2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
26 #define WIN32_NO_STATUS
33 #include "kernelbase.h"
34 #include "wine/debug.h"
35 #include "wine/heap.h"
37 WINE_DEFAULT_DEBUG_CHANNEL(security
);
40 /******************************************************************************
42 ******************************************************************************/
44 typedef struct _MAX_SID
46 /* same fields as struct _SID */
48 BYTE SubAuthorityCount
;
49 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
50 DWORD SubAuthority
[SID_MAX_SUB_AUTHORITIES
];
53 typedef struct WELLKNOWNSID
55 WELL_KNOWN_SID_TYPE Type
;
59 static const WELLKNOWNSID WellKnownSids
[] =
61 { WinNullSid
, { SID_REVISION
, 1, { SECURITY_NULL_SID_AUTHORITY
}, { SECURITY_NULL_RID
} } },
62 { WinWorldSid
, { SID_REVISION
, 1, { SECURITY_WORLD_SID_AUTHORITY
}, { SECURITY_WORLD_RID
} } },
63 { WinLocalSid
, { SID_REVISION
, 1, { SECURITY_LOCAL_SID_AUTHORITY
}, { SECURITY_LOCAL_RID
} } },
64 { WinCreatorOwnerSid
, { SID_REVISION
, 1, { SECURITY_CREATOR_SID_AUTHORITY
}, { SECURITY_CREATOR_OWNER_RID
} } },
65 { WinCreatorGroupSid
, { SID_REVISION
, 1, { SECURITY_CREATOR_SID_AUTHORITY
}, { SECURITY_CREATOR_GROUP_RID
} } },
66 { WinCreatorOwnerRightsSid
, { SID_REVISION
, 1, { SECURITY_CREATOR_SID_AUTHORITY
}, { SECURITY_CREATOR_OWNER_RIGHTS_RID
} } },
67 { WinCreatorOwnerServerSid
, { SID_REVISION
, 1, { SECURITY_CREATOR_SID_AUTHORITY
}, { SECURITY_CREATOR_OWNER_SERVER_RID
} } },
68 { WinCreatorGroupServerSid
, { SID_REVISION
, 1, { SECURITY_CREATOR_SID_AUTHORITY
}, { SECURITY_CREATOR_GROUP_SERVER_RID
} } },
69 { WinNtAuthoritySid
, { SID_REVISION
, 0, { SECURITY_NT_AUTHORITY
}, { SECURITY_NULL_RID
} } },
70 { WinDialupSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_DIALUP_RID
} } },
71 { WinNetworkSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_NETWORK_RID
} } },
72 { WinBatchSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_BATCH_RID
} } },
73 { WinInteractiveSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_INTERACTIVE_RID
} } },
74 { WinServiceSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_SERVICE_RID
} } },
75 { WinAnonymousSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_ANONYMOUS_LOGON_RID
} } },
76 { WinProxySid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_PROXY_RID
} } },
77 { WinEnterpriseControllersSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_ENTERPRISE_CONTROLLERS_RID
} } },
78 { WinSelfSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_PRINCIPAL_SELF_RID
} } },
79 { WinAuthenticatedUserSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_AUTHENTICATED_USER_RID
} } },
80 { WinRestrictedCodeSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_RESTRICTED_CODE_RID
} } },
81 { WinTerminalServerSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_TERMINAL_SERVER_RID
} } },
82 { WinRemoteLogonIdSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_REMOTE_LOGON_RID
} } },
83 { WinLogonIdsSid
, { SID_REVISION
, SECURITY_LOGON_IDS_RID_COUNT
, { SECURITY_NT_AUTHORITY
}, { SECURITY_LOGON_IDS_RID
} } },
84 { WinLocalSystemSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_LOCAL_SYSTEM_RID
} } },
85 { WinLocalServiceSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_LOCAL_SERVICE_RID
} } },
86 { WinNetworkServiceSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_NETWORK_SERVICE_RID
} } },
87 { WinBuiltinDomainSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
} } },
88 { WinBuiltinAdministratorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_ADMINS
} } },
89 { WinBuiltinUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_USERS
} } },
90 { WinBuiltinGuestsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_GUESTS
} } },
91 { WinBuiltinPowerUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_POWER_USERS
} } },
92 { WinBuiltinAccountOperatorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_ACCOUNT_OPS
} } },
93 { WinBuiltinSystemOperatorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_SYSTEM_OPS
} } },
94 { WinBuiltinPrintOperatorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_PRINT_OPS
} } },
95 { WinBuiltinBackupOperatorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_BACKUP_OPS
} } },
96 { WinBuiltinReplicatorSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_REPLICATOR
} } },
97 { WinBuiltinPreWindows2000CompatibleAccessSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS
} } },
98 { WinBuiltinRemoteDesktopUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS
} } },
99 { WinBuiltinNetworkConfigurationOperatorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS
} } },
100 { WinNTLMAuthenticationSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_PACKAGE_BASE_RID
, SECURITY_PACKAGE_NTLM_RID
} } },
101 { WinDigestAuthenticationSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_PACKAGE_BASE_RID
, SECURITY_PACKAGE_DIGEST_RID
} } },
102 { WinSChannelAuthenticationSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_PACKAGE_BASE_RID
, SECURITY_PACKAGE_SCHANNEL_RID
} } },
103 { WinThisOrganizationSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_THIS_ORGANIZATION_RID
} } },
104 { WinOtherOrganizationSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_OTHER_ORGANIZATION_RID
} } },
105 { WinBuiltinIncomingForestTrustBuildersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS
} } },
106 { WinBuiltinPerfMonitoringUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_MONITORING_USERS
} } },
107 { WinBuiltinPerfLoggingUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_LOGGING_USERS
} } },
108 { WinBuiltinAuthorizationAccessSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS
} } },
109 { WinBuiltinTerminalServerLicenseServersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS
} } },
110 { WinBuiltinDCOMUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_DCOM_USERS
} } },
111 { WinLowLabelSid
, { SID_REVISION
, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY
}, { SECURITY_MANDATORY_LOW_RID
} } },
112 { WinMediumLabelSid
, { SID_REVISION
, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY
}, { SECURITY_MANDATORY_MEDIUM_RID
} } },
113 { WinHighLabelSid
, { SID_REVISION
, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY
}, { SECURITY_MANDATORY_HIGH_RID
} } },
114 { WinSystemLabelSid
, { SID_REVISION
, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY
}, { SECURITY_MANDATORY_SYSTEM_RID
} } },
115 { WinBuiltinAnyPackageSid
, { SID_REVISION
, 2, { SECURITY_APP_PACKAGE_AUTHORITY
