da/d08/sdk_2lib_2rtl_2security_8c_source.html

/*

 * COPYRIGHT:         See COPYING in the top level directory

 * PROJECT:           ReactOS system libraries

 * FILE:              lib/rtl/security.c

 * PURPOSE:           Security related functions and Security Objects

 * PROGRAMMER:        Eric Kohl

 */


/* INCLUDES *******************************************************************/


#include <rtl.h>

#define NDEBUG

#include <debug.h>


/* PRIVATE FUNCTIONS **********************************************************/


NTSTATUS

NTAPI

RtlpSetSecurityObject(IN PVOID Object OPTIONAL,

                      IN SECURITY_INFORMATION SecurityInformation,

                      IN PSECURITY_DESCRIPTOR ModificationDescriptor,

                      IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,

                      IN ULONG AutoInheritFlags,

                      IN ULONG PoolType,

                      IN PGENERIC_MAPPING GenericMapping,

                      IN HANDLE Token OPTIONAL)

{

    PISECURITY_DESCRIPTOR_RELATIVE pNewSd = NULL;

    PSID pOwnerSid = NULL;

    PSID pGroupSid = NULL;

    PACL pDacl = NULL;

    PACL pSacl = NULL;

    BOOLEAN Defaulted;

    BOOLEAN Present;

    ULONG ulOwnerSidSize = 0, ulGroupSidSize = 0;

    ULONG ulDaclSize = 0, ulSaclSize = 0;

    ULONG ulNewSdSize;

    SECURITY_DESCRIPTOR_CONTROL Control = SE_SELF_RELATIVE;

    PUCHAR pDest;

    NTSTATUS Status = STATUS_SUCCESS;


    DPRINT("RtlpSetSecurityObject()\n");


    /* Change the Owner SID */

    if (SecurityInformation & OWNER_SECURITY_INFORMATION)

    {

        Status = RtlGetOwnerSecurityDescriptor(ModificationDescriptor, &pOwnerSid, &Defaulted);

        if (!NT_SUCCESS(Status))

            return Status;

    }

    else

    {

        Status = RtlGetOwnerSecurityDescriptor(*ObjectsSecurityDescriptor, &pOwnerSid, &Defaulted);

        if (!NT_SUCCESS(Status))

            return Status;

    }


    if (pOwnerSid == NULL || !RtlValidSid(pOwnerSid))

        return STATUS_INVALID_OWNER;


    ulOwnerSidSize = RtlLengthSid(pOwnerSid);


    /* Change the Group SID */

    if (SecurityInformation & GROUP_SECURITY_INFORMATION)

    {

        Status = RtlGetGroupSecurityDescriptor(ModificationDescriptor, &pGroupSid, &Defaulted);

        if (!NT_SUCCESS(Status))

            return Status;

    }

    else

    {

        Status = RtlGetGroupSecurityDescriptor(*ObjectsSecurityDescriptor, &pGroupSid, &Defaulted);

        if (!NT_SUCCESS(Status))

            return Status;

    }


    if (pGroupSid == NULL || !RtlValidSid(pGroupSid))

        return STATUS_INVALID_PRIMARY_GROUP;


    ulGroupSidSize = ROUND_UP(RtlLengthSid(pGroupSid), sizeof(ULONG));


    /* Change the DACL */

    if (SecurityInformation & DACL_SECURITY_INFORMATION)

    {

        Status = RtlGetDaclSecurityDescriptor(ModificationDescriptor, &Present, &pDacl, &Defaulted);

        if (!NT_SUCCESS(Status))

            return Status;


        Control |= SE_DACL_PRESENT;

    }

    else

    {

        Status = RtlGetDaclSecurityDescriptor(*ObjectsSecurityDescriptor, &Present, &pDacl, &Defaulted);

        if (!NT_SUCCESS(Status))

            return Status;


        if (Present)

            Control |= SE_DACL_PRESENT;


        if (Defaulted)

            Control |= SE_DACL_DEFAULTED;

    }


    if (pDacl != NULL)

        ulDaclSize = pDacl->AclSize;


    /* Change the SACL */

    if (SecurityInformation & SACL_SECURITY_INFORMATION)

    {

        Status = RtlGetSaclSecurityDescriptor(ModificationDescriptor, &Present, &pSacl, &Defaulted);

        if (!NT_SUCCESS(Status))

            return Status;


        Control |= SE_SACL_PRESENT;

    }

    else

    {

        Status = RtlGetSaclSecurityDescriptor(*ObjectsSecurityDescriptor, &Present, &pSacl, &Defaulted);

        if (!NT_SUCCESS(Status))

            return Status;


        if (Present)

            Control |= SE_SACL_PRESENT;


        if (Defaulted)

            Control |= SE_SACL_DEFAULTED;

    }


    if (pSacl != NULL)

        ulSaclSize = pSacl->AclSize;


