ReactOS 0.4.16-dev-1493-ge7358c5
security.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * FILE: lib/rtl/security.c
5 * PURPOSE: Security related functions and Security Objects
6 * PROGRAMMER: Eric Kohl
7 */
8
9/* INCLUDES *******************************************************************/
10
11#include <rtl.h>
12#define NDEBUG
13#include <debug.h>
14
15/* PRIVATE FUNCTIONS **********************************************************/
16
17NTSTATUS
18NTAPI
19RtlpSetSecurityObject(IN PVOID Object OPTIONAL,
20 IN SECURITY_INFORMATION SecurityInformation,
21 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
22 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
23 IN ULONG AutoInheritFlags,
24 IN ULONG PoolType,
25 IN PGENERIC_MAPPING GenericMapping,
26 IN HANDLE Token OPTIONAL)
27{
28 PISECURITY_DESCRIPTOR_RELATIVE pNewSd = NULL;
29 PSID pOwnerSid = NULL;
30 PSID pGroupSid = NULL;
31 PACL pDacl = NULL;
32 PACL pSacl = NULL;
33 BOOLEAN Defaulted;
34 BOOLEAN Present;
35 ULONG ulOwnerSidSize = 0, ulGroupSidSize = 0;
36 ULONG ulDaclSize = 0, ulSaclSize = 0;
37 ULONG ulNewSdSize;
38 SECURITY_DESCRIPTOR_CONTROL Control = SE_SELF_RELATIVE;
39 PUCHAR pDest;
40 NTSTATUS Status = STATUS_SUCCESS;
41
42 DPRINT("RtlpSetSecurityObject()\n");
43
44 /* Change the Owner SID */
45 if (SecurityInformation & OWNER_SECURITY_INFORMATION)
46 {
47 Status = RtlGetOwnerSecurityDescriptor(ModificationDescriptor, &pOwnerSid, &Defaulted);
48 if (!NT_SUCCESS(Status))
49 return Status;
50 }
51 else
52 {
53 Status = RtlGetOwnerSecurityDescriptor(*ObjectsSecurityDescriptor, &pOwnerSid, &Defaulted);
54 if (!NT_SUCCESS(Status))
55 return Status;
56 }
57
58 if (pOwnerSid == NULL || !RtlValidSid(pOwnerSid))
59 return STATUS_INVALID_OWNER;
60
61 ulOwnerSidSize = RtlLengthSid(pOwnerSid);
62
63 /* Change the Group SID */
64 if (SecurityInformation & GROUP_SECURITY_INFORMATION)
65 {
66 Status = RtlGetGroupSecurityDescriptor(ModificationDescriptor, &pGroupSid, &Defaulted);
67 if (!NT_SUCCESS(Status))
68 return Status;
69 }
70 else
71 {
72 Status = RtlGetGroupSecurityDescriptor(*ObjectsSecurityDescriptor, &pGroupSid, &Defaulted);
73 if (!NT_SUCCESS(Status))
74 return Status;
75 }
76
77 if (pGroupSid == NULL || !RtlValidSid(pGroupSid))
78 return STATUS_INVALID_PRIMARY_GROUP;
79
80 ulGroupSidSize = ROUND_UP(RtlLengthSid(pGroupSid), sizeof(ULONG));
81
82 /* Change the DACL */
83 if (SecurityInformation & DACL_SECURITY_INFORMATION)
84 {
85 Status = RtlGetDaclSecurityDescriptor(ModificationDescriptor, &Present, &pDacl, &Defaulted);
86 if (!NT_SUCCESS(Status))
87 return Status;
88
89 Control |= SE_DACL_PRESENT;
90 }
91 else
92 {
93 Status = RtlGetDaclSecurityDescriptor(*ObjectsSecurityDescriptor, &Present, &pDacl, &Defaulted);
94 if (!NT_SUCCESS(Status))
95 return Status;
96
97 if (Present)
98 Control |= SE_DACL_PRESENT;
99
100 if (Defaulted)
101 Control |= SE_DACL_DEFAULTED;
102 }
103
104 if (pDacl != NULL)
105 ulDaclSize = pDacl->AclSize;
106
107 /* Change the SACL */
108 if (SecurityInformation & SACL_SECURITY_INFORMATION)
109 {
110 Status = RtlGetSaclSecurityDescriptor(ModificationDescriptor, &Present, &pSacl, &Defaulted);
111 if (!NT_SUCCESS(Status))
112 return Status;
113
114 Control |= SE_SACL_PRESENT;
115 }
116 else
117 {
118 Status = RtlGetSaclSecurityDescriptor(*ObjectsSecurityDescriptor, &Present, &pSacl, &Defaulted);
119 if (!NT_SUCCESS(Status))
120 return Status;
121
122 if (Present)
123 Control |= SE_SACL_PRESENT;
124
125 if (Defaulted)
126 Control |= SE_SACL_DEFAULTED;
127 }
128
129 if (pSacl != NULL)
130 ulSaclSize = pSacl->AclSize;
131
132 /* Calculate the size of the new security descriptor */
133 ulNewSdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE) +
134 ROUND_UP(ulOwnerSidSize, sizeof(ULONG)) +
135 ROUND_UP(ulGroupSidSize, sizeof(ULONG)) +
136 ROUND_UP(ulDaclSize, sizeof(ULONG)) +
137 ROUND_UP(ulSaclSize, sizeof(ULONG));
