/* * dlls/advapi32/security.c * FIXME: for all functions thunking down to Rtl* functions: implement SetLastError() */ #include #include "windef.h" #include "winerror.h" #include "heap.h" #include "ntddk.h" #include "ntsecapi.h" #include "debugtools.h" DECLARE_DEBUG_CHANNEL(advapi) DECLARE_DEBUG_CHANNEL(security) #define CallWin32ToNt(func) \ { NTSTATUS ret; \ ret = (func); \ if (ret !=STATUS_SUCCESS) \ { SetLastError (RtlNtStatusToDosError(ret)); return FALSE; } \ return TRUE; \ } /* ############################## ###### TOKEN FUNCTIONS ###### ############################## */ /****************************************************************************** * OpenProcessToken [ADVAPI32.109] * Opens the access token associated with a process * * PARAMS * ProcessHandle [I] Handle to process * DesiredAccess [I] Desired access to process * TokenHandle [O] Pointer to handle of open access token * * RETURNS STD */ BOOL WINAPI OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess, HANDLE *TokenHandle ) { CallWin32ToNt(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle )); } /****************************************************************************** * OpenThreadToken [ADVAPI32.114] * * PARAMS * thread [] * desiredaccess [] * openasself [] * thandle [] */ BOOL WINAPI OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle) { CallWin32ToNt (NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle)); } /****************************************************************************** * AdjustTokenPrivileges [ADVAPI32.10] * * PARAMS * TokenHandle [] * DisableAllPrivileges [] * NewState [] * BufferLength [] * PreviousState [] * ReturnLength [] */ BOOL WINAPI AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges, LPVOID NewState, DWORD BufferLength, LPVOID PreviousState, LPDWORD ReturnLength ) { CallWin32ToNt(NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges, NewState, BufferLength, PreviousState, ReturnLength)); } /****************************************************************************** * GetTokenInformation [ADVAPI32.66] * * PARAMS * token [] * tokeninfoclass [] * tokeninfo [] * tokeninfolength [] * retlen [] * */ BOOL WINAPI GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass, LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen ) { CallWin32ToNt (NtQueryInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength, retlen)); } /* ############################## ###### SID FUNCTIONS ###### ############################## */ /****************************************************************************** * AllocateAndInitializeSid [ADVAPI32.11] * * PARAMS * pIdentifierAuthority [] * nSubAuthorityCount [] * nSubAuthority0 [] * nSubAuthority1 [] * nSubAuthority2 [] * nSubAuthority3 [] * nSubAuthority4 [] * nSubAuthority5 [] * nSubAuthority6 [] * nSubAuthority7 [] * pSid [] */ BOOL WINAPI AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid ) { if (!(*pSid = HeapAlloc( GetProcessHeap(), 0, GetSidLengthRequired(nSubAuthorityCount)))) return FALSE; (*pSid)->Revision = SID_REVISION; if (pIdentifierAuthority) memcpy(&(*pSid)->IdentifierAuthority, pIdentifierAuthority, sizeof (SID_IDENTIFIER_AUTHORITY)); *GetSidSubAuthorityCount(*pSid) = nSubAuthorityCount; if (nSubAuthorityCount > 0) *GetSidSubAuthority(*pSid, 0) = nSubAuthority0; if (nSubAuthorityCount > 1) *GetSidSubAuthority(*pSid, 1) = nSubAuthority1; if (nSubAuthorityCount > 2) *GetSidSubAuthority(*pSid, 2) = nSubAuthority2; if (nSubAuthorityCount > 3) *GetSidSubAuthority(*pSid, 3) = nSubAuthority3; if (nSubAuthorityCount > 4) *GetSidSubAuthority(*pSid, 4) = nSubAuthority4; if (nSubAuthorityCount > 5) *GetSidSubAuthority(*pSid, 5) = nSubAuthority5; if (nSubAuthorityCount > 6) *GetSidSubAuthority(*pSid, 6) = nSubAuthority6; if (nSubAuthorityCount > 7) *GetSidSubAuthority(*pSid, 7) = nSubAuthority7; return TRUE; } /****************************************************************************** * FreeSid [ADVAPI32.42] * * PARAMS * pSid [] */ PVOID WINAPI FreeSid( PSID pSid ) { HeapFree( GetProcessHeap(), 0, pSid ); return NULL; } /****************************************************************************** * CopySid [ADVAPI32.24] * * PARAMS * nDestinationSidLength [] * pDestinationSid [] * pSourceSid [] */ BOOL WINAPI CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid ) { if (!IsValidSid(pSourceSid)) return FALSE; if (nDestinationSidLength < GetLengthSid(pSourceSid)) return FALSE; memcpy(pDestinationSid, pSourceSid, GetLengthSid(pSourceSid)); return TRUE; } /****************************************************************************** * IsValidSid [ADVAPI32.80] * * PARAMS * pSid [] */ BOOL WINAPI IsValidSid( PSID pSid ) { if (IsBadReadPtr(pSid, 4)) { WARN_(security)("(%p): invalid pointer!", pSid); return FALSE; } if (pSid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) return FALSE; if (!pSid || pSid->Revision != SID_REVISION) return FALSE; return TRUE; } /****************************************************************************** * EqualSid [ADVAPI32.40] * * PARAMS * pSid1 [] * pSid2 [] */ BOOL WINAPI EqualSid( PSID pSid1, PSID pSid2 ) { if (!IsValidSid(pSid1) || !IsValidSid(pSid2)) return FALSE; if (*GetSidSubAuthorityCount(pSid1) != *GetSidSubAuthorityCount(pSid2)) return FALSE; if (memcmp(pSid1, pSid2, GetLengthSid(pSid1)) != 0) return FALSE; return TRUE; } /****************************************************************************** * EqualPrefixSid [ADVAPI32.39] */ BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2) { if (!IsValidSid(pSid1) || !IsValidSid(pSid2)) return FALSE; if (*GetSidSubAuthorityCount(pSid1) != *GetSidSubAuthorityCount(pSid2)) return FALSE; if (memcmp(pSid1, pSid2, GetSidLengthRequired(pSid1->SubAuthorityCount - 1)) != 0) return FALSE; return TRUE; } /****************************************************************************** * GetSidLengthRequired [ADVAPI32.63] * * PARAMS * nSubAuthorityCount [] */ DWORD WINAPI GetSidLengthRequired( BYTE nSubAuthorityCount ) { return sizeof (SID) + (nSubAuthorityCount - 1) * sizeof (DWORD); } /****************************************************************************** * InitializeSid [ADVAPI32.74] * * PARAMS * pIdentifierAuthority [] */ BOOL WINAPI InitializeSid (PSID pSid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount) { int i; pSid->Revision = SID_REVISION; if (pIdentifierAuthority) memcpy(&pSid->IdentifierAuthority, pIdentifierAuthority, sizeof (SID_IDENTIFIER_AUTHORITY)); *GetSidSubAuthorityCount(pSid) = nSubAuthorityCount; for (i = 0; i < nSubAuthorityCount; i++) *GetSidSubAuthority(pSid, i) = 0; return TRUE; } /****************************************************************************** * GetSidIdentifierAuthority [ADVAPI32.62] * * PARAMS * pSid [] */ PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority( PSID pSid ) { return &pSid->IdentifierAuthority; } /****************************************************************************** * GetSidSubAuthority [ADVAPI32.64] * * PARAMS * pSid [] * nSubAuthority [] */ PDWORD WINAPI GetSidSubAuthority( PSID pSid, DWORD nSubAuthority ) { return &pSid->SubAuthority[nSubAuthority]; } /****************************************************************************** * GetSidSubAuthorityCount [ADVAPI32.65] * * PARAMS * pSid [] */ PUCHAR WINAPI GetSidSubAuthorityCount (PSID pSid) { return &pSid->SubAuthorityCount; } /****************************************************************************** * GetLengthSid [ADVAPI32.48] * * PARAMS * pSid [] */ DWORD WINAPI