advapi32: Move sid functions to kernelbase.

Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Alexandre Julliard 2019-06-25 12:35:17 +02:00
parent c7548d6c4f
commit d03eae54f4
5 changed files with 478 additions and 361 deletions

View File

@ -31,8 +31,8 @@
# @ stub AddUsersToEncryptedFileEx
@ stdcall AdjustTokenGroups(long long ptr long ptr ptr)
@ stdcall AdjustTokenPrivileges(long long ptr long ptr ptr)
@ stdcall AllocateAndInitializeSid(ptr long long long long long long long long long ptr)
@ stdcall AllocateLocallyUniqueId(ptr)
@ stdcall -import AllocateAndInitializeSid(ptr long long long long long long long long long ptr)
@ stdcall -import AllocateLocallyUniqueId(ptr)
@ stdcall AreAllAccessesGranted(long long)
@ stdcall AreAnyAccessesGranted(long long)
# @ stub AuditComputeEffectivePolicyBySid
@ -132,7 +132,7 @@
@ stdcall ConvertStringSidToSidA(ptr ptr)
@ stdcall ConvertStringSidToSidW(ptr ptr)
@ stdcall ConvertToAutoInheritPrivateObjectSecurity(ptr ptr ptr ptr long ptr)
@ stdcall CopySid(long ptr ptr)
@ stdcall -import CopySid(long ptr ptr)
# @ stub CreateCodeAuthzLevel
@ stdcall CreatePrivateObjectSecurity(ptr ptr ptr long long ptr)
@ stdcall CreatePrivateObjectSecurityEx(ptr ptr ptr ptr long long long ptr)
@ -146,7 +146,7 @@
@ stdcall CreateServiceA(long str str long long long long str str ptr str str str)
@ stdcall CreateServiceW(long wstr wstr long long long long wstr wstr ptr wstr wstr wstr)
# @ stub CreateTraceInstanceId
@ stdcall CreateWellKnownSid(long ptr ptr ptr)
@ stdcall -import CreateWellKnownSid(long ptr ptr ptr)
# @ stub CredBackupCredentials
@ stdcall CredDeleteA(str long long)
@ stdcall CredDeleteW(wstr long long)
@ -282,8 +282,8 @@
@ stdcall EnumerateTraceGuids(ptr long ptr)
# @ stub EnumerateTraceGuidsEx
# @ stub EqualDomainSid
@ stdcall EqualPrefixSid(ptr ptr)
@ stdcall EqualSid(ptr ptr)
@ stdcall -import EqualPrefixSid(ptr ptr)
@ stdcall -import EqualSid(ptr ptr)
# @ stub EventAccessControl
# @ stub EventAccessQuery
# @ stub EventAccessRemove
@ -309,7 +309,7 @@
# @ stub FreeEncryptedFileMetadata
# @ stub FreeEncryptionCertificateHashList
# @ stub FreeInheritedFromArray
@ stdcall FreeSid(ptr)
@ stdcall -import FreeSid(ptr)
# @ stub GetAccessPermissionsForObjectA
# @ stub GetAccessPermissionsForObjectW
@ stdcall GetAce(ptr long ptr)
@ -332,7 +332,7 @@
# @ stub GetInheritanceSourceA
# @ stub GetInheritanceSourceW
@ stdcall GetKernelObjectSecurity(long long ptr long ptr)
@ stdcall GetLengthSid(ptr)
@ stdcall -import GetLengthSid(ptr)
# @ stub GetLocalManagedApplicationData
# @ stub GetLocalManagedApplications
# @ stub GetManagedApplicationCategories
@ -364,10 +364,10 @@
@ stdcall GetServiceDisplayNameW(ptr wstr ptr ptr)
@ stdcall GetServiceKeyNameA(long str ptr ptr)
@ stdcall GetServiceKeyNameW(long wstr ptr ptr)
@ stdcall GetSidIdentifierAuthority(ptr)
@ stdcall GetSidLengthRequired(long)
@ stdcall GetSidSubAuthority(ptr long)
@ stdcall GetSidSubAuthorityCount(ptr)
@ stdcall -import GetSidIdentifierAuthority(ptr)
@ stdcall -import GetSidLengthRequired(long)
@ stdcall -import GetSidSubAuthority(ptr long)
@ stdcall -import GetSidSubAuthorityCount(ptr)
@ stub GetSiteSidFromToken
# @ stub GetStringConditionFromBinary
# @ stub GetThreadWaitChain
@ -383,7 +383,7 @@
@ stdcall GetTrusteeTypeW(ptr)
@ stdcall GetUserNameA(ptr ptr)
@ stdcall GetUserNameW(ptr ptr)
@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr)
@ stdcall -import GetWindowsAccountDomainSid(ptr ptr ptr)
# @ stub I_QueryTagInformation
# @ stub I_ScGetCurrentGroupStateW
# @ stub I_ScIsSecurityProcess
@ -404,7 +404,7 @@
@ stdcall ImpersonateSelf(long)
@ stdcall InitializeAcl(ptr long long)
@ stdcall InitializeSecurityDescriptor(ptr long)
@ stdcall InitializeSid(ptr ptr long)
@ stdcall -import InitializeSid(ptr ptr long)