138
139 /* Allocate the new security descriptor */
140 pNewSd = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulNewSdSize);
141 if (pNewSd == NULL)
142 {
143 Status = STATUS_NO_MEMORY;
144 DPRINT1("New security descriptor allocation failed (Status 0x%08lx)\n", Status);
145 goto done;
146 }
147
148 /* Initialize the new security descriptor */
149 Status = RtlCreateSecurityDescriptorRelative(pNewSd, SECURITY_DESCRIPTOR_REVISION);
150 if (!NT_SUCCESS(Status))
151 {
152 DPRINT1("New security descriptor creation failed (Status 0x%08lx)\n", Status);
153 goto done;
154 }
155
156 /* Set the security descriptor control flags */
157 pNewSd->Control = Control;
158
159 pDest = (PUCHAR)((ULONG_PTR)pNewSd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
160
161 /* Copy the SACL */
162 if (pSacl != NULL)
163 {
164 RtlCopyMemory(pDest, pSacl, ulSaclSize);
165 pNewSd->Sacl = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
166 pDest = pDest + ROUND_UP(ulSaclSize, sizeof(ULONG));
167 }
168
169 /* Copy the DACL */
170 if (pDacl != NULL)
171 {
172 RtlCopyMemory(pDest, pDacl, ulDaclSize);
173 pNewSd->Dacl = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
174 pDest = pDest + ROUND_UP(ulDaclSize, sizeof(ULONG));
175 }
176
177 /* Copy the Owner SID */
178 RtlCopyMemory(pDest, pOwnerSid, ulOwnerSidSize);
179 pNewSd->Owner = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
180 pDest = pDest + ROUND_UP(ulOwnerSidSize, sizeof(ULONG));
181
182 /* Copy the Group SID */
183 RtlCopyMemory(pDest, pGroupSid, ulGroupSidSize);
184 pNewSd->Group = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;
185
186 /* Free the old security descriptor */
187 RtlFreeHeap(RtlGetProcessHeap(), 0, (PVOID)*ObjectsSecurityDescriptor);
188
189 /* Return the new security descriptor */
190 *ObjectsSecurityDescriptor = (PSECURITY_DESCRIPTOR)pNewSd;
191
192done:
193 if (!NT_SUCCESS(Status))
194 {
195 if (pNewSd != NULL)
196 RtlFreeHeap(RtlGetProcessHeap(), 0, pNewSd);
197 }
198
199 return Status;
200}
201
202NTSTATUS
203NTAPI
204RtlpNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor,
205 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
206 OUT PSECURITY_DESCRIPTOR *NewDescriptor,
207 IN LPGUID *ObjectTypes,
208 IN ULONG GuidCount,
209 IN BOOLEAN IsDirectoryObject,
210 IN ULONG AutoInheritFlags,
211 IN HANDLE Token,
212 IN PGENERIC_MAPPING GenericMapping)
213{
214 UNIMPLEMENTED;
215 return STATUS_NOT_IMPLEMENTED;
216}
217
218NTSTATUS
219NTAPI
220RtlpConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor,
221 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
222 OUT PSECURITY_DESCRIPTOR *NewDescriptor,
223 IN LPGUID ObjectType,
224 IN BOOLEAN IsDirectoryObject,
225 IN PGENERIC_MAPPING GenericMapping)
226{
227 UNIMPLEMENTED;
228 return STATUS_NOT_IMPLEMENTED;
229}
230
231/* PUBLIC FUNCTIONS ***********************************************************/
232
233/*
234 * @implemented
235 */
236NTSTATUS
237NTAPI
238RtlDefaultNpAcl(OUT PACL *pAcl)
239{
240 NTSTATUS Status;
241 HANDLE TokenHandle;
242 PTOKEN_OWNER OwnerSid;
243 ULONG ReturnLength = 0;
244 ULONG AclSize;
245 SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
246 SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
247
248 C_ASSERT(sizeof(ACE) == FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart));
249
250 /*
251 * Temporary buffer large enough to hold a maximum of two SIDs.
252 * An alternative is to call RtlAllocateAndInitializeSid many times...
253 */
254 UCHAR SidBuffer[FIELD_OFFSET(SID, SubAuthority)
255 + 2*RTL_FIELD_SIZE(SID, SubAuthority)];
256 PSID Sid = (PSID)&SidBuffer;
257
258 ASSERT(RtlLengthRequiredSid(2) == sizeof(SidBuffer));
259
260 /* Initialize the user ACL pointer */
261 *pAcl = NULL;
262
263 /*
264 * Try to retrieve the SID of the current owner. For that,
265 * we first attempt to get the current thread level token.
