| blob | 70e2da40e7ac191eae3317c5756c7912afe96e21 |
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 *
20 */
24 #include <stdarg.h>
25 #include <string.h>
28 #define WIN32_NO_STATUS
51 static DWORD trustee_to_sid(DWORD nDestinationSidLength, PSID pDestinationSid, PTRUSTEEW pTrustee);
54 {
55 LPCWSTR wstr;
56 DWORD value;
60 {
61 /* same fields as struct _SID */
62 BYTE Revision;
63 BYTE SubAuthorityCount;
64 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
69 {
71 WELL_KNOWN_SID_TYPE Type;
72 MAX_SID Sid;
76 {
77 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
78 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
79 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
80 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
81 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
82 { {'O','W'}, WinCreatorOwnerRightsSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RIGHTS_RID } } },
83 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
84 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
85 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
86 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
87 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
89 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
90 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
91 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
93 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
94 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
95 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
96 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
97 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
98 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
99 { {0,0}, WinLogonIdsSid, { SID_REVISION, SECURITY_LOGON_IDS_RID_COUNT, { SECURITY_NT_AUTHORITY }, { SECURITY_LOGON_IDS_RID } } },
100 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
101 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
102 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
103 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
104 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
105 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
106 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
107 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
108 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
109 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
110 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
111 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
112 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
113 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
114 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
115 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
116 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
117 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
118 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
119 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
120 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
121 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
122 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
123 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
124 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
125 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
126 { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
127 { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
128 { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
129 { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
130 { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
131 { {'A','C'}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
132 };
134 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
136 {
138 WELL_KNOWN_SID_TYPE Type;
139 DWORD Rid;
156 };
159 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
162 WELL_KNOWN_SID_TYPE type;
163 LPCWSTR account;
164 LPCWSTR domain;
165 SID_NAME_USE name_use;
166 LPCWSTR alias;
169 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
171 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 };
172 static const WCHAR ALL_APPLICATION_PACKAGES[] = { 'A','L','L',' ','A','P','P','L','I','C','A','T','I','O','N',' ','P','A','C','K','A','G','E','S',0 };
173 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 };
174 static const WCHAR APPLICATION_PACKAGE_AUTHORITY[] = { 'A','P','P','L','I','C','A','T','I','O','N',' ','P','A','C','K','A','G','E',' ','A','U','T','H','O','R','I','T','Y',0 };
175 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 };
176 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 };
180 static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 };
182 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
184 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
187 static const WCHAR Digest_Authentication[] = { 'D','i','g','e','s','t',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
189 static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
190 static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
193 static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
194 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
196 static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 };
204 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 };
205 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 };
206 static const WCHAR NETWORK_SERVICE2[] = { 'N','E','T','W','O','R','K','S','E','R','V','I','C','E',0 };
208 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
209 static const WCHAR NTML_Authentication[] = { 'N','T','M','L',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
211 static const WCHAR Other_Organization[] = { 'O','t','h','e','r',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
212 static const WCHAR Performance_Log_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','L','o','g',' ','U','s','e','r','s',0 };
213 static const WCHAR Performance_Monitor_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','M','o','n','i','t','o','r',' ','U','s','e','r','s',0 };
215 static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','0','0','0',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 };
216 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
218 static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 };
219 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
220 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
223 static const WCHAR SChannel_Authentication[] = { 'S','C','h','a','n','n','e','l',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
226 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
229 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 };
230 static const WCHAR This_Organization[] = { 'T','h','i','s',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
249 { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup },
257 { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup , NETWORK_SERVICE2},
268 { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias },
270 { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
278 { WinBuiltinAnyPackageSid, ALL_APPLICATION_PACKAGES, APPLICATION_PACKAGE_AUTHORITY, SidTypeWellKnownGroup },
279 };
280 /*
281 * ACE access rights
282 */
317 /*
318 * ACL flags
319 */
324 /*
325 * ACE types
326 */
333 /*
334 * ACE flags
335 */
345 {
391 }
393 }
395 /* set last error code from NT status and get the proper boolean return value */
396 /* used for functions that are a simple wrapper around the corresponding ntdll API */
398 {
401 }
403 /* helper function for SE_FILE_OBJECT objects in [Get|Set]NamedSecurityInfo */
405 {
406 UNICODE_STRING file_nameW;
407 OBJECT_ATTRIBUTES attr;
408 IO_STATUS_BLOCK io;
409 NTSTATUS status;
423 }
425 /* helper function for SE_SERVICE objects in [Get|Set]NamedSecurityInfo */
426 static inline DWORD get_security_service( LPWSTR full_service_name, DWORD access, HANDLE *service )
427 {
429 DWORD err;
433 {
436 }
438 }
440 /* helper function for SE_REGISTRY_KEY objects in [Get|Set]NamedSecurityInfo */
442 {
449 HKEY hParent;
460 else
463 }
465 #define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD))
468 {
482 }
484 /************************************************************
485 * ADVAPI_IsLocalComputer
486 *
487 * Checks whether the server name indicates local machine.
