ReactOS 0.4.16-dev-1520-gb558596
security.c
Go to the documentation of this file.
1/*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 *
20 */
21
22#include <stdarg.h>
23#include <string.h>
24
25#include "ntstatus.h"
26#define WIN32_NO_STATUS
27#include "windef.h"
28#include "winbase.h"
29#include "winerror.h"
30#include "winternl.h"
31#include "winioctl.h"
32#include "ddk/ntddk.h"
33
34#include "kernelbase.h"
35#include "wine/debug.h"
36#include "wine/heap.h"
37
39
40
41/******************************************************************************
42 * SID functions
43 ******************************************************************************/
44
45typedef struct _MAX_SID
46{
47 /* same fields as struct _SID */
53
54typedef struct WELLKNOWNSID
55{
59
61{
62 { WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
63 { WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
64 { WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
65 { WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
66 { WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
67 { WinCreatorOwnerRightsSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RIGHTS_RID } } },
68 { WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
69 { WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
70 { WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
71 { WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
72 { WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
73 { WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
74 { WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
75 { WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
76 { WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
77 { WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
78 { WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
79 { WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
80 { WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
81 { WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
82 { WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
83 { WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
85 { WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
86 { WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
87 { WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
88 { WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
89 { WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
93 { WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
94 { WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
95 { WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
96 { WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
98 { WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
100 { WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
101 { WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
102 { WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
103 { WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
104 { WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
105 { WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
106 { WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
107 { WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
108 { WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
109 { WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
110 { WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
117};
118
119/* these SIDs must be constructed as relative to some domain - only the RID is well-known */
120typedef struct WELLKNOWNRID
121{
123 DWORD Rid;
125
127{
128 { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
129 { WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
130 { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
131 { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
132 { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
133 { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
134 { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
135 { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
136 { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
137 { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
138 { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
139 { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
140 { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
141};
142
144{
145 UNICODE_STRING file_nameW;
149
150 if ((status = RtlDosPathNameToNtPathName_U_WithStatus( name, &file_nameW, NULL, NULL ))) return status;
151 attr.Length = sizeof(attr);
152 attr.RootDirectory = 0;
153 attr.Attributes = OBJ_CASE_INSENSITIVE;
154 attr.ObjectName = &file_nameW;
155 attr.SecurityDescriptor = NULL;
159 RtlFreeUnicodeString( &file_nameW );
160 return status;
161}
162
163static const char *debugstr_sid( PSID sid )
164{
165 int auth;
166 SID * psid = sid;
167
168 if (psid == NULL) return "(null)";
169
170 auth = psid->IdentifierAuthority.Value[5] +
171 (psid->IdentifierAuthority.Value[4] << 8) +
172 (psid->IdentifierAuthority.Value[3] << 16) +
173 (psid->IdentifierAuthority.Value[2] << 24);
174
175 switch (psid->SubAuthorityCount) {
176 case 0:
177 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
178 case 1:
179 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
180 psid->SubAuthority[0]);
181 case 2:
182 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
183 psid->SubAuthority[0], psid->SubAuthority[1]);
184 case 3:
185 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
186 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
187 case 4:
188 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
189 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
190 psid->SubAuthority[3]);
191 case 5:
192 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
193 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
194 psid->SubAuthority[3], psid->SubAuthority[4]);
195 case 6:
196 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
197 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
198 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
199 case 7:
200 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
201 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
202 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
203 psid->SubAuthority[6]);
204 case 8:
205 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
206 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
207 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
208 psid->SubAuthority[6], psid->SubAuthority[7]);
209 }
210 return "(too-big)";
211}
212
213/******************************************************************************
214 * AllocateAndInitializeSid (kernelbase.@)
215 */
217 DWORD auth0, DWORD auth1, DWORD auth2, DWORD auth3,
218 DWORD auth4, DWORD auth5, DWORD auth6, DWORD auth7, PSID *sid )
219{
220 return set_ntstatus( RtlAllocateAndInitializeSid( auth, count, auth0, auth1, auth2, auth3,
221 auth4, auth5, auth6, auth7, sid ));
222}
223
224/***********************************************************************
225 * AllocateLocallyUniqueId (kernelbase.@)
226 */
228{
230}
231
232/******************************************************************************
233 * CopySid (kernelbase.@)
234 */
236{
237 return RtlCopySid( len, dest, source );
238}
239
240/******************************************************************************
241 * EqualPrefixSid (kernelbase.@)
242 */
244{
245 return RtlEqualPrefixSid( sid1, sid2 );
246}
247
248/******************************************************************************
249 * EqualSid (kernelbase.@)
250 */
252{
253 BOOL ret = RtlEqualSid( sid1, sid2 );
255 return ret;
256}
257
258/******************************************************************************
259 * EqualDomainSid (kernelbase.@)
260 */
262{
263 MAX_SID builtin_sid, domain_sid1, domain_sid2;
264 DWORD size;
265
266 TRACE( "(%p,%p,%p)\n", sid1, sid2, equal );
267
268 if (!IsValidSid( sid1 ) || !IsValidSid( sid2 ))
269 {
271 return FALSE;
272 }
273
274 if (!equal)
275 {
277 return FALSE;
278 }
279
280 size = sizeof(domain_sid1);
281 if (GetWindowsAccountDomainSid( sid1, &domain_sid1, &size ))
282 {
283 size = sizeof(domain_sid2);
284 if (GetWindowsAccountDomainSid( sid2, &domain_sid2, &size ))
285 {
286 *equal = EqualSid( &domain_sid1, &domain_sid2 );
287 SetLastError( 0 );
288 return TRUE;
289 }
290 }
291
292 size = sizeof(builtin_sid);
293 if (!CreateWellKnownSid( WinBuiltinDomainSid, NULL, &builtin_sid, &size ))
294 return FALSE;
295
296 if (!memcmp(GetSidIdentifierAuthority( sid1 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)) &&
297 !memcmp(GetSidIdentifierAuthority( sid2 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)))
298 {
299 if (*GetSidSubAuthorityCount( sid1 ) != 0 && *GetSidSubAuthorityCount( sid2 ) != 0 &&
302 {
303 *equal = EqualSid( sid1, sid2 );
304 SetLastError( 0 );
305 return TRUE;
306 }
307 }
308
310 return FALSE;
311}
312
313/******************************************************************************