}, { SECURITY_APP_PACKAGE_BASE_RID
, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE
} } },
118 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
119 typedef struct WELLKNOWNRID
121 WELL_KNOWN_SID_TYPE Type
;
125 static const WELLKNOWNRID WellKnownRids
[] =
127 { WinAccountAdministratorSid
, DOMAIN_USER_RID_ADMIN
},
128 { WinAccountGuestSid
, DOMAIN_USER_RID_GUEST
},
129 { WinAccountKrbtgtSid
, DOMAIN_USER_RID_KRBTGT
},
130 { WinAccountDomainAdminsSid
, DOMAIN_GROUP_RID_ADMINS
},
131 { WinAccountDomainUsersSid
, DOMAIN_GROUP_RID_USERS
},
132 { WinAccountDomainGuestsSid
, DOMAIN_GROUP_RID_GUESTS
},
133 { WinAccountComputersSid
, DOMAIN_GROUP_RID_COMPUTERS
},
134 { WinAccountControllersSid
, DOMAIN_GROUP_RID_CONTROLLERS
},
135 { WinAccountCertAdminsSid
, DOMAIN_GROUP_RID_CERT_ADMINS
},
136 { WinAccountSchemaAdminsSid
, DOMAIN_GROUP_RID_SCHEMA_ADMINS
},
137 { WinAccountEnterpriseAdminsSid
, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
},
138 { WinAccountPolicyAdminsSid
, DOMAIN_GROUP_RID_POLICY_ADMINS
},
139 { WinAccountRasAndIasServersSid
, DOMAIN_ALIAS_RID_RAS_SERVERS
},
142 static NTSTATUS
open_file( LPCWSTR name
, DWORD access
, HANDLE
*file
)
144 UNICODE_STRING file_nameW
;
145 OBJECT_ATTRIBUTES attr
;
149 if ((status
= RtlDosPathNameToNtPathName_U_WithStatus( name
, &file_nameW
, NULL
, NULL
))) return status
;
150 attr
.Length
= sizeof(attr
);
151 attr
.RootDirectory
= 0;
152 attr
.Attributes
= OBJ_CASE_INSENSITIVE
;
153 attr
.ObjectName
= &file_nameW
;
154 attr
.SecurityDescriptor
= NULL
;
155 status
= NtCreateFile( file
, access
|SYNCHRONIZE
, &attr
, &io
, NULL
, FILE_FLAG_BACKUP_SEMANTICS
,
156 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
, FILE_OPEN
,
157 FILE_OPEN_FOR_BACKUP_INTENT
, NULL
, 0 );
158 RtlFreeUnicodeString( &file_nameW
);
162 static const char *debugstr_sid( PSID sid
)
167 if (psid
== NULL
) return "(null)";
169 auth
= psid
->IdentifierAuthority
.Value
[5] +
170 (psid
->IdentifierAuthority
.Value
[4] << 8) +
171 (psid
->IdentifierAuthority
.Value
[3] << 16) +
172 (psid
->IdentifierAuthority
.Value
[2] << 24);
174 switch (psid
->SubAuthorityCount
) {
176 return wine_dbg_sprintf("S-%d-%d", psid
->Revision
, auth
);
178 return wine_dbg_sprintf("S-%d-%d-%lu", psid
->Revision
, auth
,
179 psid
->SubAuthority
[0]);
181 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid
->Revision
, auth
,
182 psid
->SubAuthority
[0], psid
->SubAuthority
[1]);
184 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid
->Revision
, auth
,
185 psid
->SubAuthority
[0], psid
->SubAuthority
[1], psid
->SubAuthority
[2]);
187 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid
->Revision
, auth
,
188 psid
->SubAuthority
[0], psid
->SubAuthority
[1], psid
->SubAuthority
[2],
189 psid
->SubAuthority
[3]);
191 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid
->Revision
, auth
,
192 psid
->SubAuthority
[0], psid
->SubAuthority
[1], psid
->SubAuthority
[2],
193 psid
->SubAuthority
[3], psid
->SubAuthority
[4]);
195 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid
->Revision
, auth
,
196 psid
->SubAuthority
[3], psid
->SubAuthority
[1], psid
->SubAuthority
[2],
197 psid
->SubAuthority
[0], psid
->SubAuthority
[4], psid
->SubAuthority
[5]);
199 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid
->Revision
, auth
,
200 psid
->SubAuthority
[0], psid
->SubAuthority
[1], psid
->SubAuthority
[2],
201 psid
->SubAuthority
[3], psid
->SubAuthority
[4], psid
->SubAuthority
[5],
202 psid
->SubAuthority
[6]);
204 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid
->Revision
, auth
,
205 psid
->SubAuthority
[0], psid
->SubAuthority
[1], psid
->SubAuthority
[2],
206 psid
->SubAuthority
[3], psid
->SubAuthority
[4], psid
->SubAuthority
[5],
207 psid
->SubAuthority
[6], psid
->SubAuthority
[7]);
212 /******************************************************************************
213 * AllocateAndInitializeSid (kernelbase.@)
215 BOOL WINAPI
AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY auth
, BYTE count
,
216 DWORD auth0
, DWORD auth1
, DWORD auth2
, DWORD auth3
,
217 DWORD auth4
, DWORD auth5
, DWORD auth6
, DWORD auth7
, PSID
*sid
)
219 return set_ntstatus( RtlAllocateAndInitializeSid( auth
, count
, auth0
, auth1
, auth2
, auth3
,
220 auth4
, auth5
, auth6
, auth7
, sid
));
223 /***********************************************************************
224 * AllocateLocallyUniqueId (kernelbase.@)
226 BOOL WINAPI
AllocateLocallyUniqueId( PLUID luid
)
228 return set_ntstatus( NtAllocateLocallyUniqueId( luid
));
231 /******************************************************************************
232 * CopySid (kernelbase.@)
234 BOOL WINAPI
CopySid( DWORD len
, PSID dest
, PSID source
)
236 return RtlCopySid( len
, dest
, source
);
239 /******************************************************************************
240 * EqualPrefixSid (kernelbase.@)
242 BOOL WINAPI
EqualPrefixSid( PSID sid1
, PSID sid2
)
244 return RtlEqualPrefixSid( sid1
, sid2
);
247 /******************************************************************************
248 * EqualSid (kernelbase.@)
250 BOOL WINAPI
EqualSid( PSID sid1
, PSID sid2
)
252 BOOL ret
= RtlEqualSid( sid1
, sid2
);
253 SetLastError(ERROR_SUCCESS
);
257 /******************************************************************************
258 * EqualDomainSid (kernelbase.@)
260 BOOL WINAPI
EqualDomainSid( PSID sid1
, PSID sid2
, BOOL
*equal
)
262 MAX_SID builtin_sid
, domain_sid1
, domain_sid2
;
265 TRACE( "(%p,%p,%p)\n", sid1
, sid2
, equal
);
267 if (!IsValidSid( sid1
) || !IsValidSid( sid2
))
269 SetLastError( ERROR_INVALID_SID
);
275 SetLastError( ERROR_INVALID_PARAMETER
);
279 size
= sizeof(domain_sid1
);
280 if (GetWindowsAccountDomainSid( sid1
, &domain_sid1
, &size
))
282 size
= sizeof(domain_sid2
);
283 if (GetWindowsAccountDomainSid( sid2
, &domain_sid2
, &size
))
285 *equal
= EqualSid( &domain_sid1
, &domain_sid2
);
291 size
= sizeof(builtin_sid
);
292 if (!CreateWellKnownSid( WinBuiltinDomainSid
, NULL
, &builtin_sid
, &size
))
295 if (!memcmp(GetSidIdentifierAuthority( sid1
)->Value
, builtin_sid
.IdentifierAuthority
.Value
, sizeof(builtin_sid
.IdentifierAuthority
.Value
)) &&
296 !memcmp(GetSidIdentifierAuthority( sid2
)->Value
, builtin_sid
.IdentifierAuthority
.Value
, sizeof(builtin_sid
.IdentifierAuthority
.Value
)))
298 if (*GetSidSubAuthorityCount( sid1
) != 0 && *GetSidSubAuthorityCount( sid2
) != 0 &&
299 (*GetSidSubAuthority( sid1
, 0 ) == SECURITY_BUILTIN_DOMAIN_RID
||
300 *GetSidSubAuthority( sid2
, 0 ) == SECURITY_BUILTIN_DOMAIN_RID
))