488 */
490 {
492 BOOL Result;
493 LPWSTR buf;
506 }
508 /************************************************************
509 * ADVAPI_GetComputerSid
510 */
512 {
514 {
515 BYTE Revision;
516 BYTE SubAuthorityCount;
517 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
524 }
526 /* ##############################
527 ###### TOKEN FUNCTIONS ######
528 ##############################
529 */
531 /******************************************************************************
532 * OpenProcessToken [ADVAPI32.@]
533 * Opens the access token associated with a process handle.
534 *
535 * PARAMS
536 * ProcessHandle [I] Handle to process
537 * DesiredAccess [I] Desired access to process
538 * TokenHandle [O] Pointer to handle of open access token
539 *
540 * RETURNS
541 * Success: TRUE. TokenHandle contains the access token.
542 * Failure: FALSE.
543 *
544 * NOTES
545 * See NtOpenProcessToken.
546 */
547 BOOL WINAPI
550 {
552 }
554 /******************************************************************************
555 * OpenThreadToken [ADVAPI32.@]
556 *
557 * Opens the access token associated with a thread handle.
558 *
559 * PARAMS
560 * ThreadHandle [I] Handle to process
561 * DesiredAccess [I] Desired access to the thread
562 * OpenAsSelf [I] ???
563 * TokenHandle [O] Destination for the token handle
564 *
565 * RETURNS
566 * Success: TRUE. TokenHandle contains the access token.
567 * Failure: FALSE.
568 *
569 * NOTES
570 * See NtOpenThreadToken.
571 */
572 BOOL WINAPI
575 {
577 }
579 BOOL WINAPI
582 {
585 }
587 /******************************************************************************
588 * AdjustTokenPrivileges [ADVAPI32.@]
589 *
590 * Adjust the privileges of an open token handle.
591 *
592 * PARAMS
593 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
594 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
595 * NewState [I] Desired new privileges of the token
596 * BufferLength [I] Length of NewState
597 * PreviousState [O] Destination for the previous state
598 * ReturnLength [I/O] Size of PreviousState
599 *
600 *
601 * RETURNS
602 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
603 * Failure: FALSE.
604 *
605 * NOTES
606 * See NtAdjustPrivilegesToken.
607 */
608 BOOL WINAPI
612 {
613 NTSTATUS status;
620 ReturnLength);
624 else
626 }
628 /******************************************************************************
629 * CheckTokenMembership [ADVAPI32.@]
630 *
631 * Determine if an access token is a member of a SID.
632 *
633 * PARAMS
634 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
635 * SidToCheck [I] SID that possibly contains the token
636 * IsMember [O] Destination for result.
637 *
638 * RETURNS
639 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
640 * Failure: FALSE.
641 */
642 BOOL WINAPI
644 PBOOL is_member )
645 {
649 BOOL ret;
656 {
658 {
659 HANDLE process_token;
669 }
671 }
672 else
673 {
674 TOKEN_TYPE type;
680 {
683 }
684 }
692 {
695 }
702 {
708 {
712 }
713 }
715 exit:
720 }
722 /******************************************************************************
723 * GetTokenInformation [ADVAPI32.@]
724 *
725 * Get a type of information about an access token.
