wine/dlls/advapi32/security.c

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~ [ freetext search ] ~ [ file search ] ~

Wine Cross Reference
wine/dlls/advapi32/security.c

Version: ~ [ wine-1.1.33 ] ~ [ wine-1.1.32 ] ~ [ wine-1.1.31 ] ~ [ wine-1.1.30 ] ~ [ wine-1.1.29 ] ~ [ wine-1.1.28 ] ~ [ wine-1.1.27 ] ~ [ wine-1.1.26 ] ~ [ wine-1.1.25 ] ~ [ wine-1.1.24 ] ~ [ wine-1.1.23 ] ~ [ wine-1.1.22 ] ~ [ wine-1.1.21 ] ~ [ wine-1.1.20 ] ~ [ wine-1.1.19 ] ~ [ wine-1.1.18 ] ~ [ wine-1.1.17 ] ~ [ wine-1.1.16 ] ~ [ wine-1.1.15 ] ~ [ wine-1.1.14 ] ~ [ wine-1.1.13 ] ~ [ wine-1.1.12 ] ~ [ wine-1.1.11 ] ~ [ wine-1.1.10 ] ~ [ wine-1.1.9 ] ~ [ wine-1.1.8 ] ~ [ wine-1.1.7 ] ~ [ wine-1.0.1 ] ~ [ wine-1.1.6 ] ~ [ wine-1.1.5 ] ~ [ wine-1.1.4 ] ~ [ wine-1.1.3 ] ~ [ wine-1.1.2 ] ~ [ wine-1.1.1 ] ~ [ wine-1.1.0 ] ~ [ wine-1.0 ] ~

1 /* 2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net> 3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla) 4 * Copyright 2006 Robert Reif 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA 19 * 20 */ 21 22 #include <stdarg.h> 23 #include <string.h> 24 25 #include "ntstatus.h" 26 #define WIN32_NO_STATUS 27 #include "windef.h" 28 #include "winbase.h" 29 #include "winerror.h" 30 #include "winreg.h" 31 #include "winsafer.h" 32 #include "winternl.h" 33 #include "winioctl.h" 34 #include "ntsecapi.h" 35 #include "accctrl.h" 36 #include "sddl.h" 37 #include "winsvc.h" 38 #include "aclapi.h" 39 #include "objbase.h" 40 #include "iads.h" 41 #include "advapi32_misc.h" 42 #include "lmcons.h" 43 44 #include "wine/debug.h" 45 #include "wine/unicode.h" 46 47 WINE_DEFAULT_DEBUG_CHANNEL(advapi); 48 49 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes); 50 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags, 51 PACL pAcl, LPDWORD cBytes); 52 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl); 53 static BYTE ParseAceStringType(LPCWSTR* StringAcl); 54 static DWORD ParseAceStringRights(LPCWSTR* StringAcl); 55 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor( 56 LPCWSTR StringSecurityDescriptor, 57 SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor, 58 LPDWORD cBytes); 59 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl); 60 61 typedef struct _ACEFLAG 62 { 63 LPCWSTR wstr; 64 DWORD value; 65 } ACEFLAG, *LPACEFLAG; 66 67 typedef struct _MAX_SID 68 { 69 /* same fields as struct _SID */ 70 BYTE Revision; 71 BYTE SubAuthorityCount; 72 SID_IDENTIFIER_AUTHORITY IdentifierAuthority; 73 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES]; 74 } MAX_SID; 75 76 typedef struct WELLKNOWNSID 77 { 78 WCHAR wstr[2]; 79 WELL_KNOWN_SID_TYPE Type; 80 MAX_SID Sid; 81 } WELLKNOWNSID; 82 83 static const WELLKNOWNSID WellKnownSids[] = 84 { 85 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } }, 86 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } }, 87 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } }, 88 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } }, 89 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } }, 90 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } }, 91 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } }, 92 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } }, 93 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } }, 94 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } }, 95 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } }, 96 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } }, 97 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } }, 98 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } }, 99 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } }, 100 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } }, 101 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } }, 102 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } }, 103 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } }, 104 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } }, 105 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } }, 106 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } }, 107 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } }, 108 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } }, 109 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } }, 110 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } }, 111 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } }, 112 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } }, 113 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } }, 114 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } }, 115 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } }, 116 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } }, 117 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } }, 118 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } }, 119 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } }, 120 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } }, 121 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } }, 122 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } }, 123 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } }, 124 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } }, 125 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } }, 126 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } }, 127 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } }, 128 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } }, 129 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } }, 130 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } }, 131 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } }, 132 { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } }, 133 { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } }, 134 { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } }, 135 { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } }, 136 { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } }, 137 }; 138 139 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */ 140 typedef struct WELLKNOWNRID 141 { 142 WELL_KNOWN_SID_TYPE Type; 143 DWORD Rid; 144 } WELLKNOWNRID; 145 146 static const WELLKNOWNRID WellKnownRids[] = { 147 { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN }, 148 { WinAccountGuestSid, DOMAIN_USER_RID_GUEST }, 149 { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT }, 150 { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS }, 151 { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS }, 152 { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS }, 153 { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS }, 154 { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS }, 155 { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS }, 156 { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS }, 157 { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS }, 158 { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS }, 159 { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS }, 160 }; 161 162 163 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }; 164 165 typedef struct _AccountSid { 166 WELL_KNOWN_SID_TYPE type; 167 LPCWSTR account; 168 LPCWSTR domain; 169 SID_NAME_USE name_use; 170 LPCWSTR alias; 171 } AccountSid; 172 173 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 }; 174 static const WCHAR Administrator[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0 }; 175 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 }; 176 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 }; 177 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 }; 178 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 }; 179 static const WCHAR BATCH[] = { 'B','A','T','C','H',0 }; 180 static const WCHAR Blank[] = { 0 }; 181 static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 }; 182 static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 }; 183 static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 }; 184 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 }; 185 static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 }; 186 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 }; 187 static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 }; 188 static const WCHAR Digest_Authentication[] = { 'D','i','g','e','s','t',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 }; 189 static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0}; 190 static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','i','n','s',0 }; 191 static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 }; 192 static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 }; 193 static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 }; 194 static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 }; 195 static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 }; 196 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 }; 197 static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 }; 198 static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 }; 199 static const WCHAR Guest[] = { 'G','u','e','s','t',0 }; 200 static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 }; 201 static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 }; 202 static const WCHAR LOCAL[] = { 'L','O','C','A','L',0 }; 203 static const WCHAR LOCAL_SERVICE[] = { 'L','O','C','A','L',' ','S','E','R','V','I','C','E',0 }; 204 static const WCHAR LOCAL_SERVICE2[] = { 'L','O','C','A','L','S','E','R','V','I','C','E',0 }; 205 static const WCHAR NETWORK[] = { 'N','E','T','W','O','R','K',0 }; 206 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 }; 207 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 }; 208 static const WCHAR NETWORK_SERVICE2[] = { 'N','E','T','W','O','R','K','S','E','R','V','I','C','E',0 }; 209 static const WCHAR NT_AUTHORITY[] = { 'N','T',' ','A','U','T','H','O','R','I','T','Y',0 }; 210 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 }; 211 static const WCHAR NTML_Authentication[] = { 'N','T','M','L',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 }; 212 static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 }; 213 static const WCHAR Other_Organization[] = { 'O','t','h','e','r',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 }; 214 static const WCHAR Performance_Log_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','L','o','g',' ','U','s','e','r','s',0 }; 215 static const WCHAR Performance_Monitor_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','M','o','n','i','t','o','r',' ','U','s','e','r','s',0 }; 216 static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 }; 217 static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','','','',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 }; 218 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 }; 219 static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 }; 220 static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 }; 221 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 }; 222 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 }; 223 static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 }; 224 static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 }; 225 static const WCHAR SChannel_Authentication[] = { 'S','C','h','a','n','n','e','l',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 }; 226 static const WCHAR Schema_Admins[] = { 'S','c','h','e','m','a',' ','A','d','m','i','n','s',0 }; 227 static const WCHAR SELF[] = { 'S','E','L','F',0 }; 228 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 }; 229 static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 }; 230 static const WCHAR SYSTEM[] = { 'S','Y','S','T','E','M',0 }; 231 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 }; 232 static const WCHAR This_Organization[] = { 'T','h','i','s',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 }; 233 static const WCHAR Users[] = { 'U','s','e','r','s',0 }; 234 235 static const AccountSid ACCOUNT_SIDS[] = { 236 { WinNullSid, NULL_SID, Blank, SidTypeWellKnownGroup }, 237 { WinWorldSid, Everyone, Blank, SidTypeWellKnownGroup }, 238 { WinLocalSid, LOCAL, Blank, SidTypeWellKnownGroup }, 239 { WinCreatorOwnerSid, CREATOR_OWNER, Blank, SidTypeWellKnownGroup }, 240 { WinCreatorGroupSid, CREATOR_GROUP, Blank, SidTypeWellKnownGroup }, 241 { WinCreatorOwnerServerSid, CREATOR_OWNER_SERVER, Blank, SidTypeWellKnownGroup }, 242 { WinCreatorGroupServerSid, CREATOR_GROUP_SERVER, Blank, SidTypeWellKnownGroup }, 243 { WinNtAuthoritySid, NT_Pseudo_Domain, NT_Pseudo_Domain, SidTypeDomain }, 244 { WinDialupSid, DIALUP, NT_AUTHORITY, SidTypeWellKnownGroup }, 245 { WinNetworkSid, NETWORK, NT_AUTHORITY, SidTypeWellKnownGroup }, 246 { WinBatchSid, BATCH, NT_AUTHORITY, SidTypeWellKnownGroup }, 247 { WinInteractiveSid, INTERACTIVE, NT_AUTHORITY, SidTypeWellKnownGroup }, 248 { WinServiceSid, SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup }, 249 { WinAnonymousSid, ANONYMOUS_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup }, 250 { WinProxySid, PROXY, NT_AUTHORITY, SidTypeWellKnownGroup }, 251 { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup }, 252 { WinSelfSid, SELF, NT_AUTHORITY, SidTypeWellKnownGroup }, 253 { WinAuthenticatedUserSid, Authenticated_Users, NT_AUTHORITY, SidTypeWellKnownGroup }, 254 { WinRestrictedCodeSid, RESTRICTED, NT_AUTHORITY, SidTypeWellKnownGroup }, 255 { WinTerminalServerSid, TERMINAL_SERVER_USER, NT_AUTHORITY, SidTypeWellKnownGroup }, 256 { WinRemoteLogonIdSid, REMOTE_INTERACTIVE_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup }, 257 { WinLocalSystemSid, SYSTEM, NT_AUTHORITY, SidTypeWellKnownGroup }, 258 { WinLocalServiceSid, LOCAL_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup, LOCAL_SERVICE2 }, 259 { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup , NETWORK_SERVICE2}, 260 { WinBuiltinDomainSid, BUILTIN, BUILTIN, SidTypeDomain }, 261 { WinBuiltinAdministratorsSid, Administrators, BUILTIN, SidTypeAlias }, 262 { WinBuiltinUsersSid, Users, BUILTIN, SidTypeAlias }, 263 { WinBuiltinGuestsSid, Guests, BUILTIN, SidTypeAlias }, 264 { WinBuiltinPowerUsersSid, Power_Users, BUILTIN, SidTypeAlias }, 265 { WinBuiltinAccountOperatorsSid, Account_Operators, BUILTIN, SidTypeAlias }, 266 { WinBuiltinSystemOperatorsSid, Server_Operators, BUILTIN, SidTypeAlias }, 267 { WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias }, 268 { WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias }, 269 { WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias }, 270 { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias }, 271 { WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias }, 272 { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias }, 273 { WinNTLMAuthenticationSid, NTML_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup }, 274 { WinDigestAuthenticationSid, Digest_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup }, 275 { WinSChannelAuthenticationSid, SChannel_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup }, 276 { WinThisOrganizationSid, This_Organization, NT_AUTHORITY, SidTypeWellKnownGroup }, 277 { WinOtherOrganizationSid, Other_Organization, NT_AUTHORITY, SidTypeWellKnownGroup }, 278 { WinBuiltinPerfMonitoringUsersSid, Performance_Monitor_Users, BUILTIN, SidTypeAlias }, 279 { WinBuiltinPerfLoggingUsersSid, Performance_Log_Users, BUILTIN, SidTypeAlias }, 280 }; 281 /* 282 * ACE access rights 283 */ 284 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0}; 285 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0}; 286 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0}; 287 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0}; 288 289 static const WCHAR SDDL_READ_PROPERTY[] = {'R','P',0}; 290 static const WCHAR SDDL_WRITE_PROPERTY[] = {'W','P',0}; 291 static const WCHAR SDDL_CREATE_CHILD[] = {'C','C',0}; 292 static const WCHAR SDDL_DELETE_CHILD[] = {'D','C',0}; 293 static const WCHAR SDDL_LIST_CHILDREN[] = {'L','C',0}; 294 static const WCHAR SDDL_SELF_WRITE[] = {'S','W',0}; 295 static const WCHAR SDDL_LIST_OBJECT[] = {'L','O',0}; 296 static const WCHAR SDDL_DELETE_TREE[] = {'D','T',0}; 297 static const WCHAR SDDL_CONTROL_ACCESS[] = {'C','R',0}; 298 299 static const WCHAR SDDL_FILE_ALL[] = {'F','A',0}; 300 static const WCHAR SDDL_FILE_READ[] = {'F','R',0}; 301 static const WCHAR SDDL_FILE_WRITE[] = {'F','W',0}; 302 static const WCHAR SDDL_FILE_EXECUTE[] = {'F','X',0}; 303 304 static const WCHAR SDDL_KEY_ALL[] = {'K','A',0}; 305 static const WCHAR SDDL_KEY_READ[] = {'K','R',0}; 306 static const WCHAR SDDL_KEY_WRITE[] = {'K','W',0}; 307 static const WCHAR SDDL_KEY_EXECUTE[] = {'K','X',0}; 308 309 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0}; 310 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0}; 311 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0}; 312 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0}; 313 314 /* 315 * ACL flags 316 */ 317 static const WCHAR SDDL_PROTECTED[] = {'P',0}; 318 static const WCHAR SDDL_AUTO_INHERIT_REQ[] = {'A','R',0}; 319 static const WCHAR SDDL_AUTO_INHERITED[] = {'A','I',0}; 320 321 /* 322 * ACE types 323 */ 324 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0}; 325 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0}; 326 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0}; 327 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0}; 328 static const WCHAR SDDL_AUDIT[] = {'A','U',0}; 329 static const WCHAR SDDL_ALARM[] = {'A','L',0}; 330 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0}; 331 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0}; 332 333 /* 334 * ACE flags 335 */ 336 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0}; 337 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0}; 338 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0}; 339 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0}; 340 static const WCHAR SDDL_INHERITED[] = {'I','D',0}; 341 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0}; 342 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0}; 343 344 const char * debugstr_sid(PSID sid) 345 { 346 int auth = 0; 347 SID * psid = sid; 348 349 if (psid == NULL) 350 return "(null)"; 351 352 auth = psid->IdentifierAuthority.Value[5] + 353 (psid->IdentifierAuthority.Value[4] << 8) + 354 (psid->IdentifierAuthority.Value[3] << 16) + 355 (psid->IdentifierAuthority.Value[2] << 24); 356 357 switch (psid->SubAuthorityCount) { 358 case 0: 359 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth); 360 case 1: 361 return wine_dbg_sprintf("S-%d-%d-%u", psid->Revision, auth, 362 psid->SubAuthority[0]); 363 case 2: 364 return wine_dbg_sprintf("S-%d-%d-%u-%u", psid->Revision, auth, 365 psid->SubAuthority[0], psid->SubAuthority[1]); 366 case 3: 367 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u", psid->Revision, auth, 368 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]); 369 case 4: 370 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u", psid->Revision, auth, 371 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], 372 psid->SubAuthority[3]); 373 case 5: 374 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u", psid->Revision, auth, 375 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], 376 psid->SubAuthority[3], psid->SubAuthority[4]); 377 case 6: 378 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u", psid->Revision, auth, 379 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2], 380 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]); 381 case 7: 382 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth, 383 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], 384 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5], 385 psid->SubAuthority[6]); 386 case 8: 387 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth, 388 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], 389 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5], 390 psid->SubAuthority[6], psid->SubAuthority[7]); 391 } 392 return "(too-big)"; 393 } 394 395 /* set last error code from NT status and get the proper boolean return value */ 396 /* used for functions that are a simple wrapper around the corresponding ntdll API */ 397 static inline BOOL set_ntstatus( NTSTATUS status ) 398 { 399 if (status) SetLastError( RtlNtStatusToDosError( status )); 400 return !status; 401 } 402 403 #define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD)) 404 405 static void GetWorldAccessACL(PACL pACL) 406 { 407 PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1); 408 409 pACL->AclRevision = ACL_REVISION; 410 pACL->Sbz1 = 0; 411 pACL->AclSize = WINE_SIZE_OF_WORLD_ACCESS_ACL; 412 pACL->AceCount = 1; 413 pACL->Sbz2 = 0; 414 415 pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; 416 pACE->Header.AceFlags = CONTAINER_INHERIT_ACE; 417 pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD); 418 pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */ 419 memcpy(&pACE->SidStart, &sidWorld, sizeof(sidWorld)); 420 } 421 422 /************************************************************ 423 * ADVAPI_IsLocalComputer 424 * 425 * Checks whether the server name indicates local machine. 426 */ 427 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName) 428 { 429 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1; 430 BOOL Result; 431 LPWSTR buf; 432 433 if (!ServerName || !ServerName[0]) 434 return TRUE; 435 436 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR)); 437 Result = GetComputerNameW(buf, &dwSize); 438 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\')) 439 ServerName += 2; 440 Result = Result && !lstrcmpW(ServerName, buf); 441 HeapFree(GetProcessHeap(), 0, buf); 442 443 return Result; 444 } 445 446 /************************************************************ 447 * ADVAPI_GetComputerSid 448 * 449 * Reads the computer SID from the registry. 450 */ 451 BOOL ADVAPI_GetComputerSid(PSID sid) 452 { 453 HKEY key; 454 LONG ret; 455 BOOL retval = FALSE; 456 static const WCHAR Account[] = { 'S','E','C','U','R','I','T','Y','\\','S','A','M','\\','D','o','m','a','i','n','s','\\','A','c','c','o','u','n','t',0 }; 457 static const WCHAR V[] = { 'V',0 }; 458 459 if ((ret = RegOpenKeyExW(HKEY_LOCAL_MACHINE, Account, 0, 460 KEY_READ, &key)) == ERROR_SUCCESS) 461 { 462 DWORD size = 0; 463 ret = RegQueryValueExW(key, V, NULL, NULL, NULL, &size); 464 if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS) 465 { 466 BYTE * data = HeapAlloc(GetProcessHeap(), 0, size); 467 if (data) 468 { 469 if ((ret = RegQueryValueExW(key, V, NULL, NULL, 470 data, &size)) == ERROR_SUCCESS) 471 { 472 /* the SID is in the last 24 bytes of the binary data */ 473 CopyMemory(sid, &data[size-24], 24); 474 retval = TRUE; 475 } 476 HeapFree(GetProcessHeap(), 0, data); 477 } 478 } 479 RegCloseKey(key); 480 } 481 482 if(retval == TRUE) return retval; 483 484 /* create a new random SID */ 485 if (RegCreateKeyExW(HKEY_LOCAL_MACHINE, Account, 486 0, NULL, 0, KEY_ALL_ACCESS, NULL, &key, NULL) == ERROR_SUCCESS) 487 { 488 PSID new_sid; 489 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY}; 490 DWORD id[3]; 491 492 if (RtlGenRandom(id, sizeof(id))) 493 { 494 if (AllocateAndInitializeSid(&identifierAuthority, 4, SECURITY_NT_NON_UNIQUE, id[0], id[1], id[2], 0, 0, 0, 0, &new_sid)) 495 { 496 if (RegSetValueExW(key, V, 0, REG_BINARY, new_sid, GetLengthSid(new_sid)) == ERROR_SUCCESS) 497 retval = CopySid(GetLengthSid(new_sid), sid, new_sid); 498 499 FreeSid(new_sid); 500 } 501 } 502 RegCloseKey(key); 503 } 504 505 return retval; 506 } 507 508 /* ############################## 509 ###### TOKEN FUNCTIONS ###### 510 ############################## 511 */ 512 513 /****************************************************************************** 514 * OpenProcessToken [ADVAPI32.@] 515 * Opens the access token associated with a process handle. 516 * 517 * PARAMS 518 * ProcessHandle [I] Handle to process 519 * DesiredAccess [I] Desired access to process 520 * TokenHandle [O] Pointer to handle of open access token 521 * 522 * RETURNS 523 * Success: TRUE. TokenHandle contains the access token. 524 * Failure: FALSE. 525 * 526 * NOTES 527 * See NtOpenProcessToken. 528 */ 529 BOOL WINAPI 530 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess, 531 HANDLE *TokenHandle ) 532 { 533 return set_ntstatus(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle )); 534 } 535 536 /****************************************************************************** 537 * OpenThreadToken [ADVAPI32.@] 538 * 539 * Opens the access token associated with a thread handle. 540 * 541 * PARAMS 542 * ThreadHandle [I] Handle to process 543 * DesiredAccess [I] Desired access to the thread 544 * OpenAsSelf [I] ??? 545 * TokenHandle [O] Destination for the token handle 546 * 547 * RETURNS 548 * Success: TRUE. TokenHandle contains the access token. 549 * Failure: FALSE. 550 * 551 * NOTES 552 * See NtOpenThreadToken. 553 */ 554 BOOL WINAPI 555 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess, 556 BOOL OpenAsSelf, HANDLE *TokenHandle) 557 { 558 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle)); 559 } 560 561 BOOL WINAPI 562 AdjustTokenGroups( HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState, 563 DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength ) 564 { 565 return set_ntstatus( NtAdjustGroupsToken(TokenHandle, ResetToDefault, NewState, BufferLength, 566 PreviousState, ReturnLength)); 567 } 568 569 /****************************************************************************** 570 * AdjustTokenPrivileges [ADVAPI32.@] 571 * 572 * Adjust the privileges of an open token handle. 573 * 574 * PARAMS 575 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken() 576 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState 577 * NewState [I] Desired new privileges of the token 578 * BufferLength [I] Length of NewState 579 * PreviousState [O] Destination for the previous state 580 * ReturnLength [I/O] Size of PreviousState 581 * 582 * 583 * RETURNS 584 * Success: TRUE. Privileges are set to NewState and PreviousState is updated. 585 * Failure: FALSE. 586 * 587 * NOTES 588 * See NtAdjustPrivilegesToken. 589 */ 590 BOOL WINAPI 591 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges, 592 PTOKEN_PRIVILEGES NewState, DWORD BufferLength, 593 PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength ) 594 { 595 NTSTATUS status; 596 597 TRACE("\n"); 598 599 status = NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges, 600 NewState, BufferLength, PreviousState, 601 ReturnLength); 602 SetLastError( RtlNtStatusToDosError( status )); 603 if ((status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED)) 604 return TRUE; 605 else 606 return FALSE; 607 } 608 609 /****************************************************************************** 610 * CheckTokenMembership [ADVAPI32.@] 611 * 612 * Determine if an access token is a member of a SID. 613 * 614 * PARAMS 615 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken() 616 * SidToCheck [I] SID that possibly contains the token 617 * IsMember [O] Destination for result. 618 * 619 * RETURNS 620 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise. 621 * Failure: FALSE. 