  if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
3531  {
3532  DWORD i = 0, identAuth;
3533  DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD));
3534 
3535  StringSid += 2; /* Advance to Revision */
3536  pisid->Revision = atoiW(StringSid);
3537 
3538  if (pisid->Revision != SDDL_REVISION)
3539  {
3540  TRACE("Revision %d is unknown\n", pisid->Revision);
3541  goto lend; /* ERROR_INVALID_SID */
3542  }
3543  if (csubauth == 0)
3544  {
3545  TRACE("SubAuthorityCount is 0\n");
3546  goto lend; /* ERROR_INVALID_SID */
3547  }
3548 
3549  pisid->SubAuthorityCount = csubauth;
3550 
3551  /* Advance to identifier authority */
3552  while (*StringSid && *StringSid != '-')
3553  StringSid++;
3554  if (*StringSid == '-')
3555  StringSid++;
3556 
3557  /* MS' implementation can't handle values greater than 2^32 - 1, so
3558  * we don't either; assume most significant bytes are always 0
3559  */
3560  pisid->IdentifierAuthority.Value[0] = 0;
3561  pisid->IdentifierAuthority.Value[1] = 0;
3562  identAuth = atoiW(StringSid);
3563  pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
3564  pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
3565  pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
3566  pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
3567 
3568  /* Advance to first sub authority */
3569  while (*StringSid && *StringSid != '-')
3570  StringSid++;
3571  if (*StringSid == '-')
3572  StringSid++;
3573 
3574  while (*StringSid)
3575  {
3576  pisid->SubAuthority[i++] = atoiW(StringSid);
3577 
3578  while (*StringSid && *StringSid != '-')
3579  StringSid++;
3580  if (*StringSid == '-')
3581  StringSid++;
3582  }
3583 
3584  if (i != pisid->SubAuthorityCount)
3585  goto lend; /* ERROR_INVALID_SID */
3586 
3587  bret = TRUE;
3588  }
3589  else /* String constant format - Only available in winxp and above */
3590  {
3591  unsigned int i;
3592  pisid->Revision = SDDL_REVISION;
3593 
3594  for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3595  if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3596  {
3597  DWORD j;
3598  pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount;
3599  pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority;
3600  for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
3601  pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j];
3602  bret = TRUE;
3603  }
3604 
3605  for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3606  if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3607  {
3608  ADVAPI_GetComputerSid(pisid);
3609  pisid->SubAuthority[pisid->SubAuthorityCount] = WellKnownRids[i].Rid;
3610  pisid->SubAuthorityCount++;
3611  bret = TRUE;
3612  }
3613 
3614  if (!bret)
3615  FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
3616  }
3617 
3618 lend:
3619  if (!bret)
3621 
3622  TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3623  return bret;
3624 }
3625 
3626 /**********************************************************************
3627  * GetNamedSecurityInfoA EXPORTED
3628  *
3629  * @implemented
3630  */
3631 DWORD
3632 WINAPI
3635  SECURITY_INFORMATION SecurityInfo,
3636  PSID *ppsidOwner,
3637  PSID *ppsidGroup,
3638  PACL *ppDacl,
3639  PACL *ppSacl,
3640  PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
3641 {
3642  DWORD len;
3643  LPWSTR wstr = NULL;
3644  DWORD r;
3645 
3646  TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
3647  ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
3648 
3649  if( pObjectName )
3650  {
3651  len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3652  wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3653  MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3654  }
3655 
3656  r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
3657  ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
3658 
3659  HeapFree( GetProcessHeap(), 0, wstr );
3660 
3661  return r;
3662 }
3663 
3664 /******************************************************************************
3665  * GetWindowsAccountDomainSid [ADVAPI32.@]
3666  */
3668 {
3670  DWORD required_size;
3671  int i;
3672 
3673  FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
3674 
3675  if (!sid || !IsValidSid( sid ))
3676  {
3678  return FALSE;
3679  }
3680 
3681  if (!size)
3682  {
3684  return FALSE;
3685  }
3686 
3687  if (*GetSidSubAuthorityCount( sid ) < 4)
3688  {
3690  return FALSE;
3691  }
3692 
3693  required_size = GetSidLengthRequired( 4 );
3694  if (*size < required_size || !domain_sid)
3695  {
3696  *size = required_size;
3697  SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER :
3699  return FALSE;
3700  }
3701 
3702  InitializeSid( domain_sid, &domain_ident, 4 );
3703  for (i = 0; i < 4; i++)
3704  *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
3705 
3706  *size = required_size;
3707  return TRUE;
3708 }
3709 
3710 /*
3711  * @unimplemented
3712  */
3713 BOOL
3714 WINAPI
3716  IN PSID pSid2,
3717  OUT BOOL* pfEqual)
3718 {
3719  UNIMPLEMENTED;
3720  return FALSE;
3721 }
3722 
3723 /* EOF */
DWORD *typedef PVOID
Definition: winlogon.h:61
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
signed char * PCHAR
Definition: retypes.h:7
