hadoop/hadoop-common-project/hadoop-common/src/main/winutils/libwinutils.c

/**
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements. See the NOTICE file distributed with this
 * work for additional information regarding copyright ownership. The ASF
 * licenses this file to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */

#pragma comment(lib, "authz.lib")
#pragma comment(lib, "netapi32.lib")
#pragma comment(lib, "Secur32.lib")
#pragma comment(lib, "Userenv.lib")
#pragma comment(lib, "Ntdsapi.lib")

#include "winutils.h"
#include <ctype.h>
#include <Winsvc.h>
#include <authz.h>
#include <sddl.h>
#include <Ntdsapi.h>
#include <malloc.h>

#define WIDEN_STRING(x) WIDEN_STRING_(x)
#define WIDEN_STRING_(x) L ## x
#define STRINGIFY(x) STRINGIFY_(x)
#define STRINGIFY_(x) #x


#pragma message("WSCE config is " STRINGIFY(WSCE_CONFIG_DIR) "\\" STRINGIFY(WSCE_CONFIG_FILE))
const WCHAR* wsceConfigRelativePath = WIDEN_STRING(STRINGIFY(WSCE_CONFIG_DIR)) L"\\" WIDEN_STRING(STRINGIFY(WSCE_CONFIG_FILE));

/*
 * The array of 12 months' three-letter abbreviations 
 */
const LPCWSTR MONTHS[] = { L"Jan", L"Feb", L"Mar", L"Apr", L"May", L"Jun",
  L"Jul", L"Aug", L"Sep", L"Oct", L"Nov", L"Dec" };

/*
 * The WindowsAclMask and WinMasks contain the definitions used to establish
 * the mapping between Unix and Windows.
 * We set up the mapping with the following rules. 
 *   1. Everyone will have WIN_ALL permissions;
 *   2. Owner will always have WIN_OWNER_SE permissions in addition;
 *   2. When Unix read/write/excute permission is set on the file, the
 *      corresponding Windows allow ACE will be added to the file.
 * More details and explaination can be found in the following white paper:
 *   http://technet.microsoft.com/en-us/library/bb463216.aspx
 */
const ACCESS_MASK WinMasks[WIN_MASKS_TOTAL] =
{
  /* WIN_READ */
  FILE_READ_DATA,
  /* WIN_WRITE */
  FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_APPEND_DATA | FILE_WRITE_EA |
  FILE_DELETE_CHILD,
  /* WIN_EXECUTE */
  FILE_EXECUTE,
  /* WIN_OWNER_SE */
  DELETE | WRITE_DAC | WRITE_OWNER | FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES, 
  /* WIN_ALL */
  READ_CONTROL |  FILE_READ_EA | FILE_READ_ATTRIBUTES | SYNCHRONIZE,
};

//----------------------------------------------------------------------------
// Function: GetFileInformationByName
//
// Description:
//  To retrieve the by handle file information given the file name
//
// Returns:
//  ERROR_SUCCESS: on success
//  error code: otherwise
//
// Notes:
//  If followLink parameter is set to TRUE, we will follow the symbolic link
//  or junction point to get the target file information. Otherwise, the
//  information for the symbolic link or junction point is retrieved.
//
DWORD GetFileInformationByName(
  __in LPCWSTR pathName,
  __in BOOL followLink,
  __out LPBY_HANDLE_FILE_INFORMATION lpFileInformation)
{
  HANDLE fileHandle = INVALID_HANDLE_VALUE;
  BOOL isSymlink = FALSE;
  BOOL isJunction = FALSE;
  DWORD dwFlagsAndAttributes = FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS;
  DWORD dwErrorCode = ERROR_SUCCESS;

  assert(lpFileInformation != NULL);

  if (!followLink)
  {
    if ((dwErrorCode = SymbolicLinkCheck(pathName, &isSymlink)) != ERROR_SUCCESS)
      return dwErrorCode;
    if ((dwErrorCode = JunctionPointCheck(pathName, &isJunction)) != ERROR_SUCCESS)
      return dwErrorCode;
    if (isSymlink || isJunction)
      dwFlagsAndAttributes |= FILE_FLAG_OPEN_REPARSE_POINT;
  }

  fileHandle = CreateFileW(
    pathName,
    FILE_READ_ATTRIBUTES,
    FILE_SHARE_READ,
    NULL,
    OPEN_EXISTING,
    dwFlagsAndAttributes,
    NULL);
  if (fileHandle == INVALID_HANDLE_VALUE)
  {
    dwErrorCode = GetLastError();
    return dwErrorCode;
  }

  if (!GetFileInformationByHandle(fileHandle, lpFileInformation))
  {
    dwErrorCode = GetLastError();
    CloseHandle(fileHandle);
    return dwErrorCode;
  }

  CloseHandle(fileHandle);

  return dwErrorCode;
}

//----------------------------------------------------------------------------
// Function: IsLongWindowsPath
//
// Description:
//  Checks if the path is longer than MAX_PATH in which case it needs to be
//  prepended with \\?\ for Windows OS to understand it.
//
// Returns:
//  TRUE long path
//  FALSE otherwise
static BOOL IsLongWindowsPath(__in PCWSTR path)
{
  return (wcslen(path) + 1) > MAX_PATH;
}

//----------------------------------------------------------------------------
// Function: IsPrefixedAlready
//
// Description:
//  Checks if the given path is already prepended with \\?\.
//
// Returns:
//  TRUE if yes
//  FALSE otherwise
static BOOL IsPrefixedAlready(__in PCWSTR path)
{
  static const PCWSTR LongPathPrefix = L"\\\\?\\";
  size_t Prefixlen = wcslen(LongPathPrefix);
  size_t i = 0;

  if (path == NULL || wcslen(path) < Prefixlen)
  {
    return FALSE;
  }

  for (i = 0; i < Prefixlen; ++i)
  {
    if (path[i] != LongPathPrefix[i])
    {
      return FALSE;
    }
  }

  return TRUE;
}

//----------------------------------------------------------------------------
// Function: ConvertToLongPath
//
// Description:
//  Prepends the path with the \\?\ prefix if the path is longer than MAX_PATH.
//  On success, newPath should be freed with LocalFree(). Given that relative
//  paths cannot be longer than MAX_PATH, we will never prepend the prefix
//  to relative paths.
//
// Returns:
//  ERROR_SUCCESS on success
//  error code on failure
DWORD ConvertToLongPath(__in PCWSTR path, __deref_out PWSTR *newPath)
{
  DWORD dwErrorCode = ERROR_SUCCESS;
  static const PCWSTR LongPathPrefix = L"\\\\?\\";
  BOOL bAppendPrefix = IsLongWindowsPath(path) && !IsPrefixedAlready(path);
  HRESULT hr = S_OK;

  size_t newPathLen = wcslen(path) + (bAppendPrefix ? wcslen(LongPathPrefix) : 0);

  // Allocate the buffer for the output path (+1 for terminating NULL char)
  //
  PWSTR newPathValue = (PWSTR)LocalAlloc(LPTR, (newPathLen + 1) * sizeof(WCHAR));
  if (newPathValue == NULL)
  {
    dwErrorCode = GetLastError();
    goto ConvertToLongPathExit;
  }

  if (bAppendPrefix)
  {
    // Append the prefix to the path
    //
    hr = StringCchPrintfW(newPathValue, newPathLen + 1, L"%s%s",
      LongPathPrefix, path);
    if (FAILED(hr))
    {
      dwErrorCode = HRESULT_CODE(hr);
      goto ConvertToLongPathExit;
    }
  }
  else
  {
    // Just copy the original value into the output path. In this scenario
    // we are doing extra buffer copy. We decided to trade code simplicity
    // on the call site for small performance impact (extra allocation and
    // buffer copy). As paths are short, the impact is generally small.
    //
    hr = StringCchPrintfW(newPathValue, newPathLen + 1, L"%s", path);
    if (FAILED(hr))
    {
      dwErrorCode = HRESULT_CODE(hr);
      goto ConvertToLongPathExit;
    }
  }

  *newPath = newPathValue;

ConvertToLongPathExit:
  if (dwErrorCode != ERROR_SUCCESS)
  {
    LocalFree(newPathValue);
  }

  return dwErrorCode;
}

//----------------------------------------------------------------------------
// Function: IsDirFileInfo
//
// Description:
//  Test if the given file information is a directory
//
// Returns:
//  TRUE if it is a directory
//  FALSE otherwise
//
// Notes:
//
BOOL IsDirFileInfo(const BY_HANDLE_FILE_INFORMATION *fileInformation)
{
  if ((fileInformation->dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
    == FILE_ATTRIBUTE_DIRECTORY)
    return TRUE;
  return FALSE;
}

//----------------------------------------------------------------------------
// Function: CheckFileAttributes
//
// Description:
//  Check if the given file has all the given attribute(s)
//
// Returns:
//  ERROR_SUCCESS on success
//  error code otherwise
//
// Notes:
//
static DWORD FileAttributesCheck(
  __in LPCWSTR path, __in DWORD attr, __out PBOOL res)
{
  DWORD attrs = INVALID_FILE_ATTRIBUTES;
  *res = FALSE;
  if ((attrs = GetFileAttributes(path)) != INVALID_FILE_ATTRIBUTES)
    *res = ((attrs & attr) == attr);
  else
    return GetLastError();
  return ERROR_SUCCESS;
}

//----------------------------------------------------------------------------
// Function: IsDirectory
//
// Description:
//  Check if the given file is a directory
//
// Returns:
//  ERROR_SUCCESS on success
//  error code otherwise
//
// Notes:
//
DWORD DirectoryCheck(__in LPCWSTR pathName, __out PBOOL res)
{
  return FileAttributesCheck(pathName, FILE_ATTRIBUTE_DIRECTORY, res);
}

//----------------------------------------------------------------------------
// Function: IsReparsePoint
//
// Description:
//  Check if the given file is a reparse point
//
// Returns:
//  ERROR_SUCCESS on success
//  error code otherwise
//
// Notes:
//
static DWORD ReparsePointCheck(__in LPCWSTR pathName, __out PBOOL res)
{
  return FileAttributesCheck(pathName, FILE_ATTRIBUTE_REPARSE_POINT, res);
}

//----------------------------------------------------------------------------
// Function: CheckReparseTag
//
// Description:
//  Check if the given file is a reparse point of the given tag.
//
// Returns:
//  ERROR_SUCCESS on success
//  error code otherwise
//
// Notes:
//
static DWORD ReparseTagCheck(__in LPCWSTR path, __in DWORD tag, __out PBOOL res)
{
  BOOL isReparsePoint = FALSE;
  HANDLE hFind = INVALID_HANDLE_VALUE;
  WIN32_FIND_DATA findData;
  DWORD dwRtnCode;

  if ((dwRtnCode = ReparsePointCheck(path, &isReparsePoint)) != ERROR_SUCCESS)
    return dwRtnCode;

  if (!isReparsePoint)
  {
    *res = FALSE;
  }
  else
  {
    if ((hFind = FindFirstFile(path, &findData)) == INVALID_HANDLE_VALUE)
    {
      return GetLastError();
    }
    else
    {
      *res = (findData.dwReserved0 == tag);
      FindClose(hFind);
    }
  }
  return ERROR_SUCCESS;
}