622 */ 623 BOOL WINAPI 624 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck, 625 PBOOL IsMember ) 626 { 627 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember); 628 629 *IsMember = TRUE; 630 return(TRUE); 631 } 632 633 /****************************************************************************** 634 * GetTokenInformation [ADVAPI32.@] 635 * 636 * Get a type of information about an access token. 637 * 638 * PARAMS 639 * token [I] Handle from OpenProcessToken() or OpenThreadToken() 640 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h" 641 * tokeninfo [O] Destination for token information 642 * tokeninfolength [I] Length of tokeninfo 643 * retlen [O] Destination for returned token information length 644 * 645 * RETURNS 646 * Success: TRUE. tokeninfo contains retlen bytes of token information 647 * Failure: FALSE. 648 * 649 * NOTES 650 * See NtQueryInformationToken. 651 */ 652 BOOL WINAPI 653 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass, 654 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen ) 655 { 656 TRACE("(%p, %s, %p, %d, %p):\n", 657 token, 658 (tokeninfoclass == TokenUser) ? "TokenUser" : 659 (tokeninfoclass == TokenGroups) ? "TokenGroups" : 660 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" : 661 (tokeninfoclass == TokenOwner) ? "TokenOwner" : 662 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" : 663 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" : 664 (tokeninfoclass == TokenSource) ? "TokenSource" : 665 (tokeninfoclass == TokenType) ? "TokenType" : 666 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" : 667 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" : 668 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" : 669 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" : 670 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" : 671 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" : 672 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" : 673 "Unknown", 674 tokeninfo, tokeninfolength, retlen); 675 return set_ntstatus( NtQueryInformationToken( token, tokeninfoclass, tokeninfo, 676 tokeninfolength, retlen)); 677 } 678 679 /****************************************************************************** 680 * SetTokenInformation [ADVAPI32.@] 681 * 682 * Set information for an access token. 683 * 684 * PARAMS 685 * token [I] Handle from OpenProcessToken() or OpenThreadToken() 686 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h" 687 * tokeninfo [I] Token information to set 688 * tokeninfolength [I] Length of tokeninfo 689 * 690 * RETURNS 691 * Success: TRUE. The information for the token is set to tokeninfo. 692 * Failure: FALSE. 693 */ 694 BOOL WINAPI 695 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass, 696 LPVOID tokeninfo, DWORD tokeninfolength ) 697 { 698 TRACE("(%p, %s, %p, %d): stub\n", 699 token, 700 (tokeninfoclass == TokenUser) ? "TokenUser" : 701 (tokeninfoclass == TokenGroups) ? "TokenGroups" : 702 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" : 703 (tokeninfoclass == TokenOwner) ? "TokenOwner" : 704 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" : 705 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" : 706 (tokeninfoclass == TokenSource) ? "TokenSource" : 707 (tokeninfoclass == TokenType) ? "TokenType" : 708 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" : 709 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" : 710 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" : 711 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" : 712 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" : 713 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" : 714 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" : 715 "Unknown", 716 tokeninfo, tokeninfolength); 717 718 return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength )); 719 } 720 721 /************************************************************************* 722 * SetThreadToken [ADVAPI32.@] 723 * 724 * Assigns an 'impersonation token' to a thread so it can assume the 725 * security privileges of another thread or process. Can also remove 726 * a previously assigned token. 727 * 728 * PARAMS 729 * thread [O] Handle to thread to set the token for 730 * token [I] Token to set 731 * 732 * RETURNS 733 * Success: TRUE. The threads access token is set to token 734 * Failure: FALSE. 735 * 736 * NOTES 737 * Only supported on NT or higher. On Win9X this function does nothing. 738 * See SetTokenInformation. 739 */ 740 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token) 741 { 742 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(), 743 ThreadImpersonationToken, &token, sizeof token )); 744 } 745 746 /************************************************************************* 747 * CreateRestrictedToken [ADVAPI32.@] 748 * 749 * Create a new more restricted token from an existing token. 750 * 751 * PARAMS 752 * baseToken [I] Token to base the new restricted token on 753 * flags [I] Options 754 * nDisableSids [I] Length of disableSids array 755 * disableSids [I] Array of SIDs to disable in the new token 756 * nDeletePrivs [I] Length of deletePrivs array 757 * deletePrivs [I] Array of privileges to delete in the new token 758 * nRestrictSids [I] Length of restrictSids array 759 * restrictSids [I] Array of SIDs to restrict in the new token 760 * newToken [O] Address where the new token is stored 761 * 762 * RETURNS 763 * Success: TRUE 764 * Failure: FALSE 765 */ 766 BOOL WINAPI CreateRestrictedToken( 767 HANDLE baseToken, 768 DWORD flags, 769 DWORD nDisableSids, 770 PSID_AND_ATTRIBUTES disableSids, 771 DWORD nDeletePrivs, 772 PLUID_AND_ATTRIBUTES deletePrivs, 773 DWORD nRestrictSids, 774 PSID_AND_ATTRIBUTES restrictSids, 775 PHANDLE newToken) 776 { 777 FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n", 778 baseToken, flags, nDisableSids, disableSids, 779 nDeletePrivs, deletePrivs, 780 nRestrictSids, restrictSids, 781 newToken); 782 SetLastError(ERROR_CALL_NOT_IMPLEMENTED); 783 return FALSE; 784 } 785 786 /* ############################## 787 ###### SID FUNCTIONS ###### 788 ############################## 789 */ 790 791 /****************************************************************************** 792 * AllocateAndInitializeSid [ADVAPI32.@] 793 * 794 * PARAMS 795 * pIdentifierAuthority [] 796 * nSubAuthorityCount [] 797 * nSubAuthority0 [] 798 * nSubAuthority1 [] 799 * nSubAuthority2 [] 800 * nSubAuthority3 [] 801 * nSubAuthority4 [] 802 * nSubAuthority5 [] 803 * nSubAuthority6 [] 804 * nSubAuthority7 [] 805 * pSid [] 806 */ 807 BOOL WINAPI 808 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, 809 BYTE nSubAuthorityCount, 810 DWORD nSubAuthority0, DWORD nSubAuthority1, 811 DWORD nSubAuthority2, DWORD nSubAuthority3, 812 DWORD nSubAuthority4, DWORD nSubAuthority5, 813 DWORD nSubAuthority6, DWORD nSubAuthority7, 814 PSID *pSid ) 815 { 816 return set_ntstatus( RtlAllocateAndInitializeSid( 817 pIdentifierAuthority, nSubAuthorityCount, 818 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3, 819 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7, 820 pSid )); 821 } 822 823 /****************************************************************************** 824 * FreeSid [ADVAPI32.@] 825 * 826 * PARAMS 827 * pSid [] 828 */ 829 PVOID WINAPI 830 FreeSid( PSID pSid ) 831 { 832 RtlFreeSid(pSid); 833 return NULL; /* is documented like this */ 834 } 835 836 /****************************************************************************** 837 * CopySid [ADVAPI32.@] 838 * 839 * PARAMS 840 * nDestinationSidLength [] 841 * pDestinationSid [] 842 * pSourceSid [] 843 */ 844 BOOL WINAPI 845 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid ) 846 { 847 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid); 848 } 849 850 /****************************************************************************** 851 * CreateWellKnownSid [ADVAPI32.@] 852 */ 853 BOOL WINAPI 854 CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType, 855 PSID DomainSid, 856 PSID pSid, 857 DWORD* cbSid) 858 { 859 unsigned int i; 860 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid); 861 862 if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid))) 863 { 864 SetLastError(ERROR_INVALID_PARAMETER); 865 return FALSE; 866 } 867 868 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) { 869 if (WellKnownSids[i].Type == WellKnownSidType) { 870 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount); 871 872 if (*cbSid < length) 873 { 874 *cbSid = length; 875 SetLastError(ERROR_INSUFFICIENT_BUFFER); 876 return FALSE; 877 } 878 if (!pSid) 879 { 880 SetLastError(ERROR_INVALID_PARAMETER); 881 return FALSE; 882 } 883 CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length); 884 *cbSid = length; 885 return TRUE; 886 } 887 } 888 889 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES) 890 { 891 SetLastError(ERROR_INVALID_PARAMETER); 892 return FALSE; 893 } 894 895 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++) 896 if (WellKnownRids[i].Type == WellKnownSidType) { 897 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid); 898 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth); 899 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1); 900 901 if (*cbSid < output_sid_length) 902 { 903 *cbSid = output_sid_length; 904 SetLastError(ERROR_INSUFFICIENT_BUFFER); 905 return FALSE; 906 } 907 if (!pSid) 908 { 909 SetLastError(ERROR_INVALID_PARAMETER); 910 return FALSE; 911 } 912 CopyMemory(pSid, DomainSid, domain_sid_length); 913 (*GetSidSubAuthorityCount(pSid))++; 914 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid; 915 *cbSid = output_sid_length; 916 return TRUE; 917 } 918 919 SetLastError(ERROR_INVALID_PARAMETER); 920 return FALSE; 921 } 922 923 /****************************************************************************** 924 * IsWellKnownSid [ADVAPI32.@] 925 */ 926 BOOL WINAPI 927 IsWellKnownSid( PSID pSid, WELL_KNOWN_SID_TYPE WellKnownSidType ) 928 { 929 unsigned int i; 930 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType); 931 932 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) 933 if (WellKnownSids[i].Type == WellKnownSidType) 934 if (EqualSid(pSid, (PSID)&(WellKnownSids[i].Sid.Revision))) 935 return TRUE; 936 937 return FALSE; 938 } 939 940 BOOL WINAPI 941 IsTokenRestricted( HANDLE TokenHandle ) 942 { 943 TOKEN_GROUPS *groups; 944 DWORD size; 945 NTSTATUS status; 946 BOOL restricted; 947 948 TRACE("(%p)\n", TokenHandle); 949 950 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, NULL, 0, &size); 951 if (status != STATUS_BUFFER_TOO_SMALL) 952 return FALSE; 953 954 groups = HeapAlloc(GetProcessHeap(), 0, size); 955 if (!groups) 956 { 957 SetLastError(ERROR_OUTOFMEMORY); 958 return FALSE; 959 } 960 961 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, groups, size, &size); 962 if (status != STATUS_SUCCESS) 963 { 964 HeapFree(GetProcessHeap(), 0, groups); 965 return set_ntstatus(status); 966 } 967 968 if (groups->GroupCount) 969 restricted = TRUE; 970 else 971 restricted = FALSE; 972 973 HeapFree(GetProcessHeap(), 0, groups); 974 975 return restricted; 976 } 977 978 /****************************************************************************** 979 * IsValidSid [ADVAPI32.@] 980 * 981 * PARAMS 982 * pSid [] 983 */ 984 BOOL WINAPI 985 IsValidSid( PSID pSid ) 986 { 987 return RtlValidSid( pSid ); 988 } 989 990 /****************************************************************************** 991 * EqualSid [ADVAPI32.@] 992 * 993 * PARAMS 994 * pSid1 [] 995 * pSid2 [] 996 */ 997 BOOL WINAPI 998 EqualSid( PSID pSid1, PSID pSid2 ) 999 { 1000 return RtlEqualSid( pSid1, pSid2 ); 1001 } 1002 1003 /****************************************************************************** 1004 * EqualPrefixSid [ADVAPI32.@] 1005 */ 1006 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2) 1007 { 1008 return RtlEqualPrefixSid(pSid1, pSid2); 1009 } 1010 1011 /****************************************************************************** 1012 * GetSidLengthRequired [ADVAPI32.@] 1013 * 1014 * PARAMS 1015 * nSubAuthorityCount [] 1016 */ 1017 DWORD WINAPI 1018 GetSidLengthRequired( BYTE nSubAuthorityCount ) 1019 { 1020 return RtlLengthRequiredSid(nSubAuthorityCount); 1021 } 1022 1023 /****************************************************************************** 1024 * InitializeSid [ADVAPI32.@] 1025 * 1026 * PARAMS 1027 * pIdentifierAuthority [] 1028 */ 1029 BOOL WINAPI 1030 InitializeSid ( 1031 PSID pSid, 1032 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, 1033 BYTE nSubAuthorityCount) 1034 { 1035 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount); 1036 } 1037 1038 DWORD WINAPI 1039 GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights ) 1040 { 1041 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights); 1042 1043 return 1; 1044 } 1045 1046 DWORD WINAPI 1047 GetEffectiveRightsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pAccessRights ) 1048 { 1049 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights); 1050 1051 return 1; 1052 } 1053 1054 /****************************************************************************** 1055 * GetSidIdentifierAuthority [ADVAPI32.@] 1056 * 1057 * PARAMS 1058 * pSid [] 1059 */ 1060 PSID_IDENTIFIER_AUTHORITY WINAPI 1061 GetSidIdentifierAuthority( PSID pSid ) 1062 { 1063 return RtlIdentifierAuthoritySid(pSid); 1064 } 1065 1066 /****************************************************************************** 1067 * GetSidSubAuthority [ADVAPI32.