system/wine
system/wine
1
0
Fork 0
mirror of git://source.winehq.org/git/wine.git synced 2024-11-01 07:37:02 +00:00
Code Issues Projects Releases Packages Wiki Activity

advapi32: Move token functions to kernelbase.

Browse source 
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Alexandre Julliard 2019-06-25 12:35:37 +02:00
parent d03eae54f4
commit 7557620aeb
5 changed files with 389 additions and 606 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
dlls/advapi32/advapi32.spec
View file

@ -29,8 +29,8 @@
@ stdcall AddMandatoryAce(ptr long long long ptr)
# @ stub AddUsersToEncryptedFile
# @ stub AddUsersToEncryptedFileEx
@ stdcall AdjustTokenGroups(long long ptr long ptr ptr)
@ stdcall AdjustTokenPrivileges(long long ptr long ptr ptr)
@ stdcall -import AdjustTokenGroups(long long ptr long ptr ptr)
@ stdcall -import AdjustTokenPrivileges(long long ptr long ptr ptr)
@ stdcall -import AllocateAndInitializeSid(ptr long long long long long long long long long ptr)
@ stdcall -import AllocateLocallyUniqueId(ptr)
@ stdcall AreAllAccessesGranted(long long)
@ -94,7 +94,7 @@
@ stdcall ChangeServiceConfigA(long long long long wstr str ptr str str str str)
@ stdcall ChangeServiceConfigW(long long long long wstr wstr ptr wstr wstr wstr wstr)
# @ stub CheckForHiberboot
@ stdcall CheckTokenMembership(long ptr ptr)
@ stdcall -import CheckTokenMembership(long ptr ptr)
@ stdcall ClearEventLogA (long str)
@ stdcall ClearEventLogW (long wstr)
# @ stub CloseCodeAuthzLevel
@ -142,7 +142,7 @@
@ stdcall CreateProcessAsUserW(long wstr wstr ptr ptr long long ptr wstr ptr ptr) kernel32.CreateProcessAsUserW
@ stdcall CreateProcessWithLogonW(wstr wstr wstr long wstr wstr long ptr wstr ptr ptr)
@ stdcall CreateProcessWithTokenW(long long wstr wstr long ptr wstr ptr ptr)
@ stdcall CreateRestrictedToken(long long long ptr long ptr long ptr ptr)
@ stdcall -import CreateRestrictedToken(long long long ptr long ptr long ptr ptr)
@ stdcall CreateServiceA(long str str long long long long str str ptr str str str)
@ stdcall CreateServiceW(long wstr wstr long long long long wstr wstr ptr wstr wstr wstr)
# @ stub CreateTraceInstanceId
@ -239,8 +239,8 @@
@ stdcall DeregisterEventSource(long)
@ stdcall DestroyPrivateObjectSecurity(ptr)
# @ stub DuplicateEncryptionInfoFile
@ stdcall DuplicateToken(long long ptr)
@ stdcall DuplicateTokenEx(long long ptr long long ptr)
@ stdcall -import DuplicateToken(long long ptr)
@ stdcall -import DuplicateTokenEx(long long ptr long long ptr)
# @ stub ElfBackupEventLogFileA
# @ stub ElfBackupEventLogFileW
# @ stub ElfChangeNotify
@ -371,7 +371,7 @@
@ stub GetSiteSidFromToken
# @ stub GetStringConditionFromBinary
# @ stub GetThreadWaitChain
@ stdcall GetTokenInformation(long long ptr long ptr)
@ stdcall -import GetTokenInformation(long long ptr long ptr)
@ stdcall GetTraceEnableFlags(int64) ntdll.EtwGetTraceEnableFlags
@ stdcall GetTraceEnableLevel(int64) ntdll.EtwGetTraceEnableLevel
@ stdcall -ret64 GetTraceLoggerHandle(ptr) ntdll.EtwGetTraceLoggerHandle
@ -398,10 +398,10 @@
# @ stub I_ScSetServiceBitsW
# @ stub I_ScValidatePnPService
# @ stub IdentifyCodeAuthzLevelW
@ stdcall ImpersonateAnonymousToken(long)
@ stdcall ImpersonateLoggedOnUser(long)
@ stdcall ImpersonateNamedPipeClient(long)
@ stdcall ImpersonateSelf(long)
@ stdcall -import ImpersonateAnonymousToken(long)
@ stdcall -import ImpersonateLoggedOnUser(long)
@ stdcall -import ImpersonateNamedPipeClient(long)
@ stdcall -import ImpersonateSelf(long)
@ stdcall InitializeAcl(ptr long long)
@ stdcall InitializeSecurityDescriptor(ptr long)
@ stdcall -import InitializeSid(ptr ptr long)
@ -414,7 +414,7 @@
@ stub InstallApplication
@ stub IsProcessRestricted
@ stdcall IsTextUnicode(ptr long ptr)
@ stdcall IsTokenRestricted(long)
@ stdcall -import IsTokenRestricted(long)
# @ stub IsTokenUntrusted
@ stdcall IsValidAcl(ptr)
# @ stub IsValidRelativeSecurityDescriptor
@ -542,12 +542,12 @@
@ stdcall OpenEncryptedFileRawW(wstr long ptr)
@ stdcall OpenEventLogA (str str)
@ stdcall OpenEventLogW (wstr wstr)
@ stdcall OpenProcessToken(long long ptr)
@ stdcall -import OpenProcessToken(long long ptr)
@ stdcall OpenSCManagerA(str str long)
@ stdcall OpenSCManagerW(wstr wstr long)
@ stdcall OpenServiceA(long str long)
@ stdcall OpenServiceW(long wstr long)
@ stdcall OpenThreadToken(long long long ptr)
@ stdcall -import OpenThreadToken(long long long ptr)
# @ stub OpenThreadWaitChainSession
@ stdcall -ret64 OpenTraceA(ptr)
@ stdcall -ret64 OpenTraceW(ptr)
@ -582,7 +582,7 @@
@ stdcall PerfStartProvider(ptr ptr ptr)
