| blob | 2030ebf638b40c85b1d7208ecf03150cd7b7801b |
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 *
20 */
24 #include <stdarg.h>
25 #include <string.h>
28 #define WIN32_NO_STATUS
51 static DWORD trustee_to_sid(DWORD nDestinationSidLength, PSID pDestinationSid, PTRUSTEEW pTrustee);
54 {
55 LPCWSTR wstr;
56 DWORD value;
60 {
61 /* same fields as struct _SID */
62 BYTE Revision;
63 BYTE SubAuthorityCount;
64 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
69 {
71 WELL_KNOWN_SID_TYPE Type;
72 MAX_SID Sid;
76 {
77 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
78 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
79 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
80 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
81 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
82 { {'O','W'}, WinCreatorOwnerRightsSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RIGHTS_RID } } },
83 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
84 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
85 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
86 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
87 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
89 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
90 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
91 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
93 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
94 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
95 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
96 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
97 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
98 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
99 { {0,0}, WinLogonIdsSid, { SID_REVISION, SECURITY_LOGON_IDS_RID_COUNT, { SECURITY_NT_AUTHORITY }, { SECURITY_LOGON_IDS_RID } } },
100 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
101 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
102 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
103 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
104 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
105 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
106 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
107 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
108 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
109 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
110 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
111 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
112 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
113 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
114 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
115 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
116 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
117 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
118 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
119 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
120 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
121 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
122 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
123 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
124 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
125 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
126 { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
127 { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
128 { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
129 { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
130 { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
131 { {'A','C'}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
132 };
134 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
136 {
138 WELL_KNOWN_SID_TYPE Type;
139 DWORD Rid;
156 };
159 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
162 WELL_KNOWN_SID_TYPE type;
163 LPCWSTR account;
164 LPCWSTR domain;
165 SID_NAME_USE name_use;
166 LPCWSTR alias;
169 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
171 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 };
172 static const WCHAR ALL_APPLICATION_PACKAGES[] = { 'A','L','L',' ','A','P','P','L','I','C','A','T','I','O','N',' ','P','A','C','K','A','G','E','S',0 };
173 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 };
174 static const WCHAR APPLICATION_PACKAGE_AUTHORITY[] = { 'A','P','P','L','I','C','A','T','I','O','N',' ','P','A','C','K','A','G','E',' ','A','U','T','H','O','R','I','T','Y',0 };
175 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 };
176 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 };
180 static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 };
182 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
184 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
187 static const WCHAR Digest_Authentication[] = { 'D','i','g','e','s','t',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
189 static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
190 static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
193 static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
194 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
196 static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 };
204 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 };
205 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 };
206 static const WCHAR NETWORK_SERVICE2[] = { 'N','E','T','W','O','R','K','S','E','R','V','I','C','E',0 };
208 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
209 static const WCHAR NTML_Authentication[] = { 'N','T','M','L',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
211 static const WCHAR Other_Organization[] = { 'O','t','h','e','r',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
212 static const WCHAR Performance_Log_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','L','o','g',' ','U','s','e','r','s',0 };
213 static const WCHAR Performance_Monitor_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','M','o','n','i','t','o','r',' ','U','s','e','r','s',0 };
215 static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','0','0','0',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 };
216 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
218 static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 };
219 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
220 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
223 static const WCHAR SChannel_Authentication[] = { 'S','C','h','a','n','n','e','l',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
226 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
229 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 };
230 static const WCHAR This_Organization[] = { 'T','h','i','s',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
249 { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup },
257 { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup , NETWORK_SERVICE2},
268 { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias },
270 { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
278 { WinBuiltinAnyPackageSid, ALL_APPLICATION_PACKAGES, APPLICATION_PACKAGE_AUTHORITY, SidTypeWellKnownGroup },
279 };
280 /*
281 * ACE access rights
282 */
317 /*
318 * ACL flags
319 */
324 /*
325 * ACE types
326 */
333 /*
334 * ACE flags
335 */
345 {
391 }
393 }
395 /* set last error code from NT status and get the proper boolean return value */
396 /* used for functions that are a simple wrapper around the corresponding ntdll API */
398 {
401 }
403 /* helper function for SE_FILE_OBJECT objects in [Get|Set]NamedSecurityInfo */
405 {
406 UNICODE_STRING file_nameW;
407 OBJECT_ATTRIBUTES attr;
408 IO_STATUS_BLOCK io;
409 NTSTATUS status;
423 }
425 /* helper function for SE_SERVICE objects in [Get|Set]NamedSecurityInfo */
426 static inline DWORD get_security_service( LPWSTR full_service_name, DWORD access, HANDLE *service )
427 {
429 DWORD err;
433 {
436 }
438 }
440 /* helper function for SE_REGISTRY_KEY objects in [Get|Set]NamedSecurityInfo */
442 {
449 HKEY hParent;
460 else
463 }
465 #define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD))
468 {
482 }
484 /************************************************************
485 * ADVAPI_IsLocalComputer
486 *
487 * Checks whether the server name indicates local machine.
488 */
490 {
492 BOOL Result;
493 LPWSTR buf;
506 }
508 /************************************************************
509 * ADVAPI_GetComputerSid
510 */
512 {
514 {
515 BYTE Revision;
516 BYTE SubAuthorityCount;
517 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
524 }
526 /* ##############################
527 ###### TOKEN FUNCTIONS ######
528 ##############################
529 */
531 /******************************************************************************
532 * OpenProcessToken [ADVAPI32.@]
533 * Opens the access token associated with a process handle.
534 *
535 * PARAMS
536 * ProcessHandle [I] Handle to process
537 * DesiredAccess [I] Desired access to process
538 * TokenHandle [O] Pointer to handle of open access token
539 *
540 * RETURNS
541 * Success: TRUE. TokenHandle contains the access token.
542 * Failure: FALSE.
543 *
544 * NOTES
545 * See NtOpenProcessToken.
546 */
547 BOOL WINAPI
550 {
552 }
554 /******************************************************************************
555 * OpenThreadToken [ADVAPI32.@]
556 *
557 * Opens the access token associated with a thread handle.
558 *
559 * PARAMS
560 * ThreadHandle [I] Handle to process
561 * DesiredAccess [I] Desired access to the thread
562 * OpenAsSelf [I] ???
563 * TokenHandle [O] Destination for the token handle
564 *
565 * RETURNS
566 * Success: TRUE. TokenHandle contains the access token.
567 * Failure: FALSE.
568 *
569 * NOTES
570 * See NtOpenThreadToken.
571 */
572 BOOL WINAPI
575 {
577 }
579 BOOL WINAPI
582 {
585 }
587 /******************************************************************************
588 * AdjustTokenPrivileges [ADVAPI32.@]
589 *
590 * Adjust the privileges of an open token handle.
591 *
592 * PARAMS
593 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
594 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
595 * NewState [I] Desired new privileges of the token
596 * BufferLength [I] Length of NewState
597 * PreviousState [O] Destination for the previous state
598 * ReturnLength [I/O] Size of PreviousState
599 *
600 *
601 * RETURNS
602 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
603 * Failure: FALSE.
604 *
605 * NOTES
606 * See NtAdjustPrivilegesToken.
607 */
608 BOOL WINAPI
612 {
613 NTSTATUS status;
620 ReturnLength);
624 else
626 }
628 /******************************************************************************
629 * CheckTokenMembership [ADVAPI32.@]
630 *
631 * Determine if an access token is a member of a SID.
632 *
633 * PARAMS
634 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
635 * SidToCheck [I] SID that possibly contains the token
636 * IsMember [O] Destination for result.
637 *
638 * RETURNS
639 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
640 * Failure: FALSE.
641 */
642 BOOL WINAPI
644 PBOOL is_member )
645 {
649 BOOL ret;
656 {
658 {
659 HANDLE process_token;
669 }
671 }
672 else
673 {
674 TOKEN_TYPE type;
680 {
683 }
684 }
692 {
695 }
702 {
708 {
712 }
713 }
715 exit:
720 }
722 /******************************************************************************
723 * GetTokenInformation [ADVAPI32.@]
724 *
725 * Get a type of information about an access token.
726 *
727 * PARAMS
728 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
729 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
730 * tokeninfo [O] Destination for token information
731 * tokeninfolength [I] Length of tokeninfo
732 * retlen [O] Destination for returned token information length
733 *
734 * RETURNS
735 * Success: TRUE. tokeninfo contains retlen bytes of token information
736 * Failure: FALSE.
737 *
738 * NOTES
739 * See NtQueryInformationToken.
740 */
741 BOOL WINAPI
744 {
746 token,
766 }
768 /******************************************************************************
769 * SetTokenInformation [ADVAPI32.@]
770 *
771 * Set information for an access token.
772 *
773 * PARAMS
774 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
775 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
776 * tokeninfo [I] Token information to set
777 * tokeninfolength [I] Length of tokeninfo
778 *
779 * RETURNS
780 * Success: TRUE. The information for the token is set to tokeninfo.
781 * Failure: FALSE.
782 */
783 BOOL WINAPI
786 {
788 token,
807 return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
808 }
810 /*************************************************************************
811 * SetThreadToken [ADVAPI32.@]
812 *
813 * Assigns an 'impersonation token' to a thread so it can assume the
814 * security privileges of another thread or process. Can also remove
815 * a previously assigned token.
