2 * ReactOS MARTA provider
3 * Copyright (C) 2005 - 2006 ReactOS Team
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 * PROJECT: ReactOS MARTA provider
22 * FILE: lib/ntmarta/ntmarta.c
23 * PURPOSE: ReactOS MARTA provider
24 * PROGRAMMER: Thomas Weidenmueller <w3seek@reactos.com>
34 HINSTANCE hDllInstance
;
37 AccpGetAceAccessMode(IN PACE_HEADER AceHeader
)
39 ACCESS_MODE Mode
= NOT_USED_ACCESS
;
41 switch (AceHeader
->AceType
)
43 case ACCESS_ALLOWED_ACE_TYPE
:
44 case ACCESS_ALLOWED_CALLBACK_ACE_TYPE
:
45 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
:
46 case ACCESS_ALLOWED_OBJECT_ACE_TYPE
:
50 case ACCESS_DENIED_ACE_TYPE
:
51 case ACCESS_DENIED_CALLBACK_ACE_TYPE
:
52 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE
:
53 case ACCESS_DENIED_OBJECT_ACE_TYPE
:
57 case SYSTEM_AUDIT_ACE_TYPE
:
58 case SYSTEM_AUDIT_CALLBACK_ACE_TYPE
:
59 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
:
60 case SYSTEM_AUDIT_OBJECT_ACE_TYPE
:
61 if (AceHeader
->AceFlags
& FAILED_ACCESS_ACE_FLAG
)
62 Mode
= SET_AUDIT_FAILURE
;
63 else if (AceHeader
->AceFlags
& SUCCESSFUL_ACCESS_ACE_FLAG
)
64 Mode
= SET_AUDIT_SUCCESS
;
72 AccpGetAceStructureSize(IN PACE_HEADER AceHeader
)
76 switch (AceHeader
->AceType
)
78 case ACCESS_ALLOWED_ACE_TYPE
:
79 case ACCESS_DENIED_ACE_TYPE
:
80 Size
= FIELD_OFFSET(ACCESS_ALLOWED_ACE
,
83 case ACCESS_ALLOWED_CALLBACK_ACE_TYPE
:
84 case ACCESS_DENIED_CALLBACK_ACE_TYPE
:
85 Size
= FIELD_OFFSET(ACCESS_ALLOWED_CALLBACK_ACE
,
88 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
:
89 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE
:
91 PACCESS_ALLOWED_CALLBACK_OBJECT_ACE Ace
= (PACCESS_ALLOWED_CALLBACK_OBJECT_ACE
)AceHeader
;
92 Size
= FIELD_OFFSET(ACCESS_ALLOWED_CALLBACK_OBJECT_ACE
,
94 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
95 Size
+= sizeof(Ace
->ObjectType
);
96 if (Ace
->Flags
& ACE_INHERITED_OBJECT_TYPE_PRESENT
)
97 Size
+= sizeof(Ace
->InheritedObjectType
);
100 case ACCESS_ALLOWED_OBJECT_ACE_TYPE
:
101 case ACCESS_DENIED_OBJECT_ACE_TYPE
:
103 PACCESS_ALLOWED_OBJECT_ACE Ace
= (PACCESS_ALLOWED_OBJECT_ACE
)AceHeader
;
104 Size
= FIELD_OFFSET(ACCESS_ALLOWED_OBJECT_ACE
,
106 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
107 Size
+= sizeof(Ace
->ObjectType
);
108 if (Ace
->Flags
& ACE_INHERITED_OBJECT_TYPE_PRESENT
)
109 Size
+= sizeof(Ace
->InheritedObjectType
);
113 case SYSTEM_AUDIT_ACE_TYPE
:
114 Size
= FIELD_OFFSET(SYSTEM_AUDIT_ACE
,
117 case SYSTEM_AUDIT_CALLBACK_ACE_TYPE
:
118 Size
= FIELD_OFFSET(SYSTEM_AUDIT_CALLBACK_ACE
,
121 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
:
123 PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE Ace
= (PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE
)AceHeader
;
124 Size
= FIELD_OFFSET(SYSTEM_AUDIT_CALLBACK_OBJECT_ACE
,
126 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
127 Size
+= sizeof(Ace
->ObjectType
);
128 if (Ace
->Flags
& ACE_INHERITED_OBJECT_TYPE_PRESENT
)
129 Size
+= sizeof(Ace
