search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
riched20: Return paragraph ptrs from the remaining table insert functions.
[wine.git] / dlls / kernelbase / security.c
blob97943048b0164c546604f9aa2e5105ff7a2b8a3d
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 *
20 */
21
22 #include <stdarg.h>
23 #include <string.h>
24
25 #include "ntstatus.h"
26 #define WIN32_NO_STATUS
27 #include "windef.h"
28 #include "winbase.h"
29 #include "winerror.h"
30 #include "winternl.h"
31 #include "winioctl.h"
32
33 #include "kernelbase.h"
34 #include "wine/debug.h"
35 #include "wine/heap.h"
36
37 WINE_DEFAULT_DEBUG_CHANNEL(security);
38
39
40 /******************************************************************************
41 * SID functions
42 ******************************************************************************/
43
44 typedef struct _MAX_SID
45 {
46 /* same fields as struct _SID */
47 BYTE Revision;
48 BYTE SubAuthorityCount;
49 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
50 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
51 } MAX_SID;
52
53 typedef struct WELLKNOWNSID
54 {
55 WELL_KNOWN_SID_TYPE Type;
56 MAX_SID Sid;
57 } WELLKNOWNSID;
58
59 static const WELLKNOWNSID WellKnownSids[] =
60 {
61 { WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
62 { WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
63 { WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
64 { WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
65 { WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
66 { WinCreatorOwnerRightsSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RIGHTS_RID } } },
67 { WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
68 { WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
69 { WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
70 { WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
71 { WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
72 { WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
73 { WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
74 { WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
75 { WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
76 { WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
77 { WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
78 { WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
79 { WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
80 { WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
81 { WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
82 { WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
83 { WinLogonIdsSid, { SID_REVISION, SECURITY_LOGON_IDS_RID_COUNT, { SECURITY_NT_AUTHORITY }, { SECURITY_LOGON_IDS_RID } } },
84 { WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
85 { WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
86 { WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
87 { WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
88 { WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
89 { WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
90 { WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
91 { WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
92 { WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
93 { WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
94 { WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
95 { WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
96 { WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
97 { WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
98 { WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
99 { WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
100 { WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
101 { WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
102 { WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
103 { WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
104 { WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
105 { WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
106 { WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
107 { WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
108 { WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
109 { WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
110 { WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
111 { WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
112 { WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
113 { WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
114 { WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
115 { WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
116 };
117
118 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
119 typedef struct WELLKNOWNRID
120 {
121 WELL_KNOWN_SID_TYPE Type;
122 DWORD Rid;
123 } WELLKNOWNRID;
124
125 static const WELLKNOWNRID WellKnownRids[] =
126 {
127 { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
128 { WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
129 { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
130 { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
131 { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
132 { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
133 { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
134 { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
135 { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
136 { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
137 { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
138 { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
139 { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
140 };
141
142 static const SID world_sid = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
143 static const DWORD world_access_acl_size = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(world_sid) - sizeof(DWORD);
144
145 static void get_world_access_acl( PACL acl )
146 {
147 PACCESS_ALLOWED_ACE ace = (PACCESS_ALLOWED_ACE)(acl + 1);
148
149 acl->AclRevision = ACL_REVISION;
150 acl->Sbz1 = 0;
151 acl->AclSize = world_access_acl_size;
152 acl->AceCount = 1;
153 acl->Sbz2 = 0;
154 ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
155 ace->Header.AceFlags = CONTAINER_INHERIT_ACE;
156 ace->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(world_sid) - sizeof(DWORD);
157 ace->Mask = 0xf3ffffff; /* Everything except reserved bits */
158 memcpy( &ace->SidStart, &world_sid, sizeof(world_sid) );
159 }
160
161
162 static NTSTATUS open_file( LPCWSTR name, DWORD access, HANDLE *file )
163 {
164 UNICODE_STRING file_nameW;
165 OBJECT_ATTRIBUTES attr;
166 IO_STATUS_BLOCK io;
167 NTSTATUS status;
168
169 if ((status = RtlDosPathNameToNtPathName_U_WithStatus( name, &file_nameW, NULL, NULL ))) return status;
170 attr.Length = sizeof(attr);
171 attr.RootDirectory = 0;
172 attr.Attributes = OBJ_CASE_INSENSITIVE;
173 attr.ObjectName = &file_nameW;
174 attr.SecurityDescriptor = NULL;
