search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ntdll: Connect syscall frames across user callbacks on x86-64.
[wine.git] / dlls / kernelbase / security.c
blob1dd975a7aade83bb66bdb2eecf819e05de20b739
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 *
20 */
21
22 #include <stdarg.h>
23 #include <string.h>
24
25 #include "ntstatus.h"
26 #define WIN32_NO_STATUS
27 #include "windef.h"
28 #include "winbase.h"
29 #include "winerror.h"
30 #include "winternl.h"
31 #include "winioctl.h"
32 #include "ddk/ntddk.h"
33
34 #include "kernelbase.h"
35 #include "wine/debug.h"
36 #include "wine/heap.h"
37
38 WINE_DEFAULT_DEBUG_CHANNEL(security);
39
40
41 /******************************************************************************
42 * SID functions
43 ******************************************************************************/
44
45 typedef struct _MAX_SID
46 {
47 /* same fields as struct _SID */
48 BYTE Revision;
49 BYTE SubAuthorityCount;
50 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
51 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
52 } MAX_SID;
53
54 typedef struct WELLKNOWNSID
55 {
56 WELL_KNOWN_SID_TYPE Type;
57 MAX_SID Sid;
58 } WELLKNOWNSID;
59
60 static const WELLKNOWNSID WellKnownSids[] =
61 {
62 { WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
63 { WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
64 { WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
65 { WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
66 { WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
67 { WinCreatorOwnerRightsSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RIGHTS_RID } } },
68 { WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
69 { WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
70 { WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
71 { WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
72 { WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
73 { WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
74 { WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
75 { WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
76 { WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
77 { WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
78 { WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
79 { WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
80 { WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
81 { WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
82 { WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
83 { WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
84 { WinLogonIdsSid, { SID_REVISION, SECURITY_LOGON_IDS_RID_COUNT, { SECURITY_NT_AUTHORITY }, { SECURITY_LOGON_IDS_RID } } },
85 { WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
86 { WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
87 { WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
88 { WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
89 { WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
90 { WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
91 { WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
92 { WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
93 { WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
94 { WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
95 { WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
96 { WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
97 { WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
98 { WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
99 { WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
100 { WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
101 { WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
102 { WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
103 { WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
104 { WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
105 { WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
106 { WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
107 { WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
108 { WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
109 { WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
110 { WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
111 { WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
112 { WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
113 { WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
114 { WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
115 { WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
116 { WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
117 };
118
119 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
120 typedef struct WELLKNOWNRID
121 {
122 WELL_KNOWN_SID_TYPE Type;
123 DWORD Rid;
124 } WELLKNOWNRID;
125
126 static const WELLKNOWNRID WellKnownRids[] =
127 {
128 { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
129 { WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
130 { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
131 { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
132 { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
133 { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
134 { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
135 { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
136 { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
137 { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
138 { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
139 { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
140 { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
141 };
142
143 static NTSTATUS open_file( LPCWSTR name, DWORD access, HANDLE *file )
144 {
145 UNICODE_STRING file_nameW;
146 OBJECT_ATTRIBUTES attr;
147 IO_STATUS_BLOCK io;
148 NTSTATUS status;
149
150 if ((status = RtlDosPathNameToNtPathName_U_WithStatus( name, &file_nameW, NULL, NULL ))) return status;
151 attr.Length = sizeof(attr);
152 attr.RootDirectory = 0;
153 attr.Attributes = OBJ_CASE_INSENSITIVE;
154 attr.ObjectName = &file_nameW;
155 attr.SecurityDescriptor = NULL;
156 status = NtCreateFile( file, access|SYNCHRONIZE, &attr, &io, NULL, FILE_FLAG_BACKUP_SEMANTICS,
157 FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN,
158 FILE_OPEN_FOR_BACKUP_INTENT, NULL, 0 );
159 RtlFreeUnicodeString( &file_nameW );
160 return status;
161 }
162
163 static const char *debugstr_sid( PSID sid )
164 {
165 int auth;
166 SID * psid = sid;
167
168 if (psid == NULL) return "(null)";
169
170 auth = psid->IdentifierAuthority.Value[5] +
171 (psid->IdentifierAuthority.Value[4] << 8) +
172 (psid->IdentifierAuthority.Value[3] << 16) +
173 (psid->IdentifierAuthority.Value[2] << 24);
174
175 switch (psid->SubAuthorityCount) {
176 case 0:
