4 * Copyright 1996-1998 Marcus Meissner
5 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 #include "wine/port.h"
36 #define WIN32_NO_STATUS
38 #include "wine/exception.h"
39 #include "ntdll_misc.h"
40 #include "wine/library.h"
41 #include "wine/unicode.h"
42 #include "wine/debug.h"
44 WINE_DEFAULT_DEBUG_CHANNEL(ntdll);
46 #define NT_SUCCESS(status) (status == STATUS_SUCCESS)
48 /* helper function to copy an ACL */
49 static BOOLEAN copy_acl(DWORD nDestinationAclLength, PACL pDestinationAcl, PACL pSourceAcl)
53 if (!pSourceAcl || !RtlValidAcl(pSourceAcl))
56 size = ((ACL *)pSourceAcl)->AclSize;
57 if (nDestinationAclLength < size)
60 memmove(pDestinationAcl, pSourceAcl, size);
64 /* generically adds an ACE to an ACL */
65 static NTSTATUS add_access_ace(PACL pAcl, DWORD dwAceRevision, DWORD dwAceFlags,
66 DWORD dwAccessMask, PSID pSid, DWORD dwAceType)
68 ACE_HEADER *pAceHeader;
74 if (!RtlValidSid(pSid))
75 return STATUS_INVALID_SID;
77 if (pAcl->AclRevision > MAX_ACL_REVISION || dwAceRevision > MAX_ACL_REVISION)
78 return STATUS_REVISION_MISMATCH;
80 if (!RtlValidAcl(pAcl))
81 return STATUS_INVALID_ACL;
83 if (!RtlFirstFreeAce(pAcl, &pAceHeader))
84 return STATUS_INVALID_ACL;
87 return STATUS_ALLOTTED_SPACE_EXCEEDED;
89 /* calculate generic size of the ACE */
90 dwLengthSid = RtlLengthSid(pSid);
91 dwAceSize = sizeof(ACE_HEADER) + sizeof(DWORD) + dwLengthSid;
92 if ((char *)pAceHeader + dwAceSize > (char *)pAcl + pAcl->AclSize)
93 return STATUS_ALLOTTED_SPACE_EXCEEDED;
95 /* fill the new ACE */
96 pAceHeader->AceType = dwAceType;
97 pAceHeader->AceFlags = dwAceFlags;
98 pAceHeader->AceSize = dwAceSize;
100 /* skip past the ACE_HEADER of the ACE */
101 pAccessMask = (DWORD *)(pAceHeader + 1);
102 *pAccessMask = dwAccessMask;
104 /* skip past ACE->Mask */
105 pSidStart = pAccessMask + 1;
106 RtlCopySid(dwLengthSid, (PSID)pSidStart, pSid);
108 pAcl->AclRevision = max(pAcl->AclRevision, dwAceRevision);
111 return STATUS_SUCCESS;
118 /******************************************************************************
119 * RtlAllocateAndInitializeSid [NTDLL.@]
122 NTSTATUS WINAPI RtlAllocateAndInitializeSid (
123 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
124 BYTE nSubAuthorityCount,
125 DWORD nSubAuthority0, DWORD nSubAuthority1,
126 DWORD nSubAuthority2, DWORD nSubAuthority3,
127 DWORD nSubAuthority4, DWORD nSubAuthority5,
128 DWORD nSubAuthority6, DWORD nSubAuthority7,
133 TRACE("(%p, 0x%04x,0x%08x,0x%08x,0x%08x,0x%08x,0x%08x,0x%08x,0x%08x,0x%08x,%p)\n",
134 pIdentifierAuthority,nSubAuthorityCount,
135 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
136 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7, pSid);
138 if (nSubAuthorityCount > 8) return STATUS_INVALID_SID;
140 if (!(tmp_sid= RtlAllocateHeap( GetProcessHeap(), 0,
141 RtlLengthRequiredSid(nSubAuthorityCount))))
142 return STATUS_NO_MEMORY;
144 tmp_sid->Revision = SID_REVISION;
146 if (pIdentifierAuthority)
147 memcpy(&tmp_sid->IdentifierAuthority, pIdentifierAuthority, sizeof(SID_IDENTIFIER_AUTHORITY));
148 tmp_sid->SubAuthorityCount = nSubAuthorityCount;
150 switch( nSubAuthorityCount )
152 case 8: tmp_sid->SubAuthority[7]= nSubAuthority7;
153 case 7: tmp_sid->SubAuthority[6]= nSubAuthority6;
154 case 6: tmp_sid->SubAuthority[5]= nSubAuthority5;
155 case 5: tmp_sid->SubAuthority[4]= nSubAuthority4;
156 case 4: tmp_sid->SubAuthority[3]= nSubAuthority3;
157 case 3: tmp_sid->SubAuthority[2]= nSubAuthority2;
158 case 2: tmp_sid->SubAuthority[1]= nSubAuthority1;
159 case 1: tmp_sid->SubAuthority[0]= nSubAuthority0;
163 return STATUS_SUCCESS;
166 /******************************************************************************
167 * RtlEqualSid [NTDLL.@]
169 * Determine if two SIDs are equal.
172 * pSid1 [I] Source SID
173 * pSid2 [I] SID to compare with
176 * TRUE, if pSid1 is equal to pSid2,
179 BOOL WINAPI RtlEqualSid( PSID pSid1, PSID pSid2 )
181 if (!RtlValidSid(pSid1) || !RtlValidSid(pSid2))
184 if (*RtlSubAuthorityCountSid(pSid1) != *RtlSubAuthorityCountSid(pSid2))
187 if (memcmp(pSid1, pSid2, RtlLengthSid(pSid1)) != 0)
193 /******************************************************************************
194 * RtlEqualPrefixSid [NTDLL.@]
196 BOOL WINAPI RtlEqualPrefixSid (PSID pSid1, PSID pSid2)
198 if (!RtlValidSid(pSid1) || !RtlValidSid(pSid2))
201 if (*RtlSubAuthorityCountSid(pSid1) != *RtlSubAuthorityCountSid(pSid2))
204 if (memcmp(pSid1, pSid2, RtlLengthRequiredSid(((SID*)pSid1)->SubAuthorityCount - 1)) != 0)
211 /******************************************************************************
212 * RtlFreeSid [NTDLL.@]
214 * Free the resources used by a SID.
217 * pSid [I] SID to Free.
222 DWORD WINAPI RtlFreeSid(PSID pSid)
224 TRACE("(%p)\n", pSid);
225 RtlFreeHeap( GetProcessHeap(), 0, pSid );
226 return STATUS_SUCCESS;
229 /**************************************************************************
230 * RtlLengthRequiredSid [NTDLL.@]
232 * Determine the amount of memory a SID will use
235 * nrofsubauths [I] Number of Sub Authorities in the SID.
238 * The size, in bytes, of a SID with nrofsubauths Sub Authorities.