816 *
817 * PARAMS
818 * thread [O] Handle to thread to set the token for
819 * token [I] Token to set
820 *
821 * RETURNS
822 * Success: TRUE. The threads access token is set to token
823 * Failure: FALSE.
824 *
825 * NOTES
826 * Only supported on NT or higher. On Win9X this function does nothing.
827 * See SetTokenInformation.
828 */
830 {
833 }
835 /*************************************************************************
836 * CreateRestrictedToken [ADVAPI32.@]
837 *
838 * Create a new more restricted token from an existing token.
839 *
840 * PARAMS
841 * baseToken [I] Token to base the new restricted token on
842 * flags [I] Options
843 * nDisableSids [I] Length of disableSids array
844 * disableSids [I] Array of SIDs to disable in the new token
845 * nDeletePrivs [I] Length of deletePrivs array
846 * deletePrivs [I] Array of privileges to delete in the new token
847 * nRestrictSids [I] Length of restrictSids array
848 * restrictSids [I] Array of SIDs to restrict in the new token
849 * newToken [O] Address where the new token is stored
850 *
851 * RETURNS
852 * Success: TRUE
853 * Failure: FALSE
854 */
856 HANDLE baseToken,
857 DWORD flags,
858 DWORD nDisableSids,
859 PSID_AND_ATTRIBUTES disableSids,
860 DWORD nDeletePrivs,
861 PLUID_AND_ATTRIBUTES deletePrivs,
862 DWORD nRestrictSids,
863 PSID_AND_ATTRIBUTES restrictSids,
864 PHANDLE newToken)
865 {
866 TOKEN_TYPE type;
868 DWORD size;
874 newToken);
879 {
883 }
885 }
887 /* ##############################
888 ###### SID FUNCTIONS ######
889 ##############################
890 */
892 /******************************************************************************
893 * AllocateAndInitializeSid [ADVAPI32.@]
894 *
895 * PARAMS
896 * pIdentifierAuthority []
897 * nSubAuthorityCount []
898 * nSubAuthority0 []
899 * nSubAuthority1 []
900 * nSubAuthority2 []
901 * nSubAuthority3 []
902 * nSubAuthority4 []
903 * nSubAuthority5 []
904 * nSubAuthority6 []
905 * nSubAuthority7 []
906 * pSid []
907 */
908 BOOL WINAPI
910 BYTE nSubAuthorityCount,
916 {
921 pSid ));
922 }
924 /******************************************************************************
925 * FreeSid [ADVAPI32.@]
926 *
927 * PARAMS
928 * pSid []
929 */
930 PVOID WINAPI
932 {
935 }
937 /******************************************************************************
938 * CopySid [ADVAPI32.@]
939 *
940 * PARAMS
941 * nDestinationSidLength []
942 * pDestinationSid []
943 * pSourceSid []
944 */
945 BOOL WINAPI
947 {
949 }
951 /******************************************************************************
952 * CreateWellKnownSid [ADVAPI32.@]
953 */
954 BOOL WINAPI
956 PSID DomainSid,
957 PSID pSid,
959 {
964 {
967 }
974 {
978 }
980 {
983 }
987 }
988 }
991 {
994 }
1003 {
1007 }
1009 {
1012 }
1018 }
1022 }
1024 /******************************************************************************
1025 * IsWellKnownSid [ADVAPI32.@]
1026 */
1027 BOOL WINAPI
1029 {
1039 }
1041 BOOL WINAPI
1043 {
1045 DWORD size;
1046 NTSTATUS status;
1047 BOOL restricted;
1057 {
1060 }
1064 {
1067 }
1073 }
1075 /******************************************************************************
1076 * IsValidSid [ADVAPI32.@]
1077 *
1078 * PARAMS
1079 * pSid []
1080 */
1081 BOOL WINAPI
1083 {
1085 }
1087 /******************************************************************************
1088 * EqualSid [ADVAPI32.@]
1089 *
1090 * PARAMS
1091 * pSid1 []
1092 * pSid2 []
1093 */
1094 BOOL WINAPI
1096 {
1100 }
1102 /******************************************************************************
1103 * EqualPrefixSid [ADVAPI32.@]
1104 */
1106 {
1108 }
1110 /******************************************************************************
1111 * GetSidLengthRequired [ADVAPI32.@]
1112 *
1113 * PARAMS
1114 * nSubAuthorityCount []
1115 */
1116 DWORD WINAPI
1118 {
1120 }
1122 /******************************************************************************
1123 * InitializeSid [ADVAPI32.@]
1124 *
1125 * PARAMS
1126 * pIdentifierAuthority []
1127 */
1128 BOOL WINAPI
1130 PSID pSid,
1131 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
1132 BYTE nSubAuthorityCount)
1133 {
1135 }
1137 DWORD WINAPI
1139 {
1144 }
1146 DWORD WINAPI
1148 {
1152 }
1154 /******************************************************************************
1155 * GetSidIdentifierAuthority [ADVAPI32.@]
1156 *
1157 * PARAMS
1158 * pSid []
1159 */
1160 PSID_IDENTIFIER_AUTHORITY WINAPI
1162 {
1165 }
1167 /******************************************************************************
1168 * GetSidSubAuthority [ADVAPI32.@]
1169 *
1170 * PARAMS
1171 * pSid []
1172 * nSubAuthority []
1173 */
1174 PDWORD WINAPI
1176 {
1179 }
1181 /******************************************************************************
1182 * GetSidSubAuthorityCount [ADVAPI32.@]
1183 *
1184 * PARAMS
1185 * pSid []
1186 */
1187 PUCHAR WINAPI
1189 {
1192 }
1194 /******************************************************************************
1195 * GetLengthSid [ADVAPI32.@]
1196 *
1197 * PARAMS
1198 * pSid []
1199 */
1200 DWORD WINAPI
1202 {
1204 }
1206 /* ##############################################
1207 ###### SECURITY DESCRIPTOR FUNCTIONS ######
1208 ##############################################
1209 */
1211 /******************************************************************************
1212 * BuildSecurityDescriptorA [ADVAPI32.@]
1213 *
1214 * Builds a SD from
1215 *
1216 * PARAMS
1217 * pOwner [I]
1218 * pGroup [I]
1219 * cCountOfAccessEntries [I]
1220 * pListOfAccessEntries [I]
1221 * cCountOfAuditEntries [I]
1222 * pListofAuditEntries [I]
1223 * pOldSD [I]
1224 * lpdwBufferLength [I/O]
1225 * pNewSD [O]
1226 *
1227 * RETURNS
1228 * Success: ERROR_SUCCESS
1229 * Failure: nonzero error code from Winerror.h
1230 */
1232 IN PTRUSTEEA pOwner,
1233 IN PTRUSTEEA pGroup,
1234 IN ULONG cCountOfAccessEntries,
1235 IN PEXPLICIT_ACCESSA pListOfAccessEntries,
1236 IN ULONG cCountOfAuditEntries,
1237 IN PEXPLICIT_ACCESSA pListofAuditEntries,
1238 IN PSECURITY_DESCRIPTOR pOldSD,
1239 IN OUT PULONG lpdwBufferLength,
1241 {
1247 }
1249 /******************************************************************************
1250 * BuildSecurityDescriptorW [ADVAPI32.@]
1251 *
1252 * See BuildSecurityDescriptorA.