@ stdcall PerfStartProviderEx(ptr ptr ptr)
@ stdcall PerfStopProvider(long)
@ stdcall PrivilegeCheck(ptr ptr ptr)
@ stdcall -import PrivilegeCheck(ptr ptr ptr)
@ stdcall PrivilegedServiceAuditAlarmA(str str long ptr long)
@ stdcall PrivilegedServiceAuditAlarmW(wstr wstr long ptr long)
# @ stub ProcessIdleTasks
@ -712,7 +712,7 @@
# @ stub RemoveUsersFromEncryptedFile
@ stdcall ReportEventA(long long long long ptr long long ptr ptr)
@ stdcall ReportEventW(long long long long ptr long long ptr ptr)
@ stdcall RevertToSelf()
@ stdcall -import RevertToSelf()
# @ stub SafeBaseRegGetKeySecurity
@ stdcall SaferCloseLevel(ptr)
@ stdcall SaferComputeTokenFromLevel(ptr ptr ptr long ptr)
@ -763,8 +763,8 @@
@ stdcall SetServiceBits(long long long long)
@ stdcall SetServiceObjectSecurity(long long ptr)
@ stdcall SetServiceStatus(long ptr)
@ stdcall SetThreadToken (ptr ptr)
@ stdcall SetTokenInformation (long long ptr long)
@ stdcall -import SetThreadToken(ptr ptr)
@ stdcall -import SetTokenInformation(long long ptr long)
# @ stub SetTraceCallback
# @ stub SetUserFileEncryptionKey
# @ stub SetUserFileEncryptionKeyEx

569
dlls/advapi32/security.c
View file

@ -523,401 +523,6 @@ BOOL ADVAPI_GetComputerSid(PSID sid)
return TRUE;
}
/* ##############################
###### TOKEN FUNCTIONS ######
##############################
*/
/******************************************************************************
* OpenProcessToken [ADVAPI32.@]
* Opens the access token associated with a process handle.
*
* PARAMS
* ProcessHandle [I] Handle to process
* DesiredAccess [I] Desired access to process
* TokenHandle [O] Pointer to handle of open access token
*
* RETURNS
* Success: TRUE. TokenHandle contains the access token.
* Failure: FALSE.
*
* NOTES
* See NtOpenProcessToken.
*/
BOOL WINAPI
OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
HANDLE *TokenHandle )
{
return set_ntstatus(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
}
/******************************************************************************
* OpenThreadToken [ADVAPI32.@]
*
* Opens the access token associated with a thread handle.
*
* PARAMS
* ThreadHandle [I] Handle to process
* DesiredAccess [I] Desired access to the thread
* OpenAsSelf [I] ???
* TokenHandle [O] Destination for the token handle
*
* RETURNS
* Success: TRUE. TokenHandle contains the access token.
* Failure: FALSE.
*
* NOTES
* See NtOpenThreadToken.
*/
BOOL WINAPI
OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
BOOL OpenAsSelf, HANDLE *TokenHandle)
{
return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
}
BOOL WINAPI
AdjustTokenGroups( HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState,
DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength )
{
return set_ntstatus( NtAdjustGroupsToken(TokenHandle, ResetToDefault, NewState, BufferLength,
PreviousState, ReturnLength));
}
/******************************************************************************
* AdjustTokenPrivileges [ADVAPI32.@]
*
* Adjust the privileges of an open token handle.
*
* PARAMS
* TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
* DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
* NewState [I] Desired new privileges of the token
* BufferLength [I] Length of NewState
* PreviousState [O] Destination for the previous state
* ReturnLength [I/O] Size of PreviousState
*
*
* RETURNS
* Success: TRUE. Privileges are set to NewState and PreviousState is updated.
* Failure: FALSE.
*
* NOTES
* See NtAdjustPrivilegesToken.
*/
BOOL WINAPI
AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
PTOKEN_PRIVILEGES NewState, DWORD BufferLength,
PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength )
{
NTSTATUS status;
TRACE("(%p %d %p %d %p %p)\n", TokenHandle, DisableAllPrivileges, NewState, BufferLength,
PreviousState, ReturnLength);
status = NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges,
NewState, BufferLength, PreviousState,
ReturnLength);
SetLastError( RtlNtStatusToDosError( status ));
if ((status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED))
return TRUE;
else
return FALSE;
}
/******************************************************************************
* CheckTokenMembership [ADVAPI32.@]
*
* Determine if an access token is a member of a SID.
*
* PARAMS
* TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
* SidToCheck [I] SID that possibly contains the token
* IsMember [O] Destination for result.
*
* RETURNS
* Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
* Failure: FALSE.