266 */
267 Status = NtOpenThreadToken(NtCurrentThread(),
268 TOKEN_QUERY,
269 TRUE,
270 &TokenHandle);
271 if (Status == STATUS_NO_TOKEN)
272 {
273 /*
274 * No thread level token, so use the process level token.
275 * This is the common case since the only time a thread
276 * has a token is when it is impersonating.
277 */
278 Status = NtOpenProcessToken(NtCurrentProcess(),
279 TOKEN_QUERY,
280 &TokenHandle);
281 }
282 /* Fail if we didn't succeed in retrieving a handle to the token */
283 if (!NT_SUCCESS(Status)) return Status;
284
285 /*
286 * Retrieve the owner SID from the token.
287 */
288
289 /* Query the needed size... */
290 Status = NtQueryInformationToken(TokenHandle,
291 TokenOwner,
292 NULL, 0,
293 &ReturnLength);
294 /* ... so that we must fail with STATUS_BUFFER_TOO_SMALL error */
295 if (Status != STATUS_BUFFER_TOO_SMALL) goto Cleanup1;
296
297 /* Allocate space for the owner SID */
298 OwnerSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ReturnLength);
299 if (OwnerSid == NULL)
300 {
301 Status = STATUS_NO_MEMORY;
302 goto Cleanup1;
303 }
304
305 /* Retrieve the owner SID; we must succeed */
306 Status = NtQueryInformationToken(TokenHandle,
307 TokenOwner,
308 OwnerSid,
309 ReturnLength,
310 &ReturnLength);
311 if (!NT_SUCCESS(Status)) goto Cleanup2;
312
313 /*
314 * Allocate one ACL with 5 ACEs.
315 */
316 AclSize = sizeof(ACL) + // Header
317 5 * sizeof(ACE) + // 5 ACEs:
318 RtlLengthRequiredSid(1) + // LocalSystem
319 RtlLengthRequiredSid(2) + // Administrators
320 RtlLengthRequiredSid(1) + // Anonymous
321 RtlLengthRequiredSid(1) + // World
322 RtlLengthSid(OwnerSid->Owner); // Owner
323
324 *pAcl = RtlAllocateHeap(RtlGetProcessHeap(), 0, AclSize);
325 if (*pAcl == NULL)
326 {
327 Status = STATUS_NO_MEMORY;
328 goto Cleanup2;
329 }
330
331 /*
332 * Build the ACL and add the five ACEs.
333 */
334 Status = RtlCreateAcl(*pAcl, AclSize, ACL_REVISION2);
335 ASSERT(NT_SUCCESS(Status));
336
337 /* Local System SID - Generic All */
338 Status = RtlInitializeSid(Sid, &NtAuthority, 1);
339 ASSERT(NT_SUCCESS(Status));
340 *RtlSubAuthoritySid(Sid, 0) = SECURITY_LOCAL_SYSTEM_RID;
341 Status = RtlAddAccessAllowedAce(*pAcl, ACL_REVISION2, GENERIC_ALL, Sid);
342 ASSERT(NT_SUCCESS(Status));
343
344 /* Administrators SID - Generic All */
345 Status = RtlInitializeSid(Sid, &NtAuthority, 2);
346 ASSERT(NT_SUCCESS(Status));
347 *RtlSubAuthoritySid(Sid, 0) = SECURITY_BUILTIN_DOMAIN_RID;
348 *RtlSubAuthoritySid(Sid, 1) = DOMAIN_ALIAS_RID_ADMINS;
349 Status = RtlAddAccessAllowedAce(*pAcl, ACL_REVISION2, GENERIC_ALL, Sid);
350 ASSERT(NT_SUCCESS(Status));
351
352 /* Owner SID - Generic All */
353 RtlAddAccessAllowedAce(*pAcl, ACL_REVISION2, GENERIC_ALL, OwnerSid->Owner);
354 ASSERT(NT_SUCCESS(Status));
355
356 /* Anonymous SID - Generic Read */
357 Status = RtlInitializeSid(Sid, &NtAuthority, 1);
358 ASSERT(NT_SUCCESS(Status));
359 *RtlSubAuthoritySid(Sid, 0) = SECURITY_ANONYMOUS_LOGON_RID;
360 Status = RtlAddAccessAllowedAce(*pAcl, ACL_REVISION2, GENERIC_READ, Sid);
361 ASSERT(NT_SUCCESS(Status));
362
363 /* World SID - Generic Read */
364 Status = RtlInitializeSid(Sid, &WorldAuthority, 1);
365 ASSERT(NT_SUCCESS(Status));
366 *RtlSubAuthoritySid(Sid, 0) = SECURITY_WORLD_RID;
367 Status = RtlAddAccessAllowedAce(*pAcl, ACL_REVISION2, GENERIC_READ, Sid);
368 ASSERT(NT_SUCCESS(Status));
369
370 /* If some problem happened, cleanup everything */
371 if (!NT_SUCCESS(Status))
372 {
373 RtlFreeHeap(RtlGetProcessHeap(), 0, *pAcl);
374 *pAcl = NULL;
375 }
376
377Cleanup2:
378 /* Get rid of the owner SID */
379 RtlFreeHeap(RtlGetProcessHeap(), 0, OwnerSid);
380
381Cleanup1:
382 /* Close the token handle */
383 NtClose(TokenHandle);
384
385 /* Done */
386 return Status;
387}
388
389/*
390 * @unimplemented
391 */
392NTSTATUS
393NTAPI
394RtlCreateAndSetSD(IN PRTL_ACE_DATA AceData,
395 IN ULONG AceCount,
396 IN PSID OwnerSid OPTIONAL,
397 IN PSID GroupSid OPTIONAL,
398 OUT PSECURITY_DESCRIPTOR *NewDescriptor)
399{
400 UNIMPLEMENTED;
401 return STATUS_NOT_IMPLEMENTED;
402}
403
404/*
405 * @implemented
406 */
407NTSTATUS
408NTAPI
409RtlDeleteSecurityObject(IN PSECURITY_DESCRIPTOR *ObjectDescriptor)
410{
411 DPRINT1("RtlDeleteSecurityObject(%p)\n", ObjectDescriptor);
412
413 /* Free the object from the heap */
414 RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectDescriptor);
