ReactOS 0.4.16-dev-1494-gd054f63
security.c File Reference
#include <stdarg.h>
#include <string.h>
#include "ntstatus.h"
#include "windef.h"
#include "winbase.h"
#include "winerror.h"
#include "winternl.h"
#include "winioctl.h"
#include "ddk/ntddk.h"
#include "kernelbase.h"
#include "wine/debug.h"
#include "wine/heap.h"
Include dependency graph for security.c:

Go to the source code of this file.

Classes

union  _MAX_SID
 
struct  WELLKNOWNSID
 
struct  WELLKNOWNRID
 

Macros

#define WIN32_NO_STATUS
 

Typedefs

typedef struct _MAX_SID MAX_SID
 
typedef struct WELLKNOWNSID WELLKNOWNSID
 
typedef struct WELLKNOWNRID WELLKNOWNRID
 

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (security)
 
static NTSTATUS open_file (LPCWSTR name, DWORD access, HANDLE *file)
 
static const chardebugstr_sid (PSID sid)
 
BOOL WINAPI AllocateAndInitializeSid (PSID_IDENTIFIER_AUTHORITY auth, BYTE count, DWORD auth0, DWORD auth1, DWORD auth2, DWORD auth3, DWORD auth4, DWORD auth5, DWORD auth6, DWORD auth7, PSID *sid)
 
BOOL WINAPI AllocateLocallyUniqueId (PLUID luid)
 
BOOL WINAPI CopySid (DWORD len, PSID dest, PSID source)
 
BOOL WINAPI EqualPrefixSid (PSID sid1, PSID sid2)
 
BOOL WINAPI EqualSid (PSID sid1, PSID sid2)
 
BOOL WINAPI EqualDomainSid (PSID sid1, PSID sid2, BOOL *equal)
 
void *WINAPI FreeSid (PSID pSid)
 
DWORD WINAPI GetLengthSid (PSID sid)
 
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority (PSID sid)
 
DWORD WINAPI GetSidLengthRequired (BYTE count)
 
PDWORD WINAPI GetSidSubAuthority (PSID sid, DWORD auth)
 
PUCHAR WINAPI GetSidSubAuthorityCount (PSID sid)
 
BOOL WINAPI GetWindowsAccountDomainSid (PSID sid, PSID domain_sid, DWORD *size)
 
BOOL WINAPI InitializeSid (PSID sid, PSID_IDENTIFIER_AUTHORITY auth, BYTE count)
 
BOOL WINAPI IsValidSid (PSID sid)
 
BOOL WINAPI CreateWellKnownSid (WELL_KNOWN_SID_TYPE type, PSID domain, PSID sid, DWORD *size)
 
BOOL WINAPI IsWellKnownSid (PSID sid, WELL_KNOWN_SID_TYPE type)
 
BOOL WINAPI AdjustTokenGroups (HANDLE token, BOOL reset, PTOKEN_GROUPS new, DWORD len, PTOKEN_GROUPS prev, PDWORD ret_len)
 
BOOL WINAPI AdjustTokenPrivileges (HANDLE token, BOOL disable, PTOKEN_PRIVILEGES new, DWORD len, PTOKEN_PRIVILEGES prev, PDWORD ret_len)
 
BOOL WINAPI CheckTokenMembership (HANDLE token, PSID sid_to_check, PBOOL is_member)
 
BOOL WINAPI CreateRestrictedToken (HANDLE token, DWORD flags, DWORD disable_sid_count, SID_AND_ATTRIBUTES *disable_sids, DWORD delete_priv_count, LUID_AND_ATTRIBUTES *delete_privs, DWORD restrict_sid_count, SID_AND_ATTRIBUTES *restrict_sids, HANDLE *ret)
 
BOOL WINAPI DuplicateToken (HANDLE token, SECURITY_IMPERSONATION_LEVEL level, PHANDLE ret)
 
BOOL WINAPI DuplicateTokenEx (HANDLE token, DWORD access, LPSECURITY_ATTRIBUTES sa, SECURITY_IMPERSONATION_LEVEL level, TOKEN_TYPE type, PHANDLE ret)
 
BOOL WINAPI GetTokenInformation (HANDLE token, TOKEN_INFORMATION_CLASS class, LPVOID info, DWORD len, LPDWORD retlen)
 
BOOL WINAPI ImpersonateAnonymousToken (HANDLE thread)
 
BOOL WINAPI ImpersonateLoggedOnUser (HANDLE token)
 
BOOL WINAPI ImpersonateNamedPipeClient (HANDLE pipe)
 
BOOL WINAPI ImpersonateSelf (SECURITY_IMPERSONATION_LEVEL level)
 
BOOL WINAPI IsTokenRestricted (HANDLE token)
 
BOOL WINAPI OpenProcessToken (HANDLE process, DWORD access, HANDLE *handle)
 
BOOL WINAPI OpenThreadToken (HANDLE thread, DWORD access, BOOL self, HANDLE *handle)
 
BOOL WINAPI PrivilegeCheck (HANDLE token, PPRIVILEGE_SET privs, LPBOOL result)
 
BOOL WINAPI RevertToSelf (void)
 
BOOL WINAPI SetThreadToken (PHANDLE thread, HANDLE token)
 
BOOL WINAPI SetTokenInformation (HANDLE token, TOKEN_INFORMATION_CLASS class, LPVOID info, DWORD len)
 
BOOL WINAPI ConvertToAutoInheritPrivateObjectSecurity (PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR current, PSECURITY_DESCRIPTOR *descr, GUID *type, BOOL is_dir, PGENERIC_MAPPING mapping)
 
HANDLE WINAPI CreateBoundaryDescriptorW (LPCWSTR name, ULONG flags)
 
BOOL WINAPI CreatePrivateObjectSecurity (PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, PSECURITY_DESCRIPTOR *descr, BOOL is_container, HANDLE token, PGENERIC_MAPPING mapping)
 
BOOL WINAPI CreatePrivateObjectSecurityEx (PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, PSECURITY_DESCRIPTOR *descr, GUID *type, BOOL is_container, ULONG flags, HANDLE token, PGENERIC_MAPPING mapping)
 
BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance (PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, PSECURITY_DESCRIPTOR *descr, GUID **types, ULONG count, BOOL is_container, ULONG flags, HANDLE token, PGENERIC_MAPPING mapping)
 
BOOL WINAPI DestroyPrivateObjectSecurity (PSECURITY_DESCRIPTOR *descr)
 
BOOL WINAPI GetFileSecurityW (LPCWSTR name, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr, DWORD len, LPDWORD ret_len)
 
BOOL WINAPI GetKernelObjectSecurity (HANDLE handle, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr, DWORD len, LPDWORD ret_len)
 
BOOL WINAPI GetPrivateObjectSecurity (PSECURITY_DESCRIPTOR obj_descr, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR ret_descr, DWORD len, PDWORD ret_len)
 
BOOL WINAPI GetSecurityDescriptorControl (PSECURITY_DESCRIPTOR descr, PSECURITY_DESCRIPTOR_CONTROL control, LPDWORD revision)
 
BOOL WINAPI GetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR descr, LPBOOL dacl_present, PACL *dacl, LPBOOL dacl_defaulted)
 
BOOL WINAPI GetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR descr, PSID *group, LPBOOL group_defaulted)
 
DWORD WINAPI GetSecurityDescriptorLength (PSECURITY_DESCRIPTOR descr)
 
BOOL WINAPI GetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR descr, PSID *owner, LPBOOL owner_defaulted)
 
BOOL WINAPI GetSecurityDescriptorSacl (PSECURITY_DESCRIPTOR descr, LPBOOL sacl_present, PACL *sacl, LPBOOL sacl_defaulted)
 
BOOL WINAPI InitializeSecurityDescriptor (PSECURITY_DESCRIPTOR descr, DWORD revision)
 
BOOL WINAPI IsValidSecurityDescriptor (PSECURITY_DESCRIPTOR descr)
 
BOOL WINAPI MakeAbsoluteSD (PSECURITY_DESCRIPTOR rel_descr, PSECURITY_DESCRIPTOR abs_descr, LPDWORD abs_size, PACL dacl, LPDWORD dacl_size, PACL sacl, LPDWORD sacl_size, PSID owner, LPDWORD owner_size, PSID group, LPDWORD group_size)
 
BOOL WINAPI MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_descr, PSECURITY_DESCRIPTOR rel_descr, LPDWORD len)
 
BOOL WINAPI SetFileSecurityW (LPCWSTR name, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr)
 
BOOL WINAPI SetKernelObjectSecurity (HANDLE handle, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr)
 
BOOL WINAPI SetPrivateObjectSecurity (SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr, PSECURITY_DESCRIPTOR *obj_descr, PGENERIC_MAPPING mapping, HANDLE token)
 
BOOL WINAPI SetPrivateObjectSecurityEx (SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr, PSECURITY_DESCRIPTOR *obj_descr, ULONG flags, PGENERIC_MAPPING mapping, HANDLE token)
 
BOOL WINAPI SetSecurityDescriptorControl (PSECURITY_DESCRIPTOR descr, SECURITY_DESCRIPTOR_CONTROL mask, SECURITY_DESCRIPTOR_CONTROL set)
 
BOOL WINAPI SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR descr, BOOL present, PACL dacl, BOOL defaulted)
 
BOOL WINAPI SetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR descr, PSID group, BOOL defaulted)
 
BOOL WINAPI SetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR descr, PSID owner, BOOL defaulted)
 
BOOL WINAPI SetSecurityDescriptorSacl (PSECURITY_DESCRIPTOR descr, BOOL present, PACL sacl, BOOL defaulted)
 