240 DWORD WINAPI RtlLengthRequiredSid(DWORD nrofsubauths)
242 return (nrofsubauths-1)*sizeof(DWORD) + sizeof(SID);
245 /**************************************************************************
246 * RtlLengthSid [NTDLL.@]
248 * Determine the amount of memory a SID is using
251 * pSid [I] SID to get the size of.
254 * The size, in bytes, of pSid.
256 DWORD WINAPI RtlLengthSid(PSID pSid)
258 TRACE("sid=%p\n",pSid);
260 return RtlLengthRequiredSid(*RtlSubAuthorityCountSid(pSid));
263 /**************************************************************************
264 * RtlInitializeSid [NTDLL.@]
269 * pSid [I] SID to initialise
270 * pIdentifierAuthority [I] Identifier Authority
271 * nSubAuthorityCount [I] Number of Sub Authorities
274 * Success: TRUE. pSid is initialised with the details given.
275 * Failure: FALSE, if nSubAuthorityCount is >= SID_MAX_SUB_AUTHORITIES.
277 BOOL WINAPI RtlInitializeSid(
279 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
280 BYTE nSubAuthorityCount)
285 if (nSubAuthorityCount >= SID_MAX_SUB_AUTHORITIES)
288 pisid->Revision = SID_REVISION;
289 pisid->SubAuthorityCount = nSubAuthorityCount;
290 if (pIdentifierAuthority)
291 memcpy(&pisid->IdentifierAuthority, pIdentifierAuthority, sizeof (SID_IDENTIFIER_AUTHORITY));
293 for (i = 0; i < nSubAuthorityCount; i++)
294 *RtlSubAuthoritySid(pSid, i) = 0;
299 /**************************************************************************
300 * RtlSubAuthoritySid [NTDLL.@]
302 * Return the Sub Authority of a SID
305 * pSid [I] SID to get the Sub Authority from.
306 * nSubAuthority [I] Sub Authority number.
309 * A pointer to The Sub Authority value of pSid.
311 LPDWORD WINAPI RtlSubAuthoritySid( PSID pSid, DWORD nSubAuthority )
313 return &(((SID*)pSid)->SubAuthority[nSubAuthority]);
316 /**************************************************************************
317 * RtlIdentifierAuthoritySid [NTDLL.@]
319 * Return the Identifier Authority of a SID.
322 * pSid [I] SID to get the Identifier Authority from.
325 * A pointer to the Identifier Authority value of pSid.
327 PSID_IDENTIFIER_AUTHORITY WINAPI RtlIdentifierAuthoritySid( PSID pSid )
329 return &(((SID*)pSid)->IdentifierAuthority);
332 /**************************************************************************
333 * RtlSubAuthorityCountSid [NTDLL.@]
335 * Get the number of Sub Authorities in a SID.
338 * pSid [I] SID to get the count from.
341 * A pointer to the Sub Authority count of pSid.
343 LPBYTE WINAPI RtlSubAuthorityCountSid(PSID pSid)
345 return &(((SID*)pSid)->SubAuthorityCount);
348 /**************************************************************************
349 * RtlCopySid [NTDLL.@]
351 BOOLEAN WINAPI RtlCopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
353 if (!pSourceSid || !RtlValidSid(pSourceSid) ||
354 (nDestinationSidLength < RtlLengthSid(pSourceSid)))
357 if (nDestinationSidLength < (((SID*)pSourceSid)->SubAuthorityCount*4+8))
360 memmove(pDestinationSid, pSourceSid, ((SID*)pSourceSid)->SubAuthorityCount*4+8);
363 /******************************************************************************
364 * RtlValidSid [NTDLL.@]
366 * Determine if a SID is valid.
369 * pSid [I] SID to check
372 * TRUE if pSid is valid,
375 BOOLEAN WINAPI RtlValidSid( PSID pSid )
381 if (!pSid || ((SID*)pSid)->Revision != SID_REVISION ||
382 ((SID*)pSid)->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES)
389 WARN("(%p): invalid pointer!\n", pSid);
398 * security descriptor functions
401 /**************************************************************************
402 * RtlCreateSecurityDescriptor [NTDLL.@]
404 * Initialise a SECURITY_DESCRIPTOR.
407 * lpsd [O] Descriptor to initialise.
408 * rev [I] Revision, must be set to SECURITY_DESCRIPTOR_REVISION.
411 * Success: STATUS_SUCCESS.
412 * Failure: STATUS_UNKNOWN_REVISION if rev is incorrect.
414 NTSTATUS WINAPI RtlCreateSecurityDescriptor(
415 PSECURITY_DESCRIPTOR lpsd,
418 if (rev!=SECURITY_DESCRIPTOR_REVISION)
419 return STATUS_UNKNOWN_REVISION;
420 memset(lpsd,'\0',sizeof(SECURITY_DESCRIPTOR));
421 ((SECURITY_DESCRIPTOR*)lpsd)->Revision = SECURITY_DESCRIPTOR_REVISION;
422 return STATUS_SUCCESS;
425 /**************************************************************************
426 * RtlCopySecurityDescriptor [NTDLL.@]
428 * Copies an absolute or sefl-relative SECURITY_DESCRIPTOR.
431 * pSourceSD [O] SD to copy from.
432 * pDestinationSD [I] Destination SD.
435 * Success: STATUS_SUCCESS.
436 * Failure: STATUS_UNKNOWN_REVISION if rev is incorrect.
