search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ntdll: Fix the prototype of NtDuplicateToken().
[wine.git] / dlls / kernelbase / security.c
blob4434a59a53a0cf0a13eff63105d1661029ed0fcc
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 *
20 */
21
22 #include <stdarg.h>
23 #include <string.h>
24
25 #include "ntstatus.h"
26 #define WIN32_NO_STATUS
27 #include "windef.h"
28 #include "winbase.h"
29 #include "winerror.h"
30 #include "winternl.h"
31 #include "winioctl.h"
32
33 #include "kernelbase.h"
34 #include "wine/debug.h"
35 #include "wine/heap.h"
36
37 WINE_DEFAULT_DEBUG_CHANNEL(security);
38
39
40 /******************************************************************************
41 * SID functions
42 ******************************************************************************/
43
44 typedef struct _MAX_SID
45 {
46 /* same fields as struct _SID */
47 BYTE Revision;
48 BYTE SubAuthorityCount;
49 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
50 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
51 } MAX_SID;
52
53 typedef struct WELLKNOWNSID
54 {
55 WELL_KNOWN_SID_TYPE Type;
56 MAX_SID Sid;
57 } WELLKNOWNSID;
58
59 static const WELLKNOWNSID WellKnownSids[] =
60 {
61 { WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
62 { WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
63 { WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
64 { WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
65 { WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
66 { WinCreatorOwnerRightsSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RIGHTS_RID } } },
67 { WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
68 { WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
69 { WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
70 { WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
71 { WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
72 { WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
73 { WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
74 { WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
75 { WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
76 { WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
77 { WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
78 { WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
79 { WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
80 { WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
81 { WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
82 { WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
83 { WinLogonIdsSid, { SID_REVISION, SECURITY_LOGON_IDS_RID_COUNT, { SECURITY_NT_AUTHORITY }, { SECURITY_LOGON_IDS_RID } } },
84 { WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
85 { WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
86 { WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
87 { WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
88 { WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
89 { WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
90 { WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
91 { WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
92 { WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
93 { WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
94 { WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
95 { WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
96 { WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
97 { WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
98 { WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
99 { WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
100 { WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
101 { WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
102 { WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
103 { WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
104 { WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
105 { WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
106 { WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
107 { WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
108 { WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
109 { WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
110 { WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
111 { WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
112 { WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
113 { WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
114 { WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
115 { WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
116 };
117
118 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
119 typedef struct WELLKNOWNRID
120 {
121 WELL_KNOWN_SID_TYPE Type;
122 DWORD Rid;
123 } WELLKNOWNRID;
124
125 static const WELLKNOWNRID WellKnownRids[] =
126 {
127 { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
128 { WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
129 { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
130 { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
131 { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
132 { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
133 { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
134 { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
135 { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
136 { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
137 { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
138 { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
139 { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
140 };
141
142 static NTSTATUS open_file( LPCWSTR name, DWORD access, HANDLE *file )
143 {
144 UNICODE_STRING file_nameW;
145 OBJECT_ATTRIBUTES attr;
146 IO_STATUS_BLOCK io;
147 NTSTATUS status;
148
149 if ((status = RtlDosPathNameToNtPathName_U_WithStatus( name, &file_nameW, NULL, NULL ))) return status;
150 attr.Length = sizeof(attr);
151 attr.RootDirectory = 0;
152 attr.Attributes = OBJ_CASE_INSENSITIVE;
153 attr.ObjectName = &file_nameW;
154 attr.SecurityDescriptor = NULL;
155 status = NtCreateFile( file, access|SYNCHRONIZE, &attr, &io, NULL, FILE_FLAG_BACKUP_SEMANTICS,
156 FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN,
157 FILE_OPEN_FOR_BACKUP_INTENT, NULL, 0 );
158 RtlFreeUnicodeString( &file_nameW );
159 return status;
160 }
161
162 static const char *debugstr_sid( PSID sid )
163 {
164 int auth;
165 SID * psid = sid;
166
167 if (psid == NULL) return "(null)";
168
169 auth = psid->IdentifierAuthority.Value[5] +
170 (psid->IdentifierAuthority.Value[4] << 8) +
171 (psid->IdentifierAuthority.Value[3] << 16) +
172 (psid->IdentifierAuthority.Value[2] << 24);
173
174 switch (psid->SubAuthorityCount) {
175 case 0:
176 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
177 case 1:
