2 * dlls/advapi32/security.c
3 * FIXME: for all functions thunking down to Rtl* functions: implement SetLastError()
14 DECLARE_DEBUG_CHANNEL(advapi
)
15 DECLARE_DEBUG_CHANNEL(security
)
17 #define CallWin32ToNt(func) \
20 if (ret !=STATUS_SUCCESS) \
21 { SetLastError (RtlNtStatusToDosError(ret)); return FALSE; } \
25 /* FIXME: move it to a header */
26 BOOL WINAPI
IsValidSid (PSID pSid
);
27 BOOL WINAPI
EqualSid (PSID pSid1
, PSID pSid2
);
28 BOOL WINAPI
EqualPrefixSid (PSID pSid1
, PSID pSid2
);
29 DWORD WINAPI
GetSidLengthRequired (BYTE nSubAuthorityCount
);
30 BOOL WINAPI
AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority
, BYTE nSubAuthorityCount
, DWORD nSubAuthority0
, DWORD nSubAuthority1
, DWORD nSubAuthority2
, DWORD nSubAuthority3
, DWORD nSubAuthority4
, DWORD nSubAuthority5
, DWORD nSubAuthority6
, DWORD nSubAuthority7
, PSID
*pSid
);
31 VOID
* WINAPI
FreeSid(PSID pSid
);
32 BOOL WINAPI
InitializeSid (PSID pSid
, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority
, BYTE nSubAuthorityCount
);
33 PSID_IDENTIFIER_AUTHORITY WINAPI
GetSidIdentifierAuthority(PSID pSid
);
34 DWORD
* WINAPI
GetSidSubAuthority(PSID pSid
, DWORD nSubAuthority
);
35 BYTE
* WINAPI
GetSidSubAuthorityCount(PSID pSid
);
36 DWORD WINAPI
GetLengthSid(PSID pSid
);
37 BOOL WINAPI
CopySid(DWORD nDestinationSidLength
, PSID pDestinationSid
, PSID pSourceSid
);
39 /* ##############################
40 ###### TOKEN FUNCTIONS ######
41 ##############################
44 /******************************************************************************
45 * OpenProcessToken [ADVAPI32.109]
46 * Opens the access token associated with a process
49 * ProcessHandle [I] Handle to process
50 * DesiredAccess [I] Desired access to process
51 * TokenHandle [O] Pointer to handle of open access token
56 OpenProcessToken( HANDLE ProcessHandle
, DWORD DesiredAccess
,
59 CallWin32ToNt(NtOpenProcessToken( ProcessHandle
, DesiredAccess
, TokenHandle
));
62 /******************************************************************************
63 * OpenThreadToken [ADVAPI32.114]
72 OpenThreadToken( HANDLE ThreadHandle
, DWORD DesiredAccess
,
73 BOOL OpenAsSelf
, HANDLE
*TokenHandle
)
75 CallWin32ToNt (NtOpenThreadToken(ThreadHandle
, DesiredAccess
, OpenAsSelf
, TokenHandle
));
78 /******************************************************************************
79 * AdjustTokenPrivileges [ADVAPI32.10]
83 * DisableAllPrivileges []
90 AdjustTokenPrivileges( HANDLE TokenHandle
, BOOL DisableAllPrivileges
,
91 LPVOID NewState
, DWORD BufferLength
,
92 LPVOID PreviousState
, LPDWORD ReturnLength
)
94 CallWin32ToNt(NtAdjustPrivilegesToken(TokenHandle
, DisableAllPrivileges
, NewState
, BufferLength
, PreviousState
, ReturnLength
));
97 /******************************************************************************
98 * GetTokenInformation [ADVAPI32.66]
109 GetTokenInformation( HANDLE token
, TOKEN_INFORMATION_CLASS tokeninfoclass
,
110 LPVOID tokeninfo
, DWORD tokeninfolength
, LPDWORD retlen
)
112 CallWin32ToNt (NtQueryInformationToken( token
, tokeninfoclass
, tokeninfo
, tokeninfolength
, retlen
));
115 /* ##############################
116 ###### SID FUNCTIONS ######
117 ##############################
120 /******************************************************************************
121 * AllocateAndInitializeSid [ADVAPI32.11]
124 * pIdentifierAuthority []
125 * nSubAuthorityCount []
137 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority
,
138 BYTE nSubAuthorityCount
,
139 DWORD nSubAuthority0
, DWORD nSubAuthority1
,
140 DWORD nSubAuthority2
, DWORD nSubAuthority3
,
141 DWORD nSubAuthority4
, DWORD nSubAuthority5
,
142 DWORD nSubAuthority6
, DWORD nSubAuthority7
,
145 if (!(*pSid