302 *equal
= EqualSid( sid1
, sid2
);
308 SetLastError( ERROR_NON_DOMAIN_SID
);
312 /******************************************************************************
313 * FreeSid (kernelbase.@)
315 void * WINAPI
FreeSid( PSID pSid
)
318 return NULL
; /* is documented like this */
321 /******************************************************************************
322 * GetLengthSid (kernelbase.@)
324 DWORD WINAPI
GetLengthSid( PSID sid
)
326 return RtlLengthSid( sid
);
329 /******************************************************************************
330 * GetSidIdentifierAuthority (kernelbase.@)
332 PSID_IDENTIFIER_AUTHORITY WINAPI
GetSidIdentifierAuthority( PSID sid
)
334 SetLastError(ERROR_SUCCESS
);
335 return RtlIdentifierAuthoritySid( sid
);
338 /******************************************************************************
339 * GetSidLengthRequired (kernelbase.@)
341 DWORD WINAPI
GetSidLengthRequired( BYTE count
)
343 return RtlLengthRequiredSid( count
);
346 /******************************************************************************
347 * GetSidSubAuthority (kernelbase.@)
349 PDWORD WINAPI
GetSidSubAuthority( PSID sid
, DWORD auth
)
351 SetLastError(ERROR_SUCCESS
);
352 return RtlSubAuthoritySid( sid
, auth
);
355 /******************************************************************************
356 * GetSidSubAuthorityCount (kernelbase.@)
358 PUCHAR WINAPI
GetSidSubAuthorityCount( PSID sid
)
360 SetLastError(ERROR_SUCCESS
);
361 return RtlSubAuthorityCountSid( sid
);
364 /******************************************************************************
365 * GetWindowsAccountDomainSid (kernelbase.@)
367 BOOL WINAPI
GetWindowsAccountDomainSid( PSID sid
, PSID domain_sid
, DWORD
*size
)
369 SID_IDENTIFIER_AUTHORITY domain_ident
= { SECURITY_NT_AUTHORITY
};
373 FIXME( "(%p %p %p): semi-stub\n", sid
, domain_sid
, size
);
375 if (!sid
|| !IsValidSid( sid
))
377 SetLastError( ERROR_INVALID_SID
);
383 SetLastError( ERROR_INVALID_PARAMETER
);
387 if (*GetSidSubAuthorityCount( sid
) < 4)
389 SetLastError( ERROR_INVALID_SID
);
393 required_size
= GetSidLengthRequired( 4 );
394 if (*size
< required_size
|| !domain_sid
)
396 *size
= required_size
;
397 SetLastError( domain_sid
? ERROR_INSUFFICIENT_BUFFER
: ERROR_INVALID_PARAMETER
);
401 InitializeSid( domain_sid
, &domain_ident
, 4 );
402 for (i
= 0; i
< 4; i
++)
403 *GetSidSubAuthority( domain_sid
, i
) = *GetSidSubAuthority( sid
, i
);
405 *size
= required_size
;
409 /******************************************************************************
410 * InitializeSid (kernelbase.@)
412 BOOL WINAPI
InitializeSid ( PSID sid
, PSID_IDENTIFIER_AUTHORITY auth
, BYTE count
)
414 return RtlInitializeSid( sid
, auth
, count
);
417 /******************************************************************************
418 * IsValidSid (kernelbase.@)
420 BOOL WINAPI
IsValidSid( PSID sid
)
422 return RtlValidSid( sid
);
425 /******************************************************************************
426 * CreateWellKnownSid (kernelbase.@)
428 BOOL WINAPI
CreateWellKnownSid( WELL_KNOWN_SID_TYPE type
, PSID domain
, PSID sid
, DWORD
*size
)
432 TRACE("(%d, %s, %p, %p)\n", type
, debugstr_sid(domain
), sid
, size
);
434 if (size
== NULL
|| (domain
&& !IsValidSid(domain
)))
436 SetLastError(ERROR_INVALID_PARAMETER
);
440 for (i
= 0; i
< ARRAY_SIZE(WellKnownSids
); i
++)
442 if (WellKnownSids
[i
].Type
== type
)
444 DWORD length
= GetSidLengthRequired(WellKnownSids
[i
].Sid
.SubAuthorityCount
);
449 SetLastError(ERROR_INSUFFICIENT_BUFFER
);
454 SetLastError(ERROR_INVALID_PARAMETER
);
457 CopyMemory(sid
, &WellKnownSids
[i
].Sid
.Revision
, length
);
463 if (domain
== NULL
|| *GetSidSubAuthorityCount(domain
) == SID_MAX_SUB_AUTHORITIES
)
465 SetLastError(ERROR_INVALID_PARAMETER
);
469 for (i
= 0; i
< ARRAY_SIZE(WellKnownRids
); i
++)
471 if (WellKnownRids
[i
].Type
== type
)
473 UCHAR domain_subauth
= *GetSidSubAuthorityCount(domain
);
474 DWORD domain_sid_length
= GetSidLengthRequired(domain_subauth
);
475 DWORD output_sid_length
= GetSidLengthRequired(domain_subauth
+ 1);
477 if (*size
< output_sid_length
)
479 *size
= output_sid_length
;
480 SetLastError(ERROR_INSUFFICIENT_BUFFER
);
485 SetLastError(ERROR_INVALID_PARAMETER
);
488 CopyMemory(sid
, domain
, domain_sid_length
);
489 (*GetSidSubAuthorityCount(sid
))++;
490 (*GetSidSubAuthority(sid
, domain_subauth
)) = WellKnownRids
[i
].Rid
;
491 *size
= output_sid_length
;
495 SetLastError(ERROR_INVALID_PARAMETER
);
499 /******************************************************************************
500 * IsWellKnownSid (kernelbase.@)
502 BOOL WINAPI
IsWellKnownSid( PSID sid
, WELL_KNOWN_SID_TYPE type
)
506 TRACE("(%s, %d)\n", debugstr_sid(sid
), type
);
508 for (i
= 0; i
< ARRAY_SIZE(WellKnownSids
); i
++)
509 if (WellKnownSids
[i
].Type
== type
)
510 if (EqualSid(sid
, (PSID
)&WellKnownSids
[i
].Sid
.Revision
))
517 /******************************************************************************
519 ******************************************************************************/
522 /******************************************************************************
523 * AdjustTokenGroups (kernelbase.@)
525 BOOL WINAPI
AdjustTokenGroups( HANDLE token
, BOOL reset
, PTOKEN_GROUPS
new,
526 DWORD len
, PTOKEN_GROUPS prev
, PDWORD ret_len
)
528 return set_ntstatus( NtAdjustGroupsToken( token
, reset
, new, len
, prev
, ret_len
));
531 /******************************************************************************
532 * AdjustTokenPrivileges (kernelbase.@)
534 BOOL WINAPI
AdjustTokenPrivileges( HANDLE token
, BOOL disable
, PTOKEN_PRIVILEGES
new, DWORD len
,
535 PTOKEN_PRIVILEGES prev
, PDWORD ret_len
)
539 TRACE("(%p %d %p %ld %p %p)\n", token
, disable
, new, len
, prev
, ret_len
);
541 status
= NtAdjustPrivilegesToken( token
, disable
, new, len
, prev
, ret_len
);
542 SetLastError( RtlNtStatusToDosError( status
));
543 return (status
== STATUS_SUCCESS
) || (status
== STATUS_NOT_ALL_ASSIGNED
);
546 /******************************************************************************
547 * CheckTokenMembership (kernelbase.@)
549 BOOL WINAPI
CheckTokenMembership( HANDLE token
, PSID sid_to_check
, PBOOL is_member
)
551 PTOKEN_GROUPS token_groups
= NULL
;
552 HANDLE thread_token
= NULL
;
556 TRACE("(%p %s %p)\n", token
, debugstr_sid(sid_to_check
), is_member
);
562 if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY
, TRUE
, &thread_token
))
564 HANDLE process_token
;
565 ret
= OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE
, &process_token
);