1253 */
1255 IN PTRUSTEEW pOwner,
1256 IN PTRUSTEEW pGroup,
1257 IN ULONG cCountOfAccessEntries,
1258 IN PEXPLICIT_ACCESSW pListOfAccessEntries,
1259 IN ULONG cCountOfAuditEntries,
1260 IN PEXPLICIT_ACCESSW pListOfAuditEntries,
1261 IN PSECURITY_DESCRIPTOR pOldSD,
1262 IN OUT PULONG lpdwBufferLength,
1264 {
1265 SECURITY_DESCRIPTOR desc;
1266 NTSTATUS status;
1274 {
1275 SECURITY_DESCRIPTOR_CONTROL control;
1279 DWORD revision;
1281 if ((status = RtlGetControlSecurityDescriptor( pOldSD, &control, &revision )) != STATUS_SUCCESS)
1287 status = RtlSelfRelativeToAbsoluteSD( pOldSD, &desc, &desc_size, dacl, &dacl_size, sacl, &sacl_size,
1290 {
1301 status = RtlSelfRelativeToAbsoluteSD( pOldSD, &desc, &desc_size, dacl, &dacl_size, sacl, &sacl_size,
1303 }
1305 {
1311 }
1312 }
1313 else
1314 {
1315 if ((status = RtlCreateSecurityDescriptor( &desc, SECURITY_DESCRIPTOR_REVISION )) != STATUS_SUCCESS)
1317 }
1320 {
1325 }
1328 {
1333 }
1336 {
1337 PACL new_dacl;
1339 if ((ret = SetEntriesInAclW( cCountOfAccessEntries, pListOfAccessEntries, desc.Dacl, &new_dacl )))
1345 }
1348 {
1349 PACL new_sacl;
1351 if ((ret = SetEntriesInAclW( cCountOfAuditEntries, pListOfAuditEntries, desc.Sacl, &new_sacl )))
1357 }
1363 {
1367 }
1369 done:
1370 /* free absolute descriptor */
1376 }
1378 /******************************************************************************
1379 * InitializeSecurityDescriptor [ADVAPI32.@]
1380 *
1381 * PARAMS
1382 * pDescr []
1383 * revision []
1384 */
1385 BOOL WINAPI
1387 {
1389 }
1392 /******************************************************************************
1393 * MakeAbsoluteSD [ADVAPI32.@]
1394 */
1396 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1397 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1398 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
1399 OUT PACL pDacl,
1400 OUT LPDWORD lpdwDaclSize,
1401 OUT PACL pSacl,
1402 OUT LPDWORD lpdwSaclSize,
1403 OUT PSID pOwner,
1404 OUT LPDWORD lpdwOwnerSize,
1405 OUT PSID pPrimaryGroup,
1406 OUT LPDWORD lpdwPrimaryGroupSize)
1407 {
1409 pAbsoluteSecurityDescriptor,
1410 lpdwAbsoluteSecurityDescriptorSize,
1414 }
1416 /******************************************************************************
1417 * GetKernelObjectSecurity [ADVAPI32.@]
1418 */
1420 HANDLE Handle,
1421 SECURITY_INFORMATION RequestedInformation,
1422 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1423 DWORD nLength,
1424 LPDWORD lpnLengthNeeded )
1425 {
1431 }
1433 /******************************************************************************
1434 * GetPrivateObjectSecurity [ADVAPI32.@]
1435 */
1437 PSECURITY_DESCRIPTOR ObjectDescriptor,
1438 SECURITY_INFORMATION SecurityInformation,
1439 PSECURITY_DESCRIPTOR ResultantDescriptor,
1440 DWORD DescriptorLength,
1441 PDWORD ReturnLength )
1442 {
1443 SECURITY_DESCRIPTOR desc;
1445 PACL pacl;
1446 PSID psid;
1455 {
1459 }
1462 {
1466 }
1469 {
1473 }
1476 {
1480 }
1484 }
1486 /******************************************************************************
1487 * GetSecurityDescriptorLength [ADVAPI32.@]
1488 */
1490 {
1492 }
1494 /******************************************************************************
1495 * GetSecurityDescriptorOwner [ADVAPI32.@]
1496 *
1497 * PARAMS
1498 * pOwner []
1499 * lpbOwnerDefaulted []
1500 */
1501 BOOL WINAPI
1503 LPBOOL lpbOwnerDefaulted )
1504 {
1505 BOOLEAN defaulted;
1509 }
1511 /******************************************************************************
1512 * SetSecurityDescriptorOwner [ADVAPI32.@]
1513 *
1514 * PARAMS
1515 */
1518 {
1519 return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
1520 }
1521 /******************************************************************************
1522 * GetSecurityDescriptorGroup [ADVAPI32.@]
1523 */
1525 PSECURITY_DESCRIPTOR SecurityDescriptor,
1527 LPBOOL GroupDefaulted)
1528 {
1529 BOOLEAN defaulted;
1530 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted ));
1533 }
1534 /******************************************************************************
1535 * SetSecurityDescriptorGroup [ADVAPI32.@]
1536 */
1539 {
1540 return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
1541 }
1543 /******************************************************************************
1544 * IsValidSecurityDescriptor [ADVAPI32.@]
1545 *
1546 * PARAMS
1547 * lpsecdesc []
1548 */
1549 BOOL WINAPI
1551 {
1553 }
1555 /******************************************************************************
1556 * GetSecurityDescriptorDacl [ADVAPI32.@]
1557 */
1559 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
1560 OUT LPBOOL lpbDaclPresent,
1562 OUT LPBOOL lpbDaclDefaulted)
1563 {
1565 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted));
1569 }
1571 /******************************************************************************
1572 * SetSecurityDescriptorDacl [ADVAPI32.@]
1573 */
1574 BOOL WINAPI
1576 PSECURITY_DESCRIPTOR lpsd,
1577 BOOL daclpresent,
1578 PACL dacl,
1579 BOOL dacldefaulted )
1580 {
1582 }
1583 /******************************************************************************
1584 * GetSecurityDescriptorSacl [ADVAPI32.@]
1585 */
1587 IN PSECURITY_DESCRIPTOR lpsd,
1588 OUT LPBOOL lpbSaclPresent,
1590 OUT LPBOOL lpbSaclDefaulted)
1591 {
1597 }
1599 /**************************************************************************
1600 * SetSecurityDescriptorSacl [ADVAPI32.@]
1601 */
1603 PSECURITY_DESCRIPTOR lpsd,
1604 BOOL saclpresent,
1605 PACL lpsacl,
1606 BOOL sacldefaulted)
1607 {
1609 }
1610 /******************************************************************************
1611 * MakeSelfRelativeSD [ADVAPI32.@]
1612 *
1613 * PARAMS
1614 * lpabssecdesc []
1615 * lpselfsecdesc []
1616 * lpbuflen []
1617 */
1618 BOOL WINAPI
1620 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1621 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1622 IN OUT LPDWORD lpdwBufferLength)
1623 {
1626 }
1628 /******************************************************************************
1629 * GetSecurityDescriptorControl [ADVAPI32.@]
1630 */
1634 {
1635 return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
1636 }
1638 /******************************************************************************
1639 * SetSecurityDescriptorControl [ADVAPI32.@]
1640 */
1642 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
1643 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet )
1644 {
1647 }
1649 /******************************************************************************
1650 * GetWindowsAccountDomainSid [ADVAPI32.@]
1651 */
1653 {
1655 DWORD required_size;
1661 {
1664 }
1667 {
1670 }
1673 {
1676 }
1680 {
1683 ERROR_INVALID_PARAMETER );
1685 }
1693 }
1695 /* ##############################
1696 ###### ACL FUNCTIONS ######
1697 ##############################
1698 */
1700 /*************************************************************************
1701 * InitializeAcl [ADVAPI32.@]
1702 */
1704 {
1706 }
1709 {
1710 IO_STATUS_BLOCK io_block;
1716 }
1718 /******************************************************************************
1719 * AddAccessAllowedAce [ADVAPI32.@]
1720 */
1722 IN OUT PACL pAcl,
1723 IN DWORD dwAceRevision,
1724 IN DWORD AccessMask,
1725 IN PSID pSid)
1726 {
1728 }
1730 /******************************************************************************
1731 * AddAccessAllowedAceEx [ADVAPI32.@]
1732 */
1734 IN OUT PACL pAcl,
1735 IN DWORD dwAceRevision,
1736 IN DWORD AceFlags,
1737 IN DWORD AccessMask,
1738 IN PSID pSid)
1739 {
1740 return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1741 }
1743 /******************************************************************************
1744 * AddAccessAllowedObjectAce [ADVAPI32.@]
1745 */
1747 IN OUT PACL pAcl,
1748 IN DWORD dwAceRevision,
1749 IN DWORD dwAceFlags,
1750 IN DWORD dwAccessMask,
1753 IN PSID pSid)
1754 {
1755 return set_ntstatus(RtlAddAccessAllowedObjectAce(pAcl, dwAceRevision, dwAceFlags, dwAccessMask,
1757 }
1759 /******************************************************************************
1760 * AddAccessDeniedAce [ADVAPI32.@]
1761 */
1763 IN OUT PACL pAcl,
1764 IN DWORD dwAceRevision,
1765 IN DWORD AccessMask,
1766 IN PSID pSid)
1767 {
1769 }
1771 /******************************************************************************
1772 * AddAccessDeniedAceEx [ADVAPI32.@]
1773 */
1775 IN OUT PACL pAcl,
1776 IN DWORD dwAceRevision,
1777 IN DWORD AceFlags,
1778 IN DWORD AccessMask,
1779 IN PSID pSid)
1780 {
1782 }
1784 /******************************************************************************
1785 * AddAccessDeniedObjectAce [ADVAPI32.@]
1786 */
1788 IN OUT PACL pAcl,
1789 IN DWORD dwAceRevision,
1790 IN DWORD dwAceFlags,
1791 IN DWORD dwAccessMask,
1794 IN PSID pSid)
1795 {
1796 return set_ntstatus( RtlAddAccessDeniedObjectAce(pAcl, dwAceRevision, dwAceFlags, dwAccessMask,
1798 }
1800 /******************************************************************************
1801 * AddAce [ADVAPI32.@]
1802 */
1804 IN OUT PACL pAcl,
1805 IN DWORD dwAceRevision,
1806 IN DWORD dwStartingAceIndex,
1807 LPVOID pAceList,
1808 DWORD nAceListLength)
1809 {
1810 return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
1811 }
1813 /******************************************************************************
1814 * AddMandatoryAce [ADVAPI32.@]
1815 */
1816 BOOL WINAPI AddMandatoryAce(ACL *acl, DWORD ace_revision, DWORD ace_flags, DWORD mandatory_policy, PSID label_sid)
1817 {
1820 }
1822 /******************************************************************************
1823 * DeleteAce [ADVAPI32.@]
1824 */
1826 {
1828 }
1830 /******************************************************************************
1831 * FindFirstFreeAce [ADVAPI32.@]
1832 */
1834 {
1836 }
1838 /******************************************************************************
1839 * GetAce [ADVAPI32.@]
1840 */
1842 {
1844 }
1846 /******************************************************************************
1847 * GetAclInformation [ADVAPI32.@]
1848 */
1850 PACL pAcl,
1851 LPVOID pAclInformation,
1852 DWORD nAclInformationLength,
1853 ACL_INFORMATION_CLASS dwAclInformationClass)
1854 {
1857 }
1859 /******************************************************************************
1860 * IsValidAcl [ADVAPI32.@]
1861 */
1863 {
1865 }
1867 /* ##############################
1868 ###### MISC FUNCTIONS ######
1869 ##############################
1870 */
1872 /******************************************************************************
1873 * AllocateLocallyUniqueId [ADVAPI32.@]
1874 *
1875 * PARAMS
1876 * lpLuid []
1877 */
1879 {
1881 }
1886 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1890 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
1892 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
1898 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
1902 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1906 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
1908 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1910 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1912 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1924 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1926 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
1928 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1934 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
1936 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
1940 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
1943 {
1944 NULL,
1945 NULL,
1946 SE_CREATE_TOKEN_NAME_W,
1947 SE_ASSIGNPRIMARYTOKEN_NAME_W,
1948 SE_LOCK_MEMORY_NAME_W,
1949 SE_INCREASE_QUOTA_NAME_W,
1950 SE_MACHINE_ACCOUNT_NAME_W,
1951 SE_TCB_NAME_W,
1952 SE_SECURITY_NAME_W,
1953 SE_TAKE_OWNERSHIP_NAME_W,
1954 SE_LOAD_DRIVER_NAME_W,
1955 SE_SYSTEM_PROFILE_NAME_W,
1956 SE_SYSTEMTIME_NAME_W,
1957 SE_PROF_SINGLE_PROCESS_NAME_W,
1958 SE_INC_BASE_PRIORITY_NAME_W,
1959 SE_CREATE_PAGEFILE_NAME_W,
1960 SE_CREATE_PERMANENT_NAME_W,
1961 SE_BACKUP_NAME_W,
1962 SE_RESTORE_NAME_W,
1963 SE_SHUTDOWN_NAME_W,
1964 SE_DEBUG_NAME_W,
1965 SE_AUDIT_NAME_W,
1966 SE_SYSTEM_ENVIRONMENT_NAME_W,
1967 SE_CHANGE_NOTIFY_NAME_W,
1968 SE_REMOTE_SHUTDOWN_NAME_W,
1969 SE_UNDOCK_NAME_W,
1970 SE_SYNC_AGENT_NAME_W,
1971 SE_ENABLE_DELEGATION_NAME_W,
1972 SE_MANAGE_VOLUME_NAME_W,
1973 SE_IMPERSONATE_NAME_W,
1974 SE_CREATE_GLOBAL_NAME_W,
1975 };
1978 {
1984 }
1986 /******************************************************************************
1987 * LookupPrivilegeValueW [ADVAPI32.@]
1988 *
1989 * See LookupPrivilegeValueA.
