diff --git a/dlls/advapi32/advapi32.spec b/dlls/advapi32/advapi32.spec index 097e1ba818a..49d126f6252 100644 --- a/dlls/advapi32/advapi32.spec +++ b/dlls/advapi32/advapi32.spec @@ -131,12 +131,12 @@ @ stdcall ConvertStringSecurityDescriptorToSecurityDescriptorW(wstr long ptr ptr) @ stdcall ConvertStringSidToSidA(ptr ptr) @ stdcall ConvertStringSidToSidW(ptr ptr) -@ stdcall ConvertToAutoInheritPrivateObjectSecurity(ptr ptr ptr ptr long ptr) +@ stdcall -import ConvertToAutoInheritPrivateObjectSecurity(ptr ptr ptr ptr long ptr) @ stdcall -import CopySid(long ptr ptr) # @ stub CreateCodeAuthzLevel -@ stdcall CreatePrivateObjectSecurity(ptr ptr ptr long long ptr) -@ stdcall CreatePrivateObjectSecurityEx(ptr ptr ptr ptr long long long ptr) -@ stdcall CreatePrivateObjectSecurityWithMultipleInheritance(ptr ptr ptr ptr long long long long ptr) +@ stdcall -import CreatePrivateObjectSecurity(ptr ptr ptr long long ptr) +@ stdcall -import CreatePrivateObjectSecurityEx(ptr ptr ptr ptr long long long ptr) +@ stdcall -import CreatePrivateObjectSecurityWithMultipleInheritance(ptr ptr ptr ptr long long long long ptr) @ stdcall CreateProcessAsUserA(long str str ptr ptr long long ptr str ptr ptr) kernel32.CreateProcessAsUserA # @ stub CreateProcessAsUserSecure @ stdcall CreateProcessAsUserW(long wstr wstr ptr ptr long long ptr wstr ptr ptr) kernel32.CreateProcessAsUserW @@ -237,7 +237,7 @@ @ stdcall DeleteAce(ptr long) @ stdcall DeleteService(long) @ stdcall DeregisterEventSource(long) -@ stdcall DestroyPrivateObjectSecurity(ptr) +@ stdcall -import DestroyPrivateObjectSecurity(ptr) # @ stub DuplicateEncryptionInfoFile @ stdcall -import DuplicateToken(long long ptr) @ stdcall -import DuplicateTokenEx(long long ptr long long ptr) @@ -326,12 +326,12 @@ @ stdcall GetExplicitEntriesFromAclA(ptr ptr ptr) @ stdcall GetExplicitEntriesFromAclW(ptr ptr ptr) @ stdcall GetFileSecurityA(str long ptr long ptr) -@ stdcall GetFileSecurityW(wstr long ptr long ptr) +@ stdcall -import GetFileSecurityW(wstr long ptr long ptr) # @ stub GetInformationCodeAuthzLevelW # @ stub GetInformationCodeAuthzPolicyW # @ stub GetInheritanceSourceA # @ stub GetInheritanceSourceW -@ stdcall GetKernelObjectSecurity(long long ptr long ptr) +@ stdcall -import GetKernelObjectSecurity(long long ptr long ptr) @ stdcall -import GetLengthSid(ptr) # @ stub GetLocalManagedApplicationData # @ stub GetLocalManagedApplications @@ -349,14 +349,14 @@ @ stdcall GetNumberOfEventLogRecords (long ptr) @ stdcall GetOldestEventLogRecord (long ptr) # @ stub GetOverlappedAccessResults -@ stdcall GetPrivateObjectSecurity(ptr long ptr long ptr) -@ stdcall GetSecurityDescriptorControl (ptr ptr ptr) -@ stdcall GetSecurityDescriptorDacl (ptr ptr ptr ptr) -@ stdcall GetSecurityDescriptorGroup(ptr ptr ptr) -@ stdcall GetSecurityDescriptorLength(ptr) -@ stdcall GetSecurityDescriptorOwner(ptr ptr ptr) +@ stdcall -import GetPrivateObjectSecurity(ptr long ptr long ptr) +@ stdcall -import GetSecurityDescriptorControl (ptr ptr ptr) +@ stdcall -import GetSecurityDescriptorDacl (ptr ptr ptr ptr) +@ stdcall -import GetSecurityDescriptorGroup(ptr ptr ptr) +@ stdcall -import GetSecurityDescriptorLength(ptr) +@ stdcall -import GetSecurityDescriptorOwner(ptr ptr ptr) # @ stub GetSecurityDescriptorRMControl -@ stdcall GetSecurityDescriptorSacl (ptr ptr ptr ptr) +@ stdcall -import GetSecurityDescriptorSacl (ptr ptr ptr ptr) @ stdcall GetSecurityInfo (long long long ptr ptr ptr ptr ptr) @ stdcall GetSecurityInfoExA (long long long str str ptr ptr ptr ptr) @ stdcall GetSecurityInfoExW (long long long wstr wstr ptr ptr ptr ptr) @@ -403,7 +403,7 @@ @ stdcall -import ImpersonateNamedPipeClient(long) @ stdcall -import ImpersonateSelf(long) @ stdcall InitializeAcl(ptr long long) -@ stdcall InitializeSecurityDescriptor(ptr long) +@ stdcall -import InitializeSecurityDescriptor(ptr long) @ stdcall -import InitializeSid(ptr ptr long) @ stdcall InitiateShutdownA(str str long long long) @ stdcall InitiateShutdownW(wstr wstr long long long) @@ -418,7 +418,7 @@ # @ stub IsTokenUntrusted @ stdcall IsValidAcl(ptr) # @ stub IsValidRelativeSecurityDescriptor -@ stdcall IsValidSecurityDescriptor(ptr) +@ stdcall -import IsValidSecurityDescriptor(ptr) @ stdcall -import IsValidSid(ptr) @ stdcall -import IsWellKnownSid(ptr long) @ stdcall LockServiceDatabase(ptr) @@ -518,9 +518,9 @@ # @ stub MIDL_user_free_Ext # @ stub MSChapSrvChangePassword # @ stub MSChapSrvChangePassword2 -@ stdcall MakeAbsoluteSD(ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr) +@ stdcall -import MakeAbsoluteSD(ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr) # @ stub MakeAbsoluteSD2 -@ stdcall MakeSelfRelativeSD(ptr ptr ptr) +@ stdcall -import MakeSelfRelativeSD(ptr ptr ptr) @ stdcall MapGenericMask(ptr ptr) @ stdcall NotifyBootConfigStatus(long) @ stdcall NotifyChangeEventLog (long long) @@ -740,23 +740,23 @@ # @ stub SetEntriesInAuditListA # @ stub SetEntriesInAuditListW @ stdcall SetFileSecurityA(str long ptr ) -@ stdcall SetFileSecurityW(wstr long ptr) +@ stdcall -import SetFileSecurityW(wstr long ptr) # @ stub SetInformationCodeAuthzLevelW # @ stub SetInformationCodeAuthzPolicyW -@ stdcall SetKernelObjectSecurity(long long ptr) +@ stdcall -import SetKernelObjectSecurity(long long ptr) @ stdcall SetNamedSecurityInfoA(str long long ptr ptr ptr ptr) # @ stub SetNamedSecurityInfoExA # @ stub SetNamedSecurityInfoExW @ stdcall SetNamedSecurityInfoW(wstr long long ptr ptr ptr ptr) -@ stdcall SetPrivateObjectSecurity(long ptr ptr ptr long) +@ stdcall -import SetPrivateObjectSecurity(long ptr ptr ptr long) # @ stub SetPrivateObjectSecurityEx # @ stub SetSecurityAccessMask -@ stdcall SetSecurityDescriptorControl(ptr long long) -@ stdcall SetSecurityDescriptorDacl(ptr long ptr long) -@ stdcall SetSecurityDescriptorGroup (ptr ptr long) -@ stdcall SetSecurityDescriptorOwner (ptr ptr