726 *
727 * PARAMS
728 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
729 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
730 * tokeninfo [O] Destination for token information
731 * tokeninfolength [I] Length of tokeninfo
732 * retlen [O] Destination for returned token information length
733 *
734 * RETURNS
735 * Success: TRUE. tokeninfo contains retlen bytes of token information
736 * Failure: FALSE.
737 *
738 * NOTES
739 * See NtQueryInformationToken.
740 */
741 BOOL WINAPI
744 {
746 token,
766 }
768 /******************************************************************************
769 * SetTokenInformation [ADVAPI32.@]
770 *
771 * Set information for an access token.
772 *
773 * PARAMS
774 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
775 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
776 * tokeninfo [I] Token information to set
777 * tokeninfolength [I] Length of tokeninfo
778 *
779 * RETURNS
780 * Success: TRUE. The information for the token is set to tokeninfo.
781 * Failure: FALSE.
782 */
783 BOOL WINAPI
786 {
788 token,
807 return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
808 }
810 /*************************************************************************
811 * SetThreadToken [ADVAPI32.@]
812 *
813 * Assigns an 'impersonation token' to a thread so it can assume the
814 * security privileges of another thread or process. Can also remove
815 * a previously assigned token.
816 *
817 * PARAMS
818 * thread [O] Handle to thread to set the token for
819 * token [I] Token to set
820 *
821 * RETURNS
822 * Success: TRUE. The threads access token is set to token
823 * Failure: FALSE.
824 *
825 * NOTES
826 * Only supported on NT or higher. On Win9X this function does nothing.
827 * See SetTokenInformation.
828 */
830 {
833 }
835 /*************************************************************************
836 * CreateRestrictedToken [ADVAPI32.@]
837 *
838 * Create a new more restricted token from an existing token.
839 *
840 * PARAMS
841 * baseToken [I] Token to base the new restricted token on
842 * flags [I] Options
843 * nDisableSids [I] Length of disableSids array
844 * disableSids [I] Array of SIDs to disable in the new token
845 * nDeletePrivs [I] Length of deletePrivs array
846 * deletePrivs [I] Array of privileges to delete in the new token
847 * nRestrictSids [I] Length of restrictSids array
848 * restrictSids [I] Array of SIDs to restrict in the new token
849 * newToken [O] Address where the new token is stored
850 *
851 * RETURNS
852 * Success: TRUE
853 * Failure: FALSE
854 */
856 HANDLE baseToken,
857 DWORD flags,
858 DWORD nDisableSids,
859 PSID_AND_ATTRIBUTES disableSids,
860 DWORD nDeletePrivs,
861 PLUID_AND_ATTRIBUTES deletePrivs,
862 DWORD nRestrictSids,
863 PSID_AND_ATTRIBUTES restrictSids,
864 PHANDLE newToken)
865 {
866 TOKEN_TYPE type;
868 DWORD size;
874 newToken);
879 {
883 }
885 }
887 /* ##############################
888 ###### SID FUNCTIONS ######
889 ##############################
890 */
892 /******************************************************************************
893 * AllocateAndInitializeSid [ADVAPI32.@]
894 *
895 * PARAMS
896 * pIdentifierAuthority []
897 * nSubAuthorityCount []
898 * nSubAuthority0 []
899 * nSubAuthority1 []
900 * nSubAuthority2 []
901 * nSubAuthority3 []
902 * nSubAuthority4 []
903 * nSubAuthority5 []
904 * nSubAuthority6 []
905 * nSubAuthority7 []
906 * pSid []
907 */
908 BOOL WINAPI
910 BYTE nSubAuthorityCount,
916 {
921 pSid ));
922 }
924 /******************************************************************************
925 * FreeSid [ADVAPI32.@]
926 *
927 * PARAMS
928 * pSid []
929 */
930 PVOID WINAPI
932 {
935 }
937 /******************************************************************************
938 * CopySid [ADVAPI32.@]
939 *
940 * PARAMS
941 * nDestinationSidLength []
