2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
26 #define WIN32_NO_STATUS
33 #include "kernelbase.h"
34 #include "wine/debug.h"
35 #include "wine/heap.h"
37 WINE_DEFAULT_DEBUG_CHANNEL(security
);
40 /******************************************************************************
42 ******************************************************************************/
44 typedef struct _MAX_SID
46 /* same fields as struct _SID */
48 BYTE SubAuthorityCount
;
49 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
50 DWORD SubAuthority
[SID_MAX_SUB_AUTHORITIES
];
53 typedef struct WELLKNOWNSID
55 WELL_KNOWN_SID_TYPE Type
;
59 static const WELLKNOWNSID WellKnownSids
[] =
61 { WinNullSid
, { SID_REVISION
, 1, { SECURITY_NULL_SID_AUTHORITY
}, { SECURITY_NULL_RID
} } },
62 { WinWorldSid
, { SID_REVISION
, 1, { SECURITY_WORLD_SID_AUTHORITY
}, { SECURITY_WORLD_RID
} } },
63 { WinLocalSid
, { SID_REVISION
, 1, { SECURITY_LOCAL_SID_AUTHORITY
}, { SECURITY_LOCAL_RID
} } },
64 { WinCreatorOwnerSid
, { SID_REVISION
, 1, { SECURITY_CREATOR_SID_AUTHORITY
}, { SECURITY_CREATOR_OWNER_RID
} } },
65 { WinCreatorGroupSid
, { SID_REVISION
, 1, { SECURITY_CREATOR_SID_AUTHORITY
}, { SECURITY_CREATOR_GROUP_RID
} } },
66 { WinCreatorOwnerRightsSid
, { SID_REVISION
, 1, { SECURITY_CREATOR_SID_AUTHORITY
}, { SECURITY_CREATOR_OWNER_RIGHTS_RID
} } },
67 { WinCreatorOwnerServerSid
, { SID_REVISION
, 1, { SECURITY_CREATOR_SID_AUTHORITY
}, { SECURITY_CREATOR_OWNER_SERVER_RID
} } },
68 { WinCreatorGroupServerSid
, { SID_REVISION
, 1, { SECURITY_CREATOR_SID_AUTHORITY
}, { SECURITY_CREATOR_GROUP_SERVER_RID
} } },
69 { WinNtAuthoritySid
, { SID_REVISION
, 0, { SECURITY_NT_AUTHORITY
}, { SECURITY_NULL_RID
} } },
70 { WinDialupSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_DIALUP_RID
} } },
71 { WinNetworkSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_NETWORK_RID
} } },
72 { WinBatchSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_BATCH_RID
} } },
73 { WinInteractiveSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_INTERACTIVE_RID
} } },
74 { WinServiceSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_SERVICE_RID
} } },
75 { WinAnonymousSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_ANONYMOUS_LOGON_RID
} } },
76 { WinProxySid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_PROXY_RID
} } },
77 { WinEnterpriseControllersSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_ENTERPRISE_CONTROLLERS_RID
} } },
78 { WinSelfSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_PRINCIPAL_SELF_RID
} } },
79 { WinAuthenticatedUserSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_AUTHENTICATED_USER_RID
} } },
80 { WinRestrictedCodeSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_RESTRICTED_CODE_RID
} } },
81 { WinTerminalServerSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_TERMINAL_SERVER_RID
} } },
82 { WinRemoteLogonIdSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_REMOTE_LOGON_RID
} } },
83 { WinLogonIdsSid
, { SID_REVISION
, SECURITY_LOGON_IDS_RID_COUNT
, { SECURITY_NT_AUTHORITY
}, { SECURITY_LOGON_IDS_RID
} } },
84 { WinLocalSystemSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_LOCAL_SYSTEM_RID
} } },
85 { WinLocalServiceSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_LOCAL_SERVICE_RID
} } },
86 { WinNetworkServiceSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_NETWORK_SERVICE_RID
} } },
87 { WinBuiltinDomainSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
} } },
88 { WinBuiltinAdministratorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_ADMINS
} } },
89 { WinBuiltinUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_USERS
} } },
90 { WinBuiltinGuestsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_GUESTS
} } },
91 { WinBuiltinPowerUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_POWER_USERS
} } },
92 { WinBuiltinAccountOperatorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_ACCOUNT_OPS
} } },
93 { WinBuiltinSystemOperatorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_SYSTEM_OPS
} } },
94 { WinBuiltinPrintOperatorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_PRINT_OPS
} } },
95 { WinBuiltinBackupOperatorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_BACKUP_OPS
} } },
96 { WinBuiltinReplicatorSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_REPLICATOR
} } },
97 { WinBuiltinPreWindows2000CompatibleAccessSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS
} } },
98 { WinBuiltinRemoteDesktopUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS
} } },
99 { WinBuiltinNetworkConfigurationOperatorsSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS
} } },
100 { WinNTLMAuthenticationSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_PACKAGE_BASE_RID
, SECURITY_PACKAGE_NTLM_RID
} } },
101 { WinDigestAuthenticationSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_PACKAGE_BASE_RID
, SECURITY_PACKAGE_DIGEST_RID
} } },
102 { WinSChannelAuthenticationSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_PACKAGE_BASE_RID
, SECURITY_PACKAGE_SCHANNEL_RID
} } },
103 { WinThisOrganizationSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_THIS_ORGANIZATION_RID
} } },
104 { WinOtherOrganizationSid
, { SID_REVISION
, 1, { SECURITY_NT_AUTHORITY
}, { SECURITY_OTHER_ORGANIZATION_RID
} } },
105 { WinBuiltinIncomingForestTrustBuildersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS
} } },
106 { WinBuiltinPerfMonitoringUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_MONITORING_USERS
} } },
107 { WinBuiltinPerfLoggingUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_LOGGING_USERS
} } },
108 { WinBuiltinAuthorizationAccessSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS
} } },
109 { WinBuiltinTerminalServerLicenseServersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS
} } },
110 { WinBuiltinDCOMUsersSid
, { SID_REVISION
, 2, { SECURITY_NT_AUTHORITY
}, { SECURITY_BUILTIN_DOMAIN_RID
, DOMAIN_ALIAS_RID_DCOM_USERS
} } },
111 { WinLowLabelSid
, { SID_REVISION
, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY
}, { SECURITY_MANDATORY_LOW_RID
} } },
112 { WinMediumLabelSid
, { SID_REVISION
, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY
}, { SECURITY_MANDATORY_MEDIUM_RID
} } },
113 { WinHighLabelSid
, { SID_REVISION
, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY
}, { SECURITY_MANDATORY_HIGH_RID
} } },
114 { WinSystemLabelSid
, { SID_REVISION
, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY
}, { SECURITY_MANDATORY_SYSTEM_RID
} } },
115 { WinBuiltinAnyPackageSid
, { SID_REVISION
, 2, { SECURITY_APP_PACKAGE_AUTHORITY