438 NTSTATUS WINAPI RtlCopySecurityDescriptor(PSECURITY_DESCRIPTOR pSourceSD, PSECURITY_DESCRIPTOR pDestinationSD)
440 SECURITY_DESCRIPTOR *srcSD = (SECURITY_DESCRIPTOR *)pSourceSD;
441 SECURITY_DESCRIPTOR *destSD = (SECURITY_DESCRIPTOR *)pDestinationSD;
444 BOOLEAN defaulted, present;
446 BOOL isSelfRelative = srcSD->Control & SE_SELF_RELATIVE;
448 if (srcSD->Revision != SECURITY_DESCRIPTOR_REVISION)
449 return STATUS_UNKNOWN_REVISION;
451 /* copy initial data */
452 destSD->Revision = srcSD->Revision;
453 destSD->Sbz1 = srcSD->Sbz1;
454 destSD->Control = srcSD->Control;
457 RtlGetOwnerSecurityDescriptor(pSourceSD, &Owner, &defaulted);
458 length = RtlLengthSid(Owner);
462 destSD->Owner = srcSD->Owner;
463 RtlCopySid(length, (LPBYTE)destSD + (DWORD_PTR)destSD->Owner, Owner);
467 destSD->Owner = RtlAllocateHeap(GetProcessHeap(), 0, length);
468 RtlCopySid(length, destSD->Owner, Owner);
472 RtlGetGroupSecurityDescriptor(pSourceSD, &Group, &defaulted);
473 length = RtlLengthSid(Group);
477 destSD->Group = srcSD->Group;
478 RtlCopySid(length, (LPBYTE)destSD + (DWORD_PTR)destSD->Group, Group);
482 destSD->Group = RtlAllocateHeap(GetProcessHeap(), 0, length);
483 RtlCopySid(length, destSD->Group, Group);
487 if (srcSD->Control & SE_DACL_PRESENT)
489 RtlGetDaclSecurityDescriptor(pSourceSD, &present, &Dacl, &defaulted);
490 length = Dacl->AclSize;
494 destSD->Dacl = srcSD->Dacl;
495 copy_acl(length, (PACL)((LPBYTE)destSD + (DWORD_PTR)destSD->Dacl), Dacl);
499 destSD->Dacl = RtlAllocateHeap(GetProcessHeap(), 0, length);
500 copy_acl(length, destSD->Dacl, Dacl);
505 if (srcSD->Control & SE_SACL_PRESENT)
507 RtlGetSaclSecurityDescriptor(pSourceSD, &present, &Sacl, &defaulted);
508 length = Sacl->AclSize;
512 destSD->Sacl = srcSD->Sacl;
513 copy_acl(length, (PACL)((LPBYTE)destSD + (DWORD_PTR)destSD->Sacl), Sacl);
517 destSD->Sacl = RtlAllocateHeap(GetProcessHeap(), 0, length);
518 copy_acl(length, destSD->Sacl, Sacl);
522 return STATUS_SUCCESS;
525 /**************************************************************************
526 * RtlValidSecurityDescriptor [NTDLL.@]
528 * Determine if a SECURITY_DESCRIPTOR is valid.
531 * SecurityDescriptor [I] Descriptor to check.
534 * Success: STATUS_SUCCESS.
535 * Failure: STATUS_INVALID_SECURITY_DESCR or STATUS_UNKNOWN_REVISION.
537 NTSTATUS WINAPI RtlValidSecurityDescriptor(
538 PSECURITY_DESCRIPTOR SecurityDescriptor)
540 if ( ! SecurityDescriptor )
541 return STATUS_INVALID_SECURITY_DESCR;
542 if ( ((SECURITY_DESCRIPTOR*)SecurityDescriptor)->Revision != SECURITY_DESCRIPTOR_REVISION )
543 return STATUS_UNKNOWN_REVISION;
545 return STATUS_SUCCESS;
548 /**************************************************************************
549 * RtlLengthSecurityDescriptor [NTDLL.@]
551 ULONG WINAPI RtlLengthSecurityDescriptor(
552 PSECURITY_DESCRIPTOR pSecurityDescriptor)
554 SECURITY_DESCRIPTOR* lpsd=pSecurityDescriptor;
555 ULONG_PTR offset = 0;
556 ULONG Size = SECURITY_DESCRIPTOR_MIN_LENGTH;
561 if ( lpsd->Control & SE_SELF_RELATIVE)
562 offset = (ULONG_PTR) lpsd;
564 if ( lpsd->Owner != NULL )
565 Size += RtlLengthSid((PSID)((LPBYTE)lpsd->Owner + offset));
567 if ( lpsd->Group != NULL )
568 Size += RtlLengthSid((PSID)((LPBYTE)lpsd->Group + offset));
570 if ( (lpsd->Control & SE_SACL_PRESENT) &&
572 Size += ((PACL)((LPBYTE)lpsd->Sacl + offset))->AclSize;
574 if ( (lpsd->Control & SE_DACL_PRESENT) &&
576 Size += ((PACL)((LPBYTE)lpsd->Dacl + offset))->AclSize;
581 /******************************************************************************
582 * RtlGetDaclSecurityDescriptor [NTDLL.@]
585 NTSTATUS WINAPI RtlGetDaclSecurityDescriptor(
586 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
587 OUT PBOOLEAN lpbDaclPresent,
589 OUT PBOOLEAN lpbDaclDefaulted)
591 SECURITY_DESCRIPTOR* lpsd=pSecurityDescriptor;
593 TRACE("(%p,%p,%p,%p)\n",
594 pSecurityDescriptor, lpbDaclPresent, pDacl, lpbDaclDefaulted);
596 if (lpsd->Revision != SECURITY_DESCRIPTOR_REVISION)
597 return STATUS_UNKNOWN_REVISION ;
599 if ( (*lpbDaclPresent = (SE_DACL_PRESENT & lpsd->Control) ? 1 : 0) )
601 if ( SE_SELF_RELATIVE & lpsd->Control)
602 *pDacl = (PACL) ((LPBYTE)lpsd + (DWORD_PTR)lpsd->Dacl);
606 *lpbDaclDefaulted = (( SE_DACL_DEFAULTED & lpsd->Control ) ? 1 : 0);
609 return STATUS_SUCCESS;
612 /**************************************************************************
613 * RtlSetDaclSecurityDescriptor [NTDLL.@]
615 NTSTATUS WINAPI RtlSetDaclSecurityDescriptor (
616 PSECURITY_DESCRIPTOR pSecurityDescriptor,
619 BOOLEAN dacldefaulted )
621 SECURITY_DESCRIPTOR* lpsd=pSecurityDescriptor;
623 if (lpsd->Revision!=SECURITY_DESCRIPTOR_REVISION)
624 return STATUS_UNKNOWN_REVISION;
625 if (lpsd->Control & SE_SELF_RELATIVE)
626 return STATUS_INVALID_SECURITY_DESCR;
629 { lpsd->Control &= ~SE_DACL_PRESENT;
633 lpsd->Control |= SE_DACL_PRESENT;
637 lpsd->Control |= SE_DACL_DEFAULTED;
639 lpsd->Control &= ~SE_DACL_DEFAULTED;
641 return STATUS_SUCCESS;
644 /******************************************************************************
645 * RtlGetSaclSecurityDescriptor [NTDLL.@]
648 NTSTATUS WINAPI RtlGetSaclSecurityDescriptor(
649 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
650 OUT PBOOLEAN lpbSaclPresent,