    /* Calculate the size of the new security descriptor */

    ulNewSdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE) +

                  ROUND_UP(ulOwnerSidSize, sizeof(ULONG)) +

                  ROUND_UP(ulGroupSidSize, sizeof(ULONG)) +

                  ROUND_UP(ulDaclSize, sizeof(ULONG)) +

                  ROUND_UP(ulSaclSize, sizeof(ULONG));


    /* Allocate the new security descriptor */

    pNewSd = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulNewSdSize);

    if (pNewSd == NULL)

    {

        Status = STATUS_NO_MEMORY;

        DPRINT1("New security descriptor allocation failed (Status 0x%08lx)\n", Status);

        goto done;

    }


    /* Initialize the new security descriptor */

    Status = RtlCreateSecurityDescriptorRelative(pNewSd, SECURITY_DESCRIPTOR_REVISION);

    if (!NT_SUCCESS(Status))

    {

        DPRINT1("New security descriptor creation failed (Status 0x%08lx)\n", Status);

        goto done;

    }


    /* Set the security descriptor control flags */

    pNewSd->Control = Control;


    pDest = (PUCHAR)((ULONG_PTR)pNewSd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));


    /* Copy the SACL */

    if (pSacl != NULL)

    {

        RtlCopyMemory(pDest, pSacl, ulSaclSize);

        pNewSd->Sacl = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;

        pDest = pDest + ROUND_UP(ulSaclSize, sizeof(ULONG));

    }


    /* Copy the DACL */

    if (pDacl != NULL)

    {

        RtlCopyMemory(pDest, pDacl, ulDaclSize);

        pNewSd->Dacl = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;

        pDest = pDest + ROUND_UP(ulDaclSize, sizeof(ULONG));

    }


    /* Copy the Owner SID */

    RtlCopyMemory(pDest, pOwnerSid, ulOwnerSidSize);

    pNewSd->Owner = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;

    pDest = pDest + ROUND_UP(ulOwnerSidSize, sizeof(ULONG));


    /* Copy the Group SID */

    RtlCopyMemory(pDest, pGroupSid, ulGroupSidSize);

    pNewSd->Group = (ULONG_PTR)pDest - (ULONG_PTR)pNewSd;


    /* Free the old security descriptor */

    RtlFreeHeap(RtlGetProcessHeap(), 0, (PVOID)*ObjectsSecurityDescriptor);


    /* Return the new security descriptor */

    *ObjectsSecurityDescriptor = (PSECURITY_DESCRIPTOR)pNewSd;


done:

    if (!NT_SUCCESS(Status))

    {

        if (pNewSd != NULL)

            RtlFreeHeap(RtlGetProcessHeap(), 0, pNewSd);

    }


    return Status;

}


NTSTATUS

NTAPI

RtlpNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor,

                      IN PSECURITY_DESCRIPTOR CreatorDescriptor,

                      OUT PSECURITY_DESCRIPTOR *NewDescriptor,

                      IN LPGUID *ObjectTypes,

                      IN ULONG GuidCount,

                      IN BOOLEAN IsDirectoryObject,

                      IN ULONG AutoInheritFlags,

                      IN HANDLE Token,

                      IN PGENERIC_MAPPING GenericMapping)

{

    UNIMPLEMENTED;

    return STATUS_NOT_IMPLEMENTED;

}


NTSTATUS

NTAPI

RtlpConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor,

                                       IN PSECURITY_DESCRIPTOR CreatorDescriptor,

                                       OUT PSECURITY_DESCRIPTOR *NewDescriptor,

                                       IN LPGUID ObjectType,

                                       IN BOOLEAN IsDirectoryObject,

                                       IN PGENERIC_MAPPING GenericMapping)

{

    UNIMPLEMENTED;

    return STATUS_NOT_IMPLEMENTED;

}


/* PUBLIC FUNCTIONS ***********************************************************/


/*

 * @implemented

 */

NTSTATUS

NTAPI

RtlDefaultNpAcl(OUT PACL *pAcl)

{

    NTSTATUS Status;

    HANDLE TokenHandle;

    PTOKEN_OWNER OwnerSid;

    ULONG ReturnLength = 0;

    ULONG AclSize;

    SID_IDENTIFIER_AUTHORITY NtAuthority    = {SECURITY_NT_AUTHORITY};

    SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};


    C_ASSERT(sizeof(ACE) == FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart));


    /*

     * Temporary buffer large enough to hold a maximum of two SIDs.

     * An alternative is to call RtlAllocateAndInitializeSid many times...

     */

    UCHAR SidBuffer[FIELD_OFFSET(SID, SubAuthority)

                    + 2*RTL_FIELD_SIZE(SID, SubAuthority)];

    PSID Sid = (PSID)&SidBuffer;


    ASSERT(RtlLengthRequiredSid(2) == sizeof(SidBuffer));


    /* Initialize the user ACL pointer */

    *pAcl = NULL;


    /*

     * Try to retrieve the SID of the current owner. For that,

     * we first attempt to get the current thread level token.

     */

    Status = NtOpenThreadToken(NtCurrentThread(),

                               TOKEN_QUERY,

                               TRUE,

                               &TokenHandle);

    if (Status == STATUS_NO_TOKEN)

    {

        /*

         * No thread level token, so use the process level token.