= HeapAlloc( GetProcessHeap(), 0,
146 GetSidLengthRequired(nSubAuthorityCount
))))
148 (*pSid
)->Revision
= SID_REVISION
;
149 if (pIdentifierAuthority
)
150 memcpy(&(*pSid
)->IdentifierAuthority
, pIdentifierAuthority
,
151 sizeof (SID_IDENTIFIER_AUTHORITY
));
152 *GetSidSubAuthorityCount(*pSid
) = nSubAuthorityCount
;
154 if (nSubAuthorityCount
> 0)
155 *GetSidSubAuthority(*pSid
, 0) = nSubAuthority0
;
156 if (nSubAuthorityCount
> 1)
157 *GetSidSubAuthority(*pSid
, 1) = nSubAuthority1
;
158 if (nSubAuthorityCount
> 2)
159 *GetSidSubAuthority(*pSid
, 2) = nSubAuthority2
;
160 if (nSubAuthorityCount
> 3)
161 *GetSidSubAuthority(*pSid
, 3) = nSubAuthority3
;
162 if (nSubAuthorityCount
> 4)
163 *GetSidSubAuthority(*pSid
, 4) = nSubAuthority4
;
164 if (nSubAuthorityCount
> 5)
165 *GetSidSubAuthority(*pSid
, 5) = nSubAuthority5
;
166 if (nSubAuthorityCount
> 6)
167 *GetSidSubAuthority(*pSid
, 6) = nSubAuthority6
;
168 if (nSubAuthorityCount
> 7)
169 *GetSidSubAuthority(*pSid
, 7) = nSubAuthority7
;
174 /******************************************************************************
175 * FreeSid [ADVAPI32.42]
183 HeapFree( GetProcessHeap(), 0, pSid
);
187 /******************************************************************************
188 * CopySid [ADVAPI32.24]
191 * nDestinationSidLength []
196 CopySid( DWORD nDestinationSidLength
, PSID pDestinationSid
, PSID pSourceSid
)
199 if (!IsValidSid(pSourceSid
))
202 if (nDestinationSidLength
< GetLengthSid(pSourceSid
))
205 memcpy(pDestinationSid
, pSourceSid
, GetLengthSid(pSourceSid
));
210 /******************************************************************************
211 * IsValidSid [ADVAPI32.80]
217 IsValidSid( PSID pSid
)
219 if (!pSid
|| pSid
->Revision
!= SID_REVISION
)
225 /******************************************************************************
226 * EqualSid [ADVAPI32.40]
233 EqualSid( PSID pSid1
, PSID pSid2
)
235 if (!IsValidSid(pSid1
) || !IsValidSid(pSid2
))
238 if (*GetSidSubAuthorityCount(pSid1
) != *GetSidSubAuthorityCount(pSid2
))
241 if (memcmp(pSid1
, pSid2
, GetLengthSid(pSid1
)) != 0)
247 /******************************************************************************
248 * EqualPrefixSid [ADVAPI32.39]
250 BOOL WINAPI
EqualPrefixSid (PSID pSid1
, PSID pSid2
) {
251 if (!IsValidSid(pSid1
) || !IsValidSid(pSid2
))
254 if (*GetSidSubAuthorityCount(pSid1
) != *GetSidSubAuthorityCount(pSid2
))
257 if (memcmp(pSid1
, pSid2
, GetSidLengthRequired(pSid1
->SubAuthorityCount
- 1))
264 /******************************************************************************
265 * GetSidLengthRequired [ADVAPI32.63]
268 * nSubAuthorityCount []
271 GetSidLengthRequired( BYTE nSubAuthorityCount
)
273 return sizeof (SID
) + (nSubAuthorityCount
- 1) * sizeof (DWORD
);
276 /******************************************************************************
277 * InitializeSid [ADVAPI32.74]
280 * pIdentifierAuthority []
283 InitializeSid (PSID pSid
, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority
,
284 BYTE nSubAuthorityCount
)
288 pSid
->Revision
= SID_REVISION
;
289 if (pIdentifierAuthority
)
290 memcpy(&pSid
->IdentifierAuthority
, pIdentifierAuthority
,
291 sizeof (SID_IDENTIFIER_AUTHORITY
));
292 *GetSidSubAuthorityCount(pSid
) = nSubAuthorityCount
;
294 for (i
= 0; i
< nSubAuthorityCount
; i
++)
295 *GetSidSubAuthority(pSid
, i
) = 0;
300 /******************************************************************************
301 * GetSidIdentifierAuthority [ADVAPI32.62]
306 PSID_IDENTIFIER_AUTHORITY WINAPI
307 GetSidIdentifierAuthority( PSID pSid
)
309 return &pSid
->IdentifierAuthority
;
312 /******************************************************************************
313 * GetSidSubAuthority [ADVAPI32.64]