314 * FreeSid (kernelbase.@)
315 */
317{
319 return NULL; /* is documented like this */
320}
321
322/******************************************************************************
323 * GetLengthSid (kernelbase.@)
324 */
326{
327 return RtlLengthSid( sid );
328}
329
330/******************************************************************************
331 * GetSidIdentifierAuthority (kernelbase.@)
332 */
334{
337}
338
339/******************************************************************************
340 * GetSidLengthRequired (kernelbase.@)
341 */
343{
344 return RtlLengthRequiredSid( count );
345}
346
347/******************************************************************************
348 * GetSidSubAuthority (kernelbase.@)
349 */
351{
353 return RtlSubAuthoritySid( sid, auth );
354}
355
356/******************************************************************************
357 * GetSidSubAuthorityCount (kernelbase.@)
358 */
360{
363}
364
365/******************************************************************************
366 * GetWindowsAccountDomainSid (kernelbase.@)
367 */
369{
371 DWORD required_size;
372 int i;
373
374 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
375
376 if (!sid || !IsValidSid( sid ))
377 {
379 return FALSE;
380 }
381
382 if (!size)
383 {
385 return FALSE;
386 }
387
388 if (*GetSidSubAuthorityCount( sid ) < 4)
389 {
391 return FALSE;
392 }
393
394 required_size = GetSidLengthRequired( 4 );
395 if (*size < required_size || !domain_sid)
396 {
397 *size = required_size;
399 return FALSE;
400 }
401
402 InitializeSid( domain_sid, &domain_ident, 4 );
403 for (i = 0; i < 4; i++)
404 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
405
406 *size = required_size;
407 return TRUE;
408}
409
410/******************************************************************************
411 * InitializeSid (kernelbase.@)
412 */
414{
415 return set_ntstatus(RtlInitializeSid( sid, auth, count ));
416}
417
418/******************************************************************************
419 * IsValidSid (kernelbase.@)
420 */
422{
423 return RtlValidSid( sid );
424}
425
426/******************************************************************************
427 * CreateWellKnownSid (kernelbase.@)
428 */
430{
431 unsigned int i;
432
433 TRACE("(%d, %s, %p, %p)\n", type, debugstr_sid(domain), sid, size);
434
435 if (size == NULL || (domain && !IsValidSid(domain)))
436 {
438 return FALSE;
439 }
440
441 for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
442 {
443 if (WellKnownSids[i].Type == type)
444 {
446
447 if (*size < length)
448 {
449 *size = length;
451 return FALSE;
452 }
453 if (!sid)
454 {
456 return FALSE;
457 }
459 *size = length;
460 return TRUE;
461 }
462 }
463
465 {
467 return FALSE;
468 }
469
470 for (i = 0; i < ARRAY_SIZE(WellKnownRids); i++)
471 {
472 if (WellKnownRids[i].Type == type)
473 {
474 UCHAR domain_subauth = *GetSidSubAuthorityCount(domain);
475 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
476 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
477
478 if (*size < output_sid_length)
479 {
480 *size = output_sid_length;
482 return FALSE;
483 }
484 if (!sid)
485 {
487 return FALSE;
488 }
489 CopyMemory(sid, domain, domain_sid_length);
491 (*GetSidSubAuthority(sid, domain_subauth)) = WellKnownRids[i].Rid;
492 *size = output_sid_length;
493 return TRUE;
494 }
495 }
497 return FALSE;
498}
499
500/******************************************************************************
501 * IsWellKnownSid (kernelbase.@)
502 */
504{
505 unsigned int i;
506
507 TRACE("(%s, %d)\n", debugstr_sid(sid), type);
508
509 for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
510 if (WellKnownSids[i].Type == type)
512 return TRUE;
513
514 return FALSE;
515}
516
517
518/******************************************************************************
519 * Token functions
520 ******************************************************************************/
521
522
523/******************************************************************************
524 * AdjustTokenGroups (kernelbase.@)
525 */
528{
529 return set_ntstatus( NtAdjustGroupsToken( token, reset, new, len, prev, ret_len ));
530}
531
532/******************************************************************************
533 * AdjustTokenPrivileges (kernelbase.@)
534 */
537{
539
540 TRACE("(%p %d %p %ld %p %p)\n", token, disable, new, len, prev, ret_len );
541
545}
546
547/******************************************************************************
548 * CheckTokenMembership (kernelbase.@)
549 */
551{
552 PTOKEN_GROUPS token_groups = NULL;
553 HANDLE thread_token = NULL;
554 DWORD size, i;
555 BOOL ret;
556
557 TRACE("(%p %s %p)\n", token, debugstr_sid(sid_to_check), is_member);
558
559 *is_member = FALSE;
560
561 if (!token)
562 {
563 if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thread_token))
564 {
565 HANDLE process_token;
567 if (!ret)
568 goto exit;
570 TokenImpersonation, &thread_token);
571 CloseHandle(process_token);
572 if (!ret)
573 goto exit;
574 }
575 token = thread_token;
576 }
577 else
578 {
580
582 if (!ret) goto exit;
583
584 if (type == TokenPrimary)
585 {
587 return FALSE;
588 }
589 }
590
593 goto exit;
594
595 token_groups = heap_alloc(size);
596 if (!token_groups)
597 {
598 ret = FALSE;
599 goto exit;
600 }
601
602 ret = GetTokenInformation(token, TokenGroups, token_groups, size, &size);
603 if (!ret)
604 goto exit;
605
606 for (i = 0; i < token_groups->GroupCount; i++)
607 {
608 TRACE("Groups[%ld]: {0x%lx, %s}\n", i,
609 token_groups->Groups[i].Attributes,
610 debugstr_sid(token_groups->Groups[i].Sid));
611 if ((token_groups->Groups[i].Attributes & SE_GROUP_ENABLED) &&
612 EqualSid(sid_to_check, token_groups->Groups[i].Sid))
613 {
614 *is_member = TRUE;
615 TRACE("sid enabled and found in token\n");
616 break;
617 }
618 }
619
620exit:
621 heap_free(token_groups);
622 if (thread_token != NULL) CloseHandle(thread_token);
623 return ret;
624}
625
626/*************************************************************************
627 * CreateRestrictedToken (kernelbase.@)
628 */
630 DWORD disable_sid_count, SID_AND_ATTRIBUTES *disable_sids,
631 DWORD delete_priv_count, LUID_AND_ATTRIBUTES *delete_privs,
632 DWORD restrict_sid_count, SID_AND_ATTRIBUTES *restrict_sids, HANDLE *ret )
633{
634 TOKEN_PRIVILEGES *nt_privs = NULL;
635 TOKEN_GROUPS *nt_disable_sids = NULL, *nt_restrict_sids = NULL;
637
638 TRACE("token %p, flags %#lx, disable_sids %lu %p, delete_privs %lu %p, restrict_sids %lu %p, ret %p\n",
639 token, flags, disable_sid_count, disable_sids, delete_priv_count, delete_privs,
640 restrict_sid_count, restrict_sids, ret);
641
642 if (disable_sid_count)
643 {
644 if (!(nt_disable_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[disable_sid_count] ) ))) goto out;
645 nt_disable_sids->GroupCount = disable_sid_count;
646 memcpy( nt_disable_sids->Groups, disable_sids, disable_sid_count * sizeof(*disable_sids) );
647 }
648
649 if (delete_priv_count)
650 {
651 if (!(nt_privs = heap_alloc( offsetof( TOKEN_PRIVILEGES, Privileges[delete_priv_count] ) ))) goto out;
652 nt_privs->PrivilegeCount = delete_priv_count;
653 memcpy( nt_privs->Privileges, delete_privs, delete_priv_count * sizeof(*delete_privs) );
654 }
655
656 if (restrict_sid_count)
657 {
658 if (!(nt_restrict_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[restrict_sid_count] ) ))) goto out;
659 nt_restrict_sids->GroupCount = restrict_sid_count;
660 memcpy( nt_restrict_sids->Groups, restrict_sids, restrict_sid_count * sizeof(*restrict_sids) );
661 }
662
663 status = NtFilterToken(token, flags, nt_disable_sids, nt_privs, nt_restrict_sids, ret);
664
665out:
666 heap_free(nt_disable_sids);
667 heap_free(nt_privs);
668 heap_free(nt_restrict_sids);
669 return set_ntstatus( status );
670}
671
672/******************************************************************************
673 * DuplicateToken (kernelbase.@)
674 */
676{
678}
679
680/******************************************************************************
681 * DuplicateTokenEx (kernelbase.@)
682 */
685{
688
689 TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", token, access, level, type, ret );
690
691 qos.Length = sizeof(qos);
694 qos.EffectiveOnly = FALSE;
695 InitializeObjectAttributes( &attr, NULL, (sa && sa->bInheritHandle) ? OBJ_INHERIT : 0,
696 NULL, sa ? sa->lpSecurityDescriptor : NULL );
697 attr.SecurityQualityOfService = &qos;
699}
700
701/******************************************************************************
702 * GetTokenInformation (kernelbase.@)
703 */
705 LPVOID info, DWORD len, LPDWORD retlen )
706{
707 TRACE("(%p, %d [%s], %p, %ld, %p):\n",
708 token, class,
709 (class == TokenUser) ? "TokenUser" :
710 (class == TokenGroups) ? "TokenGroups" :
711 (class == TokenPrivileges) ? "TokenPrivileges" :
712 (class == TokenOwner) ? "TokenOwner" :
713 (class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
714 (class == TokenDefaultDacl) ? "TokenDefaultDacl" :