@ stdcall InitiateShutdownA(str str long long long)
@ stdcall InitiateShutdownW(wstr wstr long long long)
@ stdcall InitiateSystemShutdownA(str str long long long)
@ -419,8 +419,8 @@
@ stdcall IsValidAcl(ptr)
# @ stub IsValidRelativeSecurityDescriptor
@ stdcall IsValidSecurityDescriptor(ptr)
@ stdcall IsValidSid(ptr)
@ stdcall IsWellKnownSid(ptr long)
@ stdcall -import IsValidSid(ptr)
@ stdcall -import IsWellKnownSid(ptr long)
@ stdcall LockServiceDatabase(ptr)
@ stdcall LogonUserA(str str str long long ptr)
# @ stub LogonUserExA

View File

@ -884,160 +884,6 @@ BOOL WINAPI CreateRestrictedToken(
return DuplicateTokenEx( baseToken, MAXIMUM_ALLOWED, NULL, level, type, newToken );
}
/* ##############################
###### SID FUNCTIONS ######
##############################
*/
/******************************************************************************
* AllocateAndInitializeSid [ADVAPI32.@]
*
* PARAMS
* pIdentifierAuthority []
* nSubAuthorityCount []
* nSubAuthority0 []
* nSubAuthority1 []
* nSubAuthority2 []
* nSubAuthority3 []
* nSubAuthority4 []
* nSubAuthority5 []
* nSubAuthority6 []
* nSubAuthority7 []
* pSid []
*/
BOOL WINAPI
AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
BYTE nSubAuthorityCount,
DWORD nSubAuthority0, DWORD nSubAuthority1,
DWORD nSubAuthority2, DWORD nSubAuthority3,
DWORD nSubAuthority4, DWORD nSubAuthority5,
DWORD nSubAuthority6, DWORD nSubAuthority7,
PSID *pSid )
{
return set_ntstatus( RtlAllocateAndInitializeSid(
pIdentifierAuthority, nSubAuthorityCount,
nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
pSid ));
}
/******************************************************************************
* FreeSid [ADVAPI32.@]
*
* PARAMS
* pSid []
*/
PVOID WINAPI
FreeSid( PSID pSid )
{
RtlFreeSid(pSid);
return NULL; /* is documented like this */
}
/******************************************************************************
* CopySid [ADVAPI32.@]
*
* PARAMS
* nDestinationSidLength []
* pDestinationSid []
* pSourceSid []
*/
BOOL WINAPI
CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
{
return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
}
/******************************************************************************
* CreateWellKnownSid [ADVAPI32.@]
*/
BOOL WINAPI
CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
PSID DomainSid,
PSID pSid,
DWORD* cbSid)
{
unsigned int i;
TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++) {
if (WellKnownSids[i].Type == WellKnownSidType) {
DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
if (*cbSid < length)
{
*cbSid = length;
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return FALSE;
}
if (!pSid)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
*cbSid = length;
return TRUE;
}
}
if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
for (i = 0; i < ARRAY_SIZE(WellKnownRids); i++)
if (WellKnownRids[i].Type == WellKnownSidType) {
UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
if (*cbSid < output_sid_length)
{
*cbSid = output_sid_length;
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return FALSE;
}
if (!pSid)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
CopyMemory(pSid, DomainSid, domain_sid_length);
(*GetSidSubAuthorityCount(pSid))++;
(*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
*cbSid = output_sid_length;
return TRUE;
}
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
/******************************************************************************
* IsWellKnownSid [ADVAPI32.@]
*/
BOOL WINAPI
IsWellKnownSid( PSID pSid, WELL_KNOWN_SID_TYPE WellKnownSidType )
{
unsigned int i;
TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
if (WellKnownSids[i].Type == WellKnownSidType)
if (EqualSid(pSid, (PSID)&(WellKnownSids[i].Sid.Revision)))
return TRUE;
return FALSE;
}
BOOL WINAPI
IsTokenRestricted( HANDLE TokenHandle )