568 ret
= DuplicateTokenEx(process_token
, TOKEN_QUERY
, NULL
, SecurityImpersonation
,
569 TokenImpersonation
, &thread_token
);
570 CloseHandle(process_token
);
574 token
= thread_token
;
580 ret
= GetTokenInformation(token
, TokenType
, &type
, sizeof(TOKEN_TYPE
), &size
);
583 if (type
== TokenPrimary
)
585 SetLastError(ERROR_NO_IMPERSONATION_TOKEN
);
590 ret
= GetTokenInformation(token
, TokenGroups
, NULL
, 0, &size
);
591 if (!ret
&& GetLastError() != ERROR_INSUFFICIENT_BUFFER
)
594 token_groups
= heap_alloc(size
);
601 ret
= GetTokenInformation(token
, TokenGroups
, token_groups
, size
, &size
);
605 for (i
= 0; i
< token_groups
->GroupCount
; i
++)
607 TRACE("Groups[%ld]: {0x%lx, %s}\n", i
,
608 token_groups
->Groups
[i
].Attributes
,
609 debugstr_sid(token_groups
->Groups
[i
].Sid
));
610 if ((token_groups
->Groups
[i
].Attributes
& SE_GROUP_ENABLED
) &&
611 EqualSid(sid_to_check
, token_groups
->Groups
[i
].Sid
))
614 TRACE("sid enabled and found in token\n");
620 heap_free(token_groups
);
621 if (thread_token
!= NULL
) CloseHandle(thread_token
);
625 /*************************************************************************
626 * CreateRestrictedToken (kernelbase.@)
628 BOOL WINAPI
CreateRestrictedToken( HANDLE token
, DWORD flags
,
629 DWORD disable_sid_count
, SID_AND_ATTRIBUTES
*disable_sids
,
630 DWORD delete_priv_count
, LUID_AND_ATTRIBUTES
*delete_privs
,
631 DWORD restrict_sid_count
, SID_AND_ATTRIBUTES
*restrict_sids
, HANDLE
*ret
)
633 TOKEN_PRIVILEGES
*nt_privs
= NULL
;
634 TOKEN_GROUPS
*nt_disable_sids
= NULL
, *nt_restrict_sids
= NULL
;
635 NTSTATUS status
= STATUS_NO_MEMORY
;
637 TRACE("token %p, flags %#lx, disable_sids %lu %p, delete_privs %lu %p, restrict_sids %lu %p, ret %p\n",
638 token
, flags
, disable_sid_count
, disable_sids
, delete_priv_count
, delete_privs
,
639 restrict_sid_count
, restrict_sids
, ret
);
641 if (disable_sid_count
)
643 if (!(nt_disable_sids
= heap_alloc( offsetof( TOKEN_GROUPS
, Groups
[disable_sid_count
] ) ))) goto out
;
644 nt_disable_sids
->GroupCount
= disable_sid_count
;
645 memcpy( nt_disable_sids
->Groups
, disable_sids
, disable_sid_count
* sizeof(*disable_sids
) );
648 if (delete_priv_count
)
650 if (!(nt_privs
= heap_alloc( offsetof( TOKEN_PRIVILEGES
, Privileges
[delete_priv_count
] ) ))) goto out
;
651 nt_privs
->PrivilegeCount
= delete_priv_count
;
652 memcpy( nt_privs
->Privileges
, delete_privs
, delete_priv_count
* sizeof(*delete_privs
) );
655 if (restrict_sid_count
)
657 if (!(nt_restrict_sids
= heap_alloc( offsetof( TOKEN_GROUPS
, Groups
[restrict_sid_count
] ) ))) goto out
;
658 nt_restrict_sids
->GroupCount
= restrict_sid_count
;
659 memcpy( nt_restrict_sids
->Groups
, restrict_sids
, restrict_sid_count
* sizeof(*restrict_sids
) );
662 status
= NtFilterToken(token
, flags
, nt_disable_sids
, nt_privs
, nt_restrict_sids
, ret
);
665 heap_free(nt_disable_sids
);
667 heap_free(nt_restrict_sids
);
668 return set_ntstatus( status
);
671 /******************************************************************************
672 * DuplicateToken (kernelbase.@)
674 BOOL WINAPI
DuplicateToken( HANDLE token
, SECURITY_IMPERSONATION_LEVEL level
, PHANDLE ret
)
676 return DuplicateTokenEx( token
, TOKEN_IMPERSONATE
|TOKEN_QUERY
, NULL
, level
, TokenImpersonation
, ret
);
679 /******************************************************************************
680 * DuplicateTokenEx (kernelbase.@)
682 BOOL WINAPI
DuplicateTokenEx( HANDLE token
, DWORD access
, LPSECURITY_ATTRIBUTES sa
,
683 SECURITY_IMPERSONATION_LEVEL level
, TOKEN_TYPE type
, PHANDLE ret
)
685 OBJECT_ATTRIBUTES attr
;
687 TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", token
, access
, level
, type
, ret
);
689 InitializeObjectAttributes( &attr
, NULL
, (sa
&& sa
->bInheritHandle
) ? OBJ_INHERIT
: 0,
690 NULL
, sa
? sa
->lpSecurityDescriptor
: NULL
);
691 return set_ntstatus( NtDuplicateToken( token
, access
, &attr
, level
, type
, ret
));
694 /******************************************************************************
695 * GetTokenInformation (kernelbase.@)
697 BOOL WINAPI
GetTokenInformation( HANDLE token
, TOKEN_INFORMATION_CLASS
class,
698 LPVOID info
, DWORD len
, LPDWORD retlen
)
700 TRACE("(%p, %s, %p, %ld, %p):\n",
702 (class == TokenUser
) ? "TokenUser" :
703 (class == TokenGroups
) ? "TokenGroups" :
704 (class == TokenPrivileges
) ? "TokenPrivileges" :
705 (class == TokenOwner
) ? "TokenOwner" :
706 (class == TokenPrimaryGroup
) ? "TokenPrimaryGroup" :
707 (class == TokenDefaultDacl
) ? "TokenDefaultDacl" :
708 (class == TokenSource
) ? "TokenSource" :
709 (class == TokenType
) ? "TokenType" :
710 (class == TokenImpersonationLevel
) ? "TokenImpersonationLevel" :
711 (class == TokenStatistics
) ? "TokenStatistics" :
712 (class == TokenRestrictedSids
) ? "TokenRestrictedSids" :
713 (class == TokenSessionId
) ? "TokenSessionId" :
714 (class == TokenGroupsAndPrivileges
) ? "TokenGroupsAndPrivileges" :
715 (class == TokenSessionReference
) ? "TokenSessionReference" :
716 (class == TokenSandBoxInert
) ? "TokenSandBoxInert" :
720 return set_ntstatus( NtQueryInformationToken( token
, class, info
, len
, retlen
));
723 /******************************************************************************
724 * ImpersonateAnonymousToken (kernelbase.@)
726 BOOL WINAPI
ImpersonateAnonymousToken( HANDLE thread
)
728 TRACE("(%p)\n", thread
);
729 return set_ntstatus( NtImpersonateAnonymousToken( thread
) );
732 /******************************************************************************
733 * ImpersonateLoggedOnUser (kernelbase.@)
735 BOOL WINAPI
ImpersonateLoggedOnUser( HANDLE token
)
741 static BOOL warn
= TRUE
;
745 FIXME( "(%p)\n", token
);
748 if (!GetTokenInformation( token
, TokenType
, &type
, sizeof(type
), &size
)) return FALSE
;
750 if (type
== TokenPrimary
)
752 if (!DuplicateToken( token
, SecurityImpersonation
, &dup
)) return FALSE
;
753 ret
= SetThreadToken( NULL
, dup
);
756 else ret
= SetThreadToken( NULL
, token
);
761 /******************************************************************************
762 * ImpersonateNamedPipeClient (kernelbase.@)
764 BOOL WINAPI
ImpersonateNamedPipeClient( HANDLE pipe
)
766 IO_STATUS_BLOCK io_block
;
768 return set_ntstatus( NtFsControlFile( pipe
, NULL
, NULL
, NULL
, &io_block
,
769 FSCTL_PIPE_IMPERSONATE
, NULL
, 0, NULL
, 0 ));
772 /******************************************************************************
773 * ImpersonateSelf (kernelbase.@)
775 BOOL WINAPI
ImpersonateSelf( SECURITY_IMPERSONATION_LEVEL level
)