652 OUT PBOOLEAN lpbSaclDefaulted)
654 SECURITY_DESCRIPTOR* lpsd=pSecurityDescriptor;
656 TRACE("(%p,%p,%p,%p)\n",
657 pSecurityDescriptor, lpbSaclPresent, *pSacl, lpbSaclDefaulted);
659 if (lpsd->Revision != SECURITY_DESCRIPTOR_REVISION)
660 return STATUS_UNKNOWN_REVISION;
662 if ( (*lpbSaclPresent = (SE_SACL_PRESENT & lpsd->Control) ? 1 : 0) )
664 if (SE_SELF_RELATIVE & lpsd->Control)
665 *pSacl = (PACL) ((LPBYTE)lpsd + (DWORD_PTR)lpsd->Sacl);
669 *lpbSaclDefaulted = (( SE_SACL_DEFAULTED & lpsd->Control ) ? 1 : 0);
672 return STATUS_SUCCESS;
675 /**************************************************************************
676 * RtlSetSaclSecurityDescriptor [NTDLL.@]
678 NTSTATUS WINAPI RtlSetSaclSecurityDescriptor (
679 PSECURITY_DESCRIPTOR pSecurityDescriptor,
682 BOOLEAN sacldefaulted)
684 SECURITY_DESCRIPTOR* lpsd=pSecurityDescriptor;
686 if (lpsd->Revision!=SECURITY_DESCRIPTOR_REVISION)
687 return STATUS_UNKNOWN_REVISION;
688 if (lpsd->Control & SE_SELF_RELATIVE)
689 return STATUS_INVALID_SECURITY_DESCR;
691 lpsd->Control &= ~SE_SACL_PRESENT;
694 lpsd->Control |= SE_SACL_PRESENT;
697 lpsd->Control |= SE_SACL_DEFAULTED;
699 lpsd->Control &= ~SE_SACL_DEFAULTED;
700 return STATUS_SUCCESS;
703 /**************************************************************************
704 * RtlGetOwnerSecurityDescriptor [NTDLL.@]
706 NTSTATUS WINAPI RtlGetOwnerSecurityDescriptor(
707 PSECURITY_DESCRIPTOR pSecurityDescriptor,
709 PBOOLEAN OwnerDefaulted)
711 SECURITY_DESCRIPTOR* lpsd=pSecurityDescriptor;
713 if ( !lpsd || !Owner || !OwnerDefaulted )
714 return STATUS_INVALID_PARAMETER;
716 if (lpsd->Owner != NULL)
718 if (lpsd->Control & SE_SELF_RELATIVE)
719 *Owner = (PSID)((LPBYTE)lpsd + (ULONG_PTR)lpsd->Owner);
721 *Owner = lpsd->Owner;
723 if ( lpsd->Control & SE_OWNER_DEFAULTED )
724 *OwnerDefaulted = TRUE;
726 *OwnerDefaulted = FALSE;
731 return STATUS_SUCCESS;
734 /**************************************************************************
735 * RtlSetOwnerSecurityDescriptor [NTDLL.@]
737 NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(
738 PSECURITY_DESCRIPTOR pSecurityDescriptor,
740 BOOLEAN ownerdefaulted)
742 SECURITY_DESCRIPTOR* lpsd=pSecurityDescriptor;
744 if (lpsd->Revision!=SECURITY_DESCRIPTOR_REVISION)
745 return STATUS_UNKNOWN_REVISION;
746 if (lpsd->Control & SE_SELF_RELATIVE)
747 return STATUS_INVALID_SECURITY_DESCR;
751 lpsd->Control |= SE_OWNER_DEFAULTED;
753 lpsd->Control &= ~SE_OWNER_DEFAULTED;
754 return STATUS_SUCCESS;
757 /**************************************************************************
758 * RtlSetGroupSecurityDescriptor [NTDLL.@]
760 NTSTATUS WINAPI RtlSetGroupSecurityDescriptor (
761 PSECURITY_DESCRIPTOR pSecurityDescriptor,
763 BOOLEAN groupdefaulted)
765 SECURITY_DESCRIPTOR* lpsd=pSecurityDescriptor;
767 if (lpsd->Revision!=SECURITY_DESCRIPTOR_REVISION)
768 return STATUS_UNKNOWN_REVISION;
769 if (lpsd->Control & SE_SELF_RELATIVE)
770 return STATUS_INVALID_SECURITY_DESCR;
774 lpsd->Control |= SE_GROUP_DEFAULTED;
776 lpsd->Control &= ~SE_GROUP_DEFAULTED;
777 return STATUS_SUCCESS;
780 /**************************************************************************
781 * RtlGetGroupSecurityDescriptor [NTDLL.@]
783 NTSTATUS WINAPI RtlGetGroupSecurityDescriptor(
784 PSECURITY_DESCRIPTOR pSecurityDescriptor,
786 PBOOLEAN GroupDefaulted)
788 SECURITY_DESCRIPTOR* lpsd=pSecurityDescriptor;
790 if ( !lpsd || !Group || !GroupDefaulted )
791 return STATUS_INVALID_PARAMETER;
793 if (lpsd->Group != NULL)
795 if (lpsd->Control & SE_SELF_RELATIVE)
796 *Group = (PSID)((LPBYTE)lpsd + (ULONG_PTR)lpsd->Group);
798 *Group = lpsd->Group;
800 if ( lpsd->Control & SE_GROUP_DEFAULTED )
801 *GroupDefaulted = TRUE;
803 *GroupDefaulted = FALSE;
808 return STATUS_SUCCESS;
811 /**************************************************************************
812 * RtlMakeSelfRelativeSD [NTDLL.@]
814 NTSTATUS WINAPI RtlMakeSelfRelativeSD(
815 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
816 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
817 IN OUT LPDWORD lpdwBufferLength)
821 SECURITY_DESCRIPTOR* pAbs = pAbsoluteSecurityDescriptor;
822 SECURITY_DESCRIPTOR* pRel = pSelfRelativeSecurityDescriptor;
824 TRACE(" %p %p %p(%d)\n", pAbs, pRel, lpdwBufferLength,
825 lpdwBufferLength ? *lpdwBufferLength: -1);
827 if (!lpdwBufferLength || !pAbs)
828 return STATUS_INVALID_PARAMETER;
830 length = RtlLengthSecurityDescriptor(pAbs);
831 if (*lpdwBufferLength < length)
833 *lpdwBufferLength = length;
834 return STATUS_BUFFER_TOO_SMALL;
838 return STATUS_INVALID_PARAMETER;
840 if (pAbs->Control & SE_SELF_RELATIVE)
842 memcpy(pRel, pAbs, length);
843 return STATUS_SUCCESS;
846 pRel->Revision = pAbs->Revision;
847 pRel->Sbz1 = pAbs->Sbz1;
848 pRel->Control = pAbs->Control | SE_SELF_RELATIVE;
850 offsetRel = sizeof(SECURITY_DESCRIPTOR);
851 pRel->Owner = (PSID) offsetRel;
852 length = RtlLengthSid(pAbs->Owner);
853 memcpy((LPBYTE)pRel + offsetRel, pAbs->Owner, length);
856 pRel->Group = (PSID) offsetRel;
857 length = RtlLengthSid(pAbs->Group);
858 memcpy((LPBYTE)pRel + offsetRel, pAbs->Group, length);
860 if (pRel->Control & SE_SACL_PRESENT)
863 pRel->Sacl = (PACL) offsetRel;
864 length = pAbs->Sacl->AclSize;