#define ERROR_INVALID_PARAMETER
Definition: compat.h:91
#define FILE_GENERIC_READ
Definition: nt_native.h:653
#define SECURITY_BATCH_RID
Definition: setypes.h:530
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
LPWSTR WINAPI GetTrusteeNameW(PTRUSTEE_W pTrustee)
Definition: security.c:2115
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1147
static const WCHAR SDDL_OBJECT_INHERIT[]
Definition: security.c:165
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
GUID ObjectTypeGuid
Definition: accctrl.h:349
ObjectType
Definition: metafile.c:80
#define SDDL_GENERIC_WRITE
Definition: sddl.h:66
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
#define STATUS_NOT_ALL_ASSIGNED
Definition: ntstatus.h:85
#define SDDL_WRITE_PROPERTY
Definition: sddl.h:52
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:207
GLint level
Definition: gl.h:1546
#define IN
Definition: typedefs.h:38
#define SE_SACL_PRESENT
Definition: setypes.h:769
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
Definition: security.c:2556
#define ERROR_BAD_PROVIDER
Definition: winerror.h:707
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
BOOL WINAPI ImpersonateNamedPipeClient(HANDLE hNamedPipe)
Definition: security.c:899
#define SDDL_GENERIC_EXECUTE
Definition: sddl.h:67
#define GENERIC_ALL
Definition: nt_native.h:92
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
#define ACE_OBJECT_TYPE_PRESENT
Definition: winnt_old.h:106
GLenum GLclampf GLint GLenum GLuint GLenum GLenum GLsizei GLenum const GLvoid GLfloat GLfloat GLfloat GLfloat GLclampd GLint GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean GLboolean GLboolean GLboolean GLint GLenum GLsizei const GLvoid GLenum GLint GLenum GLint GLint GLsizei GLint GLenum GLint GLint GLint GLint GLsizei GLenum GLsizei const GLuint GLboolean GLenum GLenum GLint GLsizei GLenum GLsizei GLenum const GLvoid GLboolean const GLboolean GLenum const GLdouble const GLfloat const GLdouble const GLfloat GLenum GLint GLint GLint GLint GLint GLint j
Definition: glfuncs.h:98
unsigned short WORD
Definition: ntddk_ex.h:93
Definition: get.c:139
UCHAR AceFlags
Definition: ms-dtyp.idl:211
#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS
Definition: setypes.h:644
#define TRUE
Definition: types.h:120
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR _Inout_ LPDWORD _Out_ LPDWORD lpLanguageId
Definition: winbase.h:2730
_In_ PLUID lpLuid
Definition: winbase.h:2749
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:626
#define DOMAIN_GROUP_RID_GUESTS
Definition: setypes.h:613
TRUSTEE_FORM TrusteeForm
Definition: accctrl.h:215
NTSTATUS NTAPI NtPrivilegeCheck(IN HANDLE ClientToken, IN PPRIVILEGE_SET RequiredPrivileges, OUT PBOOLEAN Result)
Definition: priv.c:600
#define SECURITY_THIS_ORGANIZATION_RID
Definition: setypes.h:544
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP
Definition: setypes.h:756
*BytesInUnicodeString PWCH UnicodeString
Definition: rtlfuncs.h:1980
#define SE_SELF_RELATIVE
Definition: setypes.h:780
WINE_UNICODE_INLINE unsigned int strlenW(const WCHAR *str)
Definition: unicode.h:212
static const WCHAR SDDL_INHERITED[]
Definition: security.c:168
Type
Definition: Type.h:6
BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
Definition: security.c:1041
ACCESS_MODE grfAccessMode
Definition: accctrl.h:333
#define ERROR_SUCCESS
Definition: deptool.c:10
enum _ACL_INFORMATION_CLASS ACL_INFORMATION_CLASS
#define SECURITY_TERMINAL_SERVER_RID
Definition: setypes.h:542
#define WideCharToMultiByte
Definition: compat.h:101
#define FILE_ALL_ACCESS
Definition: nt_native.h:651
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1197
static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3022
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR InheritedObjectTypeName
Definition: security.c:77
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:881
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:205
struct _ACEFLAG ACEFLAG
USHORT MaximumLength
Definition: env_spec_w32.h:370
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
Definition: security.c:3171
#define FSCTL_PIPE_IMPERSONATE
Definition: winioctl.h:85
VOID WINAPI QuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
Definition: sec.c:377
#define DOMAIN_GROUP_RID_SCHEMA_ADMINS
Definition: setypes.h:617
* PSID_IDENTIFIER_AUTHORITY
Definition: setypes.h:436
#define MAKEWORD(a, b)
Definition: typedefs.h:247
BOOL WINAPI SetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:2143
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
#define SDDL_DELETE_CHILD
Definition: sddl.h:54
static const WCHAR SDDL_CONTAINER_INHERIT[]
Definition: security.c:164
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:320
#define KEY_READ
Definition: nt_native.h:1023
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
static const WELLKNOWNSID WellKnownSids[]
Definition: security.c:43
__wchar_t WCHAR
Definition: xmlstorage.h:180
USHORT AclSize
Definition: ms-dtyp.idl:296
#define SDDL_AUTO_INHERITED
Definition: sddl.h:46
BOOL WINAPI RevertToSelf(VOID)
Definition: security.c:1483
#define ADS_RIGHT_DS_CREATE_CHILD
Definition: security.c:151
BOOL WINAPI MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