BOOL WINAPI AccessCheck (PSECURITY_DESCRIPTOR descr, HANDLE token, DWORD access, PGENERIC_MAPPING mapping, PPRIVILEGE_SET priv, LPDWORD priv_len, LPDWORD granted, LPBOOL status)
 
BOOL WINAPI AccessCheckAndAuditAlarmW (LPCWSTR subsystem, LPVOID id, LPWSTR type_name, LPWSTR name, PSECURITY_DESCRIPTOR descr, DWORD access, PGENERIC_MAPPING mapping, BOOL creation, LPDWORD granted, LPBOOL status, LPBOOL on_close)
 
BOOL WINAPI AccessCheckByType (PSECURITY_DESCRIPTOR descr, PSID sid, HANDLE token, DWORD access, POBJECT_TYPE_LIST types, DWORD types_len, PGENERIC_MAPPING mapping, PPRIVILEGE_SET priv, LPDWORD priv_len, LPDWORD granted, LPBOOL status)
 
BOOL WINAPI AddAccessAllowedAce (PACL acl, DWORD rev, DWORD access, PSID sid)
 
BOOL WINAPI AddAccessAllowedAceEx (PACL acl, DWORD rev, DWORD flags, DWORD access, PSID sid)
 
BOOL WINAPI AddAccessAllowedObjectAce (PACL acl, DWORD rev, DWORD flags, DWORD access, GUID *type, GUID *inherit, PSID sid)
 
BOOL WINAPI AddAccessDeniedAce (PACL acl, DWORD rev, DWORD access, PSID sid)
 
BOOL WINAPI AddAccessDeniedAceEx (PACL acl, DWORD rev, DWORD flags, DWORD access, PSID sid)
 
BOOL WINAPI AddAccessDeniedObjectAce (PACL acl, DWORD rev, DWORD flags, DWORD access, GUID *type, GUID *inherit, PSID sid)
 
BOOL WINAPI AddAce (PACL acl, DWORD rev, DWORD index, LPVOID list, DWORD len)
 
BOOL WINAPI AddAuditAccessAce (PACL acl, DWORD rev, DWORD access, PSID sid, BOOL success, BOOL failure)
 
BOOL WINAPI AddAuditAccessAceEx (PACL acl, DWORD rev, DWORD flags, DWORD access, PSID sid, BOOL success, BOOL failure)
 
BOOL WINAPI AddAuditAccessObjectAce (PACL acl, DWORD rev, DWORD flags, DWORD access, GUID *type, GUID *inherit, PSID sid, BOOL success, BOOL failure)
 
BOOL WINAPI AddMandatoryAce (PACL acl, DWORD rev, DWORD flags, DWORD policy, PSID sid)
 
BOOL WINAPI AreAllAccessesGranted (DWORD granted, DWORD desired)
 
BOOL WINAPI AreAnyAccessesGranted (DWORD granted, DWORD desired)
 
BOOL WINAPI DeleteAce (PACL acl, DWORD index)
 
BOOL WINAPI FindFirstFreeAce (PACL acl, LPVOID *ace)
 
BOOL WINAPI GetAce (PACL acl, DWORD index, LPVOID *ace)
 
BOOL WINAPI GetAclInformation (PACL acl, LPVOID info, DWORD len, ACL_INFORMATION_CLASS class)
 
BOOL WINAPI InitializeAcl (PACL acl, DWORD size, DWORD rev)
 
BOOL WINAPI IsValidAcl (PACL acl)
 
void WINAPI MapGenericMask (PDWORD access, PGENERIC_MAPPING mapping)
 
BOOL WINAPI ObjectCloseAuditAlarmW (LPCWSTR subsystem, LPVOID id, BOOL on_close)
 
BOOL WINAPI ObjectDeleteAuditAlarmW (LPCWSTR subsystem, LPVOID id, BOOL on_close)
 
BOOL WINAPI ObjectOpenAuditAlarmW (LPCWSTR subsystem, LPVOID id, LPWSTR type, LPWSTR name, PSECURITY_DESCRIPTOR descr, HANDLE token, DWORD desired, DWORD granted, PPRIVILEGE_SET privs, BOOL creation, BOOL access, LPBOOL on_close)
 
BOOL WINAPI ObjectPrivilegeAuditAlarmW (LPCWSTR subsystem, LPVOID id, HANDLE token, DWORD desired, PPRIVILEGE_SET privs, BOOL granted)
 
BOOL WINAPI PrivilegedServiceAuditAlarmW (LPCWSTR subsystem, LPCWSTR service, HANDLE token, PPRIVILEGE_SET privs, BOOL granted)
 
BOOL WINAPI SetAclInformation (PACL acl, LPVOID info, DWORD len, ACL_INFORMATION_CLASS class)
 
BOOL WINAPI SetCachedSigningLevel (PHANDLE source, ULONG count, ULONG flags, HANDLE file)
 

Variables

static const WELLKNOWNSID WellKnownSids []
 
static const WELLKNOWNRID WellKnownRids []
 

Macro Definition Documentation

◆ WIN32_NO_STATUS

#define WIN32_NO_STATUS

Definition at line 26 of file security.c.

Typedef Documentation

◆ MAX_SID

◆ WELLKNOWNRID

◆ WELLKNOWNSID

Function Documentation

◆ AccessCheck()

BOOL WINAPI AccessCheck ( PSECURITY_DESCRIPTOR  descr,
HANDLE  token,
DWORD  access,
PGENERIC_MAPPING  mapping,
PPRIVILEGE_SET  priv,
LPDWORD  priv_len,
LPDWORD  granted,
LPBOOL  status 
)

Definition at line 1248 of file security.c.

1250{
1251 NTSTATUS access_status;
1252 BOOL ret = set_ntstatus( NtAccessCheck( descr, token, access, mapping, priv, priv_len,
1253 granted, &access_status ));
1254 if (ret) *status = set_ntstatus( access_status );
1255 return ret;
1256}
NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on an object.
Definition: accesschk.c:2214
LONG NTSTATUS
Definition: precomp.h:26
static __inline BOOL set_ntstatus(NTSTATUS status)
Definition: security.c:227
return ret
Definition: mutex.c:146
unsigned int BOOL
Definition: ntddk_ex.h:94
GLuint GLint GLboolean GLint GLenum access
Definition: glext.h:7866
GLenum GLenum GLenum GLenum mapping
Definition: glext.h:9031
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210
const char * descr
Definition: boot.c:45
Definition: ps.c:97

◆ AccessCheckAndAuditAlarmW()

BOOL WINAPI AccessCheckAndAuditAlarmW ( LPCWSTR  subsystem,
LPVOID  id,
LPWSTR  type_name,
LPWSTR  name,
PSECURITY_DESCRIPTOR  descr,
DWORD  access,
PGENERIC_MAPPING  mapping,
BOOL  creation,
LPDWORD  granted,
LPBOOL  status,
LPBOOL  on_close 
)

Definition at line 1261 of file security.c.

1265{
1266 FIXME( "stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(subsystem),
1267 id, debugstr_w(type_name), debugstr_w(name), descr, access, mapping,
1268 creation, granted, status, on_close );
1269 return TRUE;
1270}
#define FIXME(fmt,...)
Definition: precomp.h:53
#define TRUE
Definition: types.h:120
#define debugstr_w
Definition: kernel32.h:32
Definition: name.c:39

◆ AccessCheckByType()

BOOL WINAPI AccessCheckByType ( PSECURITY_DESCRIPTOR  descr,
PSID  sid,
HANDLE  token,
DWORD  access,
POBJECT_TYPE_LIST  types,
DWORD  types_len,
PGENERIC_MAPPING  mapping,
PPRIVILEGE_SET  priv,
LPDWORD  priv_len,
LPDWORD  granted,
LPBOOL  status 
)

Definition at line 1275 of file security.c.

1278{
1279 FIXME("stub\n");
1280 *status = TRUE;
1281 return !*status;
1282}

◆ AddAccessAllowedAce()

BOOL WINAPI AddAccessAllowedAce ( PACL  acl,
DWORD  rev,
DWORD  access,
PSID  sid 
)

Definition at line 1287 of file security.c.

1288{
1290}
int rev
Definition: sort.c:17
FT_UInt sid
Definition: cffcmap.c:139
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)

◆ AddAccessAllowedAceEx()

BOOL WINAPI AddAccessAllowedAceEx ( PACL  acl,
DWORD  rev,
DWORD  flags,
DWORD  access,
PSID  sid 
)

Definition at line 1295 of file security.c.

1296{
1298}
GLbitfield flags
Definition: glext.h:7161
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)

◆ AddAccessAllowedObjectAce()

BOOL WINAPI AddAccessAllowedObjectAce ( PACL  acl,
DWORD  rev,
DWORD  flags,
DWORD  access,
GUID type,
GUID inherit,
PSID  sid 
)

Definition at line 1303 of file security.c.

1305{
1306 return set_ntstatus( RtlAddAccessAllowedObjectAce( acl, rev, flags, access, type, inherit, sid ));
1307}
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedObjectAce(_Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid)

◆ AddAccessDeniedAce()

BOOL WINAPI AddAccessDeniedAce ( PACL  acl,
DWORD  rev,
DWORD  access,
PSID  sid 
)

Definition at line 1312 of file security.c.

1313{
1314 return set_ntstatus( RtlAddAccessDeniedAce( acl, rev, access, sid ));
1315}
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)

◆ AddAccessDeniedAceEx()

BOOL WINAPI AddAccessDeniedAceEx ( PACL  acl,
DWORD  rev,
DWORD  flags,
DWORD  access,
PSID  sid 
)

Definition at line 1320 of file security.c.