}, { SECURITY_APP_PACKAGE_BASE_RID
, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE
} } },
118 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
119 typedef struct WELLKNOWNRID
121 WELL_KNOWN_SID_TYPE Type
;
125 static const WELLKNOWNRID WellKnownRids
[] =
127 { WinAccountAdministratorSid
, DOMAIN_USER_RID_ADMIN
},
128 { WinAccountGuestSid
, DOMAIN_USER_RID_GUEST
},
129 { WinAccountKrbtgtSid
, DOMAIN_USER_RID_KRBTGT
},
130 { WinAccountDomainAdminsSid
, DOMAIN_GROUP_RID_ADMINS
},
131 { WinAccountDomainUsersSid
, DOMAIN_GROUP_RID_USERS
},
132 { WinAccountDomainGuestsSid
, DOMAIN_GROUP_RID_GUESTS
},
133 { WinAccountComputersSid
, DOMAIN_GROUP_RID_COMPUTERS
},
134 { WinAccountControllersSid
, DOMAIN_GROUP_RID_CONTROLLERS
},
135 { WinAccountCertAdminsSid
, DOMAIN_GROUP_RID_CERT_ADMINS
},
136 { WinAccountSchemaAdminsSid
, DOMAIN_GROUP_RID_SCHEMA_ADMINS
},
137 { WinAccountEnterpriseAdminsSid
, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
},
138 { WinAccountPolicyAdminsSid
, DOMAIN_GROUP_RID_POLICY_ADMINS
},
139 { WinAccountRasAndIasServersSid
, DOMAIN_ALIAS_RID_RAS_SERVERS
},
142 static NTSTATUS
open_file( LPCWSTR name
, DWORD access
, HANDLE
*file
)
144 UNICODE_STRING file_nameW
;
145 OBJECT_ATTRIBUTES attr
;
149 if ((status
= RtlDosPathNameToNtPathName_U_WithStatus( name
, &file_nameW
, NULL
, NULL
))) return status
;
150 attr
.Length
= sizeof(attr
);
151 attr
.RootDirectory
= 0;
152 attr
.Attributes
= OBJ_CASE_INSENSITIVE
;
153 attr
.ObjectName
= &file_nameW
;
154 attr
.SecurityDescriptor
= NULL
;
155 status
= NtCreateFile( file
, access
|SYNCHRONIZE
, &attr
, &io
, NULL
, FILE_FLAG_BACKUP_SEMANTICS
,
156 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
, FILE_OPEN
,
157 FILE_OPEN_FOR_BACKUP_INTENT
, NULL
, 0 );
158 RtlFreeUnicodeString( &file_nameW
);
162 static const char *debugstr_sid( PSID sid
)
167 if (psid
== NULL
) return "(null)";
169 auth
= psid
->IdentifierAuthority
.Value
[5] +
170 (psid
->IdentifierAuthority
.Value
[4] << 8) +
171 (psid
->IdentifierAuthority
.Value
[3] << 16) +
172 (psid
->IdentifierAuthority
.Value
[2] << 24);
174 switch (psid
->SubAuthorityCount
) {
176 return wine_dbg_sprintf("S-%d-%d", psid
->Revision
, auth
);
178 return wine_dbg_sprintf("S-%d-%d-%lu", psid
->Revision
, auth
,
179 psid
->SubAuthority
[0]);
181 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid
->Revision
, auth
,
182 psid
->SubAuthority
[0], psid
->SubAuthority
[1]);
184 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid
->Revision
, auth
,
185 psid
->SubAuthority
[0], psid
->SubAuthority
[1], psid
->SubAuthority
[2]);
187 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid
->Revision
, auth
,
188 psid
->SubAuthority
[0], psid
->SubAuthority
[1], psid
->SubAuthority
[2],
189 psid
->SubAuthority
[3]);
191 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid
->Revision
, auth
,
192 psid
->SubAuthority
[0], psid
->SubAuthority
[1], psid
->SubAuthority
[2],
193 psid
->SubAuthority
[3], psid
->SubAuthority
[4]);
195 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid
->Revision
, auth
,
196 psid
->SubAuthority
[3], psid
->SubAuthority
[1], psid
->SubAuthority
[2],
197 psid
->SubAuthority
[0], psid
->SubAuthority
[4], psid
->SubAuthority
[5]);
199 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid
->Revision
, auth
,
200 psid
->SubAuthority
[0], psid
->SubAuthority
[1], psid
->SubAuthority
[2],
201 psid
->SubAuthority
[3], psid
->SubAuthority
[4], psid
->SubAuthority
[5],
202 psid
->SubAuthority
[6]);
204 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid
->Revision
, auth
,
205 psid
->SubAuthority
[0], psid
->SubAuthority
[1], psid
->SubAuthority
[2],
206 psid
->SubAuthority
[3], psid
->SubAuthority
[4], psid
->SubAuthority
[5],
207 psid
->SubAuthority
[6], psid
->SubAuthority
[7]);
212 /******************************************************************************
213 * AllocateAndInitializeSid (kernelbase.@)
215 BOOL WINAPI
AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY auth
, BYTE count
,
216 DWORD auth0
, DWORD auth1
, DWORD auth2
, DWORD auth3
,
217 DWORD auth4
, DWORD auth5
, DWORD auth6
, DWORD auth7
, PSID
*sid
)
219 return set_ntstatus( RtlAllocateAndInitializeSid( auth
, count
, auth0
, auth1
, auth2
, auth3
,
220 auth4
, auth5
, auth6
, auth7
, sid
));
223 /***********************************************************************
224 * AllocateLocallyUniqueId (kernelbase.@)
226 BOOL WINAPI
AllocateLocallyUniqueId( PLUID luid
)
228 return set_ntstatus( NtAllocateLocallyUniqueId( luid
));
231 /******************************************************************************
232 * CopySid (kernelbase.@)
234 BOOL WINAPI
CopySid( DWORD len
, PSID dest
, PSID source
)
236 return RtlCopySid( len
, dest
, source
);
239 /******************************************************************************
240 * EqualPrefixSid (kernelbase.@)
242 BOOL WINAPI
EqualPrefixSid( PSID sid1
, PSID sid2
)
244 return RtlEqualPrefixSid( sid1
, sid2
);
247 /******************************************************************************
248 * EqualSid (kernelbase.@)
250 BOOL WINAPI
EqualSid( PSID sid1
, PSID sid2
)
252 BOOL ret
= RtlEqualSid( sid1
, sid2
);
253 SetLastError(ERROR_SUCCESS
);
257 /******************************************************************************
258 * EqualDomainSid (kernelbase.@)
260 BOOL WINAPI
EqualDomainSid( PSID sid1
, PSID sid2
, BOOL
*equal
)
262 MAX_SID builtin_sid
, domain_sid1
, domain_sid2
;
265 TRACE( "(%p,%p,%p)\n", sid1
, sid2
, equal
);
267 if (!IsValidSid( sid1
) || !IsValidSid( sid2
))
269 SetLastError( ERROR_INVALID_SID
);
275 SetLastError( ERROR_INVALID_PARAMETER
);
279 size
= sizeof(domain_sid1
);
280 if (GetWindowsAccountDomainSid( sid1
, &domain_sid1
, &size
))
282 size
= sizeof(domain_sid2
);
283 if (GetWindowsAccountDomainSid( sid2
, &domain_sid2
, &size
))
285 *equal
= EqualSid( &domain_sid1
, &domain_sid2
);
291 size
= sizeof(builtin_sid
);
292 if (!CreateWellKnownSid( WinBuiltinDomainSid
, NULL
, &builtin_sid
, &size
))
295 if (!memcmp(GetSidIdentifierAuthority( sid1
)->Value
, builtin_sid
.IdentifierAuthority
.Value
, sizeof(builtin_sid
.IdentifierAuthority
.Value
)) &&
296 !memcmp(GetSidIdentifierAuthority( sid2
)->Value
, builtin_sid
.IdentifierAuthority
.Value
, sizeof(builtin_sid
.IdentifierAuthority
.Value
)))
298 if (*GetSidSubAuthorityCount( sid1
) != 0 && *GetSidSubAuthorityCount( sid2
) != 0 &&
299 (*GetSidSubAuthority( sid1
, 0 ) == SECURITY_BUILTIN_DOMAIN_RID
||
300 *GetSidSubAuthority( sid2
, 0 ) == SECURITY_BUILTIN_DOMAIN_RID
))
302 *equal
= EqualSid( sid1