178 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
179 psid->SubAuthority[0]);
180 case 2:
181 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
182 psid->SubAuthority[0], psid->SubAuthority[1]);
183 case 3:
184 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
185 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
186 case 4:
187 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
188 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
189 psid->SubAuthority[3]);
190 case 5:
191 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
192 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
193 psid->SubAuthority[3], psid->SubAuthority[4]);
194 case 6:
195 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
196 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
197 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
198 case 7:
199 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
200 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
201 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
202 psid->SubAuthority[6]);
203 case 8:
204 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
205 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
206 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
207 psid->SubAuthority[6], psid->SubAuthority[7]);
208 }
209 return "(too-big)";
210 }
211
212 /******************************************************************************
213 * AllocateAndInitializeSid (kernelbase.@)
214 */
215 BOOL WINAPI AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY auth, BYTE count,
216 DWORD auth0, DWORD auth1, DWORD auth2, DWORD auth3,
217 DWORD auth4, DWORD auth5, DWORD auth6, DWORD auth7, PSID *sid )
218 {
219 return set_ntstatus( RtlAllocateAndInitializeSid( auth, count, auth0, auth1, auth2, auth3,
220 auth4, auth5, auth6, auth7, sid ));
221 }
222
223 /***********************************************************************
224 * AllocateLocallyUniqueId (kernelbase.@)
225 */
226 BOOL WINAPI AllocateLocallyUniqueId( PLUID luid )
227 {
228 return set_ntstatus( NtAllocateLocallyUniqueId( luid ));
229 }
230
231 /******************************************************************************
232 * CopySid (kernelbase.@)
233 */
234 BOOL WINAPI CopySid( DWORD len, PSID dest, PSID source )
235 {
236 return RtlCopySid( len, dest, source );
237 }
238
239 /******************************************************************************
240 * EqualPrefixSid (kernelbase.@)
241 */
242 BOOL WINAPI EqualPrefixSid( PSID sid1, PSID sid2 )
243 {
244 return RtlEqualPrefixSid( sid1, sid2 );
245 }
246
247 /******************************************************************************
248 * EqualSid (kernelbase.@)
249 */
250 BOOL WINAPI EqualSid( PSID sid1, PSID sid2 )
251 {
252 BOOL ret = RtlEqualSid( sid1, sid2 );
253 SetLastError(ERROR_SUCCESS);
254 return ret;
255 }
256
257 /******************************************************************************
258 * EqualDomainSid (kernelbase.@)
259 */
260 BOOL WINAPI EqualDomainSid( PSID sid1, PSID sid2, BOOL *equal )
261 {
262 MAX_SID builtin_sid, domain_sid1, domain_sid2;
263 DWORD size;
264
265 TRACE( "(%p,%p,%p)\n", sid1, sid2, equal );
266
267 if (!IsValidSid( sid1 ) || !IsValidSid( sid2 ))
268 {
269 SetLastError( ERROR_INVALID_SID );
270 return FALSE;
271 }
272
273 if (!equal)
274 {
275 SetLastError( ERROR_INVALID_PARAMETER );
276 return FALSE;
277 }
278
279 size = sizeof(domain_sid1);
280 if (GetWindowsAccountDomainSid( sid1, &domain_sid1, &size ))
281 {
282 size = sizeof(domain_sid2);
283 if (GetWindowsAccountDomainSid( sid2, &domain_sid2, &size ))
284 {
285 *equal = EqualSid( &domain_sid1, &domain_sid2 );
286 SetLastError( 0 );
287 return TRUE;
288 }
289 }
290
291 size = sizeof(builtin_sid);
292 if (!CreateWellKnownSid( WinBuiltinDomainSid, NULL, &builtin_sid, &size ))
293 return FALSE;
294
295 if (!memcmp(GetSidIdentifierAuthority( sid1 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)) &&
296 !memcmp(GetSidIdentifierAuthority( sid2 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)))
297 {
298 if (*GetSidSubAuthorityCount( sid1 ) != 0 && *GetSidSubAuthorityCount( sid2 ) != 0 &&
299 (*GetSidSubAuthority( sid1, 0 ) == SECURITY_BUILTIN_DOMAIN_RID ||
300 *GetSidSubAuthority( sid2, 0 ) == SECURITY_BUILTIN_DOMAIN_RID))
301 {
302 *equal = EqualSid( sid1, sid2 );
303 SetLastError( 0 );
304 return TRUE;
305 }
306 }
307
308 SetLastError( ERROR_NON_DOMAIN_SID );
309 return FALSE;
310 }
311
312 /******************************************************************************
313 * FreeSid (kernelbase.@)
314 */
315 void * WINAPI FreeSid( PSID pSid )
316 {
317 RtlFreeSid(pSid);
318 return NULL; /* is documented like this */
319 }
320
321 /******************************************************************************
322 * GetLengthSid (kernelbase.@)
323 */
324 DWORD WINAPI GetLengthSid( PSID sid )
325 {
326 return RtlLengthSid( sid );
327 }
328
329 /******************************************************************************
330 * GetSidIdentifierAuthority (kernelbase.@)
331 */
332 PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority( PSID sid )
333 {
334 SetLastError(ERROR_SUCCESS);
335 return RtlIdentifierAuthoritySid( sid );
336 }
337
338 /******************************************************************************
339 * GetSidLengthRequired (kernelbase.@)
340 */
341 DWORD WINAPI GetSidLengthRequired( BYTE count )
342 {
343 return RtlLengthRequiredSid( count );
344 }
345
346 /******************************************************************************
347 * GetSidSubAuthority (kernelbase.@)
348 */
349 PDWORD WINAPI GetSidSubAuthority( PSID sid, DWORD auth )
350 {
351 SetLastError(ERROR_SUCCESS);
352 return RtlSubAuthoritySid( sid, auth );
353 }
354
355 /******************************************************************************
356 * GetSidSubAuthorityCount (kernelbase.@)
357 */
358 PUCHAR WINAPI GetSidSubAuthorityCount( PSID sid )
359 {
360 SetLastError(ERROR_SUCCESS);
361 return RtlSubAuthorityCountSid( sid );
362 }
363
364 /******************************************************************************
365 * GetWindowsAccountDomainSid (kernelbase.@)
366 */
367 BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
368 {
369 SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
370 DWORD required_size;
371 int i;
372
373 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
374
375 if (!sid || !IsValidSid( sid ))
376 {
377 SetLastError( ERROR_INVALID_SID );
378 return FALSE;
379 }
380
381 if (!size)
382 {
383 SetLastError( ERROR_INVALID_PARAMETER );
384 return FALSE;
385 }
386
387 if (*GetSidSubAuthorityCount( sid ) < 4)
388 {
389 SetLastError( ERROR_INVALID_SID );
390 return FALSE;
391 }
392
393 required_size = GetSidLengthRequired( 4 );
394 if (*size < required_size || !domain_sid)