@] 1068 * 1069 * PARAMS 1070 * pSid [] 1071 * nSubAuthority [] 1072 */ 1073 PDWORD WINAPI 1074 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority ) 1075 { 1076 return RtlSubAuthoritySid(pSid, nSubAuthority); 1077 } 1078 1079 /****************************************************************************** 1080 * GetSidSubAuthorityCount [ADVAPI32.@] 1081 * 1082 * PARAMS 1083 * pSid [] 1084 */ 1085 PUCHAR WINAPI 1086 GetSidSubAuthorityCount (PSID pSid) 1087 { 1088 return RtlSubAuthorityCountSid(pSid); 1089 } 1090 1091 /****************************************************************************** 1092 * GetLengthSid [ADVAPI32.@] 1093 * 1094 * PARAMS 1095 * pSid [] 1096 */ 1097 DWORD WINAPI 1098 GetLengthSid (PSID pSid) 1099 { 1100 return RtlLengthSid(pSid); 1101 } 1102 1103 /* ############################################## 1104 ###### SECURITY DESCRIPTOR FUNCTIONS ###### 1105 ############################################## 1106 */ 1107 1108 /****************************************************************************** 1109 * BuildSecurityDescriptorA [ADVAPI32.@] 1110 * 1111 * Builds a SD from 1112 * 1113 * PARAMS 1114 * pOwner [I] 1115 * pGroup [I] 1116 * cCountOfAccessEntries [I] 1117 * pListOfAccessEntries [I] 1118 * cCountOfAuditEntries [I] 1119 * pListofAuditEntries [I] 1120 * pOldSD [I] 1121 * lpdwBufferLength [I/O] 1122 * pNewSD [O] 1123 * 1124 * RETURNS 1125 * Success: ERROR_SUCCESS 1126 * Failure: nonzero error code from Winerror.h 1127 */ 1128 DWORD WINAPI BuildSecurityDescriptorA( 1129 IN PTRUSTEEA pOwner, 1130 IN PTRUSTEEA pGroup, 1131 IN ULONG cCountOfAccessEntries, 1132 IN PEXPLICIT_ACCESSA pListOfAccessEntries, 1133 IN ULONG cCountOfAuditEntries, 1134 IN PEXPLICIT_ACCESSA pListofAuditEntries, 1135 IN PSECURITY_DESCRIPTOR pOldSD, 1136 IN OUT PULONG lpdwBufferLength, 1137 OUT PSECURITY_DESCRIPTOR* pNewSD) 1138 { 1139 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup, 1140 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries, 1141 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD); 1142 1143 return ERROR_CALL_NOT_IMPLEMENTED; 1144 } 1145 1146 /****************************************************************************** 1147 * BuildSecurityDescriptorW [ADVAPI32.@] 1148 * 1149 * See BuildSecurityDescriptorA. 1150 */ 1151 DWORD WINAPI BuildSecurityDescriptorW( 1152 IN PTRUSTEEW pOwner, 1153 IN PTRUSTEEW pGroup, 1154 IN ULONG cCountOfAccessEntries, 1155 IN PEXPLICIT_ACCESSW pListOfAccessEntries, 1156 IN ULONG cCountOfAuditEntries, 1157 IN PEXPLICIT_ACCESSW pListofAuditEntries, 1158 IN PSECURITY_DESCRIPTOR pOldSD, 1159 IN OUT PULONG lpdwBufferLength, 1160 OUT PSECURITY_DESCRIPTOR* pNewSD) 1161 { 1162 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup, 1163 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries, 1164 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD); 1165 1166 return ERROR_CALL_NOT_IMPLEMENTED; 1167 } 1168 1169 /****************************************************************************** 1170 * InitializeSecurityDescriptor [ADVAPI32.@] 1171 * 1172 * PARAMS 1173 * pDescr [] 1174 * revision [] 1175 */ 1176 BOOL WINAPI 1177 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision ) 1178 { 1179 return set_ntstatus( RtlCreateSecurityDescriptor(pDescr, revision )); 1180 } 1181 1182 1183 /****************************************************************************** 1184 * MakeAbsoluteSD [ADVAPI32.@] 1185 */ 1186 BOOL WINAPI MakeAbsoluteSD ( 1187 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, 1188 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, 1189 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize, 1190 OUT PACL pDacl, 1191 OUT LPDWORD lpdwDaclSize, 1192 OUT PACL pSacl, 1193 OUT LPDWORD lpdwSaclSize, 1194 OUT PSID pOwner, 1195 OUT LPDWORD lpdwOwnerSize, 1196 OUT PSID pPrimaryGroup, 1197 OUT LPDWORD lpdwPrimaryGroupSize) 1198 { 1199 return set_ntstatus( RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor, 1200 pAbsoluteSecurityDescriptor, 1201 lpdwAbsoluteSecurityDescriptorSize, 1202 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize, 1203 pOwner, lpdwOwnerSize, 1204 pPrimaryGroup, lpdwPrimaryGroupSize)); 1205 } 1206 1207 /****************************************************************************** 1208 * GetKernelObjectSecurity [ADVAPI32.@] 1209 */ 1210 BOOL WINAPI GetKernelObjectSecurity( 1211 HANDLE Handle, 1212 SECURITY_INFORMATION RequestedInformation, 1213 PSECURITY_DESCRIPTOR pSecurityDescriptor, 1214 DWORD nLength, 1215 LPDWORD lpnLengthNeeded ) 1216 { 1217 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation, 1218 pSecurityDescriptor, nLength, lpnLengthNeeded); 1219 1220 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor, 1221 nLength, lpnLengthNeeded )); 1222 } 1223 1224 /****************************************************************************** 1225 * GetPrivateObjectSecurity [ADVAPI32.@] 1226 */ 1227 BOOL WINAPI GetPrivateObjectSecurity( 1228 PSECURITY_DESCRIPTOR ObjectDescriptor, 1229 SECURITY_INFORMATION SecurityInformation, 1230 PSECURITY_DESCRIPTOR ResultantDescriptor, 1231 DWORD DescriptorLength, 1232 PDWORD ReturnLength ) 1233 { 1234 SECURITY_DESCRIPTOR desc; 1235 BOOL defaulted, present; 1236 PACL pacl; 1237 PSID psid; 1238 1239 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", ObjectDescriptor, SecurityInformation, 1240 ResultantDescriptor, DescriptorLength, ReturnLength); 1241 1242 if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION)) 1243 return FALSE; 1244 1245 if (SecurityInformation & OWNER_SECURITY_INFORMATION) 1246 { 1247 if (!GetSecurityDescriptorOwner(ObjectDescriptor, &psid, &defaulted)) 1248 return FALSE; 1249 SetSecurityDescriptorOwner(&desc, psid, defaulted); 1250 } 1251 1252 if (SecurityInformation & GROUP_SECURITY_INFORMATION) 1253 { 1254 if (!GetSecurityDescriptorGroup(ObjectDescriptor, &psid, &defaulted)) 1255 return FALSE; 1256 SetSecurityDescriptorGroup(&desc, psid, defaulted); 1257 } 1258 1259 if (SecurityInformation & DACL_SECURITY_INFORMATION) 1260 { 1261 if (!GetSecurityDescriptorDacl(ObjectDescriptor, &present, &pacl, &defaulted)) 1262 return FALSE; 1263 SetSecurityDescriptorDacl(&desc, present, pacl, defaulted); 1264 } 1265 1266 if (SecurityInformation & SACL_SECURITY_INFORMATION) 1267 { 1268 if (!GetSecurityDescriptorSacl(ObjectDescriptor, &present, &pacl, &defaulted)) 1269 return FALSE; 1270 SetSecurityDescriptorSacl(&desc, present, pacl, defaulted); 1271 } 1272 1273 *ReturnLength = DescriptorLength; 1274 return MakeSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength); 1275 } 1276 1277 /****************************************************************************** 1278 * GetSecurityDescriptorLength [ADVAPI32.@] 1279 */ 1280 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr) 1281 { 1282 return RtlLengthSecurityDescriptor(pDescr); 1283 } 1284 1285 /****************************************************************************** 1286 * GetSecurityDescriptorOwner [ADVAPI32.@] 1287 * 1288 * PARAMS 1289 * pOwner [] 1290 * lpbOwnerDefaulted [] 1291 */ 1292 BOOL WINAPI 1293 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner, 1294 LPBOOL lpbOwnerDefaulted ) 1295 { 1296 BOOLEAN defaulted; 1297 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( pDescr, pOwner, &defaulted )); 1298 *lpbOwnerDefaulted = defaulted; 1299 return ret; 1300 } 1301 1302 /****************************************************************************** 1303 * SetSecurityDescriptorOwner [ADVAPI32.@] 1304 * 1305 * PARAMS 1306 */ 1307 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor, 1308 PSID pOwner, BOOL bOwnerDefaulted) 1309 { 1310 return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted)); 1311 } 1312 /****************************************************************************** 1313 * GetSecurityDescriptorGroup [ADVAPI32.@] 1314 */ 1315 BOOL WINAPI GetSecurityDescriptorGroup( 1316 PSECURITY_DESCRIPTOR SecurityDescriptor, 1317 PSID *Group, 1318 LPBOOL GroupDefaulted) 1319 { 1320 BOOLEAN defaulted; 1321 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted )); 1322 *GroupDefaulted = defaulted; 1323 return ret; 1324 } 1325 /****************************************************************************** 1326 * SetSecurityDescriptorGroup [ADVAPI32.@] 1327 */ 1328 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor, 1329 PSID Group, BOOL GroupDefaulted) 1330 { 1331 return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted)); 1332 } 1333 1334 /****************************************************************************** 1335 * IsValidSecurityDescriptor [ADVAPI32.@] 1336 * 1337 * PARAMS 1338 * lpsecdesc [] 1339 */ 1340 BOOL WINAPI 1341 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor ) 1342 { 1343 return set_ntstatus( RtlValidSecurityDescriptor(SecurityDescriptor)); 1344 } 1345 1346 /****************************************************************************** 1347 * GetSecurityDescriptorDacl [ADVAPI32.@] 1348 */ 1349 BOOL WINAPI GetSecurityDescriptorDacl( 1350 IN PSECURITY_DESCRIPTOR pSecurityDescriptor, 1351 OUT LPBOOL lpbDaclPresent, 1352 OUT PACL *pDacl, 1353 OUT LPBOOL lpbDaclDefaulted) 1354 { 1355 BOOLEAN present, defaulted; 1356 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted)); 1357 *lpbDaclPresent = present; 1358 *lpbDaclDefaulted = defaulted; 1359 return ret; 1360 } 1361 1362 /****************************************************************************** 1363 * SetSecurityDescriptorDacl [ADVAPI32.@] 1364 */ 1365 BOOL WINAPI 1366 SetSecurityDescriptorDacl ( 1367 PSECURITY_DESCRIPTOR lpsd, 1368 BOOL daclpresent, 1369 PACL dacl, 1370 BOOL dacldefaulted ) 1371 { 1372 return set_ntstatus( RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ) ); 1373 } 1374 /****************************************************************************** 1375 * GetSecurityDescriptorSacl [ADVAPI32.@] 1376 */ 1377 BOOL WINAPI GetSecurityDescriptorSacl( 1378 IN PSECURITY_DESCRIPTOR lpsd, 1379 OUT LPBOOL lpbSaclPresent, 1380 OUT PACL *pSacl, 1381 OUT LPBOOL lpbSaclDefaulted) 1382 { 1383 BOOLEAN present, defaulted; 1384 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor(lpsd, &present, pSacl, &defaulted) ); 1385 *lpbSaclPresent = present; 1386 *lpbSaclDefaulted = defaulted; 1387 return ret; 1388 } 1389 1390 /************************************************************************** 1391 * SetSecurityDescriptorSacl [ADVAPI32.@] 1392 */ 1393 BOOL WINAPI SetSecurityDescriptorSacl ( 1394 PSECURITY_DESCRIPTOR lpsd, 1395 BOOL saclpresent, 1396 PACL lpsacl, 1397 BOOL sacldefaulted) 1398 { 1399 return set_ntstatus (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted)); 1400 } 1401 /****************************************************************************** 1402 * MakeSelfRelativeSD [ADVAPI32.@] 1403 * 1404 * PARAMS 1405 * lpabssecdesc [] 1406 * lpselfsecdesc [] 1407 * lpbuflen [] 1408 */ 1409 BOOL WINAPI 1410 MakeSelfRelativeSD( 1411 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, 1412 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, 1413 IN OUT LPDWORD lpdwBufferLength) 1414 { 1415 return set_ntstatus( RtlMakeSelfRelativeSD( pAbsoluteSecurityDescriptor, 1416 pSelfRelativeSecurityDescriptor, lpdwBufferLength)); 1417 } 1418 1419 /****************************************************************************** 1420 * GetSecurityDescriptorControl [ADVAPI32.@] 1421 */ 1422 1423 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor, 1424 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision) 1425 { 1426 return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision)); 1427 } 1428 1429 /****************************************************************************** 1430 * SetSecurityDescriptorControl [ADVAPI32.@] 1431 */ 1432 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor, 1433 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, 1434 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet ) 1435 { 1436 return set_ntstatus( RtlSetControlSecurityDescriptor( 1437 pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet ) ); 1438 } 1439 1440 /* ############################## 1441 ###### ACL FUNCTIONS ###### 1442 ############################## 1443 */ 1444 1445 /************************************************************************* 1446 * InitializeAcl [ADVAPI32.@] 1447 */ 1448 BOOL WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev) 1449 { 1450 return set_ntstatus( RtlCreateAcl(acl, size, rev)); 1451 } 1452 1453 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe ) 1454 { 1455 IO_STATUS_BLOCK io_block; 1456 1457 TRACE("(%p)\n", hNamedPipe); 1458 1459 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL, 1460 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) ); 1461 } 1462 1463 /****************************************************************************** 1464 * AddAccessAllowedAce [ADVAPI32.@] 1465 */ 1466 BOOL WINAPI AddAccessAllowedAce( 1467 IN OUT PACL pAcl, 1468 IN DWORD dwAceRevision, 1469 IN DWORD AccessMask, 1470 IN PSID pSid) 1471 { 1472 return set_ntstatus(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid)); 1473 } 1474 1475 /****************************************************************************** 1476 * AddAccessAllowedAceEx [ADVAPI32.@] 1477 */ 1478 BOOL WINAPI AddAccessAllowedAceEx( 1479 IN OUT PACL pAcl, 1480 IN DWORD dwAceRevision, 1481 IN DWORD AceFlags, 1482 IN DWORD AccessMask, 1483 IN PSID pSid) 1484 { 1485 return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid)); 1486 } 1487 1488 /****************************************************************************** 1489 * AddAccessDeniedAce [ADVAPI32.