, sid2
);
308 SetLastError( ERROR_NON_DOMAIN_SID
);
312 /******************************************************************************
313 * FreeSid (kernelbase.@)
315 void * WINAPI
FreeSid( PSID pSid
)
318 return NULL
; /* is documented like this */
321 /******************************************************************************
322 * GetLengthSid (kernelbase.@)
324 DWORD WINAPI
GetLengthSid( PSID sid
)
326 return RtlLengthSid( sid
);
329 /******************************************************************************
330 * GetSidIdentifierAuthority (kernelbase.@)
332 PSID_IDENTIFIER_AUTHORITY WINAPI
GetSidIdentifierAuthority( PSID sid
)
334 SetLastError(ERROR_SUCCESS
);
335 return RtlIdentifierAuthoritySid( sid
);
338 /******************************************************************************
339 * GetSidLengthRequired (kernelbase.@)
341 DWORD WINAPI
GetSidLengthRequired( BYTE count
)
343 return RtlLengthRequiredSid( count
);
346 /******************************************************************************
347 * GetSidSubAuthority (kernelbase.@)
349 PDWORD WINAPI
GetSidSubAuthority( PSID sid
, DWORD auth
)
351 SetLastError(ERROR_SUCCESS
);
352 return RtlSubAuthoritySid( sid
, auth
);
355 /******************************************************************************
356 * GetSidSubAuthorityCount (kernelbase.@)
358 PUCHAR WINAPI
GetSidSubAuthorityCount( PSID sid
)
360 SetLastError(ERROR_SUCCESS
);
361 return RtlSubAuthorityCountSid( sid
);
364 /******************************************************************************
365 * GetWindowsAccountDomainSid (kernelbase.@)
367 BOOL WINAPI
GetWindowsAccountDomainSid( PSID sid
, PSID domain_sid
, DWORD
*size
)
369 SID_IDENTIFIER_AUTHORITY domain_ident
= { SECURITY_NT_AUTHORITY
};
373 FIXME( "(%p %p %p): semi-stub\n", sid
, domain_sid
, size
);
375 if (!sid
|| !IsValidSid( sid
))
377 SetLastError( ERROR_INVALID_SID
);
383 SetLastError( ERROR_INVALID_PARAMETER
);
387 if (*GetSidSubAuthorityCount( sid
) < 4)
389 SetLastError( ERROR_INVALID_SID
);
393 required_size
= GetSidLengthRequired( 4 );
394 if (*size
< required_size
|| !domain_sid
)
396 *size
= required_size
;
397 SetLastError( domain_sid
? ERROR_INSUFFICIENT_BUFFER
: ERROR_INVALID_PARAMETER
);
401 InitializeSid( domain_sid
, &domain_ident
, 4 );
402 for (i
= 0; i
< 4; i
++)
403 *GetSidSubAuthority( domain_sid
, i
) = *GetSidSubAuthority( sid
, i
);
405 *size
= required_size
;
409 /******************************************************************************
410 * InitializeSid (kernelbase.@)
412 BOOL WINAPI
InitializeSid ( PSID sid
, PSID_IDENTIFIER_AUTHORITY auth
, BYTE count
)
414 return set_ntstatus(RtlInitializeSid( sid
, auth
, count
));
417 /******************************************************************************
418 * IsValidSid (kernelbase.@)
420 BOOL WINAPI
IsValidSid( PSID sid
)
422 return RtlValidSid( sid
);
425 /******************************************************************************
426 * CreateWellKnownSid (kernelbase.@)
428 BOOL WINAPI
CreateWellKnownSid( WELL_KNOWN_SID_TYPE type
, PSID domain
, PSID sid
, DWORD
*size
)
432 TRACE("(%d, %s, %p, %p)\n", type
, debugstr_sid(domain
), sid
, size
);
434 if (size
== NULL
|| (domain
&& !IsValidSid(domain
)))
436 SetLastError(ERROR_INVALID_PARAMETER
);
440 for (i
= 0; i
< ARRAY_SIZE(WellKnownSids
); i
++)
442 if (WellKnownSids
[i
].Type
== type
)
444 DWORD length
= GetSidLengthRequired(WellKnownSids
[i
].Sid
.SubAuthorityCount
);
449 SetLastError(ERROR_INSUFFICIENT_BUFFER
);
454 SetLastError(ERROR_INVALID_PARAMETER
);
457 CopyMemory(sid
, &WellKnownSids
[i
].Sid
.Revision
, length
);
463 if (domain
== NULL
|| *GetSidSubAuthorityCount(domain
) == SID_MAX_SUB_AUTHORITIES
)
465 SetLastError(ERROR_INVALID_PARAMETER
);
469 for (i
= 0; i
< ARRAY_SIZE(WellKnownRids
); i
++)
471 if (WellKnownRids
[i
].Type
== type
)
473 UCHAR domain_subauth
= *GetSidSubAuthorityCount(domain
);
474 DWORD domain_sid_length
= GetSidLengthRequired(domain_subauth
);
475 DWORD output_sid_length
= GetSidLengthRequired(domain_subauth
+ 1);
477 if (*size
< output_sid_length
)
479 *size
= output_sid_length
;
480 SetLastError(ERROR_INSUFFICIENT_BUFFER
);
485 SetLastError(ERROR_INVALID_PARAMETER
);
488 CopyMemory(sid
, domain
, domain_sid_length
);
489 (*GetSidSubAuthorityCount(sid
))++;
490 (*GetSidSubAuthority(sid
, domain_subauth
)) = WellKnownRids
[i
].Rid
;
491 *size
= output_sid_length
;
495 SetLastError(ERROR_INVALID_PARAMETER
);
499 /******************************************************************************
500 * IsWellKnownSid (kernelbase.@)
502 BOOL WINAPI
IsWellKnownSid( PSID sid
, WELL_KNOWN_SID_TYPE type
)
506 TRACE("(%s, %d)\n", debugstr_sid(sid
), type
);
508 for (i
= 0; i
< ARRAY_SIZE(WellKnownSids
); i
++)
509 if (WellKnownSids
[i
].Type
== type
)
510 if (EqualSid(sid
, (PSID
)&WellKnownSids
[i
].Sid
.Revision
))
517 /******************************************************************************
519 ******************************************************************************/
522 /******************************************************************************
523 * AdjustTokenGroups (kernelbase.@)
525 BOOL WINAPI
AdjustTokenGroups( HANDLE token
, BOOL reset
, PTOKEN_GROUPS
new,
526 DWORD len
, PTOKEN_GROUPS prev
, PDWORD ret_len
)
528 return set_ntstatus( NtAdjustGroupsToken( token
, reset
, new, len
, prev
, ret_len
));
531 /******************************************************************************
532 * AdjustTokenPrivileges (kernelbase.@)
534 BOOL WINAPI
AdjustTokenPrivileges( HANDLE token
, BOOL disable
, PTOKEN_PRIVILEGES
new, DWORD len
,
535 PTOKEN_PRIVILEGES prev
, PDWORD ret_len
)
539 TRACE("(%p %d %p %ld %p %p)\n", token
, disable
, new, len
, prev
, ret_len
);
541 status
= NtAdjustPrivilegesToken( token
, disable
, new, len
, prev
, ret_len
);
542 SetLastError( RtlNtStatusToDosError( status
));
543 return (status
== STATUS_SUCCESS
) || (status
== STATUS_NOT_ALL_ASSIGNED
);
546 /******************************************************************************
547 * CheckTokenMembership (kernelbase.@)
549 BOOL WINAPI
CheckTokenMembership( HANDLE token
, PSID sid_to_check
, PBOOL is_member
)
551 PTOKEN_GROUPS token_groups
= NULL
;
552 HANDLE thread_token
= NULL
;
556 TRACE("(%p %s %p)\n", token
, debugstr_sid(sid_to_check
), is_member
);
562 if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY
, TRUE
, &thread_token
))
564 HANDLE process_token
;
565 ret
= OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE
, &process_token
);
568 ret
= DuplicateTokenEx(process_token
, TOKEN_QUERY