->InheritedObjectType
);
132 case SYSTEM_AUDIT_OBJECT_ACE_TYPE
:
134 PSYSTEM_AUDIT_OBJECT_ACE Ace
= (PSYSTEM_AUDIT_OBJECT_ACE
)AceHeader
;
135 Size
= FIELD_OFFSET(SYSTEM_AUDIT_OBJECT_ACE
,
137 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
138 Size
+= sizeof(Ace
->ObjectType
);
139 if (Ace
->Flags
& ACE_INHERITED_OBJECT_TYPE_PRESENT
)
140 Size
+= sizeof(Ace
->InheritedObjectType
);
144 case SYSTEM_MANDATORY_LABEL_ACE_TYPE
:
145 Size
= FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE
,
154 AccpGetAceSid(IN PACE_HEADER AceHeader
)
156 return (PSID
)((ULONG_PTR
)AceHeader
+ AccpGetAceStructureSize(AceHeader
));
160 AccpGetAceAccessMask(IN PACE_HEADER AceHeader
)
162 return *((PACCESS_MASK
)(AceHeader
+ 1));
166 AccpIsObjectAce(IN PACE_HEADER AceHeader
)
170 switch (AceHeader
->AceType
)
172 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
:
173 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE
:
174 case ACCESS_ALLOWED_OBJECT_ACE_TYPE
:
175 case ACCESS_DENIED_OBJECT_ACE_TYPE
:
176 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
:
177 case SYSTEM_AUDIT_OBJECT_ACE_TYPE
:
190 AccpGetObjectAceObjectType(IN PACE_HEADER AceHeader
)
192 GUID
*ObjectType
= NULL
;
194 switch (AceHeader
->AceType
)
196 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
:
197 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE
:
199 PACCESS_ALLOWED_CALLBACK_OBJECT_ACE Ace
= (PACCESS_ALLOWED_CALLBACK_OBJECT_ACE
)AceHeader
;
200 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
201 ObjectType
= &Ace
->ObjectType
;
204 case ACCESS_ALLOWED_OBJECT_ACE_TYPE
:
205 case ACCESS_DENIED_OBJECT_ACE_TYPE
:
207 PACCESS_ALLOWED_OBJECT_ACE Ace
= (PACCESS_ALLOWED_OBJECT_ACE
)AceHeader
;
208 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
209 ObjectType
= &Ace
->ObjectType
;
213 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
:
215 PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE Ace
= (PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE
)AceHeader
;
216 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
217 ObjectType
= &Ace
->ObjectType
;
220 case SYSTEM_AUDIT_OBJECT_ACE_TYPE
:
222 PSYSTEM_AUDIT_OBJECT_ACE Ace
= (PSYSTEM_AUDIT_OBJECT_ACE
)AceHeader
;
223 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
224 ObjectType
= &Ace
->ObjectType
;
233 AccpGetObjectAceInheritedObjectType(IN PACE_HEADER AceHeader
)
235 GUID
*ObjectType
= NULL
;
237 switch (AceHeader
->AceType
)
239 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
:
240 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE
:
242 PACCESS_ALLOWED_CALLBACK_OBJECT_ACE Ace
= (PACCESS_ALLOWED_CALLBACK_OBJECT_ACE
)AceHeader
;
243 if (Ace
->Flags
& ACE_INHERITED_OBJECT_TYPE_PRESENT
)
245 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
246 ObjectType
= &Ace
->InheritedObjectType
;
248 ObjectType
= &Ace
->ObjectType
;
252 case ACCESS_ALLOWED_OBJECT_ACE_TYPE
:
253 case ACCESS_DENIED_OBJECT_ACE_TYPE
:
255 PACCESS_ALLOWED_OBJECT_ACE Ace