*/
BOOL WINAPI
CheckTokenMembership( HANDLE token, PSID sid_to_check,
PBOOL is_member )
{
PTOKEN_GROUPS token_groups = NULL;
HANDLE thread_token = NULL;
DWORD size, i;
BOOL ret;
TRACE("(%p %s %p)\n", token, debugstr_sid(sid_to_check), is_member);
*is_member = FALSE;
if (!token)
{
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thread_token))
{
HANDLE process_token;
ret = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &process_token);
if (!ret)
goto exit;
ret = DuplicateTokenEx(process_token, TOKEN_QUERY,
NULL, SecurityImpersonation, TokenImpersonation,
&thread_token);
CloseHandle(process_token);
if (!ret)
goto exit;
}
token = thread_token;
}
else
{
TOKEN_TYPE type;
ret = GetTokenInformation(token, TokenType, &type, sizeof(TOKEN_TYPE), &size);
if (!ret) goto exit;
if (type == TokenPrimary)
{
SetLastError(ERROR_NO_IMPERSONATION_TOKEN);
return FALSE;
}
}
ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size);
if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
goto exit;
token_groups = heap_alloc(size);
if (!token_groups)
{
ret = FALSE;
goto exit;
}
ret = GetTokenInformation(token, TokenGroups, token_groups, size, &size);
if (!ret)
goto exit;
for (i = 0; i < token_groups->GroupCount; i++)
{
TRACE("Groups[%d]: {0x%x, %s}\n", i,
token_groups->Groups[i].Attributes,
debugstr_sid(token_groups->Groups[i].Sid));
if ((token_groups->Groups[i].Attributes & SE_GROUP_ENABLED) &&
EqualSid(sid_to_check, token_groups->Groups[i].Sid))
{
*is_member = TRUE;
TRACE("sid enabled and found in token\n");
break;
}
}
exit:
heap_free(token_groups);
if (thread_token != NULL) CloseHandle(thread_token);
return ret;
}
/******************************************************************************
* GetTokenInformation [ADVAPI32.@]
*
* Get a type of information about an access token.
*
* PARAMS
* token [I] Handle from OpenProcessToken() or OpenThreadToken()
* tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
* tokeninfo [O] Destination for token information
* tokeninfolength [I] Length of tokeninfo
* retlen [O] Destination for returned token information length
*
* RETURNS
* Success: TRUE. tokeninfo contains retlen bytes of token information
* Failure: FALSE.
*
* NOTES
* See NtQueryInformationToken.
*/
BOOL WINAPI
GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
{
TRACE("(%p, %s, %p, %d, %p):\n",
token,
(tokeninfoclass == TokenUser) ? "TokenUser" :
(tokeninfoclass == TokenGroups) ? "TokenGroups" :
(tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
(tokeninfoclass == TokenOwner) ? "TokenOwner" :
(tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
(tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
(tokeninfoclass == TokenSource) ? "TokenSource" :
(tokeninfoclass == TokenType) ? "TokenType" :
(tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
(tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
(tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
(tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
(tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
(tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
(tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
"Unknown",
tokeninfo, tokeninfolength, retlen);
return set_ntstatus( NtQueryInformationToken( token, tokeninfoclass, tokeninfo,
tokeninfolength, retlen));
}
/******************************************************************************
* SetTokenInformation [ADVAPI32.@]
*
* Set information for an access token.
*
* PARAMS
* token [I] Handle from OpenProcessToken() or OpenThreadToken()
* tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
* tokeninfo [I] Token information to set
* tokeninfolength [I] Length of tokeninfo
*
* RETURNS
* Success: TRUE. The information for the token is set to tokeninfo.
* Failure: FALSE.
*/
BOOL WINAPI
SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
LPVOID tokeninfo, DWORD tokeninfolength )
{
TRACE("(%p, %s, %p, %d)\n",
token,
(tokeninfoclass == TokenUser) ? "TokenUser" :
(tokeninfoclass == TokenGroups) ? "TokenGroups" :
(tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
(tokeninfoclass == TokenOwner) ? "TokenOwner" :
(tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
(tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
(tokeninfoclass == TokenSource) ? "TokenSource" :
(tokeninfoclass == TokenType) ? "TokenType" :
(tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
(tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
(tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
(tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
(tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
(tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
(tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
"Unknown",
tokeninfo, tokeninfolength);
return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
}
/*************************************************************************
* SetThreadToken [ADVAPI32.@]
*
* Assigns an 'impersonation token' to a thread so it can assume the
* security privileges of another thread or process. Can also remove
* a previously assigned token.
*
* PARAMS
* thread [O] Handle to thread to set the token for
* token [I] Token to set
*
* RETURNS
* Success: TRUE. The threads access token is set to token
* Failure: FALSE.
*
* NOTES
* Only supported on NT or higher. On Win9X this function does nothing.
* See SetTokenInformation.
*/
BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
{
return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
ThreadImpersonationToken, &token, sizeof token ));
}
/*************************************************************************
* CreateRestrictedToken [ADVAPI32.@]
*
* Create a new more restricted token from an existing token.