, NULL
, SecurityImpersonation
,
569 TokenImpersonation
, &thread_token
);
570 CloseHandle(process_token
);
574 token
= thread_token
;
580 ret
= GetTokenInformation(token
, TokenType
, &type
, sizeof(TOKEN_TYPE
), &size
);
583 if (type
== TokenPrimary
)
585 SetLastError(ERROR_NO_IMPERSONATION_TOKEN
);
590 ret
= GetTokenInformation(token
, TokenGroups
, NULL
, 0, &size
);
591 if (!ret
&& GetLastError() != ERROR_INSUFFICIENT_BUFFER
)
594 token_groups
= heap_alloc(size
);
601 ret
= GetTokenInformation(token
, TokenGroups
, token_groups
, size
, &size
);
605 for (i
= 0; i
< token_groups
->GroupCount
; i
++)
607 TRACE("Groups[%ld]: {0x%lx, %s}\n", i
,
608 token_groups
->Groups
[i
].Attributes
,
609 debugstr_sid(token_groups
->Groups
[i
].Sid
));
610 if ((token_groups
->Groups
[i
].Attributes
& SE_GROUP_ENABLED
) &&
611 EqualSid(sid_to_check
, token_groups
->Groups
[i
].Sid
))
614 TRACE("sid enabled and found in token\n");
620 heap_free(token_groups
);
621 if (thread_token
!= NULL
) CloseHandle(thread_token
);
625 /*************************************************************************
626 * CreateRestrictedToken (kernelbase.@)
628 BOOL WINAPI
CreateRestrictedToken( HANDLE token
, DWORD flags
,
629 DWORD disable_sid_count
, SID_AND_ATTRIBUTES
*disable_sids
,
630 DWORD delete_priv_count
, LUID_AND_ATTRIBUTES
*delete_privs
,
631 DWORD restrict_sid_count
, SID_AND_ATTRIBUTES
*restrict_sids
, HANDLE
*ret
)
633 TOKEN_PRIVILEGES
*nt_privs
= NULL
;
634 TOKEN_GROUPS
*nt_disable_sids
= NULL
, *nt_restrict_sids
= NULL
;
635 NTSTATUS status
= STATUS_NO_MEMORY
;
637 TRACE("token %p, flags %#lx, disable_sids %lu %p, delete_privs %lu %p, restrict_sids %lu %p, ret %p\n",
638 token
, flags
, disable_sid_count
, disable_sids
, delete_priv_count
, delete_privs
,
639 restrict_sid_count
, restrict_sids
, ret
);
641 if (disable_sid_count
)
643 if (!(nt_disable_sids
= heap_alloc( offsetof( TOKEN_GROUPS
, Groups
[disable_sid_count
] ) ))) goto out
;
644 nt_disable_sids
->GroupCount
= disable_sid_count
;
645 memcpy( nt_disable_sids
->Groups
, disable_sids
, disable_sid_count
* sizeof(*disable_sids
) );
648 if (delete_priv_count
)
650 if (!(nt_privs
= heap_alloc( offsetof( TOKEN_PRIVILEGES
, Privileges
[delete_priv_count
] ) ))) goto out
;
651 nt_privs
->PrivilegeCount
= delete_priv_count
;
652 memcpy( nt_privs
->Privileges
, delete_privs
, delete_priv_count
* sizeof(*delete_privs
) );
655 if (restrict_sid_count
)
657 if (!(nt_restrict_sids
= heap_alloc( offsetof( TOKEN_GROUPS
, Groups
[restrict_sid_count
] ) ))) goto out
;
658 nt_restrict_sids
->GroupCount
= restrict_sid_count
;
659 memcpy( nt_restrict_sids
->Groups
, restrict_sids
, restrict_sid_count
* sizeof(*restrict_sids
) );
662 status
= NtFilterToken(token
, flags
, nt_disable_sids
, nt_privs
, nt_restrict_sids
, ret
);
665 heap_free(nt_disable_sids
);
667 heap_free(nt_restrict_sids
);
668 return set_ntstatus( status
);
671 /******************************************************************************
672 * DuplicateToken (kernelbase.@)
674 BOOL WINAPI
DuplicateToken( HANDLE token
, SECURITY_IMPERSONATION_LEVEL level
, PHANDLE ret
)
676 return DuplicateTokenEx( token
, TOKEN_IMPERSONATE
|TOKEN_QUERY
, NULL
, level
, TokenImpersonation
, ret
);
679 /******************************************************************************
680 * DuplicateTokenEx (kernelbase.@)
682 BOOL WINAPI
DuplicateTokenEx( HANDLE token
, DWORD access
, LPSECURITY_ATTRIBUTES sa
,
683 SECURITY_IMPERSONATION_LEVEL level
, TOKEN_TYPE type
, PHANDLE ret
)
685 SECURITY_QUALITY_OF_SERVICE qos
;
686 OBJECT_ATTRIBUTES attr
;
688 TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", token
, access
, level
, type
, ret
);
690 qos
.Length
= sizeof(qos
);
691 qos
.ImpersonationLevel
= level
;
692 qos
.ContextTrackingMode
= SECURITY_STATIC_TRACKING
;
693 qos
.EffectiveOnly
= FALSE
;
694 InitializeObjectAttributes( &attr
, NULL
, (sa
&& sa
->bInheritHandle
) ? OBJ_INHERIT
: 0,
695 NULL
, sa
? sa
->lpSecurityDescriptor
: NULL
);
696 attr
.SecurityQualityOfService
= &qos
;
697 return set_ntstatus( NtDuplicateToken( token
, access
, &attr
, FALSE
, type
, ret
));
700 /******************************************************************************
701 * GetTokenInformation (kernelbase.@)
703 BOOL WINAPI
GetTokenInformation( HANDLE token
, TOKEN_INFORMATION_CLASS
class,
704 LPVOID info
, DWORD len
, LPDWORD retlen
)
706 TRACE("(%p, %s, %p, %ld, %p):\n",
708 (class == TokenUser
) ? "TokenUser" :
709 (class == TokenGroups
) ? "TokenGroups" :
710 (class == TokenPrivileges
) ? "TokenPrivileges" :
711 (class == TokenOwner
) ? "TokenOwner" :
712 (class == TokenPrimaryGroup
) ? "TokenPrimaryGroup" :
713 (class == TokenDefaultDacl
) ? "TokenDefaultDacl" :
714 (class == TokenSource
) ? "TokenSource" :
715 (class == TokenType
) ? "TokenType" :
716 (class == TokenImpersonationLevel
) ? "TokenImpersonationLevel" :
717 (class == TokenStatistics
) ? "TokenStatistics" :
718 (class == TokenRestrictedSids
) ? "TokenRestrictedSids" :
719 (class == TokenSessionId
) ? "TokenSessionId" :
720 (class == TokenGroupsAndPrivileges
) ? "TokenGroupsAndPrivileges" :
721 (class == TokenSessionReference
) ? "TokenSessionReference" :
722 (class == TokenSandBoxInert
) ? "TokenSandBoxInert" :
726 return set_ntstatus( NtQueryInformationToken( token
, class, info
, len
, retlen
));
729 /******************************************************************************
730 * ImpersonateAnonymousToken (kernelbase.@)
732 BOOL WINAPI
ImpersonateAnonymousToken( HANDLE thread
)
734 TRACE("(%p)\n", thread
);
735 return set_ntstatus( NtImpersonateAnonymousToken( thread
) );
738 /******************************************************************************
739 * ImpersonateLoggedOnUser (kernelbase.@)
741 BOOL WINAPI
ImpersonateLoggedOnUser( HANDLE token
)
747 static BOOL warn
= TRUE
;
751 FIXME( "(%p)\n", token
);
754 if (!GetTokenInformation( token
, TokenType
, &type
, sizeof(type
), &size
)) return FALSE
;
756 if (type
== TokenPrimary
)
758 if (!DuplicateToken( token
, SecurityImpersonation
, &dup
)) return FALSE
;
759 ret
= SetThreadToken( NULL
, dup
);
762 else ret
= SetThreadToken( NULL
, token
);
767 /******************************************************************************
768 * ImpersonateNamedPipeClient (kernelbase.@)
770 BOOL WINAPI
ImpersonateNamedPipeClient( HANDLE pipe
)
772 IO_STATUS_BLOCK io_block
;
774 return set_ntstatus( NtFsControlFile( pipe
, NULL
, NULL
, NULL
, &io_block
,
775 FSCTL_PIPE_IMPERSONATE
, NULL
, 0, NULL
, 0 ));
778 /******************************************************************************