715 (class == TokenSource) ? "TokenSource" :
716 (class == TokenType) ? "TokenType" :
717 (class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
718 (class == TokenStatistics) ? "TokenStatistics" :
719 (class == TokenRestrictedSids) ? "TokenRestrictedSids" :
720 (class == TokenSessionId) ? "TokenSessionId" :
721 (class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
722 (class == TokenSessionReference) ? "TokenSessionReference" :
723 (class == TokenSandBoxInert) ? "TokenSandBoxInert" :
724 (class == TokenElevation) ? "TokenElevation" :
725 (class == TokenElevationType) ? "TokenElevationType" :
726 (class == TokenLinkedToken) ? "TokenLinkedToken" :
727 "Unknown",
728 info, len, retlen);
729
730 return set_ntstatus( NtQueryInformationToken( token, class, info, len, retlen ));
731}
732
733/******************************************************************************
734 * ImpersonateAnonymousToken (kernelbase.@)
735 */
737{
738 TRACE("(%p)\n", thread);
740}
741
742/******************************************************************************
743 * ImpersonateLoggedOnUser (kernelbase.@)
744 */
746{
747 DWORD size;
748 BOOL ret;
749 HANDLE dup;
751 static BOOL warn = TRUE;
752
753 if (warn)
754 {
755 FIXME( "(%p)\n", token );
756 warn = FALSE;
757 }
758 if (!GetTokenInformation( token, TokenType, &type, sizeof(type), &size )) return FALSE;
759
760 if (type == TokenPrimary)
761 {
764 NtClose( dup );
765 }
766 else ret = SetThreadToken( NULL, token );
767
768 return ret;
769}
770
771/******************************************************************************
772 * ImpersonateNamedPipeClient (kernelbase.@)
773 */
775{
776 IO_STATUS_BLOCK io_block;
777
778 return set_ntstatus( NtFsControlFile( pipe, NULL, NULL, NULL, &io_block,
780}
781
782/******************************************************************************
783 * ImpersonateSelf (kernelbase.@)
784 */
786{
788}
789
790/******************************************************************************
791 * IsTokenRestricted (kernelbase.@)
792 */
794{
796 DWORD size;
798 BOOL restricted;
799
800 TRACE("(%p)\n", token);
801
804
806 if (!groups)
807 {
809 return FALSE;
810 }
811
813 if (status != STATUS_SUCCESS)
814 {
816 return set_ntstatus(status);
817 }
818
819 restricted = groups->GroupCount > 0;
821
822 return restricted;
823}
824
825/******************************************************************************
826 * OpenProcessToken (kernelbase.@)
827 */
829{
831}
832
833/******************************************************************************
834 * OpenThreadToken (kernelbase.@)
835 */
837{
839}
840
841/******************************************************************************
842 * PrivilegeCheck (kernelbase.@)
843 */
845{
846 BOOLEAN res;
848 if (ret) *result = res;
849 return ret;
850}
851
852/******************************************************************************
853 * RevertToSelf (kernelbase.@)
854 */
856{
857 return SetThreadToken( NULL, 0 );
858}
859
860/*************************************************************************
861 * SetThreadToken (kernelbase.@)
862 */
864{
867}
868
869/******************************************************************************
870 * SetTokenInformation (kernelbase.@)
871 */
873{
874 TRACE("(%p, %s, %p, %ld)\n",
875 token,
876 (class == TokenUser) ? "TokenUser" :
877 (class == TokenGroups) ? "TokenGroups" :
878 (class == TokenPrivileges) ? "TokenPrivileges" :
879 (class == TokenOwner) ? "TokenOwner" :
880 (class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
881 (class == TokenDefaultDacl) ? "TokenDefaultDacl" :
882 (class == TokenSource) ? "TokenSource" :
883 (class == TokenType) ? "TokenType" :
884 (class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
885 (class == TokenStatistics) ? "TokenStatistics" :
886 (class == TokenRestrictedSids) ? "TokenRestrictedSids" :
887 (class == TokenSessionId) ? "TokenSessionId" :
888 (class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
889 (class == TokenSessionReference) ? "TokenSessionReference" :
890 (class == TokenSandBoxInert) ? "TokenSandBoxInert" :
891 "Unknown",
892 info, len);
893
894 return set_ntstatus( NtSetInformationToken( token, class, info, len ));
895}
896
897
898/******************************************************************************
899 * Security descriptor functions
900 ******************************************************************************/
901
902
903/******************************************************************************
904 * ConvertToAutoInheritPrivateObjectSecurity (kernelbase.@)
905 */
909 GUID *type, BOOL is_dir,
911{
913}
914
915/******************************************************************************
916 * CreateBoundaryDescriptorW (kernelbase.@)
917 */
919{
920 FIXME("%s %lu - stub\n", debugstr_w(name), flags);
921 return NULL;
922}
923
924/******************************************************************************
925 * CreatePrivateObjectSecurity (kernelbase.@)
926 */
930{
931 return set_ntstatus( RtlNewSecurityObject( parent, creator, descr, is_container, token, mapping ));
932}
933
934/******************************************************************************
935 * CreatePrivateObjectSecurityEx (kernelbase.@)
936 */
938 PSECURITY_DESCRIPTOR *descr, GUID *type, BOOL is_container,
940{
941 return set_ntstatus( RtlNewSecurityObjectEx( parent, creator, descr, type, is_container, flags, token, mapping ));
942}
943
944/******************************************************************************
945 * CreatePrivateObjectSecurityWithMultipleInheritance (kernelbase.@)
946 */
948 PSECURITY_DESCRIPTOR creator,
951 BOOL is_container, ULONG flags,
953{
955 is_container, flags, token, mapping ));
956}
957
958/******************************************************************************
959 * DestroyPrivateObjectSecurity (kernelbase.@)
960 */
962{
964}
965
966/******************************************************************************
967 * GetFileSecurityW (kernelbase.@)
968 */
971{
972 HANDLE file;
974 DWORD access = 0;
975
976 TRACE( "(%s,%ld,%p,%ld,%p)\n", debugstr_w(name), info, descr, len, ret_len );
977
982
983 if (!(status = open_file( name, access, &file )))
984 {
986 NtClose( file );
987 }
988 return set_ntstatus( status );
989}
990
991/******************************************************************************
992 * GetKernelObjectSecurity (kernelbase.@)
993 */
996{
998}
999
1000/******************************************************************************
1001 * GetPrivateObjectSecurity (kernelbase.@)
1002 */
1005{
1007 BOOL defaulted, present;
1008 PACL pacl;
1009 PSID psid;
1010
1011 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", obj_descr, info, ret_descr, len, ret_len );
1012
1014
1016 {
1017 if (!GetSecurityDescriptorOwner(obj_descr, &psid, &defaulted)) return FALSE;
1018 SetSecurityDescriptorOwner(&desc, psid, defaulted);
1019 }
1021 {
1022 if (!GetSecurityDescriptorGroup(obj_descr, &psid, &defaulted)) return FALSE;
1023 SetSecurityDescriptorGroup(&desc, psid, defaulted);
1024 }
1026 {
1027 if (!GetSecurityDescriptorDacl(obj_descr, &present, &pacl, &defaulted)) return FALSE;
1028 SetSecurityDescriptorDacl(&desc, present, pacl, defaulted);
1029 }
1031 {
1032 if (!GetSecurityDescriptorSacl(obj_descr, &present, &pacl, &defaulted)) return FALSE;
1033 SetSecurityDescriptorSacl(&desc, present, pacl, defaulted);
1034 }
1035
1036 *ret_len = len;
1037 return MakeSelfRelativeSD(&desc, ret_descr, ret_len);
1038}
1039
1040/******************************************************************************
1041 * GetSecurityDescriptorControl (kernelbase.@)
1042 */
1044 LPDWORD revision)
1045{
1047}
1048
1049/******************************************************************************
1050 * GetSecurityDescriptorDacl (kernelbase.@)
1051 */
1053 LPBOOL dacl_defaulted )
1054{
1055 BOOLEAN present, defaulted;
1056 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor( descr, &present, dacl, &defaulted ));
1057 *dacl_present = present;
1058 *dacl_defaulted = defaulted;
1059 return ret;
1060}
1061
1062/******************************************************************************
1063 * GetSecurityDescriptorGroup (kernelbase.@)
1064 */
1066{
1067 BOOLEAN defaulted;
1069 *group_defaulted = defaulted;
1070 return ret;
1071}
1072
1073/******************************************************************************
1074 * GetSecurityDescriptorLength (kernelbase.@)
1075 */
1077{
1079}
1080
1081/******************************************************************************
1082 * GetSecurityDescriptorOwner (kernelbase.@)
1083 */
1085{
1086 BOOLEAN defaulted;
1087 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( descr, owner, &defaulted ));
1088 *owner_defaulted = defaulted;
1089 return ret;
1090}
1091
1092/******************************************************************************
1093 * GetSecurityDescriptorSacl (kernelbase.@)