320 GetSidSubAuthority( PSID pSid
, DWORD nSubAuthority
)
322 return &pSid
->SubAuthority
[nSubAuthority
];
325 /******************************************************************************
326 * GetSidSubAuthorityCount [ADVAPI32.65]
332 GetSidSubAuthorityCount (PSID pSid
)
334 return &pSid
->SubAuthorityCount
;
337 /******************************************************************************
338 * GetLengthSid [ADVAPI32.48]
344 GetLengthSid (PSID pSid
)
346 return GetSidLengthRequired( * GetSidSubAuthorityCount(pSid
) );
349 /* ##############################################
350 ###### SECURITY DESCRIPTOR FUNCTIONS ######
351 ##############################################
354 /******************************************************************************
355 * InitializeSecurityDescriptor [ADVAPI32.73]
362 InitializeSecurityDescriptor( SECURITY_DESCRIPTOR
*pDescr
, DWORD revision
)
364 CallWin32ToNt (RtlCreateSecurityDescriptor(pDescr
, revision
));
367 /******************************************************************************
368 * GetSecurityDescriptorLength [ADVAPI32.55]
370 DWORD WINAPI
GetSecurityDescriptorLength( SECURITY_DESCRIPTOR
*pDescr
)
372 return (RtlLengthSecurityDescriptor(pDescr
));
375 /******************************************************************************
376 * GetSecurityDescriptorOwner [ADVAPI32.56]
380 * lpbOwnerDefaulted []
383 GetSecurityDescriptorOwner( SECURITY_DESCRIPTOR
*pDescr
, PSID
*pOwner
,
384 LPBOOL lpbOwnerDefaulted
)
386 CallWin32ToNt (RtlGetOwnerSecurityDescriptor( pDescr
, pOwner
, (PBOOLEAN
)lpbOwnerDefaulted
));
389 /******************************************************************************
390 * SetSecurityDescriptorOwner [ADVAPI32]
394 BOOL
SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor
,
395 PSID pOwner
, BOOL bOwnerDefaulted
)
397 CallWin32ToNt (RtlSetOwnerSecurityDescriptor(pSecurityDescriptor
, pOwner
, bOwnerDefaulted
));
399 /******************************************************************************
400 * GetSecurityDescriptorGroup [ADVAPI32.54]
402 BOOL WINAPI
GetSecurityDescriptorGroup(
403 PSECURITY_DESCRIPTOR SecurityDescriptor
,
405 LPBOOL GroupDefaulted
)
407 CallWin32ToNt (RtlGetGroupSecurityDescriptor(SecurityDescriptor
, Group
, (PBOOLEAN
)GroupDefaulted
));
409 /******************************************************************************
410 * SetSecurityDescriptorGroup
412 BOOL WINAPI
SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor
,
413 PSID Group
, BOOL GroupDefaulted
)
415 CallWin32ToNt (RtlSetGroupSecurityDescriptor( SecurityDescriptor
, Group
, GroupDefaulted
));
418 /******************************************************************************
419 * IsValidSecurityDescriptor [ADVAPI32.79]
425 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor
)
427 CallWin32ToNt (RtlValidSecurityDescriptor(SecurityDescriptor
));
430 /******************************************************************************
431 * GetSecurityDescriptorDacl [ADVAPI.91]
433 BOOL WINAPI
GetSecurityDescriptorDacl(
434 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
435 OUT LPBOOL lpbDaclPresent
,
437 OUT LPBOOL lpbDaclDefaulted
)
439 CallWin32ToNt (RtlGetDaclSecurityDescriptor(pSecurityDescriptor
, (PBOOLEAN
)lpbDaclPresent
,
440 pDacl
, (PBOOLEAN
)lpbDaclDefaulted
));
443 /******************************************************************************
444 * SetSecurityDescriptorDacl [ADVAPI.224]
447 SetSecurityDescriptorDacl (
448 PSECURITY_DESCRIPTOR lpsd
,
453 CallWin32ToNt (RtlSetDaclSecurityDescriptor (lpsd
, daclpresent
, dacl
, dacldefaulted
));
455 /******************************************************************************
456 * GetSecurityDescriptorSacl [ADVAPI.]