175 status = NtCreateFile( file, access|SYNCHRONIZE, &attr, &io, NULL, FILE_FLAG_BACKUP_SEMANTICS,
176 FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN,
177 FILE_OPEN_FOR_BACKUP_INTENT, NULL, 0 );
178 RtlFreeUnicodeString( &file_nameW );
179 return status;
180 }
181
182 static const char *debugstr_sid( PSID sid )
183 {
184 int auth;
185 SID * psid = sid;
186
187 if (psid == NULL) return "(null)";
188
189 auth = psid->IdentifierAuthority.Value[5] +
190 (psid->IdentifierAuthority.Value[4] << 8) +
191 (psid->IdentifierAuthority.Value[3] << 16) +
192 (psid->IdentifierAuthority.Value[2] << 24);
193
194 switch (psid->SubAuthorityCount) {
195 case 0:
196 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
197 case 1:
198 return wine_dbg_sprintf("S-%d-%d-%u", psid->Revision, auth,
199 psid->SubAuthority[0]);
200 case 2:
201 return wine_dbg_sprintf("S-%d-%d-%u-%u", psid->Revision, auth,
202 psid->SubAuthority[0], psid->SubAuthority[1]);
203 case 3:
204 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u", psid->Revision, auth,
205 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
206 case 4:
207 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u", psid->Revision, auth,
208 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
209 psid->SubAuthority[3]);
210 case 5:
211 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u", psid->Revision, auth,
212 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
213 psid->SubAuthority[3], psid->SubAuthority[4]);
214 case 6:
215 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
216 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
217 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
218 case 7:
219 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
220 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
221 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
222 psid->SubAuthority[6]);
223 case 8:
224 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
225 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
226 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
227 psid->SubAuthority[6], psid->SubAuthority[7]);
228 }
229 return "(too-big)";
230 }
231
232 /******************************************************************************
233 * AllocateAndInitializeSid (kernelbase.@)
234 */
235 BOOL WINAPI AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY auth, BYTE count,
236 DWORD auth0, DWORD auth1, DWORD auth2, DWORD auth3,
237 DWORD auth4, DWORD auth5, DWORD auth6, DWORD auth7, PSID *sid )
238 {
239 return set_ntstatus( RtlAllocateAndInitializeSid( auth, count, auth0, auth1, auth2, auth3,
240 auth4, auth5, auth6, auth7, sid ));
241 }
242
243 /***********************************************************************
244 * AllocateLocallyUniqueId (kernelbase.@)
245 */
246 BOOL WINAPI AllocateLocallyUniqueId( PLUID luid )
247 {
248 return set_ntstatus( NtAllocateLocallyUniqueId( luid ));
249 }
250
251 /******************************************************************************
252 * CopySid (kernelbase.@)
253 */
254 BOOL WINAPI CopySid( DWORD len, PSID dest, PSID source )
255 {
256 return RtlCopySid( len, dest, source );
257 }
258
259 /******************************************************************************
260 * EqualPrefixSid (kernelbase.@)
261 */
262 BOOL WINAPI EqualPrefixSid( PSID sid1, PSID sid2 )
263 {
264 return RtlEqualPrefixSid( sid1, sid2 );
265 }
266
267 /******************************************************************************
268 * EqualSid (kernelbase.@)
269 */
270 BOOL WINAPI EqualSid( PSID sid1, PSID sid2 )
271 {
272 BOOL ret = RtlEqualSid( sid1, sid2 );
273 SetLastError(ERROR_SUCCESS);
274 return ret;
275 }
276
277 /******************************************************************************
278 * EqualDomainSid (kernelbase.@)
279 */
280 BOOL WINAPI EqualDomainSid( PSID sid1, PSID sid2, BOOL *equal )
281 {
282 MAX_SID builtin_sid, domain_sid1, domain_sid2;
283 DWORD size;
284
285 TRACE( "(%p,%p,%p)\n", sid1, sid2, equal );
286
287 if (!IsValidSid( sid1 ) || !IsValidSid( sid2 ))
288 {
289 SetLastError( ERROR_INVALID_SID );
290 return FALSE;
291 }
292
293 if (!equal)
294 {
295 SetLastError( ERROR_INVALID_PARAMETER );
296 return FALSE;
297 }
298
299 size = sizeof(domain_sid1);
300 if (GetWindowsAccountDomainSid( sid1, &domain_sid1, &size ))
301 {
302 size = sizeof(domain_sid2);
303 if (GetWindowsAccountDomainSid( sid2, &domain_sid2, &size ))
304 {
305 *equal = EqualSid( &domain_sid1, &domain_sid2 );
306 SetLastError( 0 );
307 return TRUE;
308 }
309 }
310
311 size = sizeof(builtin_sid);
312 if (!CreateWellKnownSid( WinBuiltinDomainSid, NULL, &builtin_sid, &size ))
313 return FALSE;
314
315 if (!memcmp(GetSidIdentifierAuthority( sid1 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)) &&
316 !memcmp(GetSidIdentifierAuthority( sid2 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)))
317 {
318 if (*GetSidSubAuthorityCount( sid1 ) != 0 && *GetSidSubAuthorityCount( sid2 ) != 0 &&
319 (*GetSidSubAuthority( sid1, 0 ) == SECURITY_BUILTIN_DOMAIN_RID ||
320 *GetSidSubAuthority( sid2, 0 ) == SECURITY_BUILTIN_DOMAIN_RID))
321 {
322 *equal = EqualSid( sid1, sid2 );
323 SetLastError( 0 );
324 return TRUE;
325 }
326 }
327
328 SetLastError( ERROR_NON_DOMAIN_SID );
329 return FALSE;
330 }
331
332 /******************************************************************************
333 * FreeSid (kernelbase.@)
334 */
335 void * WINAPI FreeSid( PSID pSid )
336 {
337 RtlFreeSid(pSid);
338 return NULL; /* is documented like this */
339 }
340
341 /******************************************************************************
342 * GetLengthSid (kernelbase.@)
343 */
344 DWORD WINAPI GetLengthSid( PSID sid )
345 {
346 return RtlLengthSid( sid );
347 }
348
349 /******************************************************************************
350 * GetSidIdentifierAuthority (kernelbase.@)
351 */
352 PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority( PSID sid )
353 {
354 SetLastError(ERROR_SUCCESS);
355 return RtlIdentifierAuthoritySid( sid );
356 }
357
358 /******************************************************************************
359 * GetSidLengthRequired (kernelbase.@)
360 */
361 DWORD WINAPI GetSidLengthRequired( BYTE count )
362 {
363 return RtlLengthRequiredSid( count );
364 }
365
366 /******************************************************************************
367 * GetSidSubAuthority (kernelbase.@)
368 */
369 PDWORD WINAPI GetSidSubAuthority( PSID sid, DWORD auth )
370 {
371 SetLastError(ERROR_SUCCESS);
372 return RtlSubAuthoritySid( sid, auth );
373 }
374
375 /******************************************************************************
376 * GetSidSubAuthorityCount (kernelbase.@)
377 */
378 PUCHAR WINAPI GetSidSubAuthorityCount( PSID sid )
379 {
380 SetLastError(ERROR_SUCCESS);
381 return RtlSubAuthorityCountSid( sid );
382 }
383
384 /******************************************************************************
385 * GetWindowsAccountDomainSid (kernelbase.@)
386 */