1094 */
1096 LPBOOL sacl_defaulted )
1097{
1098 BOOLEAN present, defaulted;
1099 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor( descr, &present, sacl, &defaulted ));
1100 *sacl_present = present;
1101 *sacl_defaulted = defaulted;
1102 return ret;
1103}
1104
1105/******************************************************************************
1106 * InitializeSecurityDescriptor (kernelbase.@)
1107 */
1109{
1110 return set_ntstatus( RtlCreateSecurityDescriptor( descr, revision ));
1111}
1112
1113/******************************************************************************
1114 * IsValidSecurityDescriptor (kernelbase.@)
1115 */
1117{
1120
1121 return TRUE;
1122}
1123
1124/******************************************************************************
1125 * MakeAbsoluteSD (kernelbase.@)
1126 */
1128 LPDWORD abs_size, PACL dacl, LPDWORD dacl_size, PACL sacl, LPDWORD sacl_size,
1129 PSID owner, LPDWORD owner_size, PSID group, LPDWORD group_size )
1130{
1131 return set_ntstatus( RtlSelfRelativeToAbsoluteSD( rel_descr, abs_descr, abs_size,
1132 dacl, dacl_size, sacl, sacl_size,
1133 owner, owner_size, group, group_size ));
1134}
1135
1136/******************************************************************************
1137 * MakeSelfRelativeSD (kernelbase.@)
1138 */
1140 LPDWORD len )
1141{
1142 return set_ntstatus( RtlMakeSelfRelativeSD( abs_descr, rel_descr, len ));
1143}
1144
1145/******************************************************************************
1146 * SetFileSecurityW (kernelbase.@)
1147 */
1149{
1150 HANDLE file;
1151 DWORD access = 0;
1153
1154 TRACE( "(%s, 0x%lx, %p)\n", debugstr_w(name), info, descr );
1155
1159
1160 if (!(status = open_file( name, access, &file )))
1161 {
1163 NtClose( file );
1164 }
1165 return set_ntstatus( status );
1166}
1167
1168/*************************************************************************
1169 * SetKernelObjectSecurity (kernelbase.@)
1170 */
1172{
1174}
1175
1176/*************************************************************************
1177 * SetPrivateObjectSecurity (kernelbase.@)
1178 */
1181 HANDLE token )
1182{
1183 FIXME( "0x%08lx %p %p %p %p - stub\n", info, descr, obj_descr, mapping, token );
1184 return TRUE;
1185}
1186
1187/*************************************************************************
1188 * SetPrivateObjectSecurityEx (kernelbase.@)
1189 */
1191 PSECURITY_DESCRIPTOR *obj_descr, ULONG flags,
1193{
1194 FIXME( "0x%08lx %p %p %lu %p %p - stub\n", info, descr, obj_descr, flags, mapping, token );
1195 return TRUE;
1196}
1197
1198/******************************************************************************
1199 * SetSecurityDescriptorControl (kernelbase.@)
1200 */
1203{
1205}
1206
1207/******************************************************************************
1208 * SetSecurityDescriptorDacl (kernelbase.@)
1209 */
1211{
1212 return set_ntstatus( RtlSetDaclSecurityDescriptor( descr, present, dacl, defaulted ));
1213}
1214
1215/******************************************************************************
1216 * SetSecurityDescriptorGroup (kernelbase.@)
1217 */
1219{
1220 return set_ntstatus( RtlSetGroupSecurityDescriptor( descr, group, defaulted ));
1221}
1222
1223/******************************************************************************
1224 * SetSecurityDescriptorOwner (kernelbase.@)
1225 */
1227{
1228 return set_ntstatus( RtlSetOwnerSecurityDescriptor( descr, owner, defaulted ));
1229}
1230
1231/**************************************************************************
1232 * SetSecurityDescriptorSacl (kernelbase.@)
1233 */
1235{
1236 return set_ntstatus( RtlSetSaclSecurityDescriptor( descr, present, sacl, defaulted ));
1237}
1238
1239
1240/******************************************************************************
1241 * Access control functions
1242 ******************************************************************************/
1243
1244
1245/******************************************************************************
1246 * AccessCheck (kernelbase.@)
1247 */
1249 PPRIVILEGE_SET priv, LPDWORD priv_len, LPDWORD granted, LPBOOL status )
1250{
1251 NTSTATUS access_status;
1252 BOOL ret = set_ntstatus( NtAccessCheck( descr, token, access, mapping, priv, priv_len,
1253 granted, &access_status ));
1254 if (ret) *status = set_ntstatus( access_status );
1255 return ret;
1256}
1257
1258/******************************************************************************
1259 * AccessCheckAndAuditAlarmW (kernelbase.@)
1260 */
1263 PGENERIC_MAPPING mapping, BOOL creation,
1264 LPDWORD granted, LPBOOL status, LPBOOL on_close )
1265{
1266 FIXME( "stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(subsystem),
1267 id, debugstr_w(type_name), debugstr_w(name), descr, access, mapping,
1268 creation, granted, status, on_close );
1269 return TRUE;
1270}
1271
1272/******************************************************************************
1273 * AccessCheckByType (kernelbase.@)
1274 */
1277 PPRIVILEGE_SET priv, LPDWORD priv_len, LPDWORD granted, LPBOOL status )
1278{
1279 FIXME("stub\n");
1280 *status = TRUE;
1281 return !*status;
1282}
1283
1284/******************************************************************************
1285 * AddAccessAllowedAce (kernelbase.@)
1286 */
1288{
1290}
1291
1292/******************************************************************************
1293 * AddAccessAllowedAceEx (kernelbase.@)
1294 */
1296{
1298}
1299
1300/******************************************************************************
1301 * AddAccessAllowedObjectAce (kernelbase.@)
1302 */
1304 GUID *type, GUID *inherit, PSID sid )
1305{
1306 return set_ntstatus( RtlAddAccessAllowedObjectAce( acl, rev, flags, access, type, inherit, sid ));
1307}
1308
1309/******************************************************************************
1310 * AddAccessDeniedAce (kernelbase.@)
1311 */
1313{
1314 return set_ntstatus( RtlAddAccessDeniedAce( acl, rev, access, sid ));
1315}
1316
1317/******************************************************************************
1318 * AddAccessDeniedAceEx (kernelbase.@)
1319 */
1321{
1323}
1324
1325/******************************************************************************
1326 * AddAccessDeniedObjectAce (kernelbase.@)
1327 */
1329 GUID *type, GUID *inherit, PSID sid )
1330{
1331 return set_ntstatus( RtlAddAccessDeniedObjectAce( acl, rev, flags, access, type, inherit, sid ));
1332}
1333
1334/******************************************************************************
1335 * AddAce (kernelbase.@)
1336 */
1338{
1339 return set_ntstatus( RtlAddAce( acl, rev, index, list, len ));
1340}
1341
1342/******************************************************************************
1343 * AddAuditAccessAce (kernelbase.@)
1344 */
1346{
1347 return set_ntstatus( RtlAddAuditAccessAce( acl, rev, access, sid, success, failure ));
1348}
1349
1350/******************************************************************************
1351 * AddAuditAccessAceEx (kernelbase.@)
1352 */
1354 PSID sid, BOOL success, BOOL failure )
1355{
1356 return set_ntstatus( RtlAddAuditAccessAceEx( acl, rev, flags, access, sid, success, failure ));
1357}
1358
1359/******************************************************************************
1360 * AddAuditAccessObjectAce (kernelbase.@)
1361 */
1363 GUID *type, GUID *inherit, PSID sid, BOOL success, BOOL failure )
1364{
1366 type, inherit, sid, success, failure ));
1367}
1368
1369/******************************************************************************
1370 * AddMandatoryAce (kernelbase.@)
1371 */
1373{
1376}
1377
1378/******************************************************************************
1379 * AreAllAccessesGranted (kernelbase.@)
1380 */
1382{
1383 return RtlAreAllAccessesGranted( granted, desired );
1384}
1385
1386/******************************************************************************
1387 * AreAnyAccessesGranted (kernelbase.@)
1388 */
1390{
1391 return RtlAreAnyAccessesGranted( granted, desired );
1392}
1393
1394/******************************************************************************
1395 * DeleteAce (kernelbase.@)
1396 */
1398{
1399 return set_ntstatus( RtlDeleteAce( acl, index ));
1400}
1401
1402/******************************************************************************
1403 * FindFirstFreeAce (kernelbase.@)
1404 */
1406{
1407 return RtlFirstFreeAce( acl, (PACE_HEADER *)ace );
1408}
1409
1410/******************************************************************************
1411 * GetAce (kernelbase.@)
1412 */
1414{
1415 return set_ntstatus( RtlGetAce( acl, index, ace ));
1416}
1417
1418/******************************************************************************
1419 * GetAclInformation (kernelbase.@)
1420 */
1422{
1423 return set_ntstatus( RtlQueryInformationAcl( acl, info, len, class ));
1424}
1425
1426/*************************************************************************
1427 * InitializeAcl (kernelbase.@)
1428 */
1430{