779 * ImpersonateSelf (kernelbase.@)
781 BOOL WINAPI
ImpersonateSelf( SECURITY_IMPERSONATION_LEVEL level
)
783 return set_ntstatus( RtlImpersonateSelf( level
) );
786 /******************************************************************************
787 * IsTokenRestricted (kernelbase.@)
789 BOOL WINAPI
IsTokenRestricted( HANDLE token
)
791 TOKEN_GROUPS
*groups
;
796 TRACE("(%p)\n", token
);
798 status
= NtQueryInformationToken(token
, TokenRestrictedSids
, NULL
, 0, &size
);
799 if (status
!= STATUS_BUFFER_TOO_SMALL
) return set_ntstatus(status
);
801 groups
= heap_alloc(size
);
804 SetLastError(ERROR_OUTOFMEMORY
);
808 status
= NtQueryInformationToken(token
, TokenRestrictedSids
, groups
, size
, &size
);
809 if (status
!= STATUS_SUCCESS
)
812 return set_ntstatus(status
);
815 restricted
= groups
->GroupCount
> 0;
821 /******************************************************************************
822 * OpenProcessToken (kernelbase.@)
824 BOOL WINAPI
OpenProcessToken( HANDLE process
, DWORD access
, HANDLE
*handle
)
826 return set_ntstatus( NtOpenProcessToken( process
, access
, handle
));
829 /******************************************************************************
830 * OpenThreadToken (kernelbase.@)
832 BOOL WINAPI
OpenThreadToken( HANDLE thread
, DWORD access
, BOOL self
, HANDLE
*handle
)
834 return set_ntstatus( NtOpenThreadToken( thread
, access
, self
, handle
));
837 /******************************************************************************
838 * PrivilegeCheck (kernelbase.@)
840 BOOL WINAPI
PrivilegeCheck( HANDLE token
, PPRIVILEGE_SET privs
, LPBOOL result
)
843 BOOL ret
= set_ntstatus( NtPrivilegeCheck( token
, privs
, &res
));
844 if (ret
) *result
= res
;
848 /******************************************************************************
849 * RevertToSelf (kernelbase.@)
851 BOOL WINAPI
RevertToSelf(void)
853 return SetThreadToken( NULL
, 0 );
856 /*************************************************************************
857 * SetThreadToken (kernelbase.@)
859 BOOL WINAPI
SetThreadToken( PHANDLE thread
, HANDLE token
)
861 return set_ntstatus( NtSetInformationThread( thread
? *thread
: GetCurrentThread(),
862 ThreadImpersonationToken
, &token
, sizeof(token
) ));
865 /******************************************************************************
866 * SetTokenInformation (kernelbase.@)
868 BOOL WINAPI
SetTokenInformation( HANDLE token
, TOKEN_INFORMATION_CLASS
class, LPVOID info
, DWORD len
)
870 TRACE("(%p, %s, %p, %ld)\n",
872 (class == TokenUser
) ? "TokenUser" :
873 (class == TokenGroups
) ? "TokenGroups" :
874 (class == TokenPrivileges
) ? "TokenPrivileges" :
875 (class == TokenOwner
) ? "TokenOwner" :
876 (class == TokenPrimaryGroup
) ? "TokenPrimaryGroup" :
877 (class == TokenDefaultDacl
) ? "TokenDefaultDacl" :
878 (class == TokenSource
) ? "TokenSource" :
879 (class == TokenType
) ? "TokenType" :
880 (class == TokenImpersonationLevel
) ? "TokenImpersonationLevel" :
881 (class == TokenStatistics
) ? "TokenStatistics" :
882 (class == TokenRestrictedSids
) ? "TokenRestrictedSids" :
883 (class == TokenSessionId
) ? "TokenSessionId" :
884 (class == TokenGroupsAndPrivileges
) ? "TokenGroupsAndPrivileges" :
885 (class == TokenSessionReference
) ? "TokenSessionReference" :
886 (class == TokenSandBoxInert
) ? "TokenSandBoxInert" :
890 return set_ntstatus( NtSetInformationToken( token
, class, info
, len
));
894 /******************************************************************************
895 * Security descriptor functions
896 ******************************************************************************/
899 /******************************************************************************
900 * ConvertToAutoInheritPrivateObjectSecurity (kernelbase.@)
902 BOOL WINAPI
ConvertToAutoInheritPrivateObjectSecurity( PSECURITY_DESCRIPTOR parent
,
903 PSECURITY_DESCRIPTOR current
,
904 PSECURITY_DESCRIPTOR
*descr
,
905 GUID
*type
, BOOL is_dir
,
906 PGENERIC_MAPPING mapping
)
908 return set_ntstatus( RtlConvertToAutoInheritSecurityObject( parent
, current
, descr
, type
, is_dir
, mapping
));
911 /******************************************************************************
912 * CreateBoundaryDescriptorW (kernelbase.@)
914 HANDLE WINAPI
CreateBoundaryDescriptorW( LPCWSTR name
, ULONG flags
)
916 FIXME("%s %lu - stub\n", debugstr_w(name
), flags
);
920 /******************************************************************************
921 * CreatePrivateObjectSecurity (kernelbase.@)
923 BOOL WINAPI
CreatePrivateObjectSecurity( PSECURITY_DESCRIPTOR parent
, PSECURITY_DESCRIPTOR creator
,
924 PSECURITY_DESCRIPTOR
*descr
, BOOL is_container
, HANDLE token
,
925 PGENERIC_MAPPING mapping
)
927 return set_ntstatus( RtlNewSecurityObject( parent
, creator
, descr
, is_container
, token
, mapping
));
930 /******************************************************************************
931 * CreatePrivateObjectSecurityEx (kernelbase.@)
933 BOOL WINAPI
CreatePrivateObjectSecurityEx( PSECURITY_DESCRIPTOR parent
, PSECURITY_DESCRIPTOR creator
,
934 PSECURITY_DESCRIPTOR
*descr
, GUID
*type
, BOOL is_container
,
935 ULONG flags
, HANDLE token
, PGENERIC_MAPPING mapping
)
937 return set_ntstatus( RtlNewSecurityObjectEx( parent
, creator
, descr
, type
, is_container
, flags
, token
, mapping
));
940 /******************************************************************************
941 * CreatePrivateObjectSecurityWithMultipleInheritance (kernelbase.@)
943 BOOL WINAPI
CreatePrivateObjectSecurityWithMultipleInheritance( PSECURITY_DESCRIPTOR parent
,
944 PSECURITY_DESCRIPTOR creator
,
945 PSECURITY_DESCRIPTOR
*descr
,
946 GUID
**types
, ULONG count
,
947 BOOL is_container
, ULONG flags
,
948 HANDLE token
, PGENERIC_MAPPING mapping
)
950 return set_ntstatus( RtlNewSecurityObjectWithMultipleInheritance( parent
, creator
, descr
, types
, count
,
951 is_container
, flags
, token
, mapping
));
954 /******************************************************************************
955 * DestroyPrivateObjectSecurity (kernelbase.@)
957 BOOL WINAPI
DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR
*descr
)
959 return set_ntstatus( RtlDeleteSecurityObject( descr
));
962 /******************************************************************************
963 * GetFileSecurityW (kernelbase.@)
965 BOOL WINAPI
GetFileSecurityW( LPCWSTR name
, SECURITY_INFORMATION info
,
966 PSECURITY_DESCRIPTOR descr
, DWORD len
, LPDWORD ret_len
)
972 TRACE( "(%s,%ld,%p,%ld,%p)\n", debugstr_w(name
), info
, descr
, len
, ret_len
);
974 if (info
& (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