1990 */
1991 BOOL WINAPI
1993 {
1994 UINT i;
1999 {
2002 }
2004 {
2007 }
2009 {
2019 }
2022 }
2024 /******************************************************************************
2025 * LookupPrivilegeValueA [ADVAPI32.@]
2026 *
2027 * Retrieves LUID used on a system to represent the privilege name.
2028 *
2029 * PARAMS
2030 * lpSystemName [I] Name of the system
2031 * lpName [I] Name of the privilege
2032 * lpLuid [O] Destination for the resulting LUID
2033 *
2034 * RETURNS
2035 * Success: TRUE. lpLuid contains the requested LUID.
2036 * Failure: FALSE.
2037 */
2038 BOOL WINAPI
2040 {
2041 UNICODE_STRING lpSystemNameW;
2042 UNICODE_STRING lpNameW;
2043 BOOL ret;
2051 }
2053 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName,
2055 {
2060 }
2062 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName,
2064 {
2069 }
2071 /******************************************************************************
2072 * LookupPrivilegeNameA [ADVAPI32.@]
2073 *
2074 * See LookupPrivilegeNameW.
2075 */
2076 BOOL WINAPI
2078 LPDWORD cchName)
2079 {
2080 UNICODE_STRING lpSystemNameW;
2081 BOOL ret;
2089 {
2095 {
2096 /* Windows crashes if cchName is NULL, so will I */
2101 {
2102 /* WideCharToMultiByte failed */
2104 }
2106 {
2110 }
2111 else
2112 {
2113 /* WideCharToMultiByte succeeded, output length needs to be
2114 * length not including NULL terminator
2115 */
2117 }
2118 }
2120 }
2123 }
2125 /******************************************************************************
2126 * LookupPrivilegeNameW [ADVAPI32.@]
2127 *
2128 * Retrieves the privilege name referred to by the LUID lpLuid.
2129 *
2130 * PARAMS
2131 * lpSystemName [I] Name of the system
2132 * lpLuid [I] Privilege value
2133 * lpName [O] Name of the privilege
2134 * cchName [I/O] Number of characters in lpName.
2135 *
2136 * RETURNS
2137 * Success: TRUE. lpName contains the name of the privilege whose value is
2138 * *lpLuid.
2139 * Failure: FALSE.
2140 *
2141 * REMARKS
2142 * Only well-known privilege names (those defined in winnt.h) can be retrieved
2143 * using this function.
2144 * If the length of lpName is too small, on return *cchName will contain the
2145 * number of WCHARs needed to contain the privilege, including the NULL
2146 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
2147 * On success, *cchName will contain the number of characters stored in
2148 * lpName, NOT including the NULL terminator.
2149 */
2150 BOOL WINAPI
2152 LPDWORD cchName)
2153 {
2159 {
2162 }
2165 {
2168 }
2170 /* Windows crashes if cchName is NULL, so will I */
2172 {
2176 }
2177 else
2178 {
2182 }
2183 }
2185 /******************************************************************************
2186 * GetFileSecurityA [ADVAPI32.@]
2187 *
2188 * Obtains Specified information about the security of a file or directory.
2189 *
2190 * PARAMS
2191 * lpFileName [I] Name of the file to get info for
2192 * RequestedInformation [I] SE_ flags from "winnt.h"
2193 * pSecurityDescriptor [O] Destination for security information
2194 * nLength [I] Length of pSecurityDescriptor
2195 * lpnLengthNeeded [O] Destination for length of returned security information
2196 *
2197 * RETURNS
2198 * Success: TRUE. pSecurityDescriptor contains the requested information.
2199 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
2200 *
2201 * NOTES
2202 * The information returned is constrained by the callers access rights and
2203 * privileges.
2204 */
2205 BOOL WINAPI
2207 SECURITY_INFORMATION RequestedInformation,
2208 PSECURITY_DESCRIPTOR pSecurityDescriptor,
2210 {
2211 BOOL r;
2212 LPWSTR name;
2220 }
2222 /******************************************************************************
2223 * GetFileSecurityW [ADVAPI32.@]
2224 *
2225 * See GetFileSecurityA.
2226 */
2227 BOOL WINAPI
2229 SECURITY_INFORMATION RequestedInformation,
2230 PSECURITY_DESCRIPTOR pSecurityDescriptor,
2232 {
2233 HANDLE hfile;
2234 NTSTATUS status;
2242 DACL_SECURITY_INFORMATION))
2249 {
2252 }
2258 }
2261 /******************************************************************************
2262 * LookupAccountSidA [ADVAPI32.@]
2263 */
2264 BOOL WINAPI
2266 IN LPCSTR system,
2267 IN PSID sid,
2268 OUT LPSTR account,
2269 IN OUT LPDWORD accountSize,
2270 OUT LPSTR domain,
2271 IN OUT LPDWORD domainSize,
2272 OUT PSID_NAME_USE name_use )
2273 {
2274 DWORD len;
2275 BOOL r;
2276 LPWSTR systemW;
2288 r = LookupAccountSidW( systemW, sid, accountW, &accountSizeW, domainW, &domainSizeW, name_use );
2304 }
2305 else
2306 {
2309 }
2316 }
2318 /******************************************************************************
2319 * LookupAccountSidLocalA [ADVAPI32.@]
2320 */
2321 BOOL WINAPI
2323 PSID sid,
2324 LPSTR account,
2325 LPDWORD accountSize,
2326 LPSTR domain,
2327 LPDWORD domainSize,
2328 PSID_NAME_USE name_use )
2329 {
2331 }
2333 /******************************************************************************
2334 * LookupAccountSidW [ADVAPI32.@]
2335 *
2336 * PARAMS
2337 * system []
2338 * sid []
2339 * account []
2340 * accountSize []
2341 * domain []
2342 * domainSize []
2343 * name_use []
2344 */
2346 BOOL WINAPI
2348 IN LPCWSTR system,
2349 IN PSID sid,
2350 OUT LPWSTR account,
2351 IN OUT LPDWORD accountSize,
2352 OUT LPWSTR domain,
2353 IN OUT LPDWORD domainSize,
2354 OUT PSID_NAME_USE name_use )
2355 {
2367 name_use);
2373 }
2375 /* check the well known SIDs first */
2383 }
2384 }
2386 }
2387 }
2390 MAX_SID local;
2392 /* check for the local computer next */
2395 BOOL result;
2453 else
2460 }
2461 }
2462 }
2463 }
2464 }
2465 }
2475 }
2479 }
2484 {
2487 }
2490 else
2494 else
2501 }
2507 }
2509 /******************************************************************************
2510 * LookupAccountSidLocalW [ADVAPI32.@]
2511 */
2512 BOOL WINAPI
2514 PSID sid,
2515 LPWSTR account,
2516 LPDWORD accountSize,
2517 LPWSTR domain,
2518 LPDWORD domainSize,
2519 PSID_NAME_USE name_use )
2520 {
2522 }
2524 /******************************************************************************
2525 * SetFileSecurityA [ADVAPI32.@]
2526 *
2527 * See SetFileSecurityW.