GetLengthSid (PSID pSid) { return GetSidLengthRequired( * GetSidSubAuthorityCount(pSid) ); } /* ############################################## ###### SECURITY DESCRIPTOR FUNCTIONS ###### ############################################## */ /****************************************************************************** * InitializeSecurityDescriptor [ADVAPI32.73] * * PARAMS * pDescr [] * revision [] */ BOOL WINAPI InitializeSecurityDescriptor( SECURITY_DESCRIPTOR *pDescr, DWORD revision ) { CallWin32ToNt (RtlCreateSecurityDescriptor(pDescr, revision )); } /****************************************************************************** * GetSecurityDescriptorLength [ADVAPI32.55] */ DWORD WINAPI GetSecurityDescriptorLength( SECURITY_DESCRIPTOR *pDescr) { return (RtlLengthSecurityDescriptor(pDescr)); } /****************************************************************************** * GetSecurityDescriptorOwner [ADVAPI32.56] * * PARAMS * pOwner [] * lpbOwnerDefaulted [] */ BOOL WINAPI GetSecurityDescriptorOwner( SECURITY_DESCRIPTOR *pDescr, PSID *pOwner, LPBOOL lpbOwnerDefaulted ) { CallWin32ToNt (RtlGetOwnerSecurityDescriptor( pDescr, pOwner, (PBOOLEAN)lpbOwnerDefaulted )); } /****************************************************************************** * SetSecurityDescriptorOwner [ADVAPI32] * * PARAMS */ BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pOwner, BOOL bOwnerDefaulted) { CallWin32ToNt (RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted)); } /****************************************************************************** * GetSecurityDescriptorGroup [ADVAPI32.54] */ BOOL WINAPI GetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR SecurityDescriptor, PSID *Group, LPBOOL GroupDefaulted) { CallWin32ToNt (RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, (PBOOLEAN)GroupDefaulted)); } /****************************************************************************** * SetSecurityDescriptorGroup */ BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor, PSID Group, BOOL GroupDefaulted) { CallWin32ToNt (RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted)); } /****************************************************************************** * IsValidSecurityDescriptor [ADVAPI32.79] * * PARAMS * lpsecdesc [] */ BOOL WINAPI IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor ) { CallWin32ToNt (RtlValidSecurityDescriptor(SecurityDescriptor)); } /****************************************************************************** * GetSecurityDescriptorDacl [ADVAPI.91] */ BOOL WINAPI GetSecurityDescriptorDacl( IN PSECURITY_DESCRIPTOR pSecurityDescriptor, OUT LPBOOL lpbDaclPresent, OUT PACL *pDacl, OUT LPBOOL lpbDaclDefaulted) { CallWin32ToNt (RtlGetDaclSecurityDescriptor(pSecurityDescriptor, (PBOOLEAN)lpbDaclPresent, pDacl, (PBOOLEAN)lpbDaclDefaulted)); } /****************************************************************************** * SetSecurityDescriptorDacl [ADVAPI.224] */ BOOL WINAPI SetSecurityDescriptorDacl ( PSECURITY_DESCRIPTOR lpsd, BOOL daclpresent, PACL dacl, BOOL dacldefaulted ) { CallWin32ToNt (RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted )); } /****************************************************************************** * GetSecurityDescriptorSacl [ADVAPI.] */ BOOL WINAPI GetSecurityDescriptorSacl( IN PSECURITY_DESCRIPTOR lpsd, OUT LPBOOL lpbSaclPresent, OUT PACL *pSacl, OUT LPBOOL lpbSaclDefaulted) { CallWin32ToNt (RtlGetSaclSecurityDescriptor(lpsd, (PBOOLEAN)lpbSaclPresent, pSacl, (PBOOLEAN)lpbSaclDefaulted)); } /************************************************************************** * SetSecurityDescriptorSacl [NTDLL.488] */ BOOL WINAPI SetSecurityDescriptorSacl ( PSECURITY_DESCRIPTOR lpsd, BOOL saclpresent, PACL lpsacl, BOOL sacldefaulted) { CallWin32ToNt (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted)); } /****************************************************************************** * MakeSelfRelativeSD [ADVAPI32.95] * * PARAMS * lpabssecdesc [] * lpselfsecdesc [] * lpbuflen [] */ BOOL WINAPI MakeSelfRelativeSD( PSECURITY_DESCRIPTOR lpabssecdesc, PSECURITY_DESCRIPTOR lpselfsecdesc, LPDWORD lpbuflen ) { FIXME_(advapi)("(%p,%p,%p),stub!