         * This is the common case since the only time a thread

         * has a token is when it is impersonating.

         */

        Status = NtOpenProcessToken(NtCurrentProcess(),

                                    TOKEN_QUERY,

                                    &TokenHandle);

    }

    /* Fail if we didn't succeed in retrieving a handle to the token */

    if (!NT_SUCCESS(Status)) return Status;


    /*

     * Retrieve the owner SID from the token.

     */


    /* Query the needed size... */

    Status = NtQueryInformationToken(TokenHandle,

                                     TokenOwner,

                                     NULL, 0,

                                     &ReturnLength);

    /* ... so that we must fail with STATUS_BUFFER_TOO_SMALL error */

    if (Status != STATUS_BUFFER_TOO_SMALL) goto Cleanup1;


    /* Allocate space for the owner SID */

    OwnerSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ReturnLength);

    if (OwnerSid == NULL)

    {

        Status = STATUS_NO_MEMORY;

        goto Cleanup1;

    }


    /* Retrieve the owner SID; we must succeed */

    Status = NtQueryInformationToken(TokenHandle,

                                     TokenOwner,

                                     OwnerSid,

                                     ReturnLength,

                                     &ReturnLength);

    if (!NT_SUCCESS(Status)) goto Cleanup2;


    /*

     * Allocate one ACL with 5 ACEs.

     */

    AclSize = sizeof(ACL) +                     // Header

              5 * sizeof(ACE) +                 // 5 ACEs:

              RtlLengthRequiredSid(1) +         // LocalSystem

              RtlLengthRequiredSid(2) +         // Administrators

              RtlLengthRequiredSid(1) +         // Anonymous

              RtlLengthRequiredSid(1) +         // World

              RtlLengthSid(OwnerSid->Owner);    // Owner


    *pAcl = RtlAllocateHeap(RtlGetProcessHeap(), 0, AclSize);

    if (*pAcl == NULL)

    {

        Status = STATUS_NO_MEMORY;

        goto Cleanup2;

    }


    /*

     * Build the ACL and add the five ACEs.

     */

    Status = RtlCreateAcl(*pAcl, AclSize, ACL_REVISION2);

    ASSERT(NT_SUCCESS(Status));


    /* Local System SID - Generic All */

    Status = RtlInitializeSid(Sid, &NtAuthority, 1);

    ASSERT(NT_SUCCESS(Status));

    *RtlSubAuthoritySid(Sid, 0) = SECURITY_LOCAL_SYSTEM_RID;

    Status = RtlAddAccessAllowedAce(*pAcl, ACL_REVISION2, GENERIC_ALL, Sid);

    ASSERT(NT_SUCCESS(Status));


    /* Administrators SID - Generic All */

    Status = RtlInitializeSid(Sid, &NtAuthority, 2);

    ASSERT(NT_SUCCESS(Status));

    *RtlSubAuthoritySid(Sid, 0) = SECURITY_BUILTIN_DOMAIN_RID;

    *RtlSubAuthoritySid(Sid, 1) = DOMAIN_ALIAS_RID_ADMINS;

    Status = RtlAddAccessAllowedAce(*pAcl, ACL_REVISION2, GENERIC_ALL, Sid);

    ASSERT(NT_SUCCESS(Status));


    /* Owner SID - Generic All */

    RtlAddAccessAllowedAce(*pAcl, ACL_REVISION2, GENERIC_ALL, OwnerSid->Owner);

    ASSERT(NT_SUCCESS(Status));


    /* Anonymous SID - Generic Read */

    Status = RtlInitializeSid(Sid, &NtAuthority, 1);

    ASSERT(NT_SUCCESS(Status));

    *RtlSubAuthoritySid(Sid, 0) = SECURITY_ANONYMOUS_LOGON_RID;

    Status = RtlAddAccessAllowedAce(*pAcl, ACL_REVISION2, GENERIC_READ, Sid);

    ASSERT(NT_SUCCESS(Status));


    /* World SID - Generic Read */

    Status = RtlInitializeSid(Sid, &WorldAuthority, 1);

    ASSERT(NT_SUCCESS(Status));

    *RtlSubAuthoritySid(Sid, 0) = SECURITY_WORLD_RID;

    Status = RtlAddAccessAllowedAce(*pAcl, ACL_REVISION2, GENERIC_READ, Sid);

    ASSERT(NT_SUCCESS(Status));


    /* If some problem happened, cleanup everything */

    if (!NT_SUCCESS(Status))

    {

        RtlFreeHeap(RtlGetProcessHeap(), 0, *pAcl);

        *pAcl = NULL;

    }


Cleanup2:

    /* Get rid of the owner SID */

    RtlFreeHeap(RtlGetProcessHeap(), 0, OwnerSid);


Cleanup1:

    /* Close the token handle */

    NtClose(TokenHandle);


    /* Done */

    return Status;