395 {
396 *size = required_size;
397 SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER : ERROR_INVALID_PARAMETER );
398 return FALSE;
399 }
400
401 InitializeSid( domain_sid, &domain_ident, 4 );
402 for (i = 0; i < 4; i++)
403 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
404
405 *size = required_size;
406 return TRUE;
407 }
408
409 /******************************************************************************
410 * InitializeSid (kernelbase.@)
411 */
412 BOOL WINAPI InitializeSid ( PSID sid, PSID_IDENTIFIER_AUTHORITY auth, BYTE count )
413 {
414 return set_ntstatus(RtlInitializeSid( sid, auth, count ));
415 }
416
417 /******************************************************************************
418 * IsValidSid (kernelbase.@)
419 */
420 BOOL WINAPI IsValidSid( PSID sid )
421 {
422 return RtlValidSid( sid );
423 }
424
425 /******************************************************************************
426 * CreateWellKnownSid (kernelbase.@)
427 */
428 BOOL WINAPI CreateWellKnownSid( WELL_KNOWN_SID_TYPE type, PSID domain, PSID sid, DWORD *size )
429 {
430 unsigned int i;
431
432 TRACE("(%d, %s, %p, %p)\n", type, debugstr_sid(domain), sid, size);
433
434 if (size == NULL || (domain && !IsValidSid(domain)))
435 {
436 SetLastError(ERROR_INVALID_PARAMETER);
437 return FALSE;
438 }
439
440 for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
441 {
442 if (WellKnownSids[i].Type == type)
443 {
444 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
445
446 if (*size < length)
447 {
448 *size = length;
449 SetLastError(ERROR_INSUFFICIENT_BUFFER);
450 return FALSE;
451 }
452 if (!sid)
453 {
454 SetLastError(ERROR_INVALID_PARAMETER);
455 return FALSE;
456 }
457 CopyMemory(sid, &WellKnownSids[i].Sid.Revision, length);
458 *size = length;
459 return TRUE;
460 }
461 }
462
463 if (domain == NULL || *GetSidSubAuthorityCount(domain) == SID_MAX_SUB_AUTHORITIES)
464 {
465 SetLastError(ERROR_INVALID_PARAMETER);
466 return FALSE;
467 }
468
469 for (i = 0; i < ARRAY_SIZE(WellKnownRids); i++)
470 {
471 if (WellKnownRids[i].Type == type)
472 {
473 UCHAR domain_subauth = *GetSidSubAuthorityCount(domain);
474 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
475 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
476
477 if (*size < output_sid_length)
478 {
479 *size = output_sid_length;
480 SetLastError(ERROR_INSUFFICIENT_BUFFER);
481 return FALSE;
482 }
483 if (!sid)
484 {
485 SetLastError(ERROR_INVALID_PARAMETER);
486 return FALSE;
487 }
488 CopyMemory(sid, domain, domain_sid_length);
489 (*GetSidSubAuthorityCount(sid))++;
490 (*GetSidSubAuthority(sid, domain_subauth)) = WellKnownRids[i].Rid;
491 *size = output_sid_length;
492 return TRUE;
493 }
494 }
495 SetLastError(ERROR_INVALID_PARAMETER);
496 return FALSE;
497 }
498
499 /******************************************************************************
500 * IsWellKnownSid (kernelbase.@)
501 */
502 BOOL WINAPI IsWellKnownSid( PSID sid, WELL_KNOWN_SID_TYPE type )
503 {
504 unsigned int i;
505
506 TRACE("(%s, %d)\n", debugstr_sid(sid), type);
507
508 for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
509 if (WellKnownSids[i].Type == type)
510 if (EqualSid(sid, (PSID)&WellKnownSids[i].Sid.Revision))
511 return TRUE;
512
513 return FALSE;
514 }
515
516
517 /******************************************************************************
518 * Token functions
519 ******************************************************************************/
520
521
522 /******************************************************************************
523 * AdjustTokenGroups (kernelbase.@)
524 */
525 BOOL WINAPI AdjustTokenGroups( HANDLE token, BOOL reset, PTOKEN_GROUPS new,
526 DWORD len, PTOKEN_GROUPS prev, PDWORD ret_len )
527 {
528 return set_ntstatus( NtAdjustGroupsToken( token, reset, new, len, prev, ret_len ));
529 }
530
531 /******************************************************************************
532 * AdjustTokenPrivileges (kernelbase.@)
533 */
534 BOOL WINAPI AdjustTokenPrivileges( HANDLE token, BOOL disable, PTOKEN_PRIVILEGES new, DWORD len,
535 PTOKEN_PRIVILEGES prev, PDWORD ret_len )
536 {
537 NTSTATUS status;
538
539 TRACE("(%p %d %p %ld %p %p)\n", token, disable, new, len, prev, ret_len );
540
541 status = NtAdjustPrivilegesToken( token, disable, new, len, prev, ret_len );
542 SetLastError( RtlNtStatusToDosError( status ));
543 return (status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED);
544 }
545
546 /******************************************************************************
547 * CheckTokenMembership (kernelbase.@)
548 */
549 BOOL WINAPI CheckTokenMembership( HANDLE token, PSID sid_to_check, PBOOL is_member )
550 {
551 PTOKEN_GROUPS token_groups = NULL;
552 HANDLE thread_token = NULL;
553 DWORD size, i;
554 BOOL ret;
555
556 TRACE("(%p %s %p)\n", token, debugstr_sid(sid_to_check), is_member);
557
558 *is_member = FALSE;
559
560 if (!token)
561 {
562 if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thread_token))
563 {
564 HANDLE process_token;
565 ret = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &process_token);
566 if (!ret)
567 goto exit;
568 ret = DuplicateTokenEx(process_token, TOKEN_QUERY, NULL, SecurityImpersonation,
569 TokenImpersonation, &thread_token);
570 CloseHandle(process_token);
571 if (!ret)
572 goto exit;
573 }
574 token = thread_token;
575 }
576 else
577 {
578 TOKEN_TYPE type;
579
580 ret = GetTokenInformation(token, TokenType, &type, sizeof(TOKEN_TYPE), &size);
581 if (!ret) goto exit;
582
583 if (type == TokenPrimary)
584 {
585 SetLastError(ERROR_NO_IMPERSONATION_TOKEN);
586 return FALSE;
587 }
588 }
589
590 ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size);
591 if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
592 goto exit;
593
594 token_groups = heap_alloc(size);
595 if (!token_groups)
596 {
597 ret = FALSE;
598 goto exit;
599 }
600
601 ret = GetTokenInformation(token, TokenGroups, token_groups, size, &size);
602 if (!ret)
603 goto exit;
604
605 for (i = 0; i < token_groups->GroupCount; i++)
606 {
607 TRACE("Groups[%ld]: {0x%lx, %s}\n", i,
608 token_groups->Groups[i].Attributes,
609 debugstr_sid(token_groups->Groups[i].Sid));
610 if ((token_groups->Groups[i].Attributes & SE_GROUP_ENABLED) &&
611 EqualSid(sid_to_check, token_groups->Groups[i].Sid))
612 {
613 *is_member = TRUE;
614 TRACE("sid enabled and found in token\n");
615 break;
616 }
617 }
618
619 exit:
620 heap_free(token_groups);
621 if (thread_token != NULL) CloseHandle(thread_token);
622 return ret;
623 }
624
625 /*************************************************************************
626 * CreateRestrictedToken (kernelbase.@)
627 */
628 BOOL WINAPI CreateRestrictedToken( HANDLE token, DWORD flags,
629 DWORD disable_sid_count, SID_AND_ATTRIBUTES *disable_sids,
630 DWORD delete_priv_count, LUID_AND_ATTRIBUTES *delete_privs,
