1 /* $Id: misc.c,v 1.24 2004/09/08 11:36:24 ekohl Exp $
3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS system libraries
5 * FILE: lib/advapi32/sec/misc.c
6 * PURPOSE: Miscellaneous security functions
20 AreAllAccessesGranted(DWORD GrantedAccess
,
23 return((BOOL
)RtlAreAllAccessesGranted(GrantedAccess
,
32 AreAnyAccessesGranted(DWORD GrantedAccess
,
35 return((BOOL
)RtlAreAnyAccessesGranted(GrantedAccess
,
40 /******************************************************************************
41 * GetFileSecurityA [ADVAPI32.@]
43 * Obtains Specified information about the security of a file or directory.
46 * lpFileName [I] Name of the file to get info for
47 * RequestedInformation [I] SE_ flags from "winnt.h"
48 * pSecurityDescriptor [O] Destination for security information
49 * nLength [I] Length of pSecurityDescriptor
50 * lpnLengthNeeded [O] Destination for length of returned security information
53 * Success: TRUE. pSecurityDescriptor contains the requested information.
54 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
57 * The information returned is constrained by the callers access rights and
63 GetFileSecurityA(LPCSTR lpFileName
,
64 SECURITY_INFORMATION RequestedInformation
,
65 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
67 LPDWORD lpnLengthNeeded
)
69 UNICODE_STRING FileName
;
73 Status
= RtlCreateUnicodeStringFromAsciiz(&FileName
,
75 if (!NT_SUCCESS(Status
))
77 SetLastError(RtlNtStatusToDosError(Status
));
81 bResult
= GetFileSecurityW(FileName
.Buffer
,
87 RtlFreeUnicodeString(&FileName
);
97 GetFileSecurityW(LPCWSTR lpFileName
,
98 SECURITY_INFORMATION RequestedInformation
,
99 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
101 LPDWORD lpnLengthNeeded
)
103 OBJECT_ATTRIBUTES ObjectAttributes
;
104 IO_STATUS_BLOCK StatusBlock
;
105 UNICODE_STRING FileName
;
106 ULONG AccessMask
= 0;
110 DPRINT("GetFileSecurityW() called\n");
112 if (RequestedInformation
&
113 (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
| DACL_SECURITY_INFORMATION
))
115 AccessMask
|= STANDARD_RIGHTS_READ
;
118 if (RequestedInformation
& SACL_SECURITY_INFORMATION
)
120 AccessMask
|= ACCESS_SYSTEM_SECURITY
;
123 if (!RtlDosPathNameToNtPathName_U((LPWSTR
)lpFileName
,
128 DPRINT("Invalid path\n");
129 SetLastError(ERROR_INVALID_NAME
);
133 InitializeObjectAttributes(&ObjectAttributes
,
135 OBJ_CASE_INSENSITIVE
,
139 Status
= NtOpenFile(&FileHandle
,
143 FILE_SHARE_READ
| FILE_SHARE_WRITE
| FILE_SHARE_DELETE
,
145 if (!NT_SUCCESS(Status
))
147 DPRINT("NtOpenFile() failed (Status %lx)\n", Status
);
148 SetLastError(RtlNtStatusToDosError(Status
));
152 RtlFreeUnicodeString(&FileName
);
154 Status
= NtQuerySecurityObject(FileHandle
,
155 RequestedInformation
,
161 if (!NT_SUCCESS(Status
))
163 DPRINT("NtQuerySecurityObject() failed (Status %lx)\n", Status
);
164 SetLastError(RtlNtStatusToDosError(Status
));
176 GetKernelObjectSecurity(HANDLE Handle
,
177 SECURITY_INFORMATION RequestedInformation
,