}


/*

 * @unimplemented

 */

NTSTATUS

NTAPI

RtlCreateAndSetSD(IN PRTL_ACE_DATA AceData,

                  IN ULONG AceCount,

                  IN PSID OwnerSid OPTIONAL,

                  IN PSID GroupSid OPTIONAL,

                  OUT PSECURITY_DESCRIPTOR *NewDescriptor)

{

    UNIMPLEMENTED;

    return STATUS_NOT_IMPLEMENTED;

}


/*

 * @implemented

 */

NTSTATUS

NTAPI

RtlDeleteSecurityObject(IN PSECURITY_DESCRIPTOR *ObjectDescriptor)

{

    DPRINT1("RtlDeleteSecurityObject(%p)\n", ObjectDescriptor);


    /* Free the object from the heap */

    RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectDescriptor);

    return STATUS_SUCCESS;

}


/*

 * @implemented

 */

NTSTATUS

NTAPI

RtlNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor,

                     IN PSECURITY_DESCRIPTOR CreatorDescriptor,

                     OUT PSECURITY_DESCRIPTOR *NewDescriptor,

                     IN BOOLEAN IsDirectoryObject,

                     IN HANDLE Token,

                     IN PGENERIC_MAPPING GenericMapping)

{

    DPRINT1("RtlNewSecurityObject(%p)\n", ParentDescriptor);


    /* Call the internal API */

    return RtlpNewSecurityObject(ParentDescriptor,

                                 CreatorDescriptor,

                                 NewDescriptor,

                                 NULL,

                                 0,

                                 IsDirectoryObject,

                                 0,

                                 Token,

                                 GenericMapping);

}


/*

 * @implemented

 */

NTSTATUS

NTAPI

RtlNewSecurityObjectEx(IN PSECURITY_DESCRIPTOR ParentDescriptor,

                       IN PSECURITY_DESCRIPTOR CreatorDescriptor,

                       OUT PSECURITY_DESCRIPTOR *NewDescriptor,

                       IN LPGUID ObjectType,

                       IN BOOLEAN IsDirectoryObject,

                       IN ULONG AutoInheritFlags,

                       IN HANDLE Token,

                       IN PGENERIC_MAPPING GenericMapping)

{

    DPRINT1("RtlNewSecurityObjectEx(%p)\n", ParentDescriptor);


    /* Call the internal API */

    return RtlpNewSecurityObject(ParentDescriptor,

                                 CreatorDescriptor,

                                 NewDescriptor,

                                 ObjectType ? &ObjectType : NULL,

                                 ObjectType ? 1 : 0,

                                 IsDirectoryObject,

                                 AutoInheritFlags,

                                 Token,

                                 GenericMapping);

}


/*

 * @implemented

 */

NTSTATUS

NTAPI

RtlNewSecurityObjectWithMultipleInheritance(IN PSECURITY_DESCRIPTOR ParentDescriptor,

                                            IN PSECURITY_DESCRIPTOR CreatorDescriptor,

                                            OUT PSECURITY_DESCRIPTOR *NewDescriptor,

                                            IN LPGUID *ObjectTypes,

                                            IN ULONG GuidCount,

                                            IN BOOLEAN IsDirectoryObject,

                                            IN ULONG AutoInheritFlags,

                                            IN HANDLE Token,

                                            IN PGENERIC_MAPPING GenericMapping)

{

    DPRINT1("RtlNewSecurityObjectWithMultipleInheritance(%p)\n", ParentDescriptor);


    /* Call the internal API */

    return RtlpNewSecurityObject(ParentDescriptor,

                                 CreatorDescriptor,

                                 NewDescriptor,

                                 ObjectTypes,

                                 GuidCount,

                                 IsDirectoryObject,

                                 AutoInheritFlags,

                                 Token,

                                 GenericMapping);

}


/*

 * @implemented

 */

NTSTATUS

NTAPI

RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged,

                             IN BOOLEAN CreatorDescriptorChanged,

                             IN PLUID OldClientTokenModifiedId,

                             OUT PLUID NewClientTokenModifiedId,

                             IN PSECURITY_DESCRIPTOR ParentDescriptor,

                             IN PSECURITY_DESCRIPTOR CreatorDescriptor,

                             OUT PSECURITY_DESCRIPTOR *NewDescriptor,

                             IN BOOLEAN IsDirectoryObject,

                             IN HANDLE Token,

                             IN PGENERIC_MAPPING GenericMapping)

{

    TOKEN_STATISTICS TokenStats;

    ULONG Size;

    NTSTATUS Status;

    DPRINT1("RtlNewInstanceSecurityObject(%p)\n", ParentDescriptor);


    /* Query the token statistics */

    Status = NtQueryInformationToken(Token,

                                     TokenStatistics,

                                     &TokenStats,

                                     sizeof(TokenStats),

                                     &Size);

    if (!NT_SUCCESS(Status)) return Status;


    /* Return the LUID */

    *NewClientTokenModifiedId = TokenStats.ModifiedId;


    /* Check if the LUID changed */

    if (RtlEqualLuid(NewClientTokenModifiedId, OldClientTokenModifiedId))