631 DWORD restrict_sid_count, SID_AND_ATTRIBUTES *restrict_sids, HANDLE *ret )
632 {
633 TOKEN_PRIVILEGES *nt_privs = NULL;
634 TOKEN_GROUPS *nt_disable_sids = NULL, *nt_restrict_sids = NULL;
635 NTSTATUS status = STATUS_NO_MEMORY;
636
637 TRACE("token %p, flags %#lx, disable_sids %lu %p, delete_privs %lu %p, restrict_sids %lu %p, ret %p\n",
638 token, flags, disable_sid_count, disable_sids, delete_priv_count, delete_privs,
639 restrict_sid_count, restrict_sids, ret);
640
641 if (disable_sid_count)
642 {
643 if (!(nt_disable_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[disable_sid_count] ) ))) goto out;
644 nt_disable_sids->GroupCount = disable_sid_count;
645 memcpy( nt_disable_sids->Groups, disable_sids, disable_sid_count * sizeof(*disable_sids) );
646 }
647
648 if (delete_priv_count)
649 {
650 if (!(nt_privs = heap_alloc( offsetof( TOKEN_PRIVILEGES, Privileges[delete_priv_count] ) ))) goto out;
651 nt_privs->PrivilegeCount = delete_priv_count;
652 memcpy( nt_privs->Privileges, delete_privs, delete_priv_count * sizeof(*delete_privs) );
653 }
654
655 if (restrict_sid_count)
656 {
657 if (!(nt_restrict_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[restrict_sid_count] ) ))) goto out;
658 nt_restrict_sids->GroupCount = restrict_sid_count;
659 memcpy( nt_restrict_sids->Groups, restrict_sids, restrict_sid_count * sizeof(*restrict_sids) );
660 }
661
662 status = NtFilterToken(token, flags, nt_disable_sids, nt_privs, nt_restrict_sids, ret);
663
664 out:
665 heap_free(nt_disable_sids);
666 heap_free(nt_privs);
667 heap_free(nt_restrict_sids);
668 return set_ntstatus( status );
669 }
670
671 /******************************************************************************
672 * DuplicateToken (kernelbase.@)
673 */
674 BOOL WINAPI DuplicateToken( HANDLE token, SECURITY_IMPERSONATION_LEVEL level, PHANDLE ret )
675 {
676 return DuplicateTokenEx( token, TOKEN_IMPERSONATE|TOKEN_QUERY, NULL, level, TokenImpersonation, ret );
677 }
678
679 /******************************************************************************
680 * DuplicateTokenEx (kernelbase.@)
681 */
682 BOOL WINAPI DuplicateTokenEx( HANDLE token, DWORD access, LPSECURITY_ATTRIBUTES sa,
683 SECURITY_IMPERSONATION_LEVEL level, TOKEN_TYPE type, PHANDLE ret )
684 {
685 SECURITY_QUALITY_OF_SERVICE qos;
686 OBJECT_ATTRIBUTES attr;
687
688 TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", token, access, level, type, ret );
689
690 qos.Length = sizeof(qos);
691 qos.ImpersonationLevel = level;
692 qos.ContextTrackingMode = SECURITY_STATIC_TRACKING;
693 qos.EffectiveOnly = FALSE;
694 InitializeObjectAttributes( &attr, NULL, (sa && sa->bInheritHandle) ? OBJ_INHERIT : 0,
695 NULL, sa ? sa->lpSecurityDescriptor : NULL );
696 attr.SecurityQualityOfService = &qos;
697 return set_ntstatus( NtDuplicateToken( token, access, &attr, FALSE, type, ret ));
698 }
699
700 /******************************************************************************
701 * GetTokenInformation (kernelbase.@)
702 */
703 BOOL WINAPI GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS class,
704 LPVOID info, DWORD len, LPDWORD retlen )
705 {
706 TRACE("(%p, %s, %p, %ld, %p):\n",
707 token,
708 (class == TokenUser) ? "TokenUser" :
709 (class == TokenGroups) ? "TokenGroups" :
710 (class == TokenPrivileges) ? "TokenPrivileges" :
711 (class == TokenOwner) ? "TokenOwner" :
712 (class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
713 (class == TokenDefaultDacl) ? "TokenDefaultDacl" :
714 (class == TokenSource) ? "TokenSource" :
715 (class == TokenType) ? "TokenType" :
716 (class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
717 (class == TokenStatistics) ? "TokenStatistics" :
718 (class == TokenRestrictedSids) ? "TokenRestrictedSids" :
719 (class == TokenSessionId) ? "TokenSessionId" :
720 (class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
721 (class == TokenSessionReference) ? "TokenSessionReference" :
722 (class == TokenSandBoxInert) ? "TokenSandBoxInert" :
723 "Unknown",
724 info, len, retlen);
725
726 return set_ntstatus( NtQueryInformationToken( token, class, info, len, retlen ));
727 }
728
729 /******************************************************************************
730 * ImpersonateAnonymousToken (kernelbase.@)
731 */
732 BOOL WINAPI ImpersonateAnonymousToken( HANDLE thread )
733 {
734 TRACE("(%p)\n", thread);
735 return set_ntstatus( NtImpersonateAnonymousToken( thread ) );
736 }
737
738 /******************************************************************************
739 * ImpersonateLoggedOnUser (kernelbase.@)
740 */
741 BOOL WINAPI ImpersonateLoggedOnUser( HANDLE token )
742 {
743 DWORD size;
744 BOOL ret;
745 HANDLE dup;
746 TOKEN_TYPE type;
747 static BOOL warn = TRUE;
748
749 if (warn)
750 {
751 FIXME( "(%p)\n", token );
752 warn = FALSE;
753 }
754 if (!GetTokenInformation( token, TokenType, &type, sizeof(type), &size )) return FALSE;
755
756 if (type == TokenPrimary)
757 {
758 if (!DuplicateToken( token, SecurityImpersonation, &dup )) return FALSE;
759 ret = SetThreadToken( NULL, dup );
760 NtClose( dup );
761 }
762 else ret = SetThreadToken( NULL, token );
763
764 return ret;
765 }
766
767 /******************************************************************************
768 * ImpersonateNamedPipeClient (kernelbase.@)
769 */
770 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE pipe )
771 {
772 IO_STATUS_BLOCK io_block;
773
774 return set_ntstatus( NtFsControlFile( pipe, NULL, NULL, NULL, &io_block,
775 FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0 ));
776 }
777
778 /******************************************************************************
779 * ImpersonateSelf (kernelbase.@)
780 */
781 BOOL WINAPI ImpersonateSelf( SECURITY_IMPERSONATION_LEVEL level )
782 {
783 return set_ntstatus( RtlImpersonateSelf( level ) );
784 }
785
786 /******************************************************************************
787 * IsTokenRestricted (kernelbase.@)
788 */
789 BOOL WINAPI IsTokenRestricted( HANDLE token )
790 {
791 TOKEN_GROUPS *groups;
792 DWORD size;
793 NTSTATUS status;
794 BOOL restricted;
795
796 TRACE("(%p)\n", token);
797
798 status = NtQueryInformationToken(token, TokenRestrictedSids, NULL, 0, &size);
799 if (status != STATUS_BUFFER_TOO_SMALL) return set_ntstatus(status);
800
801 groups = heap_alloc(size);
802 if (!groups)
803 {
804 SetLastError(ERROR_OUTOFMEMORY);
805 return FALSE;
806 }
807
808 status = NtQueryInformationToken(token, TokenRestrictedSids, groups, size, &size);
809 if (status != STATUS_SUCCESS)
810 {
811 heap_free(groups);
812 return set_ntstatus(status);
813 }
814
815 restricted = groups->GroupCount > 0;
816 heap_free(groups);
817
818 return restricted;
819 }
820
821 /******************************************************************************
822 * OpenProcessToken (kernelbase.@)
823 */