\n",lpabssecdesc,lpselfsecdesc,lpbuflen); return TRUE; } /****************************************************************************** * GetSecurityDescriptorControl32 [ADVAPI32] */ BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision) { FIXME_(advapi)("(%p,%p,%p),stub!\n",pSecurityDescriptor,pControl,lpdwRevision); return 1; } /* ############################## ###### MISC FUNCTIONS ###### ############################## */ /****************************************************************************** * LookupPrivilegeValue32W [ADVAPI32.93] * Retrieves LUID used on a system to represent the privilege name. * * NOTES * lpLuid should be PLUID * * PARAMS * lpSystemName [I] Address of string specifying the system * lpName [I] Address of string specifying the privilege * lpLuid [I] Address of locally unique identifier * * RETURNS STD */ BOOL WINAPI LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, LPVOID lpLuid ) { FIXME_(advapi)("(%s,%s,%p): stub\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid); return TRUE; } /****************************************************************************** * LookupPrivilegeValue32A [ADVAPI32.92] */ BOOL WINAPI LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, LPVOID lpLuid ) { LPWSTR lpSystemNameW = HEAP_strdupAtoW(GetProcessHeap(), 0, lpSystemName); LPWSTR lpNameW = HEAP_strdupAtoW(GetProcessHeap(), 0, lpName); BOOL ret = LookupPrivilegeValueW( lpSystemNameW, lpNameW, lpLuid); HeapFree(GetProcessHeap(), 0, lpNameW); HeapFree(GetProcessHeap(), 0, lpSystemNameW); return ret; } /****************************************************************************** * GetFileSecurity32A [ADVAPI32.45] * * Obtains Specified information about the security of a file or directory * The information obtained is constrained by the callers access rights and * privileges */ BOOL WINAPI GetFileSecurityA( LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded ) { FIXME_(advapi)("(%s) : stub\n", debugstr_a(lpFileName)); return TRUE; } /****************************************************************************** * GetFileSecurity32W [ADVAPI32.46] * * Obtains Specified information about the security of a file or directory * The information obtained is constrained by the callers access rights and * privileges * * PARAMS * lpFileName [] * RequestedInformation [] * pSecurityDescriptor [] * nLength [] * lpnLengthNeeded [] */ BOOL WINAPI GetFileSecurityW( LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded ) { FIXME_(advapi)("(%s) : stub\n", debugstr_w(lpFileName) ); return TRUE; } /****************************************************************************** * LookupAccountSid32A [ADVAPI32.86] */ BOOL WINAPI LookupAccountSidA( LPCSTR system, PSID sid, LPCSTR account, LPDWORD accountSize, LPCSTR domain, LPDWORD domainSize, PSID_NAME_USE name_use ) { FIXME_(security)("(%s,%p,%p,%p,%p,%p,%p): stub\n", system,sid,account,accountSize,domain,domainSize,name_use); SetLastError(ERROR_CALL_NOT_IMPLEMENTED); return FALSE; } /****************************************************************************** * LookupAccountSid32W [ADVAPI32.87] * * PARAMS * system [] * sid [] * account [] * accountSize [] * domain [] * domainSize [] * name_use [] */ BOOL WINAPI LookupAccountSidW( LPCWSTR system, PSID sid, LPCWSTR account, LPDWORD accountSize, LPCWSTR domain, LPDWORD