//----------------------------------------------------------------------------
// Function: IsSymbolicLink
//
// Description:
//  Check if the given file is a symbolic link.
//
// Returns:
//  ERROR_SUCCESS on success
//  error code otherwise
//
// Notes:
//
DWORD SymbolicLinkCheck(__in LPCWSTR pathName, __out PBOOL res)
{
  return ReparseTagCheck(pathName, IO_REPARSE_TAG_SYMLINK, res);
}

//----------------------------------------------------------------------------
// Function: IsJunctionPoint
//
// Description:
//  Check if the given file is a junction point.
//
// Returns:
//  ERROR_SUCCESS on success
//  error code otherwise
//
// Notes:
//
DWORD JunctionPointCheck(__in LPCWSTR pathName, __out PBOOL res)
{
  return ReparseTagCheck(pathName, IO_REPARSE_TAG_MOUNT_POINT, res);
}

//----------------------------------------------------------------------------
// Function: GetSidFromAcctNameW
//
// Description:
//  To retrieve the SID for a user account
//
// Returns:
//  ERROR_SUCCESS: on success
//  Other error code: otherwise
//
// Notes:
//  Caller needs to destroy the memory of Sid by calling LocalFree()
//
DWORD GetSidFromAcctNameW(__in PCWSTR acctName, __out PSID *ppSid)
{
  DWORD dwSidSize = 0;
  DWORD cchDomainName = 0;
  DWORD dwDomainNameSize = 0;
  LPWSTR domainName = NULL;
  SID_NAME_USE eSidType;

  DWORD dwErrorCode = ERROR_SUCCESS;

  // Validate the input parameters.
  //
  assert (acctName != NULL && ppSid != NULL);

  // Empty name is invalid. However, LookupAccountName() function will return a
  // false Sid, i.e. Sid for 'BUILDIN', for an empty name instead failing. We
  // report the error before calling LookupAccountName() function for this
  // special case. The error code returned here is the same as the last error
  // code set by LookupAccountName() function for an invalid name.
  //
  if (wcslen(acctName) == 0)
    return ERROR_NONE_MAPPED;

  // First pass to retrieve the buffer size.
  //
  LookupAccountName(
    NULL, // Computer name. NULL for the local computer
    acctName,
    NULL, // pSid. NULL to retrieve buffer size
    &dwSidSize,
    NULL, // Domain Name. NULL to retrieve buffer size 
    &cchDomainName,
    &eSidType);

  if((dwErrorCode = GetLastError()) != ERROR_INSUFFICIENT_BUFFER)
  {
    return dwErrorCode;
  }
  else
  {
    // Reallocate memory for the buffers.
    //
    *ppSid = (PSID)LocalAlloc(LPTR, dwSidSize);
    if (*ppSid == NULL)
    {
      return GetLastError();
    }
    dwDomainNameSize = (cchDomainName + 1) * sizeof(wchar_t);
    domainName = (LPWSTR)LocalAlloc(LPTR, dwDomainNameSize);
    if (domainName == NULL)
    {
      return GetLastError();
    }

    // Second pass to retrieve the SID and domain name.
    //
    if (!LookupAccountNameW(
      NULL, // Computer name. NULL for the local computer
      acctName,
      *ppSid,
      &dwSidSize,
      domainName, 
      &cchDomainName,
      &eSidType))
    {
      LocalFree(domainName);
      return GetLastError();
    }

    assert(IsValidSid(*ppSid));
  }

  LocalFree(domainName);
  return ERROR_SUCCESS;
}

//----------------------------------------------------------------------------
// Function: GetUnixAccessMask
//
// Description:
//  Compute the 3 bit Unix mask for the owner, group, or, others
//
// Returns:
//  The 3 bit Unix mask in INT
//
// Notes:
//
static INT GetUnixAccessMask(ACCESS_MASK Mask)
{
  static const INT exe   = 0x0001;
  static const INT write = 0x0002;
  static const INT read  = 0x0004;
  INT mask  = 0;

  if ((Mask & WinMasks[WIN_READ]) == WinMasks[WIN_READ])
    mask |= read;
  if ((Mask & WinMasks[WIN_WRITE]) == WinMasks[WIN_WRITE])
    mask |= write;
  if ((Mask & WinMasks[WIN_EXECUTE]) == WinMasks[WIN_EXECUTE])
    mask |= exe;
  return mask;
}

//----------------------------------------------------------------------------
// Function: GetAccess
//
// Description:
//  Get Windows acces mask by AuthZ methods
//
// Returns:
//  ERROR_SUCCESS: on success
//
// Notes:
//
static DWORD GetAccess(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClient,
  PSECURITY_DESCRIPTOR psd, PACCESS_MASK pAccessRights)
{
  AUTHZ_ACCESS_REQUEST AccessRequest = {0};
  AUTHZ_ACCESS_REPLY AccessReply = {0};
  BYTE Buffer[1024];

  assert (pAccessRights != NULL);

  //  Do AccessCheck
  AccessRequest.DesiredAccess = MAXIMUM_ALLOWED;
  AccessRequest.PrincipalSelfSid = NULL;
  AccessRequest.ObjectTypeList = NULL;
  AccessRequest.ObjectTypeListLength = 0;
  AccessRequest.OptionalArguments = NULL; 

  RtlZeroMemory(Buffer, sizeof(Buffer));
  AccessReply.ResultListLength = 1;
  AccessReply.GrantedAccessMask = (PACCESS_MASK) (Buffer);
  AccessReply.Error = (PDWORD) (Buffer + sizeof(ACCESS_MASK));

  if (!AuthzAccessCheck(0,
    hAuthzClient,
    &AccessRequest,
    NULL,
    psd,
    NULL,
    0,
    &AccessReply,
    NULL))
  {
    return GetLastError();
  }
  *pAccessRights = (*(const ACCESS_MASK *)(AccessReply.GrantedAccessMask));
  return ERROR_SUCCESS;
}

//----------------------------------------------------------------------------
// Function: GetEffectiveRightsForSid
//
// Description:
//  Get Windows acces mask by AuthZ methods
//
// Returns:
//  ERROR_SUCCESS: on success
//
// Notes:
//   We run into problems for local user accounts when using the method
//   GetEffectiveRightsFromAcl(). We resort to using AuthZ methods as
//   an alternative way suggested on MSDN:
// http://msdn.microsoft.com/en-us/library/windows/desktop/aa446637.aspx
//
static DWORD GetEffectiveRightsForSid(PSECURITY_DESCRIPTOR psd,
  PSID pSid,
  PACCESS_MASK pAccessRights)
{
  AUTHZ_RESOURCE_MANAGER_HANDLE hManager = NULL;
  LUID unusedId = { 0 };
  AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext = NULL;
  DWORD dwRtnCode = ERROR_SUCCESS;
  DWORD ret = ERROR_SUCCESS;

  assert (pAccessRights != NULL);

  if (!AuthzInitializeResourceManager(AUTHZ_RM_FLAG_NO_AUDIT,
    NULL, NULL, NULL, NULL, &hManager))
  {
    return GetLastError();
  }

  // Pass AUTHZ_SKIP_TOKEN_GROUPS to the function to avoid querying user group
  // information for access check. This allows us to model POSIX permissions
  // on Windows, where a user can have less permissions than a group it
  // belongs to.
  if(!AuthzInitializeContextFromSid(AUTHZ_SKIP_TOKEN_GROUPS,
    pSid, hManager, NULL, unusedId, NULL, &hAuthzClientContext))
  {
    ret = GetLastError();
    goto GetEffectiveRightsForSidEnd;
  }

  if ((dwRtnCode = GetAccess(hAuthzClientContext, psd, pAccessRights))
    != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto GetEffectiveRightsForSidEnd;
  }

GetEffectiveRightsForSidEnd:
  if (hManager != NULL)
  {
    (void)AuthzFreeResourceManager(hManager);
  }
  if (hAuthzClientContext != NULL)
  {
    (void)AuthzFreeContext(hAuthzClientContext);
  }

  return ret;
}

//----------------------------------------------------------------------------
// Function: CheckAccessForCurrentUser
//
// Description:
//   Checks if the current process has the requested access rights on the given
//   path. Based on the following MSDN article:
//   http://msdn.microsoft.com/en-us/library/windows/desktop/ff394771(v=vs.85).aspx
//
// Returns:
//   ERROR_SUCCESS: on success
//
DWORD CheckAccessForCurrentUser(
  __in PCWSTR pathName,
  __in ACCESS_MASK requestedAccess,
  __out BOOL *allowed)
{
  DWORD dwRtnCode = ERROR_SUCCESS;

  LPWSTR longPathName = NULL;
  HANDLE hProcessToken = NULL;
  PSECURITY_DESCRIPTOR pSd = NULL;

  AUTHZ_RESOURCE_MANAGER_HANDLE hManager = NULL;
  AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext = NULL;
  LUID Luid = {0, 0};

  ACCESS_MASK currentUserAccessRights = 0;

  // Prepend the long path prefix if needed
  dwRtnCode = ConvertToLongPath(pathName, &longPathName);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    goto CheckAccessEnd;
  }

  // Get SD of the given path. OWNER and DACL security info must be
  // requested, otherwise, AuthzAccessCheck fails with invalid parameter
  // error.
  dwRtnCode = GetNamedSecurityInfo(longPathName, SE_FILE_OBJECT,
    OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
    DACL_SECURITY_INFORMATION,
    NULL, NULL, NULL, NULL, &pSd);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    goto CheckAccessEnd;
  }

  // Get current process token
  if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hProcessToken))
  {
    dwRtnCode = GetLastError();
    goto CheckAccessEnd;
  }

  if (!AuthzInitializeResourceManager(AUTHZ_RM_FLAG_NO_AUDIT, NULL, NULL,
    NULL, NULL, &hManager))
  {
    dwRtnCode = GetLastError();
    goto CheckAccessEnd;
  }

  if(!AuthzInitializeContextFromToken(0, hProcessToken, hManager, NULL,
    Luid, NULL, &hAuthzClientContext))
  {
    dwRtnCode = GetLastError();
    goto CheckAccessEnd;
  }

  dwRtnCode = GetAccess(hAuthzClientContext, pSd, &currentUserAccessRights);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    goto CheckAccessEnd;
  }

  *allowed = ((currentUserAccessRights & requestedAccess) == requestedAccess);