942 * pDestinationSid []
943 * pSourceSid []
944 */
945 BOOL WINAPI
947 {
949 }
951 /******************************************************************************
952 * CreateWellKnownSid [ADVAPI32.@]
953 */
954 BOOL WINAPI
956 PSID DomainSid,
957 PSID pSid,
959 {
964 {
967 }
974 {
978 }
980 {
983 }
987 }
988 }
991 {
994 }
1003 {
1007 }
1009 {
1012 }
1018 }
1022 }
1024 /******************************************************************************
1025 * IsWellKnownSid [ADVAPI32.@]
1026 */
1027 BOOL WINAPI
1029 {
1039 }
1041 BOOL WINAPI
1043 {
1045 DWORD size;
1046 NTSTATUS status;
1047 BOOL restricted;
1057 {
1060 }
1064 {
1067 }
1073 }
1075 /******************************************************************************
1076 * IsValidSid [ADVAPI32.@]
1077 *
1078 * PARAMS
1079 * pSid []
1080 */
1081 BOOL WINAPI
1083 {
1085 }
1087 /******************************************************************************
1088 * EqualSid [ADVAPI32.@]
1089 *
1090 * PARAMS
1091 * pSid1 []
1092 * pSid2 []
1093 */
1094 BOOL WINAPI
1096 {
1100 }
1102 /******************************************************************************
1103 * EqualPrefixSid [ADVAPI32.@]
1104 */
1106 {
1108 }
1110 /******************************************************************************
1111 * GetSidLengthRequired [ADVAPI32.@]
1112 *
1113 * PARAMS
1114 * nSubAuthorityCount []
1115 */
1116 DWORD WINAPI
1118 {
1120 }
1122 /******************************************************************************
1123 * InitializeSid [ADVAPI32.@]
1124 *
1125 * PARAMS
1126 * pIdentifierAuthority []
1127 */
1128 BOOL WINAPI
1130 PSID pSid,
1131 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
1132 BYTE nSubAuthorityCount)
1133 {
1135 }
1137 DWORD WINAPI
1139 {
1144 }
1146 DWORD WINAPI
1148 {
1152 }
1154 /******************************************************************************
1155 * GetSidIdentifierAuthority [ADVAPI32.@]
1156 *
1157 * PARAMS
1158 * pSid []
1159 */
1160 PSID_IDENTIFIER_AUTHORITY WINAPI
1162 {
1165 }
1167 /******************************************************************************
1168 * GetSidSubAuthority [ADVAPI32.@]
1169 *
1170 * PARAMS
1171 * pSid []
1172 * nSubAuthority []
1173 */
1174 PDWORD WINAPI
1176 {
1179 }
1181 /******************************************************************************
1182 * GetSidSubAuthorityCount [ADVAPI32.@]
1183 *
1184 * PARAMS
1185 * pSid []
1186 */
1187 PUCHAR WINAPI
1189 {
1192 }
1194 /******************************************************************************
1195 * GetLengthSid [ADVAPI32.@]
1196 *
1197 * PARAMS
1198 * pSid []
1199 */
1200 DWORD WINAPI
1202 {
1204 }
1206 /* ##############################################
1207 ###### SECURITY DESCRIPTOR FUNCTIONS ######
1208 ##############################################
1209 */
1211 /******************************************************************************
1212 * BuildSecurityDescriptorA [ADVAPI32.@]
1213 *
1214 * Builds a SD from
1215 *
1216 * PARAMS
1217 * pOwner [I]
1218 * pGroup [I]
1219 * cCountOfAccessEntries [I]
1220 * pListOfAccessEntries [I]
1221 * cCountOfAuditEntries [I]
1222 * pListofAuditEntries [I]
1223 * pOldSD [I]
1224 * lpdwBufferLength [I/O]
1225 * pNewSD [O]
1226 *
1227 * RETURNS
1228 * Success: ERROR_SUCCESS
1229 * Failure: nonzero error code from Winerror.h
1230 */
1232 IN PTRUSTEEA pOwner,
1233 IN PTRUSTEEA pGroup,
1234 IN ULONG cCountOfAccessEntries,
1235 IN PEXPLICIT_ACCESSA pListOfAccessEntries,
1236 IN ULONG cCountOfAuditEntries,
1237 IN PEXPLICIT_ACCESSA pListofAuditEntries,
1238 IN PSECURITY_DESCRIPTOR pOldSD,
1239 IN OUT PULONG lpdwBufferLength,
1241 {
1247 }
1249 /******************************************************************************
1250 * BuildSecurityDescriptorW [ADVAPI32.@]
1251 *
1252 * See BuildSecurityDescriptorA.