domainSize, PSID_NAME_USE name_use ) { FIXME_(security)("(%p,%p,%p,%p,%p,%p,%p): stub\n", system,sid,account,accountSize,domain,domainSize,name_use); SetLastError(ERROR_CALL_NOT_IMPLEMENTED); return FALSE; } /****************************************************************************** * SetFileSecurity32A [ADVAPI32.182] * Sets the security of a file or directory */ BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor) { FIXME_(advapi)("(%s) : stub\n", debugstr_a(lpFileName)); return TRUE; } /****************************************************************************** * SetFileSecurity32W [ADVAPI32.183] * Sets the security of a file or directory * * PARAMS * lpFileName [] * RequestedInformation [] * pSecurityDescriptor [] */ BOOL WINAPI SetFileSecurityW( LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor ) { FIXME_(advapi)("(%s) : stub\n", debugstr_w(lpFileName) ); return TRUE; } /****************************************************************************** * QueryWindows31FilesMigration [ADVAPI32.266] * * PARAMS * x1 [] */ BOOL WINAPI QueryWindows31FilesMigration( DWORD x1 ) { FIXME_(advapi)("(%ld):stub\n",x1); return TRUE; } /****************************************************************************** * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.265] * * PARAMS * x1 [] * x2 [] * x3 [] * x4 [] */ BOOL WINAPI SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3, DWORD x4 ) { FIXME_(advapi)("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1,x2,x3,x4); return TRUE; } /****************************************************************************** * LsaOpenPolicy [ADVAPI32.200] * * PARAMS * x1 [] * x2 [] * x3 [] * x4 [] */ NTSTATUS WINAPI LsaOpenPolicy(PLSA_UNICODE_STRING SystemName, PLSA_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, PLSA_HANDLE PolicyHandle) { FIXME_(advapi)("(%p,%p,0x%08lx,%p):stub\n", SystemName, ObjectAttributes, DesiredAccess, PolicyHandle); return 0xc0000000; /* generic error */ } /****************************************************************************** * NotifyBootConfigStatus [ADVAPI32.97] * * PARAMS * x1 [] */ BOOL WINAPI NotifyBootConfigStatus( DWORD x1 ) { FIXME_(advapi)("(0x%08lx):stub\n",x1); return 1; } /****************************************************************************** * RevertToSelf [ADVAPI32.180] * * PARAMS * void [] */ BOOL WINAPI RevertToSelf( void ) { FIXME_(advapi)("(), stub\n"); return TRUE; } /****************************************************************************** * ImpersonateSelf [ADVAPI32.71] */ BOOL WINAPI ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel) { FIXME_(advapi)("(%08x), stub\n", ImpersonationLevel); return TRUE; } /****************************************************************************** * AccessCheck32 [ADVAPI32.71] */ BOOL WINAPI AccessCheck(PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, PGENERIC_MAPPING GenericMapping, PPRIVILEGE_SET PrivilegeSet, LPDWORD PrivilegeSetLength, LPDWORD GrantedAccess, LPBOOL AccessStatus) { FIXME_(advapi)("(%p, %04x, %08lx, %p, %p, %p, %p, %p), stub\n", pSecurityDescriptor, ClientToken, DesiredAccess, GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, AccessStatus); *AccessStatus = TRUE; return TRUE; } /************************************************************************* * SetThreadToken [ADVAPI32.231] * * Assigns an "impersonation token" to a thread so it can assume the * security privledges of another thread or process. Can also remove * a previously assigned token. Only supported on NT - it's a stub * exactly like this one on Win9X. * */ BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token) { FIXME_(advapi)("(%p, %x): stub\n", thread, token); SetLastError(ERROR_CALL_NOT_IMPLEMENTED); return FALSE; }