178 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
180 LPDWORD lpnLengthNeeded
)
184 Status
= NtQuerySecurityObject(Handle
,
185 RequestedInformation
,
189 if (!NT_SUCCESS(Status
))
191 SetLastError(RtlNtStatusToDosError(Status
));
198 /******************************************************************************
199 * SetFileSecurityA [ADVAPI32.@]
200 * Sets the security of a file or directory
205 SetFileSecurityA (LPCSTR lpFileName
,
206 SECURITY_INFORMATION SecurityInformation
,
207 PSECURITY_DESCRIPTOR pSecurityDescriptor
)
209 UNICODE_STRING FileName
;
213 Status
= RtlCreateUnicodeStringFromAsciiz(&FileName
,
215 if (!NT_SUCCESS(Status
))
217 SetLastError(RtlNtStatusToDosError(Status
));
221 bResult
= SetFileSecurityW(FileName
.Buffer
,
223 pSecurityDescriptor
);
225 RtlFreeUnicodeString(&FileName
);
231 /******************************************************************************
232 * SetFileSecurityW [ADVAPI32.@]
233 * Sets the security of a file or directory
238 SetFileSecurityW (LPCWSTR lpFileName
,
239 SECURITY_INFORMATION SecurityInformation
,
240 PSECURITY_DESCRIPTOR pSecurityDescriptor
)
242 OBJECT_ATTRIBUTES ObjectAttributes
;
243 IO_STATUS_BLOCK StatusBlock
;
244 UNICODE_STRING FileName
;
245 ULONG AccessMask
= 0;
249 DPRINT("SetFileSecurityW() called\n");
251 if (SecurityInformation
&
252 (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
))
254 AccessMask
|= WRITE_OWNER
;
257 if (SecurityInformation
& DACL_SECURITY_INFORMATION
)
259 AccessMask
|= WRITE_DAC
;
262 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
264 AccessMask
|= ACCESS_SYSTEM_SECURITY
;
267 if (!RtlDosPathNameToNtPathName_U((LPWSTR
)lpFileName
,
272 DPRINT("Invalid path\n");
273 SetLastError(ERROR_INVALID_NAME
);
277 InitializeObjectAttributes(&ObjectAttributes
,
279 OBJ_CASE_INSENSITIVE
,
283 Status
= NtOpenFile(&FileHandle
,
287 FILE_SHARE_READ
| FILE_SHARE_WRITE
| FILE_SHARE_DELETE
,
289 if (!NT_SUCCESS(Status
))
291 DPRINT("NtOpenFile() failed (Status %lx)\n", Status
);
292 SetLastError(RtlNtStatusToDosError(Status
));
296 RtlFreeUnicodeString(&FileName
);
298 Status
= NtSetSecurityObject(FileHandle
,
300 pSecurityDescriptor
);
303 if (!NT_SUCCESS(Status
))
305 DPRINT("NtSetSecurityObject() failed (Status %lx)\n", Status
);
306 SetLastError(RtlNtStatusToDosError(Status
));
318 SetKernelObjectSecurity(HANDLE Handle
,
319 SECURITY_INFORMATION SecurityInformation
,
320 PSECURITY_DESCRIPTOR SecurityDescriptor
)
324 Status
= NtSetSecurityObject(Handle
,
327 if (!NT_SUCCESS(Status
))
329 SetLastError(RtlNtStatusToDosError(Status
));
340 MapGenericMask(PDWORD AccessMask
,
341 PGENERIC_MAPPING GenericMapping
)
343 RtlMapGenericMask(AccessMask
,
352 ImpersonateLoggedOnUser(HANDLE hToken
)
354 SECURITY_QUALITY_OF_SERVICE Qos
;
355 OBJECT_ATTRIBUTES ObjectAttributes
;
362 /* Get the token type */
363 Status
= NtQueryInformationToken (hToken
,
368 if (!NT_SUCCESS(Status
))
370 SetLastError (RtlNtStatusToDosError (Status
));
374 if (Type
== TokenPrimary
)