387 BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
388 {
389 SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
390 DWORD required_size;
391 int i;
392
393 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
394
395 if (!sid || !IsValidSid( sid ))
396 {
397 SetLastError( ERROR_INVALID_SID );
398 return FALSE;
399 }
400
401 if (!size)
402 {
403 SetLastError( ERROR_INVALID_PARAMETER );
404 return FALSE;
405 }
406
407 if (*GetSidSubAuthorityCount( sid ) < 4)
408 {
409 SetLastError( ERROR_INVALID_SID );
410 return FALSE;
411 }
412
413 required_size = GetSidLengthRequired( 4 );
414 if (*size < required_size || !domain_sid)
415 {
416 *size = required_size;
417 SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER : ERROR_INVALID_PARAMETER );
418 return FALSE;
419 }
420
421 InitializeSid( domain_sid, &domain_ident, 4 );
422 for (i = 0; i < 4; i++)
423 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
424
425 *size = required_size;
426 return TRUE;
427 }
428
429 /******************************************************************************
430 * InitializeSid (kernelbase.@)
431 */
432 BOOL WINAPI InitializeSid ( PSID sid, PSID_IDENTIFIER_AUTHORITY auth, BYTE count )
433 {
434 return RtlInitializeSid( sid, auth, count );
435 }
436
437 /******************************************************************************
438 * IsValidSid (kernelbase.@)
439 */
440 BOOL WINAPI IsValidSid( PSID sid )
441 {
442 return RtlValidSid( sid );
443 }
444
445 /******************************************************************************
446 * CreateWellKnownSid (kernelbase.@)
447 */
448 BOOL WINAPI CreateWellKnownSid( WELL_KNOWN_SID_TYPE type, PSID domain, PSID sid, DWORD *size )
449 {
450 unsigned int i;
451
452 TRACE("(%d, %s, %p, %p)\n", type, debugstr_sid(domain), sid, size);
453
454 if (size == NULL || (domain && !IsValidSid(domain)))
455 {
456 SetLastError(ERROR_INVALID_PARAMETER);
457 return FALSE;
458 }
459
460 for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
461 {
462 if (WellKnownSids[i].Type == type)
463 {
464 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
465
466 if (*size < length)
467 {
468 *size = length;
469 SetLastError(ERROR_INSUFFICIENT_BUFFER);
470 return FALSE;
471 }
472 if (!sid)
473 {
474 SetLastError(ERROR_INVALID_PARAMETER);
475 return FALSE;
476 }
477 CopyMemory(sid, &WellKnownSids[i].Sid.Revision, length);
478 *size = length;
479 return TRUE;
480 }
481 }
482
483 if (domain == NULL || *GetSidSubAuthorityCount(domain) == SID_MAX_SUB_AUTHORITIES)
484 {
485 SetLastError(ERROR_INVALID_PARAMETER);
486 return FALSE;
487 }
488
489 for (i = 0; i < ARRAY_SIZE(WellKnownRids); i++)
490 {
491 if (WellKnownRids[i].Type == type)
492 {
493 UCHAR domain_subauth = *GetSidSubAuthorityCount(domain);
494 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
495 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
496
497 if (*size < output_sid_length)
498 {
499 *size = output_sid_length;
500 SetLastError(ERROR_INSUFFICIENT_BUFFER);
501 return FALSE;
502 }
503 if (!sid)
504 {
505 SetLastError(ERROR_INVALID_PARAMETER);
506 return FALSE;
507 }
508 CopyMemory(sid, domain, domain_sid_length);
509 (*GetSidSubAuthorityCount(sid))++;
510 (*GetSidSubAuthority(sid, domain_subauth)) = WellKnownRids[i].Rid;
511 *size = output_sid_length;
512 return TRUE;
513 }
514 }
515 SetLastError(ERROR_INVALID_PARAMETER);
516 return FALSE;
517 }
518
519 /******************************************************************************
520 * IsWellKnownSid (kernelbase.@)
521 */
522 BOOL WINAPI IsWellKnownSid( PSID sid, WELL_KNOWN_SID_TYPE type )
523 {
524 unsigned int i;
525
526 TRACE("(%s, %d)\n", debugstr_sid(sid), type);
527
528 for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
529 if (WellKnownSids[i].Type == type)
530 if (EqualSid(sid, (PSID)&WellKnownSids[i].Sid.Revision))
531 return TRUE;
532
533 return FALSE;
534 }
535
536
537 /******************************************************************************
538 * Token functions
539 ******************************************************************************/
540
541
542 /******************************************************************************
543 * AdjustTokenGroups (kernelbase.@)
544 */
545 BOOL WINAPI AdjustTokenGroups( HANDLE token, BOOL reset, PTOKEN_GROUPS new,
546 DWORD len, PTOKEN_GROUPS prev, PDWORD ret_len )
547 {
548 return set_ntstatus( NtAdjustGroupsToken( token, reset, new, len, prev, ret_len ));
549 }
550
551 /******************************************************************************
552 * AdjustTokenPrivileges (kernelbase.@)
553 */
554 BOOL WINAPI AdjustTokenPrivileges( HANDLE token, BOOL disable, PTOKEN_PRIVILEGES new, DWORD len,
555 PTOKEN_PRIVILEGES prev, PDWORD ret_len )
556 {
557 NTSTATUS status;
558
559 TRACE("(%p %d %p %d %p %p)\n", token, disable, new, len, prev, ret_len );
560
561 status = NtAdjustPrivilegesToken( token, disable, new, len, prev, ret_len );
562 SetLastError( RtlNtStatusToDosError( status ));
563 return (status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED);
564 }
565
566 /******************************************************************************
567 * CheckTokenMembership (kernelbase.@)
568 */
569 BOOL WINAPI CheckTokenMembership( HANDLE token, PSID sid_to_check, PBOOL is_member )
570 {
571 PTOKEN_GROUPS token_groups = NULL;
572 HANDLE thread_token = NULL;
573 DWORD size, i;
574 BOOL ret;
575
576 TRACE("(%p %s %p)\n", token, debugstr_sid(sid_to_check), is_member);
577
578 *is_member = FALSE;
579
580 if (!token)
581 {
582 if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thread_token))
583 {
584 HANDLE process_token;
585 ret = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &process_token);
586 if (!ret)
587 goto exit;
588 ret = DuplicateTokenEx(process_token, TOKEN_QUERY, NULL, SecurityImpersonation,
589 TokenImpersonation, &thread_token);
590 CloseHandle(process_token);
591 if (!ret)
592 goto exit;
593 }
594 token = thread_token;
595 }
596 else
597 {
598 TOKEN_TYPE type;
599
600 ret = GetTokenInformation(token, TokenType, &type, sizeof(TOKEN_TYPE), &size);
601 if (!ret) goto exit;
602
603 if (type == TokenPrimary)
604 {
605 SetLastError(ERROR_NO_IMPERSONATION_TOKEN);
606 return FALSE;
607 }
608 }
609
610 ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size);
611 if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
612 goto exit;
613
614 token_groups = heap_alloc(size);
615 if (!token_groups)
616 {
617 ret = FALSE;
618 goto exit;
619 }
620
621 ret = GetTokenInformation(token, TokenGroups, token_groups, size, &size);
622 if (!ret)
623 goto exit;
624
625 for (i = 0; i < token_groups->GroupCount; i++)
626 {
627 TRACE("Groups[%d]: {0x%x, %s}\n", i,
628 token_groups->Groups[i].Attributes,
629 debugstr_sid(token_groups->Groups[i].Sid));
630 if ((token_groups->Groups[i].Attributes & SE_GROUP_ENABLED) &&
631 EqualSid(sid_to_check, token_groups->Groups[i].Sid))
632 {
633 *is_member = TRUE;
634 TRACE("sid enabled and found in token\n");