458 BOOL WINAPI
GetSecurityDescriptorSacl(
459 IN PSECURITY_DESCRIPTOR lpsd
,
460 OUT LPBOOL lpbSaclPresent
,
462 OUT LPBOOL lpbSaclDefaulted
)
464 CallWin32ToNt (RtlGetSaclSecurityDescriptor(lpsd
, (PBOOLEAN
)lpbSaclPresent
,
465 pSacl
, (PBOOLEAN
)lpbSaclDefaulted
));
468 /**************************************************************************
469 * SetSecurityDescriptorSacl [NTDLL.488]
471 BOOL WINAPI
SetSecurityDescriptorSacl (
472 PSECURITY_DESCRIPTOR lpsd
,
477 CallWin32ToNt (RtlSetSaclSecurityDescriptor(lpsd
, saclpresent
, lpsacl
, sacldefaulted
));
479 /******************************************************************************
480 * MakeSelfRelativeSD [ADVAPI32.95]
488 MakeSelfRelativeSD( PSECURITY_DESCRIPTOR lpabssecdesc
,
489 PSECURITY_DESCRIPTOR lpselfsecdesc
, LPDWORD lpbuflen
)
491 FIXME(advapi
,"(%p,%p,%p),stub!\n",lpabssecdesc
,lpselfsecdesc
,lpbuflen
);
495 /******************************************************************************
496 * GetSecurityDescriptorControl32 [ADVAPI32]
499 BOOL
GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor
,
500 /* fixme: PSECURITY_DESCRIPTOR_CONTROL*/ LPVOID pControl
, LPDWORD lpdwRevision
)
501 { FIXME(advapi
,"(%p,%p,%p),stub!\n",pSecurityDescriptor
,pControl
,lpdwRevision
);
505 /* ##############################
506 ###### MISC FUNCTIONS ######
507 ##############################
510 /******************************************************************************
511 * LookupPrivilegeValue32W [ADVAPI32.93]
512 * Retrieves LUID used on a system to represent the privilege name.
515 * lpLuid should be PLUID
518 * lpSystemName [I] Address of string specifying the system
519 * lpName [I] Address of string specifying the privilege
520 * lpLuid [I] Address of locally unique identifier
525 LookupPrivilegeValueW( LPCWSTR lpSystemName
, LPCWSTR lpName
, LPVOID lpLuid
)
527 FIXME(advapi
,"(%s,%s,%p): stub\n",debugstr_w(lpSystemName
),
528 debugstr_w(lpName
), lpLuid
);
532 /******************************************************************************
533 * LookupPrivilegeValue32A [ADVAPI32.92]
536 LookupPrivilegeValueA( LPCSTR lpSystemName
, LPCSTR lpName
, LPVOID lpLuid
)
538 LPWSTR lpSystemNameW
= HEAP_strdupAtoW(GetProcessHeap(), 0, lpSystemName
);
539 LPWSTR lpNameW
= HEAP_strdupAtoW(GetProcessHeap(), 0, lpName
);
540 BOOL ret
= LookupPrivilegeValueW( lpSystemNameW
, lpNameW
, lpLuid
);
541 HeapFree(GetProcessHeap(), 0, lpNameW
);
542 HeapFree(GetProcessHeap(), 0, lpSystemNameW
);
546 /******************************************************************************
547 * GetFileSecurity32A [ADVAPI32.45]
549 * Obtains Specified information about the security of a file or directory
550 * The information obtained is constrained by the callers access rights and
554 GetFileSecurityA( LPCSTR lpFileName
,
555 SECURITY_INFORMATION RequestedInformation
,
556 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
557 DWORD nLength
, LPDWORD lpnLengthNeeded
)
559 FIXME(advapi
, "(%s) : stub\n", debugstr_a(lpFileName
));
563 /******************************************************************************
564 * GetFileSecurity32W [ADVAPI32.46]
566 * Obtains Specified information about the security of a file or directory
567 * The information obtained is constrained by the callers access rights and
572 * RequestedInformation []
573 * pSecurityDescriptor []
578 GetFileSecurityW( LPCWSTR lpFileName
,
579 SECURITY_INFORMATION RequestedInformation
,
580 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
581 DWORD nLength
, LPDWORD lpnLengthNeeded
)
583 FIXME(advapi
, "(%s) : stub\n", debugstr_w(lpFileName
) );
588 /******************************************************************************
589 * LookupAccountSid32A [ADVAPI32.86]
