diff --git a/dlls/advapi32/advapi32.spec b/dlls/advapi32/advapi32.spec index 38ae79358d..d066f5c99b 100644 --- a/dlls/advapi32/advapi32.spec +++ b/dlls/advapi32/advapi32.spec @@ -97,7 +97,7 @@ # @ stub CreateProcessAsUserSecure @ stdcall CreateProcessAsUserW(long str str ptr ptr long long ptr str ptr ptr) @ stdcall CreateProcessWithLogonW(wstr wstr wstr long wstr wstr long ptr wstr ptr ptr) -# @ stub CreateRestrictedToken +@ stdcall CreateRestrictedToken(long long long ptr long ptr long ptr ptr) @ stdcall CreateServiceA(long ptr ptr long long long long ptr ptr ptr ptr ptr ptr) @ stdcall CreateServiceW (long ptr ptr long long long long ptr ptr ptr ptr ptr ptr) # @ stub CreateTraceInstanceId diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index b8c0a31cda..333ad86bac 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -734,6 +734,46 @@ BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token) ThreadImpersonationToken, &token, sizeof token )); } +/************************************************************************* + * CreateRestrictedToken [ADVAPI32.@] + * + * Create a new more restricted token from an existing token. + * + * PARAMS + * baseToken [I] Token to base the new restricted token on + * flags [I] Options + * nDisableSids [I] Length of disableSids array + * disableSids [I] Array of SIDs to disable in the new token + * nDeletePrivs [I] Length of deletePrivs array + * deletePrivs [I] Array of privileges to delete in the new token + * nRestrictSids [I] Length of restrictSids array + * restrictSids [I] Array of SIDs to restrict in the new token + * newToken [O] Address where the new token is stored + * + * RETURNS + * Success: TRUE + * Failure: FALSE + */ +BOOL WINAPI CreateRestrictedToken( + HANDLE baseToken, + DWORD flags, + DWORD nDisableSids, + PSID_AND_ATTRIBUTES disableSids, + DWORD nDeletePrivs, + PLUID_AND_ATTRIBUTES deletePrivs, + DWORD nRestrictSids, + PSID_AND_ATTRIBUTES restrictSids, + PHANDLE newToken) +{ + FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n", + baseToken, flags, nDisableSids, disableSids, + nDeletePrivs, deletePrivs, + nRestrictSids, restrictSids, + newToken); + SetLastError(ERROR_CALL_NOT_IMPLEMENTED); + return FALSE; +} + /* ############################## ###### SID FUNCTIONS ###### ############################## diff --git a/include/winbase.h b/include/winbase.h index 7a0cce088e..03e3bbc139 100644 --- a/include/winbase.h +++ b/include/winbase.h @@ -1375,6 +1375,7 @@ WINADVAPI BOOL WINAPI CreateProcessAsUserA(HANDLE,LPCSTR,LPSTR,LPSECURIT WINADVAPI BOOL WINAPI CreateProcessAsUserW(HANDLE,LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,LPVOID,LPCWSTR,LPSTARTUPINFOW,LPPROCESS_INFORMATION); #define CreateProcessAsUser WINELIB_NAME_AW(CreateProcessAsUser) WINBASEAPI HANDLE WINAPI CreateRemoteThread(HANDLE,LPSECURITY_ATTRIBUTES,SIZE_T,LPTHREAD_START_ROUTINE,LPVOID,DWORD,LPDWORD); +WINADVAPI BOOL WINAPI CreateRestrictedToken(HANDLE,DWORD,DWORD,PSID_AND_ATTRIBUTES,DWORD,PLUID_AND_ATTRIBUTES,DWORD,PSID_AND_ATTRIBUTES,PHANDLE); WINBASEAPI HANDLE WINAPI CreateSemaphoreA(LPSECURITY_ATTRIBUTES,LONG,LONG,LPCSTR); WINBASEAPI HANDLE WINAPI CreateSemaphoreW(LPSECURITY_ATTRIBUTES,LONG,LONG,LPCWSTR); #define CreateSemaphore WINELIB_NAME_AW(CreateSemaphore) diff --git a/include/winnt.h b/include/winnt.h index 78c44a57b8..96ed387213 100644 --- a/include/winnt.h +++ b/include/winnt.h @@ -3535,7 +3535,7 @@ typedef struct { typedef struct _SID_AND_ATTRIBUTES { PSID Sid; DWORD Attributes; -} SID_AND_ATTRIBUTES; +} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; /* security entities */ #define SECURITY_NULL_RID (0x00000000L)