177 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
178 case 1:
179 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
180 psid->SubAuthority[0]);
181 case 2:
182 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
183 psid->SubAuthority[0], psid->SubAuthority[1]);
184 case 3:
185 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
186 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
187 case 4:
188 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
189 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
190 psid->SubAuthority[3]);
191 case 5:
192 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
193 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
194 psid->SubAuthority[3], psid->SubAuthority[4]);
195 case 6:
196 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
197 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
198 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
199 case 7:
200 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
201 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
202 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
203 psid->SubAuthority[6]);
204 case 8:
205 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
206 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
207 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
208 psid->SubAuthority[6], psid->SubAuthority[7]);
209 }
210 return "(too-big)";
211 }
212
213 /******************************************************************************
214 * AllocateAndInitializeSid (kernelbase.@)
215 */
216 BOOL WINAPI AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY auth, BYTE count,
217 DWORD auth0, DWORD auth1, DWORD auth2, DWORD auth3,
218 DWORD auth4, DWORD auth5, DWORD auth6, DWORD auth7, PSID *sid )
219 {
220 return set_ntstatus( RtlAllocateAndInitializeSid( auth, count, auth0, auth1, auth2, auth3,
221 auth4, auth5, auth6, auth7, sid ));
222 }
223
224 /***********************************************************************
225 * AllocateLocallyUniqueId (kernelbase.@)
226 */
227 BOOL WINAPI AllocateLocallyUniqueId( PLUID luid )
228 {
229 return set_ntstatus( NtAllocateLocallyUniqueId( luid ));
230 }
231
232 /******************************************************************************
233 * CopySid (kernelbase.@)
234 */
235 BOOL WINAPI CopySid( DWORD len, PSID dest, PSID source )
236 {
237 return RtlCopySid( len, dest, source );
238 }
239
240 /******************************************************************************
241 * EqualPrefixSid (kernelbase.@)
242 */
243 BOOL WINAPI EqualPrefixSid( PSID sid1, PSID sid2 )
244 {
245 return RtlEqualPrefixSid( sid1, sid2 );
246 }
247
248 /******************************************************************************
249 * EqualSid (kernelbase.@)
250 */
251 BOOL WINAPI EqualSid( PSID sid1, PSID sid2 )
252 {
253 BOOL ret = RtlEqualSid( sid1, sid2 );
254 SetLastError(ERROR_SUCCESS);
255 return ret;
256 }
257
258 /******************************************************************************
259 * EqualDomainSid (kernelbase.@)
260 */
261 BOOL WINAPI EqualDomainSid( PSID sid1, PSID sid2, BOOL *equal )
262 {
263 MAX_SID builtin_sid, domain_sid1, domain_sid2;
264 DWORD size;
265
266 TRACE( "(%p,%p,%p)\n", sid1, sid2, equal );
267
268 if (!IsValidSid( sid1 ) || !IsValidSid( sid2 ))
269 {
270 SetLastError( ERROR_INVALID_SID );
271 return FALSE;
272 }
273
274 if (!equal)
275 {
276 SetLastError( ERROR_INVALID_PARAMETER );
277 return FALSE;
278 }
279
280 size = sizeof(domain_sid1);
281 if (GetWindowsAccountDomainSid( sid1, &domain_sid1, &size ))
282 {
283 size = sizeof(domain_sid2);
284 if (GetWindowsAccountDomainSid( sid2, &domain_sid2, &size ))
285 {
286 *equal = EqualSid( &domain_sid1, &domain_sid2 );
287 SetLastError( 0 );
288 return TRUE;
289 }
290 }
291
292 size = sizeof(builtin_sid);
293 if (!CreateWellKnownSid( WinBuiltinDomainSid, NULL, &builtin_sid, &size ))
294 return FALSE;
295
296 if (!memcmp(GetSidIdentifierAuthority( sid1 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)) &&
297 !memcmp(GetSidIdentifierAuthority( sid2 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)))
298 {
299 if (*GetSidSubAuthorityCount( sid1 ) != 0 && *GetSidSubAuthorityCount( sid2 ) != 0 &&
300 (*GetSidSubAuthority( sid1, 0 ) == SECURITY_BUILTIN_DOMAIN_RID ||
301 *GetSidSubAuthority( sid2, 0 ) == SECURITY_BUILTIN_DOMAIN_RID))
302 {
303 *equal = EqualSid( sid1, sid2 );
304 SetLastError( 0 );
305 return TRUE;
306 }
307 }
308
309 SetLastError( ERROR_NON_DOMAIN_SID );
310 return FALSE;
311 }
312
313 /******************************************************************************
314 * FreeSid (kernelbase.@)
315 */
316 void * WINAPI FreeSid( PSID pSid )
317 {
318 RtlFreeSid(pSid);
319 return NULL; /* is documented like this */
320 }
321
322 /******************************************************************************
323 * GetLengthSid (kernelbase.@)
324 */
325 DWORD WINAPI GetLengthSid( PSID sid )
326 {
327 return RtlLengthSid( sid );
328 }
329
330 /******************************************************************************
331 * GetSidIdentifierAuthority (kernelbase.@)
332 */
333 PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority( PSID sid )
334 {
335 SetLastError(ERROR_SUCCESS);
336 return RtlIdentifierAuthoritySid( sid );
337 }
338
339 /******************************************************************************
340 * GetSidLengthRequired (kernelbase.@)
341 */
342 DWORD WINAPI GetSidLengthRequired( BYTE count )
343 {
344 return RtlLengthRequiredSid( count );
345 }
346
347 /******************************************************************************
348 * GetSidSubAuthority (kernelbase.@)
349 */
350 PDWORD WINAPI GetSidSubAuthority( PSID sid, DWORD auth )
351 {
352 SetLastError(ERROR_SUCCESS);
353 return RtlSubAuthoritySid( sid, auth );
354 }
355
356 /******************************************************************************
357 * GetSidSubAuthorityCount (kernelbase.@)
358 */
359 PUCHAR WINAPI GetSidSubAuthorityCount( PSID sid )
360 {
361 SetLastError(ERROR_SUCCESS);
362 return RtlSubAuthorityCountSid( sid );
363 }
364
365 /******************************************************************************
366 * GetWindowsAccountDomainSid (kernelbase.@)
367 */
368 BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
369 {
370 SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
371 DWORD required_size;
372 int i;
373
374 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
375
376 if (!sid || !IsValidSid( sid ))
377 {
378 SetLastError( ERROR_INVALID_SID );
379 return FALSE;
380 }
381
382 if (!size)
383 {
384 SetLastError( ERROR_INVALID_PARAMETER );
385 return FALSE;
386 }
387
388 if (*GetSidSubAuthorityCount( sid ) < 4)
389 {
390 SetLastError( ERROR_INVALID_SID );
391 return FALSE;
392 }
393
394 required_size = GetSidLengthRequired( 4 );