CheckAccessEnd:
  LocalFree(longPathName);
  LocalFree(pSd);
  if (hProcessToken != NULL)
  {
    CloseHandle(hProcessToken);
  }
  if (hManager != NULL)
  {
    (void)AuthzFreeResourceManager(hManager);
  }
  if (hAuthzClientContext != NULL)
  {
    (void)AuthzFreeContext(hAuthzClientContext);
  }

  return dwRtnCode;
}


//----------------------------------------------------------------------------
// Function: FindFileOwnerAndPermissionByHandle
//
// Description:
//  Find the owner, primary group and permissions of a file object given the
//  the file object handle. The function will always follow symbolic links.
//
// Returns:
//  ERROR_SUCCESS: on success
//  Error code otherwise
//
// Notes:
//  - Caller needs to destroy the memeory of owner and group names by calling
//    LocalFree() function.
//
//  - If the user or group name does not exist, the user or group SID will be
//    returned as the name.
//
DWORD FindFileOwnerAndPermissionByHandle(
  __in HANDLE fileHandle,
  __out_opt LPWSTR *pOwnerName,
  __out_opt LPWSTR *pGroupName,
  __out_opt PINT pMask)
{
  LPWSTR path = NULL;
  DWORD cchPathLen = 0;
  DWORD dwRtnCode = ERROR_SUCCESS;

  DWORD ret = ERROR_SUCCESS;

  dwRtnCode = GetFinalPathNameByHandle(fileHandle, path, cchPathLen, 0);
  if (dwRtnCode == 0)
  {
    ret = GetLastError();
    goto FindFileOwnerAndPermissionByHandleEnd;
  }
  cchPathLen = dwRtnCode;
  path = (LPWSTR) LocalAlloc(LPTR, cchPathLen * sizeof(WCHAR));
  if (path == NULL)
  {
    ret = GetLastError();
    goto FindFileOwnerAndPermissionByHandleEnd;
  }

  dwRtnCode = GetFinalPathNameByHandle(fileHandle, path, cchPathLen, 0);
  if (dwRtnCode != cchPathLen - 1)
  {
    ret = GetLastError();
    goto FindFileOwnerAndPermissionByHandleEnd;
  }

  dwRtnCode = FindFileOwnerAndPermission(path, TRUE, pOwnerName, pGroupName, pMask);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto FindFileOwnerAndPermissionByHandleEnd;
  }

FindFileOwnerAndPermissionByHandleEnd:
  LocalFree(path);
  return ret;
}


//----------------------------------------------------------------------------
// Function: FindFileOwnerAndPermission
//
// Description:
//  Find the owner, primary group and permissions of a file object
//
// Returns:
//  ERROR_SUCCESS: on success
//  Error code otherwise
//
// Notes:
//  - Caller needs to destroy the memeory of owner and group names by calling
//    LocalFree() function.
//
//  - If the user or group name does not exist, the user or group SID will be
//    returned as the name.
//
DWORD FindFileOwnerAndPermission(
  __in LPCWSTR pathName,
  __in BOOL followLink,
  __out_opt LPWSTR *pOwnerName,
  __out_opt LPWSTR *pGroupName,
  __out_opt PINT pMask)
{
  DWORD dwRtnCode = 0;
  PSECURITY_DESCRIPTOR pSd = NULL;

  PSID psidOwner = NULL;
  PSID psidGroup = NULL;
  PSID psidEveryone = NULL;
  DWORD cbSid = SECURITY_MAX_SID_SIZE;
  PACL pDacl = NULL;

  BOOL isSymlink = FALSE;
  BY_HANDLE_FILE_INFORMATION fileInformation = {0};

  ACCESS_MASK ownerAccessRights = 0;
  ACCESS_MASK groupAccessRights = 0;
  ACCESS_MASK worldAccessRights = 0;

  DWORD ret = ERROR_SUCCESS;

  // Do nothing if the caller request nothing
  //
  if (pOwnerName == NULL && pGroupName == NULL && pMask == NULL)
  {
    return ret;
  }

  dwRtnCode = GetNamedSecurityInfo(pathName, SE_FILE_OBJECT,
    OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
    DACL_SECURITY_INFORMATION,
    &psidOwner, &psidGroup, &pDacl, NULL, &pSd);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto FindFileOwnerAndPermissionEnd;
  }

  if (pOwnerName != NULL)
  {
    dwRtnCode = GetAccntNameFromSid(psidOwner, pOwnerName);
    if (dwRtnCode == ERROR_NONE_MAPPED)
    {
      if (!ConvertSidToStringSid(psidOwner, pOwnerName))
      {
        ret = GetLastError();
        goto FindFileOwnerAndPermissionEnd;
      }
    }
    else if (dwRtnCode != ERROR_SUCCESS)
    {
      ret = dwRtnCode;
      goto FindFileOwnerAndPermissionEnd;
    }
  }

  if (pGroupName != NULL)
  {
    dwRtnCode = GetAccntNameFromSid(psidGroup, pGroupName);
    if (dwRtnCode == ERROR_NONE_MAPPED)
    {
      if (!ConvertSidToStringSid(psidGroup, pGroupName))
      {
        ret = GetLastError();
        goto FindFileOwnerAndPermissionEnd;
      }
    }
    else if (dwRtnCode != ERROR_SUCCESS)
    {
      ret = dwRtnCode;
      goto FindFileOwnerAndPermissionEnd;
    }
  }

  if (pMask == NULL) goto FindFileOwnerAndPermissionEnd;

  dwRtnCode = GetFileInformationByName(pathName,
    followLink, &fileInformation);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto FindFileOwnerAndPermissionEnd;
  }

  dwRtnCode = SymbolicLinkCheck(pathName, &isSymlink);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto FindFileOwnerAndPermissionEnd;
  }

  if (isSymlink)
    *pMask |= UX_SYMLINK;
  else if (IsDirFileInfo(&fileInformation))
    *pMask |= UX_DIRECTORY;
  else
    *pMask |= UX_REGULAR;

  if ((dwRtnCode = GetEffectiveRightsForSid(pSd,
    psidOwner, &ownerAccessRights)) != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto FindFileOwnerAndPermissionEnd;
  }

  if ((dwRtnCode = GetEffectiveRightsForSid(pSd,
    psidGroup, &groupAccessRights)) != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto FindFileOwnerAndPermissionEnd;
  }

  if ((psidEveryone = LocalAlloc(LPTR, cbSid)) == NULL)
  {
    ret = GetLastError();
    goto FindFileOwnerAndPermissionEnd;
  }
  if (!CreateWellKnownSid(WinWorldSid, NULL, psidEveryone, &cbSid))
  {
    ret = GetLastError();
    goto FindFileOwnerAndPermissionEnd;
  }
  if ((dwRtnCode = GetEffectiveRightsForSid(pSd,
    psidEveryone, &worldAccessRights)) != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto FindFileOwnerAndPermissionEnd;
  }

  *pMask |= GetUnixAccessMask(ownerAccessRights) << 6;
  *pMask |= GetUnixAccessMask(groupAccessRights) << 3;
  *pMask |= GetUnixAccessMask(worldAccessRights);

FindFileOwnerAndPermissionEnd:
  LocalFree(psidEveryone);
  LocalFree(pSd);

  return ret;
}

//----------------------------------------------------------------------------
// Function: GetWindowsAccessMask
//
// Description:
//  Get the Windows AccessMask for user, group and everyone based on the Unix
//  permission mask
//
// Returns:
//  none
//
// Notes:
//  none
//
static void GetWindowsAccessMask(INT unixMask,
  ACCESS_MASK *userAllow,
  ACCESS_MASK *userDeny,
  ACCESS_MASK *groupAllow,
  ACCESS_MASK *groupDeny,
  ACCESS_MASK *otherAllow)
{
  assert (userAllow != NULL && userDeny != NULL &&
    groupAllow != NULL && groupDeny != NULL &&
    otherAllow != NULL);

  *userAllow = WinMasks[WIN_ALL] | WinMasks[WIN_OWNER_SE];
  if ((unixMask & UX_U_READ) == UX_U_READ)
    *userAllow |= WinMasks[WIN_READ];

  if ((unixMask & UX_U_WRITE) == UX_U_WRITE)
    *userAllow |= WinMasks[WIN_WRITE];

  if ((unixMask & UX_U_EXECUTE) == UX_U_EXECUTE)
    *userAllow |= WinMasks[WIN_EXECUTE];

  *userDeny = 0;
  if ((unixMask & UX_U_READ) != UX_U_READ &&
    ((unixMask & UX_G_READ) == UX_G_READ ||
    (unixMask & UX_O_READ) == UX_O_READ))
    *userDeny |= WinMasks[WIN_READ];

  if ((unixMask & UX_U_WRITE) != UX_U_WRITE &&
    ((unixMask & UX_G_WRITE) == UX_G_WRITE ||
    (unixMask & UX_O_WRITE) == UX_O_WRITE))
    *userDeny |= WinMasks[WIN_WRITE];

  if ((unixMask & UX_U_EXECUTE) != UX_U_EXECUTE &&
    ((unixMask & UX_G_EXECUTE) == UX_G_EXECUTE ||
    (unixMask & UX_O_EXECUTE) == UX_O_EXECUTE))
    *userDeny |= WinMasks[WIN_EXECUTE];

  *groupAllow = WinMasks[WIN_ALL];
  if ((unixMask & UX_G_READ) == UX_G_READ)
    *groupAllow |= FILE_GENERIC_READ;

  if ((unixMask & UX_G_WRITE) == UX_G_WRITE)
    *groupAllow |= WinMasks[WIN_WRITE];

  if ((unixMask & UX_G_EXECUTE) == UX_G_EXECUTE)
    *groupAllow |= WinMasks[WIN_EXECUTE];

  *groupDeny = 0;
  if ((unixMask & UX_G_READ) != UX_G_READ &&
    (unixMask & UX_O_READ) == UX_O_READ)
    *groupDeny |= WinMasks[WIN_READ];

  if ((unixMask & UX_G_WRITE) != UX_G_WRITE &&
    (unixMask & UX_O_WRITE) == UX_O_WRITE)
    *groupDeny |= WinMasks[WIN_WRITE];

  if ((unixMask & UX_G_EXECUTE) != UX_G_EXECUTE &&
    (unixMask & UX_O_EXECUTE) == UX_O_EXECUTE)
    *groupDeny |= WinMasks[WIN_EXECUTE];

  *otherAllow = WinMasks[WIN_ALL];
  if ((unixMask & UX_O_READ) == UX_O_READ)
    *otherAllow |= WinMasks[WIN_READ];

  if ((unixMask & UX_O_WRITE) == UX_O_WRITE)
    *otherAllow |= WinMasks[WIN_WRITE];

  if ((unixMask & UX_O_EXECUTE) == UX_O_EXECUTE)
    *otherAllow |= WinMasks[WIN_EXECUTE];
}