@] 1490 */ 1491 BOOL WINAPI AddAccessDeniedAce( 1492 IN OUT PACL pAcl, 1493 IN DWORD dwAceRevision, 1494 IN DWORD AccessMask, 1495 IN PSID pSid) 1496 { 1497 return set_ntstatus(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid)); 1498 } 1499 1500 /****************************************************************************** 1501 * AddAccessDeniedAceEx [ADVAPI32.@] 1502 */ 1503 BOOL WINAPI AddAccessDeniedAceEx( 1504 IN OUT PACL pAcl, 1505 IN DWORD dwAceRevision, 1506 IN DWORD AceFlags, 1507 IN DWORD AccessMask, 1508 IN PSID pSid) 1509 { 1510 return set_ntstatus(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid)); 1511 } 1512 1513 /****************************************************************************** 1514 * AddAce [ADVAPI32.@] 1515 */ 1516 BOOL WINAPI AddAce( 1517 IN OUT PACL pAcl, 1518 IN DWORD dwAceRevision, 1519 IN DWORD dwStartingAceIndex, 1520 LPVOID pAceList, 1521 DWORD nAceListLength) 1522 { 1523 return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength)); 1524 } 1525 1526 /****************************************************************************** 1527 * DeleteAce [ADVAPI32.@] 1528 */ 1529 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex) 1530 { 1531 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex)); 1532 } 1533 1534 /****************************************************************************** 1535 * FindFirstFreeAce [ADVAPI32.@] 1536 */ 1537 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce) 1538 { 1539 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce); 1540 } 1541 1542 /****************************************************************************** 1543 * GetAce [ADVAPI32.@] 1544 */ 1545 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce ) 1546 { 1547 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce)); 1548 } 1549 1550 /****************************************************************************** 1551 * GetAclInformation [ADVAPI32.@] 1552 */ 1553 BOOL WINAPI GetAclInformation( 1554 PACL pAcl, 1555 LPVOID pAclInformation, 1556 DWORD nAclInformationLength, 1557 ACL_INFORMATION_CLASS dwAclInformationClass) 1558 { 1559 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation, 1560 nAclInformationLength, dwAclInformationClass)); 1561 } 1562 1563 /****************************************************************************** 1564 * IsValidAcl [ADVAPI32.@] 1565 */ 1566 BOOL WINAPI IsValidAcl(IN PACL pAcl) 1567 { 1568 return RtlValidAcl(pAcl); 1569 } 1570 1571 /* ############################## 1572 ###### MISC FUNCTIONS ###### 1573 ############################## 1574 */ 1575 1576 /****************************************************************************** 1577 * AllocateLocallyUniqueId [ADVAPI32.@] 1578 * 1579 * PARAMS 1580 * lpLuid [] 1581 */ 1582 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid ) 1583 { 1584 return set_ntstatus(NtAllocateLocallyUniqueId(lpLuid)); 1585 } 1586 1587 static const WCHAR SE_CREATE_TOKEN_NAME_W[] = 1588 { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 }; 1589 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] = 1590 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 }; 1591 static const WCHAR SE_LOCK_MEMORY_NAME_W[] = 1592 { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 }; 1593 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] = 1594 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 }; 1595 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] = 1596 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 }; 1597 static const WCHAR SE_TCB_NAME_W[] = 1598 { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 }; 1599 static const WCHAR SE_SECURITY_NAME_W[] = 1600 { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 }; 1601 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] = 1602 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 }; 1603 static const WCHAR SE_LOAD_DRIVER_NAME_W[] = 1604 { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 }; 1605 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] = 1606 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 }; 1607 static const WCHAR SE_SYSTEMTIME_NAME_W[] = 1608 { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 }; 1609 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] = 1610 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 }; 1611 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] = 1612 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 }; 1613 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] = 1614 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 }; 1615 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] = 1616 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 }; 1617 static const WCHAR SE_BACKUP_NAME_W[] = 1618 { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 }; 1619 static const WCHAR SE_RESTORE_NAME_W[] = 1620 { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 }; 1621 static const WCHAR SE_SHUTDOWN_NAME_W[] = 1622 { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 }; 1623 static const WCHAR SE_DEBUG_NAME_W[] = 1624 { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 }; 1625 static const WCHAR SE_AUDIT_NAME_W[] = 1626 { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 }; 1627 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] = 1628 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 }; 1629 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] = 1630 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 }; 1631 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] = 1632 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 }; 1633 static const WCHAR SE_UNDOCK_NAME_W[] = 1634 { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 }; 1635 static const WCHAR SE_SYNC_AGENT_NAME_W[] = 1636 { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 }; 1637 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] = 1638 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 }; 1639 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] = 1640 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 }; 1641 static const WCHAR SE_IMPERSONATE_NAME_W[] = 1642 { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 }; 1643 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] = 1644 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 }; 1645 1646 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] = 1647 { 1648 NULL, 1649 NULL, 1650 SE_CREATE_TOKEN_NAME_W, 1651 SE_ASSIGNPRIMARYTOKEN_NAME_W, 1652 SE_LOCK_MEMORY_NAME_W, 1653 SE_INCREASE_QUOTA_NAME_W, 1654 SE_MACHINE_ACCOUNT_NAME_W, 1655 SE_TCB_NAME_W, 1656 SE_SECURITY_NAME_W, 1657 SE_TAKE_OWNERSHIP_NAME_W, 1658 SE_LOAD_DRIVER_NAME_W, 1659 SE_SYSTEM_PROFILE_NAME_W, 1660 SE_SYSTEMTIME_NAME_W, 1661 SE_PROF_SINGLE_PROCESS_NAME_W, 1662 SE_INC_BASE_PRIORITY_NAME_W, 1663 SE_CREATE_PAGEFILE_NAME_W, 1664 SE_CREATE_PERMANENT_NAME_W, 1665 SE_BACKUP_NAME_W, 1666 SE_RESTORE_NAME_W, 1667 SE_SHUTDOWN_NAME_W, 1668 SE_DEBUG_NAME_W, 1669 SE_AUDIT_NAME_W, 1670 SE_SYSTEM_ENVIRONMENT_NAME_W, 1671 SE_CHANGE_NOTIFY_NAME_W, 1672 SE_REMOTE_SHUTDOWN_NAME_W, 1673 SE_UNDOCK_NAME_W, 1674 SE_SYNC_AGENT_NAME_W, 1675 SE_ENABLE_DELEGATION_NAME_W, 1676 SE_MANAGE_VOLUME_NAME_W, 1677 SE_IMPERSONATE_NAME_W, 1678 SE_CREATE_GLOBAL_NAME_W, 1679 }; 1680 1681 /****************************************************************************** 1682 * LookupPrivilegeValueW [ADVAPI32.@] 1683 * 1684 * See LookupPrivilegeValueA. 1685 */ 1686 BOOL WINAPI 1687 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid ) 1688 { 1689 UINT i; 1690 1691 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid); 1692 1693 if (!ADVAPI_IsLocalComputer(lpSystemName)) 1694 { 1695 SetLastError(RPC_S_SERVER_UNAVAILABLE); 1696 return FALSE; 1697 } 1698 if (!lpName) 1699 { 1700 SetLastError(ERROR_NO_SUCH_PRIVILEGE); 1701 return FALSE; 1702 } 1703 for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<=SE_MAX_WELL_KNOWN_PRIVILEGE; i++ ) 1704 { 1705 if( !WellKnownPrivNames[i] ) 1706 continue; 1707 if( strcmpiW( WellKnownPrivNames[i], lpName) ) 1708 continue; 1709 lpLuid->LowPart = i; 1710 lpLuid->HighPart = 0; 1711 TRACE( "%s -> %08x-%08x\n",debugstr_w( lpSystemName ), 1712 lpLuid->HighPart, lpLuid->LowPart ); 1713 return TRUE; 1714 } 1715 SetLastError(ERROR_NO_SUCH_PRIVILEGE); 1716 return FALSE; 1717 } 1718 1719 /****************************************************************************** 1720 * LookupPrivilegeValueA [ADVAPI32.@] 1721 * 1722 * Retrieves LUID used on a system to represent the privilege name. 1723 * 1724 * PARAMS 1725 * lpSystemName [I] Name of the system 1726 * lpName [I] Name of the privilege 1727 * lpLuid [O] Destination for the resulting LUID 1728 * 1729 * RETURNS 1730 * Success: TRUE. lpLuid contains the requested LUID. 1731 * Failure: FALSE. 1732 */ 1733 BOOL WINAPI 1734 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid ) 1735 { 1736 UNICODE_STRING lpSystemNameW; 1737 UNICODE_STRING lpNameW; 1738 BOOL ret; 1739 1740 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName); 1741 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName); 1742 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid); 1743 RtlFreeUnicodeString(&lpNameW); 1744 RtlFreeUnicodeString(&lpSystemNameW); 1745 return ret; 1746 } 1747 1748 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, 1749 LPDWORD cchDisplayName, LPDWORD lpLanguageId ) 1750 { 1751 FIXME("%s %s %s %p %p - stub\n", debugstr_a(lpSystemName), debugstr_a(lpName), 1752 debugstr_a(lpDisplayName), cchDisplayName, lpLanguageId); 1753 1754 return FALSE; 1755 } 1756 1757 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName, 1758 LPDWORD cchDisplayName, LPDWORD lpLanguageId ) 1759 { 1760 FIXME("%s %s %s %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpName), 1761 debugstr_w(lpDisplayName), cchDisplayName, lpLanguageId); 1762 1763 return FALSE; 1764 } 1765 1766 /****************************************************************************** 1767 * LookupPrivilegeNameA [ADVAPI32.@] 1768 * 1769 * See LookupPrivilegeNameW. 1770 */ 1771 BOOL WINAPI 1772 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, 1773 LPDWORD cchName) 1774 { 1775 UNICODE_STRING lpSystemNameW; 1776 BOOL ret; 1777 DWORD wLen = 0; 1778 1779 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName); 1780 1781 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName); 1782 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen); 1783 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER) 1784 { 1785 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR)); 1786 1787 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW, 1788 &wLen); 1789 if (ret) 1790 { 1791 /* Windows crashes if cchName is NULL, so will I */ 1792 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName, 1793 *cchName, NULL, NULL); 1794 1795 if (len == 0) 1796 { 1797 /* WideCharToMultiByte failed */ 1798 ret = FALSE; 1799 } 1800 else if (len > *cchName) 1801 { 1802 *cchName = len; 1803 SetLastError(ERROR_INSUFFICIENT_BUFFER); 1804 ret = FALSE; 1805 } 1806 else 1807 { 1808 /* WideCharToMultiByte succeeded, output length needs to be 1809 * length not including NULL terminator 1810 */ 1811 *cchName = len - 1; 1812 } 1813 } 1814 HeapFree(GetProcessHeap(), 0, lpNameW); 1815 } 1816 RtlFreeUnicodeString(&lpSystemNameW); 1817 return ret; 1818 } 1819 1820 /****************************************************************************** 1821 * LookupPrivilegeNameW [ADVAPI32.@] 1822 * 1823 * Retrieves the privilege name referred to by the LUID lpLuid. 1824 * 1825 * PARAMS 1826 * lpSystemName [I] Name of the system 1827 * lpLuid [I] Privilege value 1828 * lpName [O] Name of the privilege 1829 * cchName [I/O] Number of characters in lpName. 1830 * 1831 * RETURNS 1832 * Success: TRUE. lpName contains the name of the privilege whose value is 1833 * *lpLuid. 1834 * Failure: FALSE. 1835 * 1836 * REMARKS 1837 * Only well-known privilege names (those defined in winnt.h) can be retrieved 1838 * using this function. 1839 * If the length of lpName is too small, on return *cchName will contain the 1840 * number of WCHARs needed to contain the privilege, including the NULL 1841 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER. 1842 * On success, *cchName will contain the number of characters stored in 1843 * lpName, NOT including the NULL terminator. 1844 */ 1845 BOOL WINAPI 1846 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, 1847 LPDWORD cchName) 1848 { 1849 size_t privNameLen; 1850 1851 TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName); 1852 1853 if (!ADVAPI_IsLocalComputer(lpSystemName)) 1854 { 1855 SetLastError(RPC_S_SERVER_UNAVAILABLE); 1856 return FALSE; 1857 } 1858 if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE || 1859 lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE)) 1860 { 1861 SetLastError(ERROR_NO_SUCH_PRIVILEGE); 1862 return FALSE; 1863 } 1864 privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]); 1865 /* Windows crashes if cchName is NULL, so will I */ 1866 if (*cchName <= privNameLen) 1867 { 1868 *cchName = privNameLen + 1; 1869 SetLastError(ERROR_INSUFFICIENT_BUFFER); 1870 return FALSE; 1871 } 1872 else 1873 { 1874 strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]); 1875 *cchName = privNameLen; 1876 return TRUE; 1877 } 1878 } 1879 1880 /****************************************************************************** 1881 * GetFileSecurityA [ADVAPI32.@] 1882 * 1883 * Obtains Specified information about the security of a file or directory. 