Definition: security.c:825
GLdouble GLdouble GLdouble r
Definition: gl.h:2055
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:629
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:709
#define CP_ACP
Definition: compat.h:99
DWORD SubAuthority[*]
Definition: ms-dtyp.idl:202
static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2843
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:804
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:704
int WINAPI lstrcmpW(LPCWSTR lpString1, LPCWSTR lpString2)
Definition: lstring.c:170
#define ADS_RIGHT_DS_DELETE_CHILD
Definition: security.c:152
static LPSTR(WINAPI *pGetTrusteeNameA)(PTRUSTEEA pTrustee)
BOOL WINAPI AddAccessAllowedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:938
BYTE SubAuthorityCount
Definition: security.c:31
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
BOOL WINAPI LookupAccountNameA(LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
Definition: security.c:1684
#define SECURITY_DIALUP_RID
Definition: setypes.h:528
unsigned char * PUCHAR
Definition: retypes.h:3
DWORD ObjectsPresent
Definition: accctrl.h:356
#define SID_REVISION
Definition: setypes.h:453
unsigned char * LPBYTE
Definition: typedefs.h:52
DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: security.c:2170
_In_ CLIPOBJ _In_ BRUSHOBJ _In_ LONG x1
Definition: winddi.h:3706
DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: security.c:3633
#define WARN(fmt,...)
Definition: debug.h:111
BOOL WINAPI SetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: security.c:1354
#define ERROR_INVALID_SID
Definition: winerror.h:819
enum _ACCESS_MODE ACCESS_MODE
BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID *Sid)
Definition: security.c:3208
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:603
VOID WINAPI BuildTrusteeWithNameW(PTRUSTEE_W pTrustee, LPWSTR name)
Definition: security.c:2063
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
Definition: security.c:1738
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:914
#define SECURITY_NETWORK_RID
Definition: setypes.h:529
BOOL WINAPI LookupPrivilegeNameW(LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, LPDWORD cchName)
Definition: misc.c:832
#define ADS_RIGHT_DS_CONTROL_ACCESS
Definition: security.c:159
SIZE_T LPPROCESS_INFORMATION
Definition: cordebug.idl:86
#define SDDL_WRITE_DAC
Definition: sddl.h:61
_In_ DWORD nLength
Definition: wincon.h:461
#define NtCurrentThread()
_In_ LPCSTR lpName
Definition: winbase.h:2729
struct _TRUSTEE_A * pMultipleTrustee
Definition: accctrl.h:204
#define SECURITY_MANDATORY_MEDIUM_RID
Definition: setypes.h:657
TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEE_A pTrustee)
Definition: security.c:2124
TRUSTEE_A Trustee
Definition: accctrl.h:335
VOID WINAPI BuildExplicitAccessWithNameA(PEXPLICIT_ACCESSA pExplicitAccess, LPSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
Definition: security.c:1802
#define DOMAIN_ALIAS_RID_DCOM_USERS
Definition: setypes.h:645
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
Definition: security.c:3107
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
WCHAR wstr[2]
Definition: security.c:102
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
FT_UInt sid
Definition: cffcmap.c:139
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define ZeroMemory
Definition: winbase.h:1635
struct _ACCESS_ALLOWED_ACE ACCESS_ALLOWED_ACE
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
struct _ACEFLAG * LPACEFLAG
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:216
SIZE_T LPSTARTUPINFOW
Definition: cordebug.idl:85
static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3081
BOOL WINAPI CreateProcessWithLogonW(LPCWSTR lpUsername, LPCWSTR lpDomain, LPCWSTR lpPassword, DWORD dwLogonFlags, LPCWSTR lpApplicationName, LPWSTR lpCommandLine, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
Definition: security.c:3352
static DWORD ParseAceStringRights(LPCWSTR *StringAcl)
Definition: security.c:2379
NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, ULONG FsControlCode, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength)
VOID WINAPI BuildTrusteeWithSidA(PTRUSTEE_A pTrustee, PSID pSid)
Definition: security.c:2014
BOOL WINAPI IsValidAcl(PACL pAcl)
Definition: security.c:1084
BOOL WINAPI SetThreadToken(IN PHANDLE ThreadHandle OPTIONAL, IN HANDLE TokenHandle)
Definition: security.c:459
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:727
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:627
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:531
#define TOKEN_IMPERSONATE
Definition: setypes.h:873
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:328
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define SECURITY_NULL_SID_AUTHORITY
Definition: setypes.h:496
SE_OBJECT_TYPE ObjectType
Definition: accctrl.h:366
#define WRITE_OWNER
Definition: nt_native.h:60
#define FILE_SHARE_WRITE
Definition: nt_native.h:681
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:771
static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2804
TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
Definition: security.c:2091
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:339