635 break;
636 }
637 }
638
639 exit:
640 heap_free(token_groups);
641 if (thread_token != NULL) CloseHandle(thread_token);
642 return ret;
643 }
644
645 /*************************************************************************
646 * CreateRestrictedToken (kernelbase.@)
647 */
648 BOOL WINAPI CreateRestrictedToken( HANDLE token, DWORD flags,
649 DWORD disable_sid_count, SID_AND_ATTRIBUTES *disable_sids,
650 DWORD delete_priv_count, LUID_AND_ATTRIBUTES *delete_privs,
651 DWORD restrict_sid_count, SID_AND_ATTRIBUTES *restrict_sids, HANDLE *ret )
652 {
653 TOKEN_PRIVILEGES *nt_privs = NULL;
654 TOKEN_GROUPS *nt_disable_sids = NULL, *nt_restrict_sids = NULL;
655 NTSTATUS status = STATUS_NO_MEMORY;
656
657 TRACE("token %p, flags %#x, disable_sids %u %p, delete_privs %u %p, restrict_sids %u %p, ret %p\n",
658 token, flags, disable_sid_count, disable_sids, delete_priv_count, delete_privs,
659 restrict_sid_count, restrict_sids, ret);
660
661 if (disable_sid_count)
662 {
663 if (!(nt_disable_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[disable_sid_count] ) ))) goto out;
664 nt_disable_sids->GroupCount = disable_sid_count;
665 memcpy( nt_disable_sids->Groups, disable_sids, disable_sid_count * sizeof(SID_AND_ATTRIBUTES) );
666 }
667
668 if (delete_priv_count)
669 {
670 if (!(nt_privs = heap_alloc( offsetof( TOKEN_GROUPS, Groups[delete_priv_count] ) ))) goto out;
671 nt_privs->PrivilegeCount = delete_priv_count;
672 memcpy( nt_privs->Privileges, delete_privs, delete_priv_count * sizeof(SID_AND_ATTRIBUTES) );
673 }
674
675 if (restrict_sid_count)
676 {
677 if (!(nt_restrict_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[restrict_sid_count] ) ))) goto out;
678 nt_restrict_sids->GroupCount = restrict_sid_count;
679 memcpy( nt_restrict_sids->Groups, restrict_sids, restrict_sid_count * sizeof(SID_AND_ATTRIBUTES) );
680 }
681
682 status = NtFilterToken(token, flags, nt_disable_sids, nt_privs, nt_restrict_sids, ret);
683
684 out:
685 heap_free(nt_disable_sids);
686 heap_free(nt_privs);
687 heap_free(nt_restrict_sids);
688 return set_ntstatus( status );
689 }
690
691 /******************************************************************************
692 * DuplicateToken (kernelbase.@)
693 */
694 BOOL WINAPI DuplicateToken( HANDLE token, SECURITY_IMPERSONATION_LEVEL level, PHANDLE ret )
695 {
696 return DuplicateTokenEx( token, TOKEN_IMPERSONATE|TOKEN_QUERY, NULL, level, TokenImpersonation, ret );
697 }
698
699 /******************************************************************************
700 * DuplicateTokenEx (kernelbase.@)
701 */
702 BOOL WINAPI DuplicateTokenEx( HANDLE token, DWORD access, LPSECURITY_ATTRIBUTES sa,
703 SECURITY_IMPERSONATION_LEVEL level, TOKEN_TYPE type, PHANDLE ret )
704 {
705 OBJECT_ATTRIBUTES attr;
706
707 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", token, access, level, type, ret );
708
709 InitializeObjectAttributes( &attr, NULL, (sa && sa->bInheritHandle) ? OBJ_INHERIT : 0,
710 NULL, sa ? sa->lpSecurityDescriptor : NULL );
711 return set_ntstatus( NtDuplicateToken( token, access, &attr, level, type, ret ));
712 }
713
714 /******************************************************************************
715 * GetTokenInformation (kernelbase.@)
716 */
717 BOOL WINAPI GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS class,
718 LPVOID info, DWORD len, LPDWORD retlen )
719 {
720 TRACE("(%p, %s, %p, %d, %p):\n",
721 token,
722 (class == TokenUser) ? "TokenUser" :
723 (class == TokenGroups) ? "TokenGroups" :
724 (class == TokenPrivileges) ? "TokenPrivileges" :
725 (class == TokenOwner) ? "TokenOwner" :
726 (class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
727 (class == TokenDefaultDacl) ? "TokenDefaultDacl" :
728 (class == TokenSource) ? "TokenSource" :
729 (class == TokenType) ? "TokenType" :
730 (class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
731 (class == TokenStatistics) ? "TokenStatistics" :
732 (class == TokenRestrictedSids) ? "TokenRestrictedSids" :
733 (class == TokenSessionId) ? "TokenSessionId" :
734 (class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
735 (class == TokenSessionReference) ? "TokenSessionReference" :
736 (class == TokenSandBoxInert) ? "TokenSandBoxInert" :
737 "Unknown",
738 info, len, retlen);
739
740 return set_ntstatus( NtQueryInformationToken( token, class, info, len, retlen ));
741 }
742
743 /******************************************************************************
744 * ImpersonateAnonymousToken (kernelbase.@)
745 */
746 BOOL WINAPI ImpersonateAnonymousToken( HANDLE thread )
747 {
748 TRACE("(%p)\n", thread);
749 return set_ntstatus( NtImpersonateAnonymousToken( thread ) );
750 }
751
752 /******************************************************************************
753 * ImpersonateLoggedOnUser (kernelbase.@)
754 */
755 BOOL WINAPI ImpersonateLoggedOnUser( HANDLE token )
756 {
757 DWORD size;
758 BOOL ret;
759 HANDLE dup;
760 TOKEN_TYPE type;
761 static BOOL warn = TRUE;
762
763 if (warn)
764 {
765 FIXME( "(%p)\n", token );
766 warn = FALSE;
767 }
768 if (!GetTokenInformation( token, TokenType, &type, sizeof(type), &size )) return FALSE;
769
770 if (type == TokenPrimary)
771 {
772 if (!DuplicateToken( token, SecurityImpersonation, &dup )) return FALSE;
773 ret = SetThreadToken( NULL, dup );
774 NtClose( dup );
775 }
776 else ret = SetThreadToken( NULL, token );
777
778 return ret;
779 }
780
781 /******************************************************************************
782 * ImpersonateNamedPipeClient (kernelbase.@)
783 */
784 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE pipe )
785 {
786 IO_STATUS_BLOCK io_block;
787
788 return set_ntstatus( NtFsControlFile( pipe, NULL, NULL, NULL, &io_block,
789 FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0 ));
790 }
791
792 /******************************************************************************
793 * ImpersonateSelf (kernelbase.@)
794 */
795 BOOL WINAPI ImpersonateSelf( SECURITY_IMPERSONATION_LEVEL level )
796 {
797 return set_ntstatus( RtlImpersonateSelf( level ) );
798 }
799
800 /******************************************************************************
801 * IsTokenRestricted (kernelbase.@)
802 */
803 BOOL WINAPI IsTokenRestricted( HANDLE token )
804 {
805 TOKEN_GROUPS *groups;
806 DWORD size;
807 NTSTATUS status;
808 BOOL restricted;
809
810 TRACE("(%p)\n", token);
811
812 status = NtQueryInformationToken(token, TokenRestrictedSids, NULL, 0, &size);
813 if (status != STATUS_BUFFER_TOO_SMALL) return set_ntstatus(status);
814
815 groups = heap_alloc(size);
816 if (!groups)
817 {
818 SetLastError(ERROR_OUTOFMEMORY);
819 return FALSE;
820 }
821
822 status = NtQueryInformationToken(token, TokenRestrictedSids, groups, size, &size);
823 if (status != STATUS_SUCCESS)
824 {
825 heap_free(groups);
826 return set_ntstatus(status);
827 }
828
829 restricted = groups->GroupCount > 0;
830 heap_free(groups);
831
832 return restricted;
833 }
834
835 /******************************************************************************