2528 */
2530 SECURITY_INFORMATION RequestedInformation,
2531 PSECURITY_DESCRIPTOR pSecurityDescriptor)
2532 {
2533 BOOL r;
2534 LPWSTR name;
2541 }
2543 /******************************************************************************
2544 * SetFileSecurityW [ADVAPI32.@]
2545 *
2546 * Sets the security of a file or directory.
2547 *
2548 * PARAMS
2549 * lpFileName []
2550 * RequestedInformation []
2551 * pSecurityDescriptor []
2552 *
2553 * RETURNS
2554 * Success: TRUE.
2555 * Failure: FALSE.
2556 */
2557 BOOL WINAPI
2559 SECURITY_INFORMATION RequestedInformation,
2560 PSECURITY_DESCRIPTOR pSecurityDescriptor )
2561 {
2562 HANDLE file;
2564 NTSTATUS status;
2567 pSecurityDescriptor );
2579 {
2582 }
2587 }
2589 /******************************************************************************
2590 * QueryWindows31FilesMigration [ADVAPI32.@]
2591 *
2592 * PARAMS
2593 * x1 []
2594 */
2595 BOOL WINAPI
2597 {
2600 }
2602 /******************************************************************************
2603 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
2604 *
2605 * PARAMS
2606 * x1 []
2607 * x2 []
2608 * x3 []
2609 * x4 []
2610 */
2611 BOOL WINAPI
2613 DWORD x4 )
2614 {
2617 }
2619 /******************************************************************************
2620 * NotifyBootConfigStatus [ADVAPI32.@]
2621 *
2622 * PARAMS
2623 * x1 []
2624 */
2625 BOOL WINAPI
2627 {
2630 }
2632 /******************************************************************************
2633 * RevertToSelf [ADVAPI32.@]
2634 *
2635 * Ends the impersonation of a user.
2636 *
2637 * PARAMS
2638 * void []
2639 *
2640 * RETURNS
2641 * Success: TRUE.
2642 * Failure: FALSE.
2643 */
2644 BOOL WINAPI
2646 {
2650 }
2652 /******************************************************************************
2653 * ImpersonateSelf [ADVAPI32.@]
2654 *
2655 * Makes an impersonation token that represents the process user and assigns
2656 * to the current thread.
2657 *
2658 * PARAMS
2659 * ImpersonationLevel [I] Level at which to impersonate.
2660 *
2661 * RETURNS
2662 * Success: TRUE.
2663 * Failure: FALSE.
2664 */
2665 BOOL WINAPI
2667 {
2669 }
2671 /******************************************************************************
2672 * ImpersonateLoggedOnUser [ADVAPI32.@]
2673 */
2675 {
2676 DWORD size;
2677 NTSTATUS Status;
2678 HANDLE ImpersonationToken;
2679 TOKEN_TYPE Type;
2683 {
2686 }
2692 {
2693 OBJECT_ATTRIBUTES ObjectAttributes;
2700 SecurityImpersonation,
2701 TokenImpersonation,
2704 {
2708 }
2709 }
2710 else
2714 ThreadImpersonationToken,
2722 {
2726 }
2729 }
2731 /******************************************************************************
2732 * ImpersonateAnonymousToken [ADVAPI32.@]
2733 */
2735 {
2738 }
2740 /******************************************************************************
2741 * AccessCheck [ADVAPI32.@]
2742 */
2743 BOOL WINAPI
2745 PSECURITY_DESCRIPTOR SecurityDescriptor,
2746 HANDLE ClientToken,
2747 DWORD DesiredAccess,
2748 PGENERIC_MAPPING GenericMapping,
2749 PPRIVILEGE_SET PrivilegeSet,
2750 LPDWORD PrivilegeSetLength,
2751 LPDWORD GrantedAccess,
2752 LPBOOL AccessStatus)
2753 {
2754 NTSTATUS access_status;
2760 }
2763 /******************************************************************************
2764 * AccessCheckByType [ADVAPI32.@]
2765 */
2767 PSECURITY_DESCRIPTOR pSecurityDescriptor,
2768 PSID PrincipalSelfSid,
2769 HANDLE ClientToken,
2770 DWORD DesiredAccess,
2771 POBJECT_TYPE_LIST ObjectTypeList,
2772 DWORD ObjectTypeListLength,
2773 PGENERIC_MAPPING GenericMapping,
2774 PPRIVILEGE_SET PrivilegeSet,
2775 LPDWORD PrivilegeSetLength,
2776 LPDWORD GrantedAccess,
2777 LPBOOL AccessStatus)
2778 {
2784 }
2786 /******************************************************************************
2787 * MapGenericMask [ADVAPI32.@]
2788 *
2789 * Maps generic access rights into specific access rights according to the
2790 * supplied mapping.
2791 *
2792 * PARAMS
2793 * AccessMask [I/O] Access rights.
2794 * GenericMapping [I] The mapping between generic and specific rights.
2795 *
2796 * RETURNS
2797 * Nothing.
2798 */
2800 {
2802 }
2804 /*************************************************************************
2805 * SetKernelObjectSecurity [ADVAPI32.@]
2806 */
2808 IN HANDLE Handle,
2809 IN SECURITY_INFORMATION SecurityInformation,
2810 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
2811 {
2813 }
2816 /******************************************************************************
2817 * AddAuditAccessAce [ADVAPI32.@]
2818 */
2820 IN OUT PACL pAcl,
2821 IN DWORD dwAceRevision,
2822 IN DWORD dwAccessMask,
2823 IN PSID pSid,
2824 IN BOOL bAuditSuccess,
2825 IN BOOL bAuditFailure)
2826 {
2829 }
2831 /******************************************************************************
2832 * AddAuditAccessAceEx [ADVAPI32.@]
2833 */
2835 IN OUT PACL pAcl,
2836 IN DWORD dwAceRevision,
2837 IN DWORD dwAceFlags,
2838 IN DWORD dwAccessMask,
2839 IN PSID pSid,
2840 IN BOOL bAuditSuccess,
2841 IN BOOL bAuditFailure)
2842 {
2843 return set_ntstatus( RtlAddAuditAccessAceEx(pAcl, dwAceRevision, dwAceFlags, dwAccessMask, pSid,
2845 }
2847 /******************************************************************************
2848 * AddAuditAccessObjectAce [ADVAPI32.@]
2849 */
2851 IN OUT PACL pAcl,
2852 IN DWORD dwAceRevision,
2853 IN DWORD dwAceFlags,
2854 IN DWORD dwAccessMask,
2857 IN PSID pSid,
2858 IN BOOL bAuditSuccess,
2859 IN BOOL bAuditFailure)
2860 {
2863 }
2865 /******************************************************************************
2866 * LookupAccountNameA [ADVAPI32.@]
2867 */
2868 BOOL WINAPI
2870 IN LPCSTR system,
2871 IN LPCSTR account,
2872 OUT PSID sid,
2873 OUT LPDWORD cbSid,
2874 LPSTR ReferencedDomainName,
2875 IN OUT LPDWORD cbReferencedDomainName,
2876 OUT PSID_NAME_USE name_use )
2877 {
2878 BOOL ret;
2879 UNICODE_STRING lpSystemW;
2880 UNICODE_STRING lpAccountW;
2889 ret = LookupAccountNameW(lpSystemW.Buffer, lpAccountW.Buffer, sid, cbSid, lpReferencedDomainNameW,
2893 {
2896 }
2903 }
2905 /******************************************************************************
2906 * lookup_user_account_name
2907 */
2910 {
2913 HANDLE token;
2914 BOOL ret;
2915 PSID pSid;
2917 DWORD nameLen;
2920 {
2923 }
2935 {
2938 }
2943 {
2946 }
2948 {
2952 }
2962 }
2964 /******************************************************************************
2965 * lookup_computer_account_name
2966 */
2969 {
2970 MAX_SID local;
2971 BOOL ret;
2973 DWORD nameLen;
2976 {
2980 {
2983 }
2985 }
2989 {
2992 }
2994 {
2998 }
3008 }
3012 {
3018 {
3024 }
3025 else
3026 {
3032 }
3033 }
3036 {
3039 if (len == domain->Length / sizeof(WCHAR) && !strncmpiW( domain->Buffer, ACCOUNT_SIDS[idx].domain, len ))
3043 }
3046 {
3049 if (len == account->Length / sizeof(WCHAR) && !strncmpiW( account->Buffer, ACCOUNT_SIDS[idx].account, len ))
3053 {
3055 if (len == account->Length / sizeof(WCHAR) && !strncmpiW( account->Buffer, ACCOUNT_SIDS[idx].alias, len ))
3057 }
3059 }
3061 /*
3062 * Helper function for LookupAccountNameW
3063 */
3066 LPWSTR ReferencedDomainName,
3067 LPDWORD cchReferencedDomainName,
3069 {
3070 PSID pSid;
3073 ULONG i;
3079 {
3080 /* check domain first */
3084 {
3090 {
3092 {
3095 }
3097 {
3099 }
3101 }
3105 {
3107 len++;
3109 }
3111 {
3113 }
3122 }
3123 }
3125 }
3129 LPWSTR ReferencedDomainName,
3130 LPDWORD cchReferencedDomainName,
3132 {
3133 DWORD nameLen;
3141 /* Let the current Unix user id masquerade as first Windows user account */
3147 {
3148 /* check to make sure this account is on this computer */
3151 {
3154 }
3156 }
3159 account.Length / sizeof(WCHAR) == nameLen - 1 && !strncmpW( account.Buffer, userName, nameLen - 1 ))
3160 {
3161 ret = lookup_user_account_name( Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse );
3163 }
3164 else
3165 {
3169 {
3170 ret = lookup_computer_account_name( Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse );
3172 }
3173 }
3177 }
3179 /******************************************************************************
3180 * LookupAccountNameW [ADVAPI32.@]
3181 */
3185 {
3187 LSA_UNICODE_STRING account;
3193 {
3197 }
3200 {
3202 }
3206 /* Check well known SIDs first */
3212 /* Check user names */
3220 }
3222 /******************************************************************************
3223 * PrivilegeCheck [ADVAPI32.@]
3224 */
3225 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
3226 {
3227 BOOL ret;
3228 BOOLEAN Result;
3236 }
3238 /******************************************************************************
3239 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
3240 */
3245 {
3251 }
3253 /******************************************************************************
3254 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
3255 */
3256 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
3260 {
3266 }
3268 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
3269 {
3273 }
3275 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
3276 {
3280 }
3282 BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
3283 {
3287 }
3290 LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
3292 LPBOOL GenerateOnClose)
3293 {
3297 GenerateOnClose);
3300 }
3302 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName,
3303 LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
3305 LPBOOL GenerateOnClose)
3306 {
3310 GenerateOnClose);
3313 }
3315 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
3317 {
3322 }
3324 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
3326 {
3331 }
3333 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken,
3335 {
3340 }
3342 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken,
3344 {
3349 }
3351 /******************************************************************************
3352 * GetSecurityInfo [ADVAPI32.@]
3353 *
3354 * Retrieves a copy of the security descriptor associated with an object.