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:716
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
struct WELLKNOWNSID WELLKNOWNSID
#define SE_DACL_PRESENT
Definition: setypes.h:767
#define MoveMemory
Definition: winbase.h:1632
char * LPSTR
Definition: xmlstorage.h:182
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:257
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3255
enum _TRUSTEE_TYPE TRUSTEE_TYPE
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
ACE_HEADER Header
Definition: ms-dtyp.idl:216
#define lstrlenW
Definition: compat.h:407
USHORT AceCount
Definition: ms-dtyp.idl:297
_In_ ULONG Revision
Definition: rtlfuncs.h:1104
TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEE_W pTrustee)
Definition: security.c:2133
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
DWORD DWORD
Definition: winlogon.h:84
#define SDDL_KEY_EXECUTE
Definition: sddl.h:75
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76
#define SE_DACL_AUTO_INHERITED
Definition: setypes.h:775
DWORD WINAPI GetVersion(VOID)
Definition: version.c:22
static DWORD ParseAclStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2226
static void * heap_alloc(size_t len)
Definition: appwiz.h:65
#define FILE_SHARE_READ
Definition: compat.h:125
static BOOL
Definition: security.c:72
HANDLE hObject
Definition: wglext.h:924
#define SECURITY_PACKAGE_SCHANNEL_RID
Definition: setypes.h:560
static const WCHAR SDDL_OBJECT_ACCESS_DENIED[]
Definition: security.c:138
WINE_UNICODE_INLINE int strncmpW(const WCHAR *str1, const WCHAR *str2, int n)
Definition: unicode.h:235
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:52
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR LPSTR Name
Definition: security.c:77
VOID WINAPI BuildTrusteeWithNameA(PTRUSTEE_A pTrustee, LPSTR name)
Definition: security.c:2047
static const WCHAR SDDL_NO_PROPAGATE[]
Definition: security.c:166
LPSTR ptstrName
Definition: accctrl.h:208
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength,*ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
Definition: token.c:3177
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
static const char * debugstr_sid(PSID sid)
Definition: security.c:172
const char * wine_dbg_sprintf(const char *format,...)
Definition: compat.c:271
NTSYSAPI BOOLEAN NTAPI RtlAreAnyAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)
VOID WINAPI BuildTrusteeWithObjectsAndNameA(PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName, SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName, LPSTR InheritedObjectTypeName, LPSTR Name)
Definition: security.c:1844
static const SID sidWorld
Definition: security.c:124
GLuint const GLchar * name
Definition: glext.h:6031
static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[]
Definition: security.c:137
static const WCHAR SDDL_ACCESS_ALLOWED[]
Definition: security.c:134
#define SDDL_KEY_ALL
Definition: sddl.h:72
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103
BYTE Revision
Definition: security.c:30
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2706
static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags, PACL pAcl, LPDWORD cBytes)
Definition: security.c:2434
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:721
#define SDDL_DELETE_TREE
Definition: sddl.h:58
#define DOMAIN_GROUP_RID_COMPUTERS
Definition: setypes.h:614
#define SDDL_LIST_OBJECT
Definition: sddl.h:57
#define SECURITY_PRINCIPAL_SELF_RID
Definition: setypes.h:539
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
USHORT AceSize
Definition: ms-dtyp.idl:212
LPWSTR InheritedObjectTypeName
Definition: accctrl.h:368
NTSYSAPI NTSTATUS WINAPI RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PDWORD, PACL, PDWORD, PACL, PDWORD, PSID, PDWORD, PSID, PDWORD)
GLenum GLclampf GLint i
Definition: glfuncs.h:14
#define DOMAIN_GROUP_RID_ADMINS
Definition: setypes.h:611
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:722
GLenum GLint GLuint mask
Definition: glext.h:6028
static unsigned char bytes[4]
Definition: adnsresfilter.c:74
#define SDDL_KEY_WRITE
Definition: sddl.h:74
static const WCHAR SDDL_AUDIT_FAILURE[]
Definition: security.c:170
static BYTE ParseAceStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2308
#define FALSE
Definition: types.h:117
BOOL ADVAPI_GetComputerSid(PSID sid)
Definition: security.c:271
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
_In_ ULONG BufferLength
Definition: usbdlib.h:225
BOOL WINAPI GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
Definition: sec.c:21
#define SECURITY_LOCAL_SID_AUTHORITY
Definition: setypes.h:502
static const WCHAR SDDL_NO_EXECUTE_UP[]
Definition: security.c:129
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
PVOID WINAPI FreeSid(PSID pSid)
Definition: security.c:573
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:603
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
#define GENERIC_WRITE
Definition: nt_native.h:90
#define debugstr_w
Definition: kernel32.h:32
WELL_KNOWN_SID_TYPE Type
Definition: security.c:103
#define SECURITY_MANDATORY_LABEL_AUTHORITY
Definition: setypes.h:654
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
#define FIXME(fmt,...)