824 BOOL WINAPI OpenProcessToken( HANDLE process, DWORD access, HANDLE *handle )
825 {
826 return set_ntstatus( NtOpenProcessToken( process, access, handle ));
827 }
828
829 /******************************************************************************
830 * OpenThreadToken (kernelbase.@)
831 */
832 BOOL WINAPI OpenThreadToken( HANDLE thread, DWORD access, BOOL self, HANDLE *handle )
833 {
834 return set_ntstatus( NtOpenThreadToken( thread, access, self, handle ));
835 }
836
837 /******************************************************************************
838 * PrivilegeCheck (kernelbase.@)
839 */
840 BOOL WINAPI PrivilegeCheck( HANDLE token, PPRIVILEGE_SET privs, LPBOOL result )
841 {
842 BOOLEAN res;
843 BOOL ret = set_ntstatus( NtPrivilegeCheck( token, privs, &res ));
844 if (ret) *result = res;
845 return ret;
846 }
847
848 /******************************************************************************
849 * RevertToSelf (kernelbase.@)
850 */
851 BOOL WINAPI RevertToSelf(void)
852 {
853 return SetThreadToken( NULL, 0 );
854 }
855
856 /*************************************************************************
857 * SetThreadToken (kernelbase.@)
858 */
859 BOOL WINAPI SetThreadToken( PHANDLE thread, HANDLE token )
860 {
861 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
862 ThreadImpersonationToken, &token, sizeof(token) ));
863 }
864
865 /******************************************************************************
866 * SetTokenInformation (kernelbase.@)
867 */
868 BOOL WINAPI SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS class, LPVOID info, DWORD len )
869 {
870 TRACE("(%p, %s, %p, %ld)\n",
871 token,
872 (class == TokenUser) ? "TokenUser" :
873 (class == TokenGroups) ? "TokenGroups" :
874 (class == TokenPrivileges) ? "TokenPrivileges" :
875 (class == TokenOwner) ? "TokenOwner" :
876 (class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
877 (class == TokenDefaultDacl) ? "TokenDefaultDacl" :
878 (class == TokenSource) ? "TokenSource" :
879 (class == TokenType) ? "TokenType" :
880 (class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
881 (class == TokenStatistics) ? "TokenStatistics" :
882 (class == TokenRestrictedSids) ? "TokenRestrictedSids" :
883 (class == TokenSessionId) ? "TokenSessionId" :
884 (class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
885 (class == TokenSessionReference) ? "TokenSessionReference" :
886 (class == TokenSandBoxInert) ? "TokenSandBoxInert" :
887 "Unknown",
888 info, len);
889
890 return set_ntstatus( NtSetInformationToken( token, class, info, len ));
891 }
892
893
894 /******************************************************************************
895 * Security descriptor functions
896 ******************************************************************************/
897
898
899 /******************************************************************************
900 * ConvertToAutoInheritPrivateObjectSecurity (kernelbase.@)
901 */
902 BOOL WINAPI ConvertToAutoInheritPrivateObjectSecurity( PSECURITY_DESCRIPTOR parent,
903 PSECURITY_DESCRIPTOR current,
904 PSECURITY_DESCRIPTOR *descr,
905 GUID *type, BOOL is_dir,
906 PGENERIC_MAPPING mapping )
907 {
908 return set_ntstatus( RtlConvertToAutoInheritSecurityObject( parent, current, descr, type, is_dir, mapping ));
909 }
910
911 /******************************************************************************
912 * CreateBoundaryDescriptorW (kernelbase.@)
913 */
914 HANDLE WINAPI CreateBoundaryDescriptorW( LPCWSTR name, ULONG flags )
915 {
916 FIXME("%s %lu - stub\n", debugstr_w(name), flags);
917 return NULL;
918 }
919
920 /******************************************************************************
921 * CreatePrivateObjectSecurity (kernelbase.@)
922 */
923 BOOL WINAPI CreatePrivateObjectSecurity( PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator,
924 PSECURITY_DESCRIPTOR *descr, BOOL is_container, HANDLE token,
925 PGENERIC_MAPPING mapping )
926 {
927 return set_ntstatus( RtlNewSecurityObject( parent, creator, descr, is_container, token, mapping ));
928 }
929
930 /******************************************************************************
931 * CreatePrivateObjectSecurityEx (kernelbase.@)
932 */
933 BOOL WINAPI CreatePrivateObjectSecurityEx( PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator,
934 PSECURITY_DESCRIPTOR *descr, GUID *type, BOOL is_container,
935 ULONG flags, HANDLE token, PGENERIC_MAPPING mapping )
936 {
937 return set_ntstatus( RtlNewSecurityObjectEx( parent, creator, descr, type, is_container, flags, token, mapping ));
938 }
939
940 /******************************************************************************
941 * CreatePrivateObjectSecurityWithMultipleInheritance (kernelbase.@)
942 */
943 BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance( PSECURITY_DESCRIPTOR parent,
944 PSECURITY_DESCRIPTOR creator,
945 PSECURITY_DESCRIPTOR *descr,
946 GUID **types, ULONG count,
947 BOOL is_container, ULONG flags,
948 HANDLE token, PGENERIC_MAPPING mapping )
949 {
950 return set_ntstatus( RtlNewSecurityObjectWithMultipleInheritance( parent, creator, descr, types, count,
951 is_container, flags, token, mapping ));
952 }
953
954 /******************************************************************************
955 * DestroyPrivateObjectSecurity (kernelbase.@)
956 */
957 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR *descr )
958 {
959 return set_ntstatus( RtlDeleteSecurityObject( descr ));
960 }
961
962 /******************************************************************************
963 * GetFileSecurityW (kernelbase.@)
964 */
965 BOOL WINAPI GetFileSecurityW( LPCWSTR name, SECURITY_INFORMATION info,
966 PSECURITY_DESCRIPTOR descr, DWORD len, LPDWORD ret_len )
967 {
968 HANDLE file;
969 NTSTATUS status;
970 DWORD access = 0;
971
972 TRACE( "(%s,%ld,%p,%ld,%p)\n", debugstr_w(name), info, descr, len, ret_len );
973
974 if (info & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION))
975 access |= READ_CONTROL;
976 if (info & SACL_SECURITY_INFORMATION)
977 access |= ACCESS_SYSTEM_SECURITY;
978
979 if (!(status = open_file( name, access, &file )))
980 {
981 status = NtQuerySecurityObject( file, info, descr, len, ret_len );
982 NtClose( file );
983 }
984 return set_ntstatus( status );
985 }
986
987 /******************************************************************************
988 * GetKernelObjectSecurity (kernelbase.@)
989 */
990 BOOL WINAPI GetKernelObjectSecurity( HANDLE handle, SECURITY_INFORMATION info,
991 PSECURITY_DESCRIPTOR descr, DWORD len, LPDWORD ret_len )
992 {
993 return set_ntstatus( NtQuerySecurityObject( handle, info, descr, len, ret_len ));
994 }
995
996 /******************************************************************************
997 * GetPrivateObjectSecurity (kernelbase.@)
998 */
999 BOOL WINAPI GetPrivateObjectSecurity( PSECURITY_DESCRIPTOR obj_descr, SECURITY_INFORMATION info,