{
@ -1072,68 +918,6 @@ IsTokenRestricted( HANDLE TokenHandle )
return restricted;
}
/******************************************************************************
* IsValidSid [ADVAPI32.@]
*
* PARAMS
* pSid []
*/
BOOL WINAPI
IsValidSid( PSID pSid )
{
return RtlValidSid( pSid );
}
/******************************************************************************
* EqualSid [ADVAPI32.@]
*
* PARAMS
* pSid1 []
* pSid2 []
*/
BOOL WINAPI
EqualSid( PSID pSid1, PSID pSid2 )
{
BOOL ret = RtlEqualSid( pSid1, pSid2 );
SetLastError(ERROR_SUCCESS);
return ret;
}
/******************************************************************************
* EqualPrefixSid [ADVAPI32.@]
*/
BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
{
return RtlEqualPrefixSid(pSid1, pSid2);
}
/******************************************************************************
* GetSidLengthRequired [ADVAPI32.@]
*
* PARAMS
* nSubAuthorityCount []
*/
DWORD WINAPI
GetSidLengthRequired( BYTE nSubAuthorityCount )
{
return RtlLengthRequiredSid(nSubAuthorityCount);
}
/******************************************************************************
* InitializeSid [ADVAPI32.@]
*
* PARAMS
* pIdentifierAuthority []
*/
BOOL WINAPI
InitializeSid (
PSID pSid,
PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
BYTE nSubAuthorityCount)
{
return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
}
DWORD WINAPI
GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights )
{
@ -1151,58 +935,6 @@ GetEffectiveRightsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pAccessR
return 1;
}
/******************************************************************************
* GetSidIdentifierAuthority [ADVAPI32.@]
*
* PARAMS
* pSid []
*/
PSID_IDENTIFIER_AUTHORITY WINAPI
GetSidIdentifierAuthority( PSID pSid )
{
SetLastError(ERROR_SUCCESS);
return RtlIdentifierAuthoritySid(pSid);
}
/******************************************************************************
* GetSidSubAuthority [ADVAPI32.@]
*
* PARAMS
* pSid []
* nSubAuthority []
*/
PDWORD WINAPI
GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
{
SetLastError(ERROR_SUCCESS);
return RtlSubAuthoritySid(pSid, nSubAuthority);
}
/******************************************************************************
* GetSidSubAuthorityCount [ADVAPI32.@]
*
* PARAMS
* pSid []
*/
PUCHAR WINAPI
GetSidSubAuthorityCount (PSID pSid)
{
SetLastError(ERROR_SUCCESS);
return RtlSubAuthorityCountSid(pSid);
}
/******************************************************************************
* GetLengthSid [ADVAPI32.@]
*
* PARAMS
* pSid []
*/
DWORD WINAPI
GetLengthSid (PSID pSid)
{
return RtlLengthSid(pSid);
}
/* ##############################################
###### SECURITY DESCRIPTOR FUNCTIONS ######
##############################################
@ -1646,51 +1378,6 @@ BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescript
pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet ) );
}
/******************************************************************************
* GetWindowsAccountDomainSid [ADVAPI32.@]
*/
BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
{
SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
DWORD required_size;
int i;
FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
if (!sid || !IsValidSid( sid ))
{
SetLastError( ERROR_INVALID_SID );
return FALSE;
}
if (!size)
{
SetLastError( ERROR_INVALID_PARAMETER );
return FALSE;
}
if (*GetSidSubAuthorityCount( sid ) < 4)
{
SetLastError( ERROR_INVALID_SID );
return FALSE;
}
required_size = GetSidLengthRequired( 4 );
if (*size < required_size || !domain_sid)
{
*size = required_size;
SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER :
ERROR_INVALID_PARAMETER );
return FALSE;
}
InitializeSid( domain_sid, &domain_ident, 4 );
for (i = 0; i < 4; i++)
*GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