long) +@ stdcall -import SetSecurityDescriptorControl(ptr long long) +@ stdcall -import SetSecurityDescriptorDacl(ptr long ptr long) +@ stdcall -import SetSecurityDescriptorGroup (ptr ptr long) +@ stdcall -import SetSecurityDescriptorOwner (ptr ptr long) # @ stub SetSecurityDescriptorRMControl -@ stdcall SetSecurityDescriptorSacl(ptr long ptr long) +@ stdcall -import SetSecurityDescriptorSacl(ptr long ptr long) @ stdcall SetSecurityInfo (long long long ptr ptr ptr ptr) # @ stub SetSecurityInfoExA # @ stub SetSecurityInfoExW diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index e580d5ec090..ca1108c8d0e 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -156,8 +156,6 @@ static const WELLKNOWNRID WellKnownRids[] = { }; -static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }; - typedef struct _AccountSid { WELL_KNOWN_SID_TYPE type; LPCWSTR account; @@ -462,24 +460,6 @@ static inline DWORD get_security_regkey( LPWSTR full_key_name, DWORD access, HAN return RegOpenKeyExW( hParent, p+1, 0, access, (HKEY *)key ); } -#define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD)) - -static void GetWorldAccessACL(PACL pACL) -{ - PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1); - - pACL->AclRevision = ACL_REVISION; - pACL->Sbz1 = 0; - pACL->AclSize = WINE_SIZE_OF_WORLD_ACCESS_ACL; - pACL->AceCount = 1; - pACL->Sbz2 = 0; - - pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; - pACE->Header.AceFlags = CONTAINER_INHERIT_ACE; - pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD); - pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */ - memcpy(&pACE->SidStart, &sidWorld, sizeof(sidWorld)); -} /************************************************************ * ADVAPI_IsLocalComputer @@ -712,277 +692,6 @@ done: return ret; } -/****************************************************************************** - * InitializeSecurityDescriptor [ADVAPI32.@] - * - * PARAMS - * pDescr [] - * revision [] - */ -BOOL WINAPI -InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision ) -{ - return set_ntstatus( RtlCreateSecurityDescriptor(pDescr, revision )); -} - - -/****************************************************************************** - * MakeAbsoluteSD [ADVAPI32.@] - */ -BOOL WINAPI MakeAbsoluteSD ( - IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, - OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, - OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize, - OUT PACL pDacl, - OUT LPDWORD lpdwDaclSize, - OUT PACL pSacl, - OUT LPDWORD lpdwSaclSize, - OUT PSID pOwner, - OUT LPDWORD lpdwOwnerSize, - OUT PSID pPrimaryGroup, - OUT LPDWORD lpdwPrimaryGroupSize) -{ - return set_ntstatus( RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor, - pAbsoluteSecurityDescriptor, - lpdwAbsoluteSecurityDescriptorSize, - pDacl, lpdwDaclSize, pSacl, lpdwSaclSize, - pOwner, lpdwOwnerSize, - pPrimaryGroup, lpdwPrimaryGroupSize)); -} - -/****************************************************************************** - * GetKernelObjectSecurity [ADVAPI32.@] - */ -BOOL WINAPI GetKernelObjectSecurity( - HANDLE Handle, - SECURITY_INFORMATION RequestedInformation, - PSECURITY_DESCRIPTOR pSecurityDescriptor, - DWORD nLength, - LPDWORD lpnLengthNeeded ) -{ - TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation, - pSecurityDescriptor, nLength, lpnLengthNeeded); - - return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor, - nLength, lpnLengthNeeded )); -} - -/****************************************************************************** - * GetPrivateObjectSecurity [ADVAPI32.@] - */ -BOOL WINAPI GetPrivateObjectSecurity( - PSECURITY_DESCRIPTOR ObjectDescriptor, - SECURITY_INFORMATION SecurityInformation, - PSECURITY_DESCRIPTOR ResultantDescriptor, - DWORD DescriptorLength, - PDWORD ReturnLength ) -{ - SECURITY_DESCRIPTOR desc; - BOOL defaulted, present; - PACL pacl; - PSID psid; - - TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", ObjectDescriptor, SecurityInformation, - ResultantDescriptor, DescriptorLength, ReturnLength); - - if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION)) - return FALSE; - - if (SecurityInformation & OWNER_SECURITY_INFORMATION) - { - if (!GetSecurityDescriptorOwner(ObjectDescriptor, &psid, &defaulted)) - return FALSE; - SetSecurityDescriptorOwner(&desc, psid, defaulted); - } - - if (SecurityInformation & GROUP_SECURITY_INFORMATION) - { - if (!GetSecurityDescriptorGroup(ObjectDescriptor, &psid, &defaulted)) - return FALSE; - SetSecurityDescriptorGroup(&desc, psid, defaulted); - } - - if (SecurityInformation & DACL_SECURITY_INFORMATION) - { - if (!GetSecurityDescriptorDacl(ObjectDescriptor, &present, &pacl, &defaulted)) - return FALSE; - SetSecurityDescriptorDacl(&desc, present, pacl, defaulted); - } - - if (SecurityInformation & SACL_SECURITY_INFORMATION) - { - if (!GetSecurityDescriptorSacl(ObjectDescriptor, &present, &pacl, &defaulted)) - return FALSE; - SetSecurityDescriptorSacl(&desc, present, pacl, defaulted); - } - - *ReturnLength = DescriptorLength; - return MakeSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength); -} - -/****************************************************************************** - * GetSecurityDescriptorLength [ADVAPI32.@] - */ -DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr) -{ - return RtlLengthSecurityDescriptor(pDescr); -} - -/****************************************************************************** - * GetSecurityDescriptorOwner [ADVAPI32.@] - * - * PARAMS - * pOwner [] - * lpbOwnerDefaulted [] - */ -BOOL WINAPI -GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner, - LPBOOL lpbOwnerDefaulted ) -{ - BOOLEAN defaulted; - BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( pDescr, pOwner, &defaulted )); - *lpbOwnerDefaulted = defaulted; - return ret; -} - -/****************************************************************************** - * SetSecurityDescriptorOwner [ADVAPI32.