1000 PSECURITY_DESCRIPTOR ret_descr, DWORD len, PDWORD ret_len )
1001 {
1002 SECURITY_DESCRIPTOR desc;
1003 BOOL defaulted, present;
1004 PACL pacl;
1005 PSID psid;
1006
1007 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", obj_descr, info, ret_descr, len, ret_len );
1008
1009 if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION)) return FALSE;
1010
1011 if (info & OWNER_SECURITY_INFORMATION)
1012 {
1013 if (!GetSecurityDescriptorOwner(obj_descr, &psid, &defaulted)) return FALSE;
1014 SetSecurityDescriptorOwner(&desc, psid, defaulted);
1015 }
1016 if (info & GROUP_SECURITY_INFORMATION)
1017 {
1018 if (!GetSecurityDescriptorGroup(obj_descr, &psid, &defaulted)) return FALSE;
1019 SetSecurityDescriptorGroup(&desc, psid, defaulted);
1020 }
1021 if (info & DACL_SECURITY_INFORMATION)
1022 {
1023 if (!GetSecurityDescriptorDacl(obj_descr, &present, &pacl, &defaulted)) return FALSE;
1024 SetSecurityDescriptorDacl(&desc, present, pacl, defaulted);
1025 }
1026 if (info & SACL_SECURITY_INFORMATION)
1027 {
1028 if (!GetSecurityDescriptorSacl(obj_descr, &present, &pacl, &defaulted)) return FALSE;
1029 SetSecurityDescriptorSacl(&desc, present, pacl, defaulted);
1030 }
1031
1032 *ret_len = len;
1033 return MakeSelfRelativeSD(&desc, ret_descr, ret_len);
1034 }
1035
1036 /******************************************************************************
1037 * GetSecurityDescriptorControl (kernelbase.@)
1038 */
1039 BOOL WINAPI GetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr, PSECURITY_DESCRIPTOR_CONTROL control,
1040 LPDWORD revision)
1041 {
1042 return set_ntstatus( RtlGetControlSecurityDescriptor( descr, control, revision ));
1043 }
1044
1045 /******************************************************************************
1046 * GetSecurityDescriptorDacl (kernelbase.@)
1047 */
1048 BOOL WINAPI GetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr, LPBOOL dacl_present, PACL *dacl,
1049 LPBOOL dacl_defaulted )
1050 {
1051 BOOLEAN present, defaulted;
1052 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor( descr, &present, dacl, &defaulted ));
1053 *dacl_present = present;
1054 *dacl_defaulted = defaulted;
1055 return ret;
1056 }
1057
1058 /******************************************************************************
1059 * GetSecurityDescriptorGroup (kernelbase.@)
1060 */
1061 BOOL WINAPI GetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr, PSID *group, LPBOOL group_defaulted )
1062 {
1063 BOOLEAN defaulted;
1064 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor( descr, group, &defaulted ));
1065 *group_defaulted = defaulted;
1066 return ret;
1067 }
1068
1069 /******************************************************************************
1070 * GetSecurityDescriptorLength (kernelbase.@)
1071 */
1072 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR descr )
1073 {
1074 return RtlLengthSecurityDescriptor( descr );
1075 }
1076
1077 /******************************************************************************
1078 * GetSecurityDescriptorOwner (kernelbase.@)
1079 */
1080 BOOL WINAPI GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr, PSID *owner, LPBOOL owner_defaulted )
1081 {
1082 BOOLEAN defaulted;
1083 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( descr, owner, &defaulted ));
1084 *owner_defaulted = defaulted;
1085 return ret;
1086 }
1087
1088 /******************************************************************************
1089 * GetSecurityDescriptorSacl (kernelbase.@)
1090 */
1091 BOOL WINAPI GetSecurityDescriptorSacl( PSECURITY_DESCRIPTOR descr, LPBOOL sacl_present, PACL *sacl,
1092 LPBOOL sacl_defaulted )
1093 {
1094 BOOLEAN present, defaulted;
1095 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor( descr, &present, sacl, &defaulted ));
1096 *sacl_present = present;
1097 *sacl_defaulted = defaulted;
1098 return ret;
1099 }
1100
1101 /******************************************************************************
1102 * InitializeSecurityDescriptor (kernelbase.@)
1103 */
1104 BOOL WINAPI InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR descr, DWORD revision )
1105 {
1106 return set_ntstatus( RtlCreateSecurityDescriptor( descr, revision ));
1107 }
1108
1109 /******************************************************************************
1110 * IsValidSecurityDescriptor (kernelbase.@)
1111 */
1112 BOOL WINAPI IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR descr )
1113 {
1114 if (!RtlValidSecurityDescriptor( descr ))
1115 return set_ntstatus(STATUS_INVALID_SECURITY_DESCR);
1116
1117 return TRUE;
1118 }
1119
1120 /******************************************************************************
1121 * MakeAbsoluteSD (kernelbase.@)
1122 */
1123 BOOL WINAPI MakeAbsoluteSD ( PSECURITY_DESCRIPTOR rel_descr, PSECURITY_DESCRIPTOR abs_descr,
1124 LPDWORD abs_size, PACL dacl, LPDWORD dacl_size, PACL sacl, LPDWORD sacl_size,
1125 PSID owner, LPDWORD owner_size, PSID group, LPDWORD group_size )
1126 {
1127 return set_ntstatus( RtlSelfRelativeToAbsoluteSD( rel_descr, abs_descr, abs_size,
1128 dacl, dacl_size, sacl, sacl_size,
1129 owner, owner_size, group, group_size ));
1130 }
1131
1132 /******************************************************************************
1133 * MakeSelfRelativeSD (kernelbase.@)
1134 */
1135 BOOL WINAPI MakeSelfRelativeSD( PSECURITY_DESCRIPTOR abs_descr, PSECURITY_DESCRIPTOR rel_descr,
1136 LPDWORD len )
1137 {
1138 return set_ntstatus( RtlMakeSelfRelativeSD( abs_descr, rel_descr, len ));
1139 }
1140
1141 /******************************************************************************
1142 * SetFileSecurityW (kernelbase.@)
1143 */
1144 BOOL WINAPI SetFileSecurityW( LPCWSTR name, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr )
1145 {
1146 HANDLE file;
1147 DWORD access = 0;
1148 NTSTATUS status;
1149
1150 TRACE( "(%s, 0x%lx, %p)\n", debugstr_w(name), info, descr );
1151
1152 if (info & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION)) access |= WRITE_OWNER;
1153 if (info & SACL_SECURITY_INFORMATION) access |= ACCESS_SYSTEM_SECURITY;
1154 if (info & DACL_SECURITY_INFORMATION) access |= WRITE_DAC;
1155
1156 if (!(status = open_file( name, access, &file )))
1157 {
1158 status = NtSetSecurityObject( file, info, descr );
1159 NtClose( file );
1160 }
1161 return set_ntstatus( status );
1162 }
1163
1164 /*************************************************************************
1165 * SetKernelObjectSecurity (kernelbase.@)
1166 */
1167 BOOL WINAPI SetKernelObjectSecurity( HANDLE handle, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr )
1168 {
1169 return set_ntstatus( NtSetSecurityObject( handle, info, descr ));
1170 }
1171
1172 /*************************************************************************
1173 * SetPrivateObjectSecurity (kernelbase.@)
1174 */