//----------------------------------------------------------------------------
// Function: GetWindowsDACLs
//
// Description:
//  Get the Windows DACs based the Unix access mask
//
// Returns:
//  ERROR_SUCCESS: on success
//  Error code: otherwise
//
// Notes:
//  - Administrators and SYSTEM are always given full permission to the file,
//    unless Administrators or SYSTEM itself is the file owner and the user
//    explictly set the permission to something else. For example, file 'foo'
//    belongs to Administrators, 'chmod 000' on the file will not directly
//    assign Administrators full permission on the file.
//  - Only full permission for Administrators and SYSTEM are inheritable.
//  - CREATOR OWNER is always given full permission and the permission is
//    inheritable, more specifically OBJECT_INHERIT_ACE, CONTAINER_INHERIT_ACE
//    flags are set. The reason is to give the creator of child file full
//    permission, i.e., the child file will have permission mode 700 for
//    a user other than Administrator or SYSTEM.
//
static DWORD GetWindowsDACLs(__in INT unixMask,
  __in PSID pOwnerSid, __in PSID pGroupSid, __out PACL *ppNewDACL)
{
  DWORD winUserAccessDenyMask;
  DWORD winUserAccessAllowMask;
  DWORD winGroupAccessDenyMask;
  DWORD winGroupAccessAllowMask;
  DWORD winOtherAccessAllowMask;

  PSID pEveryoneSid = NULL;
  DWORD cbEveryoneSidSize = SECURITY_MAX_SID_SIZE;

  PSID pSystemSid = NULL;
  DWORD cbSystemSidSize = SECURITY_MAX_SID_SIZE;
  BOOL bAddSystemAcls = FALSE;

  PSID pAdministratorsSid = NULL;
  DWORD cbAdministratorsSidSize = SECURITY_MAX_SID_SIZE;
  BOOL bAddAdministratorsAcls = FALSE;

  PSID pCreatorOwnerSid = NULL;
  DWORD cbCreatorOwnerSidSize = SECURITY_MAX_SID_SIZE;

  PACL pNewDACL = NULL;
  DWORD dwNewAclSize = 0;

  DWORD ret = ERROR_SUCCESS;

  GetWindowsAccessMask(unixMask,
    &winUserAccessAllowMask, &winUserAccessDenyMask,
    &winGroupAccessAllowMask, &winGroupAccessDenyMask,
    &winOtherAccessAllowMask);

  // Create a well-known SID for the Everyone group
  //
  if ((pEveryoneSid = LocalAlloc(LPTR, cbEveryoneSidSize)) == NULL)
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }
  if (!CreateWellKnownSid(WinWorldSid, NULL, pEveryoneSid, &cbEveryoneSidSize))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }

  // Create a well-known SID for the Administrators group
  //
  if ((pAdministratorsSid = LocalAlloc(LPTR, cbAdministratorsSidSize)) == NULL)
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }
  if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL,
    pAdministratorsSid, &cbAdministratorsSidSize))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }
  if (!EqualSid(pAdministratorsSid, pOwnerSid)
    && !EqualSid(pAdministratorsSid, pGroupSid))
    bAddAdministratorsAcls = TRUE;

  // Create a well-known SID for the SYSTEM
  //
  if ((pSystemSid = LocalAlloc(LPTR, cbSystemSidSize)) == NULL)
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }
  if (!CreateWellKnownSid(WinLocalSystemSid, NULL,
    pSystemSid, &cbSystemSidSize))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }
  if (!EqualSid(pSystemSid, pOwnerSid)
    && !EqualSid(pSystemSid, pGroupSid))
    bAddSystemAcls = TRUE;

  // Create a well-known SID for the Creator Owner
  //
  if ((pCreatorOwnerSid = LocalAlloc(LPTR, cbCreatorOwnerSidSize)) == NULL)
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }
  if (!CreateWellKnownSid(WinCreatorOwnerSid, NULL,
    pCreatorOwnerSid, &cbCreatorOwnerSidSize))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }

  // Create the new DACL
  //
  dwNewAclSize = sizeof(ACL);
  dwNewAclSize += sizeof(ACCESS_ALLOWED_ACE) +
    GetLengthSid(pOwnerSid) - sizeof(DWORD);
  if (winUserAccessDenyMask)
    dwNewAclSize += sizeof(ACCESS_DENIED_ACE) +
    GetLengthSid(pOwnerSid) - sizeof(DWORD);
  dwNewAclSize += sizeof(ACCESS_ALLOWED_ACE) +
    GetLengthSid(pGroupSid) - sizeof(DWORD);
  if (winGroupAccessDenyMask)
    dwNewAclSize += sizeof(ACCESS_DENIED_ACE) +
    GetLengthSid(pGroupSid) - sizeof(DWORD);
  dwNewAclSize += sizeof(ACCESS_ALLOWED_ACE) +
    GetLengthSid(pEveryoneSid) - sizeof(DWORD);

  if (bAddSystemAcls)
  {
    dwNewAclSize += sizeof(ACCESS_ALLOWED_ACE) +
      cbSystemSidSize - sizeof(DWORD);
  }

  if (bAddAdministratorsAcls)
  {
    dwNewAclSize += sizeof(ACCESS_ALLOWED_ACE) +
      cbAdministratorsSidSize - sizeof(DWORD);
  }

  dwNewAclSize += sizeof(ACCESS_ALLOWED_ACE) +
    cbCreatorOwnerSidSize - sizeof(DWORD);

  pNewDACL = (PACL)LocalAlloc(LPTR, dwNewAclSize);
  if (pNewDACL == NULL)
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }
  if (!InitializeAcl(pNewDACL, dwNewAclSize, ACL_REVISION))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }

  if (!AddAccessAllowedAceEx(pNewDACL, ACL_REVISION,
    CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
    GENERIC_ALL, pCreatorOwnerSid))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }

  if (bAddSystemAcls &&
    !AddAccessAllowedAceEx(pNewDACL, ACL_REVISION,
    CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
    GENERIC_ALL, pSystemSid))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }

  if (bAddAdministratorsAcls &&
    !AddAccessAllowedAceEx(pNewDACL, ACL_REVISION,
    CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
    GENERIC_ALL, pAdministratorsSid))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }

  if (winUserAccessDenyMask &&
    !AddAccessDeniedAceEx(pNewDACL, ACL_REVISION,
    CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
    winUserAccessDenyMask, pOwnerSid))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }
  if (!AddAccessAllowedAceEx(pNewDACL, ACL_REVISION,
    CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
    winUserAccessAllowMask, pOwnerSid))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }
  if (winGroupAccessDenyMask &&
    !AddAccessDeniedAceEx(pNewDACL, ACL_REVISION,
    CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
    winGroupAccessDenyMask, pGroupSid))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }
  if (!AddAccessAllowedAceEx(pNewDACL, ACL_REVISION,
    CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
    winGroupAccessAllowMask, pGroupSid))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }
  if (!AddAccessAllowedAceEx(pNewDACL, ACL_REVISION,
    CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
    winOtherAccessAllowMask, pEveryoneSid))
  {
    ret = GetLastError();
    goto GetWindowsDACLsEnd;
  }

  *ppNewDACL = pNewDACL;

GetWindowsDACLsEnd:
  LocalFree(pEveryoneSid);
  LocalFree(pAdministratorsSid);
  LocalFree(pSystemSid);
  LocalFree(pCreatorOwnerSid);
  if (ret != ERROR_SUCCESS) LocalFree(pNewDACL);
  
  return ret;
}

//----------------------------------------------------------------------------
// Function: ChangeFileModeByMask
//
// Description:
//  Change a file or direcotry at the path to Unix mode
//
// Returns:
//  ERROR_SUCCESS: on success
//  Error code: otherwise
//
// Notes:
//  This function is long path safe, i.e. the path will be converted to long
//  path format if not already converted. So the caller does not need to do
//  the converstion before calling the method.
//
DWORD ChangeFileModeByMask(__in LPCWSTR path, INT mode)
{
  LPWSTR longPathName = NULL;
  PACL pNewDACL = NULL;
  PSID pOwnerSid = NULL;
  PSID pGroupSid = NULL;
  PSECURITY_DESCRIPTOR pSD = NULL;

  SECURITY_DESCRIPTOR_CONTROL control;
  DWORD revision = 0;

  PSECURITY_DESCRIPTOR pAbsSD = NULL;
  PSECURITY_DESCRIPTOR pNonNullSD = NULL;
  PACL pAbsDacl = NULL;
  PACL pAbsSacl = NULL;
  PSID pAbsOwner = NULL;
  PSID pAbsGroup = NULL;

  DWORD dwRtnCode = 0;
  DWORD dwErrorCode = 0;

  DWORD ret = ERROR_SUCCESS;

  dwRtnCode = ConvertToLongPath(path, &longPathName);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto ChangeFileModeByMaskEnd;
  }

  // Get owner and group Sids
  //
  dwRtnCode = GetNamedSecurityInfoW(
    longPathName,
    SE_FILE_OBJECT, 
    OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION,
    &pOwnerSid,
    &pGroupSid,
    NULL,
    NULL,
    &pSD);
  if (ERROR_SUCCESS != dwRtnCode)
  {
    ret = dwRtnCode;
    goto ChangeFileModeByMaskEnd; 
  }

  // SetSecurityDescriptorDacl function used below only accepts security
  // descriptor in absolute format, meaning that its members must be pointers to
  // other structures, rather than offsets to contiguous data.
  // To determine whether a security descriptor is self-relative or absolute,
  // call the GetSecurityDescriptorControl function and check the
  // SE_SELF_RELATIVE flag of the SECURITY_DESCRIPTOR_CONTROL parameter.
  //
  if (!GetSecurityDescriptorControl(pSD, &control, &revision))
  {
    ret = GetLastError();
    goto ChangeFileModeByMaskEnd;
  }

  // If the security descriptor is self-relative, we use MakeAbsoluteSD function
  // to convert it to absolute format.
  //
  if ((control & SE_SELF_RELATIVE) == SE_SELF_RELATIVE)
  {
    DWORD absSDSize = 0;
    DWORD daclSize = 0;
    DWORD saclSize = 0;
    DWORD ownerSize = 0;
    DWORD primaryGroupSize = 0;
    MakeAbsoluteSD(pSD, NULL, &absSDSize, NULL, &daclSize, NULL,
      &saclSize, NULL, &ownerSize, NULL, &primaryGroupSize);
    if ((dwErrorCode = GetLastError()) != ERROR_INSUFFICIENT_BUFFER)
    {
      ret = dwErrorCode;
      goto ChangeFileModeByMaskEnd;
    }

    if ((pAbsSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, absSDSize)) == NULL)
    {
      ret = GetLastError();
      goto ChangeFileModeByMaskEnd;
    }
    if ((pAbsDacl = (PACL) LocalAlloc(LPTR, daclSize)) == NULL)
    {
      ret = GetLastError();
      goto ChangeFileModeByMaskEnd;
    }
    if ((pAbsSacl = (PACL) LocalAlloc(LPTR, saclSize)) == NULL)
    {
      ret = GetLastError();
      goto ChangeFileModeByMaskEnd;
    }
    if ((pAbsOwner = (PSID) LocalAlloc(LPTR, ownerSize)) == NULL)
    {
      ret = GetLastError();
      goto ChangeFileModeByMaskEnd;
    }
    if ((pAbsGroup = (PSID) LocalAlloc(LPTR, primaryGroupSize)) == NULL)
    {
      ret = GetLastError();
      goto ChangeFileModeByMaskEnd;
    }

    if (!MakeAbsoluteSD(pSD, pAbsSD, &absSDSize, pAbsDacl, &daclSize, pAbsSacl,
      &saclSize, pAbsOwner, &ownerSize, pAbsGroup, &primaryGroupSize))
    {
      ret = GetLastError();
      goto ChangeFileModeByMaskEnd;
    }
  }