1253 */
1255 IN PTRUSTEEW pOwner,
1256 IN PTRUSTEEW pGroup,
1257 IN ULONG cCountOfAccessEntries,
1258 IN PEXPLICIT_ACCESSW pListOfAccessEntries,
1259 IN ULONG cCountOfAuditEntries,
1260 IN PEXPLICIT_ACCESSW pListOfAuditEntries,
1261 IN PSECURITY_DESCRIPTOR pOldSD,
1262 IN OUT PULONG lpdwBufferLength,
1264 {
1265 SECURITY_DESCRIPTOR desc;
1266 NTSTATUS status;
1274 {
1275 SECURITY_DESCRIPTOR_CONTROL control;
1279 DWORD revision;
1281 if ((status = RtlGetControlSecurityDescriptor( pOldSD, &control, &revision )) != STATUS_SUCCESS)
1287 status = RtlSelfRelativeToAbsoluteSD( pOldSD, &desc, &desc_size, dacl, &dacl_size, sacl, &sacl_size,
1290 {
1301 status = RtlSelfRelativeToAbsoluteSD( pOldSD, &desc, &desc_size, dacl, &dacl_size, sacl, &sacl_size,
1303 }
1305 {
1311 }
1312 }
1313 else
1314 {
1315 if ((status = RtlCreateSecurityDescriptor( &desc, SECURITY_DESCRIPTOR_REVISION )) != STATUS_SUCCESS)
1317 }
1320 {
1325 }
1328 {
1333 }
1336 {
1337 PACL new_dacl;
1339 if ((ret = SetEntriesInAclW( cCountOfAccessEntries, pListOfAccessEntries, desc.Dacl, &new_dacl )))
1345 }
1348 {
1349 PACL new_sacl;
1351 if ((ret = SetEntriesInAclW( cCountOfAuditEntries, pListOfAuditEntries, desc.Sacl, &new_sacl )))
1357 }
1363 {
1367 }
1369 done:
1370 /* free absolute descriptor */
1376 }
1378 /******************************************************************************
1379 * InitializeSecurityDescriptor [ADVAPI32.@]
1380 *
1381 * PARAMS
1382 * pDescr []
1383 * revision []
1384 */
1385 BOOL WINAPI
1387 {
1389 }
1392 /******************************************************************************
1393 * MakeAbsoluteSD [ADVAPI32.@]
1394 */
1396 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1397 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1398 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
1399 OUT PACL pDacl,
1400 OUT LPDWORD lpdwDaclSize,
1401 OUT PACL pSacl,
1402 OUT LPDWORD lpdwSaclSize,
1403 OUT PSID pOwner,
1404 OUT LPDWORD lpdwOwnerSize,
1405 OUT PSID pPrimaryGroup,
1406 OUT LPDWORD lpdwPrimaryGroupSize)
1407 {
1409 pAbsoluteSecurityDescriptor,
1410 lpdwAbsoluteSecurityDescriptorSize,
1414 }
1416 /******************************************************************************
1417 * GetKernelObjectSecurity [ADVAPI32.@]
1418 */
1420 HANDLE Handle,
1421 SECURITY_INFORMATION RequestedInformation,
1422 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1423 DWORD nLength,
1424 LPDWORD lpnLengthNeeded )
1425 {
1431 }
1433 /******************************************************************************
1434 * GetPrivateObjectSecurity [ADVAPI32.@]
1435 */
1437 PSECURITY_DESCRIPTOR ObjectDescriptor,
1438 SECURITY_INFORMATION SecurityInformation,
1439 PSECURITY_DESCRIPTOR ResultantDescriptor,
1440 DWORD DescriptorLength,
1441 PDWORD ReturnLength )
1442 {
1443 SECURITY_DESCRIPTOR desc;
1445 PACL pacl;
1446 PSID psid;
1455 {
1459 }
1462 {
1466 }
1469 {
1473 }
1476 {
1480 }
1484 }
1486 /******************************************************************************
1487 * GetSecurityDescriptorLength [ADVAPI32.@]
1488 */
1490 {
1492 }
1494 /******************************************************************************
1495 * GetSecurityDescriptorOwner [ADVAPI32.@]
1496 *
1497 * PARAMS
1498 * pOwner []
1499 * lpbOwnerDefaulted []
1500 */
1501 BOOL WINAPI
1503 LPBOOL lpbOwnerDefaulted )
1504 {
1505 BOOLEAN defaulted;
1509 }
1511 /******************************************************************************
1512 * SetSecurityDescriptorOwner [ADVAPI32.@]
1513 *
1514 * PARAMS
1515 */
1518 {
1519 return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