1175 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr,
1176 PSECURITY_DESCRIPTOR *obj_descr, PGENERIC_MAPPING mapping,
1177 HANDLE token )
1178 {
1179 FIXME( "0x%08lx %p %p %p %p - stub\n", info, descr, obj_descr, mapping, token );
1180 return TRUE;
1181 }
1182
1183 /*************************************************************************
1184 * SetPrivateObjectSecurityEx (kernelbase.@)
1185 */
1186 BOOL WINAPI SetPrivateObjectSecurityEx( SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr,
1187 PSECURITY_DESCRIPTOR *obj_descr, ULONG flags,
1188 PGENERIC_MAPPING mapping, HANDLE token )
1189 {
1190 FIXME( "0x%08lx %p %p %lu %p %p - stub\n", info, descr, obj_descr, flags, mapping, token );
1191 return TRUE;
1192 }
1193
1194 /******************************************************************************
1195 * SetSecurityDescriptorControl (kernelbase.@)
1196 */
1197 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr, SECURITY_DESCRIPTOR_CONTROL mask,
1198 SECURITY_DESCRIPTOR_CONTROL set )
1199 {
1200 return set_ntstatus( RtlSetControlSecurityDescriptor( descr, mask, set ));
1201 }
1202
1203 /******************************************************************************
1204 * SetSecurityDescriptorDacl (kernelbase.@)
1205 */
1206 BOOL WINAPI SetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr, BOOL present, PACL dacl, BOOL defaulted )
1207 {
1208 return set_ntstatus( RtlSetDaclSecurityDescriptor( descr, present, dacl, defaulted ));
1209 }
1210
1211 /******************************************************************************
1212 * SetSecurityDescriptorGroup (kernelbase.@)
1213 */
1214 BOOL WINAPI SetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr, PSID group, BOOL defaulted )
1215 {
1216 return set_ntstatus( RtlSetGroupSecurityDescriptor( descr, group, defaulted ));
1217 }
1218
1219 /******************************************************************************
1220 * SetSecurityDescriptorOwner (kernelbase.@)
1221 */
1222 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr, PSID owner, BOOL defaulted )
1223 {
1224 return set_ntstatus( RtlSetOwnerSecurityDescriptor( descr, owner, defaulted ));
1225 }
1226
1227 /**************************************************************************
1228 * SetSecurityDescriptorSacl (kernelbase.@)
1229 */
1230 BOOL WINAPI SetSecurityDescriptorSacl ( PSECURITY_DESCRIPTOR descr, BOOL present, PACL sacl, BOOL defaulted )
1231 {
1232 return set_ntstatus( RtlSetSaclSecurityDescriptor( descr, present, sacl, defaulted ));
1233 }
1234
1235
1236 /******************************************************************************
1237 * Access control functions
1238 ******************************************************************************/
1239
1240
1241 /******************************************************************************
1242 * AccessCheck (kernelbase.@)
1243 */
1244 BOOL WINAPI AccessCheck( PSECURITY_DESCRIPTOR descr, HANDLE token, DWORD access, PGENERIC_MAPPING mapping,
1245 PPRIVILEGE_SET priv, LPDWORD priv_len, LPDWORD granted, LPBOOL status )
1246 {
1247 NTSTATUS access_status;
1248 BOOL ret = set_ntstatus( NtAccessCheck( descr, token, access, mapping, priv, priv_len,
1249 granted, &access_status ));
1250 if (ret) *status = set_ntstatus( access_status );
1251 return ret;
1252 }
1253
1254 /******************************************************************************
1255 * AccessCheckAndAuditAlarmW (kernelbase.@)
1256 */
1257 BOOL WINAPI AccessCheckAndAuditAlarmW( LPCWSTR subsystem, LPVOID id, LPWSTR type_name,
1258 LPWSTR name, PSECURITY_DESCRIPTOR descr, DWORD access,
1259 PGENERIC_MAPPING mapping, BOOL creation,
1260 LPDWORD granted, LPBOOL status, LPBOOL on_close )
1261 {
1262 FIXME( "stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(subsystem),
1263 id, debugstr_w(type_name), debugstr_w(name), descr, access, mapping,
1264 creation, granted, status, on_close );
1265 return TRUE;
1266 }
1267
1268 /******************************************************************************
1269 * AccessCheckByType (kernelbase.@)
1270 */
1271 BOOL WINAPI AccessCheckByType( PSECURITY_DESCRIPTOR descr, PSID sid, HANDLE token, DWORD access,
1272 POBJECT_TYPE_LIST types, DWORD types_len, PGENERIC_MAPPING mapping,
1273 PPRIVILEGE_SET priv, LPDWORD priv_len, LPDWORD granted, LPBOOL status )
1274 {
1275 FIXME("stub\n");
1276 *status = TRUE;
1277 return !*status;
1278 }
1279
1280 /******************************************************************************
1281 * AddAccessAllowedAce (kernelbase.@)
1282 */
1283 BOOL WINAPI AddAccessAllowedAce( PACL acl, DWORD rev, DWORD access, PSID sid )
1284 {
1285 return set_ntstatus( RtlAddAccessAllowedAce( acl, rev, access, sid ));
1286 }
1287
1288 /******************************************************************************
1289 * AddAccessAllowedAceEx (kernelbase.@)
1290 */
1291 BOOL WINAPI AddAccessAllowedAceEx( PACL acl, DWORD rev, DWORD flags, DWORD access, PSID sid )
1292 {
1293 return set_ntstatus( RtlAddAccessAllowedAceEx( acl, rev, flags, access, sid ));
1294 }
1295
1296 /******************************************************************************
1297 * AddAccessAllowedObjectAce (kernelbase.@)
1298 */
1299 BOOL WINAPI AddAccessAllowedObjectAce( PACL acl, DWORD rev, DWORD flags, DWORD access,
1300 GUID *type, GUID *inherit, PSID sid )
1301 {
1302 return set_ntstatus( RtlAddAccessAllowedObjectAce( acl, rev, flags, access, type, inherit, sid ));
1303 }
1304
1305 /******************************************************************************
1306 * AddAccessDeniedAce (kernelbase.@)
1307 */
1308 BOOL WINAPI AddAccessDeniedAce( PACL acl, DWORD rev, DWORD access, PSID sid )
1309 {
1310 return set_ntstatus( RtlAddAccessDeniedAce( acl, rev, access, sid ));
1311 }
1312
1313 /******************************************************************************
1314 * AddAccessDeniedAceEx (kernelbase.@)
1315 */
1316 BOOL WINAPI AddAccessDeniedAceEx( PACL acl, DWORD rev, DWORD flags, DWORD access, PSID sid )
1317 {
1318 return set_ntstatus( RtlAddAccessDeniedAceEx( acl, rev, flags, access, sid ));
1319 }
1320
1321 /******************************************************************************
1322 * AddAccessDeniedObjectAce (kernelbase.@)
1323 */
1324 BOOL WINAPI AddAccessDeniedObjectAce( PACL acl, DWORD rev, DWORD flags, DWORD access,
1325 GUID *type, GUID *inherit, PSID sid )
1326 {
1327 return set_ntstatus( RtlAddAccessDeniedObjectAce( acl, rev, flags, access, type, inherit, sid ));
1328 }
1329
1330 /******************************************************************************
1331 * AddAce (kernelbase.@)
1332 */
1333 BOOL WINAPI AddAce( PACL acl, DWORD rev, DWORD index, LPVOID list, DWORD len )
1334 {
1335 return set_ntstatus( RtlAddAce( acl, rev, index, list, len ));
1336 }
1337