836 * OpenProcessToken (kernelbase.@)
837 */
838 BOOL WINAPI OpenProcessToken( HANDLE process, DWORD access, HANDLE *handle )
839 {
840 return set_ntstatus( NtOpenProcessToken( process, access, handle ));
841 }
842
843 /******************************************************************************
844 * OpenThreadToken (kernelbase.@)
845 */
846 BOOL WINAPI OpenThreadToken( HANDLE thread, DWORD access, BOOL self, HANDLE *handle )
847 {
848 return set_ntstatus( NtOpenThreadToken( thread, access, self, handle ));
849 }
850
851 /******************************************************************************
852 * PrivilegeCheck (kernelbase.@)
853 */
854 BOOL WINAPI PrivilegeCheck( HANDLE token, PPRIVILEGE_SET privs, LPBOOL result )
855 {
856 BOOLEAN res;
857 BOOL ret = set_ntstatus( NtPrivilegeCheck( token, privs, &res ));
858 if (ret) *result = res;
859 return ret;
860 }
861
862 /******************************************************************************
863 * RevertToSelf (kernelbase.@)
864 */
865 BOOL WINAPI RevertToSelf(void)
866 {
867 return SetThreadToken( NULL, 0 );
868 }
869
870 /*************************************************************************
871 * SetThreadToken (kernelbase.@)
872 */
873 BOOL WINAPI SetThreadToken( PHANDLE thread, HANDLE token )
874 {
875 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
876 ThreadImpersonationToken, &token, sizeof(token) ));
877 }
878
879 /******************************************************************************
880 * SetTokenInformation (kernelbase.@)
881 */
882 BOOL WINAPI SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS class, LPVOID info, DWORD len )
883 {
884 TRACE("(%p, %s, %p, %d)\n",
885 token,
886 (class == TokenUser) ? "TokenUser" :
887 (class == TokenGroups) ? "TokenGroups" :
888 (class == TokenPrivileges) ? "TokenPrivileges" :
889 (class == TokenOwner) ? "TokenOwner" :
890 (class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
891 (class == TokenDefaultDacl) ? "TokenDefaultDacl" :
892 (class == TokenSource) ? "TokenSource" :
893 (class == TokenType) ? "TokenType" :
894 (class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
895 (class == TokenStatistics) ? "TokenStatistics" :
896 (class == TokenRestrictedSids) ? "TokenRestrictedSids" :
897 (class == TokenSessionId) ? "TokenSessionId" :
898 (class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
899 (class == TokenSessionReference) ? "TokenSessionReference" :
900 (class == TokenSandBoxInert) ? "TokenSandBoxInert" :
901 "Unknown",
902 info, len);
903
904 return set_ntstatus( NtSetInformationToken( token, class, info, len ));
905 }
906
907
908 /******************************************************************************
909 * Security descriptor functions
910 ******************************************************************************/
911
912
913 /******************************************************************************
914 * ConvertToAutoInheritPrivateObjectSecurity (kernelbase.@)
915 */
916 BOOL WINAPI ConvertToAutoInheritPrivateObjectSecurity( PSECURITY_DESCRIPTOR parent,
917 PSECURITY_DESCRIPTOR current,
918 PSECURITY_DESCRIPTOR *descr,
919 GUID *type, BOOL is_dir,
920 PGENERIC_MAPPING mapping )
921 {
922 return set_ntstatus( RtlConvertToAutoInheritSecurityObject( parent, current, descr, type, is_dir, mapping ));
923 }
924
925 /******************************************************************************
926 * CreatePrivateObjectSecurity (kernelbase.@)
927 */
928 BOOL WINAPI CreatePrivateObjectSecurity( PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator,
929 PSECURITY_DESCRIPTOR *descr, BOOL is_container, HANDLE token,
930 PGENERIC_MAPPING mapping )
931 {
932 return CreatePrivateObjectSecurityEx( parent, creator, descr, NULL, is_container, 0, token, mapping );
933 }
934
935 /******************************************************************************
936 * CreatePrivateObjectSecurityEx (kernelbase.@)
937 */
938 BOOL WINAPI CreatePrivateObjectSecurityEx( PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator,
939 PSECURITY_DESCRIPTOR *descr, GUID *type, BOOL is_container,
940 ULONG flags, HANDLE token, PGENERIC_MAPPING mapping )
941 {
942 SECURITY_DESCRIPTOR_RELATIVE *relative;
943 DWORD needed, offset;
944 BYTE *buffer;
945
946 FIXME( "%p %p %p %p %d %u %p %p - returns fake SECURITY_DESCRIPTOR\n",
947 parent, creator, descr, type, is_container, flags, token, mapping );
948
949 needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
950 needed += sizeof(world_sid);
951 needed += sizeof(world_sid);
952 needed += world_access_acl_size;
953 needed += world_access_acl_size;
954
955 if (!(buffer = heap_alloc( needed ))) return FALSE;
956 relative = (SECURITY_DESCRIPTOR_RELATIVE *)buffer;
957 if (!InitializeSecurityDescriptor( relative, SECURITY_DESCRIPTOR_REVISION ))
958 {
959 heap_free( buffer );
960 return FALSE;
961 }
962 relative->Control |= SE_SELF_RELATIVE;
963 offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
964
965 memcpy( buffer + offset, &world_sid, sizeof(world_sid) );
966 relative->Owner = offset;
967 offset += sizeof(world_sid);
968
969 memcpy( buffer + offset, &world_sid, sizeof(world_sid) );
970 relative->Group = offset;
971 offset += sizeof(world_sid);
972
973 get_world_access_acl( (ACL *)(buffer + offset) );
974 relative->Dacl = offset;
975 offset += world_access_acl_size;
976
977 get_world_access_acl( (ACL *)(buffer + offset) );
978 relative->Sacl = offset;
979
980 *descr = relative;
981 return TRUE;
982 }
983
984 /******************************************************************************
985 * CreatePrivateObjectSecurityWithMultipleInheritance (kernelbase.@)
986 */
987 BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance( PSECURITY_DESCRIPTOR parent,
988 PSECURITY_DESCRIPTOR creator,
989 PSECURITY_DESCRIPTOR *descr,
990 GUID **types, ULONG count,
991 BOOL is_container, ULONG flags,
992 HANDLE token, PGENERIC_MAPPING mapping )
993 {
994 FIXME(": semi-stub\n");
995 return CreatePrivateObjectSecurityEx( parent, creator, descr, NULL, is_container,
996 flags, token, mapping );
997 }
998
999 /******************************************************************************
1000 * DestroyPrivateObjectSecurity (kernelbase.@)
1001 */
1002 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR *descr )
1003 {
1004 FIXME("%p - stub\n", descr);
1005 heap_free( *descr );
1006 return TRUE;
1007 }
1008
1009 /******************************************************************************
1010 * GetFileSecurityW (kernelbase.@)
1011 */
1012 BOOL WINAPI GetFileSecurityW( LPCWSTR name, SECURITY_INFORMATION info,
1013 PSECURITY_DESCRIPTOR descr, DWORD len, LPDWORD ret_len )
1014 {
1015 HANDLE file;
1016 NTSTATUS status;
1017 DWORD access = 0;
1018
1019 TRACE( "(%s,%d,%p,%d,%p)\n", debugstr_w(name), info, descr, len, ret_len );
1020
1021 if (info & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION))
1022 access |= READ_CONTROL;