    {

        /* Did nothing change? */

        if (!(ParentDescriptorChanged) && !(CreatorDescriptorChanged))

        {

            /* There's no new descriptor, we're done */

            *NewDescriptor = NULL;

            return STATUS_SUCCESS;

        }

    }


    /* Call the standard API */

    return RtlNewSecurityObject(ParentDescriptor,

                                CreatorDescriptor,

                                NewDescriptor,

                                IsDirectoryObject,

                                Token,

                                GenericMapping);

}


/*

 * @implemented

 */

NTSTATUS

NTAPI

RtlCreateUserSecurityObject(IN PRTL_ACE_DATA AceData,

                            IN ULONG AceCount,

                            IN PSID OwnerSid,

                            IN PSID GroupSid,

                            IN BOOLEAN IsDirectoryObject,

                            IN PGENERIC_MAPPING GenericMapping,

                            OUT PSECURITY_DESCRIPTOR *NewDescriptor)

{

    NTSTATUS Status;

    PSECURITY_DESCRIPTOR Sd;

    HANDLE TokenHandle;

    DPRINT1("RtlCreateUserSecurityObject(%p)\n", AceData);


    /* Create the security descriptor based on the ACE Data */

    Status = RtlCreateAndSetSD(AceData,

                               AceCount,

                               OwnerSid,

                               GroupSid,

                               &Sd);

    if (!NT_SUCCESS(Status)) return Status;


    /* Open the process token */

    Status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, &TokenHandle);

    if (!NT_SUCCESS(Status)) goto Quickie;


    /* Create the security object */

    Status = RtlNewSecurityObject(NULL,

                                  Sd,

                                  NewDescriptor,

                                  IsDirectoryObject,

                                  TokenHandle,

                                  GenericMapping);


    /* We're done, close the token handle */

    NtClose(TokenHandle);


Quickie:

    /* Free the SD and return status */

    RtlFreeHeap(RtlGetProcessHeap(), 0, Sd);

    return Status;

}


/*

 * @implemented

 */

NTSTATUS

NTAPI

RtlNewSecurityGrantedAccess(IN ACCESS_MASK DesiredAccess,

                            OUT PPRIVILEGE_SET Privileges,

                            IN OUT PULONG Length,

                            IN HANDLE Token,

                            IN PGENERIC_MAPPING GenericMapping,

                            OUT PACCESS_MASK RemainingDesiredAccess)

{

    NTSTATUS Status;

    BOOLEAN Granted, CallerToken;

    TOKEN_STATISTICS TokenStats;

    ULONG Size;

    DPRINT1("RtlNewSecurityGrantedAccess(%lx)\n", DesiredAccess);


    /* Has the caller passed a token? */

    if (!Token)

    {

        /* Remember that we'll have to close the handle */

        CallerToken = FALSE;


        /* Nope, open it */

        Status = NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY, TRUE, &Token);

        if (!NT_SUCCESS(Status)) return Status;

    }

    else

    {

        /* Yep, use it */

        CallerToken = TRUE;

    }


    /* Get information on the token */

    Status = NtQueryInformationToken(Token,

                                     TokenStatistics,

                                     &TokenStats,

                                     sizeof(TokenStats),

                                     &Size);

    ASSERT(NT_SUCCESS(Status));


    /* Windows doesn't do anything with the token statistics! */


    /* Map the access and return it back decoded */

    RtlMapGenericMask(&DesiredAccess, GenericMapping);

    *RemainingDesiredAccess = DesiredAccess;


    /* Check if one of the rights requested was the SACL right */

    if (DesiredAccess & ACCESS_SYSTEM_SECURITY)

    {

        /* Pretend that it's allowed FIXME: Do privilege check */

        DPRINT1("Missing privilege check for SE_SECURITY_PRIVILEGE");

        Granted = TRUE;

        *RemainingDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;

    }

    else

    {

        /* Nothing to grant */

        Granted = FALSE;

    }


    /* If the caller did not pass in a token, close the handle to ours */

    if (!CallerToken) NtClose(Token);


    /* We need space to return only 1 privilege -- already part of the struct */

    Size = sizeof(PRIVILEGE_SET);

    if (Size > *Length)

    {

        /* Tell the caller how much space we need and fail */

        *Length = Size;

        return STATUS_BUFFER_TOO_SMALL;

    }


    /* Check if the SACL right was granted */

    RtlZeroMemory(Privileges, Size);

    if (Granted)

    {

        /* Yes, return it in the structure */

        Privileges->PrivilegeCount = 1;

        Privileges->Privilege[0].Luid.LowPart = SE_SECURITY_PRIVILEGE;

        Privileges->Privilege[0].Luid.HighPart = 0;

        Privileges->Privilege[0].Attributes = SE_PRIVILEGE_USED_FOR_ACCESS;

    }


    /* All done */

    return STATUS_SUCCESS;