  // Get Windows DACLs based on Unix access mask
  //
  if ((dwRtnCode = GetWindowsDACLs(mode, pOwnerSid, pGroupSid, &pNewDACL))
    != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto ChangeFileModeByMaskEnd;
  }

  // Set the DACL information in the security descriptor; if a DACL is already
  // present in the security descriptor, the DACL is replaced. The security
  // descriptor is then used to set the security of a file or directory.
  //
  pNonNullSD = (pAbsSD != NULL) ? pAbsSD : pSD;
  if (!SetSecurityDescriptorDacl(pNonNullSD, TRUE, pNewDACL, FALSE))
  {
    ret = GetLastError();
    goto ChangeFileModeByMaskEnd;
  }

  // MSDN states "This function is obsolete. Use the SetNamedSecurityInfo
  // function instead." However we have the following problem when using
  // SetNamedSecurityInfo:
  //  - When PROTECTED_DACL_SECURITY_INFORMATION is not passed in as part of
  //    security information, the object will include inheritable permissions
  //    from its parent.
  //  - When PROTECTED_DACL_SECURITY_INFORMATION is passsed in to set
  //    permissions on a directory, the child object of the directory will lose
  //    inheritable permissions from their parent (the current directory).
  // By using SetFileSecurity, we have the nice property that the new
  // permissions of the object does not include the inheritable permissions from
  // its parent, and the child objects will not lose their inherited permissions
  // from the current object.
  //
  if (!SetFileSecurity(longPathName, DACL_SECURITY_INFORMATION, pNonNullSD))
  {
    ret = GetLastError();
    goto ChangeFileModeByMaskEnd;
  }

ChangeFileModeByMaskEnd:
  pNonNullSD = NULL;
  LocalFree(longPathName);
  LocalFree(pSD);
  LocalFree(pNewDACL);
  LocalFree(pAbsDacl);
  LocalFree(pAbsSacl);
  LocalFree(pAbsOwner);
  LocalFree(pAbsGroup);
  LocalFree(pAbsSD);

  return ret;
}

//----------------------------------------------------------------------------
// Function: GetAccntNameFromSid
//
// Description:
//  To retrieve an account name given the SID
//
// Returns:
//  ERROR_SUCCESS: on success
//  Other error code: otherwise
//
// Notes:
//  Caller needs to destroy the memory of account name by calling LocalFree()
//
DWORD GetAccntNameFromSid(__in PSID pSid, __out PWSTR *ppAcctName)
{
  LPWSTR lpName = NULL;
  DWORD cchName = 0;
  LPWSTR lpDomainName = NULL;
  DWORD cchDomainName = 0;
  SID_NAME_USE eUse = SidTypeUnknown;
  DWORD cchAcctName = 0;
  DWORD dwErrorCode = ERROR_SUCCESS;
  HRESULT hr = S_OK;

  DWORD ret = ERROR_SUCCESS;

  assert(ppAcctName != NULL);

  // NOTE:
  // MSDN says the length returned for the buffer size including the terminating
  // null character. However we found it is not true during debuging.
  //
  LookupAccountSid(NULL, pSid, NULL, &cchName, NULL, &cchDomainName, &eUse);
  if ((dwErrorCode = GetLastError()) != ERROR_INSUFFICIENT_BUFFER)
    return dwErrorCode;
  lpName = (LPWSTR) LocalAlloc(LPTR, (cchName + 1) * sizeof(WCHAR));
  if (lpName == NULL)
  {
    ret = GetLastError();
    goto GetAccntNameFromSidEnd;
  }
  lpDomainName = (LPWSTR) LocalAlloc(LPTR, (cchDomainName + 1) * sizeof(WCHAR));
  if (lpDomainName == NULL)
  {
    ret = GetLastError();
    goto GetAccntNameFromSidEnd;
  }

  if (!LookupAccountSid(NULL, pSid,
    lpName, &cchName, lpDomainName, &cchDomainName, &eUse))
  {
    ret = GetLastError();
    goto GetAccntNameFromSidEnd;
  }

  // Buffer size = name length + 1 for '\' + domain length + 1 for NULL
  cchAcctName = cchName + cchDomainName + 2;
  *ppAcctName = (LPWSTR) LocalAlloc(LPTR, cchAcctName * sizeof(WCHAR));
  if (*ppAcctName == NULL)
  {
    ret = GetLastError();
    goto GetAccntNameFromSidEnd;
  }

  hr = StringCchCopyW(*ppAcctName, cchAcctName, lpDomainName);
  if (FAILED(hr))
  {
    ret = HRESULT_CODE(hr);
    goto GetAccntNameFromSidEnd;
  }

  hr = StringCchCatW(*ppAcctName, cchAcctName, L"\\");
  if (FAILED(hr))
  {
    ret = HRESULT_CODE(hr);
    goto GetAccntNameFromSidEnd;
  }

  hr = StringCchCatW(*ppAcctName, cchAcctName, lpName);
  if (FAILED(hr))
  {
    ret = HRESULT_CODE(hr);
    goto GetAccntNameFromSidEnd;
  }

GetAccntNameFromSidEnd:
  LocalFree(lpName);
  LocalFree(lpDomainName);
  if (ret != ERROR_SUCCESS)
  {
    LocalFree(*ppAcctName);
    *ppAcctName = NULL;
  }
  return ret;
}

//----------------------------------------------------------------------------
// Function: GetLocalGroupsForUser
//
// Description:
//  Get an array of groups for the given user.
//
// Returns:
//  ERROR_SUCCESS on success
//  Other error code on failure
//
// Notes:
// - NetUserGetLocalGroups() function only accepts full user name in the format
//   [domain name]\[username]. The user input to this function can be only the
//   username. In this case, NetUserGetLocalGroups() will fail on the first try,
//   and we will try to find full user name using LookupAccountNameW() method,
//   and call NetUserGetLocalGroups() function again with full user name.
//   However, it is not always possible to find full user name given only user
//   name. For example, a computer named 'win1' joined domain 'redmond' can have
//   two different users, 'win1\alex' and 'redmond\alex'. Given only 'alex', we
//   cannot tell which one is correct.
//
// - Caller needs to destroy the memory of groups by using the
//   NetApiBufferFree() function
//
DWORD GetLocalGroupsForUser(
  __in LPCWSTR user,
  __out LPLOCALGROUP_USERS_INFO_0 *groups,
  __out LPDWORD entries)
{
  DWORD dwEntriesRead = 0;
  DWORD dwTotalEntries = 0;
  NET_API_STATUS nStatus = NERR_Success;

  PSID pUserSid = NULL;
  LPWSTR fullName = NULL;

  DWORD dwRtnCode = ERROR_SUCCESS;

  DWORD ret = ERROR_SUCCESS;

  *groups = NULL;
  *entries = 0;

  nStatus = NetUserGetLocalGroups(NULL,
    user,
    0,
    0,
    (LPBYTE *) groups,
    MAX_PREFERRED_LENGTH,
    &dwEntriesRead,
    &dwTotalEntries);

  if (nStatus == NERR_Success)
  {
    *entries = dwEntriesRead;
    return ERROR_SUCCESS;
  }
  else if (nStatus != NERR_UserNotFound)
  {
    return nStatus;
  }

  if ((dwRtnCode = GetSidFromAcctNameW(user, &pUserSid)) != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto GetLocalGroupsForUserEnd;
  }

  if ((dwRtnCode = GetAccntNameFromSid(pUserSid, &fullName)) != ERROR_SUCCESS)
  {
    ret = dwRtnCode;
    goto GetLocalGroupsForUserEnd;
  }

  nStatus = NetUserGetLocalGroups(NULL,
    fullName,
    0,
    0,
    (LPBYTE *) groups,
    MAX_PREFERRED_LENGTH,
    &dwEntriesRead,
    &dwTotalEntries);
  if (nStatus != NERR_Success)
  {
    // NERR_DCNotFound (2453) and NERR_UserNotFound (2221) are not published
    // Windows System Error Code. All other error codes returned by
    // NetUserGetLocalGroups() are valid System Error Codes according to MSDN.
    ret = nStatus;
    goto GetLocalGroupsForUserEnd;
  }

  *entries = dwEntriesRead;

GetLocalGroupsForUserEnd:
  LocalFree(pUserSid);
  LocalFree(fullName);
  return ret;
}


//----------------------------------------------------------------------------
// Function: EnablePrivilege
//
// Description:
//  Check if the process has the given privilege. If yes, enable the privilege
//  to the process's access token.
//
// Returns:
//  ERROR_SUCCESS on success
//  GetLastError() on error
//
// Notes:
//
DWORD EnablePrivilege(__in LPCWSTR privilegeName)
{
  HANDLE hToken = INVALID_HANDLE_VALUE;
  TOKEN_PRIVILEGES tp = { 0 };
  DWORD dwErrCode = ERROR_SUCCESS;

  if (!OpenProcessToken(GetCurrentProcess(),
    TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
  {
    dwErrCode = GetLastError();
    ReportErrorCode(L"OpenProcessToken", dwErrCode);
    return dwErrCode;
  }

  tp.PrivilegeCount = 1;
  if (!LookupPrivilegeValueW(NULL,
    privilegeName, &(tp.Privileges[0].Luid)))
  {
    dwErrCode = GetLastError();
    ReportErrorCode(L"LookupPrivilegeValue", dwErrCode);
    CloseHandle(hToken);
    return dwErrCode;
  }
  tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