1023 if (info & SACL_SECURITY_INFORMATION)
1024 access |= ACCESS_SYSTEM_SECURITY;
1025
1026 if (!(status = open_file( name, access, &file )))
1027 {
1028 status = NtQuerySecurityObject( file, info, descr, len, ret_len );
1029 NtClose( file );
1030 }
1031 return set_ntstatus( status );
1032 }
1033
1034 /******************************************************************************
1035 * GetKernelObjectSecurity (kernelbase.@)
1036 */
1037 BOOL WINAPI GetKernelObjectSecurity( HANDLE handle, SECURITY_INFORMATION info,
1038 PSECURITY_DESCRIPTOR descr, DWORD len, LPDWORD ret_len )
1039 {
1040 return set_ntstatus( NtQuerySecurityObject( handle, info, descr, len, ret_len ));
1041 }
1042
1043 /******************************************************************************
1044 * GetPrivateObjectSecurity (kernelbase.@)
1045 */
1046 BOOL WINAPI GetPrivateObjectSecurity( PSECURITY_DESCRIPTOR obj_descr, SECURITY_INFORMATION info,
1047 PSECURITY_DESCRIPTOR ret_descr, DWORD len, PDWORD ret_len )
1048 {
1049 SECURITY_DESCRIPTOR desc;
1050 BOOL defaulted, present;
1051 PACL pacl;
1052 PSID psid;
1053
1054 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", obj_descr, info, ret_descr, len, ret_len );
1055
1056 if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION)) return FALSE;
1057
1058 if (info & OWNER_SECURITY_INFORMATION)
1059 {
1060 if (!GetSecurityDescriptorOwner(obj_descr, &psid, &defaulted)) return FALSE;
1061 SetSecurityDescriptorOwner(&desc, psid, defaulted);
1062 }
1063 if (info & GROUP_SECURITY_INFORMATION)
1064 {
1065 if (!GetSecurityDescriptorGroup(obj_descr, &psid, &defaulted)) return FALSE;
1066 SetSecurityDescriptorGroup(&desc, psid, defaulted);
1067 }
1068 if (info & DACL_SECURITY_INFORMATION)
1069 {
1070 if (!GetSecurityDescriptorDacl(obj_descr, &present, &pacl, &defaulted)) return FALSE;
1071 SetSecurityDescriptorDacl(&desc, present, pacl, defaulted);
1072 }
1073 if (info & SACL_SECURITY_INFORMATION)
1074 {
1075 if (!GetSecurityDescriptorSacl(obj_descr, &present, &pacl, &defaulted)) return FALSE;
1076 SetSecurityDescriptorSacl(&desc, present, pacl, defaulted);
1077 }
1078
1079 *ret_len = len;
1080 return MakeSelfRelativeSD(&desc, ret_descr, ret_len);
1081 }
1082
1083 /******************************************************************************
1084 * GetSecurityDescriptorControl (kernelbase.@)
1085 */
1086 BOOL WINAPI GetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr, PSECURITY_DESCRIPTOR_CONTROL control,
1087 LPDWORD revision)
1088 {
1089 return set_ntstatus( RtlGetControlSecurityDescriptor( descr, control, revision ));
1090 }
1091
1092 /******************************************************************************
1093 * GetSecurityDescriptorDacl (kernelbase.@)
1094 */
1095 BOOL WINAPI GetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr, LPBOOL dacl_present, PACL *dacl,
1096 LPBOOL dacl_defaulted )
1097 {
1098 BOOLEAN present, defaulted;
1099 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor( descr, &present, dacl, &defaulted ));
1100 *dacl_present = present;
1101 *dacl_defaulted = defaulted;
1102 return ret;
1103 }
1104
1105 /******************************************************************************
1106 * GetSecurityDescriptorGroup (kernelbase.@)
1107 */
1108 BOOL WINAPI GetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr, PSID *group, LPBOOL group_defaulted )
1109 {
1110 BOOLEAN defaulted;
1111 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor( descr, group, &defaulted ));
1112 *group_defaulted = defaulted;
1113 return ret;
1114 }
1115
1116 /******************************************************************************
1117 * GetSecurityDescriptorLength (kernelbase.@)
1118 */
1119 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR descr )
1120 {
1121 return RtlLengthSecurityDescriptor( descr );
1122 }
1123
1124 /******************************************************************************
1125 * GetSecurityDescriptorOwner (kernelbase.@)
1126 */
1127 BOOL WINAPI GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr, PSID *owner, LPBOOL owner_defaulted )
1128 {
1129 BOOLEAN defaulted;
1130 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( descr, owner, &defaulted ));
1131 *owner_defaulted = defaulted;
1132 return ret;
1133 }
1134
1135 /******************************************************************************
1136 * GetSecurityDescriptorSacl (kernelbase.@)
1137 */
1138 BOOL WINAPI GetSecurityDescriptorSacl( PSECURITY_DESCRIPTOR descr, LPBOOL sacl_present, PACL *sacl,
1139 LPBOOL sacl_defaulted )
1140 {
1141 BOOLEAN present, defaulted;
1142 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor( descr, &present, sacl, &defaulted ));
1143 *sacl_present = present;
1144 *sacl_defaulted = defaulted;
1145 return ret;
1146 }
1147
1148 /******************************************************************************
1149 * InitializeSecurityDescriptor (kernelbase.@)
1150 */
1151 BOOL WINAPI InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR descr, DWORD revision )
1152 {
1153 return set_ntstatus( RtlCreateSecurityDescriptor( descr, revision ));
1154 }
1155
1156 /******************************************************************************
1157 * IsValidSecurityDescriptor (kernelbase.@)
1158 */
1159 BOOL WINAPI IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR descr )
1160 {
1161 return set_ntstatus( RtlValidSecurityDescriptor( descr ));
1162 }
1163
1164 /******************************************************************************
1165 * MakeAbsoluteSD (kernelbase.@)
1166 */
1167 BOOL WINAPI MakeAbsoluteSD ( PSECURITY_DESCRIPTOR rel_descr, PSECURITY_DESCRIPTOR abs_descr,
1168 LPDWORD abs_size, PACL dacl, LPDWORD dacl_size, PACL sacl, LPDWORD sacl_size,
1169 PSID owner, LPDWORD owner_size, PSID group, LPDWORD group_size )
1170 {
1171 return set_ntstatus( RtlSelfRelativeToAbsoluteSD( rel_descr, abs_descr, abs_size,
1172 dacl, dacl_size, sacl, sacl_size,
1173 owner, owner_size, group, group_size ));
1174 }
1175
1176 /******************************************************************************
1177 * MakeSelfRelativeSD (kernelbase.@)
1178 */
1179 BOOL WINAPI MakeSelfRelativeSD( PSECURITY_DESCRIPTOR abs_descr, PSECURITY_DESCRIPTOR rel_descr,
1180 LPDWORD len )
1181 {
1182 return set_ntstatus( RtlMakeSelfRelativeSD( abs_descr, rel_descr, len ));
1183 }
1184
1185 /******************************************************************************
1186 * SetFileSecurityW (kernelbase.@)
1187 */
1188 BOOL WINAPI SetFileSecurityW( LPCWSTR name, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr )
1189 {
1190 HANDLE file;
1191 DWORD access = 0;
1192 NTSTATUS status;
1193
1194 TRACE( "(%s, 0x%x, %p)\n", debugstr_w(name), info, descr );
1195
1196 if (info & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION)) access |= WRITE_OWNER;
1197 if (info & SACL_SECURITY_INFORMATION) access |= ACCESS_SYSTEM_SECURITY;
1198 if (info & DACL_SECURITY_INFORMATION) access |= WRITE_DAC;
1199