1520 }
1521 /******************************************************************************
1522 * GetSecurityDescriptorGroup [ADVAPI32.@]
1523 */
1525 PSECURITY_DESCRIPTOR SecurityDescriptor,
1527 LPBOOL GroupDefaulted)
1528 {
1529 BOOLEAN defaulted;
1530 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted ));
1533 }
1534 /******************************************************************************
1535 * SetSecurityDescriptorGroup [ADVAPI32.@]
1536 */
1539 {
1540 return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
1541 }
1543 /******************************************************************************
1544 * IsValidSecurityDescriptor [ADVAPI32.@]
1545 *
1546 * PARAMS
1547 * lpsecdesc []
1548 */
1549 BOOL WINAPI
1551 {
1553 }
1555 /******************************************************************************
1556 * GetSecurityDescriptorDacl [ADVAPI32.@]
1557 */
1559 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
1560 OUT LPBOOL lpbDaclPresent,
1562 OUT LPBOOL lpbDaclDefaulted)
1563 {
1565 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted));
1569 }
1571 /******************************************************************************
1572 * SetSecurityDescriptorDacl [ADVAPI32.@]
1573 */
1574 BOOL WINAPI
1576 PSECURITY_DESCRIPTOR lpsd,
1577 BOOL daclpresent,
1578 PACL dacl,
1579 BOOL dacldefaulted )
1580 {
1582 }
1583 /******************************************************************************
1584 * GetSecurityDescriptorSacl [ADVAPI32.@]
1585 */
1587 IN PSECURITY_DESCRIPTOR lpsd,
1588 OUT LPBOOL lpbSaclPresent,
1590 OUT LPBOOL lpbSaclDefaulted)
1591 {
1597 }
1599 /**************************************************************************
1600 * SetSecurityDescriptorSacl [ADVAPI32.@]
1601 */
1603 PSECURITY_DESCRIPTOR lpsd,
1604 BOOL saclpresent,
1605 PACL lpsacl,
1606 BOOL sacldefaulted)
1607 {
1609 }
1610 /******************************************************************************
1611 * MakeSelfRelativeSD [ADVAPI32.@]
1612 *
1613 * PARAMS
1614 * lpabssecdesc []
1615 * lpselfsecdesc []
1616 * lpbuflen []
1617 */
1618 BOOL WINAPI
1620 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1621 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1622 IN OUT LPDWORD lpdwBufferLength)
1623 {
1626 }
1628 /******************************************************************************
1629 * GetSecurityDescriptorControl [ADVAPI32.@]
1630 */
1634 {
1635 return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
1636 }
1638 /******************************************************************************
1639 * SetSecurityDescriptorControl [ADVAPI32.@]
1640 */
1642 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
1643 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet )
1644 {
1647 }
1649 /******************************************************************************
1650 * GetWindowsAccountDomainSid [ADVAPI32.@]
1651 */
1653 {
1655 DWORD required_size;
1661 {
1664 }
1667 {
1670 }
1673 {
1676 }
1680 {
1683 ERROR_INVALID_PARAMETER );
1685 }
1693 }
1695 /* ##############################
1696 ###### ACL FUNCTIONS ######
1697 ##############################
1698 */
1700 /*************************************************************************
1701 * InitializeAcl [ADVAPI32.@]
1702 */
1704 {
1706 }
1709 {
1710 IO_STATUS_BLOCK io_block;
1716 }
1718 /******************************************************************************
1719 * AddAccessAllowedAce [ADVAPI32.@]
1720 */
1722 IN OUT PACL pAcl,
1723 IN DWORD dwAceRevision,
1724 IN DWORD AccessMask,
1725 IN PSID pSid)
1726 {
1728 }
