3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS system libraries
5 * FILE: lib/advapi32/sec/sec.c
6 * PURPOSE: Security descriptor functions
7 * PROGRAMMER: Ariadne ( ariadne@xs4all.nl)
8 * Steven Edwards ( Steven_Ed4153@yahoo.com )
9 * Andrew Greenwood ( silverblade_uk@hotmail.com )
15 #include "wine/debug.h"
17 WINE_DEFAULT_DEBUG_CHANNEL(advapi
);
24 GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
25 PSECURITY_DESCRIPTOR_CONTROL pControl
,
30 Status
= RtlGetControlSecurityDescriptor(pSecurityDescriptor
,
32 (PULONG
)lpdwRevision
);
33 if (!NT_SUCCESS(Status
))
35 SetLastError(RtlNtStatusToDosError(Status
));
48 GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
49 LPBOOL lpbDaclPresent
,
51 LPBOOL lpbDaclDefaulted
)
54 BOOLEAN DaclDefaulted
;
57 Status
= RtlGetDaclSecurityDescriptor(pSecurityDescriptor
,
61 *lpbDaclPresent
= (BOOL
)DaclPresent
;
62 *lpbDaclDefaulted
= (BOOL
)DaclDefaulted
;
64 if (!NT_SUCCESS(Status
))
66 SetLastError(RtlNtStatusToDosError(Status
));
79 GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
81 LPBOOL lpbGroupDefaulted
)
83 BOOLEAN GroupDefaulted
;
86 Status
= RtlGetGroupSecurityDescriptor(pSecurityDescriptor
,
89 *lpbGroupDefaulted
= (BOOL
)GroupDefaulted
;
91 if (!NT_SUCCESS(Status
))
93 SetLastError(RtlNtStatusToDosError(Status
));
106 GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
108 LPBOOL lpbOwnerDefaulted
)
110 BOOLEAN OwnerDefaulted
;
113 Status
= RtlGetOwnerSecurityDescriptor(pSecurityDescriptor
,
116 *lpbOwnerDefaulted
= (BOOL
)OwnerDefaulted
;
118 if (!NT_SUCCESS(Status
))
120 SetLastError(RtlNtStatusToDosError(Status
));
133 GetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor
,
136 if (!RtlGetSecurityDescriptorRMControl(SecurityDescriptor
,
138 return ERROR_INVALID_DATA
;
140 return ERROR_SUCCESS
;
149 GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
150 LPBOOL lpbSaclPresent
,
152 LPBOOL lpbSaclDefaulted
)
155 BOOLEAN SaclDefaulted
;
158 Status
= RtlGetSaclSecurityDescriptor(pSecurityDescriptor
,
162 *lpbSaclPresent
= (BOOL
)SaclPresent
;
163 *lpbSaclDefaulted
= (BOOL
)SaclDefaulted
;
165 if (!NT_SUCCESS(Status
))
167 SetLastError(RtlNtStatusToDosError(Status
));
180 InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
185 Status
= RtlCreateSecurityDescriptor(pSecurityDescriptor
,
187 if (!NT_SUCCESS(Status
))
189 SetLastError(RtlNtStatusToDosError(Status
));
202 IsValidSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor
)
206 Result
= RtlValidSecurityDescriptor (pSecurityDescriptor
);
208 SetLastError(RtlNtStatusToDosError(STATUS_INVALID_SECURITY_DESCR
));
219 MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor
,
220 PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor
,
221 LPDWORD lpdwAbsoluteSecurityDescriptorSize
,
223 LPDWORD lpdwDaclSize
,
225 LPDWORD lpdwSaclSize
,
227 LPDWORD lpdwOwnerSize
,
229 LPDWORD lpdwPrimaryGroupSize
)
233 Status
= RtlSelfRelativeToAbsoluteSD (pSelfRelativeSecurityDescriptor
,
234 pAbsoluteSecurityDescriptor
,
235 lpdwAbsoluteSecurityDescriptorSize
,
243 lpdwPrimaryGroupSize
);
244 if (!NT_SUCCESS(Status
))
246 SetLastError (RtlNtStatusToDosError (Status
));
259 MakeAbsoluteSD2(IN OUT PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor
,
260 OUT LPDWORD lpdwBufferSize
)
264 Status
= RtlSelfRelativeToAbsoluteSD2(pSelfRelativeSecurityDescriptor
,
266 if (!NT_SUCCESS(Status
))
268 SetLastError(RtlNtStatusToDosError(Status
));
281 MakeSelfRelativeSD(PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor
,