1321{
1323}
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)

◆ AddAccessDeniedObjectAce()

BOOL WINAPI AddAccessDeniedObjectAce ( PACL  acl,
DWORD  rev,
DWORD  flags,
DWORD  access,
GUID type,
GUID inherit,
PSID  sid 
)

Definition at line 1328 of file security.c.

1330{
1331 return set_ntstatus( RtlAddAccessDeniedObjectAce( acl, rev, flags, access, type, inherit, sid ));
1332}
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedObjectAce(_Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid)

◆ AddAce()

BOOL WINAPI AddAce ( PACL  acl,
DWORD  rev,
DWORD  index,
LPVOID  list,
DWORD  len 
)

Definition at line 1337 of file security.c.

1338{
1339 return set_ntstatus( RtlAddAce( acl, rev, index, list, len ));
1340}
Definition: list.h:37
GLuint index
Definition: glext.h:6031
GLenum GLsizei len
Definition: glext.h:6722
NTSYSAPI NTSTATUS NTAPI RtlAddAce(_Inout_ PACL Acl, _In_ ULONG AceRevision, _In_ ULONG StartingAceIndex, _In_reads_bytes_(AceListLength) PVOID AceList, _In_ ULONG AceListLength)

◆ AddAuditAccessAce()

BOOL WINAPI AddAuditAccessAce ( PACL  acl,
DWORD  rev,
DWORD  access,
PSID  sid,
BOOL  success,
BOOL  failure 
)

Definition at line 1345 of file security.c.

1346{
1347 return set_ntstatus( RtlAddAuditAccessAce( acl, rev, access, sid, success, failure ));
1348}
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
#define success(from, fromstr, to, tostr)

◆ AddAuditAccessAceEx()

BOOL WINAPI AddAuditAccessAceEx ( PACL  acl,
DWORD  rev,
DWORD  flags,
DWORD  access,
PSID  sid,
BOOL  success,
BOOL  failure 
)

Definition at line 1353 of file security.c.

1355{
1356 return set_ntstatus( RtlAddAuditAccessAceEx( acl, rev, flags, access, sid, success, failure ));
1357}
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)

◆ AddAuditAccessObjectAce()

BOOL WINAPI AddAuditAccessObjectAce ( PACL  acl,
DWORD  rev,
DWORD  flags,
DWORD  access,
GUID type,
GUID inherit,
PSID  sid,
BOOL  success,
BOOL  failure 
)

Definition at line 1362 of file security.c.

1364{
1366 type, inherit, sid, success, failure ));
1367}
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessObjectAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)

◆ AddMandatoryAce()

BOOL WINAPI AddMandatoryAce ( PACL  acl,
DWORD  rev,
DWORD  flags,
DWORD  policy,
PSID  sid 
)

Definition at line 1372 of file security.c.

1373{
1376}
WINBASEAPI _Check_return_ _Out_ AppPolicyProcessTerminationMethod * policy
Definition: appmodel.h:47
NTSYSAPI NTSTATUS NTAPI RtlAddMandatoryAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ULONG MandatoryFlags, _In_ UCHAR AceType, _In_ PSID LabelSid)
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:741

◆ AdjustTokenGroups()

BOOL WINAPI AdjustTokenGroups ( HANDLE  token,
BOOL  reset,
PTOKEN_GROUPS  new,
DWORD  len,
PTOKEN_GROUPS  prev,
PDWORD  ret_len 
)

Definition at line 526 of file security.c.

528{
529 return set_ntstatus( NtAdjustGroupsToken( token, reset, new, len, prev, ret_len ));
530}
GLboolean reset
Definition: glext.h:5666
static JOBOBJECTINFOCLASS LPVOID DWORD LPDWORD ret_len
Definition: process.c:79
NTSTATUS NTAPI NtAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
Changes the list of groups by enabling or disabling them in an access token. Unlike NtAdjustPrivilege...
Definition: tokenadj.c:695

◆ AdjustTokenPrivileges()

BOOL WINAPI AdjustTokenPrivileges ( HANDLE  token,
BOOL  disable,
PTOKEN_PRIVILEGES  new,
DWORD  len,
PTOKEN_PRIVILEGES  prev,
PDWORD  ret_len 
)

Definition at line 535 of file security.c.

537{
539
540 TRACE("(%p %d %p %ld %p %p)\n", token, disable, new, len, prev, ret_len );
541
545}
#define SetLastError(x)
Definition: compat.h:752
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
int disable
Definition: msacm.c:1365
#define STATUS_NOT_ALL_ASSIGNED
Definition: ntstatus.h:85
#define STATUS_SUCCESS
Definition: shellext.h:65
#define TRACE(s)
Definition: solgame.cpp:4
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
Removes a certain amount of privileges of a token based upon the request by the caller.
Definition: tokenadj.c:451

◆ AllocateAndInitializeSid()

BOOL WINAPI AllocateAndInitializeSid ( PSID_IDENTIFIER_AUTHORITY  auth,
BYTE  count,
DWORD  auth0,
DWORD  auth1,
DWORD  auth2,
DWORD  auth3,
DWORD  auth4,
DWORD  auth5,
DWORD  auth6,
DWORD  auth7,
PSID sid 
)

Definition at line 216 of file security.c.

219{
220 return set_ntstatus( RtlAllocateAndInitializeSid( auth, count, auth0, auth1, auth2, auth3,
221 auth4, auth5, auth6, auth7, sid ));
222}
GLuint GLuint GLsizei count
Definition: gl.h:1545
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290

◆ AllocateLocallyUniqueId()

BOOL WINAPI AllocateLocallyUniqueId ( PLUID  luid)

Definition at line 227 of file security.c.

228{
230}
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:348

◆ AreAllAccessesGranted()

BOOL WINAPI AreAllAccessesGranted ( DWORD  granted,
DWORD  desired 
)

Definition at line 1381 of file security.c.

1382{
1383 return RtlAreAllAccessesGranted( granted, desired );
1384}
int desired
Definition: jpeglib.h:1119
NTSYSAPI BOOLEAN NTAPI RtlAreAllAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)

◆ AreAnyAccessesGranted()

BOOL WINAPI AreAnyAccessesGranted ( DWORD  granted,
DWORD  desired 
)

Definition at line 1389 of file security.c.

1390{
1391 return RtlAreAnyAccessesGranted( granted, desired );
1392}
NTSYSAPI BOOLEAN NTAPI RtlAreAnyAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)

◆ CheckTokenMembership()

BOOL WINAPI CheckTokenMembership ( HANDLE  token,
PSID  sid_to_check,
PBOOL  is_member 
)

Definition at line 550 of file security.c.

551{
552 PTOKEN_GROUPS token_groups = NULL;
553 HANDLE thread_token = NULL;
554 DWORD size, i;
555 BOOL ret;
556
557 TRACE("(%p %s %p)\n", token, debugstr_sid(sid_to_check), is_member);
558
559 *is_member = FALSE;
560
561 if (!token)
562 {
563 if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thread_token))
564 {
565 HANDLE process_token;
567 if (!ret)
568 goto exit;
570 TokenImpersonation, &thread_token);
571 CloseHandle(process_token);
572 if (!ret)
573 goto exit;
574 }
575 token = thread_token;
576 }
577 else
578 {
580
582 if (!ret) goto exit;
583
584 if (type == TokenPrimary)
585 {
587 return FALSE;
588 }
589 }
590
593 goto exit;
594
595 token_groups = heap_alloc(size);
596 if (!token_groups)
597 {
598 ret = FALSE;
599 goto exit;
600 }
601
602 ret = GetTokenInformation(token, TokenGroups, token_groups, size, &size);
603 if (!ret)
604 goto exit;
605
606 for (i = 0; i < token_groups->GroupCount; i++)
607 {
608 TRACE("Groups[%ld]: {0x%lx, %s}\n", i,
609 token_groups->Groups[i].Attributes,
610 debugstr_sid(token_groups->Groups[i].Sid));
611 if ((token_groups->Groups[i].Attributes & SE_GROUP_ENABLED) &&
612 EqualSid(sid_to_check, token_groups->Groups[i].Sid))
613 {
614 *is_member = TRUE;
615 TRACE("sid enabled and found in token\n");
616 break;
617 }
618 }
619
620exit:
621 heap_free(token_groups);
622 if (thread_token != NULL) CloseHandle(thread_token);
623 return ret;
624}
static void * heap_alloc(size_t len)
Definition: appwiz.h:66
static BOOL heap_free(void *mem)
Definition: appwiz.h:76
TOKEN_TYPE
Definition: asmpp.cpp:29
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
#define NULL
Definition: types.h:112
#define FALSE
Definition: types.h:117
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:411
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:829
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3859
static const char * debugstr_sid(PSID sid)
Definition: security.c:174
#define CloseHandle
Definition: compat.h:739
#define GetCurrentProcess()
Definition: compat.h:759
BOOL WINAPI OpenThreadToken(HANDLE thread, DWORD access, BOOL self, HANDLE *handle)
Definition: security.c:836
BOOL WINAPI OpenProcessToken(HANDLE process, DWORD access, HANDLE *handle)
Definition: security.c:828
unsigned long DWORD
Definition: ntddk_ex.h:95
GLsizeiptr size
Definition: glext.h:5919
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
@ SecurityImpersonation
Definition: lsa.idl:57
@ TokenImpersonation
Definition: imports.h:274
@ TokenPrimary
Definition: imports.h:273
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
#define SE_GROUP_ENABLED
Definition: setypes.h:92
#define exit(n)
Definition: config.h:202
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1030
$ULONG GroupCount
Definition: setypes.h:1026
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
HANDLE WINAPI GetCurrentThread(void)
Definition: proc.c:1148
#define ERROR_NO_IMPERSONATION_TOKEN
Definition: winerror.h:791
#define TOKEN_DUPLICATE
Definition: setypes.h:938
#define TOKEN_QUERY
Definition: setypes.h:940
@ TokenGroups
Definition: setypes.h:979

◆ ConvertToAutoInheritPrivateObjectSecurity()

BOOL WINAPI ConvertToAutoInheritPrivateObjectSecurity ( PSECURITY_DESCRIPTOR  parent,
PSECURITY_DESCRIPTOR  current,
PSECURITY_DESCRIPTOR descr,
GUID type,
BOOL  is_dir,
PGENERIC_MAPPING  mapping 
)

Definition at line 906 of file security.c.