592 LookupAccountSidA( LPCSTR system
, PSID sid
, LPCSTR account
,
593 LPDWORD accountSize
, LPCSTR domain
, LPDWORD domainSize
,
594 PSID_NAME_USE name_use
)
596 FIXME(security
,"(%s,%p,%p,%p,%p,%p,%p): stub\n",
597 system
,sid
,account
,accountSize
,domain
,domainSize
,name_use
);
598 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
602 /******************************************************************************
603 * LookupAccountSid32W [ADVAPI32.87]
615 LookupAccountSidW( LPCWSTR system
, PSID sid
, LPCWSTR account
,
616 LPDWORD accountSize
, LPCWSTR domain
, LPDWORD domainSize
,
617 PSID_NAME_USE name_use
)
619 FIXME(security
,"(%p,%p,%p,%p,%p,%p,%p): stub\n",
620 system
,sid
,account
,accountSize
,domain
,domainSize
,name_use
);
621 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
625 /******************************************************************************
626 * SetFileSecurity32A [ADVAPI32.182]
627 * Sets the security of a file or directory
629 BOOL WINAPI
SetFileSecurityA( LPCSTR lpFileName
,
630 SECURITY_INFORMATION RequestedInformation
,
631 PSECURITY_DESCRIPTOR pSecurityDescriptor
)
633 FIXME(advapi
, "(%s) : stub\n", debugstr_a(lpFileName
));
637 /******************************************************************************
638 * SetFileSecurity32W [ADVAPI32.183]
639 * Sets the security of a file or directory
643 * RequestedInformation []
644 * pSecurityDescriptor []
647 SetFileSecurityW( LPCWSTR lpFileName
,
648 SECURITY_INFORMATION RequestedInformation
,
649 PSECURITY_DESCRIPTOR pSecurityDescriptor
)
651 FIXME(advapi
, "(%s) : stub\n", debugstr_w(lpFileName
) );
655 /******************************************************************************
656 * QueryWindows31FilesMigration [ADVAPI32.266]
662 QueryWindows31FilesMigration( DWORD x1
)
664 FIXME(advapi
,"(%ld):stub\n",x1
);
668 /******************************************************************************
669 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.265]
678 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1
, DWORD x2
, DWORD x3
,
681 FIXME(advapi
,"(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1
,x2
,x3
,x4
);
685 /******************************************************************************
686 * LsaOpenPolicy [ADVAPI32.200]
695 LsaOpenPolicy( DWORD x1
, DWORD x2
, DWORD x3
, DWORD x4
)
697 FIXME(advapi
,"(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1
,x2
,x3
,x4
);
698 return 0xc0000000; /* generic error */
701 /******************************************************************************
702 * NotifyBootConfigStatus [ADVAPI32.97]
708 NotifyBootConfigStatus( DWORD x1
)
710 FIXME(advapi
,"(0x%08lx):stub\n",x1
);
714 /******************************************************************************
715 * RevertToSelf [ADVAPI32.180]
723 FIXME(advapi
,"(), stub\n");
727 /******************************************************************************
728 * ImpersonateSelf [ADVAPI32.71]
731 ImpersonateSelf(DWORD
/*SECURITY_IMPERSONATION_LEVEL*/ ImpersonationLevel
)
733 FIXME(advapi
, "(%08lx), stub\n", ImpersonationLevel
);
737 /******************************************************************************
738 * AccessCheck32 [ADVAPI32.71]
741 AccessCheck(PSECURITY_DESCRIPTOR pSecurityDescriptor
, HANDLE ClientToken
, DWORD DesiredAccess
, LPVOID
/*LPGENERIC_MAPPING*/ GenericMapping
, LPVOID
/*LPPRIVILEGE_SET*/ PrivilegeSet
, LPDWORD PrivilegeSetLength
, LPDWORD GrantedAccess
, LPBOOL AccessStatus
)
743 FIXME(advapi
, "(%p, %04x, %08lx, %p, %p, %p, %p, %p), stub\n", pSecurityDescriptor
, ClientToken
, DesiredAccess
, GenericMapping
, PrivilegeSet
, PrivilegeSetLength
, GrantedAccess
, AccessStatus
);
744 *AccessStatus
= TRUE
;