= (PACCESS_ALLOWED_OBJECT_ACE
)AceHeader
;
256 if (Ace
->Flags
& ACE_INHERITED_OBJECT_TYPE_PRESENT
)
258 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
259 ObjectType
= &Ace
->InheritedObjectType
;
261 ObjectType
= &Ace
->ObjectType
;
266 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
:
268 PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE Ace
= (PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE
)AceHeader
;
269 if (Ace
->Flags
& ACE_INHERITED_OBJECT_TYPE_PRESENT
)
271 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
272 ObjectType
= &Ace
->InheritedObjectType
;
274 ObjectType
= &Ace
->ObjectType
;
278 case SYSTEM_AUDIT_OBJECT_ACE_TYPE
:
280 PSYSTEM_AUDIT_OBJECT_ACE Ace
= (PSYSTEM_AUDIT_OBJECT_ACE
)AceHeader
;
281 if (Ace
->Flags
& ACE_INHERITED_OBJECT_TYPE_PRESENT
)
283 if (Ace
->Flags
& ACE_OBJECT_TYPE_PRESENT
)
284 ObjectType
= &Ace
->InheritedObjectType
;
286 ObjectType
= &Ace
->ObjectType
;
296 /**********************************************************************
297 * AccRewriteGetHandleRights EXPORTED
302 AccRewriteGetHandleRights(HANDLE handle
,
303 SE_OBJECT_TYPE ObjectType
,
304 SECURITY_INFORMATION SecurityInfo
,
309 PSECURITY_DESCRIPTOR
* ppSecurityDescriptor
)
311 PSECURITY_DESCRIPTOR pSD
= NULL
;
317 /* save the last error code */
318 LastErr
= GetLastError();
324 /* allocate a buffer large enough to hold the
325 security descriptor we need to return */
329 pSD
= LocalAlloc(LMEM_FIXED
,
334 PSECURITY_DESCRIPTOR newSD
;
336 newSD
= LocalReAlloc((HLOCAL
)pSD
,
345 Ret
= GetLastError();
349 /* perform the actual query depending on the object type */
352 case SE_REGISTRY_KEY
:
354 Ret
= (DWORD
)RegGetKeySecurity((HKEY
)handle
,
362 /* FIXME - handle console handles? */
363 case SE_KERNEL_OBJECT
:
365 Status
= NtQuerySecurityObject(handle
,
370 if (!NT_SUCCESS(Status
))
372 Ret
= RtlNtStatusToDosError(Status
);
379 if (!QueryServiceObjectSecurity((SC_HANDLE
)handle
,
385 Ret
= GetLastError();
390 case SE_WINDOW_OBJECT
:
392 if (!GetUserObjectSecurity(handle
,
398 Ret
= GetLastError();
406 Ret
= ERROR_CALL_NOT_IMPLEMENTED
;
411 } while (Ret
== ERROR_INSUFFICIENT_BUFFER
);
413 if (Ret
== ERROR_SUCCESS
)
415 BOOL Present
, Defaulted
;
417 if (SecurityInfo
& OWNER_SECURITY_INFORMATION
&& ppsidOwner
!= NULL
)
420 if (!GetSecurityDescriptorOwner(pSD
,
424 Ret
= GetLastError();
429 if (SecurityInfo
& GROUP_SECURITY_INFORMATION
&& ppsidGroup
!= NULL
)
432 if (!GetSecurityDescriptorGroup(pSD
,
436 Ret
= GetLastError();
441 if (SecurityInfo
& DACL_SECURITY_INFORMATION
&& ppDacl
!= NULL
)
444 if (!GetSecurityDescriptorDacl(pSD
,
449 Ret
= GetLastError();
454 if (SecurityInfo
& SACL_SECURITY_INFORMATION
&& ppSacl
!= NULL
)
457 if (!GetSecurityDescriptorSacl(pSD
,
462 Ret
= GetLastError();
467 *ppSecurityDescriptor
= pSD
;
474 LocalFree((HLOCAL
)pSD
);
478 /* restore the last error code */
479 SetLastError(LastErr
);
485 /**********************************************************************