415 return STATUS_SUCCESS;
416}
417
418/*
419 * @implemented
420 */
421NTSTATUS
422NTAPI
423RtlNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor,
424 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
425 OUT PSECURITY_DESCRIPTOR *NewDescriptor,
426 IN BOOLEAN IsDirectoryObject,
427 IN HANDLE Token,
428 IN PGENERIC_MAPPING GenericMapping)
429{
430 DPRINT1("RtlNewSecurityObject(%p)\n", ParentDescriptor);
431
432 /* Call the internal API */
433 return RtlpNewSecurityObject(ParentDescriptor,
434 CreatorDescriptor,
435 NewDescriptor,
436 NULL,
437 0,
438 IsDirectoryObject,
439 0,
440 Token,
441 GenericMapping);
442}
443
444/*
445 * @implemented
446 */
447NTSTATUS
448NTAPI
449RtlNewSecurityObjectEx(IN PSECURITY_DESCRIPTOR ParentDescriptor,
450 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
451 OUT PSECURITY_DESCRIPTOR *NewDescriptor,
452 IN LPGUID ObjectType,
453 IN BOOLEAN IsDirectoryObject,
454 IN ULONG AutoInheritFlags,
455 IN HANDLE Token,
456 IN PGENERIC_MAPPING GenericMapping)
457{
458 DPRINT1("RtlNewSecurityObjectEx(%p)\n", ParentDescriptor);
459
460 /* Call the internal API */
461 return RtlpNewSecurityObject(ParentDescriptor,
462 CreatorDescriptor,
463 NewDescriptor,
464 ObjectType ? &ObjectType : NULL,
465 ObjectType ? 1 : 0,
466 IsDirectoryObject,
467 AutoInheritFlags,
468 Token,
469 GenericMapping);
470}
471
472/*
473 * @implemented
474 */
475NTSTATUS
476NTAPI
477RtlNewSecurityObjectWithMultipleInheritance(IN PSECURITY_DESCRIPTOR ParentDescriptor,
478 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
479 OUT PSECURITY_DESCRIPTOR *NewDescriptor,
480 IN LPGUID *ObjectTypes,
481 IN ULONG GuidCount,
482 IN BOOLEAN IsDirectoryObject,
483 IN ULONG AutoInheritFlags,
484 IN HANDLE Token,
485 IN PGENERIC_MAPPING GenericMapping)
486{
487 DPRINT1("RtlNewSecurityObjectWithMultipleInheritance(%p)\n", ParentDescriptor);
488
489 /* Call the internal API */
490 return RtlpNewSecurityObject(ParentDescriptor,
491 CreatorDescriptor,
492 NewDescriptor,
493 ObjectTypes,
494 GuidCount,
495 IsDirectoryObject,
496 AutoInheritFlags,
497 Token,
498 GenericMapping);
499}
500
501/*
502 * @implemented
503 */
504NTSTATUS
505NTAPI
506RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged,
507 IN BOOLEAN CreatorDescriptorChanged,
508 IN PLUID OldClientTokenModifiedId,
509 OUT PLUID NewClientTokenModifiedId,
510 IN PSECURITY_DESCRIPTOR ParentDescriptor,
511 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
512 OUT PSECURITY_DESCRIPTOR *NewDescriptor,
513 IN BOOLEAN IsDirectoryObject,
514 IN HANDLE Token,
515 IN PGENERIC_MAPPING GenericMapping)
516{
517 TOKEN_STATISTICS TokenStats;
518 ULONG Size;
519 NTSTATUS Status;
520 DPRINT1("RtlNewInstanceSecurityObject(%p)\n", ParentDescriptor);
521
522 /* Query the token statistics */
523 Status = NtQueryInformationToken(Token,
524 TokenStatistics,
525 &TokenStats,
526 sizeof(TokenStats),
527 &Size);
528 if (!NT_SUCCESS(Status)) return Status;
529
530 /* Return the LUID */
531 *NewClientTokenModifiedId = TokenStats.ModifiedId;
532
533 /* Check if the LUID changed */
534 if (RtlEqualLuid(NewClientTokenModifiedId, OldClientTokenModifiedId))
535 {
536 /* Did nothing change? */
537 if (!(ParentDescriptorChanged) && !(CreatorDescriptorChanged))
538 {
539 /* There's no new descriptor, we're done */
540 *NewDescriptor = NULL;
541 return STATUS_SUCCESS;
542 }
543 }
544
545 /* Call the standard API */
546 return RtlNewSecurityObject(ParentDescriptor,
547 CreatorDescriptor,
548 NewDescriptor,
549 IsDirectoryObject,
550 Token,
551 GenericMapping);
552}
553
554/*
555 * @implemented
556 */
557NTSTATUS
558NTAPI
559RtlCreateUserSecurityObject(IN PRTL_ACE_DATA AceData,
560 IN ULONG AceCount,
561 IN PSID OwnerSid,
562 IN PSID GroupSid,
563 IN BOOLEAN IsDirectoryObject,
564 IN PGENERIC_MAPPING GenericMapping,
565 OUT PSECURITY_DESCRIPTOR *NewDescriptor)
566{
567 NTSTATUS Status;
568 PSECURITY_DESCRIPTOR Sd;
569 HANDLE TokenHandle;
570 DPRINT1("RtlCreateUserSecurityObject(%p)\n", AceData);
571
572 /* Create the security descriptor based on the ACE Data */
573 Status = RtlCreateAndSetSD(AceData,
574 AceCount,
575 OwnerSid,
576 GroupSid,
577 &Sd);
578 if (!NT_SUCCESS(Status)) return Status;
579
580 /* Open the process token */
581 Status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, &TokenHandle);