911{
913}
r parent
Definition: btrfs.c:3010
NTSYSAPI NTSTATUS WINAPI RtlConvertToAutoInheritSecurityObject(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, GUID *, BOOL, PGENERIC_MAPPING)
struct task_struct * current
Definition: linux.c:32

◆ CopySid()

BOOL WINAPI CopySid ( DWORD  len,
PSID  dest,
PSID  source 
)

Definition at line 235 of file security.c.

236{
237 return RtlCopySid( len, dest, source );
238}
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
static char * dest
Definition: rtl.c:135

◆ CreateBoundaryDescriptorW()

HANDLE WINAPI CreateBoundaryDescriptorW ( LPCWSTR  name,
ULONG  flags 
)

Definition at line 918 of file security.c.

919{
920 FIXME("%s %lu - stub\n", debugstr_w(name), flags);
921 return NULL;
922}

◆ CreatePrivateObjectSecurity()

BOOL WINAPI CreatePrivateObjectSecurity ( PSECURITY_DESCRIPTOR  parent,
PSECURITY_DESCRIPTOR  creator,
PSECURITY_DESCRIPTOR descr,
BOOL  is_container,
HANDLE  token,
PGENERIC_MAPPING  mapping 
)

Definition at line 927 of file security.c.

930{
931 return set_ntstatus( RtlNewSecurityObject( parent, creator, descr, is_container, token, mapping ));
932}
NTSYSAPI NTSTATUS NTAPI RtlNewSecurityObject(_In_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_ PSECURITY_DESCRIPTOR CreatorDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_ BOOLEAN IsDirectoryObject, _In_ HANDLE Token, _In_ PGENERIC_MAPPING GenericMapping)

◆ CreatePrivateObjectSecurityEx()

BOOL WINAPI CreatePrivateObjectSecurityEx ( PSECURITY_DESCRIPTOR  parent,
PSECURITY_DESCRIPTOR  creator,
PSECURITY_DESCRIPTOR descr,
GUID type,
BOOL  is_container,
ULONG  flags,
HANDLE  token,
PGENERIC_MAPPING  mapping 
)

Definition at line 937 of file security.c.

940{
941 return set_ntstatus( RtlNewSecurityObjectEx( parent, creator, descr, type, is_container, flags, token, mapping ));
942}
NTSYSAPI NTSTATUS WINAPI RtlNewSecurityObjectEx(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, GUID *, BOOLEAN, ULONG, HANDLE, PGENERIC_MAPPING)

◆ CreatePrivateObjectSecurityWithMultipleInheritance()

BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance ( PSECURITY_DESCRIPTOR  parent,
PSECURITY_DESCRIPTOR  creator,
PSECURITY_DESCRIPTOR descr,
GUID **  types,
ULONG  count,
BOOL  is_container,
ULONG  flags,
HANDLE  token,
PGENERIC_MAPPING  mapping 
)

Definition at line 947 of file security.c.

953{
955 is_container, flags, token, mapping ));
956}
NTSYSAPI NTSTATUS WINAPI RtlNewSecurityObjectWithMultipleInheritance(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, GUID **, ULONG, BOOLEAN, ULONG, HANDLE, PGENERIC_MAPPING)
Definition: cmds.c:130

◆ CreateRestrictedToken()

BOOL WINAPI CreateRestrictedToken ( HANDLE  token,
DWORD  flags,
DWORD  disable_sid_count,
SID_AND_ATTRIBUTES disable_sids,
DWORD  delete_priv_count,
LUID_AND_ATTRIBUTES delete_privs,
DWORD  restrict_sid_count,
SID_AND_ATTRIBUTES restrict_sids,
HANDLE ret 
)

Definition at line 629 of file security.c.

633{
634 TOKEN_PRIVILEGES *nt_privs = NULL;
635 TOKEN_GROUPS *nt_disable_sids = NULL, *nt_restrict_sids = NULL;
637
638 TRACE("token %p, flags %#lx, disable_sids %lu %p, delete_privs %lu %p, restrict_sids %lu %p, ret %p\n",
639 token, flags, disable_sid_count, disable_sids, delete_priv_count, delete_privs,
640 restrict_sid_count, restrict_sids, ret);
641
642 if (disable_sid_count)
643 {
644 if (!(nt_disable_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[disable_sid_count] ) ))) goto out;
645 nt_disable_sids->GroupCount = disable_sid_count;
646 memcpy( nt_disable_sids->Groups, disable_sids, disable_sid_count * sizeof(*disable_sids) );
647 }
648
649 if (delete_priv_count)
650 {
651 if (!(nt_privs = heap_alloc( offsetof( TOKEN_PRIVILEGES, Privileges[delete_priv_count] ) ))) goto out;
652 nt_privs->PrivilegeCount = delete_priv_count;
653 memcpy( nt_privs->Privileges, delete_privs, delete_priv_count * sizeof(*delete_privs) );
654 }
655
656 if (restrict_sid_count)
657 {
658 if (!(nt_restrict_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[restrict_sid_count] ) ))) goto out;
659 nt_restrict_sids->GroupCount = restrict_sid_count;
660 memcpy( nt_restrict_sids->Groups, restrict_sids, restrict_sid_count * sizeof(*restrict_sids) );
661 }
662
663 status = NtFilterToken(token, flags, nt_disable_sids, nt_privs, nt_restrict_sids, ret);
664
665out:
666 heap_free(nt_disable_sids);
667 heap_free(nt_privs);
668 heap_free(nt_restrict_sids);
669 return set_ntstatus( status );
670}
#define STATUS_NO_MEMORY
Definition: d3dkmdt.h:51
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
#define offsetof(TYPE, MEMBER)
$ULONG PrivilegeCount
Definition: setypes.h:1035
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:1036
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
Definition: tokenlif.c:2075
wchar_t tm const _CrtWcstime_Writes_and_advances_ptr_ count wchar_t ** out
Definition: wcsftime.cpp:383
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17

◆ CreateWellKnownSid()

BOOL WINAPI CreateWellKnownSid ( WELL_KNOWN_SID_TYPE  type,
PSID  domain,
PSID  sid,
DWORD size 
)

Definition at line 429 of file security.c.

430{
431 unsigned int i;
432
433 TRACE("(%d, %s, %p, %p)\n", type, debugstr_sid(domain), sid, size);
434
435 if (size == NULL || (domain && !IsValidSid(domain)))
436 {
438 return FALSE;
439 }
440
441 for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
442 {
443 if (WellKnownSids[i].Type == type)
444 {
446
447 if (*size < length)
448 {
449 *size = length;
451 return FALSE;
452 }
453 if (!sid)
454 {
456 return FALSE;
457 }
459 *size = length;
460 return TRUE;
461 }
462 }
463
465 {
467 return FALSE;
468 }
469
470 for (i = 0; i < ARRAY_SIZE(WellKnownRids); i++)
471 {
472 if (WellKnownRids[i].Type == type)
473 {
474 UCHAR domain_subauth = *GetSidSubAuthorityCount(domain);
475 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
476 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
477
478 if (*size < output_sid_length)
479 {
480 *size = output_sid_length;
482 return FALSE;
483 }
484 if (!sid)
485 {
487 return FALSE;
488 }
489 CopyMemory(sid, domain, domain_sid_length);
491 (*GetSidSubAuthority(sid, domain_subauth)) = WellKnownRids[i].Rid;
492 *size = output_sid_length;
493 return TRUE;
494 }
495 }
497 return FALSE;
498}
Type
Definition: Type.h:7
#define ARRAY_SIZE(A)
Definition: main.h:20
static const WELLKNOWNRID WellKnownRids[]
Definition: security.c:109
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:896
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:852
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:819
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:908
static const WELLKNOWNSID WellKnownSids[]
Definition: security.c:45
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
GLuint GLsizei GLsizei * length
Definition: glext.h:6040
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1157
BYTE Revision
Definition: ms-dtyp.idl:199
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
Definition: cookie.c:42
#define CopyMemory
Definition: winbase.h:1751
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:482
unsigned char UCHAR
Definition: xmlstorage.h:181

◆ debugstr_sid()

static const char * debugstr_sid ( PSID  sid)
static

Definition at line 163 of file security.c.