  // As stated on MSDN, we need to use GetLastError() to check if
  // AdjustTokenPrivileges() adjusted all of the specified privileges.
  //
  if (!AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, NULL)) {
    dwErrCode = GetLastError();
  }
  CloseHandle(hToken);

  return dwErrCode;
}

//----------------------------------------------------------------------------
// Function: ReportErrorCode
//
// Description:
//  Report an error. Use FormatMessage function to get the system error message.
//
// Returns:
//  None
//
// Notes:
//
//
void ReportErrorCode(LPCWSTR func, DWORD err)
{
  DWORD len = 0;
  LPWSTR msg = NULL;

  assert(func != NULL);

  len = FormatMessageW(
    FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
    NULL, err,
    MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
    (LPWSTR)&msg, 0, NULL);
  if (len > 0)
  {
    LogDebugMessage(L"%s error (%d): %s\n", func, err, msg);
    fwprintf(stderr, L"%s error (%d): %s\n", func, err, msg);
  }
  else
  {
    LogDebugMessage(L"%s error code: %d.\n", func, err);
    fwprintf(stderr, L"%s error code: %d.\n", func, err);
  }

  if (msg != NULL) LocalFree(msg);
}

//----------------------------------------------------------------------------
// Function: GetLibraryName
//
// Description:
//  Given an address, get the file name of the library from which it was loaded.
//
// Notes:
// - The function allocates heap memory and points the filename out parameter to
//   the newly allocated memory, which will contain the name of the file.
//
// - If there is any failure, then the function frees the heap memory it
//   allocated and sets the filename out parameter to NULL.
//
void GetLibraryName(LPCVOID lpAddress, LPWSTR *filename)
{
  SIZE_T ret = 0;
  DWORD size = MAX_PATH;
  HMODULE mod = NULL;
  DWORD err = ERROR_SUCCESS;

  MEMORY_BASIC_INFORMATION mbi;
  ret = VirtualQuery(lpAddress, &mbi, sizeof(mbi));
  if (ret == 0) goto cleanup;
  mod = mbi.AllocationBase;

  do {
    *filename = (LPWSTR) realloc(*filename, size * sizeof(WCHAR));
    if (*filename == NULL) goto cleanup;
    GetModuleFileName(mod, *filename, size);
    size <<= 1;
    err = GetLastError();
  } while (err == ERROR_INSUFFICIENT_BUFFER);

  if (err != ERROR_SUCCESS) goto cleanup;

  return;

cleanup:
  if (*filename != NULL)
  {
    free(*filename);
    *filename = NULL;
  }
}

// Function: AssignLsaString
//
// Description:
//  fills in values of LSA_STRING struct to point to a string buffer
//
// Returns:
//  None
//
//  IMPORTANT*** strBuf is not copied. It must be globally immutable
//
void AssignLsaString(__inout LSA_STRING * target, __in const char *strBuf)
{
  target->Length = (USHORT)(sizeof(char)*strlen(strBuf));
  target->MaximumLength = target->Length;
  target->Buffer = (char *)(strBuf);
}

//----------------------------------------------------------------------------
// Function: RegisterWithLsa
//
// Description:
//  Registers with local security authority and sets handle for use in later LSA
//  operations
//
// Returns:
//  ERROR_SUCCESS on success
//  Other error code on failure
//
// Notes:
//
DWORD RegisterWithLsa(__in const char *logonProcessName, __out HANDLE * lsaHandle) 
{
  LSA_STRING processName; 
  LSA_OPERATIONAL_MODE o_mode; // never useful as per msdn docs
  NTSTATUS registerStatus;
  *lsaHandle = 0;
  
  AssignLsaString(&processName, logonProcessName);
  registerStatus = LsaRegisterLogonProcess(&processName, lsaHandle, &o_mode); 
  
  return LsaNtStatusToWinError( registerStatus );
}

//----------------------------------------------------------------------------
// Function: UnregisterWithLsa
//
// Description:
//  Closes LSA handle allocated by RegisterWithLsa()
//
// Returns:
//  None
//
// Notes:
//
void UnregisterWithLsa(__in HANDLE lsaHandle)
{
  LsaClose(lsaHandle);
}

//----------------------------------------------------------------------------
// Function: LookupKerberosAuthenticationPackageId
//
// Description:
//  Looks of the current id (integer index) of the Kerberos authentication package on the local
//  machine.
//
// Returns:
//  ERROR_SUCCESS on success
//  Other error code on failure
//
// Notes:
//
DWORD LookupKerberosAuthenticationPackageId(__in HANDLE lsaHandle, __out ULONG * packageId)
{
  NTSTATUS lookupStatus; 
  LSA_STRING pkgName;

  AssignLsaString(&pkgName, MICROSOFT_KERBEROS_NAME_A);
  lookupStatus = LsaLookupAuthenticationPackage(lsaHandle, &pkgName, packageId);
  return LsaNtStatusToWinError( lookupStatus );
}
  
//----------------------------------------------------------------------------
// Function: CreateLogonTokenForUser
//
// Description:
//  Contacts the local LSA and performs a logon without credential for the 
//  given principal. This logon token will be local machine only and have no 
//  network credentials attached.
//
// Returns:
//  ERROR_SUCCESS on success
//  Other error code on failure
//
// Notes:
//  This call assumes that all required privileges have already been enabled (TCB etc).
//  IMPORTANT ****  tokenOriginName must be immutable!
//
DWORD CreateLogonTokenForUser(__in HANDLE lsaHandle,
                         __in const char * tokenSourceName, 
                         __in const char * tokenOriginName, // must be immutable, will not be copied!
                         __in ULONG authnPkgId, 
                         __in const wchar_t* principalName, 
                         __out HANDLE *tokenHandle) 
{ 
  DWORD logonStatus = ERROR_ASSERTION_FAILURE; // Failure to set status should trigger error
  TOKEN_SOURCE tokenSource;
  LSA_STRING originName;
  void * profile = NULL;

  // from MSDN:
  // The ClientUpn and ClientRealm members of the KERB_S4U_LOGON 
  // structure must point to buffers in memory that are contiguous 
  // to the structure itself. The value of the 
  // AuthenticationInformationLength parameter must take into 
  // account the length of these buffers.
  const int principalNameBufLen = lstrlen(principalName)*sizeof(*principalName);
  const int totalAuthInfoLen = sizeof(KERB_S4U_LOGON) + principalNameBufLen;
  KERB_S4U_LOGON* s4uLogonAuthInfo = (KERB_S4U_LOGON*)calloc(totalAuthInfoLen, 1);
  if (s4uLogonAuthInfo == NULL ) {
    logonStatus = ERROR_NOT_ENOUGH_MEMORY;
    goto done;
  }
  s4uLogonAuthInfo->MessageType = KerbS4ULogon;
  s4uLogonAuthInfo->ClientUpn.Buffer = (wchar_t*)((char*)s4uLogonAuthInfo + sizeof *s4uLogonAuthInfo);
  CopyMemory(s4uLogonAuthInfo->ClientUpn.Buffer, principalName, principalNameBufLen);
  s4uLogonAuthInfo->ClientUpn.Length        = (USHORT)principalNameBufLen;
  s4uLogonAuthInfo->ClientUpn.MaximumLength = (USHORT)principalNameBufLen;

  AllocateLocallyUniqueId(&tokenSource.SourceIdentifier);
  StringCchCopyA(tokenSource.SourceName, TOKEN_SOURCE_LENGTH, tokenSourceName );
  AssignLsaString(&originName, tokenOriginName);

  {
    DWORD cbProfile = 0;
    LUID logonId;
    QUOTA_LIMITS quotaLimits;
    NTSTATUS subStatus;

    NTSTATUS logonNtStatus = LsaLogonUser(lsaHandle,
      &originName,
      Batch, // SECURITY_LOGON_TYPE
      authnPkgId,
      s4uLogonAuthInfo, 
      totalAuthInfoLen,
      0,
      &tokenSource,
      &profile, 
      &cbProfile,
      &logonId, 
      tokenHandle,
      &quotaLimits,
      &subStatus);
    logonStatus = LsaNtStatusToWinError( logonNtStatus );
  }
done:
  // clean up
  if (s4uLogonAuthInfo != NULL) {
    free(s4uLogonAuthInfo);
  }
  if (profile != NULL) {
    LsaFreeReturnBuffer(profile);
  }
  return logonStatus;
}

// NOTE: must free allocatedName
DWORD GetNameFromLogonToken(__in HANDLE logonToken, __out wchar_t **allocatedName)
{
  DWORD userInfoSize = 0;
  PTOKEN_USER  user = NULL;
  DWORD userNameSize = 0;
  wchar_t * userName = NULL;
  DWORD domainNameSize = 0; 
  wchar_t * domainName = NULL;
  SID_NAME_USE sidUse = SidTypeUnknown;
  DWORD getNameStatus = ERROR_ASSERTION_FAILURE; // Failure to set status should trigger error
  BOOL tokenInformation = FALSE;

  // call for sid size then alloc and call for sid
  tokenInformation = GetTokenInformation(logonToken, TokenUser, NULL, 0, &userInfoSize);
  assert (FALSE == tokenInformation);
  
  // last call should have failed and filled in allocation size
  if ((getNameStatus = GetLastError()) != ERROR_INSUFFICIENT_BUFFER)
  {
    goto done; 
  }
  user = (PTOKEN_USER)calloc(userInfoSize,1);
  if (user == NULL)
  {
    getNameStatus = ERROR_NOT_ENOUGH_MEMORY;
    goto done;
  }
  if (!GetTokenInformation(logonToken, TokenUser, user, userInfoSize, &userInfoSize)) {
      getNameStatus = GetLastError();
      goto done;
  }
  LookupAccountSid( NULL, user->User.Sid, NULL, &userNameSize, NULL, &domainNameSize, &sidUse );
  // last call should have failed and filled in allocation size
  if ((getNameStatus = GetLastError()) != ERROR_INSUFFICIENT_BUFFER)
  {
    goto done;
  }
  userName = (wchar_t *)calloc(userNameSize, sizeof(wchar_t));
  if (userName == NULL) {
    getNameStatus = ERROR_NOT_ENOUGH_MEMORY;
    goto done;
  }
  domainName = (wchar_t *)calloc(domainNameSize, sizeof(wchar_t));
  if (domainName == NULL) {
    getNameStatus = ERROR_NOT_ENOUGH_MEMORY;
    goto done;
  }
  if (!LookupAccountSid( NULL, user->User.Sid, userName, &userNameSize, domainName, &domainNameSize, &sidUse )) {
      getNameStatus = GetLastError();
      goto done;
  }

  getNameStatus = ERROR_SUCCESS;
  *allocatedName = userName;
  userName = NULL;
done:
  if (user != NULL) {
    free( user );
    user = NULL;
  }
  if (userName != NULL) {
    free( userName );
    userName = NULL;
  }
  if (domainName != NULL) {
    free( domainName );
    domainName = NULL;
  }
  return getNameStatus;
}

DWORD LoadUserProfileForLogon(__in HANDLE logonHandle, __out PROFILEINFO * pi)
{
  wchar_t *userName = NULL;
  DWORD loadProfileStatus = ERROR_ASSERTION_FAILURE; // Failure to set status should trigger error

  loadProfileStatus = GetNameFromLogonToken( logonHandle, &userName );
  if (loadProfileStatus != ERROR_SUCCESS) {
    goto done;
  }

  assert(pi);

  ZeroMemory( pi, sizeof(*pi) );
  pi->dwSize = sizeof(*pi); 
  pi->lpUserName = userName;
  pi->dwFlags = PI_NOUI;