}


/*

 * @unimplemented

 */

NTSTATUS

NTAPI

RtlQuerySecurityObject(IN PSECURITY_DESCRIPTOR ObjectDescriptor,

                       IN SECURITY_INFORMATION SecurityInformation,

                       OUT PSECURITY_DESCRIPTOR ResultantDescriptor,

                       IN ULONG DescriptorLength,

                       OUT PULONG ReturnLength)

{

    NTSTATUS Status;

    SECURITY_DESCRIPTOR desc;

    BOOLEAN defaulted, present;

    PACL pacl;

    PSID psid;


    Status = RtlCreateSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION);

    if (!NT_SUCCESS(Status)) return Status;


    if (SecurityInformation & OWNER_SECURITY_INFORMATION)

    {

        Status = RtlGetOwnerSecurityDescriptor(ObjectDescriptor, &psid, &defaulted);

        if (!NT_SUCCESS(Status)) return Status;

        Status = RtlSetOwnerSecurityDescriptor(&desc, psid, defaulted);

        if (!NT_SUCCESS(Status)) return Status;

    }


    if (SecurityInformation & GROUP_SECURITY_INFORMATION)

    {

        Status = RtlGetGroupSecurityDescriptor(ObjectDescriptor, &psid, &defaulted);

        if (!NT_SUCCESS(Status)) return Status;

        Status = RtlSetGroupSecurityDescriptor(&desc, psid, defaulted);

        if (!NT_SUCCESS(Status)) return Status;

    }


    if (SecurityInformation & DACL_SECURITY_INFORMATION)

    {

        Status = RtlGetDaclSecurityDescriptor(ObjectDescriptor, &present, &pacl, &defaulted);

        if (!NT_SUCCESS(Status)) return Status;

        Status = RtlSetDaclSecurityDescriptor(&desc, present, pacl, defaulted);

        if (!NT_SUCCESS(Status)) return Status;

    }


    if (SecurityInformation & SACL_SECURITY_INFORMATION)

    {

        Status = RtlGetSaclSecurityDescriptor(ObjectDescriptor, &present, &pacl, &defaulted);

        if (!NT_SUCCESS(Status)) return Status;

        Status = RtlSetSaclSecurityDescriptor(&desc, present, pacl, defaulted);

        if (!NT_SUCCESS(Status)) return Status;

    }


    *ReturnLength = DescriptorLength;

    return RtlAbsoluteToSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength);

}


/*

 * @implemented

 */

NTSTATUS

NTAPI

RtlSetSecurityObject(IN SECURITY_INFORMATION SecurityInformation,

                     IN PSECURITY_DESCRIPTOR ModificationDescriptor,

                     IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,

                     IN PGENERIC_MAPPING GenericMapping,

                     IN HANDLE Token OPTIONAL)

{

    /* Call the internal API */

    return RtlpSetSecurityObject(NULL,

                                 SecurityInformation,

                                 ModificationDescriptor,

                                 ObjectsSecurityDescriptor,

                                 0,

                                 PagedPool,

                                 GenericMapping,

                                 Token);

}


/*

 * @implemented

 */

NTSTATUS

NTAPI

RtlSetSecurityObjectEx(IN SECURITY_INFORMATION SecurityInformation,

                       IN PSECURITY_DESCRIPTOR ModificationDescriptor,

                       IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,

                       IN ULONG AutoInheritFlags,

                       IN PGENERIC_MAPPING GenericMapping,

                       IN HANDLE Token OPTIONAL)

{

    /* Call the internal API */

    return RtlpSetSecurityObject(NULL,

                                 SecurityInformation,

                                 ModificationDescriptor,

                                 ObjectsSecurityDescriptor,

                                 AutoInheritFlags,

                                 PagedPool,

                                 GenericMapping,

                                 Token);


}


/*

 * @implemented

 */

NTSTATUS

NTAPI

RtlConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor,

                                      IN PSECURITY_DESCRIPTOR CreatorDescriptor,

                                      OUT PSECURITY_DESCRIPTOR *NewDescriptor,

                                      IN LPGUID ObjectType,

                                      IN BOOLEAN IsDirectoryObject,

                                      IN PGENERIC_MAPPING GenericMapping)

{

    /* Call the internal API */

    return RtlpConvertToAutoInheritSecurityObject(ParentDescriptor,

                                                  CreatorDescriptor,

                                                  NewDescriptor,

                                                  ObjectType,

                                                  IsDirectoryObject,

                                                  GenericMapping);

}


/*

 * @unimplemented

 */

NTSTATUS

NTAPI

RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback)

{

    UNIMPLEMENTED;

    return STATUS_NOT_IMPLEMENTED;

}


/*

 * @unimplemented

 */

BOOLEAN

NTAPI

RtlFlushSecureMemoryCache(IN PVOID MemoryCache,

                          IN OPTIONAL SIZE_T MemoryLength)

{

    UNIMPLEMENTED;

    return FALSE;