164{
165 int auth;
166 SID * psid = sid;
167
168 if (psid == NULL) return "(null)";
169
170 auth = psid->IdentifierAuthority.Value[5] +
171 (psid->IdentifierAuthority.Value[4] << 8) +
172 (psid->IdentifierAuthority.Value[3] << 16) +
173 (psid->IdentifierAuthority.Value[2] << 24);
174
175 switch (psid->SubAuthorityCount) {
176 case 0:
177 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
178 case 1:
179 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
180 psid->SubAuthority[0]);
181 case 2:
182 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
183 psid->SubAuthority[0], psid->SubAuthority[1]);
184 case 3:
185 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
186 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
187 case 4:
188 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
189 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
190 psid->SubAuthority[3]);
191 case 5:
192 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
193 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
194 psid->SubAuthority[3], psid->SubAuthority[4]);
195 case 6:
196 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
197 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
198 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
199 case 7:
200 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
201 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
202 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
203 psid->SubAuthority[6]);
204 case 8:
205 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
206 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
207 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
208 psid->SubAuthority[6], psid->SubAuthority[7]);
209 }
210 return "(too-big)";
211}
const char * wine_dbg_sprintf(const char *format,...)
Definition: compat.c:296
DWORD SubAuthority[*]
Definition: ms-dtyp.idl:202
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: ms-dtyp.idl:201

◆ DeleteAce()

BOOL WINAPI DeleteAce ( PACL  acl,
DWORD  index 
)

Definition at line 1397 of file security.c.

1398{
1399 return set_ntstatus( RtlDeleteAce( acl, index ));
1400}
NTSYSAPI NTSTATUS NTAPI RtlDeleteAce(PACL Acl, ULONG AceIndex)

◆ DestroyPrivateObjectSecurity()

BOOL WINAPI DestroyPrivateObjectSecurity ( PSECURITY_DESCRIPTOR descr)

Definition at line 961 of file security.c.

962{
964}
NTSYSAPI NTSTATUS NTAPI RtlDeleteSecurityObject(_In_ PSECURITY_DESCRIPTOR *ObjectDescriptor)

◆ DuplicateToken()

BOOL WINAPI DuplicateToken ( HANDLE  token,
SECURITY_IMPERSONATION_LEVEL  level,
PHANDLE  ret 
)

Definition at line 675 of file security.c.

676{
678}
GLint level
Definition: gl.h:1546
#define TOKEN_IMPERSONATE
Definition: setypes.h:939

◆ DuplicateTokenEx()

BOOL WINAPI DuplicateTokenEx ( HANDLE  token,
DWORD  access,
LPSECURITY_ATTRIBUTES  sa,
SECURITY_IMPERSONATION_LEVEL  level,
TOKEN_TYPE  type,
PHANDLE  ret 
)

Definition at line 683 of file security.c.

685{
688
689 TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", token, access, level, type, ret );
690
691 qos.Length = sizeof(qos);
694 qos.EffectiveOnly = FALSE;
695 InitializeObjectAttributes( &attr, NULL, (sa && sa->bInheritHandle) ? OBJ_INHERIT : 0,
696 NULL, sa ? sa->lpSecurityDescriptor : NULL );
697 attr.SecurityQualityOfService = &qos;
699}
static struct sockaddr_in sa
Definition: adnsresfilter.c:69
#define OBJ_INHERIT
Definition: winternl.h:225
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
Definition: cookie.c:202
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104

◆ EqualDomainSid()

BOOL WINAPI EqualDomainSid ( PSID  sid1,
PSID  sid2,
BOOL equal 
)

Definition at line 261 of file security.c.

262{
263 MAX_SID builtin_sid, domain_sid1, domain_sid2;
264 DWORD size;
265
266 TRACE( "(%p,%p,%p)\n", sid1, sid2, equal );
267
268 if (!IsValidSid( sid1 ) || !IsValidSid( sid2 ))
269 {
271 return FALSE;
272 }
273
274 if (!equal)
275 {
277 return FALSE;
278 }
279
280 size = sizeof(domain_sid1);
281 if (GetWindowsAccountDomainSid( sid1, &domain_sid1, &size ))
282 {
283 size = sizeof(domain_sid2);
284 if (GetWindowsAccountDomainSid( sid2, &domain_sid2, &size ))
285 {
286 *equal = EqualSid( &domain_sid1, &domain_sid2 );
287 SetLastError( 0 );
288 return TRUE;
289 }
290 }
291
292 size = sizeof(builtin_sid);
293 if (!CreateWellKnownSid( WinBuiltinDomainSid, NULL, &builtin_sid, &size ))
294 return FALSE;
295
296 if (!memcmp(GetSidIdentifierAuthority( sid1 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)) &&
297 !memcmp(GetSidIdentifierAuthority( sid2 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)))
298 {
299 if (*GetSidSubAuthorityCount( sid1 ) != 0 && *GetSidSubAuthorityCount( sid2 ) != 0 &&
302 {
303 *equal = EqualSid( sid1, sid2 );
304 SetLastError( 0 );
305 return TRUE;
306 }
307 }
308
310 return FALSE;
311}
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority(PSID sid)
Definition: security.c:333
BOOL WINAPI GetWindowsAccountDomainSid(PSID sid, PSID domain_sid, DWORD *size)
Definition: security.c:368
BOOL WINAPI CreateWellKnownSid(WELL_KNOWN_SID_TYPE type, PSID domain, PSID sid, DWORD *size)
Definition: security.c:429
#define equal(x, y)
Definition: reader.cc:56
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: security.c:34
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:413
#define ERROR_NON_DOMAIN_SID
Definition: winerror.h:761
#define ERROR_INVALID_SID
Definition: winerror.h:819
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:581

◆ EqualPrefixSid()

BOOL WINAPI EqualPrefixSid ( PSID  sid1,
PSID  sid2 
)

Definition at line 243 of file security.c.

244{
245 return RtlEqualPrefixSid( sid1, sid2 );
246}
NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid(PSID Sid1, PSID Sid2)

◆ EqualSid()

BOOL WINAPI EqualSid ( PSID  sid1,
PSID  sid2 
)

Definition at line 251 of file security.c.

252{
253 BOOL ret = RtlEqualSid( sid1, sid2 );
255 return ret;
256}
#define ERROR_SUCCESS
Definition: deptool.c:10
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)

◆ FindFirstFreeAce()

BOOL WINAPI FindFirstFreeAce ( PACL  acl,
LPVOID ace 
)

Definition at line 1405 of file security.c.

1406{
1407 return RtlFirstFreeAce( acl, (PACE_HEADER *)ace );
1408}
NTSYSAPI BOOLEAN NTAPI RtlFirstFreeAce(PACL Acl, PACE *Ace)

◆ FreeSid()

void *WINAPI FreeSid ( PSID  pSid)

Definition at line 316 of file security.c.

317{
319 return NULL; /* is documented like this */
320}
static PSID pSid
Definition: security.c:74
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)

◆ GetAce()

BOOL WINAPI GetAce ( PACL  acl,
DWORD  index,
LPVOID ace 
)

Definition at line 1413 of file security.c.

1414{
1415 return set_ntstatus( RtlGetAce( acl, index, ace ));
1416}
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)

◆ GetAclInformation()

BOOL WINAPI GetAclInformation ( PACL  acl,
LPVOID  info,
DWORD  len,
ACL_INFORMATION_CLASS  class 
)

Definition at line 1421 of file security.c.

1422{
1423 return set_ntstatus( RtlQueryInformationAcl( acl, info, len, class ));
1424}
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationAcl(PACL, LPVOID, DWORD, ACL_INFORMATION_CLASS)

◆ GetFileSecurityW()

BOOL WINAPI GetFileSecurityW ( LPCWSTR  name,
SECURITY_INFORMATION  info,
PSECURITY_DESCRIPTOR  descr,
DWORD  len,
LPDWORD  ret_len 
)

Definition at line 969 of file security.c.

971{
972 HANDLE file;
974 DWORD access = 0;
975
976 TRACE( "(%s,%ld,%p,%ld,%p)\n", debugstr_w(name), info, descr, len, ret_len );
977
982
983 if (!(status = open_file( name, access, &file )))
984 {
986 NtClose( file );
987 }
988 return set_ntstatus( status );
989}
static NTSTATUS open_file(LPCWSTR name, DWORD access, HANDLE *file)
Definition: security.c:143
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
#define READ_CONTROL
Definition: nt_native.h:58
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803
Definition: fci.c:127
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

◆ GetKernelObjectSecurity()

BOOL WINAPI GetKernelObjectSecurity ( HANDLE  handle,
SECURITY_INFORMATION  info,
PSECURITY_DESCRIPTOR  descr,
DWORD  len,
LPDWORD  ret_len 
)

Definition at line 994 of file security.c.

◆ GetLengthSid()

DWORD WINAPI GetLengthSid ( PSID  sid)

Definition at line 325 of file security.c.

326{
327 return RtlLengthSid( sid );
328}
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150

◆ GetPrivateObjectSecurity()

BOOL WINAPI GetPrivateObjectSecurity ( PSECURITY_DESCRIPTOR  obj_descr,
SECURITY_INFORMATION  info,
PSECURITY_DESCRIPTOR  ret_descr,
DWORD  len,
PDWORD  ret_len 
)

Definition at line 1003 of file security.c.