486 * AccRewriteSetHandleRights EXPORTED
491 AccRewriteSetHandleRights(HANDLE handle
,
492 SE_OBJECT_TYPE ObjectType
,
493 SECURITY_INFORMATION SecurityInfo
,
494 PSECURITY_DESCRIPTOR pSecurityDescriptor
)
498 DWORD Ret
= ERROR_SUCCESS
;
500 /* save the last error code */
501 LastErr
= GetLastError();
503 /* set the security according to the object type */
506 case SE_REGISTRY_KEY
:
508 Ret
= (DWORD
)RegSetKeySecurity((HKEY
)handle
,
510 pSecurityDescriptor
);
515 /* FIXME - handle console handles? */
516 case SE_KERNEL_OBJECT
:
518 Status
= NtSetSecurityObject(handle
,
520 pSecurityDescriptor
);
521 if (!NT_SUCCESS(Status
))
523 Ret
= RtlNtStatusToDosError(Status
);
530 if (!SetServiceObjectSecurity((SC_HANDLE
)handle
,
532 pSecurityDescriptor
))
534 Ret
= GetLastError();
539 case SE_WINDOW_OBJECT
:
541 if (!SetUserObjectSecurity(handle
,
543 pSecurityDescriptor
))
545 Ret
= GetLastError();
553 Ret
= ERROR_CALL_NOT_IMPLEMENTED
;
559 /* restore the last error code */
560 SetLastError(LastErr
);
567 AccpOpenNamedObject(LPWSTR pObjectName
,
568 SE_OBJECT_TYPE ObjectType
,
569 SECURITY_INFORMATION SecurityInfo
,
576 ACCESS_MASK DesiredAccess
= (ACCESS_MASK
)0;
577 DWORD Ret
= ERROR_SUCCESS
;
579 /* determine the required access rights */
582 case SE_REGISTRY_KEY
:
584 case SE_KERNEL_OBJECT
:
586 case SE_WINDOW_OBJECT
:
589 SetSecurityAccessMask(SecurityInfo
,
590 (PDWORD
)&DesiredAccess
);
594 QuerySecurityAccessMask(SecurityInfo
,
595 (PDWORD
)&DesiredAccess
);
603 /* make a copy of the path if we're modifying the string */
606 case SE_REGISTRY_KEY
:
608 lpPath
= (LPWSTR
)LocalAlloc(LMEM_FIXED
,
609 (wcslen(pObjectName
) + 1) * sizeof(WCHAR
));
612 Ret
= GetLastError();
621 lpPath
= pObjectName
;
625 /* open a handle to the path depending on the object type */
630 IO_STATUS_BLOCK IoStatusBlock
;
631 OBJECT_ATTRIBUTES ObjectAttributes
;
632 UNICODE_STRING FileName
;
634 if (!RtlDosPathNameToNtPathName_U(pObjectName
,
639 Ret
= ERROR_INVALID_NAME
;
643 InitializeObjectAttributes(&ObjectAttributes
,
645 OBJ_CASE_INSENSITIVE
,
649 Status
= NtOpenFile(Handle
,
653 FILE_SHARE_READ
| FILE_SHARE_WRITE
| FILE_SHARE_DELETE
,
654 FILE_SYNCHRONOUS_IO_NONALERT
);
656 RtlFreeHeap(RtlGetProcessHeap(),
660 if (!NT_SUCCESS(Status
))
662 Ret
= RtlNtStatusToDosError(Status
);
667 case SE_REGISTRY_KEY
:
675 {HKEY_CLASSES_ROOT
, L
"CLASSES_ROOT"},
676 {HKEY_CURRENT_USER
, L
"CURRENT_USER"},
677 {HKEY_LOCAL_MACHINE
, L
"MACHINE"},
678 {HKEY_USERS
, L
"USERS"},
679 {HKEY_CURRENT_CONFIG
, L
"CONFIG"},
681 LPWSTR lpMachineName
, lpRootKeyName
, lpKeyName
;
682 HKEY hRootKey
= NULL
;
685 /* parse the registry path */
686 if (lpPath
[0] == L
'\\' && lpPath
[1] == L
'\\')
688 lpMachineName
= lpPath
;
690 lpRootKeyName
= wcschr(lpPath
+ 2,
692 if (lpRootKeyName
== NULL
)
695 *(lpRootKeyName
++) = L
'\0';
699 lpMachineName
= NULL
;
700 lpRootKeyName
= lpPath
;
703 lpKeyName
= wcschr(lpRootKeyName
,
705 if (lpKeyName
!= NULL
)
707 *(lpKeyName
++) = L
'\0';
711 i