376 /* Create a duplicate impersonation token */
377 Qos
.Length
= sizeof(SECURITY_QUALITY_OF_SERVICE
);
378 Qos
.ImpersonationLevel
= SecurityImpersonation
;
379 Qos
.ContextTrackingMode
= SECURITY_DYNAMIC_TRACKING
;
380 Qos
.EffectiveOnly
= FALSE
;
382 ObjectAttributes
.Length
= sizeof(OBJECT_ATTRIBUTES
);
383 ObjectAttributes
.RootDirectory
= NULL
;
384 ObjectAttributes
.ObjectName
= NULL
;
385 ObjectAttributes
.Attributes
= 0;
386 ObjectAttributes
.SecurityDescriptor
= NULL
;
387 ObjectAttributes
.SecurityQualityOfService
= &Qos
;
389 Status
= NtDuplicateToken (hToken
,
390 TOKEN_IMPERSONATE
| TOKEN_QUERY
,
395 if (!NT_SUCCESS(Status
))
397 SetLastError (RtlNtStatusToDosError (Status
));
405 /* User the original impersonation token */
410 /* Impersonate the the current thread */
411 Status
= NtSetInformationThread (NtCurrentThread (),
412 ThreadImpersonationToken
,
416 if (Duplicated
== TRUE
)
421 if (!NT_SUCCESS(Status
))
423 SetLastError (RtlNtStatusToDosError (Status
));
435 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
)
439 Status
= RtlImpersonateSelf(ImpersonationLevel
);
440 if (!NT_SUCCESS(Status
))
442 SetLastError(RtlNtStatusToDosError(Status
));
458 Status
= NtSetInformationThread(NtCurrentThread(),
459 ThreadImpersonationToken
,
462 if (!NT_SUCCESS(Status
))
464 SetLastError(RtlNtStatusToDosError(Status
));
471 /******************************************************************************
472 * GetUserNameA [ADVAPI32.@]
474 * Get the current user name.
477 * lpszName [O] Destination for the user name.
478 * lpSize [I/O] Size of lpszName.
481 * Success: The length of the user name, including terminating NUL.
482 * Failure: ERROR_MORE_DATA if *lpSize is too small.
487 GetUserNameA( LPSTR lpszName
, LPDWORD lpSize
)
490 // char name[] = { "Administrator" };
492 /* We need to include the null character when determining the size of the buffer. */
493 // len = strlen(name) + 1;
494 // if (len > *lpSize)
496 // SetLastError(ERROR_MORE_DATA);
502 // strcpy(lpszName, name);
503 DPRINT1("GetUserNameA: stub\n");
507 /******************************************************************************
508 * GetUserNameW [ADVAPI32.@]
515 GetUserNameW( LPWSTR lpszName
, LPDWORD lpSize
)
517 // char name[] = { "Administrator" };
519 // DWORD len = MultiByteToWideChar( CP_ACP, 0, name, -1, NULL, 0 );
521 // if (len > *lpSize)
523 // SetLastError(ERROR_MORE_DATA);
529 // MultiByteToWideChar( CP_ACP, 0, name, -1, lpszName, len );
530 DPRINT1("GetUserNameW: stub\n");
535 /******************************************************************************
536 * LookupAccountSidA [ADVAPI32.@]
541 LookupAccountSidA (LPCSTR lpSystemName
,
545 LPSTR lpReferencedDomainName
,
546 LPDWORD cchReferencedDomainName
,
549 DPRINT1("LookupAccountSidA is unimplemented, but returns success\n");
550 lstrcpynA(lpName
, "Administrator", *cchName
);
551 lstrcpynA(lpReferencedDomainName
, "ReactOS", *cchReferencedDomainName
);