865 memcpy((LPBYTE)pRel + offsetRel, pAbs->Sacl, length);
872 if (pRel->Control & SE_DACL_PRESENT)
875 pRel->Dacl = (PACL) offsetRel;
876 length = pAbs->Dacl->AclSize;
877 memcpy((LPBYTE)pRel + offsetRel, pAbs->Dacl, length);
884 return STATUS_SUCCESS;
888 /**************************************************************************
889 * RtlSelfRelativeToAbsoluteSD [NTDLL.@]
891 NTSTATUS WINAPI RtlSelfRelativeToAbsoluteSD(
892 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
893 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
894 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
896 OUT LPDWORD lpdwDaclSize,
898 OUT LPDWORD lpdwSaclSize,
900 OUT LPDWORD lpdwOwnerSize,
901 OUT PSID pPrimaryGroup,
902 OUT LPDWORD lpdwPrimaryGroupSize)
904 NTSTATUS status = STATUS_SUCCESS;
905 SECURITY_DESCRIPTOR* pAbs = pAbsoluteSecurityDescriptor;
906 SECURITY_DESCRIPTOR* pRel = pSelfRelativeSecurityDescriptor;
909 !lpdwAbsoluteSecurityDescriptorSize ||
913 !lpdwPrimaryGroupSize ||
914 ~pRel->Control & SE_SELF_RELATIVE)
915 return STATUS_INVALID_PARAMETER;
917 /* Confirm buffers are sufficiently large */
918 if (*lpdwAbsoluteSecurityDescriptorSize < sizeof(SECURITY_DESCRIPTOR))
920 *lpdwAbsoluteSecurityDescriptorSize = sizeof(SECURITY_DESCRIPTOR);
921 status = STATUS_BUFFER_TOO_SMALL;
924 if (pRel->Control & SE_DACL_PRESENT &&
925 *lpdwDaclSize < ((PACL)((LPBYTE)pRel->Dacl + (ULONG_PTR)pRel))->AclSize)
927 *lpdwDaclSize = ((PACL)((LPBYTE)pRel->Dacl + (ULONG_PTR)pRel))->AclSize;
928 status = STATUS_BUFFER_TOO_SMALL;
931 if (pRel->Control & SE_SACL_PRESENT &&
932 *lpdwSaclSize < ((PACL)((LPBYTE)pRel->Sacl + (ULONG_PTR)pRel))->AclSize)
934 *lpdwSaclSize = ((PACL)((LPBYTE)pRel->Sacl + (ULONG_PTR)pRel))->AclSize;
935 status = STATUS_BUFFER_TOO_SMALL;
939 *lpdwOwnerSize < RtlLengthSid((PSID)((LPBYTE)pRel->Owner + (ULONG_PTR)pRel)))
941 *lpdwOwnerSize = RtlLengthSid((PSID)((LPBYTE)pRel->Owner + (ULONG_PTR)pRel));
942 status = STATUS_BUFFER_TOO_SMALL;
946 *lpdwPrimaryGroupSize < RtlLengthSid((PSID)((LPBYTE)pRel->Group + (ULONG_PTR)pRel)))
948 *lpdwPrimaryGroupSize = RtlLengthSid((PSID)((LPBYTE)pRel->Group + (ULONG_PTR)pRel));
949 status = STATUS_BUFFER_TOO_SMALL;
952 if (status != STATUS_SUCCESS)
955 /* Copy structures, and clear the ones we don't set */
956 pAbs->Revision = pRel->Revision;
957 pAbs->Control = pRel->Control & ~SE_SELF_RELATIVE;
963 if (pRel->Control & SE_SACL_PRESENT)
965 PACL pAcl = (PACL)((LPBYTE)pRel->Sacl + (ULONG_PTR)pRel);
967 memcpy(pSacl, pAcl, pAcl->AclSize);
971 if (pRel->Control & SE_DACL_PRESENT)
973 PACL pAcl = (PACL)((LPBYTE)pRel->Dacl + (ULONG_PTR)pRel);
974 memcpy(pDacl, pAcl, pAcl->AclSize);
980 PSID psid = (PSID)((LPBYTE)pRel->Owner + (ULONG_PTR)pRel);
981 memcpy(pOwner, psid, RtlLengthSid(psid));
982 pAbs->Owner = pOwner;
987 PSID psid = (PSID)((LPBYTE)pRel->Group + (ULONG_PTR)pRel);
988 memcpy(pPrimaryGroup, psid, RtlLengthSid(psid));
989 pAbs->Group = pPrimaryGroup;
995 /******************************************************************************
996 * RtlGetControlSecurityDescriptor (NTDLL.@)
998 NTSTATUS WINAPI RtlGetControlSecurityDescriptor(
999 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1000 PSECURITY_DESCRIPTOR_CONTROL pControl,
1001 LPDWORD lpdwRevision)
1003 SECURITY_DESCRIPTOR *lpsd = pSecurityDescriptor;
1005 TRACE("(%p,%p,%p)\n",pSecurityDescriptor,pControl,lpdwRevision);
1007 *lpdwRevision = lpsd->Revision;
1009 if (*lpdwRevision != SECURITY_DESCRIPTOR_REVISION)
1010 return STATUS_UNKNOWN_REVISION;
1012 *pControl = lpsd->Control;
1014 return STATUS_SUCCESS;
1018 /**************************************************************************
1019 * RtlAbsoluteToSelfRelativeSD [NTDLL.@]
1021 NTSTATUS WINAPI RtlAbsoluteToSelfRelativeSD(
1022 PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
1023 PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
1024 PULONG BufferLength)
1026 SECURITY_DESCRIPTOR *abs = AbsoluteSecurityDescriptor;
1028 TRACE("%p %p %p\n", AbsoluteSecurityDescriptor,
1029 SelfRelativeSecurityDescriptor, BufferLength);
1031 if (abs->Control & SE_SELF_RELATIVE)
1032 return STATUS_BAD_DESCRIPTOR_FORMAT;
1034 return RtlMakeSelfRelativeSD(AbsoluteSecurityDescriptor,
1035 SelfRelativeSecurityDescriptor, BufferLength);
1040 * access control list's
1043 /**************************************************************************
1044 * RtlCreateAcl [NTDLL.@]
1047 * This should return NTSTATUS
1049 NTSTATUS WINAPI RtlCreateAcl(PACL acl,DWORD size,DWORD rev)
1051 TRACE("%p 0x%08x 0x%08x\n", acl, size, rev);
1053 if (rev!=ACL_REVISION)
1054 return STATUS_INVALID_PARAMETER;
1055 if (size<sizeof(ACL))
1056 return STATUS_BUFFER_TOO_SMALL;
1058 return STATUS_INVALID_PARAMETER;
1060 memset(acl,'\0',sizeof(ACL));
1061 acl->AclRevision = rev;
1062 acl->AclSize = size;
1064 return STATUS_SUCCESS;
1067 /**************************************************************************
1068 * RtlFirstFreeAce [NTDLL.@]
1069 * looks for the AceCount+1 ACE, and if it is still within the alloced
1070 * ACL, return a pointer to it
1072 BOOLEAN WINAPI RtlFirstFreeAce(
1080 ace = (PACE_HEADER)(acl+1);
1081 for (i=0;i<acl->AceCount;i++) {
1082 if ((BYTE *)ace >= (BYTE *)acl + acl->AclSize)