1431 return set_ntstatus( RtlCreateAcl( acl, size, rev ));
1432}
1433
1434/******************************************************************************
1435 * IsValidAcl (kernelbase.@)
1436 */
1438{
1439 return RtlValidAcl( acl );
1440}
1441
1442/******************************************************************************
1443 * MapGenericMask (kernelbase.@)
1444 */
1446{
1448}
1449
1450/******************************************************************************
1451 * ObjectCloseAuditAlarmW (kernelbase.@)
1452 */
1454{
1455 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem), id, on_close );
1456 return TRUE;
1457}
1458
1459/******************************************************************************
1460 * ObjectDeleteAuditAlarmW (kernelbase.@)
1461 */
1463{
1464 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem), id, on_close );
1465 return TRUE;
1466}
1467
1468/******************************************************************************
1469 * ObjectOpenAuditAlarmW (kernelbase.@)
1470 */
1473 DWORD granted, PPRIVILEGE_SET privs, BOOL creation,
1474 BOOL access, LPBOOL on_close )
1475{
1476 FIXME( "stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_w(subsystem),
1477 id, debugstr_w(type), debugstr_w(name), descr, token, desired, granted,
1478 privs, creation, access, on_close );
1479 return TRUE;
1480}
1481
1482/******************************************************************************
1483 * ObjectPrivilegeAuditAlarmW (kernelbase.@)
1484 */
1486 DWORD desired, PPRIVILEGE_SET privs, BOOL granted )
1487{
1488 FIXME( "stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_w(subsystem), id, token, desired, privs, granted );
1489 return TRUE;
1490}
1491
1492/******************************************************************************
1493 * PrivilegedServiceAuditAlarmW (kernelbase.@)
1494 */
1496 PPRIVILEGE_SET privs, BOOL granted )
1497{
1498 FIXME( "stub %s,%s,%p,%p,%x)\n", debugstr_w(subsystem), debugstr_w(service), token, privs, granted );
1499 return TRUE;
1500}
1501
1502/******************************************************************************
1503 * SetAclInformation (kernelbase.@)
1504 */
1506{
1507 FIXME( "%p %p 0x%08lx 0x%08x - stub\n", acl, info, len, class );
1508 return TRUE;
1509}
1510
1511/******************************************************************************
1512 * SetCachedSigningLevel (kernelbase.@)
1513 */
1515{
1516 FIXME( "%p %lu %lu %p - stub\n", source, count, flags, file );
1517 return TRUE;
1518}
unsigned char BOOLEAN
Type
Definition: Type.h:7
NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on an object.
Definition: accesschk.c:2214
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
static struct sockaddr_in sa
Definition: adnsresfilter.c:69
WINBASEAPI _Check_return_ _Out_ AppPolicyProcessTerminationMethod * policy
Definition: appmodel.h:47
static void * heap_alloc(size_t len)
Definition: appwiz.h:66
static BOOL heap_free(void *mem)
Definition: appwiz.h:76
TOKEN_TYPE
Definition: asmpp.cpp:29
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
Definition: precomp.h:23
int rev
Definition: sort.c:17
LONG NTSTATUS
Definition: precomp.h:26
#define ARRAY_SIZE(A)
Definition: main.h:20
#define FIXME(fmt,...)
Definition: precomp.h:53
static HANDLE thread
Definition: service.c:33
FT_UInt sid
Definition: cffcmap.c:139
Definition: list.h:37
Definition: _set.h:50
#define STATUS_NO_MEMORY
Definition: d3dkmdt.h:51
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13
#define ERROR_SUCCESS
Definition: deptool.c:10
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:374
BOOL WINAPI GetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:1194
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:411
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
Definition: security.c:2066
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:294
static const WELLKNOWNRID WellKnownRids[]
Definition: security.c:109
BOOL WINAPI CreateRestrictedToken(_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
Creates a filtered token that is a restricted one of the regular access token. A restricted token can...
Definition: security.c:533
BOOL WINAPI SetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:2471
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3919
BOOL WINAPI SetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
Definition: security.c:437
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:862
BOOL WINAPI EqualPrefixSid(PSID pSid1, PSID pSid2)
Definition: security.c:841
BOOL WINAPI ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:1631
BOOL WINAPI AddAccessDeniedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:1114
BOOL WINAPI AddAce(PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
Definition: security.c:1141
BOOL WINAPI AccessCheckByType(_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ DWORD DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ DWORD ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ LPDWORD PrivilegeSetLength, _Out_ LPDWORD GrantedAccess, _Out_ LPBOOL AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: security.c:1767
BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
Definition: security.c:1166
BOOL WINAPI MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
Definition: security.c:950
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:896
BOOL WINAPI SetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: security.c:1509
BOOL WINAPI SetThreadToken(IN PHANDLE ThreadHandle OPTIONAL, IN HANDLE TokenHandle)
Definition: security.c:461
BOOL WINAPI AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
Definition: security.c:674
struct WELLKNOWNRID WELLKNOWNRID
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:852
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:819
BOOL WINAPI AreAnyAccessesGranted(DWORD GrantedAccess, DWORD DesiredAccess)
Definition: security.c:2544
BOOL WINAPI IsWellKnownSid(IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType)
Definition: security.c:796
BOOL WINAPI CopySid(DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
Definition: security.c:712
BOOL WINAPI AddAuditAccessAce(PACL pAcl, DWORD dwAceRevision, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
Definition: security.c:1951
BOOL WINAPI AllocateLocallyUniqueId(PLUID Luid)
Definition: security.c:1218
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:908
BOOL WINAPI GetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:987
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:1006
BOOL WINAPI ImpersonateNamedPipeClient(HANDLE hNamedPipe)
Definition: security.c:1024
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:929
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1039
BOOL WINAPI AddAccessAllowedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:1063
DWORD WINAPI GetLengthSid(PSID pSid)
Definition: security.c:919
static const WELLKNOWNSID WellKnownSids[]
Definition: security.c:45
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
Definition: security.c:336
PVOID WINAPI FreeSid(PSID pSid)
Definition: security.c:698
struct WELLKNOWNSID WELLKNOWNSID
BOOL WINAPI GetWindowsAccountDomainSid(PSID sid, PSID domain_sid, DWORD *size)
Definition: security.c:4136
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:829
BOOL WINAPI AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT LPDWORD PrivilegeSetLength, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus)
Definition: security.c:1650
static __inline BOOL set_ntstatus(NTSTATUS status)
Definition: security.c:227
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3859
static const char * debugstr_sid(PSID sid)
Definition: security.c:174
BOOL WINAPI AdjustTokenGroups(HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState, DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength)
Definition: security.c:346
BOOL WINAPI GetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:1404
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority(PSID pSid)
Definition: security.c:885
BOOL WINAPI AreAllAccessesGranted(DWORD GrantedAccess, DWORD DesiredAccess)
Definition: security.c:2532
BOOL WINAPI EqualDomainSid(IN PSID pSid1, IN PSID pSid2, OUT BOOL *pfEqual)
Definition: security.c:4184
BOOL WINAPI FindFirstFreeAce(PACL pAcl, LPVOID *pAce)
Definition: security.c:1176
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
Definition: security.c:1186
BOOL WINAPI AddAccessDeniedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1090
BOOL WINAPI AddAuditAccessAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
Definition: security.c:1979
BOOL WINAPI SetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: security.c:1928
BOOL WINAPI CreateWellKnownSid(IN WELL_KNOWN_SID_TYPE WellKnownSidType, IN PSID DomainSid OPTIONAL, OUT PSID pSid, IN OUT DWORD *cbSid)
Definition: security.c:722
struct _MAX_SID MAX_SID
BOOL WINAPI IsValidAcl(PACL pAcl)
Definition: security.c:1209
const char * wine_dbg_sprintf(const char *format,...)