3355 *
3356 * PARAMS
3357 * hObject [I] A handle for the object.
3358 * ObjectType [I] The type of object.
3359 * SecurityInfo [I] A bitmask indicating what info to retrieve.
3360 * ppsidOwner [O] If non-null, receives a pointer to the owner SID.
3361 * ppsidGroup [O] If non-null, receives a pointer to the group SID.
3362 * ppDacl [O] If non-null, receives a pointer to the DACL.
3363 * ppSacl [O] If non-null, receives a pointer to the SACL.
3364 * ppSecurityDescriptor [O] Receives a pointer to the security descriptor,
3365 * which must be freed with LocalFree.
3366 *
3367 * RETURNS
3368 * ERROR_SUCCESS if all's well, and a WIN32 error code otherwise.
3369 */
3374 PSECURITY_DESCRIPTOR *ppSecurityDescriptor
3375 )
3376 {
3377 PSECURITY_DESCRIPTOR sd;
3378 NTSTATUS status;
3382 /* A NULL descriptor is allowed if any one of the other pointers is not NULL */
3383 if (!(ppsidOwner||ppsidGroup||ppDacl||ppSacl||ppSecurityDescriptor)) return ERROR_INVALID_PARAMETER;
3385 /* If no descriptor, we have to check that there's a pointer for the requested information */
3394 {
3401 }
3410 {
3417 }
3419 {
3422 }
3425 {
3428 }
3430 {
3433 }
3435 {
3438 }
3440 {
3443 }
3447 /* The security descriptor (sd) cannot be freed if ppSecurityDescriptor is
3448 * NULL, because native happily returns the SIDs and ACLs that are requested
3449 * in this case.
3450 */
3453 }
3455 /******************************************************************************
3456 * GetSecurityInfoExA [ADVAPI32.@]
3457 */
3463 )
3464 {
3467 }
3469 /******************************************************************************
3470 * GetSecurityInfoExW [ADVAPI32.@]
3471 */
3477 )
3478 {
3481 }
3483 /******************************************************************************
3484 * BuildExplicitAccessWithNameA [ADVAPI32.@]
3485 */
3489 {
3502 }
3504 /******************************************************************************
3505 * BuildExplicitAccessWithNameW [ADVAPI32.@]
3506 */
3510 {
3523 }
3525 /******************************************************************************
3526 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
3527 */
3531 {
3537 /* Fill the OBJECTS_AND_NAME structure */
3540 {
3542 }
3546 {
3548 }
3553 /* Fill the TRUSTEE structure */
3559 }
3561 /******************************************************************************
3562 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
3563 */
3567 {
3573 /* Fill the OBJECTS_AND_NAME structure */
3576 {
3578 }
3582 {
3584 }
3589 /* Fill the TRUSTEE structure */
3595 }
3597 /******************************************************************************
3598 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
3599 */
3602 {
3607 /* Fill the OBJECTS_AND_SID structure */
3609 {
3612 }
3613 else
3614 {
3617 }
3620 {
3623 }
3624 else
3625 {
3628 }
3633 /* Fill the TRUSTEE structure */
3639 }
3641 /******************************************************************************
3642 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
3643 */
3646 {
3651 /* Fill the OBJECTS_AND_SID structure */
3653 {
3656 }
3657 else
3658 {
3661 }
3664 {
3667 }
3668 else
3669 {
3672 }
3677 /* Fill the TRUSTEE structure */
3683 }
3685 /******************************************************************************
3686 * BuildTrusteeWithSidA [ADVAPI32.@]
3687 */
3689 {
3697 }
3699 /******************************************************************************
3700 * BuildTrusteeWithSidW [ADVAPI32.@]
3701 */
3703 {
3711 }
3713 /******************************************************************************
3714 * BuildTrusteeWithNameA [ADVAPI32.@]
3715 */
3717 {
3725 }
3727 /******************************************************************************
3728 * BuildTrusteeWithNameW [ADVAPI32.@]
3729 */
3731 {
3739 }
3741 /******************************************************************************
3742 * GetTrusteeFormA [ADVAPI32.@]
3743 */
3745 {
3752 }
3754 /******************************************************************************
3755 * GetTrusteeFormW [ADVAPI32.@]
3756 */
3758 {
3765 }
3767 /******************************************************************************
3768 * GetTrusteeNameA [ADVAPI32.@]
3769 */
3771 {
3778 }
3780 /******************************************************************************
3781 * GetTrusteeNameW [ADVAPI32.@]
3782 */
3784 {
3791 }
3793 /******************************************************************************
3794 * GetTrusteeTypeA [ADVAPI32.@]
3795 */
3797 {
3804 }
3806 /******************************************************************************
3807 * GetTrusteeTypeW [ADVAPI32.@]
3808 */
3810 {
3817 }
3820 DWORD nAclInformationLength,
3821 ACL_INFORMATION_CLASS dwAclInformationClass )
3822 {
3827 }
3829 static DWORD trustee_name_A_to_W(TRUSTEE_FORM form, char *trustee_nameA, WCHAR **ptrustee_nameW)
3830 {
3832 {
3834 {
3837 }
3839 {
3844 {
3853 }
3857 }
3858 /* These forms do not require conversion. */
3865 }
3866 }
3869 {
3871 {
3876 {
3880 {
3885 }
3888 }
3889 /* Other forms did not require allocation, so no freeing is necessary. */
3892 }
3893 }
3895 static DWORD trustee_to_sid( DWORD nDestinationSidLength, PSID pDestinationSid, PTRUSTEEW pTrustee )
3896 {
3898 {
3901 }
3904 {
3907 {
3910 }
3913 {
3916 SID_NAME_USE use;
3918 {
3920 {
3922 }
3923 }
3924 else if (!LookupAccountNameW(NULL, pTrustee->ptstrName, pDestinationSid, &sid_size, NULL, &domain_size, &use))
3925 {
3928 }
3930 }
3940 }
3943 }
3945 /******************************************************************************
3946 * SetEntriesInAclA [ADVAPI32.@]
3947 */
3950 {
3968 {
3973 pEntriesW[alloc_index].Trustee.MultipleTrusteeOperation = pEntries[alloc_index].Trustee.MultipleTrusteeOperation;
3981 {
3987 }
3988 }
3992 cleanup:
3993 /* Free any previously allocated trustee name buffers, taking into account
3994 * a possible out-of-memory condition while building the EXPLICIT_ACCESSW
3995 * list. */
3997 free_trustee_name( pEntriesW[free_index].Trustee.TrusteeForm, pEntriesW[free_index].Trustee.ptstrName );
4001 }
4003 /******************************************************************************
4004 * SetEntriesInAclW [ADVAPI32.@]
4005 */
4008 {
4009 ULONG i;
4013 NTSTATUS status;
4023 /* allocate array of maximum sized sids allowed */
4024 ppsid = heap_alloc(count * (sizeof(SID *) + FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES])));
4029 {
4030 ppsid[i] = (char *)&ppsid[count] + i * FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]);
4032 TRACE("[%d]:\n\tgrfAccessPermissions = 0x%x\n\tgrfAccessMode = %d\n\tgrfInheritance = 0x%x\n\t"
4040 ret = trustee_to_sid( FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]), ppsid[i], &pEntries[i].Trustee);
4044 /* Note: we overestimate the ACL size here as a tradeoff between
4045 * instructions (simplicity) and memory */
4047 {
4065 }
4066 }
4069 {
4070 ACL_SIZE_INFORMATION size_info;
4074 {
4077 }
4079 }
4083 {
4086 }
4090 {
4093 }
4096 {
4098 {
4106 {
4107 ULONG j;
4110 {
4112 {
4120 {
4123 }
4124 }
4125 }
4132 }
4153 }
4154 }
4157 {
4159 {
4161 ULONG j;
4166 {
4170 {
4171 status = RtlAddAccessAllowedAceEx(*NewAcl, ACL_REVISION, pEntries[j].grfInheritance, pEntries[j].grfAccessPermissions, ppsid[j]);
4174 }
4176 {
4178 {
4197 }
4201 }
4202 }
4204 status = RtlAddAce(*NewAcl, ACL_REVISION, 1, (PACE_HEADER)old_ace_header, old_ace_header->AceSize);
4206 {
4210 }
4211 }
4212 }
4214 exit:
4217 }
4219 /******************************************************************************
4220 * SetNamedSecurityInfoA [ADVAPI32.@]
4221 */
4225 {
4226 LPWSTR wstr;
4227 DWORD r;
4239 }
4242 PSECURITY_DESCRIPTOR ModificationDescriptor,
4244 PGENERIC_MAPPING GenericMapping,
4245 HANDLE Token )
4246 {
4251 }
4254 {
4256 }
4258 /******************************************************************************
4259 * AreAnyAccessesGranted [ADVAPI32.@]
4260 *
4261 * Determines whether or not any of a set of specified access permissions have
4262 * been granted or not.