777 return set_ntstatus( RtlImpersonateSelf( level
) );
780 /******************************************************************************
781 * IsTokenRestricted (kernelbase.@)
783 BOOL WINAPI
IsTokenRestricted( HANDLE token
)
785 TOKEN_GROUPS
*groups
;
790 TRACE("(%p)\n", token
);
792 status
= NtQueryInformationToken(token
, TokenRestrictedSids
, NULL
, 0, &size
);
793 if (status
!= STATUS_BUFFER_TOO_SMALL
) return set_ntstatus(status
);
795 groups
= heap_alloc(size
);
798 SetLastError(ERROR_OUTOFMEMORY
);
802 status
= NtQueryInformationToken(token
, TokenRestrictedSids
, groups
, size
, &size
);
803 if (status
!= STATUS_SUCCESS
)
806 return set_ntstatus(status
);
809 restricted
= groups
->GroupCount
> 0;
815 /******************************************************************************
816 * OpenProcessToken (kernelbase.@)
818 BOOL WINAPI
OpenProcessToken( HANDLE process
, DWORD access
, HANDLE
*handle
)
820 return set_ntstatus( NtOpenProcessToken( process
, access
, handle
));
823 /******************************************************************************
824 * OpenThreadToken (kernelbase.@)
826 BOOL WINAPI
OpenThreadToken( HANDLE thread
, DWORD access
, BOOL self
, HANDLE
*handle
)
828 return set_ntstatus( NtOpenThreadToken( thread
, access
, self
, handle
));
831 /******************************************************************************
832 * PrivilegeCheck (kernelbase.@)
834 BOOL WINAPI
PrivilegeCheck( HANDLE token
, PPRIVILEGE_SET privs
, LPBOOL result
)
837 BOOL ret
= set_ntstatus( NtPrivilegeCheck( token
, privs
, &res
));
838 if (ret
) *result
= res
;
842 /******************************************************************************
843 * RevertToSelf (kernelbase.@)
845 BOOL WINAPI
RevertToSelf(void)
847 return SetThreadToken( NULL
, 0 );
850 /*************************************************************************
851 * SetThreadToken (kernelbase.@)
853 BOOL WINAPI
SetThreadToken( PHANDLE thread
, HANDLE token
)
855 return set_ntstatus( NtSetInformationThread( thread
? *thread
: GetCurrentThread(),
856 ThreadImpersonationToken
, &token
, sizeof(token
) ));
859 /******************************************************************************
860 * SetTokenInformation (kernelbase.@)
862 BOOL WINAPI
SetTokenInformation( HANDLE token
, TOKEN_INFORMATION_CLASS
class, LPVOID info
, DWORD len
)
864 TRACE("(%p, %s, %p, %ld)\n",
866 (class == TokenUser
) ? "TokenUser" :
867 (class == TokenGroups
) ? "TokenGroups" :
868 (class == TokenPrivileges
) ? "TokenPrivileges" :
869 (class == TokenOwner
) ? "TokenOwner" :
870 (class == TokenPrimaryGroup
) ? "TokenPrimaryGroup" :
871 (class == TokenDefaultDacl
) ? "TokenDefaultDacl" :
872 (class == TokenSource
) ? "TokenSource" :
873 (class == TokenType
) ? "TokenType" :
874 (class == TokenImpersonationLevel
) ? "TokenImpersonationLevel" :
875 (class == TokenStatistics
) ? "TokenStatistics" :
876 (class == TokenRestrictedSids
) ? "TokenRestrictedSids" :
877 (class == TokenSessionId
) ? "TokenSessionId" :
878 (class == TokenGroupsAndPrivileges
) ? "TokenGroupsAndPrivileges" :
879 (class == TokenSessionReference
) ? "TokenSessionReference" :
880 (class == TokenSandBoxInert
) ? "TokenSandBoxInert" :
884 return set_ntstatus( NtSetInformationToken( token
, class, info
, len
));
888 /******************************************************************************
889 * Security descriptor functions
890 ******************************************************************************/
893 /******************************************************************************
894 * ConvertToAutoInheritPrivateObjectSecurity (kernelbase.@)
896 BOOL WINAPI
ConvertToAutoInheritPrivateObjectSecurity( PSECURITY_DESCRIPTOR parent
,
897 PSECURITY_DESCRIPTOR current
,
898 PSECURITY_DESCRIPTOR
*descr
,
899 GUID
*type
, BOOL is_dir
,
900 PGENERIC_MAPPING mapping
)
902 return set_ntstatus( RtlConvertToAutoInheritSecurityObject( parent
, current
, descr
, type
, is_dir
, mapping
));
905 /******************************************************************************
906 * CreateBoundaryDescriptorW (kernelbase.@)
908 HANDLE WINAPI
CreateBoundaryDescriptorW( LPCWSTR name
, ULONG flags
)
910 FIXME("%s %lu - stub\n", debugstr_w(name
), flags
);
914 /******************************************************************************
915 * CreatePrivateObjectSecurity (kernelbase.@)
917 BOOL WINAPI
CreatePrivateObjectSecurity( PSECURITY_DESCRIPTOR parent
, PSECURITY_DESCRIPTOR creator
,
918 PSECURITY_DESCRIPTOR
*descr
, BOOL is_container
, HANDLE token
,
919 PGENERIC_MAPPING mapping
)
921 return set_ntstatus( RtlNewSecurityObject( parent
, creator
, descr
, is_container
, token
, mapping
));
924 /******************************************************************************
925 * CreatePrivateObjectSecurityEx (kernelbase.@)
927 BOOL WINAPI
CreatePrivateObjectSecurityEx( PSECURITY_DESCRIPTOR parent
, PSECURITY_DESCRIPTOR creator
,
928 PSECURITY_DESCRIPTOR
*descr
, GUID
*type
, BOOL is_container
,
929 ULONG flags
, HANDLE token
, PGENERIC_MAPPING mapping
)
931 return set_ntstatus( RtlNewSecurityObjectEx( parent
, creator
, descr
, type
, is_container
, flags
, token
, mapping
));
934 /******************************************************************************
935 * CreatePrivateObjectSecurityWithMultipleInheritance (kernelbase.@)
937 BOOL WINAPI
CreatePrivateObjectSecurityWithMultipleInheritance( PSECURITY_DESCRIPTOR parent
,
938 PSECURITY_DESCRIPTOR creator
,
939 PSECURITY_DESCRIPTOR
*descr
,
940 GUID
**types
, ULONG count
,
941 BOOL is_container
, ULONG flags
,
942 HANDLE token
, PGENERIC_MAPPING mapping
)
944 return set_ntstatus( RtlNewSecurityObjectWithMultipleInheritance( parent
, creator
, descr
, types
, count
,
945 is_container
, flags
, token
, mapping
));
948 /******************************************************************************
949 * DestroyPrivateObjectSecurity (kernelbase.@)
951 BOOL WINAPI
DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR
*descr
)
953 return set_ntstatus( RtlDeleteSecurityObject( descr
));
956 /******************************************************************************
957 * GetFileSecurityW (kernelbase.@)
959 BOOL WINAPI
GetFileSecurityW( LPCWSTR name
, SECURITY_INFORMATION info
,
960 PSECURITY_DESCRIPTOR descr
, DWORD len
, LPDWORD ret_len
)
966 TRACE( "(%s,%ld,%p,%ld,%p)\n", debugstr_w(name
), info
, descr
, len
, ret_len
);
968 if (info
& (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
| DACL_SECURITY_INFORMATION
))
969 access
|= READ_CONTROL
;
970 if (info
& SACL_SECURITY_INFORMATION