Definition: compat.c:296
#define CloseHandle
Definition: compat.h:739
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
#define SetLastError(x)
Definition: compat.h:752
@ ThreadImpersonationToken
Definition: compat.h:940
#define GetCurrentProcess()
Definition: compat.h:759
#define FILE_SHARE_READ
Definition: compat.h:136
static NTSTATUS open_file(LPCWSTR name, DWORD access, HANDLE *file)
Definition: security.c:143
BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR subsystem, LPVOID id, LPWSTR type_name, LPWSTR name, PSECURITY_DESCRIPTOR descr, DWORD access, PGENERIC_MAPPING mapping, BOOL creation, LPDWORD granted, LPBOOL status, LPBOOL on_close)
Definition: security.c:1261
BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR descr, PSID group, BOOL defaulted)
Definition: security.c:1218
BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR descr, PSID owner, BOOL defaulted)
Definition: security.c:1226
BOOL WINAPI SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR descr, SECURITY_DESCRIPTOR_CONTROL mask, SECURITY_DESCRIPTOR_CONTROL set)
Definition: security.c:1201
HANDLE WINAPI CreateBoundaryDescriptorW(LPCWSTR name, ULONG flags)
Definition: security.c:918
BOOL WINAPI CheckTokenMembership(HANDLE token, PSID sid_to_check, PBOOL is_member)
Definition: security.c:550
BOOL WINAPI SetCachedSigningLevel(PHANDLE source, ULONG count, ULONG flags, HANDLE file)
Definition: security.c:1514
BOOL WINAPI CreatePrivateObjectSecurity(PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, PSECURITY_DESCRIPTOR *descr, BOOL is_container, HANDLE token, PGENERIC_MAPPING mapping)
Definition: security.c:927
BOOL WINAPI ImpersonateAnonymousToken(HANDLE thread)
Definition: security.c:736
BOOL WINAPI GetPrivateObjectSecurity(PSECURITY_DESCRIPTOR obj_descr, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR ret_descr, DWORD len, PDWORD ret_len)
Definition: security.c:1003
BOOL WINAPI PrivilegedServiceAuditAlarmW(LPCWSTR subsystem, LPCWSTR service, HANDLE token, PPRIVILEGE_SET privs, BOOL granted)
Definition: security.c:1495
BOOL WINAPI ConvertToAutoInheritPrivateObjectSecurity(PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR current, PSECURITY_DESCRIPTOR *descr, GUID *type, BOOL is_dir, PGENERIC_MAPPING mapping)
Definition: security.c:906
BOOL WINAPI SetPrivateObjectSecurity(SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr, PSECURITY_DESCRIPTOR *obj_descr, PGENERIC_MAPPING mapping, HANDLE token)
Definition: security.c:1179
BOOL WINAPI AddAccessDeniedObjectAce(PACL acl, DWORD rev, DWORD flags, DWORD access, GUID *type, GUID *inherit, PSID sid)
Definition: security.c:1328
BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance(PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, PSECURITY_DESCRIPTOR *descr, GUID **types, ULONG count, BOOL is_container, ULONG flags, HANDLE token, PGENERIC_MAPPING mapping)
Definition: security.c:947
BOOL WINAPI ImpersonateLoggedOnUser(HANDLE token)
Definition: security.c:745
BOOL WINAPI AddAuditAccessObjectAce(PACL acl, DWORD rev, DWORD flags, DWORD access, GUID *type, GUID *inherit, PSID sid, BOOL success, BOOL failure)
Definition: security.c:1362
BOOL WINAPI IsValidSecurityDescriptor(PSECURITY_DESCRIPTOR descr)
Definition: security.c:1116
BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR subsystem, LPVOID id, BOOL on_close)
Definition: security.c:1462
void WINAPI MapGenericMask(PDWORD access, PGENERIC_MAPPING mapping)
Definition: security.c:1445
BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR subsystem, LPVOID id, BOOL on_close)
Definition: security.c:1453
BOOL WINAPI SetPrivateObjectSecurityEx(SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr, PSECURITY_DESCRIPTOR *obj_descr, ULONG flags, PGENERIC_MAPPING mapping, HANDLE token)
Definition: security.c:1190
BOOL WINAPI IsTokenRestricted(HANDLE token)
Definition: security.c:793
BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR subsystem, LPVOID id, LPWSTR type, LPWSTR name, PSECURITY_DESCRIPTOR descr, HANDLE token, DWORD desired, DWORD granted, PPRIVILEGE_SET privs, BOOL creation, BOOL access, LPBOOL on_close)
Definition: security.c:1471
BOOL WINAPI SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR descr, BOOL present, PACL sacl, BOOL defaulted)
Definition: security.c:1234
BOOL WINAPI RevertToSelf(void)
Definition: security.c:855
BOOL WINAPI DestroyPrivateObjectSecurity(PSECURITY_DESCRIPTOR *descr)
Definition: security.c:961
BOOL WINAPI AddAccessAllowedObjectAce(PACL acl, DWORD rev, DWORD flags, DWORD access, GUID *type, GUID *inherit, PSID sid)
Definition: security.c:1303
BOOL WINAPI ObjectPrivilegeAuditAlarmW(LPCWSTR subsystem, LPVOID id, HANDLE token, DWORD desired, PPRIVILEGE_SET privs, BOOL granted)
Definition: security.c:1485
DWORD WINAPI GetSecurityDescriptorLength(PSECURITY_DESCRIPTOR descr)
Definition: security.c:1076
BOOL WINAPI CreatePrivateObjectSecurityEx(PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, PSECURITY_DESCRIPTOR *descr, GUID *type, BOOL is_container, ULONG flags, HANDLE token, PGENERIC_MAPPING mapping)
Definition: security.c:937
BOOL WINAPI AddMandatoryAce(PACL acl, DWORD rev, DWORD flags, DWORD policy, PSID sid)
Definition: security.c:1372
return ret
Definition: mutex.c:146
r parent
Definition: btrfs.c:3010
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
#define FILE_OPEN
Definition: from_kernel.h:54
#define FILE_OPEN_FOR_BACKUP_INTENT
Definition: from_kernel.h:42
GLint level
Definition: gl.h:1546
GLuint GLuint GLsizei count
Definition: gl.h:1545
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
GLboolean reset
Definition: glext.h:5666
GLuint res
Definition: glext.h:9613
GLsizei GLuint * groups
Definition: glext.h:11113
GLsizeiptr size
Definition: glext.h:5919
GLuint index
Definition: glext.h:6031
GLenum GLint GLuint mask
Definition: glext.h:6028
GLbitfield flags
Definition: glext.h:7161
GLuint GLsizei GLsizei * length
Definition: glext.h:6040
GLboolean GLuint group
Definition: glext.h:11120
GLuint GLint GLboolean GLint GLenum access
Definition: glext.h:7866
GLuint64EXT * result
Definition: glext.h:11304
GLenum GLenum GLenum GLenum mapping
Definition: glext.h:9031
GLenum GLsizei len
Definition: glext.h:6722
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define OBJ_INHERIT
Definition: winternl.h:225
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)
NTSYSAPI NTSTATUS WINAPI RtlNewSecurityObjectWithMultipleInheritance(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, GUID **, ULONG, BOOLEAN, ULONG, HANDLE, PGENERIC_MAPPING)
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationAcl(PACL, LPVOID, DWORD, ACL_INFORMATION_CLASS)
NTSYSAPI NTSTATUS WINAPI RtlConvertToAutoInheritSecurityObject(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, GUID *, BOOL, PGENERIC_MAPPING)
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSYSAPI NTSTATUS WINAPI RtlNewSecurityObjectEx(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, GUID *, BOOLEAN, ULONG, HANDLE, PGENERIC_MAPPING)
NTSYSAPI NTSTATUS WINAPI RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PDWORD, PACL, PDWORD, PACL, PDWORD, PSID, PDWORD, PSID, PDWORD)
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