582 if (!NT_SUCCESS(Status)) goto Quickie;
583
584 /* Create the security object */
585 Status = RtlNewSecurityObject(NULL,
586 Sd,
587 NewDescriptor,
588 IsDirectoryObject,
589 TokenHandle,
590 GenericMapping);
591
592 /* We're done, close the token handle */
593 NtClose(TokenHandle);
594
595Quickie:
596 /* Free the SD and return status */
597 RtlFreeHeap(RtlGetProcessHeap(), 0, Sd);
598 return Status;
599}
600
601/*
602 * @implemented
603 */
604NTSTATUS
605NTAPI
606RtlNewSecurityGrantedAccess(IN ACCESS_MASK DesiredAccess,
607 OUT PPRIVILEGE_SET Privileges,
608 IN OUT PULONG Length,
609 IN HANDLE Token,
610 IN PGENERIC_MAPPING GenericMapping,
611 OUT PACCESS_MASK RemainingDesiredAccess)
612{
613 NTSTATUS Status;
614 BOOLEAN Granted, CallerToken;
615 TOKEN_STATISTICS TokenStats;
616 ULONG Size;
617 DPRINT1("RtlNewSecurityGrantedAccess(%lx)\n", DesiredAccess);
618
619 /* Has the caller passed a token? */
620 if (!Token)
621 {
622 /* Remember that we'll have to close the handle */
623 CallerToken = FALSE;
624
625 /* Nope, open it */
626 Status = NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY, TRUE, &Token);
627 if (!NT_SUCCESS(Status)) return Status;
628 }
629 else
630 {
631 /* Yep, use it */
632 CallerToken = TRUE;
633 }
634
635 /* Get information on the token */
636 Status = NtQueryInformationToken(Token,
637 TokenStatistics,
638 &TokenStats,
639 sizeof(TokenStats),
640 &Size);
641 ASSERT(NT_SUCCESS(Status));
642
643 /* Windows doesn't do anything with the token statistics! */
644
645 /* Map the access and return it back decoded */
646 RtlMapGenericMask(&DesiredAccess, GenericMapping);
647 *RemainingDesiredAccess = DesiredAccess;
648
649 /* Check if one of the rights requested was the SACL right */
650 if (DesiredAccess & ACCESS_SYSTEM_SECURITY)
651 {
652 /* Pretend that it's allowed FIXME: Do privilege check */
653 DPRINT1("Missing privilege check for SE_SECURITY_PRIVILEGE");
654 Granted = TRUE;
655 *RemainingDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
656 }
657 else
658 {
659 /* Nothing to grant */
660 Granted = FALSE;
661 }
662
663 /* If the caller did not pass in a token, close the handle to ours */
664 if (!CallerToken) NtClose(Token);
665
666 /* We need space to return only 1 privilege -- already part of the struct */
667 Size = sizeof(PRIVILEGE_SET);
668 if (Size > *Length)
669 {
670 /* Tell the caller how much space we need and fail */
671 *Length = Size;
672 return STATUS_BUFFER_TOO_SMALL;
673 }
674
675 /* Check if the SACL right was granted */
676 RtlZeroMemory(Privileges, Size);
677 if (Granted)
678 {
679 /* Yes, return it in the structure */
680 Privileges->PrivilegeCount = 1;
681 Privileges->Privilege[0].Luid.LowPart = SE_SECURITY_PRIVILEGE;
682 Privileges->Privilege[0].Luid.HighPart = 0;
683 Privileges->Privilege[0].Attributes = SE_PRIVILEGE_USED_FOR_ACCESS;
684 }
685
686 /* All done */
687 return STATUS_SUCCESS;
688}
689
690/*
691 * @unimplemented
692 */
693NTSTATUS
694NTAPI
695RtlQuerySecurityObject(IN PSECURITY_DESCRIPTOR ObjectDescriptor,
696 IN SECURITY_INFORMATION SecurityInformation,
697 OUT PSECURITY_DESCRIPTOR ResultantDescriptor,
698 IN ULONG DescriptorLength,
699 OUT PULONG ReturnLength)
700{
701 NTSTATUS Status;
702 SECURITY_DESCRIPTOR desc;
703 BOOLEAN defaulted, present;
704 PACL pacl;
705 PSID psid;
706
707 Status = RtlCreateSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION);
708 if (!NT_SUCCESS(Status)) return Status;
709
710 if (SecurityInformation & OWNER_SECURITY_INFORMATION)
711 {
712 Status = RtlGetOwnerSecurityDescriptor(ObjectDescriptor, &psid, &defaulted);
713 if (!NT_SUCCESS(Status)) return Status;
714 Status = RtlSetOwnerSecurityDescriptor(&desc, psid, defaulted);
715 if (!NT_SUCCESS(Status)) return Status;
716 }
717
718 if (SecurityInformation & GROUP_SECURITY_INFORMATION)
719 {
720 Status = RtlGetGroupSecurityDescriptor(ObjectDescriptor, &psid, &defaulted);
721 if (!NT_SUCCESS(Status)) return Status;
722 Status = RtlSetGroupSecurityDescriptor(&desc, psid, defaulted);
723 if (!NT_SUCCESS(Status)) return Status;
724 }
725
726 if (SecurityInformation & DACL_SECURITY_INFORMATION)
727 {
728 Status = RtlGetDaclSecurityDescriptor(ObjectDescriptor, &present, &pacl, &defaulted);
729 if (!NT_SUCCESS(Status)) return Status;
730 Status = RtlSetDaclSecurityDescriptor(&desc, present, pacl, defaulted);