)
971 access
|= ACCESS_SYSTEM_SECURITY
;
973 if (!(status
= open_file( name
, access
, &file
)))
975 status
= NtQuerySecurityObject( file
, info
, descr
, len
, ret_len
);
978 return set_ntstatus( status
);
981 /******************************************************************************
982 * GetKernelObjectSecurity (kernelbase.@)
984 BOOL WINAPI
GetKernelObjectSecurity( HANDLE handle
, SECURITY_INFORMATION info
,
985 PSECURITY_DESCRIPTOR descr
, DWORD len
, LPDWORD ret_len
)
987 return set_ntstatus( NtQuerySecurityObject( handle
, info
, descr
, len
, ret_len
));
990 /******************************************************************************
991 * GetPrivateObjectSecurity (kernelbase.@)
993 BOOL WINAPI
GetPrivateObjectSecurity( PSECURITY_DESCRIPTOR obj_descr
, SECURITY_INFORMATION info
,
994 PSECURITY_DESCRIPTOR ret_descr
, DWORD len
, PDWORD ret_len
)
996 SECURITY_DESCRIPTOR desc
;
997 BOOL defaulted
, present
;
1001 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", obj_descr
, info
, ret_descr
, len
, ret_len
);
1003 if (!InitializeSecurityDescriptor(&desc
, SECURITY_DESCRIPTOR_REVISION
)) return FALSE
;
1005 if (info
& OWNER_SECURITY_INFORMATION
)
1007 if (!GetSecurityDescriptorOwner(obj_descr
, &psid
, &defaulted
)) return FALSE
;
1008 SetSecurityDescriptorOwner(&desc
, psid
, defaulted
);
1010 if (info
& GROUP_SECURITY_INFORMATION
)
1012 if (!GetSecurityDescriptorGroup(obj_descr
, &psid
, &defaulted
)) return FALSE
;
1013 SetSecurityDescriptorGroup(&desc
, psid
, defaulted
);
1015 if (info
& DACL_SECURITY_INFORMATION
)
1017 if (!GetSecurityDescriptorDacl(obj_descr
, &present
, &pacl
, &defaulted
)) return FALSE
;
1018 SetSecurityDescriptorDacl(&desc
, present
, pacl
, defaulted
);
1020 if (info
& SACL_SECURITY_INFORMATION
)
1022 if (!GetSecurityDescriptorSacl(obj_descr
, &present
, &pacl
, &defaulted
)) return FALSE
;
1023 SetSecurityDescriptorSacl(&desc
, present
, pacl
, defaulted
);
1027 return MakeSelfRelativeSD(&desc
, ret_descr
, ret_len
);
1030 /******************************************************************************
1031 * GetSecurityDescriptorControl (kernelbase.@)
1033 BOOL WINAPI
GetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr
, PSECURITY_DESCRIPTOR_CONTROL control
,
1036 return set_ntstatus( RtlGetControlSecurityDescriptor( descr
, control
, revision
));
1039 /******************************************************************************
1040 * GetSecurityDescriptorDacl (kernelbase.@)
1042 BOOL WINAPI
GetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr
, LPBOOL dacl_present
, PACL
*dacl
,
1043 LPBOOL dacl_defaulted
)
1045 BOOLEAN present
, defaulted
;
1046 BOOL ret
= set_ntstatus( RtlGetDaclSecurityDescriptor( descr
, &present
, dacl
, &defaulted
));
1047 *dacl_present
= present
;
1048 *dacl_defaulted
= defaulted
;
1052 /******************************************************************************
1053 * GetSecurityDescriptorGroup (kernelbase.@)
1055 BOOL WINAPI
GetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr
, PSID
*group
, LPBOOL group_defaulted
)
1058 BOOL ret
= set_ntstatus( RtlGetGroupSecurityDescriptor( descr
, group
, &defaulted
));
1059 *group_defaulted
= defaulted
;
1063 /******************************************************************************
1064 * GetSecurityDescriptorLength (kernelbase.@)
1066 DWORD WINAPI
GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR descr
)
1068 return RtlLengthSecurityDescriptor( descr
);
1071 /******************************************************************************
1072 * GetSecurityDescriptorOwner (kernelbase.@)
1074 BOOL WINAPI
GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr
, PSID
*owner
, LPBOOL owner_defaulted
)
1077 BOOL ret
= set_ntstatus( RtlGetOwnerSecurityDescriptor( descr
, owner
, &defaulted
));
1078 *owner_defaulted
= defaulted
;
1082 /******************************************************************************
1083 * GetSecurityDescriptorSacl (kernelbase.@)
1085 BOOL WINAPI
GetSecurityDescriptorSacl( PSECURITY_DESCRIPTOR descr
, LPBOOL sacl_present
, PACL
*sacl
,
1086 LPBOOL sacl_defaulted
)
1088 BOOLEAN present
, defaulted
;
1089 BOOL ret
= set_ntstatus( RtlGetSaclSecurityDescriptor( descr
, &present
, sacl
, &defaulted
));
1090 *sacl_present
= present
;
1091 *sacl_defaulted
= defaulted
;
1095 /******************************************************************************
1096 * InitializeSecurityDescriptor (kernelbase.@)
1098 BOOL WINAPI
InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR descr
, DWORD revision
)
1100 return set_ntstatus( RtlCreateSecurityDescriptor( descr
, revision
));
1103 /******************************************************************************
1104 * IsValidSecurityDescriptor (kernelbase.@)
1106 BOOL WINAPI
IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR descr
)
1108 return set_ntstatus( RtlValidSecurityDescriptor( descr
));
1111 /******************************************************************************
1112 * MakeAbsoluteSD (kernelbase.@)
1114 BOOL WINAPI
MakeAbsoluteSD ( PSECURITY_DESCRIPTOR rel_descr
, PSECURITY_DESCRIPTOR abs_descr
,
1115 LPDWORD abs_size
, PACL dacl
, LPDWORD dacl_size
, PACL sacl
, LPDWORD sacl_size
,
1116 PSID owner
, LPDWORD owner_size
, PSID group
, LPDWORD group_size
)
1118 return set_ntstatus( RtlSelfRelativeToAbsoluteSD( rel_descr
, abs_descr
, abs_size
,
1119 dacl
, dacl_size
, sacl
, sacl_size
,
1120 owner
, owner_size
, group
, group_size
));
1123 /******************************************************************************
1124 * MakeSelfRelativeSD (kernelbase.@)
1126 BOOL WINAPI
MakeSelfRelativeSD( PSECURITY_DESCRIPTOR abs_descr
, PSECURITY_DESCRIPTOR rel_descr
,
1129 return set_ntstatus( RtlMakeSelfRelativeSD( abs_descr
, rel_descr
, len
));
1132 /******************************************************************************
1133 * SetFileSecurityW (kernelbase.@)
1135 BOOL WINAPI
SetFileSecurityW( LPCWSTR name
, SECURITY_INFORMATION info
, PSECURITY_DESCRIPTOR descr
)
1141 TRACE( "(%s, 0x%lx, %p)\n", debugstr_w(name
), info
, descr
);
1143 if (info
& (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
)) access
|= WRITE_OWNER
;
1144 if (info
& SACL_SECURITY_INFORMATION
) access
|= ACCESS_SYSTEM_SECURITY
;
1145 if (info
& DACL_SECURITY_INFORMATION
) access
|= WRITE_DAC
;
1147 if (!(status
= open_file( name
, access
, &file
)))
1149 status
= NtSetSecurityObject( file
, info
, descr
);
1152 return set_ntstatus( status
);
1155 /*************************************************************************