4263 *
4264 * PARAMS
4265 * GrantedAccess [I] The permissions that have been granted.
4266 * DesiredAccess [I] The permissions that you want to have.
4267 *
4268 * RETURNS
4269 * Nonzero if any of the permissions have been granted, zero if none of the
4270 * permissions have been granted.
4271 */
4274 {
4276 }
4278 /******************************************************************************
4279 * SetNamedSecurityInfoW [ADVAPI32.@]
4280 */
4284 {
4286 HANDLE handle;
4287 DWORD err;
4302 {
4305 {
4308 }
4312 {
4315 }
4321 {
4324 }
4329 }
4331 }
4333 /******************************************************************************
4334 * GetExplicitEntriesFromAclA [ADVAPI32.@]
4335 */
4338 {
4341 }
4343 /******************************************************************************
4344 * GetExplicitEntriesFromAclW [ADVAPI32.@]
4345 */
4347 {
4348 ACL_SIZE_INFORMATION sizeinfo;
4352 NTSTATUS status;
4364 {
4368 }
4370 entries = LocalAlloc(LMEM_FIXED | LMEM_ZEROINIT, (sizeof(EXPLICIT_ACCESSW) + sizeof(MAX_SID)) * sizeinfo.AceCount);
4375 {
4380 {
4382 {
4395 }
4398 {
4411 }
4417 }
4418 }
4424 error:
4427 }
4429 /******************************************************************************
4430 * GetAuditedPermissionsFromAclA [ADVAPI32.@]
4431 */
4432 DWORD WINAPI GetAuditedPermissionsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pSuccessfulAuditedRights,
4433 PACCESS_MASK pFailedAuditRights)
4434 {
4438 }
4440 /******************************************************************************
4441 * GetAuditedPermissionsFromAclW [ADVAPI32.@]
4442 */
4443 DWORD WINAPI GetAuditedPermissionsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pSuccessfulAuditedRights,
4444 PACCESS_MASK pFailedAuditRights)
4445 {
4449 }
4451 /******************************************************************************
4452 * ParseAclStringFlags
4453 */
4455 {
4460 {
4462 {
4464 }
4466 {
4467 szAcl++;
4472 }
4473 szAcl++;
4474 }
4478 }
4480 /******************************************************************************
4481 * ParseAceStringType
4482 */
4484 {
4490 /*
4491 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
4492 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
4493 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
4494 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
4495 */
4497 };
4500 {
4506 szAcl++;
4511 lpaf++;
4518 }
4521 /******************************************************************************
4522 * ParseAceStringFlags
4523 */
4525 {
4534 };
4537 {
4543 szAcl++;
4546 {
4552 lpaf++;
4559 }
4563 }
4566 /******************************************************************************
4567 * ParseAceStringRights
4568 */
4570 {
4605 };
4608 {
4614 szAcl++;
4617 {
4621 p++;
4624 {
4627 }
4628 else
4630 }
4631 else
4632 {
4634 {
4640 {
4641 lpaf++;
4642 }
4649 }
4650 }
4654 }
4657 /******************************************************************************
4658 * ParseStringAclToAcl
4659 *
4660 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
4661 */
4664 {
4665 DWORD val;
4666 DWORD sidlen;
4681 /* Parse ACL flags */
4684 /* Parse ACE */
4686 {
4687 StringAcl++;
4689 /* Parse ACE type */
4694 {
4697 }
4698 StringAcl++;
4700 /* Parse ACE flags */
4706 StringAcl++;
4708 /* Parse ACE rights */
4714 StringAcl++;
4716 /* Parse ACE object guid */
4718 StringAcl++;
4720 {
4723 }
4724 StringAcl++;
4726 /* Parse ACE inherit object guid */
4728 StringAcl++;
4730 {
4733 }
4734 StringAcl++;
4736 /* Parse ACE account sid */
4738 {
4740 StringAcl++;
4741 }
4745 StringAcl++;
4750 {
4753 }
4754 acecount++;
4755 }
4760 {
4763 }
4766 {
4772 }
4775 lerr:
4779 }
4782 /******************************************************************************
4783 * ParseStringSecurityDescriptorToSecurityDescriptor
4784 */
4786 LPCWSTR StringSecurityDescriptor,
4788 LPDWORD cBytes)
4789 {
4791 WCHAR toktype;
4793 LPCWSTR lptoken;
4795 DWORD len;
4805 StringSecurityDescriptor++;
4808 {
4811 /* Expect char identifier followed by ':' */
4812 StringSecurityDescriptor++;
4814 {
4817 }
4818 StringSecurityDescriptor++;
4820 /* Extract token */
4823 lptoken++;
4826 lptoken--;
4833 {
4835 {
4836 DWORD bytes;
4842 {
4845 }
4850 }
4853 {
4854 DWORD bytes;
4860 {
4863 }
4868 }
4871 {
4872 DWORD flags;
4873 DWORD bytes;
4879 {
4883 }
4888 }
4891 {
4892 DWORD flags;
4893 DWORD bytes;
4899 {
4903 }
4908 }
4914 }
4917 }
4921 lend:
4924 }
4926 /******************************************************************************
4927 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
4928 */
4930 LPCSTR StringSecurityDescriptor,
4931 DWORD StringSDRevision,
4933 PULONG SecurityDescriptorSize)
4934 {
4935 BOOL ret;
4936 LPWSTR StringSecurityDescriptorW;
4947 SecurityDescriptorSize);
4951 }
4953 /******************************************************************************
4954 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
4955 */
4957 LPCWSTR StringSecurityDescriptor,
4958 DWORD StringSDRevision,
4960 PULONG SecurityDescriptorSize)
4961 {
4962 DWORD cBytes;
4970 {
4973 }
4975 {
4978 }
4980 {
4983 }
4985 /* Compute security descriptor length */
4998 {
5001 }
5008 lend:
5011 }
5014 {
5022 {
5025 }
5026 }
5029 {
5032 DWORD i;
5037 {
5040 }
5044 {
5048 }
5056 ) );
5060 {
5063 }
5065 }
5068 {
5071 {
5073 {
5076 }
5077 }
5080 }
5084 SDDL_DELETE_CHILD,
5085 SDDL_LIST_CHILDREN,
5086 SDDL_SELF_WRITE,
5088 SDDL_WRITE_PROPERTY,
5089 SDDL_DELETE_TREE,
5090 SDDL_LIST_OBJECT,
5092 NULL,
5093 NULL,
5094 NULL,
5096 NULL,
5097 NULL,
5098 NULL,
5100 SDDL_READ_CONTROL,
5101 SDDL_WRITE_DAC,
5102 SDDL_WRITE_OWNER,
5104 NULL,
5105 NULL,
5106 NULL,
5108 NULL,
5109 NULL,
5110 NULL,
5112 SDDL_GENERIC_EXECUTE,
5113 SDDL_GENERIC_WRITE,
5114 SDDL_GENERIC_READ
5115 };
5118 {
5126 /* first check if the right have name */
5128 {
5132 {
5135 }
5136 }
5138 /* then check if it can be built from bit names */
5140 {
5142 {
5143 /* can't be built from bit names */
5147 }
5148 }
5150 /* build from bit names */
5154 }
5157 {
5163 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
5164 {
5167 }
5172 {
5185 }
5205 /* objects not supported */
5207 /* objects not supported */
5213 }
5215 static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
5216 {
5217 WORD count;
5218 UINT i;
5235 {
5236 LPVOID ace;
5241 }
5244 }
5247 {
5249 BOOL bDefaulted;
5250 PSID psid;
5262 }
5265 {
5267 BOOL bDefaulted;
5268 PSID psid;
5280 }
5283 {
5285 SECURITY_DESCRIPTOR_CONTROL control;
5287 DWORD revision;
5288 PACL pacl;
5300 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
5303 }
5306 {
5308 SECURITY_DESCRIPTOR_CONTROL control;
5310 DWORD revision;
5311 PACL pacl;
5323 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
5326 }
5328 /******************************************************************************
5329 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
5330 */
5331 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
5332 {
5333 ULONG len;
5337 {
5341 }
5362 }
5367 }
5372 }
5377 }
5385 }
5387 /******************************************************************************
5388 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
5389 */
5390 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
5391 {
5392 LPWSTR wstr;
5393 ULONG len;
5394 if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
5395 {
5406 }
5407 else
5408 {
5413 }
5414 }
5416 /******************************************************************************
5417 * ConvertStringSidToSidW [ADVAPI32.@]
5418 */
5420 {
5422 DWORD cBytes;
5430 {
5436 }
5438 }
5440 /******************************************************************************
5441 * ConvertStringSidToSidA [ADVAPI32.@]
5442 */
5444 {
5452 else
5453 {
5457 }
5459 }
5461 /******************************************************************************
5462 * ConvertSidToStringSidW [ADVAPI32.@]