556 /******************************************************************************
557 * LookupAccountSidW [ADVAPI32.@]
562 LookupAccountSidW (LPCWSTR lpSystemName
,
566 LPWSTR lpReferencedDomainName
,
567 LPDWORD cchReferencedDomainName
,
570 DPRINT1("LookupAccountSidW is unimplemented, but returns success\n");
571 lstrcpynW(lpName
, L
"Administrator", *cchName
);
572 lstrcpynW(lpReferencedDomainName
, L
"ReactOS", *cchReferencedDomainName
);
577 /**********************************************************************
578 * LookupPrivilegeValueA EXPORTED
583 LookupPrivilegeValueA (LPCSTR lpSystemName
,
587 UNICODE_STRING SystemName
;
592 if (lpSystemName
!= NULL
)
594 RtlCreateUnicodeStringFromAsciiz (&SystemName
,
595 (LPSTR
)lpSystemName
);
598 /* Check the privilege name is not NULL */
601 SetLastError (ERROR_INVALID_PARAMETER
);
605 RtlCreateUnicodeStringFromAsciiz (&Name
,
608 Result
= LookupPrivilegeValueW ((lpSystemName
!= NULL
) ? SystemName
.Buffer
: NULL
,
612 RtlFreeUnicodeString (&Name
);
615 if (lpSystemName
!= NULL
)
617 RtlFreeUnicodeString (&SystemName
);
624 /**********************************************************************
625 * LookupPrivilegeValueW EXPORTED
630 LookupPrivilegeValueW (LPCWSTR SystemName
,
634 static const WCHAR
* const DefaultPrivNames
[] =
636 L
"SeCreateTokenPrivilege",
637 L
"SeAssignPrimaryTokenPrivilege",
638 L
"SeLockMemoryPrivilege",
639 L
"SeIncreaseQuotaPrivilege",
640 L
"SeUnsolicitedInputPrivilege",
641 L
"SeMachineAccountPrivilege",
643 L
"SeSecurityPrivilege",
644 L
"SeTakeOwnershipPrivilege",
645 L
"SeLoadDriverPrivilege",
646 L
"SeSystemProfilePrivilege",
647 L
"SeSystemtimePrivilege",
648 L
"SeProfileSingleProcessPrivilege",
649 L
"SeIncreaseBasePriorityPrivilege",
650 L
"SeCreatePagefilePrivilege",
651 L
"SeCreatePermanentPrivilege",
652 L
"SeBackupPrivilege",
653 L
"SeRestorePrivilege",
654 L
"SeShutdownPrivilege",
657 L
"SeSystemEnvironmentPrivilege",
658 L
"SeChangeNotifyPrivilege",
659 L
"SeRemoteShutdownPrivilege",
660 L
"SeUndockPrivilege",
661 L
"SeSyncAgentPrivilege",
662 L
"SeEnableDelegationPrivilege",
663 L
"SeManageVolumePrivilege",
664 L
"SeImpersonatePrivilege",
665 L
"SeCreateGlobalPrivilege"
669 if (NULL
!= SystemName
&& L
'\0' != *SystemName
)
671 DPRINT1("LookupPrivilegeValueW: not implemented for remote system\n");
672 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
676 for (Priv
= 0; Priv
< sizeof(DefaultPrivNames
) / sizeof(DefaultPrivNames
[0]); Priv
++)
678 if (0 == wcscmp(PrivName
, DefaultPrivNames
[Priv
]))
680 Luid
->LowPart
= Priv
+ 1;
686 DPRINT1("LookupPrivilegeValueW: no such privilege %S\n", PrivName
);
687 SetLastError(ERROR_NO_SUCH_PRIVILEGE
);
692 /**********************************************************************
693 * LookupPrivilegeDisplayNameA EXPORTED
698 LookupPrivilegeDisplayNameA (LPCSTR lpSystemName
,
701 LPDWORD cbDisplayName
,
702 LPDWORD lpLanguageId
)
704 DPRINT1("LookupPrivilegeDisplayNameA: stub\n");
705 SetLastError (ERROR_CALL_NOT_IMPLEMENTED