*
* PARAMS
* baseToken [I] Token to base the new restricted token on
* flags [I] Options
* nDisableSids [I] Length of disableSids array
* disableSids [I] Array of SIDs to disable in the new token
* nDeletePrivs [I] Length of deletePrivs array
* deletePrivs [I] Array of privileges to delete in the new token
* nRestrictSids [I] Length of restrictSids array
* restrictSids [I] Array of SIDs to restrict in the new token
* newToken [O] Address where the new token is stored
*
* RETURNS
* Success: TRUE
* Failure: FALSE
*/
BOOL WINAPI CreateRestrictedToken(
HANDLE baseToken,
DWORD flags,
DWORD nDisableSids,
PSID_AND_ATTRIBUTES disableSids,
DWORD nDeletePrivs,
PLUID_AND_ATTRIBUTES deletePrivs,
DWORD nRestrictSids,
PSID_AND_ATTRIBUTES restrictSids,
PHANDLE newToken)
{
TOKEN_TYPE type;
SECURITY_IMPERSONATION_LEVEL level = SecurityAnonymous;
DWORD size;
FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n",
baseToken, flags, nDisableSids, disableSids,
nDeletePrivs, deletePrivs,
nRestrictSids, restrictSids,
newToken);
size = sizeof(type);
if (!GetTokenInformation( baseToken, TokenType, &type, size, &size )) return FALSE;
if (type == TokenImpersonation)
{
size = sizeof(level);
if (!GetTokenInformation( baseToken, TokenImpersonationLevel, &level, size, &size ))
return FALSE;
}
return DuplicateTokenEx( baseToken, MAXIMUM_ALLOWED, NULL, level, type, newToken );
}
BOOL WINAPI
IsTokenRestricted( HANDLE TokenHandle )
{
TOKEN_GROUPS *groups;
DWORD size;
NTSTATUS status;
BOOL restricted;
TRACE("(%p)\n", TokenHandle);
status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, NULL, 0, &size);
if (status != STATUS_BUFFER_TOO_SMALL)
return FALSE;
groups = heap_alloc(size);
if (!groups)
{
SetLastError(ERROR_OUTOFMEMORY);
return FALSE;
}
status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, groups, size, &size);
if (status != STATUS_SUCCESS)
{
heap_free(groups);
return set_ntstatus(status);
}
restricted = groups->GroupCount > 0;
heap_free(groups);
return restricted;
}
DWORD WINAPI
GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights )
{
@ -1392,16 +997,6 @@ BOOL WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
return set_ntstatus( RtlCreateAcl(acl, size, rev));
}
BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
{
IO_STATUS_BLOCK io_block;
TRACE("(%p)\n", hNamedPipe);
return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
&io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
}
/******************************************************************************
* AddAccessAllowedAce [ADVAPI32.@]
*/
@ -2300,114 +1895,6 @@ NotifyBootConfigStatus( BOOL x1 )
return TRUE;
}
/******************************************************************************
* RevertToSelf [ADVAPI32.@]
*
* Ends the impersonation of a user.
*
* PARAMS
* void []
*
* RETURNS
* Success: TRUE.
* Failure: FALSE.
*/
BOOL WINAPI
RevertToSelf( void )
{
HANDLE Token = NULL;
return set_ntstatus( NtSetInformationThread( GetCurrentThread(),
ThreadImpersonationToken, &Token, sizeof(Token) ) );
}
/******************************************************************************
* ImpersonateSelf [ADVAPI32.@]
*
* Makes an impersonation token that represents the process user and assigns
* to the current thread.
*
* PARAMS
* ImpersonationLevel [I] Level at which to impersonate.
*
* RETURNS
* Success: TRUE.
* Failure: FALSE.
*/
BOOL WINAPI
ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
{
return set_ntstatus( RtlImpersonateSelf( ImpersonationLevel ) );
}
/******************************************************************************
* ImpersonateLoggedOnUser [ADVAPI32.@]
*/
BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
{
DWORD size;
NTSTATUS Status;
HANDLE ImpersonationToken;
TOKEN_TYPE Type;
static BOOL warn = TRUE;
if (warn)
{
FIXME( "(%p)\n", hToken );
warn = FALSE;
}
if (!GetTokenInformation( hToken, TokenType, &Type,
sizeof(TOKEN_TYPE), &size ))
return FALSE;
if (Type == TokenPrimary)
{
OBJECT_ATTRIBUTES ObjectAttributes;
InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL );
Status = NtDuplicateToken( hToken,
TOKEN_IMPERSONATE | TOKEN_QUERY,
&ObjectAttributes,
SecurityImpersonation,
TokenImpersonation,
&ImpersonationToken );
if (Status != STATUS_SUCCESS)
{
ERR( "NtDuplicateToken failed with error 0x%08x\n", Status );
SetLastError( RtlNtStatusToDosError( Status ) );
return FALSE;
}
}
else
ImpersonationToken = hToken;
Status = NtSetInformationThread( GetCurrentThread(),
ThreadImpersonationToken,
&ImpersonationToken,
sizeof(ImpersonationToken) );
if (Type == TokenPrimary)
NtClose( ImpersonationToken );
if (Status != STATUS_SUCCESS)
{
ERR( "NtSetInformationThread failed with error 0x%08x\n", Status );
SetLastError( RtlNtStatusToDosError( Status ) );
return FALSE;
}
return TRUE;
}
/******************************************************************************
* ImpersonateAnonymousToken [ADVAPI32.@]
*/
BOOL WINAPI ImpersonateAnonymousToken( HANDLE thread )
{
TRACE("(%p)\n", thread);
return set_ntstatus( NtImpersonateAnonymousToken( thread ) );