@] - * - * PARAMS - */ -BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor, - PSID pOwner, BOOL bOwnerDefaulted) -{ - return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted)); -} -/****************************************************************************** - * GetSecurityDescriptorGroup [ADVAPI32.@] - */ -BOOL WINAPI GetSecurityDescriptorGroup( - PSECURITY_DESCRIPTOR SecurityDescriptor, - PSID *Group, - LPBOOL GroupDefaulted) -{ - BOOLEAN defaulted; - BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted )); - *GroupDefaulted = defaulted; - return ret; -} -/****************************************************************************** - * SetSecurityDescriptorGroup [ADVAPI32.@] - */ -BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor, - PSID Group, BOOL GroupDefaulted) -{ - return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted)); -} - -/****************************************************************************** - * IsValidSecurityDescriptor [ADVAPI32.@] - * - * PARAMS - * lpsecdesc [] - */ -BOOL WINAPI -IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor ) -{ - return set_ntstatus( RtlValidSecurityDescriptor(SecurityDescriptor)); -} - -/****************************************************************************** - * GetSecurityDescriptorDacl [ADVAPI32.@] - */ -BOOL WINAPI GetSecurityDescriptorDacl( - IN PSECURITY_DESCRIPTOR pSecurityDescriptor, - OUT LPBOOL lpbDaclPresent, - OUT PACL *pDacl, - OUT LPBOOL lpbDaclDefaulted) -{ - BOOLEAN present, defaulted; - BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted)); - *lpbDaclPresent = present; - *lpbDaclDefaulted = defaulted; - return ret; -} - -/****************************************************************************** - * SetSecurityDescriptorDacl [ADVAPI32.@] - */ -BOOL WINAPI -SetSecurityDescriptorDacl ( - PSECURITY_DESCRIPTOR lpsd, - BOOL daclpresent, - PACL dacl, - BOOL dacldefaulted ) -{ - return set_ntstatus( RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ) ); -} -/****************************************************************************** - * GetSecurityDescriptorSacl [ADVAPI32.@] - */ -BOOL WINAPI GetSecurityDescriptorSacl( - IN PSECURITY_DESCRIPTOR lpsd, - OUT LPBOOL lpbSaclPresent, - OUT PACL *pSacl, - OUT LPBOOL lpbSaclDefaulted) -{ - BOOLEAN present, defaulted; - BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor(lpsd, &present, pSacl, &defaulted) ); - *lpbSaclPresent = present; - *lpbSaclDefaulted = defaulted; - return ret; -} - -/************************************************************************** - * SetSecurityDescriptorSacl [ADVAPI32.@] - */ -BOOL WINAPI SetSecurityDescriptorSacl ( - PSECURITY_DESCRIPTOR lpsd, - BOOL saclpresent, - PACL lpsacl, - BOOL sacldefaulted) -{ - return set_ntstatus (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted)); -} -/****************************************************************************** - * MakeSelfRelativeSD [ADVAPI32.@] - * - * PARAMS - * lpabssecdesc [] - * lpselfsecdesc [] - * lpbuflen [] - */ -BOOL WINAPI -MakeSelfRelativeSD( - IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, - IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, - IN OUT LPDWORD lpdwBufferLength) -{ - return set_ntstatus( RtlMakeSelfRelativeSD( pAbsoluteSecurityDescriptor, - pSelfRelativeSecurityDescriptor, lpdwBufferLength)); -} - -/****************************************************************************** - * GetSecurityDescriptorControl [ADVAPI32.@] - */ - -BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor, - PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision) -{ - return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision)); -} - -/****************************************************************************** - * SetSecurityDescriptorControl [ADVAPI32.@] - */ -BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor, - SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, - SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet ) -{ - return set_ntstatus( RtlSetControlSecurityDescriptor( - pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet ) ); -} - /* ############################## ###### ACL FUNCTIONS ###### @@ -1485,45 +1194,6 @@ GetFileSecurityA( LPCSTR lpFileName, return r; } -/****************************************************************************** - * GetFileSecurityW [ADVAPI32.@] - * - * See GetFileSecurityA. - */ -BOOL WINAPI -GetFileSecurityW( LPCWSTR lpFileName, - SECURITY_INFORMATION RequestedInformation, - PSECURITY_DESCRIPTOR pSecurityDescriptor, - DWORD nLength, LPDWORD lpnLengthNeeded ) -{ - HANDLE hfile; - NTSTATUS status; - DWORD access = 0, err; - - TRACE("(%s,%d,%p,%d,%p)\n", debugstr_w(lpFileName), - RequestedInformation, pSecurityDescriptor, - nLength, lpnLengthNeeded); - - if (RequestedInformation & (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION| - DACL_SECURITY_INFORMATION)) - access |= READ_CONTROL; - if (RequestedInformation & SACL_SECURITY_INFORMATION) - access |= ACCESS_SYSTEM_SECURITY; - - err = get_security_file( lpFileName, access, &hfile); - if (err) - { - SetLastError(err); - return FALSE; - } - - status = NtQuerySecurityObject( hfile, RequestedInformation, pSecurityDescriptor, - nLength, lpnLengthNeeded ); - CloseHandle( hfile ); - return set_ntstatus( status ); -} - - /****************************************************************************** * LookupAccountSidA [ADVAPI32.@] */ @@ -1806,52 +1476,6 @@ BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName, return r; } -/****************************************************************************** - * SetFileSecurityW [ADVAPI32.