);
710 /**********************************************************************
711 * LookupPrivilegeDisplayNameW EXPORTED
716 LookupPrivilegeDisplayNameW (LPCWSTR lpSystemName
,
718 LPWSTR lpDisplayName
,
719 LPDWORD cbDisplayName
,
720 LPDWORD lpLanguageId
)
722 DPRINT1("LookupPrivilegeDisplayNameW: stub\n");
723 SetLastError (ERROR_CALL_NOT_IMPLEMENTED
);
728 /**********************************************************************
729 * LookupPrivilegeNameA EXPORTED
734 LookupPrivilegeNameA (LPCSTR lpSystemName
,
739 DPRINT1("LookupPrivilegeNameA: stub\n");
740 SetLastError (ERROR_CALL_NOT_IMPLEMENTED
);
745 /**********************************************************************
746 * LookupPrivilegeNameW EXPORTED
751 LookupPrivilegeNameW (LPCWSTR lpSystemName
,
756 DPRINT1("LookupPrivilegeNameW: stub\n");
757 SetLastError (ERROR_CALL_NOT_IMPLEMENTED
);
762 /**********************************************************************
763 * GetNamedSecurityInfoW EXPORTED
768 GetNamedSecurityInfoW(LPWSTR pObjectName
,
769 SE_OBJECT_TYPE ObjectType
,
770 SECURITY_INFORMATION SecurityInfo
,
775 PSECURITY_DESCRIPTOR
*ppSecurityDescriptor
)
777 DPRINT1("GetNamedSecurityInfoW: stub\n");
778 return ERROR_CALL_NOT_IMPLEMENTED
;
782 /**********************************************************************
783 * GetNamedSecurityInfoA EXPORTED
788 GetNamedSecurityInfoA(LPSTR pObjectName
,
789 SE_OBJECT_TYPE ObjectType
,
790 SECURITY_INFORMATION SecurityInfo
,
795 PSECURITY_DESCRIPTOR
*ppSecurityDescriptor
)
797 DPRINT1("GetNamedSecurityInfoA: stub\n");
798 return ERROR_CALL_NOT_IMPLEMENTED
;
802 /**********************************************************************
803 * SetNamedSecurityInfoW EXPORTED
808 SetNamedSecurityInfoW(LPWSTR pObjectName
,
809 SE_OBJECT_TYPE ObjectType
,
810 SECURITY_INFORMATION SecurityInfo
,
816 DPRINT1("SetNamedSecurityInfoW: stub\n");
817 return ERROR_CALL_NOT_IMPLEMENTED
;
821 /**********************************************************************
822 * SetNamedSecurityInfoA EXPORTED
827 SetNamedSecurityInfoA(LPSTR pObjectName
,
828 SE_OBJECT_TYPE ObjectType
,
829 SECURITY_INFORMATION SecurityInfo
,
835 DPRINT1("SetNamedSecurityInfoA: stub\n");
836 return ERROR_CALL_NOT_IMPLEMENTED
;
840 /**********************************************************************
841 * GetSecurityInfo EXPORTED
846 GetSecurityInfo(HANDLE handle
,
847 SE_OBJECT_TYPE ObjectType
,
848 SECURITY_INFORMATION SecurityInfo
,
853 PSECURITY_DESCRIPTOR
* ppSecurityDescriptor
)
855 DPRINT1("GetSecurityInfo: stub\n");
856 return ERROR_CALL_NOT_IMPLEMENTED
;
860 /**********************************************************************
861 * ImpersonateNamedPipeClient EXPORTED
866 ImpersonateNamedPipeClient(HANDLE hNamedPipe
)
868 IO_STATUS_BLOCK StatusBlock
;
871 DPRINT("ImpersonateNamedPipeClient() called\n");
873 Status
= NtFsControlFile(hNamedPipe
,
878 FSCTL_PIPE_IMPERSONATE
,
883 if (!NT_SUCCESS(Status
))
885 SetLastError(RtlNtStatusToDosError(Status
));