!= sizeof(AccRegRootKeys
) / sizeof(AccRegRootKeys
[0]);
714 if (!wcsicmp(lpRootKeyName
,
715 AccRegRootKeys
[i
].szRootKey
))
717 hRootKey
= AccRegRootKeys
[i
].hRootKey
;
722 if (hRootKey
== NULL
)
725 /* FIXME - right error code? */
726 Ret
= ERROR_INVALID_PARAMETER
;
730 /* open the registry key */
731 if (lpMachineName
!= NULL
)
733 Ret
= RegConnectRegistry(lpMachineName
,
737 if (Ret
!= ERROR_SUCCESS
)
740 hRootKey
= (HKEY
)(*Handle2
);
743 Ret
= RegOpenKeyEx(hRootKey
,
746 (REGSAM
)DesiredAccess
,
748 if (Ret
!= ERROR_SUCCESS
)
750 if (*Handle2
!= NULL
)
752 RegCloseKey((HKEY
)(*Handle2
));
762 LPWSTR lpServiceName
, lpMachineName
;
764 /* parse the service path */
765 if (lpPath
[0] == L
'\\' && lpPath
[1] == L
'\\')
767 DesiredAccess
|= SC_MANAGER_CONNECT
;
769 lpMachineName
= lpPath
;
771 lpServiceName
= wcschr(lpPath
+ 2,
773 if (lpServiceName
== NULL
)
775 /* FIXME - right error code? */
776 Ret
= ERROR_INVALID_PARAMETER
;
780 *(lpServiceName
++) = L
'\0';
784 lpMachineName
= NULL
;
785 lpServiceName
= lpPath
;
788 /* open the service */
789 *Handle2
= (HANDLE
)OpenSCManager(lpMachineName
,
791 (DWORD
)DesiredAccess
);
792 if (*Handle2
== NULL
)
794 goto FailOpenService
;
797 DesiredAccess
&= ~SC_MANAGER_CONNECT
;
798 *Handle
= (HANDLE
)OpenService((SC_HANDLE
)(*Handle2
),
800 (DWORD
)DesiredAccess
);
803 if (*Handle2
!= NULL
)
805 CloseServiceHandle((SC_HANDLE
)(*Handle2
));
809 Ret
= GetLastError();
818 Ret
= ERROR_CALL_NOT_IMPLEMENTED
;
824 if (lpPath
!= NULL
&& lpPath
!= pObjectName
)
826 LocalFree((HLOCAL
)lpPath
);
834 AccpCloseObjectHandle(SE_OBJECT_TYPE ObjectType
,
838 ASSERT(Handle
!= NULL
);
840 /* close allocated handlees depending on the object type */
843 case SE_REGISTRY_KEY
:
844 RegCloseKey((HKEY
)Handle
);
846 RegCloseKey((HKEY
)Handle2
);
853 case SE_KERNEL_OBJECT
:
854 case SE_WINDOW_OBJECT
:
859 CloseServiceHandle((SC_HANDLE
)Handle
);
860 ASSERT(Handle2
!= NULL
);
861 CloseServiceHandle((SC_HANDLE
)Handle2
);
870 /**********************************************************************
871 * AccRewriteGetNamedRights EXPORTED
876 AccRewriteGetNamedRights(LPWSTR pObjectName
,
877 SE_OBJECT_TYPE ObjectType
,
878 SECURITY_INFORMATION SecurityInfo
,
883 PSECURITY_DESCRIPTOR
* ppSecurityDescriptor
)
885 HANDLE Handle
= NULL
;
886 HANDLE Handle2
= NULL
;
890 /* save the last error code */
891 LastErr
= GetLastError();
893 /* create the handle */
894 Ret
= AccpOpenNamedObject(pObjectName
,
901 if (Ret
== ERROR_SUCCESS
)
903 ASSERT(Handle
!= NULL
);
905 /* perform the operation */
906 Ret
= AccRewriteGetHandleRights(Handle
,
913 ppSecurityDescriptor
);
915 /* close opened handles */
916 AccpCloseObjectHandle(ObjectType
,
921 /* restore the last error code */
922 SetLastError(LastErr
);
928 /**********************************************************************
929 * AccRewriteSetNamedRights EXPORTED
934 AccRewriteSetNamedRights(LPWSTR pObjectName
,
935 SE_OBJECT_TYPE ObjectType
,
936 SECURITY_INFORMATION SecurityInfo