1005{
1007 BOOL defaulted, present;
1008 PACL pacl;
1009 PSID psid;
1010
1011 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", obj_descr, info, ret_descr, len, ret_len );
1012
1014
1016 {
1017 if (!GetSecurityDescriptorOwner(obj_descr, &psid, &defaulted)) return FALSE;
1018 SetSecurityDescriptorOwner(&desc, psid, defaulted);
1019 }
1021 {
1022 if (!GetSecurityDescriptorGroup(obj_descr, &psid, &defaulted)) return FALSE;
1023 SetSecurityDescriptorGroup(&desc, psid, defaulted);
1024 }
1026 {
1027 if (!GetSecurityDescriptorDacl(obj_descr, &present, &pacl, &defaulted)) return FALSE;
1028 SetSecurityDescriptorDacl(&desc, present, pacl, defaulted);
1029 }
1031 {
1032 if (!GetSecurityDescriptorSacl(obj_descr, &present, &pacl, &defaulted)) return FALSE;
1033 SetSecurityDescriptorSacl(&desc, present, pacl, defaulted);
1034 }
1035
1036 *ret_len = len;
1037 return MakeSelfRelativeSD(&desc, ret_descr, ret_len);
1038}
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:929
BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR descr, PSID group, BOOL defaulted)
Definition: security.c:1218
BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR descr, PSID owner, BOOL defaulted)
Definition: security.c:1226
BOOL WINAPI SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR descr, BOOL present, PACL sacl, BOOL defaulted)
Definition: security.c:1234
static const WCHAR desc[]
Definition: protectdata.c:36
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76
BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted)
Definition: sec.c:262
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
BOOL WINAPI MakeSelfRelativeSD(PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, LPDWORD lpdwBufferLength)
Definition: sec.c:214
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58

Referenced by test_PrivateObjectSecurity().

◆ GetSecurityDescriptorControl()

BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR  descr,
PSECURITY_DESCRIPTOR_CONTROL  control,
LPDWORD  revision 
)

Definition at line 1043 of file security.c.

1045{
1047}
NTSYSAPI NTSTATUS NTAPI RtlGetControlSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PSECURITY_DESCRIPTOR_CONTROL Control, _Out_ PULONG Revision)
Definition: dialog.c:52

◆ GetSecurityDescriptorDacl()

BOOL WINAPI GetSecurityDescriptorDacl ( PSECURITY_DESCRIPTOR  descr,
LPBOOL  dacl_present,
PACL dacl,
LPBOOL  dacl_defaulted 
)

Definition at line 1052 of file security.c.

1054{
1055 BOOLEAN present, defaulted;
1056 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor( descr, &present, dacl, &defaulted ));
1057 *dacl_present = present;
1058 *dacl_defaulted = defaulted;
1059 return ret;
1060}
unsigned char BOOLEAN
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
Definition: security.c:35

◆ GetSecurityDescriptorGroup()

BOOL WINAPI GetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR  descr,
PSID group,
LPBOOL  group_defaulted 
)

Definition at line 1065 of file security.c.

1066{
1067 BOOLEAN defaulted;
1069 *group_defaulted = defaulted;
1070 return ret;
1071}
GLboolean GLuint group
Definition: glext.h:11120
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted)
Definition: sd.c:280

◆ GetSecurityDescriptorLength()

DWORD WINAPI GetSecurityDescriptorLength ( PSECURITY_DESCRIPTOR  descr)

Definition at line 1076 of file security.c.

1077{
1079}
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)

Referenced by get_sd(), and RSAENH_CPGetProvParam().

◆ GetSecurityDescriptorOwner()

BOOL WINAPI GetSecurityDescriptorOwner ( PSECURITY_DESCRIPTOR  descr,
PSID owner,
LPBOOL  owner_defaulted 
)

Definition at line 1084 of file security.c.

1085{
1086 BOOLEAN defaulted;
1087 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( descr, owner, &defaulted ));
1088 *owner_defaulted = defaulted;
1089 return ret;
1090}
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
Definition: sd.c:257

◆ GetSecurityDescriptorSacl()

BOOL WINAPI GetSecurityDescriptorSacl ( PSECURITY_DESCRIPTOR  descr,
LPBOOL  sacl_present,
PACL sacl,
LPBOOL  sacl_defaulted 
)

Definition at line 1095 of file security.c.

1097{
1098 BOOLEAN present, defaulted;
1099 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor( descr, &present, sacl, &defaulted ));
1100 *sacl_present = present;
1101 *sacl_defaulted = defaulted;
1102 return ret;
1103}
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)

◆ GetSidIdentifierAuthority()

PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority ( PSID  sid)

Definition at line 333 of file security.c.

334{
337}
NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid)

◆ GetSidLengthRequired()

DWORD WINAPI GetSidLengthRequired ( BYTE  count)

Definition at line 342 of file security.c.

343{
344 return RtlLengthRequiredSid( count );
345}
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

◆ GetSidSubAuthority()

PDWORD WINAPI GetSidSubAuthority ( PSID  sid,
DWORD  auth 
)

Definition at line 350 of file security.c.

351{
353 return RtlSubAuthoritySid( sid, auth );
354}
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)

◆ GetSidSubAuthorityCount()

PUCHAR WINAPI GetSidSubAuthorityCount ( PSID  sid)

Definition at line 359 of file security.c.

360{
363}
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104

◆ GetTokenInformation()

BOOL WINAPI GetTokenInformation ( HANDLE  token,
TOKEN_INFORMATION_CLASS  class,
LPVOID  info,
DWORD  len,
LPDWORD  retlen 
)

Definition at line 704 of file security.c.

706{
707 TRACE("(%p, %d [%s], %p, %ld, %p):\n",
708 token, class,
709 (class == TokenUser) ? "TokenUser" :
710 (class == TokenGroups) ? "TokenGroups" :
711 (class == TokenPrivileges) ? "TokenPrivileges" :
712 (class == TokenOwner) ? "TokenOwner" :
713 (class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
714 (class == TokenDefaultDacl) ? "TokenDefaultDacl" :
715 (class == TokenSource) ? "TokenSource" :
716 (class == TokenType) ? "TokenType" :
717 (class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
718 (class == TokenStatistics) ? "TokenStatistics" :
719 (class == TokenRestrictedSids) ? "TokenRestrictedSids" :
720 (class == TokenSessionId) ? "TokenSessionId" :
721 (class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
722 (class == TokenSessionReference) ? "TokenSessionReference" :
723 (class == TokenSandBoxInert) ? "TokenSandBoxInert" :
724 (class == TokenElevation) ? "TokenElevation" :
725 (class == TokenElevationType) ? "TokenElevationType" :
726 (class == TokenLinkedToken) ? "TokenLinkedToken" :
727 "Unknown",
728 info, len, retlen);
729
730 return set_ntstatus( NtQueryInformationToken( token, class, info, len, retlen ));
731}
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
@ TokenDefaultDacl
Definition: setypes.h:983
@ TokenGroupsAndPrivileges
Definition: setypes.h:990
@ TokenSource
Definition: setypes.h:984
@ TokenStatistics
Definition: setypes.h:987
@ TokenImpersonationLevel
Definition: setypes.h:986
@ TokenSandBoxInert
Definition: setypes.h:992
@ TokenRestrictedSids
Definition: setypes.h:988
@ TokenPrivileges
Definition: setypes.h:980
@ TokenUser
Definition: setypes.h:978
@ TokenPrimaryGroup
Definition: setypes.h:982
@ TokenSessionId
Definition: setypes.h:989
@ TokenSessionReference
Definition: setypes.h:991
@ TokenElevation
Definition: setypes.h:997
@ TokenElevationType
Definition: setypes.h:995
@ TokenOwner
Definition: setypes.h:981
@ TokenLinkedToken
Definition: setypes.h:996

◆ GetWindowsAccountDomainSid()

BOOL WINAPI GetWindowsAccountDomainSid ( PSID  sid,
PSID  domain_sid,
DWORD size 
)

Definition at line 368 of file security.c.

369{
371 DWORD required_size;
372 int i;
373
374 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
375
376 if (!sid || !IsValidSid( sid ))
377 {
379 return FALSE;
380 }
381
382 if (!size)
383 {
385 return FALSE;
386 }
387
388 if (*GetSidSubAuthorityCount( sid ) < 4)
389 {
391 return FALSE;
392 }
393
394 required_size = GetSidLengthRequired( 4 );
395 if (*size < required_size || !domain_sid)
396 {
397 *size = required_size;
399 return FALSE;
400 }
401
402 InitializeSid( domain_sid, &domain_ident, 4 );
403 for (i = 0; i < 4; i++)
404 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
405
406 *size = required_size;
407 return TRUE;
408}
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:862
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554

◆ ImpersonateAnonymousToken()

BOOL WINAPI ImpersonateAnonymousToken ( HANDLE  thread)

Definition at line 736 of file security.c.

737{
738 TRACE("(%p)\n", thread);
740}
static HANDLE thread
Definition: service.c:33
NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
Definition: token.c:2612

◆ ImpersonateLoggedOnUser()

BOOL WINAPI ImpersonateLoggedOnUser ( HANDLE  token)

Definition at line 745 of file security.c.

746{
747 DWORD size;
748 BOOL ret;
749 HANDLE dup;
751 static BOOL warn = TRUE;
752
753 if (warn)
754 {
755 FIXME( "(%p)\n", token );
756 warn = FALSE;
757 }
758 if (!GetTokenInformation( token, TokenType, &type, sizeof(type), &size )) return FALSE;
759
760 if (type == TokenPrimary)
761 {
764 NtClose( dup );
765 }
766 else ret = SetThreadToken( NULL, token );
767
768 return ret;
769}
BOOL WINAPI DuplicateToken(HANDLE token, SECURITY_IMPERSONATION_LEVEL level, PHANDLE ret)
Definition: security.c:675
BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
Definition: security.c:863
#define dup
Definition: syshdrs.h:51
#define warn(...)

Referenced by test_AccessCheck().

◆ ImpersonateNamedPipeClient()

BOOL WINAPI ImpersonateNamedPipeClient ( HANDLE  pipe)

Definition at line 774 of file security.c.