  // if the profile does not exist it will be created
  if ( !LoadUserProfile( logonHandle, pi ) ) {      
    loadProfileStatus = GetLastError();
    goto done;
  }

  loadProfileStatus = ERROR_SUCCESS;
done:
  return loadProfileStatus;
}



DWORD UnloadProfileForLogon(__in HANDLE logonHandle, __in PROFILEINFO * pi)
{
  DWORD touchProfileStatus = ERROR_ASSERTION_FAILURE; // Failure to set status should trigger error

  assert(pi);

  if ( !UnloadUserProfile(logonHandle, pi->hProfile ) ) {
    touchProfileStatus = GetLastError();
    goto done;
  }
  if (pi->lpUserName != NULL) {
    free(pi->lpUserName);
    pi->lpUserName = NULL;
  }
  ZeroMemory( pi, sizeof(*pi) );

  touchProfileStatus = ERROR_SUCCESS;
done:
  return touchProfileStatus;
}


//----------------------------------------------------------------------------
// Function: ChangeFileOwnerBySid
//
// Description:
//  Change a file or directory ownership by giving new owner and group SIDs
//
// Returns:
//  ERROR_SUCCESS: on success
//  Error code: otherwise
//
// Notes:
//  This function is long path safe, i.e. the path will be converted to long
//  path format if not already converted. So the caller does not need to do
//  the converstion before calling the method.
//
DWORD ChangeFileOwnerBySid(__in LPCWSTR path,
  __in_opt PSID pNewOwnerSid, __in_opt PSID pNewGroupSid)
{
  LPWSTR longPathName = NULL;
  INT oldMode = 0;

  SECURITY_INFORMATION securityInformation = 0;

  DWORD dwRtnCode = ERROR_SUCCESS;

  // Convert the path the the long path
  //
  dwRtnCode = ConvertToLongPath(path, &longPathName);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    goto ChangeFileOwnerByNameEnd;
  }

  // Get a pointer to the existing owner information and DACL
  //
  dwRtnCode = FindFileOwnerAndPermission(longPathName, FALSE, NULL, NULL, &oldMode);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    goto ChangeFileOwnerByNameEnd;
  }

  // We need SeTakeOwnershipPrivilege to set the owner if the caller does not
  // have WRITE_OWNER access to the object; we need SeRestorePrivilege if the
  // SID is not contained in the caller's token, and have the SE_GROUP_OWNER
  // permission enabled.
  //
  if (EnablePrivilege(L"SeTakeOwnershipPrivilege") != ERROR_SUCCESS)
  {
    fwprintf(stdout, L"INFO: The user does not have SeTakeOwnershipPrivilege.\n");
  }
  if (EnablePrivilege(L"SeRestorePrivilege") != ERROR_SUCCESS)
  {
    fwprintf(stdout, L"INFO: The user does not have SeRestorePrivilege.\n");
  }

  assert(pNewOwnerSid != NULL || pNewGroupSid != NULL);

  // Set the owners of the file.
  //
  if (pNewOwnerSid != NULL) securityInformation |= OWNER_SECURITY_INFORMATION;
  if (pNewGroupSid != NULL) securityInformation |= GROUP_SECURITY_INFORMATION;
  dwRtnCode = SetNamedSecurityInfoW(
    longPathName,
    SE_FILE_OBJECT,
    securityInformation,
    pNewOwnerSid,
    pNewGroupSid,
    NULL,
    NULL);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    goto ChangeFileOwnerByNameEnd;
  }

  // Set the permission on the file for the new owner.
  //
  dwRtnCode = ChangeFileModeByMask(longPathName, oldMode);
  if (dwRtnCode != ERROR_SUCCESS)
  {
    goto ChangeFileOwnerByNameEnd;
  }

ChangeFileOwnerByNameEnd:
  LocalFree(longPathName);
  return dwRtnCode;
}


//-----------------------------------------------------------------------------
// Function: GetSecureJobObjectName
//
// Description:
//  Creates a job object name usable in a secure environment: adds the Golbal\
//

DWORD GetSecureJobObjectName(
  __in LPCWSTR      jobName,
  __in size_t       cchSecureJobName,
  __out_ecount(cchSecureJobName) LPWSTR secureJobName) {

  HRESULT hr = StringCchPrintf(secureJobName, cchSecureJobName,
    L"Global\\%s", jobName);

  if (FAILED(hr)) {
    return HRESULT_CODE(hr);
  }

  return ERROR_SUCCESS;
}

//-----------------------------------------------------------------------------
// Function: EnableImpersonatePrivileges
//
// Description:
//  Enables the required privileges for S4U impersonation
//
// Returns:
// ERROR_SUCCESS: On success
//
DWORD EnableImpersonatePrivileges() {
  DWORD dwError = ERROR_SUCCESS;
  LPCWSTR privilege = NULL;
  int crt = 0;

  LPCWSTR privileges[] = {
    SE_IMPERSONATE_NAME,
    SE_TCB_NAME,
    SE_ASSIGNPRIMARYTOKEN_NAME,
    SE_INCREASE_QUOTA_NAME,
    SE_RESTORE_NAME,
    SE_DEBUG_NAME,
    SE_SECURITY_NAME,
    };

  for (crt = 0; crt < sizeof(privileges)/sizeof(LPCWSTR); ++crt) {
    LPCWSTR privilege = privileges[crt];
    dwError = EnablePrivilege(privilege);
    if( dwError != ERROR_SUCCESS ) {
      LogDebugMessage(L"Failed to enable privilege: %s\n", privilege);
      ReportErrorCode(L"EnablePrivilege", dwError);
      goto done;
    }    
  }

done:
  return dwError;
}


//-----------------------------------------------------------------------------
// Function: KillTask
//
// Description:
//  Kills a task via a jobobject. Outputs the
//  appropriate information to stdout on success, or stderr on failure.
//
// Returns:
// ERROR_SUCCESS: On success
// GetLastError: otherwise
DWORD KillTask(PCWSTR jobObjName)
{
  DWORD dwError = ERROR_SUCCESS;
  
  HANDLE jobObject = OpenJobObject(JOB_OBJECT_TERMINATE, FALSE, jobObjName);
  if(jobObject == NULL)
  {
    dwError = GetLastError();
    if(dwError == ERROR_FILE_NOT_FOUND)
    {      
      // job object does not exist. assume its not alive
      dwError = ERROR_SUCCESS;
    }
    goto done;
  }

  if(TerminateJobObject(jobObject, KILLED_PROCESS_EXIT_CODE) == 0)
  {
    dwError = GetLastError();
  }

done:
  CloseHandle(jobObject);
  
  return dwError;
}

DWORD ChownImpl(
  __in_opt LPCWSTR userName,
  __in_opt LPCWSTR groupName,
  __in LPCWSTR pathName) {

  DWORD dwError;

  PSID pNewOwnerSid = NULL;
  PSID pNewGroupSid = NULL;

  if (userName != NULL)
  {
    dwError = GetSidFromAcctNameW(userName, &pNewOwnerSid);
    if (dwError != ERROR_SUCCESS)
    {
      ReportErrorCode(L"GetSidFromAcctName", dwError);
      fwprintf(stderr, L"Invalid user name: %s\n", userName);
      goto done;
    }
  }

  if (groupName != NULL)
  {
    dwError = GetSidFromAcctNameW(groupName, &pNewGroupSid);
    if (dwError != ERROR_SUCCESS)
    {
      ReportErrorCode(L"GetSidFromAcctName", dwError);
      fwprintf(stderr, L"Invalid group name: %s\n", groupName);
      goto done;
    }
  }

  if (wcslen(pathName) == 0 || wcsspn(pathName, L"/?|><:*\"") != 0)
  {
    fwprintf(stderr, L"Incorrect file name format: %s\n", pathName);
    goto done;
  }

  dwError = ChangeFileOwnerBySid(pathName, pNewOwnerSid, pNewGroupSid);
  if (dwError != ERROR_SUCCESS)
  {
    ReportErrorCode(L"ChangeFileOwnerBySid", dwError);
    goto done;
  }
done:
  LocalFree(pNewOwnerSid);
  LocalFree(pNewGroupSid);

  return dwError;
}



LPCWSTR GetSystemTimeString() {
  __declspec(thread) static WCHAR buffer[1024];
  DWORD dwError;
  FILETIME ftime;
  SYSTEMTIME systime;
  LARGE_INTEGER counter, frequency;
  int subSec;
  double qpc;
  HRESULT hr;
  buffer[0] = L'\0';

  // GetSystemTimePreciseAsFileTime is only available in Win8+ and our libs do not link against it

  GetSystemTimeAsFileTime(&ftime);

  if (!FileTimeToSystemTime(&ftime, &systime)) {
    dwError = GetLastError();
    LogDebugMessage(L"FileTimeToSystemTime error:%d\n", dwError);
    goto done;
  }

  // Get the ms from QPC. GetSystemTimeAdjustment is ignored...
  
  QueryPerformanceCounter(&counter);
  QueryPerformanceFrequency(&frequency);

  qpc = (double) counter.QuadPart / (double) frequency.QuadPart;
  subSec = ((qpc - (long)qpc) * 1000000);

  hr = StringCbPrintf(buffer, sizeof(buffer), L"%02d:%02d:%02d.%06d", 
    (int)systime.wHour, (int)systime.wMinute, (int)systime.wSecond, (int)subSec);

  if (FAILED(hr)) {
    LogDebugMessage(L"StringCbPrintf error:%d\n", hr);
  }
done:
  return buffer;
}


//----------------------------------------------------------------------------
// Function: LogDebugMessage
//
// Description:
//  Sends a message to the debugger console, if one is attached
//
// Notes:
//  Native debugger: windbg, ntsd, cdb, visual studio
//
VOID LogDebugMessage(LPCWSTR format, ...) {
  LPWSTR buffer[8192];
  va_list args;
  HRESULT hr;

  if (!IsDebuggerPresent()) return;

  va_start(args, format);
  hr = StringCbVPrintf(buffer, sizeof(buffer), format, args);
  if (SUCCEEDED(hr)) {
    OutputDebugString(buffer);
  }
  va_end(args);
}

//----------------------------------------------------------------------------
// Function: SplitStringIgnoreSpaceW
//
// Description:
//  splits a null-terminated string based on a delimiter
//
// Returns:
//  ERROR_SUCCESS: on success
//  error code: otherwise
//
// Notes:
//  The tokes are also null-terminated
//  Caller should use LocalFree to clear outTokens
//
DWORD SplitStringIgnoreSpaceW(
  __in size_t len, 
  __in_ecount(len) LPCWSTR source, 
  __in WCHAR deli, 
  __out size_t* count, 
  __out_ecount(count) WCHAR*** outTokens) {
  
  size_t tokenCount = 0;
  size_t crtSource;
  size_t crtToken = 0;
  WCHAR* lpwszTokenStart = NULL;
  WCHAR* lpwszTokenEnd = NULL;
  WCHAR* lpwszBuffer = NULL;
  size_t tokenLength = 0;
  size_t cchBufferLength = 0;
  WCHAR crt;
  WCHAR** tokens = NULL;
  enum {BLANK, TOKEN, DELIMITER} State = BLANK;

  for(crtSource = 0; crtSource < len; ++crtSource) {
    crt = source[crtSource];
    switch(State) {
    case BLANK: // intentional fallthrough
    case DELIMITER:
      if (crt == deli) {
        State = DELIMITER;
      } 
      else if (!iswspace(crt)) {
        ++tokenCount;
        lpwszTokenEnd = lpwszTokenStart = source + crtSource;
        State = TOKEN;
      }
      else {
        State = BLANK;
      }
      break;
    case TOKEN:
      if (crt == deli) {
        State = DELIMITER;
        cchBufferLength += lpwszTokenEnd - lpwszTokenStart + 2;
      }
      else if (!iswspace(crt)) {
        lpwszTokenEnd = source + crtSource;
      }
      break;
    }
  }

  if (State == TOKEN) {
    cchBufferLength += lpwszTokenEnd - lpwszTokenStart + 2;
  }