,
937 PSECURITY_DESCRIPTOR pSecurityDescriptor
)
939 HANDLE Handle
= NULL
;
940 HANDLE Handle2
= NULL
;
944 /* save the last error code */
945 LastErr
= GetLastError();
947 /* create the handle */
948 Ret
= AccpOpenNamedObject(pObjectName
,
955 if (Ret
== ERROR_SUCCESS
)
957 ASSERT(Handle
!= NULL
);
959 /* perform the operation */
960 Ret
= AccRewriteSetHandleRights(Handle
,
963 pSecurityDescriptor
);
965 /* close opened handles */
966 AccpCloseObjectHandle(ObjectType
,
971 /* restore the last error code */
972 SetLastError(LastErr
);
979 GetTrusteeSid(PTRUSTEE Trustee
,
982 if (Trustee
->pMultipleTrustee
|| Trustee
->MultipleTrusteeOperation
!= NO_MULTIPLE_TRUSTEE
)
984 DPRINT1("Trustee form not supported\n");
988 switch (Trustee
->TrusteeForm
)
990 case TRUSTEE_IS_NAME
:
991 case TRUSTEE_IS_OBJECTS_AND_NAME
:
993 DPRINT1("Case not implemented\n");
996 case TRUSTEE_IS_OBJECTS_AND_SID
:
998 return ((POBJECTS_AND_SID
)Trustee
->ptstrName
)->pSid
;
1001 return (PSID
)Trustee
->ptstrName
;
1003 DPRINT1("Wrong Trustee form\n");
1009 /**********************************************************************
1010 * AccRewriteSetEntriesInAcl EXPORTED
1015 AccRewriteSetEntriesInAcl(ULONG cCountOfExplicitEntries
,
1016 PEXPLICIT_ACCESS_W pListOfExplicitEntries
,
1021 ACL_SIZE_INFORMATION SizeInformation
;
1023 BOOLEAN
*pKeepAce
= NULL
;
1029 DWORD Ret
= ERROR_SUCCESS
;
1031 /* save the last error code */
1032 LastErr
= GetLastError();
1036 /* Get information about previous ACL */
1039 if (!GetAclInformation(OldAcl
, &SizeInformation
, sizeof(ACL_SIZE_INFORMATION
), AclSizeInformation
))
1041 Ret
= GetLastError();
1045 pKeepAce
= (BOOLEAN
*)LocalAlloc(LMEM_FIXED
, SizeInformation
.AceCount
* sizeof(*pKeepAce
));
1048 Ret
= ERROR_NOT_ENOUGH_MEMORY
;
1052 memset(pKeepAce
, TRUE
, SizeInformation
.AceCount
* sizeof(*pKeepAce
));
1056 ZeroMemory(&SizeInformation
, sizeof(ACL_SIZE_INFORMATION
));
1057 SizeInformation
.AclBytesInUse
= sizeof(ACL
);
1060 /* Get size required for new entries */
1061 for (i
= 0; i
< cCountOfExplicitEntries
; i
++)
1063 switch (pListOfExplicitEntries
[i
].grfAccessMode
)
1067 /* Discard all accesses for the trustee... */
1068 pSid1
= GetTrusteeSid(&pListOfExplicitEntries
[i
].Trustee
, &needToClean
);
1069 for (i
= 0; i
< SizeInformation
.AceCount
; i
++)
1073 if (!GetAce(OldAcl
, i
, (PVOID
*)&pAce
))
1075 Ret
= GetLastError();
1079 pSid2
= AccpGetAceSid(pAce
);
1080 if (RtlEqualSid(pSid1
, pSid2
))
1082 pKeepAce
[i
] = FALSE
;
1083 SizeInformation
.AclBytesInUse
-= pAce
->AceSize
;
1086 if (needToClean
) LocalFree((HLOCAL
)pSid1
);
1087 if (pListOfExplicitEntries
[i
].grfAccessMode
== REVOKE_ACCESS
)
1089 /* ...and replace by the current access */
1092 pSid1
= GetTrusteeSid(&pListOfExplicitEntries
[i
].Trustee
, &needToClean
);
1093 SizeInformation
.AclBytesInUse
+= FIELD_OFFSET(ACCESS_ALLOWED_ACE
, SidStart
) + RtlLengthSid(pSid1
);
1094 if (needToClean
) LocalFree((HLOCAL
)pSid1
);
1098 pSid1