775{
776 IO_STATUS_BLOCK io_block;
777
778 return set_ntstatus( NtFsControlFile( pipe, NULL, NULL, NULL, &io_block,
780}
NTSYSAPI NTSTATUS NTAPI NtFsControlFile(IN HANDLE hFile, IN HANDLE hEvent OPTIONAL, IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL, IN PVOID IoApcContext OPTIONAL, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG DeviceIoControlCode, IN PVOID InBuffer OPTIONAL, IN ULONG InBufferLength, OUT PVOID OutBuffer OPTIONAL, IN ULONG OutBufferLength)
#define FSCTL_PIPE_IMPERSONATE
Definition: winioctl.h:734

◆ ImpersonateSelf()

BOOL WINAPI ImpersonateSelf ( SECURITY_IMPERSONATION_LEVEL  level)

Definition at line 785 of file security.c.

786{
788}
NTSYSAPI NTSTATUS NTAPI RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: priv.c:45

◆ InitializeAcl()

BOOL WINAPI InitializeAcl ( PACL  acl,
DWORD  size,
DWORD  rev 
)

Definition at line 1429 of file security.c.

1430{
1431 return set_ntstatus( RtlCreateAcl( acl, size, rev ));
1432}
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)

◆ InitializeSecurityDescriptor()

BOOL WINAPI InitializeSecurityDescriptor ( PSECURITY_DESCRIPTOR  descr,
DWORD  revision 
)

Definition at line 1108 of file security.c.

1109{
1110 return set_ntstatus( RtlCreateSecurityDescriptor( descr, revision ));
1111}
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)

◆ InitializeSid()

BOOL WINAPI InitializeSid ( PSID  sid,
PSID_IDENTIFIER_AUTHORITY  auth,
BYTE  count 
)

Definition at line 413 of file security.c.

414{
415 return set_ntstatus(RtlInitializeSid( sid, auth, count ));
416}
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)

◆ IsTokenRestricted()

BOOL WINAPI IsTokenRestricted ( HANDLE  token)

Definition at line 793 of file security.c.

794{
796 DWORD size;
798 BOOL restricted;
799
800 TRACE("(%p)\n", token);
801
804
806 if (!groups)
807 {
809 return FALSE;
810 }
811
813 if (status != STATUS_SUCCESS)
814 {
816 return set_ntstatus(status);
817 }
818
819 restricted = groups->GroupCount > 0;
821
822 return restricted;
823}
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13
GLsizei GLuint * groups
Definition: glext.h:11113
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69

◆ IsValidAcl()

BOOL WINAPI IsValidAcl ( PACL  acl)

Definition at line 1437 of file security.c.

1438{
1439 return RtlValidAcl( acl );
1440}
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)

◆ IsValidSecurityDescriptor()

BOOL WINAPI IsValidSecurityDescriptor ( PSECURITY_DESCRIPTOR  descr)

Definition at line 1116 of file security.c.

1117{
1120
1121 return TRUE;
1122}
NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: sd.c:1054
#define STATUS_INVALID_SECURITY_DESCR
Definition: ntstatus.h:357

Referenced by validate_default_security_descriptor().

◆ IsValidSid()

BOOL WINAPI IsValidSid ( PSID  sid)

Definition at line 421 of file security.c.

422{
423 return RtlValidSid( sid );
424}
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21

◆ IsWellKnownSid()

BOOL WINAPI IsWellKnownSid ( PSID  sid,
WELL_KNOWN_SID_TYPE  type 
)

Definition at line 503 of file security.c.

504{
505 unsigned int i;
506
507 TRACE("(%s, %d)\n", debugstr_sid(sid), type);
508
509 for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
510 if (WellKnownSids[i].Type == type)
512 return TRUE;
513
514 return FALSE;
515}

◆ MakeAbsoluteSD()

BOOL WINAPI MakeAbsoluteSD ( PSECURITY_DESCRIPTOR  rel_descr,
PSECURITY_DESCRIPTOR  abs_descr,
LPDWORD  abs_size,
PACL  dacl,
LPDWORD  dacl_size,
PACL  sacl,
LPDWORD  sacl_size,
PSID  owner,
LPDWORD  owner_size,
PSID  group,
LPDWORD  group_size 
)

Definition at line 1127 of file security.c.

1130{
1131 return set_ntstatus( RtlSelfRelativeToAbsoluteSD( rel_descr, abs_descr, abs_size,
1132 dacl, dacl_size, sacl, sacl_size,
1133 owner, owner_size, group, group_size ));
1134}
NTSYSAPI NTSTATUS WINAPI RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PDWORD, PACL, PDWORD, PACL, PDWORD, PSID, PDWORD, PSID, PDWORD)

◆ MakeSelfRelativeSD()

BOOL WINAPI MakeSelfRelativeSD ( PSECURITY_DESCRIPTOR  abs_descr,
PSECURITY_DESCRIPTOR  rel_descr,
LPDWORD  len 
)

Definition at line 1139 of file security.c.

1141{
1142 return set_ntstatus( RtlMakeSelfRelativeSD( abs_descr, rel_descr, len ));
1143}
NTSYSAPI NTSTATUS NTAPI RtlMakeSelfRelativeSD(_In_ PSECURITY_DESCRIPTOR AbsoluteSD, _Out_ PSECURITY_DESCRIPTOR SelfRelativeSD, _Inout_ PULONG BufferLength)

◆ MapGenericMask()

void WINAPI MapGenericMask ( PDWORD  access,
PGENERIC_MAPPING  mapping 
)

Definition at line 1445 of file security.c.

1446{
1448}
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)

Referenced by ISecurityInformation_fnMapGeneric(), and PrintFileDacl().

◆ ObjectCloseAuditAlarmW()

BOOL WINAPI ObjectCloseAuditAlarmW ( LPCWSTR  subsystem,
LPVOID  id,
BOOL  on_close 
)

Definition at line 1453 of file security.c.

1454{
1455 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem), id, on_close );
1456 return TRUE;
1457}

◆ ObjectDeleteAuditAlarmW()

BOOL WINAPI ObjectDeleteAuditAlarmW ( LPCWSTR  subsystem,
LPVOID  id,
BOOL  on_close 
)

Definition at line 1462 of file security.c.

1463{
1464 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem), id, on_close );
1465 return TRUE;
1466}

◆ ObjectOpenAuditAlarmW()

BOOL WINAPI ObjectOpenAuditAlarmW ( LPCWSTR  subsystem,
LPVOID  id,
LPWSTR  type,
LPWSTR  name,
PSECURITY_DESCRIPTOR  descr,
HANDLE  token,
DWORD  desired,
DWORD  granted,
PPRIVILEGE_SET  privs,
BOOL  creation,
BOOL  access,
LPBOOL  on_close 
)

Definition at line 1471 of file security.c.

1475{
1476 FIXME( "stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_w(subsystem),
1477 id, debugstr_w(type), debugstr_w(name), descr, token, desired, granted,
1478 privs, creation, access, on_close );
1479 return TRUE;
1480}

◆ ObjectPrivilegeAuditAlarmW()

BOOL WINAPI ObjectPrivilegeAuditAlarmW ( LPCWSTR  subsystem,
LPVOID  id,
HANDLE  token,
DWORD  desired,
PPRIVILEGE_SET  privs,
BOOL  granted 
)

Definition at line 1485 of file security.c.

1487{
1488 FIXME( "stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_w(subsystem), id, token, desired, privs, granted );
1489 return TRUE;
1490}

◆ open_file()

static NTSTATUS open_file ( LPCWSTR  name,
DWORD  access,
HANDLE file 
)
static

Definition at line 143 of file security.c.

144{
145 UNICODE_STRING file_nameW;
149
150 if ((status = RtlDosPathNameToNtPathName_U_WithStatus( name, &file_nameW, NULL, NULL ))) return status;
151 attr.Length = sizeof(attr);
152 attr.RootDirectory = 0;
153 attr.Attributes = OBJ_CASE_INSENSITIVE;
154 attr.ObjectName = &file_nameW;
155 attr.SecurityDescriptor = NULL;
159 RtlFreeUnicodeString( &file_nameW );
160 return status;
161}
#define FILE_SHARE_READ
Definition: compat.h:136
#define FILE_OPEN
Definition: from_kernel.h:54
#define FILE_OPEN_FOR_BACKUP_INTENT
Definition: from_kernel.h:42
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
NTSYSAPI NTSTATUS WINAPI RtlDosPathNameToNtPathName_U_WithStatus(PCWSTR, PUNICODE_STRING, PWSTR *, CURDIR *)
#define FILE_FLAG_BACKUP_SEMANTICS
Definition: disk.h:41
static HANDLE PIO_APC_ROUTINE PVOID PIO_STATUS_BLOCK io
Definition: file.c:100
#define FILE_SHARE_WRITE
Definition: nt_native.h:681
#define SYNCHRONIZE
Definition: nt_native.h:61
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSTATUS NTAPI NtCreateFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength)

Referenced by GetFileSecurityW(), and SetFileSecurityW().

◆ OpenProcessToken()

BOOL WINAPI OpenProcessToken ( HANDLE  process,
DWORD  access,
HANDLE handle 
)

Definition at line 828 of file security.c.

829{
831}
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350

◆ OpenThreadToken()

BOOL WINAPI OpenThreadToken ( HANDLE  thread,
DWORD  access,
BOOL  self,
HANDLE handle 
)

Definition at line 836 of file security.c.

837{
839}
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2474

◆ PrivilegeCheck()

BOOL WINAPI PrivilegeCheck ( HANDLE  token,
PPRIVILEGE_SET  privs,
LPBOOL  result 
)

Definition at line 844 of file security.c.