| DACL_SECURITY_INFORMATION
))
975 access
|= READ_CONTROL
;
976 if (info
& SACL_SECURITY_INFORMATION
)
977 access
|= ACCESS_SYSTEM_SECURITY
;
979 if (!(status
= open_file( name
, access
, &file
)))
981 status
= NtQuerySecurityObject( file
, info
, descr
, len
, ret_len
);
984 return set_ntstatus( status
);
987 /******************************************************************************
988 * GetKernelObjectSecurity (kernelbase.@)
990 BOOL WINAPI
GetKernelObjectSecurity( HANDLE handle
, SECURITY_INFORMATION info
,
991 PSECURITY_DESCRIPTOR descr
, DWORD len
, LPDWORD ret_len
)
993 return set_ntstatus( NtQuerySecurityObject( handle
, info
, descr
, len
, ret_len
));
996 /******************************************************************************
997 * GetPrivateObjectSecurity (kernelbase.@)
999 BOOL WINAPI
GetPrivateObjectSecurity( PSECURITY_DESCRIPTOR obj_descr
, SECURITY_INFORMATION info
,
1000 PSECURITY_DESCRIPTOR ret_descr
, DWORD len
, PDWORD ret_len
)
1002 SECURITY_DESCRIPTOR desc
;
1003 BOOL defaulted
, present
;
1007 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", obj_descr
, info
, ret_descr
, len
, ret_len
);
1009 if (!InitializeSecurityDescriptor(&desc
, SECURITY_DESCRIPTOR_REVISION
)) return FALSE
;
1011 if (info
& OWNER_SECURITY_INFORMATION
)
1013 if (!GetSecurityDescriptorOwner(obj_descr
, &psid
, &defaulted
)) return FALSE
;
1014 SetSecurityDescriptorOwner(&desc
, psid
, defaulted
);
1016 if (info
& GROUP_SECURITY_INFORMATION
)
1018 if (!GetSecurityDescriptorGroup(obj_descr
, &psid
, &defaulted
)) return FALSE
;
1019 SetSecurityDescriptorGroup(&desc
, psid
, defaulted
);
1021 if (info
& DACL_SECURITY_INFORMATION
)
1023 if (!GetSecurityDescriptorDacl(obj_descr
, &present
, &pacl
, &defaulted
)) return FALSE
;
1024 SetSecurityDescriptorDacl(&desc
, present
, pacl
, defaulted
);
1026 if (info
& SACL_SECURITY_INFORMATION
)
1028 if (!GetSecurityDescriptorSacl(obj_descr
, &present
, &pacl
, &defaulted
)) return FALSE
;
1029 SetSecurityDescriptorSacl(&desc
, present
, pacl
, defaulted
);
1033 return MakeSelfRelativeSD(&desc
, ret_descr
, ret_len
);
1036 /******************************************************************************
1037 * GetSecurityDescriptorControl (kernelbase.@)
1039 BOOL WINAPI
GetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr
, PSECURITY_DESCRIPTOR_CONTROL control
,
1042 return set_ntstatus( RtlGetControlSecurityDescriptor( descr
, control
, revision
));
1045 /******************************************************************************
1046 * GetSecurityDescriptorDacl (kernelbase.@)
1048 BOOL WINAPI
GetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr
, LPBOOL dacl_present
, PACL
*dacl
,
1049 LPBOOL dacl_defaulted
)
1051 BOOLEAN present
, defaulted
;
1052 BOOL ret
= set_ntstatus( RtlGetDaclSecurityDescriptor( descr
, &present
, dacl
, &defaulted
));
1053 *dacl_present
= present
;
1054 *dacl_defaulted
= defaulted
;
1058 /******************************************************************************
1059 * GetSecurityDescriptorGroup (kernelbase.@)
1061 BOOL WINAPI
GetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr
, PSID
*group
, LPBOOL group_defaulted
)
1064 BOOL ret
= set_ntstatus( RtlGetGroupSecurityDescriptor( descr
, group
, &defaulted
));
1065 *group_defaulted
= defaulted
;
1069 /******************************************************************************
1070 * GetSecurityDescriptorLength (kernelbase.@)
1072 DWORD WINAPI
GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR descr
)
1074 return RtlLengthSecurityDescriptor( descr
);
1077 /******************************************************************************
1078 * GetSecurityDescriptorOwner (kernelbase.@)
1080 BOOL WINAPI
GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr
, PSID
*owner
, LPBOOL owner_defaulted
)
1083 BOOL ret
= set_ntstatus( RtlGetOwnerSecurityDescriptor( descr
, owner
, &defaulted
));
1084 *owner_defaulted
= defaulted
;
1088 /******************************************************************************
1089 * GetSecurityDescriptorSacl (kernelbase.@)
1091 BOOL WINAPI
GetSecurityDescriptorSacl( PSECURITY_DESCRIPTOR descr
, LPBOOL sacl_present
, PACL
*sacl
,
1092 LPBOOL sacl_defaulted
)
1094 BOOLEAN present
, defaulted
;
1095 BOOL ret
= set_ntstatus( RtlGetSaclSecurityDescriptor( descr
, &present
, sacl
, &defaulted
));
1096 *sacl_present
= present
;
1097 *sacl_defaulted
= defaulted
;
1101 /******************************************************************************
1102 * InitializeSecurityDescriptor (kernelbase.@)
1104 BOOL WINAPI
InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR descr
, DWORD revision
)
1106 return set_ntstatus( RtlCreateSecurityDescriptor( descr
, revision
));
1109 /******************************************************************************
1110 * IsValidSecurityDescriptor (kernelbase.@)
1112 BOOL WINAPI
IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR descr
)
1114 if (!RtlValidSecurityDescriptor( descr
))
1115 return set_ntstatus(STATUS_INVALID_SECURITY_DESCR
);
1120 /******************************************************************************
1121 * MakeAbsoluteSD (kernelbase.@)
1123 BOOL WINAPI
MakeAbsoluteSD ( PSECURITY_DESCRIPTOR rel_descr
, PSECURITY_DESCRIPTOR abs_descr
,
1124 LPDWORD abs_size
, PACL dacl
, LPDWORD dacl_size
, PACL sacl
, LPDWORD sacl_size
,
1125 PSID owner
, LPDWORD owner_size
, PSID group
, LPDWORD group_size
)
1127 return set_ntstatus( RtlSelfRelativeToAbsoluteSD( rel_descr
, abs_descr
, abs_size
,
1128 dacl
, dacl_size
, sacl
, sacl_size
,
1129 owner
, owner_size
, group
, group_size
));
1132 /******************************************************************************
1133 * MakeSelfRelativeSD (kernelbase.@)
1135 BOOL WINAPI
MakeSelfRelativeSD( PSECURITY_DESCRIPTOR abs_descr
, PSECURITY_DESCRIPTOR rel_descr
,
1138 return set_ntstatus( RtlMakeSelfRelativeSD( abs_descr
, rel_descr
, len
));
1141 /******************************************************************************
1142 * SetFileSecurityW (kernelbase.@)
1144 BOOL WINAPI
SetFileSecurityW( LPCWSTR name
, SECURITY_INFORMATION info
, PSECURITY_DESCRIPTOR descr
)
1150 TRACE( "(%s, 0x%lx, %p)\n", debugstr_w(name
), info
, descr
);
1152 if (info
& (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
)) access
|= WRITE_OWNER
;
1153 if (info
& SACL_SECURITY_INFORMATION
) access
|= ACCESS_SYSTEM_SECURITY
;
1154 if (info
& DACL_SECURITY_INFORMATION
) access
|= WRITE_DAC
;
1156 if (!(status
= open_file( name
, access
, &file
)))
1158 status
= NtSetSecurityObject( file
, info
, descr
);
