3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS system libraries
5 * FILE: lib/advapi32/sec/sec.c
6 * PURPOSE: Security descriptor functions
7 * PROGRAMMER: Ariadne ( ariadne@xs4all.nl)
8 * Steven Edwards ( Steven_Ed4153@yahoo.com )
9 * Andrew Greenwood ( silverblade_uk@hotmail.com )
15 WINE_DEFAULT_DEBUG_CHANNEL(advapi
);
22 GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
23 PSECURITY_DESCRIPTOR_CONTROL pControl
,
28 Status
= RtlGetControlSecurityDescriptor(pSecurityDescriptor
,
30 (PULONG
)lpdwRevision
);
31 if (!NT_SUCCESS(Status
))
33 SetLastError(RtlNtStatusToDosError(Status
));
46 GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
47 LPBOOL lpbDaclPresent
,
49 LPBOOL lpbDaclDefaulted
)
52 BOOLEAN DaclDefaulted
;
55 Status
= RtlGetDaclSecurityDescriptor(pSecurityDescriptor
,
59 *lpbDaclPresent
= (BOOL
)DaclPresent
;
60 *lpbDaclDefaulted
= (BOOL
)DaclDefaulted
;
62 if (!NT_SUCCESS(Status
))
64 SetLastError(RtlNtStatusToDosError(Status
));
77 GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
79 LPBOOL lpbGroupDefaulted
)
81 BOOLEAN GroupDefaulted
;
84 Status
= RtlGetGroupSecurityDescriptor(pSecurityDescriptor
,
87 *lpbGroupDefaulted
= (BOOL
)GroupDefaulted
;
89 if (!NT_SUCCESS(Status
))
91 SetLastError(RtlNtStatusToDosError(Status
));
104 GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
106 LPBOOL lpbOwnerDefaulted
)
108 BOOLEAN OwnerDefaulted
;
111 Status
= RtlGetOwnerSecurityDescriptor(pSecurityDescriptor
,
114 *lpbOwnerDefaulted
= (BOOL
)OwnerDefaulted
;
116 if (!NT_SUCCESS(Status
))
118 SetLastError(RtlNtStatusToDosError(Status
));
131 GetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor
,
134 if (!RtlGetSecurityDescriptorRMControl(SecurityDescriptor
,
136 return ERROR_INVALID_DATA
;
138 return ERROR_SUCCESS
;
147 GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
148 LPBOOL lpbSaclPresent
,
150 LPBOOL lpbSaclDefaulted
)
153 BOOLEAN SaclDefaulted
;
156 Status
= RtlGetSaclSecurityDescriptor(pSecurityDescriptor
,
160 *lpbSaclPresent
= (BOOL
)SaclPresent
;
161 *lpbSaclDefaulted
= (BOOL
)SaclDefaulted
;
163 if (!NT_SUCCESS(Status
))
165 SetLastError(RtlNtStatusToDosError(Status
));
178 InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
183 Status
= RtlCreateSecurityDescriptor(pSecurityDescriptor
,
185 if (!NT_SUCCESS(Status
))
187 SetLastError(RtlNtStatusToDosError(Status
));
200 IsValidSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor
)
204 Result
= RtlValidSecurityDescriptor (pSecurityDescriptor
);
206 SetLastError(RtlNtStatusToDosError(STATUS_INVALID_SECURITY_DESCR
));
217 MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor
,
218 PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor
,
219 LPDWORD lpdwAbsoluteSecurityDescriptorSize
,
221 LPDWORD lpdwDaclSize
,
223 LPDWORD lpdwSaclSize
,
225 LPDWORD lpdwOwnerSize
,
227 LPDWORD lpdwPrimaryGroupSize
)
231 Status
= RtlSelfRelativeToAbsoluteSD (pSelfRelativeSecurityDescriptor
,
232 pAbsoluteSecurityDescriptor
,
233 lpdwAbsoluteSecurityDescriptorSize
,
241 lpdwPrimaryGroupSize
);
242 if (!NT_SUCCESS(Status
))
244 SetLastError (RtlNtStatusToDosError (Status
));
257 MakeAbsoluteSD2(IN OUT PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor
,
258 OUT LPDWORD lpdwBufferSize
)
262 Status
= RtlSelfRelativeToAbsoluteSD2(pSelfRelativeSecurityDescriptor
,
264 if (!NT_SUCCESS(Status
))
266 SetLastError(RtlNtStatusToDosError(Status
));
279 MakeSelfRelativeSD(PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor
,
280 PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor
,
281 LPDWORD lpdwBufferLength
)
285 Status
= RtlAbsoluteToSelfRelativeSD(pAbsoluteSecurityDescriptor
,
286 pSelfRelativeSecurityDescriptor
,
287 (PULONG
)lpdwBufferLength
);
288 if (!NT_SUCCESS(Status
))
290 SetLastError(RtlNtStatusToDosError(Status
));
303 SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
304 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest
,
305 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet
)
309 Status
= RtlSetControlSecurityDescriptor(pSecurityDescriptor
,
310 ControlBitsOfInterest
,
312 if (!NT_SUCCESS(Status
))
314 SetLastError(RtlNtStatusToDosError(Status
));
327 SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
334 Status
= RtlSetDaclSecurityDescriptor(pSecurityDescriptor
,
338 if (!NT_SUCCESS(Status
))
340 SetLastError(RtlNtStatusToDosError(Status
));
353 SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
355 BOOL bGroupDefaulted
)
359 Status
= RtlSetGroupSecurityDescriptor(pSecurityDescriptor
,
362 if (!NT_SUCCESS(Status
))
364 SetLastError(RtlNtStatusToDosError(Status
));
377 SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
379 BOOL bOwnerDefaulted
)
383 Status
= RtlSetOwnerSecurityDescriptor(pSecurityDescriptor
,
386 if (!NT_SUCCESS(Status
))
388 SetLastError(RtlNtStatusToDosError(Status
));
401 SetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor
,
404 RtlSetSecurityDescriptorRMControl(SecurityDescriptor
,
407 return ERROR_SUCCESS
;
416 SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
423 Status
= RtlSetSaclSecurityDescriptor(pSecurityDescriptor
,
427 if (!NT_SUCCESS(Status
))
429 SetLastError(RtlNtStatusToDosError(Status
));
442 QuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
443 OUT LPDWORD DesiredAccess
)
447 if (SecurityInformation
& (OWNER_SECURITY_INFORMATION
|
448 GROUP_SECURITY_INFORMATION
| DACL_SECURITY_INFORMATION
))
450 *DesiredAccess
|= READ_CONTROL
;
453 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
454 *DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
463 SetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
464 OUT LPDWORD DesiredAccess
)
468 if (SecurityInformation
& (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
))
469 *DesiredAccess
|= WRITE_OWNER
;
471 if (SecurityInformation
& DACL_SECURITY_INFORMATION
)
472 *DesiredAccess
|= WRITE_DAC
;
474 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
475 *DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
484 ConvertToAutoInheritPrivateObjectSecurity(IN PSECURITY_DESCRIPTOR ParentDescriptor
,
485 IN PSECURITY_DESCRIPTOR CurrentSecurityDescriptor
,
486 OUT PSECURITY_DESCRIPTOR
* NewSecurityDescriptor
,
488 IN BOOLEAN IsDirectoryObject
,
489 IN PGENERIC_MAPPING GenericMapping
)
501 BuildSecurityDescriptorW(IN PTRUSTEE_W pOwner OPTIONAL
,
502 IN PTRUSTEE_W pGroup OPTIONAL
,
503 IN ULONG cCountOfAccessEntries
,
504 IN PEXPLICIT_ACCESS_W pListOfAccessEntries OPTIONAL
,
505 IN ULONG cCountOfAuditEntries
,
506 IN PEXPLICIT_ACCESS_W pListOfAuditEntries OPTIONAL
,
507 IN PSECURITY_DESCRIPTOR pOldSD OPTIONAL
,
508 OUT PULONG pSizeNewSD
,
509 OUT PSECURITY_DESCRIPTOR
* pNewSD
)
521 BuildSecurityDescriptorA(IN PTRUSTEE_A pOwner OPTIONAL
,
522 IN PTRUSTEE_A pGroup OPTIONAL
,
523 IN ULONG cCountOfAccessEntries
,
524 IN PEXPLICIT_ACCESS_A pListOfAccessEntries OPTIONAL
,
525 IN ULONG cCountOfAuditEntries
,
526 IN PEXPLICIT_ACCESS_A pListOfAuditEntries OPTIONAL
,
527 IN PSECURITY_DESCRIPTOR pOldSD OPTIONAL
,
528 OUT PULONG pSizeNewSD
,
529 OUT PSECURITY_DESCRIPTOR
* pNewSD
)