NTSYSAPI NTSTATUS WINAPI RtlDosPathNameToNtPathName_U_WithStatus(PCWSTR, PUNICODE_STRING, PWSTR *, CURDIR *)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
int desired
Definition: jpeglib.h:1119
#define debugstr_w
Definition: kernel32.h:32
#define dup
Definition: syshdrs.h:51
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
@ SecurityImpersonation
Definition: lsa.idl:57
WORD * PSECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
struct task_struct * current
Definition: linux.c:32
#define FILE_FLAG_BACKUP_SEMANTICS
Definition: disk.h:41
@ TokenImpersonation
Definition: imports.h:274
@ TokenPrimary
Definition: imports.h:273
static PSID pSid
Definition: security.c:74
static const WCHAR desc[]
Definition: protectdata.c:36
static JOBOBJECTINFOCLASS LPVOID DWORD LPDWORD ret_len
Definition: process.c:79
static HANDLE PIO_APC_ROUTINE PVOID PIO_STATUS_BLOCK io
Definition: file.c:100
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
static char * dest
Definition: rtl.c:135
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
int disable
Definition: msacm.c:1365
NTSYSAPI NTSTATUS NTAPI RtlAddAce(_Inout_ PACL Acl, _In_ ULONG AceRevision, _In_ ULONG StartingAceIndex, _In_reads_bytes_(AceListLength) PVOID AceList, _In_ ULONG AceListLength)
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSYSAPI NTSTATUS NTAPI RtlGetControlSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PSECURITY_DESCRIPTOR_CONTROL Control, _Out_ PULONG Revision)
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
NTSYSAPI NTSTATUS NTAPI RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: priv.c:45
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
NTSYSAPI NTSTATUS NTAPI RtlNewSecurityObject(_In_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_ PSECURITY_DESCRIPTOR CreatorDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_ BOOLEAN IsDirectoryObject, _In_ HANDLE Token, _In_ PGENERIC_MAPPING GenericMapping)
NTSYSAPI NTSTATUS NTAPI RtlSetControlSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet)
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI NTSTATUS NTAPI RtlAddMandatoryAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ULONG MandatoryFlags, _In_ UCHAR AceType, _In_ PSID LabelSid)
NTSYSAPI NTSTATUS NTAPI RtlDeleteSecurityObject(_In_ PSECURITY_DESCRIPTOR *ObjectDescriptor)
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedObjectAce(_Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid)
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid(PSID Sid1, PSID Sid2)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1157
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessObjectAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlMakeSelfRelativeSD(_In_ PSECURITY_DESCRIPTOR AbsoluteSD, _Out_ PSECURITY_DESCRIPTOR SelfRelativeSD, _Inout_ PULONG BufferLength)
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlDeleteAce(PACL Acl, ULONG AceIndex)
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: sd.c:1054
NTSYSAPI BOOLEAN NTAPI RtlFirstFreeAce(PACL Acl, PACE *Ace)
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedObjectAce(_Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid)
NTSYSAPI BOOLEAN NTAPI RtlAreAllAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)
NTSYSAPI BOOLEAN NTAPI RtlAreAnyAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
#define SE_GROUP_ENABLED
Definition: setypes.h:92
#define FILE_SHARE_WRITE
Definition: nt_native.h:681
#define SYNCHRONIZE
Definition: nt_native.h:61
#define WRITE_DAC
Definition: nt_native.h:59
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
#define READ_CONTROL
Definition: nt_native.h:58
#define WRITE_OWNER
Definition: nt_native.h:60
NTSTATUS NTAPI NtCreateFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength)
NTSYSAPI NTSTATUS NTAPI NtFsControlFile(IN HANDLE hFile, IN HANDLE hEvent OPTIONAL, IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL, IN PVOID IoApcContext OPTIONAL, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG DeviceIoControlCode, IN PVOID InBuffer OPTIONAL, IN ULONG InBufferLength, OUT PVOID OutBuffer OPTIONAL, IN ULONG OutBufferLength)
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted)
Definition: sd.c:280
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
Definition: sd.c:257
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:348
NTSTATUS NTAPI NtSetInformationThread(IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength)
Definition: query.c:2074
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350
NTSTATUS NTAPI NtPrivilegeCheck(_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
Checks a client access token if it has the required set of privileges.
Definition: priv.c:868
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2474
NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
Definition: token.c:2612
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
#define STATUS_NOT_ALL_ASSIGNED
Definition: ntstatus.h:85
#define STATUS_INVALID_SECURITY_DESCR
Definition: ntstatus.h:357
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803
DWORD * PDWORD
Definition: pedump.c:68
#define FSCTL_PIPE_IMPERSONATE
Definition: winioctl.h:734
#define warn(...)
#define equal(x, y)
Definition: reader.cc:56
#define offsetof(TYPE, MEMBER)
#define exit(n)
Definition: config.h:202
const char * descr
Definition: boot.c:45
BOOL WINAPI GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
Definition: sec.c:21
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76
BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted)
Definition: sec.c:262
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
BOOL WINAPI MakeSelfRelativeSD(PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, LPDWORD lpdwBufferLength)
Definition: sec.c:214
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103
#define STATUS_SUCCESS
Definition: shellext.h:65
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
#define TRACE(s)
Definition: solgame.cpp:4
DWORD Rid
Definition: security.c:106
WELL_KNOWN_SID_TYPE Type
Definition: security.c:105
MAX_SID Sid
Definition: security.c:42
WELL_KNOWN_SID_TYPE Type
Definition: security.c:41
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: security.c:34
BYTE SubAuthorityCount
Definition: security.c:33
BYTE Revision
Definition: security.c:32
DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES]
Definition: security.c:35
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
BYTE Revision
Definition: ms-dtyp.idl:199
DWORD SubAuthority[*]
Definition: ms-dtyp.idl:202
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: ms-dtyp.idl:201
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1030
$ULONG GroupCount
Definition: setypes.h:1026
$ULONG PrivilegeCount
Definition: setypes.h:1035
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:1036
Definition: cookie.c:202
Definition: dialog.c:52
Definition: security.c:35
Definition: cookie.c:42
Definition: fci.c:127
Definition: name.c:39
Definition: ps.c:97
Definition: cmds.c:130
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
Removes a certain amount of privileges of a token based upon the request by the caller.
Definition: tokenadj.c:451
NTSTATUS NTAPI NtAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
Changes the list of groups by enabling or disabling them in an access token. Unlike NtAdjustPrivilege...