395 if (*size < required_size || !domain_sid)
396 {
397 *size = required_size;
398 SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER : ERROR_INVALID_PARAMETER );
399 return FALSE;
400 }
401
402 InitializeSid( domain_sid, &domain_ident, 4 );
403 for (i = 0; i < 4; i++)
404 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
405
406 *size = required_size;
407 return TRUE;
408 }
409
410 /******************************************************************************
411 * InitializeSid (kernelbase.@)
412 */
413 BOOL WINAPI InitializeSid ( PSID sid, PSID_IDENTIFIER_AUTHORITY auth, BYTE count )
414 {
415 return set_ntstatus(RtlInitializeSid( sid, auth, count ));
416 }
417
418 /******************************************************************************
419 * IsValidSid (kernelbase.@)
420 */
421 BOOL WINAPI IsValidSid( PSID sid )
422 {
423 return RtlValidSid( sid );
424 }
425
426 /******************************************************************************
427 * CreateWellKnownSid (kernelbase.@)
428 */
429 BOOL WINAPI CreateWellKnownSid( WELL_KNOWN_SID_TYPE type, PSID domain, PSID sid, DWORD *size )
430 {
431 unsigned int i;
432
433 TRACE("(%d, %s, %p, %p)\n", type, debugstr_sid(domain), sid, size);
434
435 if (size == NULL || (domain && !IsValidSid(domain)))
436 {
437 SetLastError(ERROR_INVALID_PARAMETER);
438 return FALSE;
439 }
440
441 for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
442 {
443 if (WellKnownSids[i].Type == type)
444 {
445 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
446
447 if (*size < length)
448 {
449 *size = length;
450 SetLastError(ERROR_INSUFFICIENT_BUFFER);
451 return FALSE;
452 }
453 if (!sid)
454 {
455 SetLastError(ERROR_INVALID_PARAMETER);
456 return FALSE;
457 }
458 CopyMemory(sid, &WellKnownSids[i].Sid.Revision, length);
459 *size = length;
460 return TRUE;
461 }
462 }
463
464 if (domain == NULL || *GetSidSubAuthorityCount(domain) == SID_MAX_SUB_AUTHORITIES)
465 {
466 SetLastError(ERROR_INVALID_PARAMETER);
467 return FALSE;
468 }
469
470 for (i = 0; i < ARRAY_SIZE(WellKnownRids); i++)
471 {
472 if (WellKnownRids[i].Type == type)
473 {
474 UCHAR domain_subauth = *GetSidSubAuthorityCount(domain);
475 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
476 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
477
478 if (*size < output_sid_length)
479 {
480 *size = output_sid_length;
481 SetLastError(ERROR_INSUFFICIENT_BUFFER);
482 return FALSE;
483 }
484 if (!sid)
485 {
486 SetLastError(ERROR_INVALID_PARAMETER);
487 return FALSE;
488 }
489 CopyMemory(sid, domain, domain_sid_length);
490 (*GetSidSubAuthorityCount(sid))++;
491 (*GetSidSubAuthority(sid, domain_subauth)) = WellKnownRids[i].Rid;
492 *size = output_sid_length;
493 return TRUE;
494 }
495 }
496 SetLastError(ERROR_INVALID_PARAMETER);
497 return FALSE;
498 }
499
500 /******************************************************************************
501 * IsWellKnownSid (kernelbase.@)
502 */
503 BOOL WINAPI IsWellKnownSid( PSID sid, WELL_KNOWN_SID_TYPE type )
504 {
505 unsigned int i;
506
507 TRACE("(%s, %d)\n", debugstr_sid(sid), type);
508
509 for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
510 if (WellKnownSids[i].Type == type)
511 if (EqualSid(sid, (PSID)&WellKnownSids[i].Sid.Revision))
512 return TRUE;
513
514 return FALSE;
515 }
516
517
518 /******************************************************************************
519 * Token functions
520 ******************************************************************************/
521
522
523 /******************************************************************************
524 * AdjustTokenGroups (kernelbase.@)
525 */
526 BOOL WINAPI AdjustTokenGroups( HANDLE token, BOOL reset, PTOKEN_GROUPS new,
527 DWORD len, PTOKEN_GROUPS prev, PDWORD ret_len )
528 {
529 return set_ntstatus( NtAdjustGroupsToken( token, reset, new, len, prev, ret_len ));
530 }
531
532 /******************************************************************************
533 * AdjustTokenPrivileges (kernelbase.@)
534 */
535 BOOL WINAPI AdjustTokenPrivileges( HANDLE token, BOOL disable, PTOKEN_PRIVILEGES new, DWORD len,
536 PTOKEN_PRIVILEGES prev, PDWORD ret_len )
537 {
538 NTSTATUS status;
539
540 TRACE("(%p %d %p %ld %p %p)\n", token, disable, new, len, prev, ret_len );
541
542 status = NtAdjustPrivilegesToken( token, disable, new, len, prev, ret_len );
543 SetLastError( RtlNtStatusToDosError( status ));
544 return (status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED);
545 }
546
547 /******************************************************************************
548 * CheckTokenMembership (kernelbase.@)
549 */
550 BOOL WINAPI CheckTokenMembership( HANDLE token, PSID sid_to_check, PBOOL is_member )
551 {
552 PTOKEN_GROUPS token_groups = NULL;
553 HANDLE thread_token = NULL;
554 DWORD size, i;
555 BOOL ret;
556
557 TRACE("(%p %s %p)\n", token, debugstr_sid(sid_to_check), is_member);
558
559 *is_member = FALSE;
560
561 if (!token)
562 {
563 if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thread_token))
564 {
565 HANDLE process_token;
566 ret = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &process_token);
567 if (!ret)
568 goto exit;
569 ret = DuplicateTokenEx(process_token, TOKEN_QUERY, NULL, SecurityImpersonation,
570 TokenImpersonation, &thread_token);
571 CloseHandle(process_token);
572 if (!ret)
573 goto exit;
574 }
575 token = thread_token;
576 }
577 else
578 {
579 TOKEN_TYPE type;
580
581 ret = GetTokenInformation(token, TokenType, &type, sizeof(TOKEN_TYPE), &size);
582 if (!ret) goto exit;
583
584 if (type == TokenPrimary)
585 {
586 SetLastError(ERROR_NO_IMPERSONATION_TOKEN);
587 return FALSE;
588 }
589 }
590
591 ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size);
592 if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
593 goto exit;
594
595 token_groups = heap_alloc(size);
596 if (!token_groups)
597 {
598 ret = FALSE;
599 goto exit;
600 }
601
602 ret = GetTokenInformation(token, TokenGroups, token_groups, size, &size);
603 if (!ret)
604 goto exit;
605
606 for (i = 0; i < token_groups->GroupCount; i++)
607 {
608 TRACE("Groups[%ld]: {0x%lx, %s}\n", i,
609 token_groups->Groups[i].Attributes,
610 debugstr_sid(token_groups->Groups[i].Sid));
611 if ((token_groups->Groups[i].Attributes & SE_GROUP_ENABLED) &&
612 EqualSid(sid_to_check, token_groups->Groups[i].Sid))
613 {
614 *is_member = TRUE;
615 TRACE("sid enabled and found in token\n");
616 break;
617 }
618 }
619
620 exit:
621 heap_free(token_groups);
622 if (thread_token != NULL) CloseHandle(thread_token);
623 return ret;
624 }
625
626 /*************************************************************************
627 * CreateRestrictedToken (kernelbase.@)
628 */
629 BOOL WINAPI CreateRestrictedToken( HANDLE token, DWORD flags,
630 DWORD disable_sid_count, SID_AND_ATTRIBUTES *disable_sids,