1161 return set_ntstatus( status
);
1164 /*************************************************************************
1165 * SetKernelObjectSecurity (kernelbase.@)
1167 BOOL WINAPI
SetKernelObjectSecurity( HANDLE handle
, SECURITY_INFORMATION info
, PSECURITY_DESCRIPTOR descr
)
1169 return set_ntstatus( NtSetSecurityObject( handle
, info
, descr
));
1172 /*************************************************************************
1173 * SetPrivateObjectSecurity (kernelbase.@)
1175 BOOL WINAPI
SetPrivateObjectSecurity( SECURITY_INFORMATION info
, PSECURITY_DESCRIPTOR descr
,
1176 PSECURITY_DESCRIPTOR
*obj_descr
, PGENERIC_MAPPING mapping
,
1179 FIXME( "0x%08lx %p %p %p %p - stub\n", info
, descr
, obj_descr
, mapping
, token
);
1183 /*************************************************************************
1184 * SetPrivateObjectSecurityEx (kernelbase.@)
1186 BOOL WINAPI
SetPrivateObjectSecurityEx( SECURITY_INFORMATION info
, PSECURITY_DESCRIPTOR descr
,
1187 PSECURITY_DESCRIPTOR
*obj_descr
, ULONG flags
,
1188 PGENERIC_MAPPING mapping
, HANDLE token
)
1190 FIXME( "0x%08lx %p %p %lu %p %p - stub\n", info
, descr
, obj_descr
, flags
, mapping
, token
);
1194 /******************************************************************************
1195 * SetSecurityDescriptorControl (kernelbase.@)
1197 BOOL WINAPI
SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr
, SECURITY_DESCRIPTOR_CONTROL mask
,
1198 SECURITY_DESCRIPTOR_CONTROL set
)
1200 return set_ntstatus( RtlSetControlSecurityDescriptor( descr
, mask
, set
));
1203 /******************************************************************************
1204 * SetSecurityDescriptorDacl (kernelbase.@)
1206 BOOL WINAPI
SetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr
, BOOL present
, PACL dacl
, BOOL defaulted
)
1208 return set_ntstatus( RtlSetDaclSecurityDescriptor( descr
, present
, dacl
, defaulted
));
1211 /******************************************************************************
1212 * SetSecurityDescriptorGroup (kernelbase.@)
1214 BOOL WINAPI
SetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr
, PSID group
, BOOL defaulted
)
1216 return set_ntstatus( RtlSetGroupSecurityDescriptor( descr
, group
, defaulted
));
1219 /******************************************************************************
1220 * SetSecurityDescriptorOwner (kernelbase.@)
1222 BOOL WINAPI
SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr
, PSID owner
, BOOL defaulted
)
1224 return set_ntstatus( RtlSetOwnerSecurityDescriptor( descr
, owner
, defaulted
));
1227 /**************************************************************************
1228 * SetSecurityDescriptorSacl (kernelbase.@)
1230 BOOL WINAPI
SetSecurityDescriptorSacl ( PSECURITY_DESCRIPTOR descr
, BOOL present
, PACL sacl
, BOOL defaulted
)
1232 return set_ntstatus( RtlSetSaclSecurityDescriptor( descr
, present
, sacl
, defaulted
));
1236 /******************************************************************************
1237 * Access control functions
1238 ******************************************************************************/
1241 /******************************************************************************
1242 * AccessCheck (kernelbase.@)
1244 BOOL WINAPI
AccessCheck( PSECURITY_DESCRIPTOR descr
, HANDLE token
, DWORD access
, PGENERIC_MAPPING mapping
,
1245 PPRIVILEGE_SET priv
, LPDWORD priv_len
, LPDWORD granted
, LPBOOL status
)
1247 NTSTATUS access_status
;
1248 BOOL ret
= set_ntstatus( NtAccessCheck( descr
, token
, access
, mapping
, priv
, priv_len
,
1249 granted
, &access_status
));
1250 if (ret
) *status
= set_ntstatus( access_status
);
1254 /******************************************************************************
1255 * AccessCheckAndAuditAlarmW (kernelbase.@)
1257 BOOL WINAPI
AccessCheckAndAuditAlarmW( LPCWSTR subsystem
, LPVOID id
, LPWSTR type_name
,
1258 LPWSTR name
, PSECURITY_DESCRIPTOR descr
, DWORD access
,
1259 PGENERIC_MAPPING mapping
, BOOL creation
,
1260 LPDWORD granted
, LPBOOL status
, LPBOOL on_close
)
1262 FIXME( "stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(subsystem
),
1263 id
, debugstr_w(type_name
), debugstr_w(name
), descr
, access
, mapping
,
1264 creation
, granted
, status
, on_close
);
1268 /******************************************************************************
1269 * AccessCheckByType (kernelbase.@)
1271 BOOL WINAPI
AccessCheckByType( PSECURITY_DESCRIPTOR descr
, PSID sid
, HANDLE token
, DWORD access
,
1272 POBJECT_TYPE_LIST types
, DWORD types_len
, PGENERIC_MAPPING mapping
,
1273 PPRIVILEGE_SET priv
, LPDWORD priv_len
, LPDWORD granted
, LPBOOL status
)
1280 /******************************************************************************
1281 * AddAccessAllowedAce (kernelbase.@)
1283 BOOL WINAPI
AddAccessAllowedAce( PACL acl
, DWORD rev
, DWORD access
, PSID sid
)
1285 return set_ntstatus( RtlAddAccessAllowedAce( acl
, rev
, access
, sid
));
1288 /******************************************************************************
1289 * AddAccessAllowedAceEx (kernelbase.@)
1291 BOOL WINAPI
AddAccessAllowedAceEx( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
, PSID sid
)
1293 return set_ntstatus( RtlAddAccessAllowedAceEx( acl
, rev
, flags
, access
, sid
));
1296 /******************************************************************************
1297 * AddAccessAllowedObjectAce (kernelbase.@)
1299 BOOL WINAPI
AddAccessAllowedObjectAce( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
,
1300 GUID
*type
, GUID
*inherit
, PSID sid
)
1302 return set_ntstatus( RtlAddAccessAllowedObjectAce( acl
, rev
, flags
, access
, type
, inherit
, sid
));
1305 /******************************************************************************
1306 * AddAccessDeniedAce (kernelbase.@)
1308 BOOL WINAPI
AddAccessDeniedAce( PACL acl
, DWORD rev
, DWORD access
, PSID sid
)
1310 return set_ntstatus( RtlAddAccessDeniedAce( acl
, rev
, access
, sid
));
1313 /******************************************************************************
1314 * AddAccessDeniedAceEx (kernelbase.@)
1316 BOOL WINAPI
AddAccessDeniedAceEx( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
, PSID sid
)
1318 return set_ntstatus( RtlAddAccessDeniedAceEx( acl
, rev
, flags
, access
, sid
));
1321 /******************************************************************************
1322 * AddAccessDeniedObjectAce (kernelbase.@)
1324 BOOL WINAPI
AddAccessDeniedObjectAce( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
,
1325 GUID
*type
, GUID
*inherit
, PSID sid
)
1327 return set_ntstatus( RtlAddAccessDeniedObjectAce( acl
, rev
, flags
, access
, type