Definition: debug.h:110
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
char * wine_dbgstr_w(const wchar_t *wstr)
Definition: CString.cpp:62
#define SDDL_WRITE_OWNER
Definition: sddl.h:62
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)
BOOL WINAPI SetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
Definition: security.c:435
#define ADS_RIGHT_DS_DELETE_TREE
Definition: security.c:157
NTSTATUS NTAPI NtAdjustGroupsToken(IN HANDLE TokenHandle, IN BOOLEAN ResetToDefault, IN PTOKEN_GROUPS NewState, IN ULONG BufferLength, OUT PTOKEN_GROUPS PreviousState OPTIONAL, OUT PULONG ReturnLength)
Definition: token.c:3041
const WCHAR * str
#define SECURITY_PACKAGE_BASE_RID
Definition: setypes.h:557
#define MAKELONG(a, b)
Definition: typedefs.h:248
#define ACE_INHERITED_OBJECT_TYPE_PRESENT
Definition: winnt_old.h:107
static DWORD DWORD void LPSTR DWORD cch
Definition: str.c:201
#define ADS_RIGHT_DS_SELF
Definition: security.c:154
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:454
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
SE_OBJECT_TYPE ObjectType
Definition: accctrl.h:357
#define SDDL_FILE_EXECUTE
Definition: sddl.h:71
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD cbSid
Definition: winbase.h:2682
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
#define SDDL_FILE_ALL
Definition: sddl.h:68
BOOL WINAPI AddAuditAccessAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
Definition: security.c:1651
#define DOMAIN_GROUP_RID_POLICY_ADMINS
Definition: setypes.h:619
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
Definition: security.c:249
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
VOID WINAPI BuildTrusteeWithObjectsAndSidW(PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
Definition: security.c:1966
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
static POBJECTS_AND_NAME_A pObjName
Definition: security.c:77
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
BOOL WINAPI AccessCheckByType(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID PrincipalSelfSid, HANDLE ClientToken, DWORD DesiredAccess, POBJECT_TYPE_LIST ObjectTypeList, DWORD ObjectTypeListLength, PGENERIC_MAPPING GenericMapping, PPRIVILEGE_SET PrivilegeSet, LPDWORD PrivilegeSetLength, LPDWORD GrantedAccess, LPBOOL AccessStatus)
Definition: security.c:1575
NTSTATUS NTAPI NtSetInformationThread(IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength)
Definition: query.c:1967
const char * LPCSTR
Definition: xmlstorage.h:183
VOID WINAPI BuildTrusteeWithObjectsAndSidA(PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
Definition: security.c:1917
DWORD WINAPI GetSecurityInfoExW(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup)
Definition: security.c:1784
BOOL WINAPI AreAnyAccessesGranted(DWORD GrantedAccess, DWORD DesiredAccess)
Definition: security.c:2216
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:547
BOOL WINAPI AddAccessDeniedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:989
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
struct WELLKNOWNRID WELLKNOWNRID
DWORD WINAPI GetSecurityInfoExA(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup)
Definition: security.c:1764
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
Definition: proc.c:4650
GLuint GLfloat * val
Definition: glext.h:7180
#define FILE_GENERIC_EXECUTE
Definition: nt_native.h:668
static const ACEFLAG AceRights[]
Definition: security.c:2341
#define LMEM_FIXED
Definition: winbase.h:349
#define KEY_WRITE
Definition: nt_native.h:1031
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:715
_In_ HANDLE Handle
Definition: extypes.h:390
NTSYSAPI NTSTATUS NTAPI NtOpenFile(OUT PHANDLE phFile, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG ShareMode, IN ULONG OpenMode)
Definition: file.c:3508
int token
Definition: lex.c:71
unsigned char BOOLEAN
#define DOMAIN_USER_RID_GUEST
Definition: setypes.h:604
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803
BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID *Sid)
Definition: security.c:3232
enum _SID_NAME_USE * PSID_NAME_USE
#define TRACE(s)
Definition: solgame.cpp:4
#define DOMAIN_USER_RID_KRBTGT
Definition: setypes.h:605
#define SECURITY_CREATOR_GROUP_SERVER_RID
Definition: setypes.h:520
#define SDDL_CREATE_CHILD
Definition: sddl.h:53
#define SECURITY_ENTERPRISE_CONTROLLERS_RID
Definition: setypes.h:537
unsigned int BOOL
Definition: ntddk_ex.h:94
WINE_DEFAULT_DEBUG_CHANNEL(inetcpl)
GLsizeiptr size
Definition: glext.h:5919
BOOL WINAPI AddAccessDeniedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:965
LONG NTSTATUS
Definition: precomp.h:26
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
WCHAR wstr[2]
Definition: security.c:38
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
BOOL WINAPI CreateRestrictedToken(HANDLE baseToken, DWORD flags, DWORD nDisableSids, PSID_AND_ATTRIBUTES disableSids, DWORD nDeletePrivs, PLUID_AND_ATTRIBUTES deletePrivs, DWORD nRestrictSids, PSID_AND_ATTRIBUTES restrictSids, PHANDLE newToken)
Definition: security.c:500
#define TOKEN_QUERY
Definition: setypes.h:874
static POBJECTS_AND_SID pObjSid
Definition: security.c:83
#define SE_SACL_AUTO_INHERIT_REQ
Definition: setypes.h:774
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid)
#define DOMAIN_ALIAS_RID_BACKUP_OPS
Definition: setypes.h:632
#define debugstr_a
Definition: kernel32.h:31
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3450
DWORD WINAPI GetLengthSid(PSID pSid)
Definition: security.c:794
GLenum GLuint GLenum GLsizei length
Definition: glext.h:5579
Definition: security.c:35
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104
BOOL WINAPI AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT LPDWORD PrivilegeSetLength, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus)
Definition: security.c:1525
BOOL WINAPI SetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: security.c:1384
#define OBJ_INHERIT
Definition: winternl.h:225
DWORD grfInheritance
Definition: accctrl.h:342
static POBJECTS_AND_SID GUID GUID * pInheritedObjectGuid
Definition: security.c:83
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
#define SDDL_FILE_READ
Definition: sddl.h:69
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
#define CopyMemory
Definition: winbase.h:1633
#define SE_DACL_PROTECTED
Definition: setypes.h:777
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
Definition: setypes.h:630
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:2704
static const WCHAR SDDL_AUDIT[]
Definition: security.c:140
ACCESS_MODE grfAccessMode
Definition: accctrl.h:341
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define SECURITY_LOCAL_RID
Definition: setypes.h:514
VOID WINAPI BuildTrusteeWithSidW(PTRUSTEE_W pTrustee, PSID pSid)
Definition: security.c:2031
struct _TRUSTEE_W * pMultipleTrustee
Definition: accctrl.h:213
TRUSTEE_W Trustee
Definition: accctrl.h:343
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define WRITE_DAC
Definition: nt_native.h:59
static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2893
NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
#define Len
Definition: deflate.h:82
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
GLuint GLuint GLsizei count
Definition: gl.h:1545
#define SDDL_STANDARD_DELETE
Definition: sddl.h:63
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR ReferencedDomainName
Definition: winbase.h:2684
#define ADS_RIGHT_DS_READ_PROP
Definition: security.c:155
#define SetLastError(x)
Definition: compat.h:409
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:737
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3390
static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3058
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define SECURITY_PROXY_RID
Definition: setypes.h:536
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:686
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3393
GLbitfield flags
Definition: glext.h:7161
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define RPC_S_INVALID_STRING_UUID
Definition: winerror.h:1016
NTSYSAPI NTSTATUS NTAPI RtlAddAce(_Inout_ PACL Acl, _In_ ULONG AceRevision, _In_ ULONG StartingAceIndex, _In_reads_bytes_(AceListLength) PVOID AceList, _In_ ULONG AceListLength)
#define READ_CONTROL
Definition: nt_native.h:58
#define SECURITY_CREATOR_OWNER_RID
Definition: setypes.h:517
#define SECURITY_OTHER_ORGANIZATION_RID
Definition: setypes.h:591
#define SECURITY_NULL_RID
Definition: setypes.h:512
_In_ PUNICODE_STRING Name
Definition: mrx.h:218
NTSYSAPI BOOLEAN NTAPI RtlFirstFreeAce(PACL Acl, PACE *Ace)
unsigned char UCHAR
Definition: xmlstorage.h:181
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
Definition: setypes.h:618
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE ObjectType
Definition: security.c:77
int ret
UCHAR AceType
Definition: ms-dtyp.idl:210
BOOL WINAPI ConvertSidToStringSidA(PSID Sid, LPSTR *StringSid)
Definition: security.c:3309
#define SE_SACL_PROTECTED
Definition: setypes.h:778
const XML_Char * prefix
Definition: expat.h:380
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
DWORD ObjectsPresent
Definition: accctrl.h:365
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:214
#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS
Definition: setypes.h:643
WELL_KNOWN_SID_TYPE Type
Definition: security.c:39
BOOL WINAPI GetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:862
static const WCHAR SDDL_INHERIT_ONLY[]
Definition: security.c:167
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:414
LPWSTR ptstrName
Definition: accctrl.h:217
BOOL WINAPI SynchronizeWindows31FilesAndWindowsNTRegistry(DWORD x1, DWORD x2, DWORD x3, DWORD x4)
Definition: security.c:1471
#define DOMAIN_ALIAS_RID_MONITORING_USERS
Definition: setypes.h:641
USHORT Sbz2
Definition: ms-dtyp.idl:298
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
DWORD grfInheritance
Definition: accctrl.h:334
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:783
GLenum GLsizei len
Definition: glext.h:6722
#define GENERIC_READ
Definition: compat.h:124
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
MAX_SID Sid
Definition: security.c:40
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
Definition: rtlfuncs.h:1487
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: security.c:32
#define SECURITY_MANDATORY_SYSTEM_RID
Definition: setypes.h:659
BOOL WINAPI LookupPrivilegeDisplayNameA(LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
Definition: security.c:1114
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:548
#define WINAPI
Definition: msvc.h:20
#define debugstr_wn
Definition: kernel32.h:33
static DWORD ComputeStringSidSize(LPCWSTR StringSid)
Definition: security.c:3465
enum _TOKEN_TYPE TOKEN_TYPE
NTSYSAPI NTSTATUS NTAPI RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: priv.c:45
unsigned char BYTE
Definition: ntddk_ex.h:96
static const WCHAR SDDL_ALARM[]
Definition: security.c:141
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:372
Status
Definition: gdiplustypes.h:24
#define FILE_GENERIC_WRITE
Definition: nt_native.h:660
UCHAR Sbz1
Definition: ms-dtyp.idl:295
static const WCHAR SDDL_NO_WRITE_UP[]
Definition: security.c:128
static const WCHAR SDDL_MANDATORY_LABEL[]
Definition: security.c:142
struct _MAX_SID MAX_SID
BOOL WINAPI SetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: security.c:1600
#define local
Definition: zutil.h:30
#define ADS_RIGHT_DS_LIST_OBJECT
Definition: security.c:158
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
static POBJECTS_AND_SID GUID * pObjectGuid
Definition: security.c:83
#define ERR(fmt,...)
Definition: debug.h:109
#define SECURITY_MANDATORY_HIGH_RID
Definition: setypes.h:658
#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS
Definition: setypes.h:639
BOOL WINAPI GetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:1279
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:240
static LPWSTR SERV_dup(LPCSTR str)
Definition: security.c:231
static HANDLE FileHandle
Definition: cabinet.c:48
#define SECURITY_PACKAGE_NTLM_RID
Definition: setypes.h:559
static const ACEFLAG AceType[]
Definition: security.c:2255
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define SDDL_AUTO_INHERIT_REQ
Definition: sddl.h:45
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID _In_ BOOLEAN _In_opt_ LONG _Out_opt_ PBOOLEAN PreviousState
Definition: zwfuncs.h:428
NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid(PSID Sid1, PSID Sid2)
#define SYSTEM_ALARM_ACE_TYPE
Definition: setypes.h:688
struct _FileName FileName
Definition: fatprocs.h:884
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationAcl(PACL, LPVOID, DWORD, ACL_INFORMATION_CLASS)
static __inline BOOL set_ntstatus(NTSTATUS status)
Definition: security.c:225
static const WCHAR SDDL_NO_READ_UP[]
Definition: security.c:127
BOOL WINAPI GetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:1248
UCHAR AclRevision
Definition: ms-dtyp.idl:294
DWORD *typedef HANDLE
Definition: winlogon.h:61
#define SECURITY_CREATOR_GROUP_RID
Definition: setypes.h:518
NTSTATUS NTAPI RtlSetInformationAcl(IN PACL Acl, IN PVOID Information, IN ULONG InformationLength, IN ACL_INFORMATION_CLASS InformationClass)
Definition: acl.c:785
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
Definition: security.c:334
BOOL * LPBOOL
Definition: windef.h:162
VOID WINAPI BuildExplicitAccessWithNameW(PEXPLICIT_ACCESSW pExplicitAccess, LPWSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
Definition: security.c:1824
BOOL WINAPI AreAllAccessesGranted(DWORD GrantedAccess, DWORD DesiredAccess)
Definition: security.c:2204
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