631 DWORD delete_priv_count, LUID_AND_ATTRIBUTES *delete_privs,
632 DWORD restrict_sid_count, SID_AND_ATTRIBUTES *restrict_sids, HANDLE *ret )
633 {
634 TOKEN_PRIVILEGES *nt_privs = NULL;
635 TOKEN_GROUPS *nt_disable_sids = NULL, *nt_restrict_sids = NULL;
636 NTSTATUS status = STATUS_NO_MEMORY;
637
638 TRACE("token %p, flags %#lx, disable_sids %lu %p, delete_privs %lu %p, restrict_sids %lu %p, ret %p\n",
639 token, flags, disable_sid_count, disable_sids, delete_priv_count, delete_privs,
640 restrict_sid_count, restrict_sids, ret);
641
642 if (disable_sid_count)
643 {
644 if (!(nt_disable_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[disable_sid_count] ) ))) goto out;
645 nt_disable_sids->GroupCount = disable_sid_count;
646 memcpy( nt_disable_sids->Groups, disable_sids, disable_sid_count * sizeof(*disable_sids) );
647 }
648
649 if (delete_priv_count)
650 {
651 if (!(nt_privs = heap_alloc( offsetof( TOKEN_PRIVILEGES, Privileges[delete_priv_count] ) ))) goto out;
652 nt_privs->PrivilegeCount = delete_priv_count;
653 memcpy( nt_privs->Privileges, delete_privs, delete_priv_count * sizeof(*delete_privs) );
654 }
655
656 if (restrict_sid_count)
657 {
658 if (!(nt_restrict_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[restrict_sid_count] ) ))) goto out;
659 nt_restrict_sids->GroupCount = restrict_sid_count;
660 memcpy( nt_restrict_sids->Groups, restrict_sids, restrict_sid_count * sizeof(*restrict_sids) );
661 }
662
663 status = NtFilterToken(token, flags, nt_disable_sids, nt_privs, nt_restrict_sids, ret);
664
665 out:
666 heap_free(nt_disable_sids);
667 heap_free(nt_privs);
668 heap_free(nt_restrict_sids);
669 return set_ntstatus( status );
670 }
671
672 /******************************************************************************
673 * DuplicateToken (kernelbase.@)
674 */
675 BOOL WINAPI DuplicateToken( HANDLE token, SECURITY_IMPERSONATION_LEVEL level, PHANDLE ret )
676 {
677 return DuplicateTokenEx( token, TOKEN_IMPERSONATE|TOKEN_QUERY, NULL, level, TokenImpersonation, ret );
678 }
679
680 /******************************************************************************
681 * DuplicateTokenEx (kernelbase.@)
682 */
683 BOOL WINAPI DuplicateTokenEx( HANDLE token, DWORD access, LPSECURITY_ATTRIBUTES sa,
684 SECURITY_IMPERSONATION_LEVEL level, TOKEN_TYPE type, PHANDLE ret )
685 {
686 SECURITY_QUALITY_OF_SERVICE qos;
687 OBJECT_ATTRIBUTES attr;
688
689 TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", token, access, level, type, ret );
690
691 qos.Length = sizeof(qos);
692 qos.ImpersonationLevel = level;
693 qos.ContextTrackingMode = SECURITY_STATIC_TRACKING;
694 qos.EffectiveOnly = FALSE;
695 InitializeObjectAttributes( &attr, NULL, (sa && sa->bInheritHandle) ? OBJ_INHERIT : 0,
696 NULL, sa ? sa->lpSecurityDescriptor : NULL );
697 attr.SecurityQualityOfService = &qos;
698 return set_ntstatus( NtDuplicateToken( token, access, &attr, FALSE, type, ret ));
699 }
700
701 /******************************************************************************
702 * GetTokenInformation (kernelbase.@)
703 */
704 BOOL WINAPI GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS class,
705 LPVOID info, DWORD len, LPDWORD retlen )
706 {
707 TRACE("(%p, %s, %p, %ld, %p):\n",
708 token,
709 (class == TokenUser) ? "TokenUser" :
710 (class == TokenGroups) ? "TokenGroups" :
711 (class == TokenPrivileges) ? "TokenPrivileges" :
712 (class == TokenOwner) ? "TokenOwner" :
713 (class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
714 (class == TokenDefaultDacl) ? "TokenDefaultDacl" :
715 (class == TokenSource) ? "TokenSource" :
716 (class == TokenType) ? "TokenType" :
717 (class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
718 (class == TokenStatistics) ? "TokenStatistics" :
719 (class == TokenRestrictedSids) ? "TokenRestrictedSids" :
720 (class == TokenSessionId) ? "TokenSessionId" :
721 (class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
722 (class == TokenSessionReference) ? "TokenSessionReference" :
723 (class == TokenSandBoxInert) ? "TokenSandBoxInert" :
724 "Unknown",
725 info, len, retlen);
726
727 return set_ntstatus( NtQueryInformationToken( token, class, info, len, retlen ));
728 }
729
730 /******************************************************************************
731 * ImpersonateAnonymousToken (kernelbase.@)
732 */
733 BOOL WINAPI ImpersonateAnonymousToken( HANDLE thread )
734 {
735 TRACE("(%p)\n", thread);
736 return set_ntstatus( NtImpersonateAnonymousToken( thread ) );
737 }
738
739 /******************************************************************************
740 * ImpersonateLoggedOnUser (kernelbase.@)
741 */
742 BOOL WINAPI ImpersonateLoggedOnUser( HANDLE token )
743 {
744 DWORD size;
745 BOOL ret;
746 HANDLE dup;
747 TOKEN_TYPE type;
748 static BOOL warn = TRUE;
749
750 if (warn)
751 {
752 FIXME( "(%p)\n", token );
753 warn = FALSE;
754 }
755 if (!GetTokenInformation( token, TokenType, &type, sizeof(type), &size )) return FALSE;
756
757 if (type == TokenPrimary)
758 {
759 if (!DuplicateToken( token, SecurityImpersonation, &dup )) return FALSE;
760 ret = SetThreadToken( NULL, dup );
761 NtClose( dup );
762 }
763 else ret = SetThreadToken( NULL, token );
764
765 return ret;
766 }
767
768 /******************************************************************************
769 * ImpersonateNamedPipeClient (kernelbase.@)
770 */
771 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE pipe )
772 {
773 IO_STATUS_BLOCK io_block;
774
775 return set_ntstatus( NtFsControlFile( pipe, NULL, NULL, NULL, &io_block,
776 FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0 ));
777 }
778
779 /******************************************************************************
780 * ImpersonateSelf (kernelbase.@)
781 */
782 BOOL WINAPI ImpersonateSelf( SECURITY_IMPERSONATION_LEVEL level )
783 {
784 return set_ntstatus( RtlImpersonateSelf( level ) );
785 }
786
787 /******************************************************************************
788 * IsTokenRestricted (kernelbase.@)
789 */
790 BOOL WINAPI IsTokenRestricted( HANDLE token )
791 {
792 TOKEN_GROUPS *groups;
793 DWORD size;
794 NTSTATUS status;
795 BOOL restricted;
796
797 TRACE("(%p)\n", token);
798
799 status = NtQueryInformationToken(token, TokenRestrictedSids, NULL, 0, &size);
800 if (status != STATUS_BUFFER_TOO_SMALL) return set_ntstatus(status);
801
802 groups = heap_alloc(size);
803 if (!groups)
804 {
805 SetLastError(ERROR_OUTOFMEMORY);
806 return FALSE;
807 }
808
809 status = NtQueryInformationToken(token, TokenRestrictedSids, groups, size, &size);
810 if (status != STATUS_SUCCESS)
811 {
812 heap_free(groups);
813 return set_ntstatus(status);
814 }
815
816 restricted = groups->GroupCount > 0;
817 heap_free(groups);
818
819 return restricted;
820 }
821
822 /******************************************************************************
823 * OpenProcessToken (kernelbase.@)