}
/******************************************************************************
* AccessCheck [ADVAPI32.@]
*/
@ -2890,22 +2377,6 @@ BOOL WINAPI LookupAccountNameW( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSI
return FALSE;
}
/******************************************************************************
* PrivilegeCheck [ADVAPI32.@]
*/
BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
{
BOOL ret;
BOOLEAN Result;
TRACE("%p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
ret = set_ntstatus (NtPrivilegeCheck (ClientToken, RequiredPrivileges, &Result));
if (ret)
*pfResult = Result;
return ret;
}
/******************************************************************************
* AccessCheckAndAuditAlarmA [ADVAPI32.@]
*/
@ -5292,46 +4763,6 @@ BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR app
current_directory, startup_info, process_information );
}
/******************************************************************************
* DuplicateTokenEx [ADVAPI32.@]
*/
BOOL WINAPI DuplicateTokenEx(
HANDLE ExistingTokenHandle, DWORD dwDesiredAccess,
LPSECURITY_ATTRIBUTES lpTokenAttributes,
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
TOKEN_TYPE TokenType,
PHANDLE DuplicateTokenHandle )
{
OBJECT_ATTRIBUTES ObjectAttributes;
TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
ImpersonationLevel, TokenType, DuplicateTokenHandle);
InitializeObjectAttributes(
&ObjectAttributes,
NULL,
(lpTokenAttributes && lpTokenAttributes->bInheritHandle) ? OBJ_INHERIT : 0,
NULL,
lpTokenAttributes ? lpTokenAttributes->lpSecurityDescriptor : NULL );
return set_ntstatus( NtDuplicateToken( ExistingTokenHandle,
dwDesiredAccess,
&ObjectAttributes,
ImpersonationLevel,
TokenType,
DuplicateTokenHandle ) );
}
BOOL WINAPI DuplicateToken(
HANDLE ExistingTokenHandle,
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
PHANDLE DuplicateTokenHandle )
{
return DuplicateTokenEx( ExistingTokenHandle, TOKEN_IMPERSONATE | TOKEN_QUERY,
NULL, ImpersonationLevel, TokenImpersonation,
DuplicateTokenHandle );
}
/******************************************************************************
* ComputeStringSidSize
*/

2
dlls/kernelbase/Makefile.in
View file

@ -1,6 +1,6 @@
MODULE = kernelbase.dll
IMPORTLIB = kernelbase
IMPORTS = uuid advapi32 ntdll winecrt0 kernel32
IMPORTS = uuid ntdll winecrt0 kernel32
EXTRADLLFLAGS = -nodefaultlibs -nostartfiles -mno-cygwin
C_SRCS = \

36
dlls/kernelbase/kernelbase.spec
View file

@ -27,8 +27,8 @@
# @ stub AddScopedPolicyIDAce
@ stdcall AddVectoredContinueHandler(long ptr) kernel32.AddVectoredContinueHandler
@ stdcall AddVectoredExceptionHandler(long ptr) kernel32.AddVectoredExceptionHandler
@ stdcall AdjustTokenGroups(long long ptr long ptr ptr) advapi32.AdjustTokenGroups
@ stdcall AdjustTokenPrivileges(long long ptr long ptr ptr) advapi32.AdjustTokenPrivileges
@ stdcall AdjustTokenGroups(long long ptr long ptr ptr)
@ stdcall AdjustTokenPrivileges(long long ptr long ptr ptr)
@ stdcall AllocConsole() kernel32.AllocConsole
@ stdcall AllocateAndInitializeSid(ptr long long long long long long long long long ptr)
@ stdcall AllocateLocallyUniqueId(ptr)
@ -128,7 +128,7 @@
# @ stub CheckIfStateChangeNotificationExists
@ stdcall CheckRemoteDebuggerPresent(long ptr) kernel32.CheckRemoteDebuggerPresent
# @ stub CheckTokenCapability
@ stdcall CheckTokenMembership(long ptr ptr) advapi32.CheckTokenMembership
@ stdcall CheckTokenMembership(long ptr ptr)
# @ stub CheckTokenMembershipEx
@ stdcall ChrCmpIA(long long)
@ stdcall ChrCmpIW(long long)
@ -213,7 +213,7 @@
@ stdcall CreateProcessW(wstr wstr ptr ptr long long ptr wstr ptr ptr) kernel32.CreateProcessW
@ stdcall CreateRemoteThread(long ptr long ptr long long ptr) kernel32.CreateRemoteThread
@ stdcall CreateRemoteThreadEx(long ptr long ptr ptr long ptr ptr) kernel32.CreateRemoteThreadEx
@ stdcall CreateRestrictedToken(long long long ptr long ptr long ptr ptr) advapi32.CreateRestrictedToken
@ stdcall CreateRestrictedToken(long long long ptr long ptr long ptr ptr)
@ stdcall CreateSemaphoreExW(ptr long long wstr long long) kernel32.CreateSemaphoreExW
@ stdcall CreateSemaphoreW(ptr long long wstr) kernel32.CreateSemaphoreW
# @ stub CreateStateAtom
@ -281,8 +281,8 @@
# @ stub DsWriteNgcKeyW
@ stdcall DuplicateHandle(long long long ptr long long long) kernel32.DuplicateHandle
# @ stub DuplicateStateContainerHandle
@ stdcall DuplicateToken(long long ptr) advapi32.DuplicateToken
@ stdcall DuplicateTokenEx(long long ptr long long ptr) advapi32.DuplicateTokenEx
@ stdcall DuplicateToken(long long ptr)
@ stdcall DuplicateTokenEx(long long ptr long long ptr)
# @ stub EmptyWorkingSet
@ stdcall EncodePointer(ptr) kernel32.EncodePointer
# @ stub EncodeRemotePointer
@ -733,7 +733,7 @@
@ stdcall GetTimeFormatW(long long ptr wstr ptr long) kernel32.GetTimeFormatW
@ stdcall GetTimeZoneInformation(ptr) kernel32.GetTimeZoneInformation
@ stdcall GetTimeZoneInformationForYear(long ptr ptr) kernel32.GetTimeZoneInformationForYear