731 if (!NT_SUCCESS(Status)) return Status;
732 }
733
734 if (SecurityInformation & SACL_SECURITY_INFORMATION)
735 {
736 Status = RtlGetSaclSecurityDescriptor(ObjectDescriptor, &present, &pacl, &defaulted);
737 if (!NT_SUCCESS(Status)) return Status;
738 Status = RtlSetSaclSecurityDescriptor(&desc, present, pacl, defaulted);
739 if (!NT_SUCCESS(Status)) return Status;
740 }
741
742 *ReturnLength = DescriptorLength;
743 return RtlAbsoluteToSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength);
744}
745
746
747/*
748 * @implemented
749 */
750NTSTATUS
751NTAPI
752RtlSetSecurityObject(IN SECURITY_INFORMATION SecurityInformation,
753 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
754 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
755 IN PGENERIC_MAPPING GenericMapping,
756 IN HANDLE Token OPTIONAL)
757{
758 /* Call the internal API */
759 return RtlpSetSecurityObject(NULL,
760 SecurityInformation,
761 ModificationDescriptor,
762 ObjectsSecurityDescriptor,
763 0,
764 PagedPool,
765 GenericMapping,
766 Token);
767}
768
769/*
770 * @implemented
771 */
772NTSTATUS
773NTAPI
774RtlSetSecurityObjectEx(IN SECURITY_INFORMATION SecurityInformation,
775 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
776 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
777 IN ULONG AutoInheritFlags,
778 IN PGENERIC_MAPPING GenericMapping,
779 IN HANDLE Token OPTIONAL)
780{
781 /* Call the internal API */
782 return RtlpSetSecurityObject(NULL,
783 SecurityInformation,
784 ModificationDescriptor,
785 ObjectsSecurityDescriptor,
786 AutoInheritFlags,
787 PagedPool,
788 GenericMapping,
789 Token);
790
791}
792
793/*
794 * @implemented
795 */
796NTSTATUS
797NTAPI
798RtlConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor,
799 IN PSECURITY_DESCRIPTOR CreatorDescriptor,
800 OUT PSECURITY_DESCRIPTOR *NewDescriptor,
801 IN LPGUID ObjectType,
802 IN BOOLEAN IsDirectoryObject,
803 IN PGENERIC_MAPPING GenericMapping)
804{
805 /* Call the internal API */
806 return RtlpConvertToAutoInheritSecurityObject(ParentDescriptor,
807 CreatorDescriptor,
808 NewDescriptor,
809 ObjectType,
810 IsDirectoryObject,
811 GenericMapping);
812}
813
814/*
815 * @unimplemented
816 */
817NTSTATUS
818NTAPI
819RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback)
820{
821 UNIMPLEMENTED;
822 return STATUS_NOT_IMPLEMENTED;
823}
824
825/*
826 * @unimplemented
827 */
828BOOLEAN
829NTAPI
830RtlFlushSecureMemoryCache(IN PVOID MemoryCache,
831 IN OPTIONAL SIZE_T MemoryLength)
832{
833 UNIMPLEMENTED;
834 return FALSE;
835}
ReturnLength
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
DPRINT1
#define DPRINT1
Definition: precomp.h:8
NtAuthority
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:40
UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: ntoskrnl.c:15
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:616
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:634
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: d3dkmdt.h:51
STATUS_NOT_IMPLEMENTED
#define STATUS_NOT_IMPLEMENTED
Definition: d3dkmdt.h:42
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
GENERIC_READ
#define GENERIC_READ
Definition: compat.h:135
WorldAuthority
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
PagedPool
#define PagedPool
Definition: env_spec_w32.h:308
ROUND_UP
#define ROUND_UP(n, align)
Definition: eventvwr.h:34
SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
Status
Status
Definition: gdiplustypes.h:25
RtlNewSecurityObjectWithMultipleInheritance
NTSYSAPI NTSTATUS WINAPI RtlNewSecurityObjectWithMultipleInheritance(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, GUID **, ULONG, BOOLEAN, ULONG, HANDLE, PGENERIC_MAPPING)
RtlConvertToAutoInheritSecurityObject
NTSYSAPI NTSTATUS WINAPI RtlConvertToAutoInheritSecurityObject(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, GUID *, BOOL, PGENERIC_MAPPING)
RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
RtlSetOwnerSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
RtlNewSecurityObjectEx
NTSYSAPI NTSTATUS WINAPI RtlNewSecurityObjectEx(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, GUID *, BOOLEAN, ULONG, HANDLE, PGENERIC_MAPPING)
NtCurrentThread
#define NtCurrentThread()
Definition: winternl.h:5362
RtlSetDaclSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