824 */
825 BOOL WINAPI OpenProcessToken( HANDLE process, DWORD access, HANDLE *handle )
826 {
827 return set_ntstatus( NtOpenProcessToken( process, access, handle ));
828 }
829
830 /******************************************************************************
831 * OpenThreadToken (kernelbase.@)
832 */
833 BOOL WINAPI OpenThreadToken( HANDLE thread, DWORD access, BOOL self, HANDLE *handle )
834 {
835 return set_ntstatus( NtOpenThreadToken( thread, access, self, handle ));
836 }
837
838 /******************************************************************************
839 * PrivilegeCheck (kernelbase.@)
840 */
841 BOOL WINAPI PrivilegeCheck( HANDLE token, PPRIVILEGE_SET privs, LPBOOL result )
842 {
843 BOOLEAN res;
844 BOOL ret = set_ntstatus( NtPrivilegeCheck( token, privs, &res ));
845 if (ret) *result = res;
846 return ret;
847 }
848
849 /******************************************************************************
850 * RevertToSelf (kernelbase.@)
851 */
852 BOOL WINAPI RevertToSelf(void)
853 {
854 return SetThreadToken( NULL, 0 );
855 }
856
857 /*************************************************************************
858 * SetThreadToken (kernelbase.@)
859 */
860 BOOL WINAPI SetThreadToken( PHANDLE thread, HANDLE token )
861 {
862 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
863 ThreadImpersonationToken, &token, sizeof(token) ));
864 }
865
866 /******************************************************************************
867 * SetTokenInformation (kernelbase.@)
868 */
869 BOOL WINAPI SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS class, LPVOID info, DWORD len )
870 {
871 TRACE("(%p, %s, %p, %ld)\n",
872 token,
873 (class == TokenUser) ? "TokenUser" :
874 (class == TokenGroups) ? "TokenGroups" :
875 (class == TokenPrivileges) ? "TokenPrivileges" :
876 (class == TokenOwner) ? "TokenOwner" :
877 (class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
878 (class == TokenDefaultDacl) ? "TokenDefaultDacl" :
879 (class == TokenSource) ? "TokenSource" :
880 (class == TokenType) ? "TokenType" :
881 (class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
882 (class == TokenStatistics) ? "TokenStatistics" :
883 (class == TokenRestrictedSids) ? "TokenRestrictedSids" :
884 (class == TokenSessionId) ? "TokenSessionId" :
885 (class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
886 (class == TokenSessionReference) ? "TokenSessionReference" :
887 (class == TokenSandBoxInert) ? "TokenSandBoxInert" :
888 "Unknown",
889 info, len);
890
891 return set_ntstatus( NtSetInformationToken( token, class, info, len ));
892 }
893
894
895 /******************************************************************************
896 * Security descriptor functions
897 ******************************************************************************/
898
899
900 /******************************************************************************
901 * ConvertToAutoInheritPrivateObjectSecurity (kernelbase.@)
902 */
903 BOOL WINAPI ConvertToAutoInheritPrivateObjectSecurity( PSECURITY_DESCRIPTOR parent,
904 PSECURITY_DESCRIPTOR current,
905 PSECURITY_DESCRIPTOR *descr,
906 GUID *type, BOOL is_dir,
907 PGENERIC_MAPPING mapping )
908 {
909 return set_ntstatus( RtlConvertToAutoInheritSecurityObject( parent, current, descr, type, is_dir, mapping ));
910 }
911
912 /******************************************************************************
913 * CreateBoundaryDescriptorW (kernelbase.@)
914 */
915 HANDLE WINAPI CreateBoundaryDescriptorW( LPCWSTR name, ULONG flags )
916 {
917 FIXME("%s %lu - stub\n", debugstr_w(name), flags);
918 return NULL;
919 }
920
921 /******************************************************************************
922 * CreatePrivateObjectSecurity (kernelbase.@)
923 */
924 BOOL WINAPI CreatePrivateObjectSecurity( PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator,
925 PSECURITY_DESCRIPTOR *descr, BOOL is_container, HANDLE token,
926 PGENERIC_MAPPING mapping )
927 {
928 return set_ntstatus( RtlNewSecurityObject( parent, creator, descr, is_container, token, mapping ));
929 }
930
931 /******************************************************************************
932 * CreatePrivateObjectSecurityEx (kernelbase.@)
933 */
934 BOOL WINAPI CreatePrivateObjectSecurityEx( PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator,
935 PSECURITY_DESCRIPTOR *descr, GUID *type, BOOL is_container,
936 ULONG flags, HANDLE token, PGENERIC_MAPPING mapping )
937 {
938 return set_ntstatus( RtlNewSecurityObjectEx( parent, creator, descr, type, is_container, flags, token, mapping ));
939 }
940
941 /******************************************************************************
942 * CreatePrivateObjectSecurityWithMultipleInheritance (kernelbase.@)
943 */
944 BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance( PSECURITY_DESCRIPTOR parent,
945 PSECURITY_DESCRIPTOR creator,
946 PSECURITY_DESCRIPTOR *descr,
947 GUID **types, ULONG count,
948 BOOL is_container, ULONG flags,
949 HANDLE token, PGENERIC_MAPPING mapping )
950 {
951 return set_ntstatus( RtlNewSecurityObjectWithMultipleInheritance( parent, creator, descr, types, count,
952 is_container, flags, token, mapping ));
953 }
954
955 /******************************************************************************
956 * DestroyPrivateObjectSecurity (kernelbase.@)
957 */
958 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR *descr )
959 {
960 return set_ntstatus( RtlDeleteSecurityObject( descr ));
961 }
962
963 /******************************************************************************
964 * GetFileSecurityW (kernelbase.@)
965 */
966 BOOL WINAPI GetFileSecurityW( LPCWSTR name, SECURITY_INFORMATION info,
967 PSECURITY_DESCRIPTOR descr, DWORD len, LPDWORD ret_len )
968 {
969 HANDLE file;
970 NTSTATUS status;
971 DWORD access = 0;
972
973 TRACE( "(%s,%ld,%p,%ld,%p)\n", debugstr_w(name), info, descr, len, ret_len );
974
975 if (info & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION))
976 access |= READ_CONTROL;
977 if (info & SACL_SECURITY_INFORMATION)
978 access |= ACCESS_SYSTEM_SECURITY;
979
980 if (!(status = open_file( name, access, &file )))
981 {
982 status = NtQuerySecurityObject( file, info, descr, len, ret_len );
983 NtClose( file );
984 }
985 return set_ntstatus( status );
986 }
987
988 /******************************************************************************
989 * GetKernelObjectSecurity (kernelbase.@)
990 */
991 BOOL WINAPI GetKernelObjectSecurity( HANDLE handle, SECURITY_INFORMATION info,
992 PSECURITY_DESCRIPTOR descr, DWORD len, LPDWORD ret_len )
993 {
994 return set_ntstatus( NtQuerySecurityObject( handle, info, descr, len, ret_len ));
995 }
996
997 /******************************************************************************
998 * GetPrivateObjectSecurity (kernelbase.@)
999 */