845{
846 BOOLEAN res;
848 if (ret) *result = res;
849 return ret;
850}
GLuint res
Definition: glext.h:9613
GLuint64EXT * result
Definition: glext.h:11304
NTSTATUS NTAPI NtPrivilegeCheck(_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
Checks a client access token if it has the required set of privileges.
Definition: priv.c:868

◆ PrivilegedServiceAuditAlarmW()

BOOL WINAPI PrivilegedServiceAuditAlarmW ( LPCWSTR  subsystem,
LPCWSTR  service,
HANDLE  token,
PPRIVILEGE_SET  privs,
BOOL  granted 
)

Definition at line 1495 of file security.c.

1497{
1498 FIXME( "stub %s,%s,%p,%p,%x)\n", debugstr_w(subsystem), debugstr_w(service), token, privs, granted );
1499 return TRUE;
1500}

◆ RevertToSelf()

◆ SetAclInformation()

BOOL WINAPI SetAclInformation ( PACL  acl,
LPVOID  info,
DWORD  len,
ACL_INFORMATION_CLASS  class 
)

Definition at line 1505 of file security.c.

1506{
1507 FIXME( "%p %p 0x%08lx 0x%08x - stub\n", acl, info, len, class );
1508 return TRUE;
1509}

◆ SetCachedSigningLevel()

BOOL WINAPI SetCachedSigningLevel ( PHANDLE  source,
ULONG  count,
ULONG  flags,
HANDLE  file 
)

Definition at line 1514 of file security.c.

1515{
1516 FIXME( "%p %lu %lu %p - stub\n", source, count, flags, file );
1517 return TRUE;
1518}

◆ SetFileSecurityW()

BOOL WINAPI SetFileSecurityW ( LPCWSTR  name,
SECURITY_INFORMATION  info,
PSECURITY_DESCRIPTOR  descr 
)

Definition at line 1148 of file security.c.

1149{
1150 HANDLE file;
1151 DWORD access = 0;
1153
1154 TRACE( "(%s, 0x%lx, %p)\n", debugstr_w(name), info, descr );
1155
1159
1160 if (!(status = open_file( name, access, &file )))
1161 {
1163 NtClose( file );
1164 }
1165 return set_ntstatus( status );
1166}
#define WRITE_DAC
Definition: nt_native.h:59
#define WRITE_OWNER
Definition: nt_native.h:60
NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)

◆ SetKernelObjectSecurity()

BOOL WINAPI SetKernelObjectSecurity ( HANDLE  handle,
SECURITY_INFORMATION  info,
PSECURITY_DESCRIPTOR  descr 
)

Definition at line 1171 of file security.c.

1172{
1174}

◆ SetPrivateObjectSecurity()

BOOL WINAPI SetPrivateObjectSecurity ( SECURITY_INFORMATION  info,
PSECURITY_DESCRIPTOR  descr,
PSECURITY_DESCRIPTOR obj_descr,
PGENERIC_MAPPING  mapping,
HANDLE  token 
)

Definition at line 1179 of file security.c.

1182{
1183 FIXME( "0x%08lx %p %p %p %p - stub\n", info, descr, obj_descr, mapping, token );
1184 return TRUE;
1185}

◆ SetPrivateObjectSecurityEx()

BOOL WINAPI SetPrivateObjectSecurityEx ( SECURITY_INFORMATION  info,
PSECURITY_DESCRIPTOR  descr,
PSECURITY_DESCRIPTOR obj_descr,
ULONG  flags,
PGENERIC_MAPPING  mapping,
HANDLE  token 
)

Definition at line 1190 of file security.c.

1193{
1194 FIXME( "0x%08lx %p %p %lu %p %p - stub\n", info, descr, obj_descr, flags, mapping, token );
1195 return TRUE;
1196}

◆ SetSecurityDescriptorControl()

BOOL WINAPI SetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR  descr,
SECURITY_DESCRIPTOR_CONTROL  mask,
SECURITY_DESCRIPTOR_CONTROL  set 
)

Definition at line 1201 of file security.c.

1203{
1205}
Definition: _set.h:50
GLenum GLint GLuint mask
Definition: glext.h:6028
NTSYSAPI NTSTATUS NTAPI RtlSetControlSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet)

◆ SetSecurityDescriptorDacl()

BOOL WINAPI SetSecurityDescriptorDacl ( PSECURITY_DESCRIPTOR  descr,
BOOL  present,
PACL  dacl,
BOOL  defaulted 
)

Definition at line 1210 of file security.c.

1211{
1212 return set_ntstatus( RtlSetDaclSecurityDescriptor( descr, present, dacl, defaulted ));
1213}
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)

◆ SetSecurityDescriptorGroup()

BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR  descr,
PSID  group,
BOOL  defaulted 
)

Definition at line 1218 of file security.c.

1219{
1220 return set_ntstatus( RtlSetGroupSecurityDescriptor( descr, group, defaulted ));
1221}
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410

Referenced by get_sd(), GetPrivateObjectSecurity(), test_AccessCheck(), test_ConvertSecurityDescriptorToString(), and test_process_security().

◆ SetSecurityDescriptorOwner()

BOOL WINAPI SetSecurityDescriptorOwner ( PSECURITY_DESCRIPTOR  descr,
PSID  owner,
BOOL  defaulted 
)

Definition at line 1226 of file security.c.

1227{
1228 return set_ntstatus( RtlSetOwnerSecurityDescriptor( descr, owner, defaulted ));
1229}
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)

Referenced by get_sd(), GetPrivateObjectSecurity(), test_AccessCheck(), test_ConvertSecurityDescriptorToString(), and test_process_security().

◆ SetSecurityDescriptorSacl()

BOOL WINAPI SetSecurityDescriptorSacl ( PSECURITY_DESCRIPTOR  descr,
BOOL  present,
PACL  sacl,
BOOL  defaulted 
)

Definition at line 1234 of file security.c.

1235{
1236 return set_ntstatus( RtlSetSaclSecurityDescriptor( descr, present, sacl, defaulted ));
1237}
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342

Referenced by GetPrivateObjectSecurity(), test_AddMandatoryAce(), test_ConvertSecurityDescriptorToString(), and test_token_security_descriptor().

◆ SetThreadToken()

BOOL WINAPI SetThreadToken ( PHANDLE  thread,
HANDLE  token 
)

Definition at line 863 of file security.c.

864{
867}
@ ThreadImpersonationToken
Definition: compat.h:940
NTSTATUS NTAPI NtSetInformationThread(IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength)
Definition: query.c:2074

◆ SetTokenInformation()

BOOL WINAPI SetTokenInformation ( HANDLE  token,
TOKEN_INFORMATION_CLASS  class,
LPVOID  info,
DWORD  len 
)

Definition at line 872 of file security.c.

873{
874 TRACE("(%p, %s, %p, %ld)\n",
875 token,
876 (class == TokenUser) ? "TokenUser" :
877 (class == TokenGroups) ? "TokenGroups" :
878 (class == TokenPrivileges) ? "TokenPrivileges" :
879 (class == TokenOwner) ? "TokenOwner" :
880 (class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
881 (class == TokenDefaultDacl) ? "TokenDefaultDacl" :
882 (class == TokenSource) ? "TokenSource" :
883 (class == TokenType) ? "TokenType" :
884 (class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
885 (class == TokenStatistics) ? "TokenStatistics" :
886 (class == TokenRestrictedSids) ? "TokenRestrictedSids" :
887 (class == TokenSessionId) ? "TokenSessionId" :
888 (class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
889 (class == TokenSessionReference) ? "TokenSessionReference" :
890 (class == TokenSandBoxInert) ? "TokenSandBoxInert" :
891 "Unknown",
892 info, len);
893
894 return set_ntstatus( NtSetInformationToken( token, class, info, len ));
895}
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Sets (modifies) some specific information in regard of an access token. The calling thread must have ...
Definition: tokencls.c:1125

◆ WINE_DEFAULT_DEBUG_CHANNEL()

WINE_DEFAULT_DEBUG_CHANNEL ( security  )

Variable Documentation

◆ WellKnownRids

const WELLKNOWNRID WellKnownRids[]
static
Initial value:
=
{
{ WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
{ WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
{ WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
{ WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
{ WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
{ WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
{ WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
{ WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
{ WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
{ WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
{ WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
{ WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
{ WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
}
#define DOMAIN_GROUP_RID_SCHEMA_ADMINS
Definition: setypes.h:645
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:631
#define DOMAIN_GROUP_RID_CONTROLLERS
Definition: setypes.h:643
#define DOMAIN_GROUP_RID_COMPUTERS
Definition: setypes.h:642
#define DOMAIN_GROUP_RID_POLICY_ADMINS
Definition: setypes.h:647
#define DOMAIN_GROUP_RID_GUESTS
Definition: setypes.h:641
#define DOMAIN_USER_RID_GUEST
Definition: setypes.h:632
#define DOMAIN_ALIAS_RID_RAS_SERVERS
Definition: setypes.h:663
#define DOMAIN_GROUP_RID_CERT_ADMINS
Definition: setypes.h:644
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
Definition: setypes.h:646
#define DOMAIN_USER_RID_KRBTGT
Definition: setypes.h:633
#define DOMAIN_GROUP_RID_ADMINS
Definition: setypes.h:639
#define DOMAIN_GROUP_RID_USERS
Definition: setypes.h:640

Definition at line 126 of file security.c.

◆ WellKnownSids

const WELLKNOWNSID WellKnownSids[]
static

Definition at line 60 of file security.c.