C_ASSERT
#define C_ASSERT(e)
Definition: intsafe.h:73
RTL_FIELD_SIZE
#define RTL_FIELD_SIZE(type, field)
Definition: kdb_expr.c:86
SECURITY_DESCRIPTOR_CONTROL
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
ASSERT
#define ASSERT(a)
Definition: mode.c:44
SE_SECURITY_PRIVILEGE
#define SE_SECURITY_PRIVILEGE
Definition: security.c:662
desc
static const WCHAR desc[]
Definition: protectdata.c:36
ObjectType
ObjectType
Definition: metafile.c:81
PSID
struct _SID * PSID
Definition: eventlog.c:35
SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
PSECURITY_DESCRIPTOR
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
Definition: security.c:98
ACL
struct _ACL ACL
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
RtlSubAuthoritySid
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
RtlLengthRequiredSid
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
RtlNewSecurityObject
NTSYSAPI NTSTATUS NTAPI RtlNewSecurityObject(_In_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_ PSECURITY_DESCRIPTOR CreatorDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_ BOOLEAN IsDirectoryObject, _In_ HANDLE Token, _In_ PGENERIC_MAPPING GenericMapping)
RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
RtlDeleteSecurityObject
NTSYSAPI NTSTATUS NTAPI RtlDeleteSecurityObject(_In_ PSECURITY_DESCRIPTOR *ObjectDescriptor)
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
RtlGetSaclSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)
RtlValidSid
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1157
RtlMapGenericMask
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
RtlCreateSecurityDescriptorRelative
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(_Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, _In_ ULONG Revision)
RtlGetDaclSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
ACCESS_SYSTEM_SECURITY
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
GENERIC_ALL
#define GENERIC_ALL
Definition: nt_native.h:92
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
RtlGetGroupSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted)
Definition: sd.c:280
RtlSetGroupSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
RtlGetOwnerSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
Definition: sd.c:257
RtlSetSaclSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
RtlAbsoluteToSelfRelativeSD
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
RtlInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
NtOpenProcessToken
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350
NtOpenThreadToken
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2474
STATUS_NO_TOKEN
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360
STATUS_INVALID_PRIMARY_GROUP
#define STATUS_INVALID_PRIMARY_GROUP
Definition: ntstatus.h:327
STATUS_INVALID_OWNER
#define STATUS_INVALID_OWNER
Definition: ntstatus.h:326
RtlFlushSecureMemoryCache
BOOLEAN NTAPI RtlFlushSecureMemoryCache(IN PVOID MemoryCache, IN OPTIONAL SIZE_T MemoryLength)
Definition: security.c:830
RtlQuerySecurityObject
NTSTATUS NTAPI RtlQuerySecurityObject(IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor, IN ULONG DescriptorLength, OUT PULONG ReturnLength)
Definition: security.c:695
RtlpSetSecurityObject
NTSTATUS NTAPI RtlpSetSecurityObject(IN PVOID Object OPTIONAL, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN ULONG PoolType, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:19
RtlCreateUserSecurityObject
NTSTATUS NTAPI RtlCreateUserSecurityObject(IN PRTL_ACE_DATA AceData, IN ULONG AceCount, IN PSID OwnerSid, IN PSID GroupSid, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
Definition: security.c:559
RtlSetSecurityObject
NTSTATUS NTAPI RtlSetSecurityObject(IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:752
RtlRegisterSecureMemoryCacheCallback
NTSTATUS NTAPI RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback)
Definition: security.c:819
RtlNewInstanceSecurityObject
NTSTATUS NTAPI RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged, IN BOOLEAN CreatorDescriptorChanged, IN PLUID OldClientTokenModifiedId, OUT PLUID NewClientTokenModifiedId, IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:506
RtlpConvertToAutoInheritSecurityObject
NTSTATUS NTAPI RtlpConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:220
RtlpNewSecurityObject