1156 * SetKernelObjectSecurity (kernelbase.@)
1158 BOOL WINAPI
SetKernelObjectSecurity( HANDLE handle
, SECURITY_INFORMATION info
, PSECURITY_DESCRIPTOR descr
)
1160 return set_ntstatus( NtSetSecurityObject( handle
, info
, descr
));
1163 /*************************************************************************
1164 * SetPrivateObjectSecurity (kernelbase.@)
1166 BOOL WINAPI
SetPrivateObjectSecurity( SECURITY_INFORMATION info
, PSECURITY_DESCRIPTOR descr
,
1167 PSECURITY_DESCRIPTOR
*obj_descr
, PGENERIC_MAPPING mapping
,
1170 FIXME( "0x%08lx %p %p %p %p - stub\n", info
, descr
, obj_descr
, mapping
, token
);
1174 /*************************************************************************
1175 * SetPrivateObjectSecurityEx (kernelbase.@)
1177 BOOL WINAPI
SetPrivateObjectSecurityEx( SECURITY_INFORMATION info
, PSECURITY_DESCRIPTOR descr
,
1178 PSECURITY_DESCRIPTOR
*obj_descr
, ULONG flags
,
1179 PGENERIC_MAPPING mapping
, HANDLE token
)
1181 FIXME( "0x%08lx %p %p %lu %p %p - stub\n", info
, descr
, obj_descr
, flags
, mapping
, token
);
1185 /******************************************************************************
1186 * SetSecurityDescriptorControl (kernelbase.@)
1188 BOOL WINAPI
SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr
, SECURITY_DESCRIPTOR_CONTROL mask
,
1189 SECURITY_DESCRIPTOR_CONTROL set
)
1191 return set_ntstatus( RtlSetControlSecurityDescriptor( descr
, mask
, set
));
1194 /******************************************************************************
1195 * SetSecurityDescriptorDacl (kernelbase.@)
1197 BOOL WINAPI
SetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr
, BOOL present
, PACL dacl
, BOOL defaulted
)
1199 return set_ntstatus( RtlSetDaclSecurityDescriptor( descr
, present
, dacl
, defaulted
));
1202 /******************************************************************************
1203 * SetSecurityDescriptorGroup (kernelbase.@)
1205 BOOL WINAPI
SetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr
, PSID group
, BOOL defaulted
)
1207 return set_ntstatus( RtlSetGroupSecurityDescriptor( descr
, group
, defaulted
));
1210 /******************************************************************************
1211 * SetSecurityDescriptorOwner (kernelbase.@)
1213 BOOL WINAPI
SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr
, PSID owner
, BOOL defaulted
)
1215 return set_ntstatus( RtlSetOwnerSecurityDescriptor( descr
, owner
, defaulted
));
1218 /**************************************************************************
1219 * SetSecurityDescriptorSacl (kernelbase.@)
1221 BOOL WINAPI
SetSecurityDescriptorSacl ( PSECURITY_DESCRIPTOR descr
, BOOL present
, PACL sacl
, BOOL defaulted
)
1223 return set_ntstatus( RtlSetSaclSecurityDescriptor( descr
, present
, sacl
, defaulted
));
1227 /******************************************************************************
1228 * Access control functions
1229 ******************************************************************************/
1232 /******************************************************************************
1233 * AccessCheck (kernelbase.@)
1235 BOOL WINAPI
AccessCheck( PSECURITY_DESCRIPTOR descr
, HANDLE token
, DWORD access
, PGENERIC_MAPPING mapping
,
1236 PPRIVILEGE_SET priv
, LPDWORD priv_len
, LPDWORD granted
, LPBOOL status
)
1238 NTSTATUS access_status
;
1239 BOOL ret
= set_ntstatus( NtAccessCheck( descr
, token
, access
, mapping
, priv
, priv_len
,
1240 granted
, &access_status
));
1241 if (ret
) *status
= set_ntstatus( access_status
);
1245 /******************************************************************************
1246 * AccessCheckAndAuditAlarmW (kernelbase.@)
1248 BOOL WINAPI
AccessCheckAndAuditAlarmW( LPCWSTR subsystem
, LPVOID id
, LPWSTR type_name
,
1249 LPWSTR name
, PSECURITY_DESCRIPTOR descr
, DWORD access
,
1250 PGENERIC_MAPPING mapping
, BOOL creation
,
1251 LPDWORD granted
, LPBOOL status
, LPBOOL on_close
)
1253 FIXME( "stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(subsystem
),
1254 id
, debugstr_w(type_name
), debugstr_w(name
), descr
, access
, mapping
,
1255 creation
, granted
, status
, on_close
);
1259 /******************************************************************************
1260 * AccessCheckByType (kernelbase.@)
1262 BOOL WINAPI
AccessCheckByType( PSECURITY_DESCRIPTOR descr
, PSID sid
, HANDLE token
, DWORD access
,
1263 POBJECT_TYPE_LIST types
, DWORD types_len
, PGENERIC_MAPPING mapping
,
1264 PPRIVILEGE_SET priv
, LPDWORD priv_len
, LPDWORD granted
, LPBOOL status
)
1271 /******************************************************************************
1272 * AddAccessAllowedAce (kernelbase.@)
1274 BOOL WINAPI
AddAccessAllowedAce( PACL acl
, DWORD rev
, DWORD access
, PSID sid
)
1276 return set_ntstatus( RtlAddAccessAllowedAce( acl
, rev
, access
, sid
));
1279 /******************************************************************************
1280 * AddAccessAllowedAceEx (kernelbase.@)
1282 BOOL WINAPI
AddAccessAllowedAceEx( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
, PSID sid
)
1284 return set_ntstatus( RtlAddAccessAllowedAceEx( acl
, rev
, flags
, access
, sid
));
1287 /******************************************************************************
1288 * AddAccessAllowedObjectAce (kernelbase.@)
1290 BOOL WINAPI
AddAccessAllowedObjectAce( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
,
1291 GUID
*type
, GUID
*inherit
, PSID sid
)
1293 return set_ntstatus( RtlAddAccessAllowedObjectAce( acl
, rev
, flags
, access
, type
, inherit
, sid
));
1296 /******************************************************************************
1297 * AddAccessDeniedAce (kernelbase.@)
1299 BOOL WINAPI
AddAccessDeniedAce( PACL acl
, DWORD rev
, DWORD access
, PSID sid
)
1301 return set_ntstatus( RtlAddAccessDeniedAce( acl
, rev
, access
, sid
));
1304 /******************************************************************************
1305 * AddAccessDeniedAceEx (kernelbase.@)
1307 BOOL WINAPI
AddAccessDeniedAceEx( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
, PSID sid
)
1309 return set_ntstatus( RtlAddAccessDeniedAceEx( acl
, rev
, flags
, access
, sid
));
1312 /******************************************************************************
1313 * AddAccessDeniedObjectAce (kernelbase.@)
1315 BOOL WINAPI
AddAccessDeniedObjectAce( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
,
1316 GUID
*type
, GUID
*inherit
, PSID sid
)
1318 return set_ntstatus( RtlAddAccessDeniedObjectAce( acl
, rev
, flags
, access
, type
, inherit
, sid
));