= GetTrusteeSid(&pListOfExplicitEntries
[i
].Trustee
, &needToClean
);
1099 SizeInformation
.AclBytesInUse
+= FIELD_OFFSET(ACCESS_DENIED_ACE
, SidStart
) + RtlLengthSid(pSid1
);
1100 if (needToClean
) LocalFree((HLOCAL
)pSid1
);
1102 case SET_AUDIT_SUCCESS
:
1103 case SET_AUDIT_FAILURE
:
1105 DPRINT1("Case not implemented!\n");
1108 DPRINT1("Unknown access mode 0x%x. Ignoring it\n", pListOfExplicitEntries
[i
].grfAccessMode
);
1113 /* OK, now create the new ACL */
1114 DPRINT("Allocating %u bytes for the new ACL\n", SizeInformation
.AclBytesInUse
);
1115 pNew
= (PACL
)LocalAlloc(LMEM_FIXED
, SizeInformation
.AclBytesInUse
);
1118 Ret
= ERROR_NOT_ENOUGH_MEMORY
;
1121 if (!InitializeAcl(pNew
, SizeInformation
.AclBytesInUse
, ACL_REVISION
))
1123 Ret
= GetLastError();
1128 /* 1a) New audit entries (SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE) */
1131 /* 1b) Existing audit entries */
1134 /* 2a) New denied entries (DENY_ACCESS) */
1135 for (i
= 0; i
< cCountOfExplicitEntries
; i
++)
1137 if (pListOfExplicitEntries
[i
].grfAccessMode
== DENY_ACCESS
)
1139 /* FIXME: take care of pListOfExplicitEntries[i].grfInheritance */
1140 pSid1
= GetTrusteeSid(&pListOfExplicitEntries
[i
].Trustee
, &needToClean
);
1141 bRet
= AddAccessDeniedAce(pNew
, ACL_REVISION
, pListOfExplicitEntries
[i
].grfAccessPermissions
, pSid1
);
1142 if (needToClean
) LocalFree((HLOCAL
)pSid1
);
1145 Ret
= GetLastError();
1151 /* 2b) Existing denied entries */
1154 /* 3a) New allow entries (GRANT_ACCESS, SET_ACCESS) */
1155 for (i
= 0; i
< cCountOfExplicitEntries
; i
++)
1157 if (pListOfExplicitEntries
[i
].grfAccessMode
== SET_ACCESS
||
1158 pListOfExplicitEntries
[i
].grfAccessMode
== GRANT_ACCESS
)
1160 /* FIXME: take care of pListOfExplicitEntries[i].grfInheritance */
1161 pSid1
= GetTrusteeSid(&pListOfExplicitEntries
[i
].Trustee
, &needToClean
);
1162 bRet
= AddAccessAllowedAce(pNew
, ACL_REVISION
, pListOfExplicitEntries
[i
].grfAccessPermissions
, pSid1
);
1163 if (needToClean
) LocalFree((HLOCAL
)pSid1
);
1166 Ret
= GetLastError();
1172 /* 3b) Existing allow entries */
1179 LocalFree((HLOCAL
)pKeepAce
);
1181 /* restore the last error code */
1182 SetLastError(LastErr
);
1188 /**********************************************************************
1189 * AccGetInheritanceSource EXPORTED
1194 AccGetInheritanceSource(LPWSTR pObjectName
,
1195 SE_OBJECT_TYPE ObjectType
,
1196 SECURITY_INFORMATION SecurityInfo
,
1198 GUID
** pObjectClassGuids
,
1201 PFN_OBJECT_MGR_FUNCTS pfnArray
,
1202 PGENERIC_MAPPING pGenericMapping
,
1203 PINHERITED_FROMW pInheritArray
)
1206 return ERROR_CALL_NOT_IMPLEMENTED
;
1210 /**********************************************************************
1211 * AccFreeIndexArray EXPORTED
1216 AccFreeIndexArray(PINHERITED_FROMW pInheritArray
,
1218 PFN_OBJECT_MGR_FUNCTS pfnArray OPTIONAL
)
1220 PINHERITED_FROMW pLast
;
1222 UNREFERENCED_PARAMETER(pfnArray
);
1224 pLast
= pInheritArray
+ AceCnt
;
1225 while (pInheritArray