@ stdcall GetTokenInformation(long long ptr long ptr) advapi32.GetTokenInformation
@ stdcall GetTokenInformation(long long ptr long ptr)
@ stdcall GetTraceEnableFlags(int64) ntdll.EtwGetTraceEnableFlags
@ stdcall GetTraceEnableLevel(int64) ntdll.EtwGetTraceEnableLevel
@ stdcall -ret64 GetTraceLoggerHandle(ptr) ntdll.EtwGetTraceLoggerHandle
@ -789,10 +789,10 @@
@ stdcall IdnToAscii(long wstr long ptr long) kernel32.IdnToAscii
@ stdcall IdnToNameprepUnicode(long wstr long ptr long) kernel32.IdnToNameprepUnicode
@ stdcall IdnToUnicode(long wstr long ptr long) kernel32.IdnToUnicode
@ stdcall ImpersonateAnonymousToken(long) advapi32.ImpersonateAnonymousToken
@ stdcall ImpersonateLoggedOnUser(long) advapi32.ImpersonateLoggedOnUser
@ stdcall ImpersonateNamedPipeClient(long) advapi32.ImpersonateNamedPipeClient
@ stdcall ImpersonateSelf(long) advapi32.ImpersonateSelf
@ stdcall ImpersonateAnonymousToken(long)
@ stdcall ImpersonateLoggedOnUser(long)
@ stdcall ImpersonateNamedPipeClient(long)
@ stdcall ImpersonateSelf(long)
# @ stub IncrementPackageStatusVersion
@ stdcall InitOnceBeginInitialize(ptr long ptr ptr) kernel32.InitOnceBeginInitialize
@ stdcall InitOnceComplete(ptr long ptr) kernel32.InitOnceComplete
@ -873,7 +873,7 @@
@ stdcall IsThreadAFiber() kernel32.IsThreadAFiber
@ stdcall IsThreadpoolTimerSet(ptr) kernel32.IsThreadpoolTimerSet
# @ stub IsTimeZoneRedirectionEnabled
@ stdcall IsTokenRestricted(long) advapi32.IsTokenRestricted
@ stdcall IsTokenRestricted(long)
@ stdcall IsValidAcl(ptr) advapi32.IsValidAcl
@ stdcall IsValidCodePage(long) kernel32.IsValidCodePage
@ stdcall IsValidLanguageGroup(long long) kernel32.IsValidLanguageGroup
@ -992,7 +992,7 @@
# @ stub OpenPackageInfoByFullNameForUser
# @ stub OpenPrivateNamespaceW
@ stdcall OpenProcess(long long long) kernel32.OpenProcess
@ stdcall OpenProcessToken(long long ptr) advapi32.OpenProcessToken
@ stdcall OpenProcessToken(long long ptr)
@ stub OpenRegKey
@ stdcall OpenSemaphoreW(long long wstr) kernel32.OpenSemaphoreW
# @ stub OpenState
@ -1001,7 +1001,7 @@
# @ stub OpenStateExplicitForUserSid
# @ stub OpenStateExplicitForUserSidString
@ stdcall OpenThread(long long long) kernel32.OpenThread
@ stdcall OpenThreadToken(long long long ptr) advapi32.OpenThreadToken
@ stdcall OpenThreadToken(long long long ptr)
@ stdcall OpenWaitableTimerW(long long wstr) kernel32.OpenWaitableTimerW
@ stdcall OutputDebugStringA(str) kernel32.OutputDebugStringA
@ stdcall OutputDebugStringW(wstr) kernel32.OutputDebugStringW
@ -1163,7 +1163,7 @@
@ stdcall PostQueuedCompletionStatus(long long ptr ptr) kernel32.PostQueuedCompletionStatus
# @ stub PrefetchVirtualMemory
@ stub PrivCopyFileExW
@ stdcall PrivilegeCheck(ptr ptr ptr) advapi32.PrivilegeCheck
@ stdcall PrivilegeCheck(ptr ptr ptr)
@ stdcall PrivilegedServiceAuditAlarmW(wstr wstr long ptr long) advapi32.PrivilegedServiceAuditAlarmW
@ stdcall ProcessIdToSessionId(long ptr) kernel32.ProcessIdToSessionId
# @ stub ProductIdFromPackageFamilyName
@ -1349,7 +1349,7 @@
@ stdcall ResolveLocaleName(wstr ptr long) kernel32.ResolveLocaleName
@ stdcall RestoreLastError(long) kernel32.RestoreLastError
@ stdcall ResumeThread(long) kernel32.ResumeThread
@ stdcall RevertToSelf() advapi32.RevertToSelf
@ stdcall RevertToSelf()
# @ stub RsopLoggingEnabledInternal
# @ stub SHCoCreateInstance
@ stdcall SHExpandEnvironmentStringsA(str ptr long) kernel32.ExpandEnvironmentStringsA
@ -1491,7 +1491,7 @@
@ stdcall SetThreadPriorityBoost(long long) kernel32.SetThreadPriorityBoost
# @ stub SetThreadSelectedCpuSets
@ stdcall SetThreadStackGuarantee(ptr) kernel32.SetThreadStackGuarantee
@ stdcall SetThreadToken(ptr ptr) advapi32.SetThreadToken
@ stdcall SetThreadToken(ptr ptr)
@ stdcall SetThreadUILanguage(long) kernel32.SetThreadUILanguage
@ stub SetThreadpoolStackInformation
@ stdcall SetThreadpoolThreadMaximum(ptr long) kernel32.SetThreadpoolThreadMaximum
@ -1501,7 +1501,7 @@
@ stdcall SetThreadpoolWait(ptr long ptr) kernel32.SetThreadpoolWait
# @ stub SetThreadpoolWaitEx
@ stdcall SetTimeZoneInformation(ptr) kernel32.SetTimeZoneInformation
@ stdcall SetTokenInformation(long long ptr long) advapi32.SetTokenInformation
@ stdcall SetTokenInformation(long long ptr long)
@ stdcall SetUnhandledExceptionFilter(ptr) kernel32.SetUnhandledExceptionFilter
@ stdcall SetUserGeoID(long) kernel32.SetUserGeoID
@ stdcall SetWaitableTimer(long ptr long ptr ptr long) kernel32.SetWaitableTimer

352
dlls/kernelbase/security.c
View file

@ -443,3 +443,355 @@ BOOL WINAPI IsWellKnownSid( PSID sid, WELL_KNOWN_SID_TYPE type )
return FALSE;
}
/******************************************************************************
* Token functions
******************************************************************************/
/******************************************************************************
* AdjustTokenGroups (kernelbase.@)
*/
BOOL WINAPI AdjustTokenGroups( HANDLE token, BOOL reset, PTOKEN_GROUPS new,
DWORD len, PTOKEN_GROUPS prev, PDWORD ret_len )
{