1200 if (!(status = open_file( name, access, &file )))
1201 {
1202 status = NtSetSecurityObject( file, info, descr );
1203 NtClose( file );
1204 }
1205 return set_ntstatus( status );
1206 }
1207
1208 /*************************************************************************
1209 * SetKernelObjectSecurity (kernelbase.@)
1210 */
1211 BOOL WINAPI SetKernelObjectSecurity( HANDLE handle, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr )
1212 {
1213 return set_ntstatus( NtSetSecurityObject( handle, info, descr ));
1214 }
1215
1216 /*************************************************************************
1217 * SetPrivateObjectSecurity (kernelbase.@)
1218 */
1219 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr,
1220 PSECURITY_DESCRIPTOR *obj_descr, PGENERIC_MAPPING mapping,
1221 HANDLE token )
1222 {
1223 FIXME( "0x%08x %p %p %p %p - stub\n", info, descr, obj_descr, mapping, token );
1224 return TRUE;
1225 }
1226
1227 /*************************************************************************
1228 * SetPrivateObjectSecurityEx (kernelbase.@)
1229 */
1230 BOOL WINAPI SetPrivateObjectSecurityEx( SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr,
1231 PSECURITY_DESCRIPTOR *obj_descr, ULONG flags,
1232 PGENERIC_MAPPING mapping, HANDLE token )
1233 {
1234 FIXME( "0x%08x %p %p %u %p %p - stub\n", info, descr, obj_descr, flags, mapping, token );
1235 return TRUE;
1236 }
1237
1238 /******************************************************************************
1239 * SetSecurityDescriptorControl (kernelbase.@)
1240 */
1241 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr, SECURITY_DESCRIPTOR_CONTROL mask,
1242 SECURITY_DESCRIPTOR_CONTROL set )
1243 {
1244 return set_ntstatus( RtlSetControlSecurityDescriptor( descr, mask, set ));
1245 }
1246
1247 /******************************************************************************
1248 * SetSecurityDescriptorDacl (kernelbase.@)
1249 */
1250 BOOL WINAPI SetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr, BOOL present, PACL dacl, BOOL defaulted )
1251 {
1252 return set_ntstatus( RtlSetDaclSecurityDescriptor( descr, present, dacl, defaulted ));
1253 }
1254
1255 /******************************************************************************
1256 * SetSecurityDescriptorGroup (kernelbase.@)
1257 */
1258 BOOL WINAPI SetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr, PSID group, BOOL defaulted )
1259 {
1260 return set_ntstatus( RtlSetGroupSecurityDescriptor( descr, group, defaulted ));
1261 }
1262
1263 /******************************************************************************
1264 * SetSecurityDescriptorOwner (kernelbase.@)
1265 */
1266 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr, PSID owner, BOOL defaulted )
1267 {
1268 return set_ntstatus( RtlSetOwnerSecurityDescriptor( descr, owner, defaulted ));
1269 }
1270
1271 /**************************************************************************
1272 * SetSecurityDescriptorSacl (kernelbase.@)
1273 */
1274 BOOL WINAPI SetSecurityDescriptorSacl ( PSECURITY_DESCRIPTOR descr, BOOL present, PACL sacl, BOOL defaulted )
1275 {
1276 return set_ntstatus( RtlSetSaclSecurityDescriptor( descr, present, sacl, defaulted ));
1277 }
1278
1279
1280 /******************************************************************************
1281 * Access control functions
1282 ******************************************************************************/
1283
1284
1285 /******************************************************************************
1286 * AccessCheck (kernelbase.@)
1287 */
1288 BOOL WINAPI AccessCheck( PSECURITY_DESCRIPTOR descr, HANDLE token, DWORD access, PGENERIC_MAPPING mapping,
1289 PPRIVILEGE_SET priv, LPDWORD priv_len, LPDWORD granted, LPBOOL status )
1290 {
1291 NTSTATUS access_status;
1292 BOOL ret = set_ntstatus( NtAccessCheck( descr, token, access, mapping, priv, priv_len,
1293 granted, &access_status ));
1294 if (ret) *status = set_ntstatus( access_status );
1295 return ret;
1296 }
1297
1298 /******************************************************************************
1299 * AccessCheckAndAuditAlarmW (kernelbase.@)
1300 */
1301 BOOL WINAPI AccessCheckAndAuditAlarmW( LPCWSTR subsystem, LPVOID id, LPWSTR type_name,
1302 LPWSTR name, PSECURITY_DESCRIPTOR descr, DWORD access,
1303 PGENERIC_MAPPING mapping, BOOL creation,
1304 LPDWORD granted, LPBOOL status, LPBOOL on_close )
1305 {
1306 FIXME( "stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_w(subsystem),
1307 id, debugstr_w(type_name), debugstr_w(name), descr, access, mapping,
1308 creation, granted, status, on_close );
1309 return TRUE;
1310 }
1311
1312 /******************************************************************************
1313 * AccessCheckByType (kernelbase.@)
1314 */
1315 BOOL WINAPI AccessCheckByType( PSECURITY_DESCRIPTOR descr, PSID sid, HANDLE token, DWORD access,
1316 POBJECT_TYPE_LIST types, DWORD types_len, PGENERIC_MAPPING mapping,
1317 PPRIVILEGE_SET priv, LPDWORD priv_len, LPDWORD granted, LPBOOL status )
1318 {
1319 FIXME("stub\n");
1320 *status = TRUE;
1321 return !*status;
1322 }
1323
1324 /******************************************************************************
1325 * AddAccessAllowedAce (kernelbase.@)
1326 */
1327 BOOL WINAPI AddAccessAllowedAce( PACL acl, DWORD rev, DWORD access, PSID sid )
1328 {
1329 return set_ntstatus( RtlAddAccessAllowedAce( acl, rev, access, sid ));
1330 }
1331
1332 /******************************************************************************
1333 * AddAccessAllowedAceEx (kernelbase.@)
1334 */
1335 BOOL WINAPI AddAccessAllowedAceEx( PACL acl, DWORD rev, DWORD flags, DWORD access, PSID sid )
1336 {
1337 return set_ntstatus( RtlAddAccessAllowedAceEx( acl, rev, flags, access, sid ));
1338 }
1339
1340 /******************************************************************************
1341 * AddAccessAllowedObjectAce (kernelbase.@)
1342 */
1343 BOOL WINAPI AddAccessAllowedObjectAce( PACL acl, DWORD rev, DWORD flags, DWORD access,
1344 GUID *type, GUID *inherit, PSID sid )
1345 {
1346 return set_ntstatus( RtlAddAccessAllowedObjectAce( acl, rev, flags, access, type, inherit, sid ));
1347 }
1348
1349 /******************************************************************************
1350 * AddAccessDeniedAce (kernelbase.@)
1351 */
1352 BOOL WINAPI AddAccessDeniedAce( PACL acl, DWORD rev, DWORD access, PSID sid )
1353 {
1354 return set_ntstatus( RtlAddAccessDeniedAce( acl, rev, access, sid ));
1355 }
1356
1357 /******************************************************************************
1358 * AddAccessDeniedAceEx (kernelbase.@)
1359 */
1360 BOOL WINAPI AddAccessDeniedAceEx( PACL acl, DWORD rev, DWORD flags, DWORD access, PSID sid )
1361 {
1362 return set_ntstatus( RtlAddAccessDeniedAceEx( acl, rev, flags, access, sid ));
1363 }
1364
1365 /******************************************************************************
1366 * AddAccessDeniedObjectAce (kernelbase.@)
1367 */
1368 BOOL WINAPI AddAccessDeniedObjectAce( PACL acl, DWORD rev, DWORD flags, DWORD access,