5463 *
5464 * format of SID string is:
5465 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
5466 * where
5467 * <rev> is the revision of the SID encoded as decimal
5468 * <auth> is the identifier authority encoded as hex
5469 * <subauthN> is the subauthority id encoded as decimal
5470 */
5472 {
5487 }
5489 /******************************************************************************
5490 * ConvertSidToStringSidA [ADVAPI32.@]
5491 */
5493 {
5495 LPSTR str;
5496 UINT len;
5511 }
5514 PSECURITY_DESCRIPTOR pdesc,
5515 PSECURITY_DESCRIPTOR cdesc,
5518 BOOL isdir,
5519 PGENERIC_MAPPING genmap )
5520 {
5524 }
5529 {
5546 {
5549 }
5570 }
5575 {
5576 return CreatePrivateObjectSecurityEx(parent, creator, out, NULL, is_container, 0, token, mapping);
5577 }
5581 GUID **types, ULONG count, BOOL is_container, ULONG flags, HANDLE token, PGENERIC_MAPPING mapping)
5582 {
5584 return CreatePrivateObjectSecurityEx(parent, creator, out, NULL, is_container, flags, token, mapping);
5585 }
5588 {
5593 }
5595 /******************************************************************************
5596 * CreateProcessWithLogonW
5597 */
5598 BOOL WINAPI CreateProcessWithLogonW( LPCWSTR lpUsername, LPCWSTR lpDomain, LPCWSTR lpPassword, DWORD dwLogonFlags,
5600 LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation )
5601 {
5602 FIXME("%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p stub\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
5608 }
5610 BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line,
5611 DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info,
5613 {
5619 /* FIXME: check if handles should be inherited */
5620 return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
5622 }
5624 /******************************************************************************
5625 * DuplicateTokenEx [ADVAPI32.@]
5626 */
5629 LPSECURITY_ATTRIBUTES lpTokenAttributes,
5630 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
5631 TOKEN_TYPE TokenType,
5632 PHANDLE DuplicateTokenHandle )
5633 {
5634 OBJECT_ATTRIBUTES ObjectAttributes;
5641 NULL,
5643 NULL,
5647 dwDesiredAccess,
5649 ImpersonationLevel,
5650 TokenType,
5651 DuplicateTokenHandle ) );
5652 }
5655 HANDLE ExistingTokenHandle,
5656 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
5657 PHANDLE DuplicateTokenHandle )
5658 {
5661 DuplicateTokenHandle );
5662 }
5664 /******************************************************************************
5665 * ComputeStringSidSize
5666 */
5668 {
5670 {
5673 {
5675 ctok++;
5676 StringSid++;
5677 }
5681 }
5683 {
5692 {
5693 MAX_SID local;
5696 }
5698 }
5701 }
5703 /******************************************************************************
5704 * ParseStringSidToSid
5705 */
5707 {
5713 {
5717 }
5720 StringSid++;
5724 {
5727 }
5730 {
5738 {
5741 }
5743 {
5746 }
5750 /* Advance to identifier authority */
5752 StringSid++;
5754 StringSid++;
5756 /* MS' implementation can't handle values greater than 2^32 - 1, so
5757 * we don't either; assume most significant bytes are always 0
5758 */
5767 /* Advance to first sub authority */
5769 StringSid++;
5771 StringSid++;
5774 {
5778 StringSid++;
5780 StringSid++;
5781 }
5787 }
5789 {
5795 {
5796 DWORD j;
5802 }
5806 {
5811 }
5815 }
5817 lend:
5823 }
5825 /******************************************************************************
5826 * GetNamedSecurityInfoA [ADVAPI32.@]
5827 */
5832 {
5833 LPWSTR wstr;
5834 DWORD r;
5846 }
5848 /******************************************************************************
5849 * GetNamedSecurityInfoW [ADVAPI32.@]
5850 */
5854 {
5856 HANDLE handle;
5857 DWORD err;
5862 /* A NULL descriptor is allowed if any one of the other pointers is not NULL */
5865 /* If no descriptor, we have to check that there's a pointer for the requested information */
5879 {
5882 {
5885 }
5889 {
5892 }
5896 {
5899 }
5909 }
5911 }
5913 /******************************************************************************
5914 * GetNamedSecurityInfoExW [ADVAPI32.@]
5915 */
5919 {
5923 }
5925 /******************************************************************************
5926 * GetNamedSecurityInfoExA [ADVAPI32.@]
5927 */
5931 {
5935 }
5937 /******************************************************************************
5938 * DecryptFileW [ADVAPI32.@]
5939 */
5941 {
5944 }
5946 /******************************************************************************
5947 * DecryptFileA [ADVAPI32.@]
5948 */
5950 {
5953 }
5955 /******************************************************************************
5956 * EncryptFileW [ADVAPI32.@]
5957 */
5959 {
5962 }
5964 /******************************************************************************
5965 * EncryptFileA [ADVAPI32.@]
5966 */
5968 {
5971 }
5973 /******************************************************************************
5974 * FileEncryptionStatusW [ADVAPI32.@]
5975 */
5977 {
5983 }
5985 /******************************************************************************
5986 * FileEncryptionStatusA [ADVAPI32.@]
5987 */
5989 {
5995 }
5998 {
5999 NTSTATUS status;
6003 /* initialize a combined DACL containing both inherited and new ACEs */
6010 {
6013 }
6015 /* copy the new ACEs */
6017 {
6024 }
6026 /* copy the inherited ACEs */
6028 {
6037 {
6040 }
6049 }
6053 }
6055 /******************************************************************************
6056 * SetSecurityInfo [ADVAPI32.@]
6057 */
6061 {
6062 SECURITY_DESCRIPTOR sd;
6064 NTSTATUS status;
6074 {
6076 {
6077 SECURITY_DESCRIPTOR_CONTROL control;
6078 PSECURITY_DESCRIPTOR psd;
6092 {
6095 }
6101 /* TODO: copy some control flags to new sd */
6103 /* inherit parent directory DACL */
6105 {
6116 {
6119 }
6126 {
6127 OBJECT_ATTRIBUTES attr;
6128 IO_STATUS_BLOCK io;
6129 HANDLE parent;
6130 PSECURITY_DESCRIPTOR parent_sd;
6143 FILE_OPEN_FOR_BACKUP_INTENT);
6146 {
6150 }
6153 {
6158 }
6159 }
6160 else
6162 }
6163 }
6166 }
6171 {
6179 }
6183 }
6185 /******************************************************************************
6186 * SaferCreateLevel [ADVAPI32.@]
6187 */
6190 {
6195 }
6197 /******************************************************************************
6198 * SaferComputeTokenFromLevel [ADVAPI32.@]
6199 */
6200 BOOL WINAPI SaferComputeTokenFromLevel(SAFER_LEVEL_HANDLE handle, HANDLE token, PHANDLE access_token,
6202 {
6207 }
6209 /******************************************************************************
6210 * SaferCloseLevel [ADVAPI32.@]
6211 */
6213 {
6216 }
6218 /******************************************************************************
6219 * TreeResetNamedSecurityInfoW [ADVAPI32.@]
6220 */
6226 {
6232 }
6234 /******************************************************************************
6235 * SaferGetPolicyInformation [ADVAPI32.@]
6236 */
6239 {
6242 }
6244 /******************************************************************************
6245 * SaferIdentifyLevel [ADVAPI32.@]
6246 */
6247 BOOL WINAPI SaferIdentifyLevel(DWORD count, SAFER_CODE_PROPERTIES *properties, SAFER_LEVEL_HANDLE *handle,
6249 {
6253 }
6255 /******************************************************************************
6256 * SaferSetLevelInformation [ADVAPI32.@]
6257 */
6258 BOOL WINAPI SaferSetLevelInformation(SAFER_LEVEL_HANDLE handle, SAFER_OBJECT_INFO_CLASS infotype,
6260 {
6263 }
6265 /******************************************************************************
6266 * LookupSecurityDescriptorPartsA [ADVAPI32.@]
6267 */
6268 DWORD WINAPI LookupSecurityDescriptorPartsA(TRUSTEEA *owner, TRUSTEEA *group, ULONG *access_count,
6271 {
6275 }
6277 /******************************************************************************
6278 * LookupSecurityDescriptorPartsW [ADVAPI32.@]
6279 */
6280 DWORD WINAPI LookupSecurityDescriptorPartsW(TRUSTEEW *owner, TRUSTEEW *group, ULONG *access_count,
6283 {
6287 }