1884 * 1885 * PARAMS 1886 * lpFileName [I] Name of the file to get info for 1887 * RequestedInformation [I] SE_ flags from "winnt.h" 1888 * pSecurityDescriptor [O] Destination for security information 1889 * nLength [I] Length of pSecurityDescriptor 1890 * lpnLengthNeeded [O] Destination for length of returned security information 1891 * 1892 * RETURNS 1893 * Success: TRUE. pSecurityDescriptor contains the requested information. 1894 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info. 1895 * 1896 * NOTES 1897 * The information returned is constrained by the callers access rights and 1898 * privileges. 1899 */ 1900 BOOL WINAPI 1901 GetFileSecurityA( LPCSTR lpFileName, 1902 SECURITY_INFORMATION RequestedInformation, 1903 PSECURITY_DESCRIPTOR pSecurityDescriptor, 1904 DWORD nLength, LPDWORD lpnLengthNeeded ) 1905 { 1906 DWORD len; 1907 BOOL r; 1908 LPWSTR name = NULL; 1909 1910 if( lpFileName ) 1911 { 1912 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 ); 1913 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) ); 1914 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len ); 1915 } 1916 1917 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor, 1918 nLength, lpnLengthNeeded ); 1919 HeapFree( GetProcessHeap(), 0, name ); 1920 1921 return r; 1922 } 1923 1924 /****************************************************************************** 1925 * GetFileSecurityW [ADVAPI32.@] 1926 * 1927 * See GetFileSecurityA. 1928 */ 1929 BOOL WINAPI 1930 GetFileSecurityW( LPCWSTR lpFileName, 1931 SECURITY_INFORMATION RequestedInformation, 1932 PSECURITY_DESCRIPTOR pSecurityDescriptor, 1933 DWORD nLength, LPDWORD lpnLengthNeeded ) 1934 { 1935 HANDLE hfile; 1936 NTSTATUS status; 1937 DWORD access = 0; 1938 1939 TRACE("(%s,%d,%p,%d,%p)\n", debugstr_w(lpFileName), 1940 RequestedInformation, pSecurityDescriptor, 1941 nLength, lpnLengthNeeded); 1942 1943 if (RequestedInformation & (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION| 1944 DACL_SECURITY_INFORMATION)) 1945 access |= READ_CONTROL; 1946 if (RequestedInformation & SACL_SECURITY_INFORMATION) 1947 access |= ACCESS_SYSTEM_SECURITY; 1948 1949 hfile = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, 1950 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0 ); 1951 if ( hfile == INVALID_HANDLE_VALUE ) 1952 return FALSE; 1953 1954 status = NtQuerySecurityObject( hfile, RequestedInformation, pSecurityDescriptor, 1955 nLength, lpnLengthNeeded ); 1956 CloseHandle( hfile ); 1957 return set_ntstatus( status ); 1958 } 1959 1960 1961 /****************************************************************************** 1962 * LookupAccountSidA [ADVAPI32.@] 1963 */ 1964 BOOL WINAPI 1965 LookupAccountSidA( 1966 IN LPCSTR system, 1967 IN PSID sid, 1968 OUT LPSTR account, 1969 IN OUT LPDWORD accountSize, 1970 OUT LPSTR domain, 1971 IN OUT LPDWORD domainSize, 1972 OUT PSID_NAME_USE name_use ) 1973 { 1974 DWORD len; 1975 BOOL r; 1976 LPWSTR systemW = NULL; 1977 LPWSTR accountW = NULL; 1978 LPWSTR domainW = NULL; 1979 DWORD accountSizeW = *accountSize; 1980 DWORD domainSizeW = *domainSize; 1981 1982 if (system) { 1983 len = MultiByteToWideChar( CP_ACP, 0, system, -1, NULL, 0 ); 1984 systemW = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) ); 1985 MultiByteToWideChar( CP_ACP, 0, system, -1, systemW, len ); 1986 } 1987 if (account) 1988 accountW = HeapAlloc( GetProcessHeap(), 0, accountSizeW * sizeof(WCHAR) ); 1989 if (domain) 1990 domainW = HeapAlloc( GetProcessHeap(), 0, domainSizeW * sizeof(WCHAR) ); 1991 1992 r = LookupAccountSidW( systemW, sid, accountW, &accountSizeW, domainW, &domainSizeW, name_use ); 1993 1994 if (r) { 1995 if (accountW && *accountSize) { 1996 len = WideCharToMultiByte( CP_ACP, 0, accountW, -1, NULL, 0, NULL, NULL ); 1997 WideCharToMultiByte( CP_ACP, 0, accountW, -1, account, len, NULL, NULL ); 1998 *accountSize = len; 1999 } else 2000 *accountSize = accountSizeW + 1; 2001 2002 if (domainW && *domainSize) { 2003 len = WideCharToMultiByte( CP_ACP, 0, domainW, -1, NULL, 0, NULL, NULL ); 2004 WideCharToMultiByte( CP_ACP, 0, domainW, -1, domain, len, NULL, NULL ); 2005 *domainSize = len; 2006 } else 2007 *domainSize = domainSizeW + 1; 2008 } 2009 2010 HeapFree( GetProcessHeap(), 0, systemW ); 2011 HeapFree( GetProcessHeap(), 0, accountW ); 2012 HeapFree( GetProcessHeap(), 0, domainW ); 2013 2014 return r; 2015 } 2016 2017 /****************************************************************************** 2018 * LookupAccountSidW [ADVAPI32.@] 2019 * 2020 * PARAMS 2021 * system [] 2022 * sid [] 2023 * account [] 2024 * accountSize [] 2025 * domain [] 2026 * domainSize [] 2027 * name_use [] 2028 */ 2029 2030 BOOL WINAPI 2031 LookupAccountSidW( 2032 IN LPCWSTR system, 2033 IN PSID sid, 2034 OUT LPWSTR account, 2035 IN OUT LPDWORD accountSize, 2036 OUT LPWSTR domain, 2037 IN OUT LPDWORD domainSize, 2038 OUT PSID_NAME_USE name_use ) 2039 { 2040 unsigned int i, j; 2041 const WCHAR * ac = NULL; 2042 const WCHAR * dm = NULL; 2043 SID_NAME_USE use = 0; 2044 LPWSTR computer_name = NULL; 2045 LPWSTR account_name = NULL; 2046 2047 TRACE("(%s,sid=%s,%p,%p(%u),%p,%p(%u),%p)\n", 2048 debugstr_w(system),debugstr_sid(sid), 2049 account,accountSize,accountSize?*accountSize:0, 2050 domain,domainSize,domainSize?*domainSize:0, 2051 name_use); 2052 2053 if (!ADVAPI_IsLocalComputer(system)) { 2054 FIXME("Only local computer supported!\n"); 2055 SetLastError(RPC_S_SERVER_UNAVAILABLE); 2056 return FALSE; 2057 } 2058 2059 /* check the well known SIDs first */ 2060 for (i = 0; i <= 60; i++) { 2061 if (IsWellKnownSid(sid, i)) { 2062 for (j = 0; j < (sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0])); j++) { 2063 if (ACCOUNT_SIDS[j].type == i) { 2064 ac = ACCOUNT_SIDS[j].account; 2065 dm = ACCOUNT_SIDS[j].domain; 2066 use = ACCOUNT_SIDS[j].name_use; 2067 } 2068 } 2069 break; 2070 } 2071 } 2072 2073 if (dm == NULL) { 2074 MAX_SID local; 2075 2076 /* check for the local computer next */ 2077 if (ADVAPI_GetComputerSid(&local)) { 2078 DWORD size = MAX_COMPUTERNAME_LENGTH + 1; 2079 BOOL result; 2080 2081 computer_name = HeapAlloc(GetProcessHeap(), 0, size * sizeof(WCHAR)); 2082 result = GetComputerNameW(computer_name, &size); 2083 2084 if (result) { 2085 if (EqualSid(sid, &local)) { 2086 dm = computer_name; 2087 ac = Blank; 2088 use = 3; 2089 } else { 2090 local.SubAuthorityCount++; 2091 2092 if (EqualPrefixSid(sid, &local)) { 2093 dm = computer_name; 2094 use = 1; 2095 switch (((MAX_SID *)sid)->SubAuthority[4]) { 2096 case DOMAIN_USER_RID_ADMIN: 2097 ac = Administrator; 2098 break; 2099 case DOMAIN_USER_RID_GUEST: 2100 ac = Guest; 2101 break; 2102 case DOMAIN_GROUP_RID_ADMINS: 2103 ac = Domain_Admins; 2104 break; 2105 case DOMAIN_GROUP_RID_USERS: 2106 ac = Domain_Users; 2107 break; 2108 case DOMAIN_GROUP_RID_GUESTS: 2109 ac = Domain_Guests; 2110 break; 2111 case DOMAIN_GROUP_RID_COMPUTERS: 2112 ac = Domain_Computers; 2113 break; 2114 case DOMAIN_GROUP_RID_CONTROLLERS: 2115 ac = Domain_Controllers; 2116 break; 2117 case DOMAIN_GROUP_RID_CERT_ADMINS: 2118 ac = Cert_Publishers; 2119 break; 2120 case DOMAIN_GROUP_RID_SCHEMA_ADMINS: 2121 ac = Schema_Admins; 2122 break; 2123 case DOMAIN_GROUP_RID_ENTERPRISE_ADMINS: 2124 ac = Enterprise_Admins; 2125 break; 2126 case DOMAIN_GROUP_RID_POLICY_ADMINS: 2127 ac = Group_Policy_Creator_Owners; 2128 break; 2129 case DOMAIN_ALIAS_RID_RAS_SERVERS: 2130 ac = RAS_and_IAS_Servers; 2131 break; 2132 case 1000: /* first user account */ 2133 size = UNLEN + 1; 2134 account_name = HeapAlloc( 2135 GetProcessHeap(), 0, size * sizeof(WCHAR)); 2136 if (GetUserNameW(account_name, &size)) 2137 ac = account_name; 2138 else 2139 dm = NULL; 2140 2141 break; 2142 default: 2143 dm = NULL; 2144 break; 2145 } 2146 } 2147 } 2148 } 2149 } 2150 } 2151 2152 if (dm) { 2153 DWORD ac_len = lstrlenW(ac); 2154 DWORD dm_len = lstrlenW(dm); 2155 BOOL status = TRUE; 2156 2157 if (*accountSize > ac_len) { 2158 if (account) 2159 lstrcpyW(account, ac); 2160 } 2161 if (*domainSize > dm_len) { 2162 if (domain) 2163 lstrcpyW(domain, dm); 2164 } 2165 if (((*accountSize != 0) && (*accountSize < ac_len)) || 2166 ((*domainSize != 0) && (*domainSize < dm_len))) { 2167 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2168 status = FALSE; 2169 } 2170 if (*domainSize) 2171 *domainSize = dm_len; 2172 else 2173 *domainSize = dm_len + 1; 2174 if (*accountSize) 2175 *accountSize = ac_len; 2176 else 2177 *accountSize = ac_len + 1; 2178 *name_use = use; 2179 HeapFree(GetProcessHeap(), 0, account_name); 2180 HeapFree(GetProcessHeap(), 0, computer_name); 2181 return status; 2182 } 2183 2184 HeapFree(GetProcessHeap(), 0, account_name); 2185 HeapFree(GetProcessHeap(), 0, computer_name); 2186 SetLastError(ERROR_NONE_MAPPED); 2187 return FALSE; 2188 } 2189 2190 /****************************************************************************** 2191 * SetFileSecurityA [ADVAPI32.@] 2192 * 2193 * See SetFileSecurityW. 2194 */ 2195 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName, 2196 SECURITY_INFORMATION RequestedInformation, 2197 PSECURITY_DESCRIPTOR pSecurityDescriptor) 2198 { 2199 DWORD len; 2200 BOOL r; 2201 LPWSTR name = NULL; 2202 2203 if( lpFileName ) 2204 { 2205 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 ); 2206 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) ); 2207 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len ); 2208 } 2209 2210 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor ); 2211 HeapFree( GetProcessHeap(), 0, name ); 2212 2213 return r; 2214 } 2215 2216 /****************************************************************************** 2217 * SetFileSecurityW [ADVAPI32.@] 2218 * 2219 * Sets the security of a file or directory. 2220 * 2221 * PARAMS 2222 * lpFileName [] 2223 * RequestedInformation [] 2224 * pSecurityDescriptor [] 2225 * 2226 * RETURNS 2227 * Success: TRUE. 2228 * Failure: FALSE. 2229 */ 2230 BOOL WINAPI 2231 SetFileSecurityW( LPCWSTR lpFileName, 2232 SECURITY_INFORMATION RequestedInformation, 2233 PSECURITY_DESCRIPTOR pSecurityDescriptor ) 2234 { 2235 HANDLE file; 2236 DWORD access = 0; 2237 NTSTATUS status; 2238 2239 TRACE("(%s, 0x%x, %p)\n", debugstr_w(lpFileName), RequestedInformation, 2240 pSecurityDescriptor ); 2241 2242 if (RequestedInformation & OWNER_SECURITY_INFORMATION || 2243 RequestedInformation & GROUP_SECURITY_INFORMATION) 2244 access |= WRITE_OWNER; 2245 if (RequestedInformation & SACL_SECURITY_INFORMATION) 2246 access |= ACCESS_SYSTEM_SECURITY; 2247 if (RequestedInformation & DACL_SECURITY_INFORMATION) 2248 access |= WRITE_DAC; 2249 2250 file = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, 2251 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL ); 2252 if (file == INVALID_HANDLE_VALUE) 2253 return FALSE; 2254 2255 status = NtSetSecurityObject( file, RequestedInformation, pSecurityDescriptor ); 2256 CloseHandle( file ); 2257 return set_ntstatus( status ); 2258 } 2259 2260 /****************************************************************************** 2261 * QueryWindows31FilesMigration [ADVAPI32.@] 2262 * 2263 * PARAMS 2264 * x1 [] 2265 */ 2266 BOOL WINAPI 2267 QueryWindows31FilesMigration( DWORD x1 ) 2268 { 2269 FIXME("(%d):stub\n",x1); 2270 return TRUE; 2271 } 2272 2273 /****************************************************************************** 2274 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@] 2275 * 2276 * PARAMS 2277 * x1 [] 2278 * x2 [] 2279 * x3 [] 2280 * x4 [] 2281 */ 2282 BOOL WINAPI 2283 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3, 2284 DWORD x4 ) 2285 { 2286 FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4); 2287 return TRUE; 2288 } 2289 2290 /****************************************************************************** 2291 * NotifyBootConfigStatus [ADVAPI32.@] 2292 * 2293 * PARAMS 2294 * x1 [] 2295 */ 2296 BOOL WINAPI 2297 NotifyBootConfigStatus( BOOL x1 ) 2298 { 2299 FIXME("(0x%08d):stub\n",x1); 2300 return 1; 2301 } 2302 2303 /****************************************************************************** 2304 * RevertToSelf [ADVAPI32.@] 2305 * 2306 * Ends the impersonation of a user. 2307 * 2308 * PARAMS 2309 * void [] 2310 * 2311 * RETURNS 2312 * Success: TRUE. 2313 * Failure: FALSE. 2314 */ 2315 BOOL WINAPI 2316 RevertToSelf( void ) 2317 { 2318 HANDLE Token = NULL; 2319 return set_ntstatus( NtSetInformationThread( GetCurrentThread(), 2320 ThreadImpersonationToken, &Token, sizeof(Token) ) ); 2321 } 2322 2323 /****************************************************************************** 2324 * ImpersonateSelf [ADVAPI32.@] 2325 * 2326 * Makes an impersonation token that represents the process user and assigns 2327 * to the current thread. 2328 * 2329 * PARAMS 2330 * ImpersonationLevel [I] Level at which to impersonate. 2331 * 2332 * RETURNS 2333 * Success: TRUE. 2334 * Failure: FALSE. 2335 */ 2336 BOOL WINAPI 2337 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel) 2338 { 2339 return set_ntstatus( RtlImpersonateSelf( ImpersonationLevel ) ); 2340 } 2341 2342 /****************************************************************************** 2343 * ImpersonateLoggedOnUser [ADVAPI32.