@] - * - * Sets the security of a file or directory. - * - * PARAMS - * lpFileName [] - * RequestedInformation [] - * pSecurityDescriptor [] - * - * RETURNS - * Success: TRUE. - * Failure: FALSE. - */ -BOOL WINAPI -SetFileSecurityW( LPCWSTR lpFileName, - SECURITY_INFORMATION RequestedInformation, - PSECURITY_DESCRIPTOR pSecurityDescriptor ) -{ - HANDLE file; - DWORD access = 0, err; - NTSTATUS status; - - TRACE("(%s, 0x%x, %p)\n", debugstr_w(lpFileName), RequestedInformation, - pSecurityDescriptor ); - - if (RequestedInformation & OWNER_SECURITY_INFORMATION || - RequestedInformation & GROUP_SECURITY_INFORMATION) - access |= WRITE_OWNER; - if (RequestedInformation & SACL_SECURITY_INFORMATION) - access |= ACCESS_SYSTEM_SECURITY; - if (RequestedInformation & DACL_SECURITY_INFORMATION) - access |= WRITE_DAC; - - err = get_security_file( lpFileName, access, &file); - if (err) - { - SetLastError(err); - return FALSE; - } - - status = NtSetSecurityObject( file, RequestedInformation, pSecurityDescriptor ); - CloseHandle( file ); - return set_ntstatus( status ); -} - /****************************************************************************** * QueryWindows31FilesMigration [ADVAPI32.@] * @@ -1959,17 +1583,6 @@ VOID WINAPI MapGenericMask( PDWORD AccessMask, PGENERIC_MAPPING GenericMapping ) RtlMapGenericMask( AccessMask, GenericMapping ); } -/************************************************************************* - * SetKernelObjectSecurity [ADVAPI32.@] - */ -BOOL WINAPI SetKernelObjectSecurity ( - IN HANDLE Handle, - IN SECURITY_INFORMATION SecurityInformation, - IN PSECURITY_DESCRIPTOR SecurityDescriptor ) -{ - return set_ntstatus (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor)); -} - /****************************************************************************** * AddAuditAccessAce [ADVAPI32.@] @@ -3380,18 +2993,6 @@ DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName, return r; } -BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION SecurityInformation, - PSECURITY_DESCRIPTOR ModificationDescriptor, - PSECURITY_DESCRIPTOR* ObjectsSecurityDescriptor, - PGENERIC_MAPPING GenericMapping, - HANDLE Token ) -{ - FIXME("0x%08x %p %p %p %p - stub\n", SecurityInformation, ModificationDescriptor, - ObjectsSecurityDescriptor, GenericMapping, Token); - - return TRUE; -} - BOOL WINAPI AreAllAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess ) { return RtlAreAllAccessesGranted( GrantedAccess, DesiredAccess ); @@ -4652,88 +4253,6 @@ BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr) return TRUE; } -BOOL WINAPI ConvertToAutoInheritPrivateObjectSecurity( - PSECURITY_DESCRIPTOR pdesc, - PSECURITY_DESCRIPTOR cdesc, - PSECURITY_DESCRIPTOR* ndesc, - GUID* objtype, - BOOL isdir, - PGENERIC_MAPPING genmap ) -{ - FIXME("%p %p %p %p %d %p - stub\n", pdesc, cdesc, ndesc, objtype, isdir, genmap); - - return FALSE; -} - -BOOL WINAPI CreatePrivateObjectSecurityEx( - PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, PSECURITY_DESCRIPTOR *out, - GUID *objtype, BOOL is_directory, ULONG flags, HANDLE token, PGENERIC_MAPPING mapping) -{ - SECURITY_DESCRIPTOR_RELATIVE *relative; - DWORD needed, offset; - BYTE *buffer; - - FIXME("%p %p %p %p %d %u %p %p - returns fake SECURITY_DESCRIPTOR\n", parent, creator, out, - objtype, is_directory, flags, token, mapping); - - needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE); - needed += sizeof(sidWorld); - needed += sizeof(sidWorld); - needed += WINE_SIZE_OF_WORLD_ACCESS_ACL; - needed += WINE_SIZE_OF_WORLD_ACCESS_ACL; - - if (!(buffer = heap_alloc( needed ))) return FALSE; - relative = (SECURITY_DESCRIPTOR_RELATIVE *)buffer; - if (!InitializeSecurityDescriptor( relative, SECURITY_DESCRIPTOR_REVISION )) - { - heap_free( buffer ); - return FALSE; - } - relative->Control |= SE_SELF_RELATIVE; - offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE); - - memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) ); - relative->Owner = offset; - offset += sizeof(sidWorld); - - memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) ); - relative->Group = offset; - offset += sizeof(sidWorld); - - GetWorldAccessACL( (ACL *)(buffer + offset) ); - relative->Dacl = offset; - offset += WINE_SIZE_OF_WORLD_ACCESS_ACL; - - GetWorldAccessACL( (ACL *)(buffer + offset) ); - relative->Sacl = offset; - - *out = relative; - return TRUE; -} - -BOOL WINAPI CreatePrivateObjectSecurity( - PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, PSECURITY_DESCRIPTOR *out, - BOOL is_container, HANDLE token, PGENERIC_MAPPING mapping) -{ - return CreatePrivateObjectSecurityEx(parent, creator, out, NULL, is_container, 0, token, mapping); -} - -BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance( - PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, PSECURITY_DESCRIPTOR *out, - GUID **types, ULONG count, BOOL is_container, ULONG flags, HANDLE token, PGENERIC_MAPPING mapping) -{ - FIXME(": semi-stub\n"); - return CreatePrivateObjectSecurityEx(parent, creator, out, NULL, is_container, flags, token, mapping); -} - -BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR* ObjectDescriptor ) -{ - FIXME("%p - stub\n", ObjectDescriptor); - - heap_free( *ObjectDescriptor ); - return TRUE; -} - /****************************************************************************** * CreateProcessWithLogonW */ diff --git a/dlls/kernelbase/kernelbase.spec b/dlls/kernelbase/kernelbase.spec index 6c83b3688aa..146fa53f453 100644 --- a/dlls/kernelbase/kernelbase.spec +++ b/dlls/kernelbase/kernelbase.spec @@ -163,7 +163,7 @@ @ stdcall ConvertFiberToThread() kernel32.ConvertFiberToThread @ stdcall ConvertThreadToFiber(ptr) kernel32.ConvertThreadToFiber @ stdcall ConvertThreadToFiberEx(ptr long) kernel32.ConvertThreadToFiberEx -@ stdcall ConvertToAutoInheritPrivateObjectSecurity(ptr ptr ptr ptr long ptr) advapi32.ConvertToAutoInheritPrivateObjectSecurity +@ stdcall ConvertToAutoInheritPrivateObjectSecurity(ptr ptr ptr ptr long ptr) # @ stub CopyContext # @ stub CopyFile2 @ stdcall CopyFileExW(wstr wstr ptr ptr ptr long) kernel32.CopyFileExW @@ -202,9 +202,9 @@ @ stdcall CreateNamedPipeW(wstr long long long long long long ptr) kernel32.CreateNamedPipeW @ stdcall CreatePipe(ptr ptr ptr long) kernel32.CreatePipe # @ stub CreatePrivateNamespaceW -@ stdcall CreatePrivateObjectSecurity(ptr ptr ptr long long ptr) advapi32.CreatePrivateObjectSecurity -@ stdcall CreatePrivateObjectSecurityEx(ptr ptr ptr ptr long long long ptr) advapi32.CreatePrivateObjectSecurityEx -@ stdcall CreatePrivateObjectSecurityWithMultipleInheritance(ptr ptr ptr ptr long long long long ptr) advapi32.CreatePrivateObjectSecurityWithMultipleInheritance +@ stdcall CreatePrivateObjectSecurity(ptr ptr ptr long long ptr) +@ stdcall CreatePrivateObjectSecurityEx(ptr ptr ptr ptr long long long ptr) +@ stdcall CreatePrivateObjectSecurityWithMultipleInheritance(ptr ptr ptr ptr long long long long ptr) @ stdcall CreateProcessA(str str ptr ptr long long ptr str ptr ptr) kernel32.CreateProcessA @ stdcall CreateProcessAsUserA(long str str ptr ptr long long ptr str ptr ptr) kernel32.CreateProcessAsUserA @ stdcall CreateProcessAsUserW(long wstr wstr ptr ptr long long ptr wstr ptr ptr) kernel32.CreateProcessAsUserW @@ -260,7 +260,7 @@ @ stdcall DeleteTimerQueueEx(long long) kernel32.DeleteTimerQueueEx @ stdcall DeleteTimerQueueTimer(long long long) kernel32.DeleteTimerQueueTimer @ stdcall DeleteVolumeMountPointW(wstr) kernel32.DeleteVolumeMountPointW -@ stdcall DestroyPrivateObjectSecurity(ptr) advapi32.DestroyPrivateObjectSecurity +@ stdcall DestroyPrivateObjectSecurity(ptr) @ stdcall DeviceIoControl(long long ptr long ptr long ptr ptr) kernel32.DeviceIoControl @ stdcall DisablePredefinedHandleTableInternal(long) @ stdcall DisableThreadLibraryCalls(long) kernel32.DisableThreadLibraryCalls @@ -510,7 +510,7 @@ @ stdcall GetFileInformationByHandleEx(long long ptr long) kernel32.GetFileInformationByHandleEx @ stdcall GetFileMUIInfo(long wstr ptr ptr) kernel32.GetFileMUIInfo @ stdcall GetFileMUIPath(long wstr wstr ptr ptr ptr ptr) kernel32.GetFileMUIPath -@ stdcall GetFileSecurityW(wstr long ptr long ptr) advapi32.GetFileSecurityW +@ stdcall GetFileSecurityW(wstr long ptr long ptr) @ stdcall GetFileSize(long ptr) kernel32.GetFileSize @ stdcall GetFileSizeEx(long ptr) kernel32.GetFileSizeEx @ stdcall GetFileTime(long ptr ptr ptr) kernel32.GetFileTime @@ -535,7 +535,7 @@ # @ stub GetHivePath # @ stub GetIntegratedDisplaySize # @ stub GetIsEdpEnabled -@ stdcall GetKernelObjectSecurity(long long ptr long ptr) advapi32.GetKernelObjectSecurity +@ stdcall GetKernelObjectSecurity(long long ptr long ptr) @ stdcall GetLargePageMinimum() kernel32.GetLargePageMinimum @ stdcall GetLargestConsoleWindowSize(long) kernel32.GetLargestConsoleWindowSize @ stdcall GetLastError() kernel32.GetLastError @@ -618,7 +618,7 @@ @ stdcall GetPhysicallyInstalledSystemMemory(ptr) kernel32.GetPhysicallyInstalledSystemMemory # @ stub GetPreviousFgPolicyRefreshInfoInternal @ stdcall GetPriorityClass(long) kernel32.GetPriorityClass -@ stdcall GetPrivateObjectSecurity(ptr long ptr long ptr) advapi32.GetPrivateObjectSecurity +@ stdcall GetPrivateObjectSecurity(ptr long ptr long ptr) @ stdcall GetProcAddress(long str) kernel32.GetProcAddress # @ stub GetProcAddressForCaller # @ stub GetProcessDefaultCpuSets @@ -649,13 +649,13 @@ @ stdcall GetQueuedCompletionStatusEx(ptr ptr long ptr long long) kernel32.GetQueuedCompletionStatusEx # @ stub GetRegistryExtensionFlags # @ stub GetRoamingLastObservedChangeTime -@ stdcall GetSecurityDescriptorControl(ptr ptr ptr) advapi32.GetSecurityDescriptorControl -@ stdcall GetSecurityDescriptorDacl(ptr ptr ptr ptr) advapi32.GetSecurityDescriptorDacl -@ stdcall GetSecurityDescriptorGroup(ptr ptr ptr) advapi32.GetSecurityDescriptorGroup -@ stdcall GetSecurityDescriptorLength(ptr) advapi32.GetSecurityDescriptorLength -@ stdcall GetSecurityDescriptorOwner(ptr ptr ptr) advapi32.GetSecurityDescriptorOwner +@ stdcall GetSecurityDescriptorControl(ptr ptr ptr) +@ stdcall GetSecurityDescriptorDacl(ptr ptr ptr ptr) +@ stdcall GetSecurityDescriptorGroup(ptr ptr ptr) +@ stdcall GetSecurityDescriptorLength(ptr) +@ stdcall GetSecurityDescriptorOwner(ptr ptr ptr) @ stub GetSecurityDescriptorRMControl -@ stdcall GetSecurityDescriptorSacl(ptr ptr ptr ptr) advapi32.GetSecurityDescriptorSacl +@ stdcall GetSecurityDescriptorSacl(ptr ptr ptr ptr) # @ stub GetSerializedAtomBytes # @ stub GetSharedLocalFolder @ stdcall GetShortPathNameW(wstr ptr long) kernel32.GetShortPathNameW @@ -809,7 +809,7 @@ # @ stub InitializeProcessForWsWatch @ stdcall InitializeSListHead(ptr) kernel32.InitializeSListHead @ stdcall InitializeSRWLock(ptr) kernel32.InitializeSRWLock -@ stdcall InitializeSecurityDescriptor(ptr long) advapi32.InitializeSecurityDescriptor +@ stdcall InitializeSecurityDescriptor(ptr long) @ stdcall InitializeSid(ptr ptr long) # @ stub InitializeSynchronizationBarrier # @ stub InstallELAMCertificateInfo @@ -881,7 +881,7 @@ @ stdcall IsValidLocaleName(wstr) kernel32.IsValidLocaleName # @ stub IsValidNLSVersion @ stub IsValidRelativeSecurityDescriptor -@ stdcall IsValidSecurityDescriptor(ptr) advapi32.IsValidSecurityDescriptor +@ stdcall IsValidSecurityDescriptor(ptr) @ stdcall IsValidSid(ptr) @ stdcall IsWellKnownSid(ptr long) @ stdcall IsWow64Process(ptr ptr) kernel32.IsWow64Process @@ -944,9 +944,9 @@ @ stdcall LockFile(long long long long long) kernel32.LockFile @ stdcall LockFileEx(long long long long long ptr) kernel32.LockFileEx @ stdcall LockResource(long) kernel32.LockResource -@ stdcall MakeAbsoluteSD(ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr) advapi32.MakeAbsoluteSD +@ stdcall MakeAbsoluteSD(ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr) @ stub MakeAbsoluteSD2 -@ stdcall MakeSelfRelativeSD(ptr ptr ptr) advapi32.MakeSelfRelativeSD +@ stdcall MakeSelfRelativeSD(ptr