1084 ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize);
1086 if ((BYTE *)ace >= (BYTE *)acl + acl->AclSize)
1092 /**************************************************************************
1093 * RtlAddAce [NTDLL.@]
1095 NTSTATUS WINAPI RtlAddAce(
1099 PACE_HEADER acestart,
1102 PACE_HEADER ace,targetace;
1105 if (acl->AclRevision != ACL_REVISION)
1106 return STATUS_INVALID_PARAMETER;
1107 if (!RtlFirstFreeAce(acl,&targetace))
1108 return STATUS_INVALID_PARAMETER;
1109 nrofaces=0;ace=acestart;
1110 while (((BYTE *)ace - (BYTE *)acestart) < acelen) {
1112 ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize);
1114 if ((BYTE *)targetace + acelen > (BYTE *)acl + acl->AclSize) /* too much aces */
1115 return STATUS_INVALID_PARAMETER;
1116 memcpy((LPBYTE)targetace,acestart,acelen);
1117 acl->AceCount+=nrofaces;
1118 return STATUS_SUCCESS;
1121 /**************************************************************************
1122 * RtlDeleteAce [NTDLL.@]
1124 NTSTATUS WINAPI RtlDeleteAce(PACL pAcl, DWORD dwAceIndex)
1129 status = RtlGetAce(pAcl,dwAceIndex,(LPVOID*)&pAce);
1131 if (STATUS_SUCCESS == status)
1136 /* skip over the ACE we are deleting */
1137 pcAce = (PACE_HEADER)(((BYTE*)pAce)+pAce->AceSize);
1140 /* calculate the length of the rest */
1141 for (; dwAceIndex < pAcl->AceCount; dwAceIndex++)
1143 len += pcAce->AceSize;
1144 pcAce = (PACE_HEADER)(((BYTE*)pcAce) + pcAce->AceSize);
1147 /* slide them all backwards */
1148 memmove(pAce, ((BYTE*)pAce)+pAce->AceSize, len);
1152 TRACE("pAcl=%p dwAceIndex=%d status=0x%08x\n", pAcl, dwAceIndex, status);
1157 /******************************************************************************
1158 * RtlAddAccessAllowedAce [NTDLL.@]
1160 NTSTATUS WINAPI RtlAddAccessAllowedAce(
1162 IN DWORD dwAceRevision,
1163 IN DWORD AccessMask,
1166 return RtlAddAccessAllowedAceEx( pAcl, dwAceRevision, 0, AccessMask, pSid);
1169 /******************************************************************************
1170 * RtlAddAccessAllowedAceEx [NTDLL.@]
1172 NTSTATUS WINAPI RtlAddAccessAllowedAceEx(
1174 IN DWORD dwAceRevision,
1176 IN DWORD AccessMask,
1179 TRACE("(%p,0x%08x,0x%08x,%p)\n", pAcl, dwAceRevision, AccessMask, pSid);
1181 return add_access_ace(pAcl, dwAceRevision, AceFlags,
1182 AccessMask, pSid, ACCESS_ALLOWED_ACE_TYPE);
1185 /******************************************************************************
1186 * RtlAddAccessDeniedAce [NTDLL.@]
1188 NTSTATUS WINAPI RtlAddAccessDeniedAce(
1190 IN DWORD dwAceRevision,
1191 IN DWORD AccessMask,
1194 return RtlAddAccessDeniedAceEx( pAcl, dwAceRevision, 0, AccessMask, pSid);
1197 /******************************************************************************
1198 * RtlAddAccessDeniedAceEx [NTDLL.@]
1200 NTSTATUS WINAPI RtlAddAccessDeniedAceEx(
1202 IN DWORD dwAceRevision,
1204 IN DWORD AccessMask,
1207 TRACE("(%p,0x%08x,0x%08x,%p)\n", pAcl, dwAceRevision, AccessMask, pSid);
1209 return add_access_ace(pAcl, dwAceRevision, AceFlags,
1210 AccessMask, pSid, ACCESS_DENIED_ACE_TYPE);
1213 /**************************************************************************
1214 * RtlAddAuditAccessAce [NTDLL.@]
1216 NTSTATUS WINAPI RtlAddAuditAccessAceEx(
1218 IN DWORD dwAceRevision,
1219 IN DWORD dwAceFlags,
1220 IN DWORD dwAccessMask,
1222 IN BOOL bAuditSuccess,
1223 IN BOOL bAuditFailure)
1225 TRACE("(%p,%d,0x%08x,0x%08x,%p,%u,%u)\n",pAcl,dwAceRevision,dwAceFlags,dwAccessMask,
1226 pSid,bAuditSuccess,bAuditFailure);
1229 dwAceFlags |= SUCCESSFUL_ACCESS_ACE_FLAG;
1232 dwAceFlags |= FAILED_ACCESS_ACE_FLAG;
1234 return add_access_ace(pAcl, dwAceRevision, dwAceFlags,
1235 dwAccessMask, pSid, SYSTEM_AUDIT_ACE_TYPE);
1238 /**************************************************************************
1239 * RtlAddAuditAccessAce [NTDLL.@]
1241 NTSTATUS WINAPI RtlAddAuditAccessAce(
1243 IN DWORD dwAceRevision,
1244 IN DWORD dwAccessMask,
1246 IN BOOL bAuditSuccess,
1247 IN BOOL bAuditFailure)
1249 return RtlAddAuditAccessAceEx(pAcl, dwAceRevision, 0, dwAccessMask, pSid, bAuditSuccess, bAuditFailure);
1252 /******************************************************************************
1253 * RtlValidAcl [NTDLL.@]
1255 BOOLEAN WINAPI RtlValidAcl(PACL pAcl)
1258 TRACE("(%p)\n", pAcl);
1265 if (pAcl->AclRevision != ACL_REVISION)
1269 ace = (PACE_HEADER)(pAcl+1);
1271 for (i=0;i<=pAcl->AceCount;i++)
1273 if ((char *)ace > (char *)pAcl + pAcl->AclSize)
1278 ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize);
1284 WARN("(%p): invalid pointer!\n", pAcl);
1291 /******************************************************************************
1292 * RtlGetAce [NTDLL.@]
1294 NTSTATUS WINAPI RtlGetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1298 TRACE("(%p,%d,%p)\n",pAcl,dwAceIndex,pAce);
1300 if ((dwAceIndex < 0) || (dwAceIndex > pAcl->AceCount))
1301 return STATUS_INVALID_PARAMETER;
1303 ace = (PACE_HEADER)(pAcl + 1);
1304 for (;dwAceIndex;dwAceIndex--)
1305 ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize);
1307 *pAce = (LPVOID) ace;
1309 return STATUS_SUCCESS;
1316 /******************************************************************************
1317 * RtlAdjustPrivilege [NTDLL.@]
1319 * Enables or disables a privilege from the calling thread or process.