return set_ntstatus( NtAdjustGroupsToken( token, reset, new, len, prev, ret_len ));
}
/******************************************************************************
* AdjustTokenPrivileges (kernelbase.@)
*/
BOOL WINAPI AdjustTokenPrivileges( HANDLE token, BOOL disable, PTOKEN_PRIVILEGES new, DWORD len,
PTOKEN_PRIVILEGES prev, PDWORD ret_len )
{
NTSTATUS status;
TRACE("(%p %d %p %d %p %p)\n", token, disable, new, len, prev, ret_len );
status = NtAdjustPrivilegesToken( token, disable, new, len, prev, ret_len );
SetLastError( RtlNtStatusToDosError( status ));
return (status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED);
}
/******************************************************************************
* CheckTokenMembership (kernelbase.@)
*/
BOOL WINAPI CheckTokenMembership( HANDLE token, PSID sid_to_check, PBOOL is_member )
{
PTOKEN_GROUPS token_groups = NULL;
HANDLE thread_token = NULL;
DWORD size, i;
BOOL ret;
TRACE("(%p %s %p)\n", token, debugstr_sid(sid_to_check), is_member);
*is_member = FALSE;
if (!token)
{
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thread_token))
{
HANDLE process_token;
ret = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &process_token);
if (!ret)
goto exit;
ret = DuplicateTokenEx(process_token, TOKEN_QUERY, NULL, SecurityImpersonation,
TokenImpersonation, &thread_token);
CloseHandle(process_token);
if (!ret)
goto exit;
}
token = thread_token;
}
else
{
TOKEN_TYPE type;
ret = GetTokenInformation(token, TokenType, &type, sizeof(TOKEN_TYPE), &size);
if (!ret) goto exit;
if (type == TokenPrimary)
{
SetLastError(ERROR_NO_IMPERSONATION_TOKEN);
return FALSE;
}
}
ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size);
if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
goto exit;
token_groups = heap_alloc(size);
if (!token_groups)
{
ret = FALSE;
goto exit;
}
ret = GetTokenInformation(token, TokenGroups, token_groups, size, &size);
if (!ret)
goto exit;
for (i = 0; i < token_groups->GroupCount; i++)
{
TRACE("Groups[%d]: {0x%x, %s}\n", i,
token_groups->Groups[i].Attributes,
debugstr_sid(token_groups->Groups[i].Sid));
if ((token_groups->Groups[i].Attributes & SE_GROUP_ENABLED) &&
EqualSid(sid_to_check, token_groups->Groups[i].Sid))
{
*is_member = TRUE;
TRACE("sid enabled and found in token\n");
break;
}
}
exit:
heap_free(token_groups);
if (thread_token != NULL) CloseHandle(thread_token);
return ret;
}
/*************************************************************************
* CreateRestrictedToken (kernelbase.@)
*/
BOOL WINAPI CreateRestrictedToken( HANDLE token, DWORD flags,
DWORD disable_count, PSID_AND_ATTRIBUTES disable_sids,
DWORD delete_count, PLUID_AND_ATTRIBUTES delete_privs,
DWORD restrict_count, PSID_AND_ATTRIBUTES restrict_sids, PHANDLE ret )
{
TOKEN_TYPE type;
SECURITY_IMPERSONATION_LEVEL level = SecurityAnonymous;
DWORD size;
FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n",
token, flags, disable_count, disable_sids, delete_count, delete_privs,
restrict_count, restrict_sids, ret );
size = sizeof(type);
if (!GetTokenInformation( token, TokenType, &type, size, &size )) return FALSE;
if (type == TokenImpersonation)
{
size = sizeof(level);
if (!GetTokenInformation( token, TokenImpersonationLevel, &level, size, &size ))
return FALSE;
}
return DuplicateTokenEx( token, MAXIMUM_ALLOWED, NULL, level, type, ret );
}
/******************************************************************************
* DuplicateToken (kernelbase.@)
*/
BOOL WINAPI DuplicateToken( HANDLE token, SECURITY_IMPERSONATION_LEVEL level, PHANDLE ret )
{
return DuplicateTokenEx( token, TOKEN_IMPERSONATE|TOKEN_QUERY, NULL, level, TokenImpersonation, ret );
}
/******************************************************************************
* DuplicateTokenEx (kernelbase.@)
*/
BOOL WINAPI DuplicateTokenEx( HANDLE token, DWORD access, LPSECURITY_ATTRIBUTES sa,
SECURITY_IMPERSONATION_LEVEL level, TOKEN_TYPE type, PHANDLE ret )
{
OBJECT_ATTRIBUTES attr;
TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", token, access, level, type, ret );
InitializeObjectAttributes( &attr, NULL, (sa && sa->bInheritHandle) ? OBJ_INHERIT : 0,
NULL, sa ? sa->lpSecurityDescriptor : NULL );
return set_ntstatus( NtDuplicateToken( token, access, &attr, level, type, ret ));
}
/******************************************************************************
* GetTokenInformation (kernelbase.@)
*/
BOOL WINAPI GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS class,
LPVOID info, DWORD len, LPDWORD retlen )
{
TRACE("(%p, %s, %p, %d, %p):\n",
token,
(class == TokenUser) ? "TokenUser" :
(class == TokenGroups) ? "TokenGroups" :
(class == TokenPrivileges) ? "TokenPrivileges" :
(class == TokenOwner) ? "TokenOwner" :
(class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
(class == TokenDefaultDacl) ? "TokenDefaultDacl" :
(class == TokenSource) ? "TokenSource" :
(class == TokenType) ? "TokenType" :
(class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
(class == TokenStatistics) ? "TokenStatistics" :
(class == TokenRestrictedSids) ? "TokenRestrictedSids" :