*size = required_size;
return TRUE;
}
/* ##############################
###### ACL FUNCTIONS ######
@ -1864,22 +1551,6 @@ BOOL WINAPI IsValidAcl(IN PACL pAcl)
return RtlValidAcl(pAcl);
}
/* ##############################
###### MISC FUNCTIONS ######
##############################
*/
/******************************************************************************
* AllocateLocallyUniqueId [ADVAPI32.@]
*
* PARAMS
* lpLuid []
*/
BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid )
{
return set_ntstatus(NtAllocateLocallyUniqueId(lpLuid));
}
static const WCHAR SE_CREATE_TOKEN_NAME_W[] =
{ 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] =

View File

@ -7,5 +7,6 @@ C_SRCS = \
main.c \
path.c \
registry.c \
security.c \
string.c \
version.c

View File

@ -30,8 +30,8 @@
@ stdcall AdjustTokenGroups(long long ptr long ptr ptr) advapi32.AdjustTokenGroups
@ stdcall AdjustTokenPrivileges(long long ptr long ptr ptr) advapi32.AdjustTokenPrivileges
@ stdcall AllocConsole() kernel32.AllocConsole
@ stdcall AllocateAndInitializeSid(ptr long long long long long long long long long ptr) advapi32.AllocateAndInitializeSid
@ stdcall AllocateLocallyUniqueId(ptr) advapi32.AllocateLocallyUniqueId
@ stdcall AllocateAndInitializeSid(ptr long long long long long long long long long ptr)
@ stdcall AllocateLocallyUniqueId(ptr)
@ stdcall AllocateUserPhysicalPages(long ptr ptr) kernel32.AllocateUserPhysicalPages
# @ stub AllocateUserPhysicalPagesNuma
# @ stub AppContainerDeriveSidFromMoniker
@ -169,7 +169,7 @@
@ stdcall CopyFileExW(wstr wstr ptr ptr ptr long) kernel32.CopyFileExW
@ stdcall CopyFileW(wstr wstr long) kernel32.CopyFileW
# @ stub -arch=x86_64 CopyMemoryNonTemporal
@ stdcall CopySid(long ptr ptr) advapi32.CopySid
@ stdcall CopySid(long ptr ptr)
# @ stub CouldMultiUserAppsBehaviorBePossibleForPackage
@ stdcall CreateActCtxW(ptr) kernel32.CreateActCtxW
# @ stub CreateAppContainerToken
@ -233,7 +233,7 @@
@ stdcall CreateTimerQueueTimer(ptr long ptr ptr long long long) kernel32.CreateTimerQueueTimer
@ stdcall CreateWaitableTimerExW(ptr wstr long long) kernel32.CreateWaitableTimerExW
@ stdcall CreateWaitableTimerW(ptr long wstr) kernel32.CreateWaitableTimerW
@ stdcall CreateWellKnownSid(long ptr ptr ptr) advapi32.CreateWellKnownSid
@ stdcall CreateWellKnownSid(long ptr ptr ptr)
# @ stub CtrlRoutine
# @ stub CveEventWrite
@ stdcall DeactivateActCtx(long long) kernel32.DeactivateActCtx
@ -324,8 +324,8 @@
# @ stub EnumerateStateAtomValues
# @ stub EnumerateStateContainerItems
@ stub EqualDomainSid
@ stdcall EqualPrefixSid(ptr ptr) advapi32.EqualPrefixSid
@ stdcall EqualSid(ptr ptr) advapi32.EqualSid
@ stdcall EqualPrefixSid(ptr ptr)
@ stdcall EqualSid(ptr ptr)
@ stdcall EscapeCommFunction(long long) kernel32.EscapeCommFunction
@ stdcall EventActivityIdControl(long ptr) ntdll.EtwEventActivityIdControl
@ stdcall EventEnabled(int64 ptr) ntdll.EtwEventEnabled
@ -398,7 +398,7 @@
@ stdcall FreeLibraryAndExitThread(long long) kernel32.FreeLibraryAndExitThread
@ stdcall FreeLibraryWhenCallbackReturns(ptr ptr) kernel32.FreeLibraryWhenCallbackReturns
@ stdcall FreeResource(long) kernel32.FreeResource
@ stdcall FreeSid(ptr) advapi32.FreeSid
@ stdcall FreeSid(ptr)
@ stdcall FreeUserPhysicalPages(long ptr ptr) kernel32.FreeUserPhysicalPages
@ stdcall GenerateConsoleCtrlEvent(long long) kernel32.GenerateConsoleCtrlEvent
# @ stub GenerateGPNotificationInternal
@ -539,7 +539,7 @@
@ stdcall GetLargePageMinimum() kernel32.GetLargePageMinimum
@ stdcall GetLargestConsoleWindowSize(long) kernel32.GetLargestConsoleWindowSize
@ stdcall GetLastError() kernel32.GetLastError
@ stdcall GetLengthSid(ptr) advapi32.GetLengthSid
@ stdcall GetLengthSid(ptr)
@ stdcall GetLocalTime(ptr) kernel32.GetLocalTime
@ stdcall GetLocaleInfoA(long long ptr long) kernel32.GetLocaleInfoA