1322 * Privilege [I] Privilege index to change.
1323 * Enable [I] If TRUE, then enable the privilege otherwise disable.
1324 * CurrentThread [I] If TRUE, then enable in calling thread, otherwise process.
1325 * Enabled [O] Whether privilege was previously enabled or disabled.
1328 * Success: STATUS_SUCCESS.
1329 * Failure: NTSTATUS code.
1332 * NtAdjustPrivilegesToken, NtOpenThreadToken, NtOpenProcessToken.
1336 RtlAdjustPrivilege(ULONG Privilege,
1338 BOOLEAN CurrentThread,
1341 TOKEN_PRIVILEGES NewState;
1342 TOKEN_PRIVILEGES OldState;
1347 TRACE("(%d, %s, %s, %p)\n", Privilege, Enable ? "TRUE" : "FALSE",
1348 CurrentThread ? "TRUE" : "FALSE", Enabled);
1352 Status = NtOpenThreadToken(GetCurrentThread(),
1353 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
1359 Status = NtOpenProcessToken(GetCurrentProcess(),
1360 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
1364 if (!NT_SUCCESS(Status))
1366 WARN("Retrieving token handle failed (Status %x)\n", Status);
1370 OldState.PrivilegeCount = 1;
1372 NewState.PrivilegeCount = 1;
1373 NewState.Privileges[0].Luid.LowPart = Privilege;
1374 NewState.Privileges[0].Luid.HighPart = 0;
1375 NewState.Privileges[0].Attributes = (Enable) ? SE_PRIVILEGE_ENABLED : 0;
1377 Status = NtAdjustPrivilegesToken(TokenHandle,
1380 sizeof(TOKEN_PRIVILEGES),
1383 NtClose (TokenHandle);
1384 if (Status == STATUS_NOT_ALL_ASSIGNED)
1386 TRACE("Failed to assign all privileges\n");
1387 return STATUS_PRIVILEGE_NOT_HELD;
1389 if (!NT_SUCCESS(Status))
1391 WARN("NtAdjustPrivilegesToken() failed (Status %x)\n", Status);
1395 if (OldState.PrivilegeCount == 0)
1398 *Enabled = (OldState.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED);
1400 return STATUS_SUCCESS;
1403 /******************************************************************************
1404 * RtlImpersonateSelf [NTDLL.@]
1406 * Makes an impersonation token that represents the process user and assigns
1407 * to the current thread.
1410 * ImpersonationLevel [I] Level at which to impersonate.
1413 * Success: STATUS_SUCCESS.
1414 * Failure: NTSTATUS code.
1417 RtlImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1420 OBJECT_ATTRIBUTES ObjectAttributes;
1421 HANDLE ProcessToken;
1422 HANDLE ImpersonationToken;
1424 TRACE("(%08x)\n", ImpersonationLevel);
1426 Status = NtOpenProcessToken( NtCurrentProcess(), TOKEN_DUPLICATE,
1428 if (Status != STATUS_SUCCESS)
1431 InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL );
1433 Status = NtDuplicateToken( ProcessToken,
1438 &ImpersonationToken );
1439 if (Status != STATUS_SUCCESS)
1441 NtClose( ProcessToken );
1445 Status = NtSetInformationThread( GetCurrentThread(),
1446 ThreadImpersonationToken,
1447 &ImpersonationToken,
1448 sizeof(ImpersonationToken) );
1450 NtClose( ImpersonationToken );
1451 NtClose( ProcessToken );
1456 /******************************************************************************
1457 * NtAccessCheck [NTDLL.@]
1458 * ZwAccessCheck [NTDLL.@]
1460 * Checks that a user represented by a token is allowed to access an object
1461 * represented by a security descriptor.
1464 * SecurityDescriptor [I] The security descriptor of the object to check.
1465 * ClientToken [I] Token of the user accessing the object.
1466 * DesiredAccess [I] The desired access to the object.
1467 * GenericMapping [I] Mapping used to transform access rights in the SD to their specific forms.
1468 * PrivilegeSet [I/O] Privileges used during the access check.
1469 * ReturnLength [O] Number of bytes stored into PrivilegeSet.
1470 * GrantedAccess [O] The actual access rights granted.
1471 * AccessStatus [O] The status of the access check.
1477 * DesiredAccess may be MAXIMUM_ALLOWED, in which case the function determines
1478 * the maximum access rights allowed by the SD and returns them in
1480 * The SecurityDescriptor must have a valid owner and groups present,
1481 * otherwise the function will fail.
1485 PSECURITY_DESCRIPTOR SecurityDescriptor,
1487 ACCESS_MASK DesiredAccess,
1488 PGENERIC_MAPPING GenericMapping,
1489 PPRIVILEGE_SET PrivilegeSet,
1490 PULONG ReturnLength,
1491 PULONG GrantedAccess,
1492 NTSTATUS *AccessStatus)
1496 TRACE("(%p, %p, %08x, %p, %p, %p, %p, %p)\n",
1497 SecurityDescriptor, ClientToken, DesiredAccess, GenericMapping,
1498 PrivilegeSet, ReturnLength, GrantedAccess, AccessStatus);
1500 SERVER_START_REQ( access_check )
1502 struct security_descriptor sd;
1507 BOOLEAN defaulted, present;
1509 SECURITY_DESCRIPTOR_CONTROL control;
1511 req->handle = ClientToken;
1512 req->desired_access = DesiredAccess;
1513 req->mapping_read = GenericMapping->GenericRead;
1514 req->mapping_write = GenericMapping->GenericWrite;
1515 req->mapping_execute = GenericMapping->GenericExecute;
1516 req->mapping_all = GenericMapping->GenericAll;
1518 /* marshal security descriptor */
1519 RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
1520 sd.control = control & ~SE_SELF_RELATIVE;
1521 RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
1522 sd.owner_len = RtlLengthSid( owner );
1523 RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
1524 sd.group_len = RtlLengthSid( group );
1525 RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
1526 sd.sacl_len = (present ? sacl->AclSize : 0);
1527 RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
1528 sd.dacl_len = (present ? dacl->AclSize : 0);
1530 wine_server_add_data( req, &sd, sizeof(sd) );
1531 wine_server_add_data( req, owner, sd.owner_len );
1532 wine_server_add_data( req, group, sd.group_len );
1533 wine_server_add_data( req, sacl, sd.sacl_len );
1534 wine_server_add_data( req, dacl, sd.dacl_len );
1536 wine_server_set_reply( req, &PrivilegeSet->Privilege, *ReturnLength - FIELD_OFFSET( PRIVILEGE_SET, Privilege ) );
1538 status = wine_server_call( req );
1540 *ReturnLength = FIELD_OFFSET( PRIVILEGE_SET, Privilege ) + reply->privileges_len;
1541 PrivilegeSet->PrivilegeCount = reply->privileges_len / sizeof(LUID_AND_ATTRIBUTES);
1543 if (status == STATUS_SUCCESS)
1545 *AccessStatus = reply->access_status;
1546 *GrantedAccess = reply->access_granted;
1554 /******************************************************************************
1555 * NtSetSecurityObject [NTDLL.@]
1556 * ZwSetSecurityObject [NTDLL.@]
1558 * Sets specified parts of the object's security descriptor.