ptr ptr) @ stdcall MapGenericMask(ptr ptr) advapi32.MapGenericMask # @ stub MapPredefinedHandleInternal @ stdcall MapUserPhysicalPages(ptr long ptr) kernel32.MapUserPhysicalPages @@ -1437,21 +1437,21 @@ # @ stub SetFileIoOverlappedRange @ stdcall SetFilePointer(long long ptr long) kernel32.SetFilePointer @ stdcall SetFilePointerEx(long int64 ptr long) kernel32.SetFilePointerEx -@ stdcall SetFileSecurityW(wstr long ptr) advapi32.SetFileSecurityW +@ stdcall SetFileSecurityW(wstr long ptr) @ stdcall SetFileTime(long ptr ptr ptr) kernel32.SetFileTime @ stdcall SetFileValidData(ptr int64) kernel32.SetFileValidData @ stdcall SetHandleCount(long) kernel32.SetHandleCount @ stdcall SetHandleInformation(long long long) kernel32.SetHandleInformation # @ stub SetIsDeveloperModeEnabled # @ stub SetIsSideloadingEnabled -@ stdcall SetKernelObjectSecurity(long long ptr) advapi32.SetKernelObjectSecurity +@ stdcall SetKernelObjectSecurity(long long ptr) @ stub SetLastConsoleEventActive @ stdcall SetLastError(long) kernel32.SetLastError @ stdcall SetLocalTime(ptr) kernel32.SetLocalTime @ stdcall SetLocaleInfoW(long long wstr) kernel32.SetLocaleInfoW @ stdcall SetNamedPipeHandleState(long ptr ptr ptr) kernel32.SetNamedPipeHandleState @ stdcall SetPriorityClass(long long) kernel32.SetPriorityClass -@ stdcall SetPrivateObjectSecurity(long ptr ptr ptr long) advapi32.SetPrivateObjectSecurity +@ stdcall SetPrivateObjectSecurity(long ptr ptr ptr long) @ stub SetPrivateObjectSecurityEx @ stdcall SetProcessAffinityUpdateMode(long long) kernel32.SetProcessAffinityUpdateMode # @ stub SetProcessDefaultCpuSets @@ -1466,12 +1466,12 @@ # @ stub SetProtectedPolicy # @ stub SetRoamingLastObservedChangeTime @ stub SetSecurityAccessMask -@ stdcall SetSecurityDescriptorControl(ptr long long) advapi32.SetSecurityDescriptorControl -@ stdcall SetSecurityDescriptorDacl(ptr long ptr long) advapi32.SetSecurityDescriptorDacl -@ stdcall SetSecurityDescriptorGroup(ptr ptr long) advapi32.SetSecurityDescriptorGroup -@ stdcall SetSecurityDescriptorOwner(ptr ptr long) advapi32.SetSecurityDescriptorOwner +@ stdcall SetSecurityDescriptorControl(ptr long long) +@ stdcall SetSecurityDescriptorDacl(ptr long ptr long) +@ stdcall SetSecurityDescriptorGroup(ptr ptr long) +@ stdcall SetSecurityDescriptorOwner(ptr ptr long) @ stub SetSecurityDescriptorRMControl -@ stdcall SetSecurityDescriptorSacl(ptr long ptr long) advapi32.SetSecurityDescriptorSacl +@ stdcall SetSecurityDescriptorSacl(ptr long ptr long) # @ stub SetStateVersion @ stdcall SetStdHandle(long long) kernel32.SetStdHandle @ stub SetStdHandleEx diff --git a/dlls/kernelbase/security.c b/dlls/kernelbase/security.c index 93b078269b2..1054e2aaf48 100644 --- a/dlls/kernelbase/security.c +++ b/dlls/kernelbase/security.c @@ -138,6 +138,45 @@ static const WELLKNOWNRID WellKnownRids[] = { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS }, }; +static const SID world_sid = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }; +static const DWORD world_access_acl_size = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(world_sid) - sizeof(DWORD); + +static void get_world_access_acl( PACL acl ) +{ + PACCESS_ALLOWED_ACE ace = (PACCESS_ALLOWED_ACE)(acl + 1); + + acl->AclRevision = ACL_REVISION; + acl->Sbz1 = 0; + acl->AclSize = world_access_acl_size; + acl->AceCount = 1; + acl->Sbz2 = 0; + ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; + ace->Header.AceFlags = CONTAINER_INHERIT_ACE; + ace->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(world_sid) - sizeof(DWORD); + ace->Mask = 0xf3ffffff; /* Everything except reserved bits */ + memcpy( &ace->SidStart, &world_sid, sizeof(world_sid) ); +} + + +static NTSTATUS open_file( LPCWSTR name, DWORD access, HANDLE *file ) +{ + UNICODE_STRING file_nameW; + OBJECT_ATTRIBUTES attr; + IO_STATUS_BLOCK io; + NTSTATUS status; + + if ((status = RtlDosPathNameToNtPathName_U_WithStatus( name, &file_nameW, NULL, NULL ))) return status; + attr.Length = sizeof(attr); + attr.RootDirectory = 0; + attr.Attributes = OBJ_CASE_INSENSITIVE; + attr.ObjectName = &file_nameW; + attr.SecurityDescriptor = NULL; + status = NtCreateFile( file, access|SYNCHRONIZE, &attr, &io, NULL, FILE_FLAG_BACKUP_SEMANTICS, + FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, + FILE_OPEN_FOR_BACKUP_INTENT, NULL, 0 ); + RtlFreeUnicodeString( &file_nameW ); + return status; +} static const char *debugstr_sid( PSID sid ) { @@ -795,3 +834,365 @@ BOOL WINAPI SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS class, LP return set_ntstatus( NtSetInformationToken( token, class, info, len )); } + + +/****************************************************************************** + * Security descriptor functions + ******************************************************************************/ + + +/****************************************************************************** + * ConvertToAutoInheritPrivateObjectSecurity (kernelbase.@) + */ +BOOL WINAPI ConvertToAutoInheritPrivateObjectSecurity( PSECURITY_DESCRIPTOR parent, + PSECURITY_DESCRIPTOR current, + PSECURITY_DESCRIPTOR *descr, + GUID *type, BOOL is_dir, + PGENERIC_MAPPING mapping ) +{ + FIXME("%p %p %p %p %d %p - stub\n", parent, current, descr, type, is_dir, mapping ); + return FALSE; +} + +/****************************************************************************** + * CreatePrivateObjectSecurity (kernelbase.@) + */ +BOOL WINAPI CreatePrivateObjectSecurity( PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, + PSECURITY_DESCRIPTOR *descr, BOOL is_container, HANDLE token, + PGENERIC_MAPPING mapping ) +{ + return CreatePrivateObjectSecurityEx( parent, creator, descr, NULL, is_container, 0, token, mapping ); +} + +/****************************************************************************** + * CreatePrivateObjectSecurityEx (kernelbase.@) + */ +BOOL WINAPI CreatePrivateObjectSecurityEx( PSECURITY_DESCRIPTOR parent, PSECURITY_DESCRIPTOR creator, + PSECURITY_DESCRIPTOR *descr, GUID *type, BOOL is_container, + ULONG flags, HANDLE token, PGENERIC_MAPPING mapping ) +{ + SECURITY_DESCRIPTOR_RELATIVE *relative; + DWORD needed, offset; + BYTE *buffer; + + FIXME( "%p %p %p %p %d %u %p %p - returns fake SECURITY_DESCRIPTOR\n", + parent, creator, descr, type, is_container, flags, token, mapping ); + + needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE); + needed += sizeof(world_sid); + needed += sizeof(world_sid); + needed += world_access_acl_size; + needed += world_access_acl_size; + + if (!(buffer = heap_alloc( needed ))) return FALSE; + relative = (SECURITY_DESCRIPTOR_RELATIVE *)buffer; + if (!InitializeSecurityDescriptor( relative, SECURITY_DESCRIPTOR_REVISION )) + { + heap_free( buffer ); + return FALSE; + } + relative->Control |= SE_SELF_RELATIVE; + offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE); + + memcpy( buffer + offset, &world_sid, sizeof(world_sid) ); + relative->Owner = offset; + offset += sizeof(world_sid); + + memcpy( buffer + offset, &world_sid, sizeof(world_sid) ); + relative->Group = offset; + offset += sizeof(world_sid); + + get_world_access_acl( (ACL *)(buffer + offset) ); + relative->Dacl = offset; + offset += world_access_acl_size; + + get_world_access_acl( (ACL *)(buffer + offset) ); + relative->Sacl = offset; + + *descr = relative; + return TRUE; +} + +/****************************************************************************** + * CreatePrivateObjectSecurityWithMultipleInheritance (kernelbase.@) + */ +BOOL WINAPI CreatePrivateObjectSecurityWithMultipleInheritance( PSECURITY_DESCRIPTOR parent, + PSECURITY_DESCRIPTOR creator, + PSECURITY_DESCRIPTOR *descr, + GUID **types, ULONG count, + BOOL is_container, ULONG flags, + HANDLE token, PGENERIC_MAPPING mapping ) +{ + FIXME(": semi-stub\n"); + return CreatePrivateObjectSecurityEx( parent, creator, descr, NULL, is_container, + flags, token, mapping ); +} + +/****************************************************************************** + * DestroyPrivateObjectSecurity (kernelbase.@) + */ +BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR *descr ) +{ + FIXME("%p - stub\n", descr); + heap_free( *descr ); + return TRUE; +} + +/****************************************************************************** + * GetFileSecurityW (kernelbase.@) + */ +BOOL WINAPI GetFileSecurityW( LPCWSTR name, SECURITY_INFORMATION info, + PSECURITY_DESCRIPTOR descr, DWORD len, LPDWORD ret_len ) +{ + HANDLE file; + NTSTATUS status; + DWORD access = 0; + + TRACE( "(%s,%d,%p,%d,%p)\n", debugstr_w(name), info, descr, len, ret_len ); + + if (info & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION)) + access |= READ_CONTROL; + if (info & SACL_SECURITY_INFORMATION) + access |= ACCESS_SYSTEM_SECURITY; + + if (!(status = open_file( name, access, &file ))) + { + status = NtQuerySecurityObject( file, info, descr, len, ret_len ); + NtClose( file ); + } + return set_ntstatus( status ); +} + +/****************************************************************************** + * GetKernelObjectSecurity (kernelbase.@) + */ +BOOL WINAPI GetKernelObjectSecurity( HANDLE handle, SECURITY_INFORMATION info, + PSECURITY_DESCRIPTOR descr, DWORD len, LPDWORD ret_len ) +{ + return set_ntstatus( NtQuerySecurityObject( handle, info, descr, len, ret_len )); +} + +/****************************************************************************** + * GetPrivateObjectSecurity (kernelbase.@) + */ +BOOL WINAPI GetPrivateObjectSecurity( PSECURITY_DESCRIPTOR obj_descr, SECURITY_INFORMATION info, + PSECURITY_DESCRIPTOR ret_descr, DWORD len, PDWORD ret_len ) +{ + SECURITY_DESCRIPTOR desc; + BOOL defaulted, present; + PACL pacl; + PSID psid; + + TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", obj_descr, info, ret_descr, len, ret_len ); + + if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION)) return FALSE; + + if (info & OWNER_SECURITY_INFORMATION) + { + if (!GetSecurityDescriptorOwner(obj_descr, &psid, &defaulted)) return FALSE; + SetSecurityDescriptorOwner(&desc, psid, defaulted); + } + if (info & GROUP_SECURITY_INFORMATION) + { + if (!GetSecurityDescriptorGroup(obj_descr, &psid, &defaulted)) return FALSE; + SetSecurityDescriptorGroup(&desc, psid, defaulted); + } + if (info & DACL_SECURITY_INFORMATION) + { + if (!GetSecurityDescriptorDacl(obj_descr, &present, &pacl, &defaulted)) return FALSE; + SetSecurityDescriptorDacl(&desc, present, pacl, defaulted); + } + if (info & SACL_SECURITY_INFORMATION) + { + if (!GetSecurityDescriptorSacl(obj_descr, &present, &pacl, &defaulted)) return FALSE; + SetSecurityDescriptorSacl(&desc, present, pacl, defaulted); + } + + *ret_len = len; + return MakeSelfRelativeSD(&desc, ret_descr, ret_len); +} + +/****************************************************************************** + * GetSecurityDescriptorControl (kernelbase.@) + */ +BOOL WINAPI GetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr, PSECURITY_DESCRIPTOR_CONTROL control, + LPDWORD revision) +{ + return set_ntstatus( RtlGetControlSecurityDescriptor( descr, control, revision )); +} + +/****************************************************************************** + * GetSecurityDescriptorDacl (kernelbase.@) + */ +BOOL WINAPI GetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr, LPBOOL dacl_present, PACL *dacl, + LPBOOL dacl_defaulted ) +{ + BOOLEAN present, defaulted; + BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor( descr, &present, dacl, &defaulted )); + *dacl_present = present; + *dacl_defaulted = defaulted; + return ret; +} + +/****************************************************************************** + * GetSecurityDescriptorGroup (kernelbase.