1000 BOOL WINAPI GetPrivateObjectSecurity( PSECURITY_DESCRIPTOR obj_descr, SECURITY_INFORMATION info,
1001 PSECURITY_DESCRIPTOR ret_descr, DWORD len, PDWORD ret_len )
1002 {
1003 SECURITY_DESCRIPTOR desc;
1004 BOOL defaulted, present;
1005 PACL pacl;
1006 PSID psid;
1007
1008 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", obj_descr, info, ret_descr, len, ret_len );
1009
1010 if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION)) return FALSE;
1011
1012 if (info & OWNER_SECURITY_INFORMATION)
1013 {
1014 if (!GetSecurityDescriptorOwner(obj_descr, &psid, &defaulted)) return FALSE;
1015 SetSecurityDescriptorOwner(&desc, psid, defaulted);
1016 }
1017 if (info & GROUP_SECURITY_INFORMATION)
1018 {
1019 if (!GetSecurityDescriptorGroup(obj_descr, &psid, &defaulted)) return FALSE;
1020 SetSecurityDescriptorGroup(&desc, psid, defaulted);
1021 }
1022 if (info & DACL_SECURITY_INFORMATION)
1023 {
1024 if (!GetSecurityDescriptorDacl(obj_descr, &present, &pacl, &defaulted)) return FALSE;
1025 SetSecurityDescriptorDacl(&desc, present, pacl, defaulted);
1026 }
1027 if (info & SACL_SECURITY_INFORMATION)
1028 {
1029 if (!GetSecurityDescriptorSacl(obj_descr, &present, &pacl, &defaulted)) return FALSE;
1030 SetSecurityDescriptorSacl(&desc, present, pacl, defaulted);
1031 }
1032
1033 *ret_len = len;
1034 return MakeSelfRelativeSD(&desc, ret_descr, ret_len);
1035 }
1036
1037 /******************************************************************************
1038 * GetSecurityDescriptorControl (kernelbase.@)
1039 */
1040 BOOL WINAPI GetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr, PSECURITY_DESCRIPTOR_CONTROL control,
1041 LPDWORD revision)
1042 {
1043 return set_ntstatus( RtlGetControlSecurityDescriptor( descr, control, revision ));
1044 }
1045
1046 /******************************************************************************
1047 * GetSecurityDescriptorDacl (kernelbase.@)
1048 */
1049 BOOL WINAPI GetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr, LPBOOL dacl_present, PACL *dacl,
1050 LPBOOL dacl_defaulted )
1051 {
1052 BOOLEAN present, defaulted;
1053 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor( descr, &present, dacl, &defaulted ));
1054 *dacl_present = present;
1055 *dacl_defaulted = defaulted;
1056 return ret;
1057 }
1058
1059 /******************************************************************************
1060 * GetSecurityDescriptorGroup (kernelbase.@)
1061 */
1062 BOOL WINAPI GetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr, PSID *group, LPBOOL group_defaulted )
1063 {
1064 BOOLEAN defaulted;
1065 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor( descr, group, &defaulted ));
1066 *group_defaulted = defaulted;
1067 return ret;
1068 }
1069
1070 /******************************************************************************
1071 * GetSecurityDescriptorLength (kernelbase.@)
1072 */
1073 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR descr )
1074 {
1075 return RtlLengthSecurityDescriptor( descr );
1076 }
1077
1078 /******************************************************************************
1079 * GetSecurityDescriptorOwner (kernelbase.@)
1080 */
1081 BOOL WINAPI GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr, PSID *owner, LPBOOL owner_defaulted )
1082 {
1083 BOOLEAN defaulted;
1084 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( descr, owner, &defaulted ));
1085 *owner_defaulted = defaulted;
1086 return ret;
1087 }
1088
1089 /******************************************************************************
1090 * GetSecurityDescriptorSacl (kernelbase.@)
1091 */
1092 BOOL WINAPI GetSecurityDescriptorSacl( PSECURITY_DESCRIPTOR descr, LPBOOL sacl_present, PACL *sacl,
1093 LPBOOL sacl_defaulted )
1094 {
1095 BOOLEAN present, defaulted;
1096 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor( descr, &present, sacl, &defaulted ));
1097 *sacl_present = present;
1098 *sacl_defaulted = defaulted;
1099 return ret;
1100 }
1101
1102 /******************************************************************************
1103 * InitializeSecurityDescriptor (kernelbase.@)
1104 */
1105 BOOL WINAPI InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR descr, DWORD revision )
1106 {
1107 return set_ntstatus( RtlCreateSecurityDescriptor( descr, revision ));
1108 }
1109
1110 /******************************************************************************
1111 * IsValidSecurityDescriptor (kernelbase.@)
1112 */
1113 BOOL WINAPI IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR descr )
1114 {
1115 if (!RtlValidSecurityDescriptor( descr ))
1116 return set_ntstatus(STATUS_INVALID_SECURITY_DESCR);
1117
1118 return TRUE;
1119 }
1120
1121 /******************************************************************************
1122 * MakeAbsoluteSD (kernelbase.@)
1123 */
1124 BOOL WINAPI MakeAbsoluteSD ( PSECURITY_DESCRIPTOR rel_descr, PSECURITY_DESCRIPTOR abs_descr,
1125 LPDWORD abs_size, PACL dacl, LPDWORD dacl_size, PACL sacl, LPDWORD sacl_size,
1126 PSID owner, LPDWORD owner_size, PSID group, LPDWORD group_size )
1127 {
1128 return set_ntstatus( RtlSelfRelativeToAbsoluteSD( rel_descr, abs_descr, abs_size,
1129 dacl, dacl_size, sacl, sacl_size,
1130 owner, owner_size, group, group_size ));
1131 }
1132
1133 /******************************************************************************
1134 * MakeSelfRelativeSD (kernelbase.@)
1135 */
1136 BOOL WINAPI MakeSelfRelativeSD( PSECURITY_DESCRIPTOR abs_descr, PSECURITY_DESCRIPTOR rel_descr,
1137 LPDWORD len )
1138 {
1139 return set_ntstatus( RtlMakeSelfRelativeSD( abs_descr, rel_descr, len ));
1140 }
1141
1142 /******************************************************************************
1143 * SetFileSecurityW (kernelbase.@)
1144 */
1145 BOOL WINAPI SetFileSecurityW( LPCWSTR name, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr )
1146 {
1147 HANDLE file;
1148 DWORD access = 0;
1149 NTSTATUS status;
1150
1151 TRACE( "(%s, 0x%lx, %p)\n", debugstr_w(name), info, descr );
1152
1153 if (info & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION)) access |= WRITE_OWNER;
1154 if (info & SACL_SECURITY_INFORMATION) access |= ACCESS_SYSTEM_SECURITY;
1155 if (info & DACL_SECURITY_INFORMATION) access |= WRITE_DAC;
1156
1157 if (!(status = open_file( name, access, &file )))
1158 {
1159 status = NtSetSecurityObject( file, info, descr );
1160 NtClose( file );
1161 }
1162 return set_ntstatus( status );
1163 }
1164
1165 /*************************************************************************
1166 * SetKernelObjectSecurity (kernelbase.@)
1167 */
1168 BOOL WINAPI SetKernelObjectSecurity( HANDLE handle, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr )
1169 {
1170 return set_ntstatus( NtSetSecurityObject( handle, info, descr ));
1171 }
1172
1173 /*************************************************************************
1174 * SetPrivateObjectSecurity (kernelbase.@)
1175 */