  LogDebugMessage(L"counted %d [buffer:%d] tokens in %s\n", tokenCount, cchBufferLength, source);

  #define COPY_CURRENT_TOKEN                                              \
    tokenLength = lpwszTokenEnd - lpwszTokenStart + 1;                    \
    tokens[crtToken] = lpwszBuffer;                                       \
    memcpy(tokens[crtToken], lpwszTokenStart, tokenLength*sizeof(WCHAR)); \
    tokens[crtToken][tokenLength] = L'\0';                                \
    lpwszBuffer += (tokenLength+1);                                       \
    ++crtToken;

  if (tokenCount) {

    // We use one contigous memory for both the pointer arrays and the data copy buffers
    // We cannot use in-place references (zero-copy) because the function users 
    // need null-terminated strings for the tokens
    
    tokens = (WCHAR**) LocalAlloc(LPTR, 
       sizeof(WCHAR*) * tokenCount +      // for the pointers
       sizeof(WCHAR) * cchBufferLength);  // for the data

    // Data will be copied after the array
    lpwszBuffer = (WCHAR*)(((BYTE*)tokens) + (sizeof(WCHAR*) * tokenCount));
       
    State = BLANK;

    for(crtSource = 0; crtSource < len; ++crtSource) {
      crt = source[crtSource];
      switch(State) {
      case DELIMITER: // intentional fallthrough
      case BLANK:
        if (crt == deli) {
          State = DELIMITER;
        } 
        else if (!iswspace(crt)) {
          lpwszTokenEnd = lpwszTokenStart = source + crtSource;
          State = TOKEN;
        }
        else {
          State = BLANK;
        }
        break;
      case TOKEN:
        if (crt == deli) {
          COPY_CURRENT_TOKEN;
          State = DELIMITER;
        }
        else if (!iswspace(crt)) {
          lpwszTokenEnd = source + crtSource;
        }
        break;
      }
    }

    // Copy out last token, if any
    if (TOKEN == State) {
      COPY_CURRENT_TOKEN;
    }
  }

  *count = tokenCount;
  *outTokens = tokens;

  return ERROR_SUCCESS;
}

//----------------------------------------------------------------------------
// Function: BuildServiceSecurityDescriptor
//
// Description:
//  Builds a security descriptor for an arbitrary object
//
// Returns:
//  ERROR_SUCCESS: on success
//  error code: otherwise
//
// Notes:
//  The SD is a of the self-contained flavor (offsets, not pointers)
//  Caller should use LocalFree to clear allocated pSD
//
DWORD BuildServiceSecurityDescriptor(
  __in ACCESS_MASK                    accessMask,
  __in size_t                         grantSidCount,
  __in_ecount(grantSidCount) PSID*    pGrantSids,
  __in size_t                         denySidCount,
  __in_ecount(denySidCount) PSID*     pDenySids,
  __in_opt PSID                       pOwner,
  __out PSECURITY_DESCRIPTOR*         pSD) {

  DWORD                 dwError = ERROR_SUCCESS;
  int                   crt  = 0;
  int                   len = 0;
  EXPLICIT_ACCESS*      eas = NULL;
  LPWSTR                lpszSD = NULL;
  ULONG                 cchSD = 0;
  HANDLE                hToken = INVALID_HANDLE_VALUE;
  DWORD                 dwBufferSize = 0;
  PTOKEN_USER           pTokenUser = NULL;
  PTOKEN_PRIMARY_GROUP  pTokenGroup = NULL;
  PSECURITY_DESCRIPTOR  pTempSD = NULL;
  ULONG                 cbSD = 0;
  TRUSTEE               owner, group;

  ZeroMemory(&owner, sizeof(owner));

  // We'll need our own SID to add as SD owner
  if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) {
    dwError = GetLastError();
    LogDebugMessage(L"OpenProcessToken: %d\n", dwError);
    goto done;  
  }

  if (NULL == pOwner) {
    if (!GetTokenInformation(hToken, TokenUser, NULL, 0, &dwBufferSize)) {
      dwError = GetLastError();
      if (ERROR_INSUFFICIENT_BUFFER != dwError) {
        LogDebugMessage(L"GetTokenInformation: %d\n", dwError);
        goto done;
      }
    }

    pTokenUser = (PTOKEN_USER) LocalAlloc(LPTR, dwBufferSize);
    if (NULL == pTokenUser) {
      dwError = GetLastError();
      LogDebugMessage(L"LocalAlloc:pTokenUser: %d\n", dwError);
      goto done; 
    }

    if (!GetTokenInformation(hToken, TokenUser, pTokenUser, dwBufferSize, &dwBufferSize)) {
      dwError = GetLastError();
      LogDebugMessage(L"GetTokenInformation: %d\n", dwError);
      goto done; 
    }

    if (!IsValidSid(pTokenUser->User.Sid)) {
      dwError = ERROR_INVALID_PARAMETER;
      LogDebugMessage(L"IsValidSid: %d\n", dwError);
      goto done;
    }
    pOwner = pTokenUser->User.Sid;
  }

  dwBufferSize = 0;
  if (!GetTokenInformation(hToken, TokenPrimaryGroup, NULL, 0, &dwBufferSize)) {
    dwError = GetLastError();
    if (ERROR_INSUFFICIENT_BUFFER != dwError) {
      LogDebugMessage(L"GetTokenInformation: %d\n", dwError);
      goto done;
    }
  }

  pTokenGroup = (PTOKEN_USER) LocalAlloc(LPTR, dwBufferSize);
  if (NULL == pTokenGroup) {
    dwError = GetLastError();
    LogDebugMessage(L"LocalAlloc:pTokenGroup: %d\n", dwError);
    goto done; 
  }

  if (!GetTokenInformation(hToken, TokenPrimaryGroup, pTokenGroup, dwBufferSize, &dwBufferSize)) {
    dwError = GetLastError();
    LogDebugMessage(L"GetTokenInformation: %d\n", dwError);
    goto done; 
  }

  if (!IsValidSid(pTokenGroup->PrimaryGroup)) {
    dwError = ERROR_INVALID_PARAMETER;
    LogDebugMessage(L"IsValidSid: %d\n", dwError);
    goto done;
  }  

  owner.TrusteeForm = TRUSTEE_IS_SID;
  owner.TrusteeType = TRUSTEE_IS_UNKNOWN;
  owner.ptstrName = (LPCWSTR) pOwner;

  group.TrusteeForm = TRUSTEE_IS_SID;
  group.TrusteeType = TRUSTEE_IS_UNKNOWN;
  group.ptstrName = (LPCWSTR) pTokenGroup->PrimaryGroup;

  eas = (EXPLICIT_ACCESS*) LocalAlloc(LPTR, sizeof(EXPLICIT_ACCESS) * (grantSidCount + denySidCount));
  if (NULL == eas) {
    dwError = ERROR_OUTOFMEMORY;
    LogDebugMessage(L"LocalAlloc: %d\n", dwError);
    goto done;
  }

  // Build the granted list
  for (crt = 0; crt < grantSidCount; ++crt) {
    eas[crt].grfAccessPermissions = accessMask;
    eas[crt].grfAccessMode = GRANT_ACCESS;
    eas[crt].grfInheritance = NO_INHERITANCE;
    eas[crt].Trustee.TrusteeForm = TRUSTEE_IS_SID;
    eas[crt].Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
    eas[crt].Trustee.ptstrName = (LPCWSTR) pGrantSids[crt];
    eas[crt].Trustee.pMultipleTrustee = NULL;
    eas[crt].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
  }

  // Build the deny list
  for (; crt < grantSidCount + denySidCount; ++crt) {
    eas[crt].grfAccessPermissions = accessMask;
    eas[crt].grfAccessMode = DENY_ACCESS;
    eas[crt].grfInheritance = NO_INHERITANCE;
    eas[crt].Trustee.TrusteeForm = TRUSTEE_IS_SID;
    eas[crt].Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
    eas[crt].Trustee.ptstrName = (LPCWSTR) pDenySids[crt - grantSidCount];
    eas[crt].Trustee.pMultipleTrustee = NULL;
    eas[crt].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
  }

  dwError = BuildSecurityDescriptor(
    &owner,
    &group,
    crt,
    eas,
    0,    // cCountOfAuditEntries
    NULL, // pListOfAuditEntries
    NULL, // pOldSD
    &cbSD, 
    &pTempSD);
  if (ERROR_SUCCESS != dwError) {
    LogDebugMessage(L"BuildSecurityDescriptor: %d\n", dwError);
    goto done;
  }
  
  *pSD = pTempSD;
  pTempSD = NULL;

  if (IsDebuggerPresent()) {
    ConvertSecurityDescriptorToStringSecurityDescriptor(*pSD, 
      SDDL_REVISION_1,
      DACL_SECURITY_INFORMATION,
      &lpszSD,
      &cchSD);
    LogDebugMessage(L"pSD: %.*s\n", cchSD, lpszSD);
  }
  
done:
  if (eas) LocalFree(eas);
  if (pTokenUser) LocalFree(pTokenUser);
  if (INVALID_HANDLE_VALUE != hToken) CloseHandle(hToken);
  if (lpszSD) LocalFree(lpszSD);
  if (pTempSD) LocalFree(pTempSD);
  return dwError;
}

//----------------------------------------------------------------------------
// Function: MIDL_user_allocate
//
// Description:
//  Hard-coded function name used by RPC midl code for allocations
//
// Notes:
//  Must match the de-allocation mechanism used in MIDL_user_free
//
void __RPC_FAR * __RPC_USER MIDL_user_allocate(size_t len)
{
    return LocalAlloc(LPTR, len);
}
 
 //----------------------------------------------------------------------------
 // Function: MIDL_user_free
 //
 // Description:
 //  Hard-coded function name used by RPC midl code for deallocations
 //
 // NoteS:
 //  Must match the allocation mechanism used in MIDL_user_allocate
 //
void __RPC_USER MIDL_user_free(void __RPC_FAR * ptr)
{
    LocalFree(ptr);
}