!= pLast
)
1227 if (pInheritArray
->AncestorName
!= NULL
)
1229 LocalFree((HLOCAL
)pInheritArray
->AncestorName
);
1230 pInheritArray
->AncestorName
= NULL
;
1236 return ERROR_SUCCESS
;
1240 /**********************************************************************
1241 * AccRewriteGetExplicitEntriesFromAcl EXPORTED
1246 AccRewriteGetExplicitEntriesFromAcl(PACL pacl
,
1247 PULONG pcCountOfExplicitEntries
,
1248 PEXPLICIT_ACCESS_W
* pListOfExplicitEntries
)
1250 PACE_HEADER AceHeader
;
1251 PSID Sid
, SidTarget
;
1252 ULONG ObjectAceCount
= 0;
1253 POBJECTS_AND_SID ObjSid
;
1255 PEXPLICIT_ACCESS_W peaw
;
1256 DWORD LastErr
, SidLen
;
1258 DWORD ErrorCode
= ERROR_SUCCESS
;
1260 /* save the last error code */
1261 LastErr
= GetLastError();
1265 if (pacl
->AceCount
!= 0)
1267 Size
= (SIZE_T
)pacl
->AceCount
* sizeof(EXPLICIT_ACCESS_W
);
1269 /* calculate the space needed */
1272 (LPVOID
*)&AceHeader
))
1274 Sid
= AccpGetAceSid(AceHeader
);
1275 Size
+= GetLengthSid(Sid
);
1277 if (AccpIsObjectAce(AceHeader
))
1283 Size
+= ObjectAceCount
* sizeof(OBJECTS_AND_SID
);
1285 ASSERT(pacl
->AceCount
== AceIndex
);
1287 /* allocate the array */
1288 peaw
= (PEXPLICIT_ACCESS_W
)LocalAlloc(LMEM_FIXED
,
1293 ObjSid
= (POBJECTS_AND_SID
)(peaw
+ pacl
->AceCount
);
1294 SidTarget
= (PSID
)(ObjSid
+ ObjectAceCount
);
1296 /* initialize the array */
1299 (LPVOID
*)&AceHeader
))
1301 Sid
= AccpGetAceSid(AceHeader
);
1302 SidLen
= GetLengthSid(Sid
);
1304 peaw
[AceIndex
].grfAccessPermissions
= AccpGetAceAccessMask(AceHeader
);
1305 peaw
[AceIndex
].grfAccessMode
= AccpGetAceAccessMode(AceHeader
);
1306 peaw
[AceIndex
].grfInheritance
= AceHeader
->AceFlags
& VALID_INHERIT_FLAGS
;
1312 if (AccpIsObjectAce(AceHeader
))
1314 BuildTrusteeWithObjectsAndSid(&peaw
[AceIndex
].Trustee
,
1316 AccpGetObjectAceObjectType(AceHeader
),
1317 AccpGetObjectAceInheritedObjectType(AceHeader
),
1322 BuildTrusteeWithSid(&peaw
[AceIndex
].Trustee
,
1326 SidTarget
= (PSID
)((ULONG_PTR
)SidTarget
+ SidLen
);
1330 /* copying the SID failed, treat it as an fatal error... */
1331 ErrorCode
= GetLastError();
1333 /* free allocated resources */
1343 *pcCountOfExplicitEntries
= AceIndex
;
1344 *pListOfExplicitEntries
= peaw
;
1347 ErrorCode
= ERROR_NOT_ENOUGH_MEMORY
;
1357 *pcCountOfExplicitEntries
= 0;
1358 *pListOfExplicitEntries
= NULL
;
1361 /* restore the last error code */
1362 SetLastError(LastErr
);
1368 /**********************************************************************
1369 * AccTreeResetNamedSecurityInfo EXPORTED
1374 AccTreeResetNamedSecurityInfo(LPWSTR pObjectName
,
1375 SE_OBJECT_TYPE ObjectType
,
1376 SECURITY_INFORMATION SecurityInfo
,
1382 FN_PROGRESSW fnProgress
,
1383 PROG_INVOKE_SETTING ProgressInvokeSetting
,
1387 return ERROR_CALL_NOT_IMPLEMENTED
;
1392 DllMain(IN HINSTANCE hinstDLL
,
1394 IN LPVOID lpvReserved
)
1398 case DLL_PROCESS_ATTACH
:
1399 hDllInstance
= hinstDLL
;
1400 DisableThreadLibraryCalls(hinstDLL
);
1403 case DLL_PROCESS_DETACH
: