153#define ADS_RIGHT_DS_CREATE_CHILD 0x0001
154#define ADS_RIGHT_DS_DELETE_CHILD 0x0002
155#define ADS_RIGHT_ACTRL_DS_LIST 0x0004
156#define ADS_RIGHT_DS_SELF 0x0008
157#define ADS_RIGHT_DS_READ_PROP 0x0010
158#define ADS_RIGHT_DS_WRITE_PROP 0x0020
159#define ADS_RIGHT_DS_DELETE_TREE 0x0040
160#define ADS_RIGHT_DS_LIST_OBJECT 0x0080
161#define ADS_RIGHT_DS_CONTROL_ACCESS 0x0100
257 if (!ServerName || !ServerName[0])
262 if (
Result && (ServerName[0] ==
'\\') && (ServerName[1] ==
'\\'))
280 DWORD SubAuthority[4];
284 memcpy(
sid, &computer_sid,
sizeof(computer_sid) );
307 WARN(
"NtOpenProcessToken failed! Status %08x\n",
Status);
375 BOOL DisableAllPrivileges,
384 DisableAllPrivileges,
557 if (SidsToDisable !=
NULL)
560 if (DisableSids ==
NULL)
576 if (PrivilegesToDelete !=
NULL)
579 if (DeletePrivileges ==
NULL)
596 if (SidsToRestrict !=
NULL)
599 if (RestrictedSids ==
NULL)
608 RestrictedSids->
GroupCount = RestrictedSidCount;
639 if (DisableSids !=
NULL)
644 if (DeletePrivileges !=
NULL)
649 if (RestrictedSids !=
NULL)
675 BYTE nSubAuthorityCount,
683 pIdentifierAuthority, nSubAuthorityCount,
684 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
685 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
769 if (*
cbSid < output_sid_length)
771 *
cbSid = output_sid_length;
783 *
cbSid = output_sid_length;
864 BYTE nSubAuthorityCount)
869 pIdentifierAuthority,
952 LPDWORD lpdwAbsoluteSecurityDescriptorSize,
965 pAbsoluteSecurityDescriptor,
966 lpdwAbsoluteSecurityDescriptorSize,
974 lpdwPrimaryGroupSize);
994 TRACE(
"(%p,0x%08x,%p,0x%08x,%p)\n",
Handle, RequestedInformation,
995 pSecurityDescriptor,
nLength, lpnLengthNeeded);
1008 DWORD dwAclRevision)
1028 TRACE(
"(%p)\n", hNamedPipe);
1143 DWORD dwStartingAceIndex,
1145 DWORD nAceListLength)
1197 DWORD nAclInformationLength,
1201 nAclInformationLength, dwAclInformationClass));
1389 RequestedInformation,
1390 pSecurityDescriptor,
1417 TRACE(
"GetFileSecurityW() called\n");
1426 ERR(
"Invalid path\n");
1450 ERR(
"NtOpenFile() failed (Status %lx)\n",
Status);
1456 RequestedInformation,
1457 pSecurityDescriptor,
1463 ERR(
"NtQuerySecurityObject() failed (Status %lx)\n",
Status);
1494 pSecurityDescriptor);
1520 TRACE(
"SetFileSecurityW() called\n");
1529 ERR(
"Invalid path\n");
1553 ERR(
"NtOpenFile() failed (Status %lx)\n",
Status);
1560 pSecurityDescriptor);
1565 ERR(
"NtSetSecurityObject() failed (Status %lx)\n",
Status);
1599 FIXME(
"(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",
x1,
x2,x3,x4);
1668 (
PULONG)PrivilegeSetLength,
1788 ObjectTypeListLength,
1895 DWORD ResultListIndex;
1903 ObjectTypeListLength,
1915 for (ResultListIndex = 0; ResultListIndex < ObjectTypeListLength; ResultListIndex++)
2017 LPDWORD hReferencedDomainNameLength,
2031 *hReferencedDomainNameLength *
sizeof(
WCHAR));
2037 lpReferencedDomainNameW,
2038 hReferencedDomainNameLength,
2041 if (
ret && lpReferencedDomainNameW)
2045 lpReferencedDomainNameW,
2046 *hReferencedDomainNameLength + 1,
2048 *hReferencedDomainNameLength + 1,
2132 DWORD AccessPermissions,
2154 DWORD AccessPermissions,
2176 DWORD ObjectsPresent = 0;
2212 DWORD ObjectsPresent = 0;
2251 DWORD ObjectsPresent = 0;
2300 DWORD ObjectsPresent = 0;
2408 TRACE(
"(%p)\n", pTrustee);
2421 TRACE(
"(%p)\n", pTrustee);
2473 DWORD nAclInformationLength,
2480 nAclInformationLength,
2481 dwAclInformationClass);
2559 while (*szAcl && *szAcl !=
'(')
2565 else if (*szAcl ==
'A')
2570 else if (*szAcl ==
'I')
2605 while (*szAcl ==
' ')
2608 while (lpaf->
wstr &&
2616 *StringAcl = szAcl +
len;
2642 while (*szAcl ==
' ')
2645 while (*szAcl !=
';')
2649 while (lpaf->
wstr &&
2713 while (*szAcl ==
' ')
2716 if ((*szAcl ==
'0') && (*(szAcl + 1) ==
'x'))
2720 while (*
p && *
p !=
';')
2723 if (
p - szAcl <= 10 )
2733 while (*szAcl !=
';')
2737 while (lpaf->
wstr &&
2747 rights |= lpaf->
value;
2785 while (*StringAcl ==
'(')
2793 if (*StringAcl !=
';')
2804 if (*StringAcl !=
';')
2812 if (*StringAcl !=
';')
2817 while (*StringAcl ==
' ')
2819 if (*StringAcl !=
';')
2821 FIXME(
"Support for *_OBJECT_ACE_TYPE not implemented\n");
2827 while (*StringAcl ==
' ')
2829 if (*StringAcl !=
';')
2831 FIXME(
"Support for *_OBJECT_ACE_TYPE not implemented\n");
2839 while (*StringAcl && *StringAcl !=
')')
2843 if (*StringAcl !=
')')
2861 ERR(
"ACL too large\n");
2877 WARN(
"Invalid ACE string format\n");
2885 LPCWSTR StringSecurityDescriptor,
2903 while (*StringSecurityDescriptor ==
' ')
2904 StringSecurityDescriptor++;
2906 while (*StringSecurityDescriptor)
2908 toktype = *StringSecurityDescriptor;
2911 StringSecurityDescriptor++;
2912 if (*StringSecurityDescriptor !=
':')
2917 StringSecurityDescriptor++;
2920 lptoken = StringSecurityDescriptor;
2921 while (*lptoken && *lptoken !=
':')
2927 len = lptoken - StringSecurityDescriptor;
3010 FIXME(
"Unknown token\n");
3015 StringSecurityDescriptor = lptoken;
3033 DWORD StringSDRevision,
3035 PULONG SecurityDescriptorSize)
3039 LPWSTR StringSecurityDescriptorW;
3044 if (StringSecurityDescriptorW)
3050 SecurityDescriptorSize);
3063 DWORD StringSDRevision,
3065 PULONG SecurityDescriptorSize)
3095 if (!psd)
goto lend;
3107 if (SecurityDescriptorSize)
3108 *SecurityDescriptorSize = cBytes;
3113 TRACE(
" ret=%d\n", bret);
3135 WCHAR fmt[] = {
'S',
'-',
'%',
'u',
'-',
'%',
'd',0 };
3136 WCHAR subauthfmt[] = {
'-',
'%',
'u',0 };
3149 FIXME(
"not matching MS' bugs\n");
3223 static const WCHAR fmtW[] = {
'0',
'x',
'%',
'x',0};
3243 for (
i = 0;
i < 32;
i++)
3255 for (
i = 0;
i < 32;
i++)
3256 if (
mask & (1 <<
i))
3263 static const WCHAR openbr =
'(';
3264 static const WCHAR closebr =
')';
3265 static const WCHAR semicolon =
';';
3343 if (!
DumpAce(ace, pwptr, plen))
3352 static const WCHAR prefix[] = {
'O',
':',0};
3363 if (!
DumpSid(psid, pwptr, plen))
3370 static const WCHAR prefix[] = {
'G',
':',0};
3381 if (!
DumpSid(psid, pwptr, plen))
3388 static const WCHAR dacl[] = {
'D',
':',0};
3390 BOOL present, defaulted;
3411 static const WCHAR sacl[] = {
'S',
':',0};
3413 BOOL present, defaulted;
3442 ERR(
"Program requested unknown SDDL revision %d\n", SDRevision);
3490 *OutputString = wstr;
3492 *OutputLen =
strlenW(*OutputString)+1;
3510 if (*OutputString ==
NULL)
3520 if (OutputLen !=
NULL)
3526 *OutputString =
NULL;
3544 else if (!StringSid || !
Sid)
3567 else if (!StringSid || !
Sid)
3588 WCHAR FixedBuffer[64];
3612 if (
NULL == *StringSid)
3657 if (
NULL == *StringSid)
3685 if (pEnvironment ==
NULL)
3708 if (pEnvironment ==
NULL)
3747 TRACE(
"CreateProcessWithLogonW(%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p)\n",
debugstr_w(lpUsername),
debugstr_w(lpDomain),
3750 lpStartupInfo, lpProcessInformation);
3755 L"\\pipe\\seclogon",
3760 WARN(
"RpcStringBindingCompose returned 0x%x\n",
Status);
3770 WARN(
"RpcBindingFromStringBinding returned 0x%x\n",
Status);
3776 WARN(
"RpcStringFree returned 0x%x\n",
Status);
3790 Request.Environment = lpEnvironment;
3792 TRACE(
"Request.dwEnvironmentSize %lu\n",
Request.dwEnvironmentSize);
3793 TRACE(
"Request.Environment %p\n",
Request.Environment);
3795 Request.dwLogonFlags = dwLogonFlags;
3796 Request.dwCreationFlags = dwCreationFlags;
3799 TRACE(
"Request.dwProcessId %lu\n",
Request.dwProcessId);
3822 WARN(
"RpcBindingFree returned 0x%x\n",
Status);
3836 TRACE(
"CreateProcessWithLogonW() done\n");
3845 FIXME(
"%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n",
token,
3847 creation_flags, environment,
debugstr_w(current_directory),
3848 startup_info, process_information);
3852 current_directory, startup_info, process_information );
3870 TRACE(
"%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3878 if (lpTokenAttributes !=
NULL)
3882 lpTokenAttributes->bInheritHandle ?
OBJ_INHERIT : 0,
3884 lpTokenAttributes->lpSecurityDescriptor);
3902 DuplicateTokenHandle);
3905 ERR(
"NtDuplicateToken failed: Status %08x\n",
Status);
3910 TRACE(
"Returning token %p.\n", *DuplicateTokenHandle);
3928 DuplicateTokenHandle);
3936 if (StringSid[0] ==
'S' && StringSid[1] ==
'-')
3941 if (*StringSid ==
'-')
3982 TRACE(
"StringSid is NULL, returning FALSE\n");
3986 while (*StringSid ==
' ')
3995 TRACE(
"only size requested, returning TRUE with %d\n", *cBytes);
3999 if (StringSid[0] ==
'S' && StringSid[1] ==
'-')
4014 TRACE(
"SubAuthorityCount is 0\n");
4021 while (*StringSid && *StringSid !=
'-')
4023 if (*StringSid ==
'-')
4031 identAuth =
atoiW(StringSid);
4038 while (*StringSid && *StringSid !=
'-')
4040 if (*StringSid ==
'-')
4047 while (*StringSid && *StringSid !=
'-')
4049 if (*StringSid ==
'-')
4091 TRACE(
"returning %s\n", bret ?