}

ReturnLength
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

DPRINT1
#define DPRINT1
Definition: precomp.h:8

NtAuthority
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:40

UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: ntoskrnl.c:15

RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:616

RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:634

Token
Definition: tokenizer.hpp:28

STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: d3dkmdt.h:51

STATUS_NOT_IMPLEMENTED
#define STATUS_NOT_IMPLEMENTED
Definition: d3dkmdt.h:42

NULL
#define NULL
Definition: types.h:112

TRUE
#define TRUE
Definition: types.h:120

FALSE
#define FALSE
Definition: types.h:117

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33

GENERIC_READ
#define GENERIC_READ
Definition: compat.h:135

WorldAuthority
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14

ULONG_PTR
#define ULONG_PTR
Definition: config.h:101

PagedPool
#define PagedPool
Definition: env_spec_w32.h:308

ROUND_UP
#define ROUND_UP(n, align)
Definition: eventvwr.h:34

SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340

Status
Status
Definition: gdiplustypes.h:25

RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)

RtlSetOwnerSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)

RtlSetDaclSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)

GUID
Definition: shobjidl.idl:3006

void
Definition: nsiface.idl:2307

C_ASSERT
#define C_ASSERT(e)
Definition: intsafe.h:73

RTL_FIELD_SIZE
#define RTL_FIELD_SIZE(type, field)
Definition: kdb_expr.c:86

SECURITY_DESCRIPTOR_CONTROL
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37

ASSERT
#define ASSERT(a)
Definition: mode.c:44

SE_SECURITY_PRIVILEGE
#define SE_SECURITY_PRIVILEGE
Definition: security.c:662

desc
static const WCHAR desc[]
Definition: protectdata.c:36

ObjectType
ObjectType
Definition: metafile.c:81

PSID
struct _SID * PSID
Definition: eventlog.c:35

SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311

PSECURITY_DESCRIPTOR
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
Definition: security.c:98

ACL
struct _ACL ACL

TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726

RtlSubAuthoritySid
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)

RtlLengthRequiredSid
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

RtlNewSecurityObject
NTSYSAPI NTSTATUS NTAPI RtlNewSecurityObject(_In_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_ PSECURITY_DESCRIPTOR CreatorDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_ BOOLEAN IsDirectoryObject, _In_ HANDLE Token, _In_ PGENERIC_MAPPING GenericMapping)

RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)

RtlDeleteSecurityObject
NTSYSAPI NTSTATUS NTAPI RtlDeleteSecurityObject(_In_ PSECURITY_DESCRIPTOR *ObjectDescriptor)

RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150

RtlGetSaclSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)

RtlValidSid
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21

RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)

Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1157

RtlMapGenericMask
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)

RtlCreateSecurityDescriptorRelative
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(_Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, _In_ ULONG Revision)

RtlGetDaclSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)

ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40

ACCESS_SYSTEM_SECURITY
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77

PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41

NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657

GENERIC_ALL
#define GENERIC_ALL
Definition: nt_native.h:92

NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402

Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102

RtlGetGroupSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted)
Definition: sd.c:280

RtlSetGroupSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410

RtlGetOwnerSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
Definition: sd.c:257

RtlSetSaclSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342

RtlAbsoluteToSelfRelativeSD
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626

RtlInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)

NtOpenProcessToken
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350

NtOpenThreadToken
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2474

STATUS_NO_TOKEN
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360

STATUS_INVALID_PRIMARY_GROUP
#define STATUS_INVALID_PRIMARY_GROUP
Definition: ntstatus.h:327

STATUS_INVALID_OWNER
#define STATUS_INVALID_OWNER
Definition: ntstatus.h:326

rtl.h

RtlFlushSecureMemoryCache
BOOLEAN NTAPI RtlFlushSecureMemoryCache(IN PVOID MemoryCache, IN OPTIONAL SIZE_T MemoryLength)
Definition: security.c:830

RtlQuerySecurityObject
NTSTATUS NTAPI RtlQuerySecurityObject(IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor, IN ULONG DescriptorLength, OUT PULONG ReturnLength)
Definition: security.c:695

RtlConvertToAutoInheritSecurityObject
NTSTATUS NTAPI RtlConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:798

RtlpSetSecurityObject
NTSTATUS NTAPI RtlpSetSecurityObject(IN PVOID Object OPTIONAL, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN ULONG PoolType, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:19

RtlCreateUserSecurityObject
NTSTATUS NTAPI RtlCreateUserSecurityObject(IN PRTL_ACE_DATA AceData, IN ULONG AceCount, IN PSID OwnerSid, IN PSID GroupSid, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
Definition: security.c:559

RtlSetSecurityObject
NTSTATUS NTAPI RtlSetSecurityObject(IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:752

RtlRegisterSecureMemoryCacheCallback
NTSTATUS NTAPI RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback)
Definition: security.c:819

RtlNewInstanceSecurityObject
NTSTATUS NTAPI RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged, IN BOOLEAN CreatorDescriptorChanged, IN PLUID OldClientTokenModifiedId, OUT PLUID NewClientTokenModifiedId, IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:506

RtlNewSecurityObjectEx
NTSTATUS NTAPI RtlNewSecurityObjectEx(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:449

RtlpConvertToAutoInheritSecurityObject
NTSTATUS NTAPI RtlpConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:220