(class == TokenSessionId) ? "TokenSessionId" :
(class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
(class == TokenSessionReference) ? "TokenSessionReference" :
(class == TokenSandBoxInert) ? "TokenSandBoxInert" :
"Unknown",
info, len, retlen);
return set_ntstatus( NtQueryInformationToken( token, class, info, len, retlen ));
}
/******************************************************************************
* ImpersonateAnonymousToken (kernelbase.@)
*/
BOOL WINAPI ImpersonateAnonymousToken( HANDLE thread )
{
TRACE("(%p)\n", thread);
return set_ntstatus( NtImpersonateAnonymousToken( thread ) );
}
/******************************************************************************
* ImpersonateLoggedOnUser (kernelbase.@)
*/
BOOL WINAPI ImpersonateLoggedOnUser( HANDLE token )
{
DWORD size;
BOOL ret;
HANDLE dup;
TOKEN_TYPE type;
static BOOL warn = TRUE;
if (warn)
{
FIXME( "(%p)\n", token );
warn = FALSE;
}
if (!GetTokenInformation( token, TokenType, &type, sizeof(type), &size )) return FALSE;
if (type == TokenPrimary)
{
if (!DuplicateToken( token, SecurityImpersonation, &dup )) return FALSE;
ret = SetThreadToken( NULL, dup );
NtClose( dup );
}
else ret = SetThreadToken( NULL, token );
return ret;
}
/******************************************************************************
* ImpersonateNamedPipeClient (kernelbase.@)
*/
BOOL WINAPI ImpersonateNamedPipeClient( HANDLE pipe )
{
IO_STATUS_BLOCK io_block;
return set_ntstatus( NtFsControlFile( pipe, NULL, NULL, NULL, &io_block,
FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0 ));
}
/******************************************************************************
* ImpersonateSelf (kernelbase.@)
*/
BOOL WINAPI ImpersonateSelf( SECURITY_IMPERSONATION_LEVEL level )
{
return set_ntstatus( RtlImpersonateSelf( level ) );
}
/******************************************************************************
* IsTokenRestricted (kernelbase.@)
*/
BOOL WINAPI IsTokenRestricted( HANDLE token )
{
TOKEN_GROUPS *groups;
DWORD size;
NTSTATUS status;
BOOL restricted;
TRACE("(%p)\n", token);
status = NtQueryInformationToken(token, TokenRestrictedSids, NULL, 0, &size);
if (status != STATUS_BUFFER_TOO_SMALL) return set_ntstatus(status);
groups = heap_alloc(size);
if (!groups)
{
SetLastError(ERROR_OUTOFMEMORY);
return FALSE;
}
status = NtQueryInformationToken(token, TokenRestrictedSids, groups, size, &size);
if (status != STATUS_SUCCESS)
{
heap_free(groups);
return set_ntstatus(status);
}
restricted = groups->GroupCount > 0;
heap_free(groups);
return restricted;
}
/******************************************************************************
* OpenProcessToken (kernelbase.@)
*/
BOOL WINAPI OpenProcessToken( HANDLE process, DWORD access, HANDLE *handle )
{
return set_ntstatus( NtOpenProcessToken( process, access, handle ));
}
/******************************************************************************
* OpenThreadToken (kernelbase.@)
*/
BOOL WINAPI OpenThreadToken( HANDLE thread, DWORD access, BOOL self, HANDLE *handle )
{
return set_ntstatus( NtOpenThreadToken( thread, access, self, handle ));
}
/******************************************************************************
* PrivilegeCheck (kernelbase.@)
*/
BOOL WINAPI PrivilegeCheck( HANDLE token, PPRIVILEGE_SET privs, LPBOOL result )
{
BOOLEAN res;
BOOL ret = set_ntstatus( NtPrivilegeCheck( token, privs, &res ));
if (ret) *result = res;
return ret;
}
/******************************************************************************
* RevertToSelf (kernelbase.@)
*/
BOOL WINAPI RevertToSelf(void)
{
return SetThreadToken( NULL, 0 );
}
/*************************************************************************
* SetThreadToken (kernelbase.@)
*/
BOOL WINAPI SetThreadToken( PHANDLE thread, HANDLE token )
{
return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
ThreadImpersonationToken, &token, sizeof(token) ));
}
/******************************************************************************
* SetTokenInformation (kernelbase.@)
*/
BOOL WINAPI SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS class, LPVOID info, DWORD len )
{
TRACE("(%p, %s, %p, %d)\n",
token,
(class == TokenUser) ? "TokenUser" :
(class == TokenGroups) ? "TokenGroups" :
(class == TokenPrivileges) ? "TokenPrivileges" :
(class == TokenOwner) ? "TokenOwner" :
(class == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
(class == TokenDefaultDacl) ? "TokenDefaultDacl" :
(class == TokenSource) ? "TokenSource" :
(class == TokenType) ? "TokenType" :
(class == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
(class == TokenStatistics) ? "TokenStatistics" :
(class == TokenRestrictedSids) ? "TokenRestrictedSids" :
(class == TokenSessionId) ? "TokenSessionId" :
(class == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
(class == TokenSessionReference) ? "TokenSessionReference" :
(class == TokenSandBoxInert) ? "TokenSandBoxInert" :
"Unknown",
info, len);
return set_ntstatus( NtSetInformationToken( token, class, info, len ));
}