@ stdcall GetLocaleInfoEx(wstr long ptr long) kernel32.GetLocaleInfoEx
@ -659,10 +659,10 @@
# @ stub GetSerializedAtomBytes
# @ stub GetSharedLocalFolder
@ stdcall GetShortPathNameW(wstr ptr long) kernel32.GetShortPathNameW
@ stdcall GetSidIdentifierAuthority(ptr) advapi32.GetSidIdentifierAuthority
@ stdcall GetSidLengthRequired(long) advapi32.GetSidLengthRequired
@ stdcall GetSidSubAuthority(ptr long) advapi32.GetSidSubAuthority
@ stdcall GetSidSubAuthorityCount(ptr) advapi32.GetSidSubAuthorityCount
@ stdcall GetSidIdentifierAuthority(ptr)
@ stdcall GetSidLengthRequired(long)
@ stdcall GetSidSubAuthority(ptr long)
@ stdcall GetSidSubAuthorityCount(ptr)
# @ stub GetStagedPackageOrigin
# @ stub GetStagedPackagePathByFullName
@ stdcall GetStartupInfoW(ptr) kernel32.GetStartupInfoW
@ -759,7 +759,7 @@
@ stdcall GetVolumeNameForVolumeMountPointW(wstr ptr long) kernel32.GetVolumeNameForVolumeMountPointW
@ stdcall GetVolumePathNameW(wstr ptr long) kernel32.GetVolumePathNameW
@ stdcall GetVolumePathNamesForVolumeNameW(wstr ptr long ptr) kernel32.GetVolumePathNamesForVolumeNameW
@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr) advapi32.GetWindowsAccountDomainSid
@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr)
@ stdcall GetWindowsDirectoryA(ptr long) kernel32.GetWindowsDirectoryA
@ stdcall GetWindowsDirectoryW(ptr long) kernel32.GetWindowsDirectoryW
@ stdcall GetWriteWatch(long ptr long ptr ptr ptr) kernel32.GetWriteWatch
@ -810,7 +810,7 @@
@ stdcall InitializeSListHead(ptr) kernel32.InitializeSListHead
@ stdcall InitializeSRWLock(ptr) kernel32.InitializeSRWLock
@ stdcall InitializeSecurityDescriptor(ptr long) advapi32.InitializeSecurityDescriptor
@ stdcall InitializeSid(ptr ptr long) advapi32.InitializeSid
@ stdcall InitializeSid(ptr ptr long)
# @ stub InitializeSynchronizationBarrier
# @ stub InstallELAMCertificateInfo
@ stdcall -arch=i386 InterlockedCompareExchange(ptr long long) kernel32.InterlockedCompareExchange
@ -882,8 +882,8 @@
# @ stub IsValidNLSVersion
@ stub IsValidRelativeSecurityDescriptor
@ stdcall IsValidSecurityDescriptor(ptr) advapi32.IsValidSecurityDescriptor
@ stdcall IsValidSid(ptr) advapi32.IsValidSid
@ stdcall IsWellKnownSid(ptr long) advapi32.IsWellKnownSid
@ stdcall IsValidSid(ptr)
@ stdcall IsWellKnownSid(ptr long)
@ stdcall IsWow64Process(ptr ptr) kernel32.IsWow64Process
# @ stub IsWow64Process2
@ stdcall K32EmptyWorkingSet(long) kernel32.K32EmptyWorkingSet

445
dlls/kernelbase/security.c Normal file
View File

@ -0,0 +1,445 @@
/*
* Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
* Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
* Copyright 2006 Robert Reif
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
#include <stdarg.h>
#include <string.h>
#include "ntstatus.h"
#define WIN32_NO_STATUS
#include "windef.h"
#include "winbase.h"
#include "winerror.h"
#include "winternl.h"
#include "winioctl.h"
#include "wine/debug.h"
#include "wine/heap.h"
WINE_DEFAULT_DEBUG_CHANNEL(security);
/******************************************************************************
* SID functions
******************************************************************************/
typedef struct _MAX_SID
{
/* same fields as struct _SID */
BYTE Revision;
BYTE SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
} MAX_SID;
typedef struct WELLKNOWNSID
{
WELL_KNOWN_SID_TYPE Type;
MAX_SID Sid;
} WELLKNOWNSID;
static const WELLKNOWNSID WellKnownSids[] =
{
{ WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
{ WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
{ WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
{ WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
{ WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
{ WinCreatorOwnerRightsSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RIGHTS_RID } } },
{ WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
{ WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
{ WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
{ WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
{ WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
{ WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
{ WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
{ WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
{ WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
{ WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
{ WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
{ WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
{ WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
{ WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
{ WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
{ WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
{ WinLogonIdsSid, { SID_REVISION, SECURITY_LOGON_IDS_RID_COUNT, { SECURITY_NT_AUTHORITY }, { SECURITY_LOGON_IDS_RID } } },
{ WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
{ WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
{ WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
{ WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
{ WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
{ WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
{ WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
{ WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
{ WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
{ WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
{ WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
{ WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
{ WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
{ WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
{ WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
{ WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
{ WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
{ WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
{ WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
{ WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
{ WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
{ WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
{ WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
{ WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
{ WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
{ WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
{ WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
{ WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
{ WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
{ WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
{ WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
{ WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
};
/* these SIDs must be constructed as relative to some domain - only the RID is well-known */
typedef struct WELLKNOWNRID
{
WELL_KNOWN_SID_TYPE Type;
DWORD Rid;
} WELLKNOWNRID;
static const WELLKNOWNRID WellKnownRids[] =
{
{ WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
{ WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
{ WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
{ WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
{ WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
{ WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
{ WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
{ WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
{ WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
{ WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
{ WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
{ WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
{ WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
};
static const char *debugstr_sid( PSID sid )
{
int auth;
SID * psid = sid;
if (psid == NULL) return "(null)";
auth = psid->IdentifierAuthority.Value[5] +
(psid->IdentifierAuthority.Value[4] << 8) +
(psid->IdentifierAuthority.Value[3] << 16) +
(psid->IdentifierAuthority.Value[2] << 24);
switch (psid->SubAuthorityCount) {
case 0:
return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
case 1:
return wine_dbg_sprintf("S-%d-%d-%u", psid->Revision, auth,
psid->SubAuthority[0]);
case 2:
return wine_dbg_sprintf("S-%d-%d-%u-%u", psid->Revision, auth,
psid->SubAuthority[0], psid->SubAuthority[1]);
case 3:
return wine_dbg_sprintf("S-%d-%d-%u-%u-%u", psid->Revision, auth,
psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
case 4:
return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u", psid->Revision, auth,
psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
psid->SubAuthority[3]);
case 5:
return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u", psid->Revision, auth,
psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
psid->SubAuthority[3], psid->SubAuthority[4]);
case 6:
return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
case 7:
return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
psid->SubAuthority[6]);
case 8:
return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
psid->SubAuthority[6], psid->SubAuthority[7]);
}
return "(too-big)";
}
static BOOL set_ntstatus( NTSTATUS status )
{
if (status) SetLastError( RtlNtStatusToDosError( status ));
return !status;
}
/******************************************************************************
* AllocateAndInitializeSid (kernelbase.@)
*/
BOOL WINAPI AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY auth, BYTE count,
DWORD auth0, DWORD auth1, DWORD auth2, DWORD auth3,
DWORD auth4, DWORD auth5, DWORD auth6, DWORD auth7, PSID *sid )
{
return set_ntstatus( RtlAllocateAndInitializeSid( auth, count, auth0, auth1, auth2, auth3,
auth4, auth5, auth6, auth7, sid ));
}
/***********************************************************************
* AllocateLocallyUniqueId (kernelbase.@)
*/
BOOL WINAPI AllocateLocallyUniqueId( PLUID luid )
{
return set_ntstatus( NtAllocateLocallyUniqueId( luid ));
}
/******************************************************************************
* CopySid (kernelbase.@)
*/
BOOL WINAPI CopySid( DWORD len, PSID dest, PSID source )
{
return RtlCopySid( len, dest, source );
}
/******************************************************************************
* EqualPrefixSid (kernelbase.@)
*/
BOOL WINAPI EqualPrefixSid( PSID sid1, PSID sid2 )
{
return RtlEqualPrefixSid( sid1, sid2 );
}
/******************************************************************************
* EqualSid (kernelbase.@)
*/
BOOL WINAPI EqualSid( PSID sid1, PSID sid2 )
{
BOOL ret = RtlEqualSid( sid1, sid2 );
SetLastError(ERROR_SUCCESS);
return ret;
}
/******************************************************************************
* FreeSid (kernelbase.@)
*/
void * WINAPI FreeSid( PSID pSid )
{
RtlFreeSid(pSid);
return NULL; /* is documented like this */
}
/******************************************************************************
* GetLengthSid (kernelbase.@)
*/
DWORD WINAPI GetLengthSid( PSID sid )
{
return RtlLengthSid( sid );
}
/******************************************************************************
* GetSidIdentifierAuthority (kernelbase.@)
*/
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority( PSID sid )
{
SetLastError(ERROR_SUCCESS);
return RtlIdentifierAuthoritySid( sid );
}
/******************************************************************************
* GetSidLengthRequired (kernelbase.@)
*/
DWORD WINAPI GetSidLengthRequired( BYTE count )
{
return RtlLengthRequiredSid( count );
}