RtlNewSecurityObjectWithMultipleInheritance
NTSTATUS NTAPI RtlNewSecurityObjectWithMultipleInheritance(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:477

RtlpNewSecurityObject
NTSTATUS NTAPI RtlpNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
Definition: security.c:204

RtlNewSecurityGrantedAccess
NTSTATUS NTAPI RtlNewSecurityGrantedAccess(IN ACCESS_MASK DesiredAccess, OUT PPRIVILEGE_SET Privileges, IN OUT PULONG Length, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping, OUT PACCESS_MASK RemainingDesiredAccess)
Definition: security.c:606

RtlDefaultNpAcl
NTSTATUS NTAPI RtlDefaultNpAcl(OUT PACL *pAcl)
Definition: security.c:238

RtlSetSecurityObjectEx
NTSTATUS NTAPI RtlSetSecurityObjectEx(IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
Definition: security.c:774

RtlCreateAndSetSD
NTSTATUS NTAPI RtlCreateAndSetSD(IN PRTL_ACE_DATA AceData, IN ULONG AceCount, IN PSID OwnerSid OPTIONAL, IN PSID GroupSid OPTIONAL, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
Definition: security.c:394

STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69

DPRINT
#define DPRINT
Definition: sndvol32.h:73

OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68

_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215

_ACE
Definition: rtltypes.h:987

_ACL
Definition: ms-dtyp.idl:293

_ACL::AclSize
USHORT AclSize
Definition: ms-dtyp.idl:296

_GENERIC_MAPPING
Definition: nt_native.h:564

_LUID
Definition: devicetopology.idl:137

_PRIVILEGE_SET
Definition: setypes.h:85

_RTL_ACE_DATA
Definition: rtltypes.h:1395

_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:848

_SECURITY_DESCRIPTOR_RELATIVE::Control
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:851

_SECURITY_DESCRIPTOR_RELATIVE::Group
$ULONG Group
Definition: setypes.h:853

_SECURITY_DESCRIPTOR_RELATIVE::Sacl
$ULONG Sacl
Definition: setypes.h:854

_SECURITY_DESCRIPTOR_RELATIVE::Owner
$ULONG Owner
Definition: setypes.h:852

_SECURITY_DESCRIPTOR_RELATIVE::Dacl
$ULONG Dacl
Definition: setypes.h:855

_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301

_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194

_SID
Definition: ms-dtyp.idl:198

_TOKEN_OWNER
Definition: setypes.h:1039

_TOKEN_OWNER::Owner
PSID Owner
Definition: setypes.h:1040

_TOKEN_STATISTICS
Definition: setypes.h:1097

_TOKEN_STATISTICS::ModifiedId
LUID ModifiedId
Definition: setypes.h:1107

NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473

PULONG
uint32_t * PULONG
Definition: typedefs.h:59

FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255

NTAPI
#define NTAPI
Definition: typedefs.h:36

SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80

RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263

RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262

ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65

IN
#define IN
Definition: typedefs.h:39

PUCHAR
unsigned char * PUCHAR
Definition: typedefs.h:53

ULONG
uint32_t ULONG
Definition: typedefs.h:59

OUT
#define OUT
Definition: typedefs.h:40

Object
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
Definition: wdfcollection.h:123

DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658

PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815

Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533

Callback
_In_ WDFINTERRUPT _In_ PFN_WDF_INTERRUPT_SYNCHRONIZE Callback
Definition: wdfinterrupt.h:458

Control
_In_ WDF_WMI_PROVIDER_CONTROL Control
Definition: wdfwmi.h:166

RtlEqualLuid
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:304

Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17

IsDirectoryObject
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:31

NewDescriptor
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30

SECURITY_ANONYMOUS_LOGON_RID
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:563

SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:581

DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

SE_DACL_DEFAULTED
#define SE_DACL_DEFAULTED
Definition: setypes.h:834

SECURITY_WORLD_SID_AUTHORITY
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:527

SECURITY_WORLD_RID
#define SECURITY_WORLD_RID
Definition: setypes.h:541

TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:940

SECURITY_LOCAL_SYSTEM_RID
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:574

ACL_REVISION2
#define ACL_REVISION2
Definition: setypes.h:43

OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123

SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:846

SE_SACL_DEFAULTED
#define SE_SACL_DEFAULTED
Definition: setypes.h:836

SE_PRIVILEGE_USED_FOR_ACCESS
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65

SECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE

SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554

TokenStatistics
@ TokenStatistics
Definition: setypes.h:987

TokenOwner
@ TokenOwner
Definition: setypes.h:981

SE_SACL_PRESENT
#define SE_SACL_PRESENT
Definition: setypes.h:835

SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58

GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124

SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

DOMAIN_ALIAS_RID_ADMINS
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:652

PRIVILEGE_SET
struct _PRIVILEGE_SET PRIVILEGE_SET

SE_DACL_PRESENT
#define SE_DACL_PRESENT
Definition: setypes.h:833

UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181

NtCurrentThread
#define NtCurrentThread()