"TRUE" :
"FALSE");
4115 TRACE(
"%s %d %d %p %p %p %p %p\n", pObjectName,
ObjectType, SecurityInfo,
4116 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
4126 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
4139 DWORD required_size;
4142 FIXME(
"(%p %p %p): semi-stub\n",
sid, domain_sid,
size );
4163 if (*
size < required_size || !domain_sid)
4165 *
size = required_size;
4172 for (
i = 0;
i < 4;
i++)
4175 *
size = required_size;
static GENERIC_MAPPING GenericMapping
enum _ACCESS_MODE ACCESS_MODE
enum _TRUSTEE_FORM TRUSTEE_FORM
enum _TRUSTEE_TYPE TRUSTEE_TYPE
@ TRUSTEE_IS_OBJECTS_AND_SID
@ TRUSTEE_IS_OBJECTS_AND_NAME
enum _SE_OBJECT_TYPE SE_OBJECT_TYPE
NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on an object.
NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
ACPI_SIZE strlen(const char *String)
static unsigned char bytes[4]
static void * heap_alloc(size_t len)
static BOOL heap_free(void *mem)
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
VOID __stdcall SeclCreateProcessWithLogonW(_In_ handle_t hBinding, _In_ SECL_REQUEST *pRequest, _Out_ SECL_RESPONSE *pResponse)
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
SIZE_T LPPROCESS_INFORMATION
#define ERROR_NOT_ENOUGH_MEMORY
#define ERROR_INSUFFICIENT_BUFFER
#define NT_SUCCESS(StatCode)
BOOL WINAPI LookupAccountNameW(LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, LPDWORD cbSid, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
BOOL WINAPI LookupPrivilegeDisplayNameW(LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
BOOL WINAPI LookupPrivilegeNameW(LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, LPDWORD cchName)
DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
BOOL WINAPI GetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
static DWORD GetAnsiEnvironmentSize(PVOID pEnvironment)
#define ADS_RIGHT_DS_LIST_OBJECT
BOOL WINAPI LookupAccountNameA(LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
static const WCHAR SDDL_AUDIT_FAILURE[]
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
static const ACEFLAG AceFlags[]
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
static const WELLKNOWNRID WellKnownRids[]
BOOL WINAPI CreateRestrictedToken(_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
Creates a filtered token that is a restricted one of the regular access token. A restricted token can...
BOOL WINAPI SetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID *Sid)
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
BOOL WINAPI SetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
static DWORD ParseAclStringFlags(LPCWSTR *StringAcl)
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
BOOL WINAPI LookupPrivilegeDisplayNameA(LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEE_W pTrustee)
static const ACEFLAG AceRights[]
static BYTE ParseAceStringFlags(LPCWSTR *StringAcl)
static const WCHAR SDDL_CONTAINER_INHERIT[]
static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
struct _ACEFLAG * LPACEFLAG
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
static const WCHAR SDDL_AUDIT[]
static LPWSTR SERV_dup(LPCSTR str)
static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
DWORD WINAPI GetSecurityInfoExA(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup)
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID *Sid)
BOOL WINAPI EqualPrefixSid(PSID pSid1, PSID pSid2)
#define ADS_RIGHT_DS_DELETE_TREE
#define ADS_RIGHT_ACTRL_DS_LIST
VOID WINAPI BuildTrusteeWithSidA(PTRUSTEE_A pTrustee, PSID pSid)
DWORD WINAPI GetSecurityInfoExW(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup)
LPWSTR WINAPI GetTrusteeNameW(PTRUSTEE_W pTrustee)
static const WCHAR SDDL_NO_WRITE_UP[]
BOOL WINAPI ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
BOOL WINAPI AddAccessDeniedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
static const WCHAR SDDL_OBJECT_AUDIT[]