Definition: tokenadj.c:695
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Sets (modifies) some specific information in regard of an access token. The calling thread must have ...
Definition: tokencls.c:1125
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
Definition: tokenlif.c:2075
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869
uint32_t * LPDWORD
Definition: typedefs.h:59
unsigned char * PUCHAR
Definition: typedefs.h:53
uint32_t ULONG
Definition: typedefs.h:59
wchar_t tm const _CrtWcstime_Writes_and_advances_ptr_ count wchar_t ** out
Definition: wcsftime.cpp:383
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:413
#define success(from, fromstr, to, tostr)
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
HANDLE WINAPI GetCurrentThread(void)
Definition: proc.c:1148
#define CopyMemory
Definition: winbase.h:1751
BOOL * LPBOOL
Definition: windef.h:162
BOOL * PBOOL
Definition: windef.h:161
#define WINAPI
Definition: msvc.h:6
#define ERROR_NON_DOMAIN_SID
Definition: winerror.h:1091
#define ERROR_NO_IMPERSONATION_TOKEN
Definition: winerror.h:1137
#define ERROR_INVALID_SID
Definition: winerror.h:1165
enum _ACL_INFORMATION_CLASS ACL_INFORMATION_CLASS
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:563
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:653
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:654
#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS
Definition: setypes.h:666
#define DOMAIN_GROUP_RID_SCHEMA_ADMINS
Definition: setypes.h:645
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:581
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:631
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define SECURITY_LOGON_IDS_RID
Definition: setypes.h:560
#define SECURITY_LOCAL_SID_AUTHORITY
Definition: setypes.h:530
#define SECURITY_LOCAL_RID
Definition: setypes.h:542
#define SECURITY_DIALUP_RID
Definition: setypes.h:556
#define SECURITY_SERVICE_RID
Definition: setypes.h:562
#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS
Definition: setypes.h:672
#define TOKEN_DUPLICATE
Definition: setypes.h:938
#define SECURITY_PROXY_RID
Definition: setypes.h:564
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:559
#define SECURITY_MANDATORY_SYSTEM_RID
Definition: setypes.h:687
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:527
#define DOMAIN_GROUP_RID_CONTROLLERS
Definition: setypes.h:643
#define DOMAIN_GROUP_RID_COMPUTERS
Definition: setypes.h:642
#define SECURITY_WORLD_RID
Definition: setypes.h:541
#define SECURITY_CREATOR_GROUP_SERVER_RID
Definition: setypes.h:548
#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS
Definition: setypes.h:665
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
Definition: setypes.h:658
#define DOMAIN_ALIAS_RID_MONITORING_USERS
Definition: setypes.h:669
#define DOMAIN_GROUP_RID_POLICY_ADMINS
Definition: setypes.h:647
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104
#define SECURITY_MANDATORY_LABEL_AUTHORITY
Definition: setypes.h:682
#define TOKEN_QUERY
Definition: setypes.h:940
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:574
#define SECURITY_APP_PACKAGE_AUTHORITY
Definition: setypes.h:756
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:568
#define DOMAIN_GROUP_RID_GUESTS
Definition: setypes.h:641
#define DOMAIN_ALIAS_RID_LOGGING_USERS
Definition: setypes.h:670
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define SECURITY_PACKAGE_NTLM_RID
Definition: setypes.h:587
#define SECURITY_NULL_RID
Definition: setypes.h:540
#define SECURITY_CREATOR_OWNER_RIGHTS_RID
Definition: setypes.h:549
#define SECURITY_PACKAGE_BASE_RID
Definition: setypes.h:585
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:657
#define SECURITY_RESTRICTED_CODE_RID
Definition: setypes.h:569
#define DOMAIN_USER_RID_GUEST
Definition: setypes.h:632
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
#define DOMAIN_ALIAS_RID_RAS_SERVERS
Definition: setypes.h:663
#define SECURITY_PACKAGE_DIGEST_RID
Definition: setypes.h:589
#define DOMAIN_GROUP_RID_CERT_ADMINS
Definition: setypes.h:644
#define SECURITY_TERMINAL_SERVER_RID
Definition: setypes.h:570
#define DOMAIN_ALIAS_RID_BACKUP_OPS
Definition: setypes.h:660
@ TokenDefaultDacl
Definition: setypes.h:983
@ TokenGroupsAndPrivileges
Definition: setypes.h:990
@ TokenSource
Definition: setypes.h:984
@ TokenStatistics
Definition: setypes.h:987
@ TokenImpersonationLevel
Definition: setypes.h:986
@ TokenSandBoxInert
Definition: setypes.h:992
@ TokenRestrictedSids
Definition: setypes.h:988
@ TokenGroups
Definition: setypes.h:979
@ TokenPrivileges
Definition: setypes.h:980
@ TokenUser
Definition: setypes.h:978
@ TokenPrimaryGroup
Definition: setypes.h:982
@ TokenSessionId
Definition: setypes.h:989
@ TokenSessionReference
Definition: setypes.h:991
@ TokenElevation
Definition: setypes.h:997
@ TokenElevationType
Definition: setypes.h:995
@ TokenOwner
Definition: setypes.h:981
@ TokenLinkedToken
Definition: setypes.h:996
#define SECURITY_BATCH_RID
Definition: setypes.h:558
#define SECURITY_MANDATORY_HIGH_RID
Definition: setypes.h:686
#define DOMAIN_ALIAS_RID_PRINT_OPS
Definition: setypes.h:659
#define SECURITY_CREATOR_OWNER_SERVER_RID
Definition: setypes.h:547
#define DOMAIN_ALIAS_RID_REPLICATOR
Definition: setypes.h:662
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:575
#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS
Definition: setypes.h:671
#define SECURITY_OTHER_ORGANIZATION_RID
Definition: setypes.h:619
#define SECURITY_THIS_ORGANIZATION_RID
Definition: setypes.h:572
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:741
#define SECURITY_PRINCIPAL_SELF_RID
Definition: setypes.h:567
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
* PSID_IDENTIFIER_AUTHORITY
Definition: setypes.h:464
#define SECURITY_CREATOR_OWNER_RID
Definition: setypes.h:545
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:655
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
Definition: setypes.h:646
#define TOKEN_IMPERSONATE
Definition: setypes.h:939
#define SECURITY_NULL_SID_AUTHORITY
Definition: setypes.h:524
#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS
Definition: setypes.h:664
#define SECURITY_PACKAGE_SCHANNEL_RID
Definition: setypes.h:588
#define SECURITY_APP_PACKAGE_BASE_RID
Definition: setypes.h:757
#define SECURITY_ENTERPRISE_CONTROLLERS_RID
Definition: setypes.h:565
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:482
#define SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE
Definition: setypes.h:766
#define SECURITY_NETWORK_RID
Definition: setypes.h:557
#define SECURITY_LOGON_IDS_RID_COUNT
Definition: setypes.h:561
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:576
WELL_KNOWN_SID_TYPE
Definition: setypes.h:455
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define DOMAIN_USER_RID_KRBTGT
Definition: setypes.h:633
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:652
#define DOMAIN_GROUP_RID_ADMINS
Definition: setypes.h:639
#define SID_REVISION
Definition: setypes.h:481
#define SECURITY_CREATOR_SID_AUTHORITY
Definition: setypes.h:533
#define SECURITY_MANDATORY_MEDIUM_RID
Definition: setypes.h:685
#define SECURITY_MANDATORY_LOW_RID
Definition: setypes.h:684
#define SECURITY_REMOTE_LOGON_RID
Definition: setypes.h:571
#define SECURITY_CREATOR_GROUP_RID
Definition: setypes.h:546
#define DOMAIN_ALIAS_RID_DCOM_USERS
Definition: setypes.h:673
#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS
Definition: setypes.h:667
#define DOMAIN_GROUP_RID_USERS
Definition: setypes.h:640
unsigned char UCHAR
Definition: xmlstorage.h:181
WCHAR * LPWSTR
Definition: xmlstorage.h:184
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
unsigned char BYTE
Definition: xxhash.c:193