/******************************************************************************
* GetSidSubAuthority (kernelbase.@)
*/
PDWORD WINAPI GetSidSubAuthority( PSID sid, DWORD auth )
{
SetLastError(ERROR_SUCCESS);
return RtlSubAuthoritySid( sid, auth );
}
/******************************************************************************
* GetSidSubAuthorityCount (kernelbase.@)
*/
PUCHAR WINAPI GetSidSubAuthorityCount( PSID sid )
{
SetLastError(ERROR_SUCCESS);
return RtlSubAuthorityCountSid( sid );
}
/******************************************************************************
* GetWindowsAccountDomainSid (kernelbase.@)
*/
BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
{
SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
DWORD required_size;
int i;
FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
if (!sid || !IsValidSid( sid ))
{
SetLastError( ERROR_INVALID_SID );
return FALSE;
}
if (!size)
{
SetLastError( ERROR_INVALID_PARAMETER );
return FALSE;
}
if (*GetSidSubAuthorityCount( sid ) < 4)
{
SetLastError( ERROR_INVALID_SID );
return FALSE;
}
required_size = GetSidLengthRequired( 4 );
if (*size < required_size || !domain_sid)
{
*size = required_size;
SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER : ERROR_INVALID_PARAMETER );
return FALSE;
}
InitializeSid( domain_sid, &domain_ident, 4 );
for (i = 0; i < 4; i++)
*GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
*size = required_size;
return TRUE;
}
/******************************************************************************
* InitializeSid (kernelbase.@)
*/
BOOL WINAPI InitializeSid ( PSID sid, PSID_IDENTIFIER_AUTHORITY auth, BYTE count )
{
return RtlInitializeSid( sid, auth, count );
}
/******************************************************************************
* IsValidSid (kernelbase.@)
*/
BOOL WINAPI IsValidSid( PSID sid )
{
return RtlValidSid( sid );
}
/******************************************************************************
* CreateWellKnownSid (kernelbase.@)
*/
BOOL WINAPI CreateWellKnownSid( WELL_KNOWN_SID_TYPE type, PSID domain, PSID sid, DWORD *size )
{
unsigned int i;
TRACE("(%d, %s, %p, %p)\n", type, debugstr_sid(domain), sid, size);
if (size == NULL || (domain && !IsValidSid(domain)))
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
{
if (WellKnownSids[i].Type == type)
{
DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
if (*size < length)
{
*size = length;
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return FALSE;
}
if (!sid)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
CopyMemory(sid, &WellKnownSids[i].Sid.Revision, length);
*size = length;
return TRUE;
}
}
if (domain == NULL || *GetSidSubAuthorityCount(domain) == SID_MAX_SUB_AUTHORITIES)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
for (i = 0; i < ARRAY_SIZE(WellKnownRids); i++)
{
if (WellKnownRids[i].Type == type)
{
UCHAR domain_subauth = *GetSidSubAuthorityCount(domain);
DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
if (*size < output_sid_length)
{
*size = output_sid_length;
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return FALSE;
}
if (!sid)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
CopyMemory(sid, domain, domain_sid_length);
(*GetSidSubAuthorityCount(sid))++;
(*GetSidSubAuthority(sid, domain_subauth)) = WellKnownRids[i].Rid;
*size = output_sid_length;
return TRUE;
}
}
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
/******************************************************************************
* IsWellKnownSid (kernelbase.@)
*/
BOOL WINAPI IsWellKnownSid( PSID sid, WELL_KNOWN_SID_TYPE type )
{
unsigned int i;
TRACE("(%s, %d)\n", debugstr_sid(sid), type);
for (i = 0; i < ARRAY_SIZE(WellKnownSids); i++)
if (WellKnownSids[i].Type == type)
if (EqualSid(sid, (PSID)&WellKnownSids[i].Sid.Revision))
return TRUE;
return FALSE;
}