1321 /******************************************************************************
1322 * AddAce (kernelbase.@)
1324 BOOL WINAPI
AddAce( PACL acl
, DWORD rev
, DWORD index
, LPVOID list
, DWORD len
)
1326 return set_ntstatus( RtlAddAce( acl
, rev
, index
, list
, len
));
1329 /******************************************************************************
1330 * AddAuditAccessAce (kernelbase.@)
1332 BOOL WINAPI
AddAuditAccessAce( PACL acl
, DWORD rev
, DWORD access
, PSID sid
, BOOL success
, BOOL failure
)
1334 return set_ntstatus( RtlAddAuditAccessAce( acl
, rev
, access
, sid
, success
, failure
));
1337 /******************************************************************************
1338 * AddAuditAccessAceEx (kernelbase.@)
1340 BOOL WINAPI
AddAuditAccessAceEx( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
,
1341 PSID sid
, BOOL success
, BOOL failure
)
1343 return set_ntstatus( RtlAddAuditAccessAceEx( acl
, rev
, flags
, access
, sid
, success
, failure
));
1346 /******************************************************************************
1347 * AddAuditAccessObjectAce (kernelbase.@)
1349 BOOL WINAPI
AddAuditAccessObjectAce( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
,
1350 GUID
*type
, GUID
*inherit
, PSID sid
, BOOL success
, BOOL failure
)
1352 return set_ntstatus( RtlAddAuditAccessObjectAce( acl
, rev
, flags
, access
,
1353 type
, inherit
, sid
, success
, failure
));
1356 /******************************************************************************
1357 * AddMandatoryAce (kernelbase.@)
1359 BOOL WINAPI
AddMandatoryAce( PACL acl
, DWORD rev
, DWORD flags
, DWORD policy
, PSID sid
)
1361 return set_ntstatus( RtlAddMandatoryAce( acl
, rev
, flags
, policy
,
1362 SYSTEM_MANDATORY_LABEL_ACE_TYPE
, sid
));
1365 /******************************************************************************
1366 * AreAllAccessesGranted (kernelbase.@)
1368 BOOL WINAPI
AreAllAccessesGranted( DWORD granted
, DWORD desired
)
1370 return RtlAreAllAccessesGranted( granted
, desired
);
1373 /******************************************************************************
1374 * AreAnyAccessesGranted (kernelbase.@)
1376 BOOL WINAPI
AreAnyAccessesGranted( DWORD granted
, DWORD desired
)
1378 return RtlAreAnyAccessesGranted( granted
, desired
);
1381 /******************************************************************************
1382 * DeleteAce (kernelbase.@)
1384 BOOL WINAPI
DeleteAce( PACL acl
, DWORD index
)
1386 return set_ntstatus( RtlDeleteAce( acl
, index
));
1389 /******************************************************************************
1390 * FindFirstFreeAce (kernelbase.@)
1392 BOOL WINAPI
FindFirstFreeAce( PACL acl
, LPVOID
*ace
)
1394 return RtlFirstFreeAce( acl
, (PACE_HEADER
*)ace
);
1397 /******************************************************************************
1398 * GetAce (kernelbase.@)
1400 BOOL WINAPI
GetAce( PACL acl
, DWORD index
, LPVOID
*ace
)
1402 return set_ntstatus( RtlGetAce( acl
, index
, ace
));
1405 /******************************************************************************
1406 * GetAclInformation (kernelbase.@)
1408 BOOL WINAPI
GetAclInformation( PACL acl
, LPVOID info
, DWORD len
, ACL_INFORMATION_CLASS
class )
1410 return set_ntstatus( RtlQueryInformationAcl( acl
, info
, len
, class ));
1413 /*************************************************************************
1414 * InitializeAcl (kernelbase.@)
1416 BOOL WINAPI
InitializeAcl( PACL acl
, DWORD size
, DWORD rev
)
1418 return set_ntstatus( RtlCreateAcl( acl
, size
, rev
));
1421 /******************************************************************************
1422 * IsValidAcl (kernelbase.@)
1424 BOOL WINAPI
IsValidAcl( PACL acl
)
1426 return RtlValidAcl( acl
);
1429 /******************************************************************************
1430 * MapGenericMask (kernelbase.@)
1432 void WINAPI
MapGenericMask( PDWORD access
, PGENERIC_MAPPING mapping
)
1434 RtlMapGenericMask( access
, mapping
);
1437 /******************************************************************************
1438 * ObjectCloseAuditAlarmW (kernelbase.@)
1440 BOOL WINAPI
ObjectCloseAuditAlarmW( LPCWSTR subsystem
, LPVOID id
, BOOL on_close
)
1442 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem
), id
, on_close
);
1446 /******************************************************************************
1447 * ObjectDeleteAuditAlarmW (kernelbase.@)
1449 BOOL WINAPI
ObjectDeleteAuditAlarmW( LPCWSTR subsystem
, LPVOID id
, BOOL on_close
)
1451 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem
), id
, on_close
);
1455 /******************************************************************************
1456 * ObjectOpenAuditAlarmW (kernelbase.@)
1458 BOOL WINAPI
ObjectOpenAuditAlarmW( LPCWSTR subsystem
, LPVOID id
, LPWSTR type
, LPWSTR name
,
1459 PSECURITY_DESCRIPTOR descr
, HANDLE token
, DWORD desired
,
1460 DWORD granted
, PPRIVILEGE_SET privs
, BOOL creation
,
1461 BOOL access
, LPBOOL on_close
)
1463 FIXME( "stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_w(subsystem
),
1464 id
, debugstr_w(type
), debugstr_w(name
), descr
, token
, desired
, granted
,
1465 privs
, creation
, access
, on_close
);
1469 /******************************************************************************
1470 * ObjectPrivilegeAuditAlarmW (kernelbase.@)
1472 BOOL WINAPI
ObjectPrivilegeAuditAlarmW( LPCWSTR subsystem
, LPVOID id
, HANDLE token
,
1473 DWORD desired
, PPRIVILEGE_SET privs
, BOOL granted
)
1475 FIXME( "stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_w(subsystem
), id
, token
, desired
, privs
, granted
);
1479 /******************************************************************************
1480 * PrivilegedServiceAuditAlarmW (kernelbase.@)
1482 BOOL WINAPI
PrivilegedServiceAuditAlarmW( LPCWSTR subsystem
, LPCWSTR service
, HANDLE token
,
1483 PPRIVILEGE_SET privs
, BOOL granted
)
1485 FIXME( "stub %s,%s,%p,%p,%x)\n", debugstr_w(subsystem
), debugstr_w(service
), token
, privs
, granted
);
1489 /******************************************************************************
1490 * SetAclInformation (kernelbase.@)
1492 BOOL WINAPI
SetAclInformation( PACL acl
, LPVOID info
, DWORD len
, ACL_INFORMATION_CLASS
class )
1494 FIXME( "%p %p 0x%08lx 0x%08x - stub\n", acl
, info
, len
, class );
1498 /******************************************************************************
1499 * SetCachedSigningLevel (kernelbase.@)
1501 BOOL WINAPI
SetCachedSigningLevel( PHANDLE source
, ULONG count
, ULONG flags
, HANDLE file
)
1503 FIXME( "%p %lu %lu %p - stub\n", source
, count
, flags
, file
);