@] 2344 */ 2345 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken) 2346 { 2347 DWORD size; 2348 NTSTATUS Status; 2349 HANDLE ImpersonationToken; 2350 TOKEN_TYPE Type; 2351 static BOOL warn = TRUE; 2352 2353 if (warn) 2354 { 2355 FIXME( "(%p)\n", hToken ); 2356 warn = FALSE; 2357 } 2358 if (!GetTokenInformation( hToken, TokenType, &Type, 2359 sizeof(TOKEN_TYPE), &size )) 2360 return FALSE; 2361 2362 if (Type == TokenPrimary) 2363 { 2364 OBJECT_ATTRIBUTES ObjectAttributes; 2365 2366 InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL ); 2367 2368 Status = NtDuplicateToken( hToken, 2369 TOKEN_IMPERSONATE | TOKEN_QUERY, 2370 &ObjectAttributes, 2371 SecurityImpersonation, 2372 TokenImpersonation, 2373 &ImpersonationToken ); 2374 if (Status != STATUS_SUCCESS) 2375 { 2376 ERR( "NtDuplicateToken failed with error 0x%08x\n", Status ); 2377 SetLastError( RtlNtStatusToDosError( Status ) ); 2378 return FALSE; 2379 } 2380 } 2381 else 2382 ImpersonationToken = hToken; 2383 2384 Status = NtSetInformationThread( GetCurrentThread(), 2385 ThreadImpersonationToken, 2386 &ImpersonationToken, 2387 sizeof(ImpersonationToken) ); 2388 2389 if (Type == TokenPrimary) 2390 NtClose( ImpersonationToken ); 2391 2392 if (Status != STATUS_SUCCESS) 2393 { 2394 ERR( "NtSetInformationThread failed with error 0x%08x\n", Status ); 2395 SetLastError( RtlNtStatusToDosError( Status ) ); 2396 return FALSE; 2397 } 2398 2399 return TRUE; 2400 } 2401 2402 /****************************************************************************** 2403 * AccessCheck [ADVAPI32.@] 2404 */ 2405 BOOL WINAPI 2406 AccessCheck( 2407 PSECURITY_DESCRIPTOR SecurityDescriptor, 2408 HANDLE ClientToken, 2409 DWORD DesiredAccess, 2410 PGENERIC_MAPPING GenericMapping, 2411 PPRIVILEGE_SET PrivilegeSet, 2412 LPDWORD PrivilegeSetLength, 2413 LPDWORD GrantedAccess, 2414 LPBOOL AccessStatus) 2415 { 2416 NTSTATUS access_status; 2417 BOOL ret = set_ntstatus( NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess, 2418 GenericMapping, PrivilegeSet, PrivilegeSetLength, 2419 GrantedAccess, &access_status) ); 2420 if (ret) *AccessStatus = set_ntstatus( access_status ); 2421 return ret; 2422 } 2423 2424 2425 /****************************************************************************** 2426 * AccessCheckByType [ADVAPI32.@] 2427 */ 2428 BOOL WINAPI AccessCheckByType( 2429 PSECURITY_DESCRIPTOR pSecurityDescriptor, 2430 PSID PrincipalSelfSid, 2431 HANDLE ClientToken, 2432 DWORD DesiredAccess, 2433 POBJECT_TYPE_LIST ObjectTypeList, 2434 DWORD ObjectTypeListLength, 2435 PGENERIC_MAPPING GenericMapping, 2436 PPRIVILEGE_SET PrivilegeSet, 2437 LPDWORD PrivilegeSetLength, 2438 LPDWORD GrantedAccess, 2439 LPBOOL AccessStatus) 2440 { 2441 FIXME("stub\n"); 2442 2443 *AccessStatus = TRUE; 2444 2445 return !*AccessStatus; 2446 } 2447 2448 /****************************************************************************** 2449 * MapGenericMask [ADVAPI32.@] 2450 * 2451 * Maps generic access rights into specific access rights according to the 2452 * supplied mapping. 2453 * 2454 * PARAMS 2455 * AccessMask [I/O] Access rights. 2456 * GenericMapping [I] The mapping between generic and specific rights. 2457 * 2458 * RETURNS 2459 * Nothing. 2460 */ 2461 VOID WINAPI MapGenericMask( PDWORD AccessMask, PGENERIC_MAPPING GenericMapping ) 2462 { 2463 RtlMapGenericMask( AccessMask, GenericMapping ); 2464 } 2465 2466 /************************************************************************* 2467 * SetKernelObjectSecurity [ADVAPI32.@] 2468 */ 2469 BOOL WINAPI SetKernelObjectSecurity ( 2470 IN HANDLE Handle, 2471 IN SECURITY_INFORMATION SecurityInformation, 2472 IN PSECURITY_DESCRIPTOR SecurityDescriptor ) 2473 { 2474 return set_ntstatus (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor)); 2475 } 2476 2477 2478 /****************************************************************************** 2479 * AddAuditAccessAce [ADVAPI32.@] 2480 */ 2481 BOOL WINAPI AddAuditAccessAce( 2482 IN OUT PACL pAcl, 2483 IN DWORD dwAceRevision, 2484 IN DWORD dwAccessMask, 2485 IN PSID pSid, 2486 IN BOOL bAuditSuccess, 2487 IN BOOL bAuditFailure) 2488 { 2489 return set_ntstatus( RtlAddAuditAccessAce(pAcl, dwAceRevision, dwAccessMask, pSid, 2490 bAuditSuccess, bAuditFailure) ); 2491 } 2492 2493 /****************************************************************************** 2494 * AddAuditAccessAce [ADVAPI32.@] 2495 */ 2496 BOOL WINAPI AddAuditAccessAceEx( 2497 IN OUT PACL pAcl, 2498 IN DWORD dwAceRevision, 2499 IN DWORD dwAceFlags, 2500 IN DWORD dwAccessMask, 2501 IN PSID pSid, 2502 IN BOOL bAuditSuccess, 2503 IN BOOL bAuditFailure) 2504 { 2505 return set_ntstatus( RtlAddAuditAccessAceEx(pAcl, dwAceRevision, dwAceFlags, dwAccessMask, pSid, 2506 bAuditSuccess, bAuditFailure) ); 2507 } 2508 2509 /****************************************************************************** 2510 * LookupAccountNameA [ADVAPI32.@] 2511 */ 2512 BOOL WINAPI 2513 LookupAccountNameA( 2514 IN LPCSTR system, 2515 IN LPCSTR account, 2516 OUT PSID sid, 2517 OUT LPDWORD cbSid, 2518 LPSTR ReferencedDomainName, 2519 IN OUT LPDWORD cbReferencedDomainName, 2520 OUT PSID_NAME_USE name_use ) 2521 { 2522 BOOL ret; 2523 UNICODE_STRING lpSystemW; 2524 UNICODE_STRING lpAccountW; 2525 LPWSTR lpReferencedDomainNameW = NULL; 2526 2527 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, system); 2528 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, account); 2529 2530 if (ReferencedDomainName) 2531 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(), 0, *cbReferencedDomainName * sizeof(WCHAR)); 2532 2533 ret = LookupAccountNameW(lpSystemW.Buffer, lpAccountW.Buffer, sid, cbSid, lpReferencedDomainNameW, 2534 cbReferencedDomainName, name_use); 2535 2536 if (ret && lpReferencedDomainNameW) 2537 { 2538 WideCharToMultiByte(CP_ACP, 0, lpReferencedDomainNameW, -1, 2539 ReferencedDomainName, *cbReferencedDomainName+1, NULL, NULL); 2540 } 2541 2542 RtlFreeUnicodeString(&lpSystemW); 2543 RtlFreeUnicodeString(&lpAccountW); 2544 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW); 2545 2546 return ret; 2547 } 2548 2549 /****************************************************************************** 2550 * lookup_user_account_name 2551 */ 2552 static BOOL lookup_user_account_name(PSID Sid, PDWORD cbSid, LPWSTR ReferencedDomainName, 2553 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse ) 2554 { 2555 /* Default implementation: Always return a default SID */ 2556 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY}; 2557 BOOL ret; 2558 PSID pSid; 2559 static const WCHAR dm[] = {'D','O','M','A','I','N',0}; 2560 DWORD nameLen; 2561 LPCWSTR domainName; 2562 2563 ret = AllocateAndInitializeSid(&identifierAuthority, 2564 2, 2565 SECURITY_BUILTIN_DOMAIN_RID, 2566 DOMAIN_ALIAS_RID_ADMINS, 2567 0, 0, 0, 0, 0, 0, 2568 &pSid); 2569 2570 if (!ret) 2571 return FALSE; 2572 2573 if (!RtlValidSid(pSid)) 2574 { 2575 FreeSid(pSid); 2576 return FALSE; 2577 } 2578 2579 if (Sid != NULL && (*cbSid >= GetLengthSid(pSid))) 2580 CopySid(*cbSid, Sid, pSid); 2581 if (*cbSid < GetLengthSid(pSid)) 2582 { 2583 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2584 ret = FALSE; 2585 } 2586 *cbSid = GetLengthSid(pSid); 2587 2588 domainName = dm; 2589 nameLen = strlenW(domainName); 2590 2591 if (*cchReferencedDomainName <= nameLen || !ret) 2592 { 2593 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2594 nameLen += 1; 2595 ret = FALSE; 2596 } 2597 else if (ReferencedDomainName) 2598 strcpyW(ReferencedDomainName, domainName); 2599 2600 *cchReferencedDomainName = nameLen; 2601 2602 if (ret) 2603 *peUse = SidTypeUser; 2604 2605 FreeSid(pSid); 2606 2607 return ret; 2608 } 2609 2610 /****************************************************************************** 2611 * lookup_computer_account_name 2612 */ 2613 static BOOL lookup_computer_account_name(PSID Sid, PDWORD cbSid, LPWSTR ReferencedDomainName, 2614 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse ) 2615 { 2616 MAX_SID local; 2617 BOOL ret; 2618 static const WCHAR dm[] = {'D','O','M','A','I','N',0}; 2619 DWORD nameLen; 2620 LPCWSTR domainName; 2621 2622 if ((ret = ADVAPI_GetComputerSid(&local))) 2623 { 2624 if (Sid != NULL && (*cbSid >= GetLengthSid(&local))) 2625 CopySid(*cbSid, Sid, &local); 2626 if (*cbSid < GetLengthSid(&local)) 2627 { 2628 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2629 ret = FALSE; 2630 } 2631 *cbSid = GetLengthSid(&local); 2632 } 2633 2634 domainName = dm; 2635 nameLen = strlenW(domainName); 2636 2637 if (*cchReferencedDomainName <= nameLen || !ret) 2638 { 2639 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2640 nameLen += 1; 2641 ret = FALSE; 2642 } 2643 else if (ReferencedDomainName) 2644 strcpyW(ReferencedDomainName, domainName); 2645 2646 *cchReferencedDomainName = nameLen; 2647 2648 if (ret) 2649 *peUse = SidTypeDomain; 2650 2651 return ret; 2652 } 2653 2654 /****************************************************************************** 2655 * LookupAccountNameW [ADVAPI32.@] 2656 */ 2657 BOOL WINAPI LookupAccountNameW( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, 2658 LPDWORD cbSid, LPWSTR ReferencedDomainName, 2659 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse ) 2660 { 2661 BOOL ret; 2662 PSID pSid; 2663 unsigned int i; 2664 DWORD nameLen; 2665 LPWSTR userName = NULL; 2666 LPCWSTR domainName; 2667 LPCWSTR lpAccountNamePtr; 2668 LPCWSTR lpDomainNamePtr = NULL; 2669 2670 FIXME("%s %s %p %p %p %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpAccountName), 2671 Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse); 2672 2673 if (!ADVAPI_IsLocalComputer(lpSystemName)) 2674 { 2675 SetLastError(RPC_S_SERVER_UNAVAILABLE); 2676 return FALSE; 2677 } 2678 2679 if (!lpAccountName || !strcmpW(lpAccountName, Blank)) 2680 { 2681 lpAccountName = BUILTIN; 2682 } 2683 2684 /* Check well known SIDs first */ 2685 if ((lpAccountNamePtr = strrchrW(lpAccountName,'\\'))) 2686 { 2687 lpAccountNamePtr++; 2688 lpDomainNamePtr = lpAccountName; 2689 } 2690 else 2691 lpAccountNamePtr = lpAccountName; 2692 2693 for (i = 0; i < (sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0])); i++) 2694 { 2695 /* check domain first */ 2696 if (lpDomainNamePtr && (strncmpiW(lpDomainNamePtr, ACCOUNT_SIDS[i].domain, strlenW(ACCOUNT_SIDS[i].domain)) || lpDomainNamePtr[strlenW(ACCOUNT_SIDS[i].domain)]!='\\')) 2697 continue; 2698 2699 if (!strcmpiW(lpAccountNamePtr, ACCOUNT_SIDS[i].account) || 2700 (ACCOUNT_SIDS[i].alias && !strcmpiW(lpAccountNamePtr, ACCOUNT_SIDS[i].alias))) 2701 { 2702 DWORD sidLen = SECURITY_MAX_SID_SIZE; 2703 2704 pSid = HeapAlloc(GetProcessHeap(), 0, sidLen); 2705 2706 ret = CreateWellKnownSid(ACCOUNT_SIDS[i].type, NULL, pSid, &sidLen); 2707 2708 if (ret) 2709 { 2710 if (*cbSid < sidLen) 2711 { 2712 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2713 ret = FALSE; 2714 } 2715 else if (Sid) 2716 { 2717 CopySid(*cbSid, Sid, pSid); 2718 } 2719 2720 *cbSid = sidLen; 2721 } 2722 2723 domainName = ACCOUNT_SIDS[i].domain; 2724 nameLen = strlenW(domainName); 2725 2726 if (*cchReferencedDomainName <= nameLen || !ret) 2727 { 2728 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2729 nameLen += 1; 2730 ret = FALSE; 2731 } 2732 else if (ReferencedDomainName) 2733 { 2734 strcpyW(ReferencedDomainName, domainName); 2735 } 2736 2737 *cchReferencedDomainName = nameLen; 2738 2739 if (ret) 2740 { 2741 *peUse = ACCOUNT_SIDS[i].name_use; 2742 } 2743 2744 HeapFree(GetProcessHeap(), 0, pSid); 2745 2746 return ret; 2747 } 2748 } 2749 2750 /* Let the current Unix user id masquerade as first Windows user account */ 2751 2752 nameLen = UNLEN + 1; 2753 2754 userName = HeapAlloc(GetProcessHeap(), 0, nameLen*sizeof(WCHAR)); 2755 2756 if (lpDomainNamePtr) 2757 { 2758 /* check to make sure this account is on this computer */ 2759 if (GetComputerNameW(userName, &nameLen) && strcmpW(lpDomainNamePtr, userName)) 2760 { 2761 SetLastError(ERROR_NONE_MAPPED); 2762 ret = FALSE; 2763 } 2764 nameLen = UNLEN + 1; 2765 } 2766 2767 if (GetUserNameW(userName, &nameLen) && !strcmpW(lpAccountNamePtr, userName)) 2768 ret = lookup_user_account_name(Sid, cbSid, ReferencedDomainName, 2769 cchReferencedDomainName, peUse); 2770 else 2771 { 2772 nameLen = UNLEN + 1; 2773 if (GetComputerNameW(userName, &nameLen) && !strcmpW(lpAccountNamePtr, userName)) 2774 ret = lookup_computer_account_name(Sid, cbSid, ReferencedDomainName, 2775 cchReferencedDomainName, peUse); 2776 else 2777 { 2778 SetLastError(ERROR_NONE_MAPPED); 2779 ret = FALSE; 2780 } 2781 } 2782 2783 HeapFree(GetProcessHeap(), 0, userName); 2784 2785 return ret; 2786 } 2787 2788 /****************************************************************************** 2789 * PrivilegeCheck [ADVAPI32.@] 2790 */ 2791 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult) 2792 { 2793 BOOL ret; 2794 BOOLEAN Result; 2795 2796 TRACE("%p %p %p\n", ClientToken, RequiredPrivileges, pfResult); 2797 2798 ret = set_ntstatus (NtPrivilegeCheck (ClientToken, RequiredPrivileges, &Result)); 2799 if (ret) 2800 *pfResult = Result; 2801 return ret; 2802 } 2803 2804 /****************************************************************************** 2805 * AccessCheckAndAuditAlarmA [ADVAPI32.@] 2806 */ 2807 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName, 2808 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, 2809 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, 2810 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose) 2811 { 2812 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem), 2813 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), 2814 SecurityDescriptor, DesiredAccess, GenericMapping, 2815 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose); 2816 return TRUE; 2817 } 2818 2819 /****************************************************************************** 2820 * AccessCheckAndAuditAlarmW [ADVAPI32.