, inherit
, sid
));
1330 /******************************************************************************
1331 * AddAce (kernelbase.@)
1333 BOOL WINAPI
AddAce( PACL acl
, DWORD rev
, DWORD index
, LPVOID list
, DWORD len
)
1335 return set_ntstatus( RtlAddAce( acl
, rev
, index
, list
, len
));
1338 /******************************************************************************
1339 * AddAuditAccessAce (kernelbase.@)
1341 BOOL WINAPI
AddAuditAccessAce( PACL acl
, DWORD rev
, DWORD access
, PSID sid
, BOOL success
, BOOL failure
)
1343 return set_ntstatus( RtlAddAuditAccessAce( acl
, rev
, access
, sid
, success
, failure
));
1346 /******************************************************************************
1347 * AddAuditAccessAceEx (kernelbase.@)
1349 BOOL WINAPI
AddAuditAccessAceEx( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
,
1350 PSID sid
, BOOL success
, BOOL failure
)
1352 return set_ntstatus( RtlAddAuditAccessAceEx( acl
, rev
, flags
, access
, sid
, success
, failure
));
1355 /******************************************************************************
1356 * AddAuditAccessObjectAce (kernelbase.@)
1358 BOOL WINAPI
AddAuditAccessObjectAce( PACL acl
, DWORD rev
, DWORD flags
, DWORD access
,
1359 GUID
*type
, GUID
*inherit
, PSID sid
, BOOL success
, BOOL failure
)
1361 return set_ntstatus( RtlAddAuditAccessObjectAce( acl
, rev
, flags
, access
,
1362 type
, inherit
, sid
, success
, failure
));
1365 /******************************************************************************
1366 * AddMandatoryAce (kernelbase.@)
1368 BOOL WINAPI
AddMandatoryAce( PACL acl
, DWORD rev
, DWORD flags
, DWORD policy
, PSID sid
)
1370 return set_ntstatus( RtlAddMandatoryAce( acl
, rev
, flags
, policy
,
1371 SYSTEM_MANDATORY_LABEL_ACE_TYPE
, sid
));
1374 /******************************************************************************
1375 * AreAllAccessesGranted (kernelbase.@)
1377 BOOL WINAPI
AreAllAccessesGranted( DWORD granted
, DWORD desired
)
1379 return RtlAreAllAccessesGranted( granted
, desired
);
1382 /******************************************************************************
1383 * AreAnyAccessesGranted (kernelbase.@)
1385 BOOL WINAPI
AreAnyAccessesGranted( DWORD granted
, DWORD desired
)
1387 return RtlAreAnyAccessesGranted( granted
, desired
);
1390 /******************************************************************************
1391 * DeleteAce (kernelbase.@)
1393 BOOL WINAPI
DeleteAce( PACL acl
, DWORD index
)
1395 return set_ntstatus( RtlDeleteAce( acl
, index
));
1398 /******************************************************************************
1399 * FindFirstFreeAce (kernelbase.@)
1401 BOOL WINAPI
FindFirstFreeAce( PACL acl
, LPVOID
*ace
)
1403 return RtlFirstFreeAce( acl
, (PACE_HEADER
*)ace
);
1406 /******************************************************************************
1407 * GetAce (kernelbase.@)
1409 BOOL WINAPI
GetAce( PACL acl
, DWORD index
, LPVOID
*ace
)
1411 return set_ntstatus( RtlGetAce( acl
, index
, ace
));
1414 /******************************************************************************
1415 * GetAclInformation (kernelbase.@)
1417 BOOL WINAPI
GetAclInformation( PACL acl
, LPVOID info
, DWORD len
, ACL_INFORMATION_CLASS
class )
1419 return set_ntstatus( RtlQueryInformationAcl( acl
, info
, len
, class ));
1422 /*************************************************************************
1423 * InitializeAcl (kernelbase.@)
1425 BOOL WINAPI
InitializeAcl( PACL acl
, DWORD size
, DWORD rev
)
1427 return set_ntstatus( RtlCreateAcl( acl
, size
, rev
));
1430 /******************************************************************************
1431 * IsValidAcl (kernelbase.@)
1433 BOOL WINAPI
IsValidAcl( PACL acl
)
1435 return RtlValidAcl( acl
);
1438 /******************************************************************************
1439 * MapGenericMask (kernelbase.@)
1441 void WINAPI
MapGenericMask( PDWORD access
, PGENERIC_MAPPING mapping
)
1443 RtlMapGenericMask( access
, mapping
);
1446 /******************************************************************************
1447 * ObjectCloseAuditAlarmW (kernelbase.@)
1449 BOOL WINAPI
ObjectCloseAuditAlarmW( LPCWSTR subsystem
, LPVOID id
, BOOL on_close
)
1451 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem
), id
, on_close
);
1455 /******************************************************************************
1456 * ObjectDeleteAuditAlarmW (kernelbase.@)
1458 BOOL WINAPI
ObjectDeleteAuditAlarmW( LPCWSTR subsystem
, LPVOID id
, BOOL on_close
)
1460 FIXME( "stub (%s,%p,%x)\n", debugstr_w(subsystem
), id
, on_close
);
1464 /******************************************************************************
1465 * ObjectOpenAuditAlarmW (kernelbase.@)
1467 BOOL WINAPI
ObjectOpenAuditAlarmW( LPCWSTR subsystem
, LPVOID id
, LPWSTR type
, LPWSTR name
,
1468 PSECURITY_DESCRIPTOR descr
, HANDLE token
, DWORD desired
,
1469 DWORD granted
, PPRIVILEGE_SET privs
, BOOL creation
,
1470 BOOL access
, LPBOOL on_close
)
1472 FIXME( "stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_w(subsystem
),
1473 id
, debugstr_w(type
), debugstr_w(name
), descr
, token
, desired
, granted
,
1474 privs
, creation
, access
, on_close
);
1478 /******************************************************************************
1479 * ObjectPrivilegeAuditAlarmW (kernelbase.@)
1481 BOOL WINAPI
ObjectPrivilegeAuditAlarmW( LPCWSTR subsystem
, LPVOID id
, HANDLE token
,
1482 DWORD desired
, PPRIVILEGE_SET privs
, BOOL granted
)
1484 FIXME( "stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_w(subsystem
), id
, token
, desired
, privs
, granted
);
1488 /******************************************************************************
1489 * PrivilegedServiceAuditAlarmW (kernelbase.@)
1491 BOOL WINAPI
PrivilegedServiceAuditAlarmW( LPCWSTR subsystem
, LPCWSTR service
, HANDLE token
,
1492 PPRIVILEGE_SET privs
, BOOL granted
)
1494 FIXME( "stub %s,%s,%p,%p,%x)\n", debugstr_w(subsystem
), debugstr_w(service
), token
, privs
, granted
);
1498 /******************************************************************************
1499 * SetAclInformation (kernelbase.@)
1501 BOOL WINAPI
SetAclInformation( PACL acl
, LPVOID info
, DWORD len
, ACL_INFORMATION_CLASS
class )
1503 FIXME( "%p %p 0x%08lx 0x%08x - stub\n", acl
, info
, len
, class );
1507 /******************************************************************************
1508 * SetCachedSigningLevel (kernelbase.@)
1510 BOOL WINAPI
SetCachedSigningLevel( PHANDLE source
, ULONG count
, ULONG flags
, HANDLE file
)
1512 FIXME( "%p %lu %lu %p - stub\n", source
, count
, flags
, file
);