BOOL WINAPI LookupPrivilegeDisplayNameW(LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
Definition: misc.c:901
#define SDDL_FILE_WRITE
Definition: sddl.h:70
struct _ACCESS_ALLOWED_ACE * PACCESS_ALLOWED_ACE
#define SYSTEM_MANDATORY_LABEL_NO_READ_UP
Definition: setypes.h:755
#define ERROR_UNKNOWN_REVISION
Definition: winerror.h:787
#define SECURITY_MANDATORY_LOW_RID
Definition: setypes.h:656
static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2932
NTSTATUS NTAPI NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:529
#define SECURITY_REMOTE_LOGON_RID
Definition: setypes.h:543
BOOL WINAPI EqualPrefixSid(PSID pSid1, PSID pSid2)
Definition: security.c:716
#define ADS_RIGHT_ACTRL_DS_LIST
Definition: security.c:153
#define SDDL_KEY_READ
Definition: sddl.h:73
WELL_KNOWN_SID_TYPE
Definition: setypes.h:427
ACCESS_MASK Mask
Definition: ms-dtyp.idl:217
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
Definition: security.c:1061
DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES]
Definition: security.c:33
static const LPCWSTR AceRightBitNames[32]
Definition: security.c:2858
#define SE_SACL_AUTO_INHERITED
Definition: setypes.h:776
#define SDDL_GENERIC_READ
Definition: sddl.h:65
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
DWORD grfAccessPermissions
Definition: accctrl.h:340
BOOL WINAPI EqualDomainSid(IN PSID pSid1, IN PSID pSid2, OUT BOOL *pfEqual)
Definition: security.c:3715
BOOL WINAPI AllocateLocallyUniqueId(PLUID Luid)
Definition: security.c:1093
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
#define SDDL_GENERIC_ALL
Definition: sddl.h:64
_In_ ULONG dwAceRevision
Definition: rtlfuncs.h:1115
#define sprintfW
Definition: unicode.h:58
#define INHERITED_ACE
Definition: ph.h:47
BOOL WINAPI FindFirstFreeAce(PACL pAcl, LPVOID *pAce)
Definition: security.c:1051
BOOL WINAPI LookupPrivilegeNameA(LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
Definition: security.c:1174
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
#define KEY_EXECUTE
Definition: nt_native.h:1037
#define DOMAIN_ALIAS_RID_REPLICATOR
Definition: setypes.h:634
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define DOMAIN_GROUP_RID_USERS
Definition: setypes.h:612
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
unsigned int * PULONG
Definition: retypes.h:1
#define SECURITY_PACKAGE_DIGEST_RID
Definition: setypes.h:561
#define SDDL_READ_PROPERTY
Definition: sddl.h:51
NTSYSAPI NTSTATUS NTAPI RtlDeleteAce(PACL Acl, ULONG AceIndex)
#define SECURITY_RESTRICTED_CODE_RID
Definition: setypes.h:541
unsigned int UINT
Definition: ndis.h:50
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:292
DWORD grfAccessPermissions
Definition: accctrl.h:332
static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2789
static PSID pSid
Definition: security.c:74
NTSYSAPI BOOLEAN NTAPI RtlAreAllAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)
TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
Definition: security.c:2078
BOOL WINAPI AddAce(PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
Definition: security.c:1016
VOID WINAPI BuildTrusteeWithObjectsAndNameW(PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName, SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName, LPWSTR InheritedObjectTypeName, LPWSTR Name)
Definition: security.c:1880
HANDLE hThread
Definition: wizard.c:27
DWORD * PDWORD
Definition: pedump.c:68
#define MultiByteToWideChar
Definition: compat.h:100
GUID InheritedObjectTypeGuid
Definition: accctrl.h:350
_In_ CLIPOBJ _In_ BRUSHOBJ _In_ LONG _In_ LONG _In_ LONG x2
Definition: winddi.h:3706
#define ADS_RIGHT_DS_WRITE_PROP
Definition: security.c:156
#define ERROR_NOT_ALL_ASSIGNED
Definition: winerror.h:782
#define SECURITY_CREATOR_OWNER_SERVER_RID
Definition: setypes.h:519
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Definition: token.c:2372
#define ACL_REVISION
Definition: setypes.h:39
#define SDDL_SELF_WRITE
Definition: sddl.h:56
#define DOMAIN_ALIAS_RID_PRINT_OPS
Definition: setypes.h:631
NTSTATUS NTAPI NtOpenThreadToken(IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle)
Definition: token.c:3816
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)
PVOID SecurityQualityOfService
Definition: umtypes.h:188
#define SDDL_REVISION
Definition: sddl.h:31
Definition: name.c:36
static const WCHAR SDDL_OBJECT_AUDIT[]
Definition: security.c:144
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
Definition: setypes.h:754
#define OUT
Definition: typedefs.h:39
DWORD ObjectsPresent
Definition: accctrl.h:348