282 PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor
,
283 LPDWORD lpdwBufferLength
)
287 Status
= RtlAbsoluteToSelfRelativeSD(pAbsoluteSecurityDescriptor
,
288 pSelfRelativeSecurityDescriptor
,
289 (PULONG
)lpdwBufferLength
);
290 if (!NT_SUCCESS(Status
))
292 SetLastError(RtlNtStatusToDosError(Status
));
305 SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
306 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest
,
307 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet
)
311 Status
= RtlSetControlSecurityDescriptor(pSecurityDescriptor
,
312 ControlBitsOfInterest
,
314 if (!NT_SUCCESS(Status
))
316 SetLastError(RtlNtStatusToDosError(Status
));
329 SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
336 Status
= RtlSetDaclSecurityDescriptor(pSecurityDescriptor
,
340 if (!NT_SUCCESS(Status
))
342 SetLastError(RtlNtStatusToDosError(Status
));
355 SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
357 BOOL bGroupDefaulted
)
361 Status
= RtlSetGroupSecurityDescriptor(pSecurityDescriptor
,
364 if (!NT_SUCCESS(Status
))
366 SetLastError(RtlNtStatusToDosError(Status
));
379 SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
381 BOOL bOwnerDefaulted
)
385 Status
= RtlSetOwnerSecurityDescriptor(pSecurityDescriptor
,
388 if (!NT_SUCCESS(Status
))
390 SetLastError(RtlNtStatusToDosError(Status
));
403 SetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor
,
406 RtlSetSecurityDescriptorRMControl(SecurityDescriptor
,
409 return ERROR_SUCCESS
;
418 SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor
,
425 Status
= RtlSetSaclSecurityDescriptor(pSecurityDescriptor
,
429 if (!NT_SUCCESS(Status
))
431 SetLastError(RtlNtStatusToDosError(Status
));
444 QuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
445 OUT LPDWORD DesiredAccess
)
449 if (SecurityInformation
& (OWNER_SECURITY_INFORMATION
|
450 GROUP_SECURITY_INFORMATION
| DACL_SECURITY_INFORMATION
))
452 *DesiredAccess
|= READ_CONTROL
;
455 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
456 *DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
465 SetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
466 OUT LPDWORD DesiredAccess
)
470 if (SecurityInformation
& (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
))
471 *DesiredAccess
|= WRITE_OWNER
;
473 if (SecurityInformation
& DACL_SECURITY_INFORMATION
)
474 *DesiredAccess
|= WRITE_DAC
;
476 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
477 *DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
486 ConvertToAutoInheritPrivateObjectSecurity(IN PSECURITY_DESCRIPTOR ParentDescriptor
,
487 IN PSECURITY_DESCRIPTOR CurrentSecurityDescriptor
,
488 OUT PSECURITY_DESCRIPTOR
* NewSecurityDescriptor
,
490 IN BOOLEAN IsDirectoryObject
,
491 IN PGENERIC_MAPPING GenericMapping
)
503 BuildSecurityDescriptorW(IN PTRUSTEE_W pOwner OPTIONAL
,
504 IN PTRUSTEE_W pGroup OPTIONAL
,
505 IN ULONG cCountOfAccessEntries
,
506 IN PEXPLICIT_ACCESS_W pListOfAccessEntries OPTIONAL
,
507 IN ULONG cCountOfAuditEntries
,
508 IN PEXPLICIT_ACCESS_W pListOfAuditEntries OPTIONAL
,
509 IN PSECURITY_DESCRIPTOR pOldSD OPTIONAL
,
510 OUT PULONG pSizeNewSD
,
511 OUT PSECURITY_DESCRIPTOR
* pNewSD
)
523 BuildSecurityDescriptorA(IN PTRUSTEE_A pOwner OPTIONAL
,
524 IN PTRUSTEE_A pGroup OPTIONAL
,
525 IN ULONG cCountOfAccessEntries
,
526 IN PEXPLICIT_ACCESS_A pListOfAccessEntries OPTIONAL
,
527 IN ULONG cCountOfAuditEntries
,
528 IN PEXPLICIT_ACCESS_A pListOfAuditEntries OPTIONAL
,
529 IN PSECURITY_DESCRIPTOR pOldSD OPTIONAL
,
530 OUT PULONG pSizeNewSD
,
531 OUT PSECURITY_DESCRIPTOR
* pNewSD
)