@) + */ +BOOL WINAPI GetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr, PSID *group, LPBOOL group_defaulted ) +{ + BOOLEAN defaulted; + BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor( descr, group, &defaulted )); + *group_defaulted = defaulted; + return ret; +} + +/****************************************************************************** + * GetSecurityDescriptorLength (kernelbase.@) + */ +DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR descr ) +{ + return RtlLengthSecurityDescriptor( descr ); +} + +/****************************************************************************** + * GetSecurityDescriptorOwner (kernelbase.@) + */ +BOOL WINAPI GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr, PSID *owner, LPBOOL owner_defaulted ) +{ + BOOLEAN defaulted; + BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( descr, owner, &defaulted )); + *owner_defaulted = defaulted; + return ret; +} + +/****************************************************************************** + * GetSecurityDescriptorSacl (kernelbase.@) + */ +BOOL WINAPI GetSecurityDescriptorSacl( PSECURITY_DESCRIPTOR descr, LPBOOL sacl_present, PACL *sacl, + LPBOOL sacl_defaulted ) +{ + BOOLEAN present, defaulted; + BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor( descr, &present, sacl, &defaulted )); + *sacl_present = present; + *sacl_defaulted = defaulted; + return ret; +} + +/****************************************************************************** + * InitializeSecurityDescriptor (kernelbase.@) + */ +BOOL WINAPI InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR descr, DWORD revision ) +{ + return set_ntstatus( RtlCreateSecurityDescriptor( descr, revision )); +} + +/****************************************************************************** + * IsValidSecurityDescriptor (kernelbase.@) + */ +BOOL WINAPI IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR descr ) +{ + return set_ntstatus( RtlValidSecurityDescriptor( descr )); +} + +/****************************************************************************** + * MakeAbsoluteSD (kernelbase.@) + */ +BOOL WINAPI MakeAbsoluteSD ( PSECURITY_DESCRIPTOR rel_descr, PSECURITY_DESCRIPTOR abs_descr, + LPDWORD abs_size, PACL dacl, LPDWORD dacl_size, PACL sacl, LPDWORD sacl_size, + PSID owner, LPDWORD owner_size, PSID group, LPDWORD group_size ) +{ + return set_ntstatus( RtlSelfRelativeToAbsoluteSD( rel_descr, abs_descr, abs_size, + dacl, dacl_size, sacl, sacl_size, + owner, owner_size, group, group_size )); +} + +/****************************************************************************** + * MakeSelfRelativeSD (kernelbase.@) + */ +BOOL WINAPI MakeSelfRelativeSD( PSECURITY_DESCRIPTOR abs_descr, PSECURITY_DESCRIPTOR rel_descr, + LPDWORD len ) +{ + return set_ntstatus( RtlMakeSelfRelativeSD( abs_descr, rel_descr, len )); +} + +/****************************************************************************** + * SetFileSecurityW (kernelbase.@) + */ +BOOL WINAPI SetFileSecurityW( LPCWSTR name, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr ) +{ + HANDLE file; + DWORD access = 0; + NTSTATUS status; + + TRACE( "(%s, 0x%x, %p)\n", debugstr_w(name), info, descr ); + + if (info & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION)) access |= WRITE_OWNER; + if (info & SACL_SECURITY_INFORMATION) access |= ACCESS_SYSTEM_SECURITY; + if (info & DACL_SECURITY_INFORMATION) access |= WRITE_DAC; + + if (!(status = open_file( name, access, &file ))) + { + status = NtSetSecurityObject( file, info, descr ); + NtClose( file ); + } + return set_ntstatus( status ); +} + +/************************************************************************* + * SetKernelObjectSecurity (kernelbase.@) + */ +BOOL WINAPI SetKernelObjectSecurity( HANDLE handle, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr ) +{ + return set_ntstatus( NtSetSecurityObject( handle, info, descr )); +} + +/************************************************************************* + * SetPrivateObjectSecurity (kernelbase.@) + */ +BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR descr, + PSECURITY_DESCRIPTOR *obj_descr, PGENERIC_MAPPING mapping, + HANDLE token ) +{ + FIXME( "0x%08x %p %p %p %p - stub\n", info, descr, obj_descr, mapping, token ); + return TRUE; +} + +/****************************************************************************** + * SetSecurityDescriptorControl (kernelbase.@) + */ +BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR descr, SECURITY_DESCRIPTOR_CONTROL mask, + SECURITY_DESCRIPTOR_CONTROL set ) +{ + return set_ntstatus( RtlSetControlSecurityDescriptor( descr, mask, set )); +} + +/****************************************************************************** + * SetSecurityDescriptorDacl (kernelbase.@) + */ +BOOL WINAPI SetSecurityDescriptorDacl( PSECURITY_DESCRIPTOR descr, BOOL present, PACL dacl, BOOL defaulted ) +{ + return set_ntstatus( RtlSetDaclSecurityDescriptor( descr, present, dacl, defaulted )); +} + +/****************************************************************************** + * SetSecurityDescriptorGroup (kernelbase.@) + */ +BOOL WINAPI SetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR descr, PSID group, BOOL defaulted ) +{ + return set_ntstatus( RtlSetGroupSecurityDescriptor( descr, group, defaulted )); +} + +/****************************************************************************** + * SetSecurityDescriptorOwner (kernelbase.@) + */ +BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR descr, PSID owner, BOOL defaulted ) +{ + return set_ntstatus( RtlSetOwnerSecurityDescriptor( descr, owner, defaulted )); +} + +/************************************************************************** + * SetSecurityDescriptorSacl (kernelbase.@) + */ +BOOL WINAPI SetSecurityDescriptorSacl ( PSECURITY_DESCRIPTOR descr, BOOL present, PACL sacl, BOOL defaulted ) +{ + return set_ntstatus( RtlSetSaclSecurityDescriptor( descr, present, sacl, defaulted )); +}