1176 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr,
1177 PSECURITY_DESCRIPTOR *obj_descr, PGENERIC_MAPPING mapping,
1178 HANDLE token )
1179 {
1180 FIXME( "0x%08lx %p %p %p %p - stub\n", info, descr, obj_descr, mapping, token );
1181 return TRUE;
1182 }
1183
1184 /*************************************************************************
1185 * SetPrivateObjectSecurityEx (kernelbase.@)
1186 */
1187 BOOL WINAPI SetPrivateObjectSecurityEx( SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr,
1188 PSECURITY_DESCRIPTOR *obj_descr, ULONG flags,
1189 PGENERIC_MAPPING mapping, HANDLE token )
1190 {
1191 FIXME( "0x%08lx %p %p %lu %p %p - stub\n", info, descr, obj_descr, flags, mapping, token );
1192 return TRUE;
1193 }
1194
1195 /******************************************************************************
1196 * SetSecurityDescriptorControl (kernelbase.@)
1197 */
1198 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr, SECURITY_DESCRIPTOR_CONTROL mask,
1199 SECURITY_DESCRIPTOR_CONTROL set )
1200 {
1201 return set_ntstatus( RtlSetControlSecurityDescriptor( descr, mask, set ));
1202 }
1203
1204 /******************************************************************************
1205 * SetSecurityDescriptorDacl (kernelbase.@)
1206 */
1207 BOOL WINAPI SetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr, BOOL present, PACL dacl, BOOL defaulted )
1208 {
1209 return set_ntstatus( RtlSetDaclSecurityDescriptor( descr, present, dacl, defaulted ));
1210 }
1211
1212 /******************************************************************************
1213 * SetSecurityDescriptorGroup (kernelbase.@)
1214 */
1215 BOOL WINAPI SetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr, PSID group, BOOL defaulted )
1216 {
1217 return set_ntstatus( RtlSetGroupSecurityDescriptor( descr, group, defaulted ));
1218 }
1219
1220 /******************************************************************************
1221 * SetSecurityDescriptorOwner (kernelbase.@)
1222 */
1223 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr, PSID owner, BOOL defaulted )
1224 {
1225 return set_ntstatus( RtlSetOwnerSecurityDescriptor( descr, owner, defaulted ));
1226 }
1227
1228 /**************************************************************************
1229 * SetSecurityDescriptorSacl (kernelbase.@)
1230 */
1231 BOOL WINAPI SetSecurityDescriptorSacl ( PSECURITY_DESCRIPTOR descr, BOOL present, PACL sacl, BOOL defaulted )
1232 {
1233 return set_ntstatus( RtlSetSaclSecurityDescriptor( descr, present, sacl, defaulted ));
1234 }
1235
1236
1237 /******************************************************************************
1238 * Access control functions
1239 ******************************************************************************/
1240
1241
1242 /******************************************************************************
1243 * AccessCheck (kernelbase.@)
1244 */
1245 BOOL WINAPI AccessCheck( PSECURITY_DESCRIPTOR descr, HANDLE token, DWORD access, PGENERIC_MAPPING mapping,
1246 PPRIVILEGE_SET priv, LPDWORD priv_len, LPDWORD granted, LPBOOL status )
1247 {
1248 NTSTATUS access_status;
1249 BOOL ret = set_ntstatus( NtAccessCheck( descr, token, access, mapping, priv, priv_len,
1250 granted, &access_status ));
1251 if (ret) *status = set_ntstatus( access_status );
1252 return ret;
1253 }
1254
1255 /******************************************************************************
1256 * AccessCheckAndAuditAlarmW (kernelbase.@)
1257 */
1258 BOOL WINAPI AccessCheckAndAuditAlarmW( LPCWSTR subsystem, LPVOID id, LPWSTR type_name,
1259 LPWSTR name, PSECURITY_DESCRIPTOR descr, DWORD access,
1260 PGENERIC_MAPPING mapping, BOOL creation,
1261 LPDWORD granted, LPBOOL status, LPBOOL on_close )
1262 {
1263 FIXME( "stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(subsystem),
1264 id, debugstr_w(type_name), debugstr_w(name), descr, access, mapping,
1265 creation, granted, status, on_close );
1266 return TRUE;
1267 }
1268
1269 /******************************************************************************
1270 * AccessCheckByType (kernelbase.@)
1271 */
1272 BOOL WINAPI AccessCheckByType( PSECURITY_DESCRIPTOR descr, PSID sid, HANDLE token, DWORD access,
1273 POBJECT_TYPE_LIST types, DWORD types_len, PGENERIC_MAPPING mapping,
1274 PPRIVILEGE_SET priv, LPDWORD priv_len, LPDWORD granted, LPBOOL status )
1275 {
1276 FIXME("stub\n");
1277 *status = TRUE;
1278 return !*status;
1279 }
1280
1281 /******************************************************************************
1282 * AddAccessAllowedAce (kernelbase.@)
1283 */
1284 BOOL WINAPI AddAccessAllowedAce( PACL acl, DWORD rev, DWORD access, PSID sid )
1285 {
1286 return set_ntstatus( RtlAddAccessAllowedAce( acl, rev, access, sid ));
1287 }
1288
1289 /******************************************************************************
1290 * AddAccessAllowedAceEx (kernelbase.@)
1291 */
1292 BOOL WINAPI AddAccessAllowedAceEx( PACL acl, DWORD rev, DWORD flags, DWORD access, PSID sid )
1293 {
1294 return set_ntstatus( RtlAddAccessAllowedAceEx( acl, rev, flags, access, sid ));
1295 }
1296
1297 /******************************************************************************
1298 * AddAccessAllowedObjectAce (kernelbase.@)
1299 */
1300 BOOL WINAPI AddAccessAllowedObjectAce( PACL acl, DWORD rev, DWORD flags, DWORD access,
1301 GUID *type, GUID *inherit, PSID sid )
1302 {
1303 return set_ntstatus( RtlAddAccessAllowedObjectAce( acl, rev, flags, access, type, inherit, sid ));
1304 }
1305
1306 /******************************************************************************
1307 * AddAccessDeniedAce (kernelbase.@)
1308 */
1309 BOOL WINAPI AddAccessDeniedAce( PACL acl, DWORD rev, DWORD access, PSID sid )
1310 {
1311 return set_ntstatus( RtlAddAccessDeniedAce( acl, rev, access, sid ));
1312 }
1313
1314 /******************************************************************************
1315 * AddAccessDeniedAceEx (kernelbase.@)
1316 */
1317 BOOL WINAPI AddAccessDeniedAceEx( PACL acl, DWORD rev, DWORD flags, DWORD access, PSID sid )
1318 {
1319 return set_ntstatus( RtlAddAccessDeniedAceEx( acl, rev, flags, access, sid ));
1320 }
1321
1322 /******************************************************************************
1323 * AddAccessDeniedObjectAce (kernelbase.@)
1324 */
1325 BOOL WINAPI AddAccessDeniedObjectAce( PACL acl, DWORD rev, DWORD flags, DWORD access,
1326 GUID *type, GUID *inherit, PSID sid )
1327 {
1328 return set_ntstatus( RtlAddAccessDeniedObjectAce( acl, rev, flags, access, type, inherit, sid ));
1329 }
1330
1331 /******************************************************************************
1332 * AddAce (kernelbase.@)
1333 */
1334 BOOL WINAPI AddAce( PACL acl, DWORD rev, DWORD index, LPVOID list, DWORD len )
1335 {
1336 return set_ntstatus( RtlAddAce( acl, rev, index, list, len ));
1337 }
1338