1338 /******************************************************************************
1339 * AddAuditAccessAce (kernelbase.@)
1340 */
1341 BOOL WINAPI AddAuditAccessAce( PACL acl, DWORD rev, DWORD access, PSID sid, BOOL success, BOOL failure )
1342 {
1343 return set_ntstatus( RtlAddAuditAccessAce( acl, rev, access, sid, success, failure ));
1344 }
1345
1346 /******************************************************************************
1347 * AddAuditAccessAceEx (kernelbase.@)
1348 */
1349 BOOL WINAPI AddAuditAccessAceEx( PACL acl, DWORD rev, DWORD flags, DWORD access,
1350 PSID sid, BOOL success, BOOL failure )
1351 {
1352 return set_ntstatus( RtlAddAuditAccessAceEx( acl, rev, flags, access, sid, success, failure ));
1353 }
1354
1355 /******************************************************************************
1356 * AddAuditAccessObjectAce (kernelbase.@)
1357 */
1358 BOOL WINAPI AddAuditAccessObjectAce( PACL acl, DWORD rev, DWORD flags, DWORD access,
1359 GUID *type, GUID *inherit, PSID sid, BOOL success, BOOL failure )
1360 {
1361 return set_ntstatus( RtlAddAuditAccessObjectAce( acl, rev, flags, access,
1362 type, inherit, sid, success, failure ));
1363 }
1364
1365 /******************************************************************************
1366 * AddMandatoryAce (kernelbase.@)
1367 */
1368 BOOL WINAPI AddMandatoryAce( PACL acl, DWORD rev, DWORD flags, DWORD policy, PSID sid )
1369 {
1370 return set_ntstatus( RtlAddMandatoryAce( acl, rev, flags, policy,
1371 SYSTEM_MANDATORY_LABEL_ACE_TYPE, sid ));
1372 }
1373
1374 /******************************************************************************
1375 * AreAllAccessesGranted (kernelbase.@)
1376 */
1377 BOOL WINAPI AreAllAccessesGranted( DWORD granted, DWORD desired )
1378 {
1379 return RtlAreAllAccessesGranted( granted, desired );
1380 }
1381
1382 /******************************************************************************
1383 * AreAnyAccessesGranted (kernelbase.@)
1384 */
1385 BOOL WINAPI AreAnyAccessesGranted( DWORD granted, DWORD desired )
1386 {
1387 return RtlAreAnyAccessesGranted( granted, desired );
1388 }
1389
1390 /******************************************************************************
1391 * DeleteAce (kernelbase.@)
1392 */
1393 BOOL WINAPI DeleteAce( PACL acl, DWORD index )
1394 {
1395 return set_ntstatus( RtlDeleteAce( acl, index ));
1396 }
1397
1398 /******************************************************************************
1399 * FindFirstFreeAce (kernelbase.@)
1400 */
1401 BOOL WINAPI FindFirstFreeAce( PACL acl, LPVOID *ace)
1402 {
1403 return RtlFirstFreeAce( acl, (PACE_HEADER *)ace );
1404 }
1405
1406 /******************************************************************************
1407 * GetAce (kernelbase.@)
1408 */
1409 BOOL WINAPI GetAce( PACL acl, DWORD index, LPVOID *ace )
1410 {
1411 return set_ntstatus( RtlGetAce( acl, index, ace ));
1412 }
1413
1414 /******************************************************************************
1415 * GetAclInformation (kernelbase.@)
1416 */
1417 BOOL WINAPI GetAclInformation( PACL acl, LPVOID info, DWORD len, ACL_INFORMATION_CLASS class )
1418 {
1419 return set_ntstatus( RtlQueryInformationAcl( acl, info, len, class ));
1420 }
1421
1422 /*************************************************************************
1423 * InitializeAcl (kernelbase.@)
1424 */
1425 BOOL WINAPI InitializeAcl( PACL acl, DWORD size, DWORD rev )
1426 {
1427 return set_ntstatus( RtlCreateAcl( acl, size, rev ));
1428 }
1429
1430 /******************************************************************************
1431 * IsValidAcl (kernelbase.@)
1432 */
1433 BOOL WINAPI IsValidAcl( PACL acl )
1434 {
1435 return RtlValidAcl( acl );
1436 }
1437
1438 /******************************************************************************
1439 * MapGenericMask (kernelbase.@)
1440 */
1441 void WINAPI MapGenericMask( PDWORD access, PGENERIC_MAPPING mapping )
1442 {
1443 RtlMapGenericMask( access, mapping );
1444 }
1445
1446 /******************************************************************************
1447 * ObjectCloseAuditAlarmW (kernelbase.@)
1448 */
1449 BOOL WINAPI ObjectCloseAuditAlarmW( LPCWSTR subsystem, LPVOID id, BOOL on_close )
1450 {
1451 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem), id, on_close );
1452 return TRUE;
1453 }
1454
1455 /******************************************************************************
1456 * ObjectDeleteAuditAlarmW (kernelbase.@)
1457 */
1458 BOOL WINAPI ObjectDeleteAuditAlarmW( LPCWSTR subsystem, LPVOID id, BOOL on_close )
1459 {
1460 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem), id, on_close );
1461 return TRUE;
1462 }
1463
1464 /******************************************************************************
1465 * ObjectOpenAuditAlarmW (kernelbase.@)
1466 */
1467 BOOL WINAPI ObjectOpenAuditAlarmW( LPCWSTR subsystem, LPVOID id, LPWSTR type, LPWSTR name,
1468 PSECURITY_DESCRIPTOR descr, HANDLE token, DWORD desired,
1469 DWORD granted, PPRIVILEGE_SET privs, BOOL creation,
1470 BOOL access, LPBOOL on_close )
1471 {
1472 FIXME( "stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_w(subsystem),
1473 id, debugstr_w(type), debugstr_w(name), descr, token, desired, granted,
1474 privs, creation, access, on_close );
1475 return TRUE;
1476 }
1477
1478 /******************************************************************************
1479 * ObjectPrivilegeAuditAlarmW (kernelbase.@)
1480 */
1481 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR subsystem, LPVOID id, HANDLE token,
1482 DWORD desired, PPRIVILEGE_SET privs, BOOL granted )
1483 {
1484 FIXME( "stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_w(subsystem), id, token, desired, privs, granted );
1485 return TRUE;
1486 }
1487
1488 /******************************************************************************
1489 * PrivilegedServiceAuditAlarmW (kernelbase.@)
1490 */
1491 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR subsystem, LPCWSTR service, HANDLE token,
1492 PPRIVILEGE_SET privs, BOOL granted )
1493 {
1494 FIXME( "stub %s,%s,%p,%p,%x)\n", debugstr_w(subsystem), debugstr_w(service), token, privs, granted );
1495 return TRUE;
1496 }
1497
1498 /******************************************************************************
1499 * SetAclInformation (kernelbase.@)
1500 */
1501 BOOL WINAPI SetAclInformation( PACL acl, LPVOID info, DWORD len, ACL_INFORMATION_CLASS class )
1502 {
1503 FIXME( "%p %p 0x%08lx 0x%08x - stub\n", acl, info, len, class );
1504 return TRUE;
1505 }
1506
1507 /******************************************************************************
1508 * SetCachedSigningLevel (kernelbase.@)
1509 */
1510 BOOL WINAPI SetCachedSigningLevel( PHANDLE source, ULONG count, ULONG flags, HANDLE file )
1511 {
1512 FIXME( "%p %lu %lu %p - stub\n", source, count, flags, file );
1513 return TRUE;
1514 }
Windows API implementation