1561 * Handle [I] Handle to the object to change security descriptor of.
1562 * SecurityInformation [I] Specifies which parts of the security descriptor to set.
1563 * SecurityDescriptor [I] New parts of a security descriptor for the object.
1569 NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle,
1570 SECURITY_INFORMATION SecurityInformation,
1571 PSECURITY_DESCRIPTOR SecurityDescriptor)
1574 struct security_descriptor sd;
1575 PACL dacl = NULL, sacl = NULL;
1576 PSID owner = NULL, group = NULL;
1577 BOOLEAN defaulted, present;
1579 SECURITY_DESCRIPTOR_CONTROL control;
1581 TRACE("%p 0x%08x %p\n", Handle, SecurityInformation, SecurityDescriptor);
1583 if (!SecurityDescriptor) return STATUS_ACCESS_VIOLATION;
1585 memset( &sd, 0, sizeof(sd) );
1586 status = RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
1587 if (status != STATUS_SUCCESS) return status;
1588 sd.control = control & ~SE_SELF_RELATIVE;
1590 if (SecurityInformation & OWNER_SECURITY_INFORMATION)
1592 status = RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
1593 if (status != STATUS_SUCCESS) return status;
1594 if (!(sd.owner_len = RtlLengthSid( owner )))
1595 return STATUS_INVALID_SECURITY_DESCR;
1598 if (SecurityInformation & GROUP_SECURITY_INFORMATION)
1600 status = RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
1601 if (status != STATUS_SUCCESS) return status;
1602 if (!(sd.group_len = RtlLengthSid( group )))
1603 return STATUS_INVALID_SECURITY_DESCR;
1606 if (SecurityInformation & SACL_SECURITY_INFORMATION)
1608 status = RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
1609 if (status != STATUS_SUCCESS) return status;
1610 sd.sacl_len = (sacl && present) ? sacl->AclSize : 0;
1611 sd.control |= SE_SACL_PRESENT;
1614 if (SecurityInformation & DACL_SECURITY_INFORMATION)
1616 status = RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
1617 if (status != STATUS_SUCCESS) return status;
1618 sd.dacl_len = (dacl && present) ? dacl->AclSize : 0;
1619 sd.control |= SE_DACL_PRESENT;
1622 SERVER_START_REQ( set_security_object )
1624 req->handle = Handle;
1625 req->security_info = SecurityInformation;
1627 wine_server_add_data( req, &sd, sizeof(sd) );
1628 wine_server_add_data( req, owner, sd.owner_len );
1629 wine_server_add_data( req, group, sd.group_len );
1630 wine_server_add_data( req, sacl, sd.sacl_len );
1631 wine_server_add_data( req, dacl, sd.dacl_len );
1632 status = wine_server_call( req );
1639 /******************************************************************************
1640 * RtlConvertSidToUnicodeString (NTDLL.@)
1642 * The returned SID is used to access the USER registry hive usually
1644 * the native function returns something like
1645 * "S-1-5-21-0000000000-000000000-0000000000-500";
1647 NTSTATUS WINAPI RtlConvertSidToUnicodeString(
1648 PUNICODE_STRING String,
1650 BOOLEAN AllocateString)
1652 static const WCHAR formatW[] = {'-','%','u',0};
1653 WCHAR buffer[2 + 10 + 10 + 10 * SID_MAX_SUB_AUTHORITIES];
1655 const SID *sid = (const SID *)pSid;
1659 p += sprintfW( p, formatW, sid->Revision );
1660 p += sprintfW( p, formatW, MAKELONG( MAKEWORD( sid->IdentifierAuthority.Value[5],
1661 sid->IdentifierAuthority.Value[4] ),
1662 MAKEWORD( sid->IdentifierAuthority.Value[3],
1663 sid->IdentifierAuthority.Value[2] )));
1664 for (i = 0; i < sid->SubAuthorityCount; i++)
1665 p += sprintfW( p, formatW, sid->SubAuthority[i] );
1667 len = (p + 1 - buffer) * sizeof(WCHAR);
1669 String->Length = len - sizeof(WCHAR);
1672 String->MaximumLength = len;
1673 if (!(String->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, len )))
1674 return STATUS_NO_MEMORY;
1676 else if (len > String->MaximumLength) return STATUS_BUFFER_OVERFLOW;
1678 memcpy( String->Buffer, buffer, len );
1679 return STATUS_SUCCESS;
1682 /******************************************************************************
1683 * RtlQueryInformationAcl (NTDLL.@)
1685 NTSTATUS WINAPI RtlQueryInformationAcl(
1687 LPVOID pAclInformation,
1688 DWORD nAclInformationLength,
1689 ACL_INFORMATION_CLASS dwAclInformationClass)
1691 NTSTATUS status = STATUS_SUCCESS;
1693 TRACE("pAcl=%p pAclInfo=%p len=%d, class=%d\n",
1694 pAcl, pAclInformation, nAclInformationLength, dwAclInformationClass);
1696 switch (dwAclInformationClass)
1698 case AclRevisionInformation:
1700 PACL_REVISION_INFORMATION paclrev = (PACL_REVISION_INFORMATION) pAclInformation;
1702 if (nAclInformationLength < sizeof(ACL_REVISION_INFORMATION))
1703 status = STATUS_INVALID_PARAMETER;
1705 paclrev->AclRevision = pAcl->AclRevision;
1710 case AclSizeInformation:
1712 PACL_SIZE_INFORMATION paclsize = (PACL_SIZE_INFORMATION) pAclInformation;
1714 if (nAclInformationLength < sizeof(ACL_SIZE_INFORMATION))
1715 status = STATUS_INVALID_PARAMETER;
1721 paclsize->AceCount = pAcl->AceCount;
1723 paclsize->AclBytesInUse = 0;
1724 ace = (PACE_HEADER) (pAcl + 1);
1726 for (i = 0; i < pAcl->AceCount; i++)
1728 paclsize->AclBytesInUse += ace->AceSize;
1729 ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize);
1732 if (pAcl->AclSize < paclsize->AclBytesInUse)
1734 WARN("Acl has %d bytes free\n", paclsize->AclBytesFree);
1735 paclsize->AclBytesFree = 0;
1736 paclsize->AclBytesInUse = pAcl->AclSize;
1739 paclsize->AclBytesFree = pAcl->AclSize - paclsize->AclBytesInUse;
1746 WARN("Unknown AclInformationClass value: %d\n", dwAclInformationClass);
1747 status = STATUS_INVALID_PARAMETER;
projects / wine / blob