1339 /******************************************************************************
1340 * AddAuditAccessAce (kernelbase.@)
1341 */
1342 BOOL WINAPI AddAuditAccessAce( PACL acl, DWORD rev, DWORD access, PSID sid, BOOL success, BOOL failure )
1343 {
1344 return set_ntstatus( RtlAddAuditAccessAce( acl, rev, access, sid, success, failure ));
1345 }
1346
1347 /******************************************************************************
1348 * AddAuditAccessAceEx (kernelbase.@)
1349 */
1350 BOOL WINAPI AddAuditAccessAceEx( PACL acl, DWORD rev, DWORD flags, DWORD access,
1351 PSID sid, BOOL success, BOOL failure )
1352 {
1353 return set_ntstatus( RtlAddAuditAccessAceEx( acl, rev, flags, access, sid, success, failure ));
1354 }
1355
1356 /******************************************************************************
1357 * AddAuditAccessObjectAce (kernelbase.@)
1358 */
1359 BOOL WINAPI AddAuditAccessObjectAce( PACL acl, DWORD rev, DWORD flags, DWORD access,
1360 GUID *type, GUID *inherit, PSID sid, BOOL success, BOOL failure )
1361 {
1362 return set_ntstatus( RtlAddAuditAccessObjectAce( acl, rev, flags, access,
1363 type, inherit, sid, success, failure ));
1364 }
1365
1366 /******************************************************************************
1367 * AddMandatoryAce (kernelbase.@)
1368 */
1369 BOOL WINAPI AddMandatoryAce( PACL acl, DWORD rev, DWORD flags, DWORD policy, PSID sid )
1370 {
1371 return set_ntstatus( RtlAddMandatoryAce( acl, rev, flags, policy,
1372 SYSTEM_MANDATORY_LABEL_ACE_TYPE, sid ));
1373 }
1374
1375 /******************************************************************************
1376 * AreAllAccessesGranted (kernelbase.@)
1377 */
1378 BOOL WINAPI AreAllAccessesGranted( DWORD granted, DWORD desired )
1379 {
1380 return RtlAreAllAccessesGranted( granted, desired );
1381 }
1382
1383 /******************************************************************************
1384 * AreAnyAccessesGranted (kernelbase.@)
1385 */
1386 BOOL WINAPI AreAnyAccessesGranted( DWORD granted, DWORD desired )
1387 {
1388 return RtlAreAnyAccessesGranted( granted, desired );
1389 }
1390
1391 /******************************************************************************
1392 * DeleteAce (kernelbase.@)
1393 */
1394 BOOL WINAPI DeleteAce( PACL acl, DWORD index )
1395 {
1396 return set_ntstatus( RtlDeleteAce( acl, index ));
1397 }
1398
1399 /******************************************************************************
1400 * FindFirstFreeAce (kernelbase.@)
1401 */
1402 BOOL WINAPI FindFirstFreeAce( PACL acl, LPVOID *ace)
1403 {
1404 return RtlFirstFreeAce( acl, (PACE_HEADER *)ace );
1405 }
1406
1407 /******************************************************************************
1408 * GetAce (kernelbase.@)
1409 */
1410 BOOL WINAPI GetAce( PACL acl, DWORD index, LPVOID *ace )
1411 {
1412 return set_ntstatus( RtlGetAce( acl, index, ace ));
1413 }
1414
1415 /******************************************************************************
1416 * GetAclInformation (kernelbase.@)
1417 */
1418 BOOL WINAPI GetAclInformation( PACL acl, LPVOID info, DWORD len, ACL_INFORMATION_CLASS class )
1419 {
1420 return set_ntstatus( RtlQueryInformationAcl( acl, info, len, class ));
1421 }
1422
1423 /*************************************************************************
1424 * InitializeAcl (kernelbase.@)
1425 */
1426 BOOL WINAPI InitializeAcl( PACL acl, DWORD size, DWORD rev )
1427 {
1428 return set_ntstatus( RtlCreateAcl( acl, size, rev ));
1429 }
1430
1431 /******************************************************************************
1432 * IsValidAcl (kernelbase.@)
1433 */
1434 BOOL WINAPI IsValidAcl( PACL acl )
1435 {
1436 return RtlValidAcl( acl );
1437 }
1438
1439 /******************************************************************************
1440 * MapGenericMask (kernelbase.@)
1441 */
1442 void WINAPI MapGenericMask( PDWORD access, PGENERIC_MAPPING mapping )
1443 {
1444 RtlMapGenericMask( access, mapping );
1445 }
1446
1447 /******************************************************************************
1448 * ObjectCloseAuditAlarmW (kernelbase.@)
1449 */
1450 BOOL WINAPI ObjectCloseAuditAlarmW( LPCWSTR subsystem, LPVOID id, BOOL on_close )
1451 {
1452 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem), id, on_close );
1453 return TRUE;
1454 }
1455
1456 /******************************************************************************
1457 * ObjectDeleteAuditAlarmW (kernelbase.@)
1458 */
1459 BOOL WINAPI ObjectDeleteAuditAlarmW( LPCWSTR subsystem, LPVOID id, BOOL on_close )
1460 {
1461 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem), id, on_close );
1462 return TRUE;
1463 }
1464
1465 /******************************************************************************
1466 * ObjectOpenAuditAlarmW (kernelbase.@)
1467 */
1468 BOOL WINAPI ObjectOpenAuditAlarmW( LPCWSTR subsystem, LPVOID id, LPWSTR type, LPWSTR name,
1469 PSECURITY_DESCRIPTOR descr, HANDLE token, DWORD desired,
1470 DWORD granted, PPRIVILEGE_SET privs, BOOL creation,
1471 BOOL access, LPBOOL on_close )
1472 {
1473 FIXME( "stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_w(subsystem),
1474 id, debugstr_w(type), debugstr_w(name), descr, token, desired, granted,
1475 privs, creation, access, on_close );
1476 return TRUE;
1477 }
1478
1479 /******************************************************************************
1480 * ObjectPrivilegeAuditAlarmW (kernelbase.@)
1481 */
1482 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR subsystem, LPVOID id, HANDLE token,
1483 DWORD desired, PPRIVILEGE_SET privs, BOOL granted )
1484 {
1485 FIXME( "stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_w(subsystem), id, token, desired, privs, granted );
1486 return TRUE;
1487 }
1488
1489 /******************************************************************************
1490 * PrivilegedServiceAuditAlarmW (kernelbase.@)
1491 */
1492 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR subsystem, LPCWSTR service, HANDLE token,
1493 PPRIVILEGE_SET privs, BOOL granted )
1494 {
1495 FIXME( "stub %s,%s,%p,%p,%x)\n", debugstr_w(subsystem), debugstr_w(service), token, privs, granted );
1496 return TRUE;
1497 }
1498
1499 /******************************************************************************
1500 * SetAclInformation (kernelbase.@)
1501 */
1502 BOOL WINAPI SetAclInformation( PACL acl, LPVOID info, DWORD len, ACL_INFORMATION_CLASS class )
1503 {
1504 FIXME( "%p %p 0x%08lx 0x%08x - stub\n", acl, info, len, class );
1505 return TRUE;
1506 }
1507
1508 /******************************************************************************
1509 * SetCachedSigningLevel (kernelbase.@)
1510 */
1511 BOOL WINAPI SetCachedSigningLevel( PHANDLE source, ULONG count, ULONG flags, HANDLE file )
1512 {
1513 FIXME( "%p %lu %lu %p - stub\n", source, count, flags, file );
1514 return TRUE;
1515 }
Windows API implementation