@] 2821 */ 2822 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName, 2823 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, 2824 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, 2825 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose) 2826 { 2827 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem), 2828 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), 2829 SecurityDescriptor, DesiredAccess, GenericMapping, 2830 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose); 2831 return TRUE; 2832 } 2833 2834 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose) 2835 { 2836 FIXME("stub (%s,%p,%x)\n", debugstr_a(SubsystemName), HandleId, GenerateOnClose); 2837 2838 return TRUE; 2839 } 2840 2841 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose) 2842 { 2843 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose); 2844 2845 return TRUE; 2846 } 2847 2848 BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose) 2849 { 2850 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose); 2851 2852 return TRUE; 2853 } 2854 2855 BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, 2856 LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, 2857 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, 2858 LPBOOL GenerateOnClose) 2859 { 2860 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_a(SubsystemName), 2861 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), pSecurityDescriptor, 2862 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted, 2863 GenerateOnClose); 2864 2865 return TRUE; 2866 } 2867 2868 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, 2869 LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, 2870 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, 2871 LPBOOL GenerateOnClose) 2872 { 2873 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_w(SubsystemName), 2874 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), pSecurityDescriptor, 2875 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted, 2876 GenerateOnClose); 2877 2878 return TRUE; 2879 } 2880 2881 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, 2882 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted) 2883 { 2884 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_a(SubsystemName), HandleId, ClientToken, 2885 DesiredAccess, Privileges, AccessGranted); 2886 2887 return TRUE; 2888 } 2889 2890 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, 2891 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted) 2892 { 2893 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_w(SubsystemName), HandleId, ClientToken, 2894 DesiredAccess, Privileges, AccessGranted); 2895 2896 return TRUE; 2897 } 2898 2899 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken, 2900 PPRIVILEGE_SET Privileges, BOOL AccessGranted) 2901 { 2902 FIXME("stub (%s,%s,%p,%p,%x)\n", debugstr_a(SubsystemName), debugstr_a(ServiceName), 2903 ClientToken, Privileges, AccessGranted); 2904 2905 return TRUE; 2906 } 2907 2908 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken, 2909 PPRIVILEGE_SET Privileges, BOOL AccessGranted) 2910 { 2911 FIXME("stub %s,%s,%p,%p,%x)\n", debugstr_w(SubsystemName), debugstr_w(ServiceName), 2912 ClientToken, Privileges, AccessGranted); 2913 2914 return TRUE; 2915 } 2916 2917 /****************************************************************************** 2918 * GetSecurityInfo [ADVAPI32.@] 2919 * 2920 * Retrieves a copy of the security descriptor associated with an object. 2921 * 2922 * PARAMS 2923 * hObject [I] A handle for the object. 2924 * ObjectType [I] The type of object. 2925 * SecurityInfo [I] A bitmask indicating what info to retrieve. 2926 * ppsidOwner [O] If non-null, receives a pointer to the owner SID. 2927 * ppsidGroup [O] If non-null, receives a pointer to the group SID. 2928 * ppDacl [O] If non-null, receives a pointer to the DACL. 2929 * ppSacl [O] If non-null, receives a pointer to the SACL. 2930 * ppSecurityDescriptor [O] Receives a pointer to the security descriptor, 2931 * which must be freed with LocalFree. 2932 * 2933 * RETURNS 2934 * ERROR_SUCCESS if all's well, and a WIN32 error code otherwise. 2935 */ 2936 DWORD WINAPI GetSecurityInfo( 2937 HANDLE hObject, SE_OBJECT_TYPE ObjectType, 2938 SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, 2939 PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, 2940 PSECURITY_DESCRIPTOR *ppSecurityDescriptor 2941 ) 2942 { 2943 PSECURITY_DESCRIPTOR sd; 2944 NTSTATUS status; 2945 ULONG n1, n2; 2946 BOOL present, defaulted; 2947 2948 status = NtQuerySecurityObject(hObject, SecurityInfo, NULL, 0, &n1); 2949 if (status != STATUS_BUFFER_TOO_SMALL && status != STATUS_SUCCESS) 2950 return RtlNtStatusToDosError(status); 2951 2952 sd = LocalAlloc(0, n1); 2953 if (!sd) 2954 return ERROR_NOT_ENOUGH_MEMORY; 2955 2956 status = NtQuerySecurityObject(hObject, SecurityInfo, sd, n1, &n2); 2957 if (status != STATUS_SUCCESS) 2958 { 2959 LocalFree(sd); 2960 return RtlNtStatusToDosError(status); 2961 } 2962 2963 if (ppsidOwner) 2964 { 2965 *ppsidOwner = NULL; 2966 GetSecurityDescriptorOwner(sd, ppsidOwner, &defaulted); 2967 } 2968 if (ppsidGroup) 2969 { 2970 *ppsidGroup = NULL; 2971 GetSecurityDescriptorGroup(sd, ppsidGroup, &defaulted); 2972 } 2973 if (ppDacl) 2974 { 2975 *ppDacl = NULL; 2976 GetSecurityDescriptorDacl(sd, &present, ppDacl, &defaulted); 2977 } 2978 if (ppSacl) 2979 { 2980 *ppSacl = NULL; 2981 GetSecurityDescriptorSacl(sd, &present, ppSacl, &defaulted); 2982 } 2983 if (ppSecurityDescriptor) 2984 *ppSecurityDescriptor = sd; 2985 2986 return ERROR_SUCCESS; 2987 } 2988 2989 /****************************************************************************** 2990 * GetSecurityInfoExA [ADVAPI32.@] 2991 */ 2992 DWORD WINAPI GetSecurityInfoExA( 2993 HANDLE hObject, SE_OBJECT_TYPE ObjectType, 2994 SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, 2995 LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, 2996 PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup 2997 ) 2998 { 2999 FIXME("stub!\n"); 3000 return ERROR_BAD_PROVIDER; 3001 } 3002 3003 /****************************************************************************** 3004 * GetSecurityInfoExW [ADVAPI32.@] 3005 */ 3006 DWORD WINAPI GetSecurityInfoExW( 3007 HANDLE hObject, SE_OBJECT_TYPE ObjectType, 3008 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, 3009 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, 3010 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup 3011 ) 3012 { 3013 FIXME("stub!\n"); 3014 return ERROR_BAD_PROVIDER; 3015 } 3016 3017 /****************************************************************************** 3018 * BuildExplicitAccessWithNameA [ADVAPI32.@] 3019 */ 3020 VOID WINAPI BuildExplicitAccessWithNameA( PEXPLICIT_ACCESSA pExplicitAccess, 3021 LPSTR pTrusteeName, DWORD AccessPermissions, 3022 ACCESS_MODE AccessMode, DWORD Inheritance ) 3023 { 3024 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_a(pTrusteeName), 3025 AccessPermissions, AccessMode, Inheritance); 3026 3027 pExplicitAccess->grfAccessPermissions = AccessPermissions; 3028 pExplicitAccess->grfAccessMode = AccessMode; 3029 pExplicitAccess->grfInheritance = Inheritance; 3030 3031 pExplicitAccess->Trustee.pMultipleTrustee = NULL; 3032 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3033 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME; 3034 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN; 3035 pExplicitAccess->Trustee.ptstrName = pTrusteeName; 3036 } 3037 3038 /****************************************************************************** 3039 * BuildExplicitAccessWithNameW [ADVAPI32.@] 3040 */ 3041 VOID WINAPI BuildExplicitAccessWithNameW( PEXPLICIT_ACCESSW pExplicitAccess, 3042 LPWSTR pTrusteeName, DWORD AccessPermissions, 3043 ACCESS_MODE AccessMode, DWORD Inheritance ) 3044 { 3045 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_w(pTrusteeName), 3046 AccessPermissions, AccessMode, Inheritance); 3047 3048 pExplicitAccess->grfAccessPermissions = AccessPermissions; 3049 pExplicitAccess->grfAccessMode = AccessMode; 3050 pExplicitAccess->grfInheritance = Inheritance; 3051 3052 pExplicitAccess->Trustee.pMultipleTrustee = NULL; 3053 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3054 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME; 3055 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN; 3056 pExplicitAccess->Trustee.ptstrName = pTrusteeName; 3057 } 3058 3059 /****************************************************************************** 3060 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@] 3061 */ 3062 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName, 3063 SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName, 3064 LPSTR InheritedObjectTypeName, LPSTR Name ) 3065 { 3066 DWORD ObjectsPresent = 0; 3067 3068 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName, 3069 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name)); 3070 3071 /* Fill the OBJECTS_AND_NAME structure */ 3072 pObjName->ObjectType = ObjectType; 3073 if (ObjectTypeName != NULL) 3074 { 3075 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT; 3076 } 3077 3078 pObjName->InheritedObjectTypeName = InheritedObjectTypeName; 3079 if (InheritedObjectTypeName != NULL) 3080 { 3081 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT; 3082 } 3083 3084 pObjName->ObjectsPresent = ObjectsPresent; 3085 pObjName->ptstrName = Name; 3086 3087 /* Fill the TRUSTEE structure */ 3088 pTrustee->pMultipleTrustee = NULL; 3089 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3090 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME; 3091 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN; 3092 pTrustee->ptstrName = (LPSTR)pObjName; 3093 } 3094 3095 /****************************************************************************** 3096 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@] 3097 */ 3098 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName, 3099 SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName, 3100 LPWSTR InheritedObjectTypeName, LPWSTR Name ) 3101 { 3102 DWORD ObjectsPresent = 0; 3103 3104 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName, 3105 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name)); 3106 3107 /* Fill the OBJECTS_AND_NAME structure */ 3108 pObjName->ObjectType = ObjectType; 3109 if (ObjectTypeName != NULL) 3110 { 3111 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT; 3112 } 3113 3114 pObjName->InheritedObjectTypeName = InheritedObjectTypeName; 3115 if (InheritedObjectTypeName != NULL) 3116 { 3117 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT; 3118 } 3119 3120 pObjName->ObjectsPresent = ObjectsPresent; 3121 pObjName->ptstrName = Name; 3122 3123 /* Fill the TRUSTEE structure */ 3124 pTrustee->pMultipleTrustee = NULL; 3125 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3126 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME; 3127 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN; 3128 pTrustee->ptstrName = (LPWSTR)pObjName; 3129 } 3130 3131 /****************************************************************************** 3132 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@] 3133 */ 3134 VOID WINAPI BuildTrusteeWithObjectsAndSidA( PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid, 3135 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid ) 3136 { 3137 DWORD ObjectsPresent = 0; 3138 3139 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid); 3140 3141 /* Fill the OBJECTS_AND_SID structure */ 3142 if (pObjectGuid != NULL) 3143 { 3144 pObjSid->ObjectTypeGuid = *pObjectGuid; 3145 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT; 3146 } 3147 else 3148 { 3149 ZeroMemory(&pObjSid->ObjectTypeGuid, 3150 sizeof(GUID)); 3151 } 3152 3153 if (pInheritedObjectGuid != NULL) 3154 { 3155 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid; 3156 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT; 3157 } 3158 else 3159 { 3160 ZeroMemory(&pObjSid->InheritedObjectTypeGuid, 3161 sizeof(GUID)); 3162 } 3163 3164 pObjSid->ObjectsPresent = ObjectsPresent; 3165 pObjSid->pSid = pSid; 3166 3167 /* Fill the TRUSTEE structure */ 3168 pTrustee->pMultipleTrustee = NULL; 3169 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3170 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID; 3171 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN; 3172 pTrustee->ptstrName = (LPSTR) pObjSid; 3173 } 3174 3175 /****************************************************************************** 3176 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@] 3177 */ 3178 VOID WINAPI BuildTrusteeWithObjectsAndSidW( PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid, 3179 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid ) 3180 { 3181 DWORD ObjectsPresent = 0; 3182 3183 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid); 3184 3185 /* Fill the OBJECTS_AND_SID structure */ 3186 if (pObjectGuid != NULL) 3187 { 3188 pObjSid->ObjectTypeGuid = *pObjectGuid; 3189 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT; 3190 } 3191 else 3192 { 3193 ZeroMemory(&pObjSid->ObjectTypeGuid, 3194 sizeof(GUID)); 3195 } 3196 3197 if (pInheritedObjectGuid != NULL) 3198 { 3199 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid; 3200 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT; 3201 } 3202 else 3203 { 3204 ZeroMemory(&pObjSid->InheritedObjectTypeGuid, 3205 sizeof(GUID)); 3206 } 3207 3208 pObjSid->ObjectsPresent = ObjectsPresent; 3209 pObjSid->pSid = pSid; 3210 3211 /* Fill the TRUSTEE structure */ 3212 pTrustee->pMultipleTrustee =

Wine Cross Reference wine/dlls/advapi32/security.c

Wine Cross Reference
wine/dlls/advapi32/security.c