1369 GUID *type, GUID *inherit, PSID sid )
1370 {
1371 return set_ntstatus( RtlAddAccessDeniedObjectAce( acl, rev, flags, access, type, inherit, sid ));
1372 }
1373
1374 /******************************************************************************
1375 * AddAce (kernelbase.@)
1376 */
1377 BOOL WINAPI AddAce( PACL acl, DWORD rev, DWORD index, LPVOID list, DWORD len )
1378 {
1379 return set_ntstatus( RtlAddAce( acl, rev, index, list, len ));
1380 }
1381
1382 /******************************************************************************
1383 * AddAuditAccessAce (kernelbase.@)
1384 */
1385 BOOL WINAPI AddAuditAccessAce( PACL acl, DWORD rev, DWORD access, PSID sid, BOOL success, BOOL failure )
1386 {
1387 return set_ntstatus( RtlAddAuditAccessAce( acl, rev, access, sid, success, failure ));
1388 }
1389
1390 /******************************************************************************
1391 * AddAuditAccessAceEx (kernelbase.@)
1392 */
1393 BOOL WINAPI AddAuditAccessAceEx( PACL acl, DWORD rev, DWORD flags, DWORD access,
1394 PSID sid, BOOL success, BOOL failure )
1395 {
1396 return set_ntstatus( RtlAddAuditAccessAceEx( acl, rev, flags, access, sid, success, failure ));
1397 }
1398
1399 /******************************************************************************
1400 * AddAuditAccessObjectAce (kernelbase.@)
1401 */
1402 BOOL WINAPI AddAuditAccessObjectAce( PACL acl, DWORD rev, DWORD flags, DWORD access,
1403 GUID *type, GUID *inherit, PSID sid, BOOL success, BOOL failure )
1404 {
1405 return set_ntstatus( RtlAddAuditAccessObjectAce( acl, rev, flags, access,
1406 type, inherit, sid, success, failure ));
1407 }
1408
1409 /******************************************************************************
1410 * AddMandatoryAce (kernelbase.@)
1411 */
1412 BOOL WINAPI AddMandatoryAce( PACL acl, DWORD rev, DWORD flags, DWORD policy, PSID sid )
1413 {
1414 return set_ntstatus( RtlAddMandatoryAce( acl, rev, flags, policy,
1415 SYSTEM_MANDATORY_LABEL_ACE_TYPE, sid ));
1416 }
1417
1418 /******************************************************************************
1419 * AreAllAccessesGranted (kernelbase.@)
1420 */
1421 BOOL WINAPI AreAllAccessesGranted( DWORD granted, DWORD desired )
1422 {
1423 return RtlAreAllAccessesGranted( granted, desired );
1424 }
1425
1426 /******************************************************************************
1427 * AreAnyAccessesGranted (kernelbase.@)
1428 */
1429 BOOL WINAPI AreAnyAccessesGranted( DWORD granted, DWORD desired )
1430 {
1431 return RtlAreAnyAccessesGranted( granted, desired );
1432 }
1433
1434 /******************************************************************************
1435 * DeleteAce (kernelbase.@)
1436 */
1437 BOOL WINAPI DeleteAce( PACL acl, DWORD index )
1438 {
1439 return set_ntstatus( RtlDeleteAce( acl, index ));
1440 }
1441
1442 /******************************************************************************
1443 * FindFirstFreeAce (kernelbase.@)
1444 */
1445 BOOL WINAPI FindFirstFreeAce( PACL acl, LPVOID *ace)
1446 {
1447 return RtlFirstFreeAce( acl, (PACE_HEADER *)ace );
1448 }
1449
1450 /******************************************************************************
1451 * GetAce (kernelbase.@)
1452 */
1453 BOOL WINAPI GetAce( PACL acl, DWORD index, LPVOID *ace )
1454 {
1455 return set_ntstatus( RtlGetAce( acl, index, ace ));
1456 }
1457
1458 /******************************************************************************
1459 * GetAclInformation (kernelbase.@)
1460 */
1461 BOOL WINAPI GetAclInformation( PACL acl, LPVOID info, DWORD len, ACL_INFORMATION_CLASS class )
1462 {
1463 return set_ntstatus( RtlQueryInformationAcl( acl, info, len, class ));
1464 }
1465
1466 /*************************************************************************
1467 * InitializeAcl (kernelbase.@)
1468 */
1469 BOOL WINAPI InitializeAcl( PACL acl, DWORD size, DWORD rev )
1470 {
1471 return set_ntstatus( RtlCreateAcl( acl, size, rev ));
1472 }
1473
1474 /******************************************************************************
1475 * IsValidAcl (kernelbase.@)
1476 */
1477 BOOL WINAPI IsValidAcl( PACL acl )
1478 {
1479 return RtlValidAcl( acl );
1480 }
1481
1482 /******************************************************************************
1483 * MapGenericMask (kernelbase.@)
1484 */
1485 void WINAPI MapGenericMask( PDWORD access, PGENERIC_MAPPING mapping )
1486 {
1487 RtlMapGenericMask( access, mapping );
1488 }
1489
1490 /******************************************************************************
1491 * ObjectCloseAuditAlarmW (kernelbase.@)
1492 */
1493 BOOL WINAPI ObjectCloseAuditAlarmW( LPCWSTR subsystem, LPVOID id, BOOL on_close )
1494 {
1495 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem), id, on_close );
1496 return TRUE;
1497 }
1498
1499 /******************************************************************************
1500 * ObjectDeleteAuditAlarmW (kernelbase.@)
1501 */
1502 BOOL WINAPI ObjectDeleteAuditAlarmW( LPCWSTR subsystem, LPVOID id, BOOL on_close )
1503 {
1504 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem), id, on_close );
1505 return TRUE;
1506 }
1507
1508 /******************************************************************************
1509 * ObjectOpenAuditAlarmW (kernelbase.@)
1510 */
1511 BOOL WINAPI ObjectOpenAuditAlarmW( LPCWSTR subsystem, LPVOID id, LPWSTR type, LPWSTR name,
1512 PSECURITY_DESCRIPTOR descr, HANDLE token, DWORD desired,
1513 DWORD granted, PPRIVILEGE_SET privs, BOOL creation,
1514 BOOL access, LPBOOL on_close )
1515 {
1516 FIXME( "stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_w(subsystem),
1517 id, debugstr_w(type), debugstr_w(name), descr, token, desired, granted,
1518 privs, creation, access, on_close );
1519 return TRUE;
1520 }
1521
1522 /******************************************************************************
1523 * ObjectPrivilegeAuditAlarmW (kernelbase.@)
1524 */
1525 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR subsystem, LPVOID id, HANDLE token,
1526 DWORD desired, PPRIVILEGE_SET privs, BOOL granted )
1527 {
1528 FIXME( "stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_w(subsystem), id, token, desired, privs, granted );
1529 return TRUE;
1530 }
1531
1532 /******************************************************************************
1533 * PrivilegedServiceAuditAlarmW (kernelbase.@)
1534 */
1535 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR subsystem, LPCWSTR service, HANDLE token,
1536 PPRIVILEGE_SET privs, BOOL granted )
1537 {
1538 FIXME( "stub %s,%s,%p,%p,%x)\n", debugstr_w(subsystem), debugstr_w(service), token, privs, granted );
1539 return TRUE;
1540 }
1541
1542 /******************************************************************************
1543 * SetAclInformation (kernelbase.@)
1544 */
1545 BOOL WINAPI SetAclInformation( PACL acl, LPVOID info, DWORD len, ACL_INFORMATION_CLASS class )
1546 {
1547 FIXME( "%p %p 0x%08x 0x%08x - stub\n", acl, info, len, class );
1548 return TRUE;
1549 }
Windows API implementation