NTSTATUS NTAPI RtlpNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:204
RtlNewSecurityGrantedAccess
NTSTATUS NTAPI RtlNewSecurityGrantedAccess(IN ACCESS_MASK DesiredAccess, OUT PPRIVILEGE_SET Privileges, IN OUT PULONG Length, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping, OUT PACCESS_MASK RemainingDesiredAccess)
Definition: security.c:606
RtlDefaultNpAcl
NTSTATUS NTAPI RtlDefaultNpAcl(OUT PACL *pAcl)
Definition: security.c:238
RtlSetSecurityObjectEx
NTSTATUS NTAPI RtlSetSecurityObjectEx(IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:774
RtlCreateAndSetSD
NTSTATUS NTAPI RtlCreateAndSetSD(IN PRTL_ACE_DATA AceData, IN ULONG AceCount, IN PSID OwnerSid OPTIONAL, IN PSID GroupSid OPTIONAL, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
Definition: security.c:394
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
DPRINT
#define DPRINT
Definition: sndvol32.h:73
OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
_ACE
Definition: rtltypes.h:987
_ACL
Definition: ms-dtyp.idl:293
_ACL::AclSize
USHORT AclSize
Definition: ms-dtyp.idl:296
_GENERIC_MAPPING
Definition: nt_native.h:564
_LUID
Definition: devicetopology.idl:137
_PRIVILEGE_SET
Definition: setypes.h:85
_RTL_ACE_DATA
Definition: rtltypes.h:1395
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:848
_SECURITY_DESCRIPTOR_RELATIVE::Control
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:851
_SECURITY_DESCRIPTOR_RELATIVE::Group
$ULONG Group
Definition: setypes.h:853
_SECURITY_DESCRIPTOR_RELATIVE::Sacl
$ULONG Sacl
Definition: setypes.h:854
_SECURITY_DESCRIPTOR_RELATIVE::Owner
$ULONG Owner
Definition: setypes.h:852
_SECURITY_DESCRIPTOR_RELATIVE::Dacl
$ULONG Dacl
Definition: setypes.h:855
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
_SID
Definition: ms-dtyp.idl:198
_TOKEN_OWNER
Definition: setypes.h:1039
_TOKEN_OWNER::Owner
PSID Owner
Definition: setypes.h:1040
_TOKEN_STATISTICS
Definition: setypes.h:1097
_TOKEN_STATISTICS::ModifiedId
LUID ModifiedId
Definition: setypes.h:1107
NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
NTAPI
#define NTAPI
Definition: typedefs.h:36
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
IN
#define IN
Definition: typedefs.h:39
PUCHAR
unsigned char * PUCHAR
Definition: typedefs.h:53
ULONG
uint32_t ULONG
Definition: typedefs.h:59
OUT
#define OUT
Definition: typedefs.h:40
Object
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
Definition: wdfcollection.h:123
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
Callback
_In_ WDFINTERRUPT _In_ PFN_WDF_INTERRUPT_SYNCHRONIZE Callback
Definition: wdfinterrupt.h:458
Control
_In_ WDF_WMI_PROVIDER_CONTROL Control
Definition: wdfwmi.h:166
RtlEqualLuid
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:304
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
IsDirectoryObject
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:31
NewDescriptor
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30
SECURITY_ANONYMOUS_LOGON_RID
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:563
SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:581
DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
SE_DACL_DEFAULTED
#define SE_DACL_DEFAULTED
Definition: setypes.h:834
SECURITY_WORLD_SID_AUTHORITY
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:527
SECURITY_WORLD_RID
#define SECURITY_WORLD_RID
Definition: setypes.h:541
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:940
SECURITY_LOCAL_SYSTEM_RID
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:574
ACL_REVISION2
#define ACL_REVISION2
Definition: setypes.h:43
OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:846
SE_SACL_DEFAULTED
#define SE_SACL_DEFAULTED
Definition: setypes.h:836
SE_PRIVILEGE_USED_FOR_ACCESS
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
SECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
TokenStatistics
@ TokenStatistics
Definition: setypes.h:987
TokenOwner
@ TokenOwner
Definition: setypes.h:981
SE_SACL_PRESENT
#define SE_SACL_PRESENT
Definition: setypes.h:835
SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
DOMAIN_ALIAS_RID_ADMINS
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:652
PRIVILEGE_SET
struct _PRIVILEGE_SET PRIVILEGE_SET
SE_DACL_PRESENT
#define SE_DACL_PRESENT
Definition: setypes.h:833
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181