1730 /******************************************************************************
1731 * AddAccessAllowedAceEx [ADVAPI32.@]
1732 */
1734 IN OUT PACL pAcl,
1735 IN DWORD dwAceRevision,
1736 IN DWORD AceFlags,
1737 IN DWORD AccessMask,
1738 IN PSID pSid)
1739 {
1740 return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1741 }
1743 /******************************************************************************
1744 * AddAccessAllowedObjectAce [ADVAPI32.@]
1745 */
1747 IN OUT PACL pAcl,
1748 IN DWORD dwAceRevision,
1749 IN DWORD dwAceFlags,
1750 IN DWORD dwAccessMask,
1753 IN PSID pSid)
1754 {
1755 return set_ntstatus(RtlAddAccessAllowedObjectAce(pAcl, dwAceRevision, dwAceFlags, dwAccessMask,
1757 }
1759 /******************************************************************************
1760 * AddAccessDeniedAce [ADVAPI32.@]
1761 */
1763 IN OUT PACL pAcl,
1764 IN DWORD dwAceRevision,
1765 IN DWORD AccessMask,
1766 IN PSID pSid)
1767 {
1769 }
1771 /******************************************************************************
1772 * AddAccessDeniedAceEx [ADVAPI32.@]
1773 */
1775 IN OUT PACL pAcl,
1776 IN DWORD dwAceRevision,
1777 IN DWORD AceFlags,
1778 IN DWORD AccessMask,
1779 IN PSID pSid)
1780 {
1782 }
1784 /******************************************************************************
1785 * AddAccessDeniedObjectAce [ADVAPI32.@]
1786 */
1788 IN OUT PACL pAcl,
1789 IN DWORD dwAceRevision,
1790 IN DWORD dwAceFlags,
1791 IN DWORD dwAccessMask,
1794 IN PSID pSid)
1795 {
1796 return set_ntstatus( RtlAddAccessDeniedObjectAce(pAcl, dwAceRevision, dwAceFlags, dwAccessMask,
1798 }
1800 /******************************************************************************
1801 * AddAce [ADVAPI32.@]
1802 */
1804 IN OUT PACL pAcl,
1805 IN DWORD dwAceRevision,
1806 IN DWORD dwStartingAceIndex,
1807 LPVOID pAceList,
1808 DWORD nAceListLength)
1809 {
1810 return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
1811 }
1813 /******************************************************************************
1814 * AddMandatoryAce [ADVAPI32.@]
1815 */
1816 BOOL WINAPI AddMandatoryAce(ACL *acl, DWORD ace_revision, DWORD ace_flags, DWORD mandatory_policy, PSID label_sid)
1817 {
1820 }
1822 /******************************************************************************
1823 * DeleteAce [ADVAPI32.@]
1824 */
1826 {
1828 }
1830 /******************************************************************************
1831 * FindFirstFreeAce [ADVAPI32.@]
1832 */
1834 {
1836 }
1838 /******************************************************************************
1839 * GetAce [ADVAPI32.@]
1840 */
1842 {
1844 }
1846 /******************************************************************************
1847 * GetAclInformation [ADVAPI32.@]
1848 */
1850 PACL pAcl,
1851 LPVOID pAclInformation,
1852 DWORD nAclInformationLength,
1853 ACL_INFORMATION_CLASS dwAclInformationClass)
1854 {
1857 }
1859 /******************************************************************************
1860 * IsValidAcl [ADVAPI32.@]
1861 */
1863 {
1865 }
1867 /* ##############################
1868 ###### MISC FUNCTIONS ######
1869 ##############################
1870 */
1872 /******************************************************************************
1873 * AllocateLocallyUniqueId [ADVAPI32.@]
1874 *
1875 * PARAMS
1876 * lpLuid []
1877 */
1879 {
1881 }
1886 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1890 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
1892 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
1898 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
1902 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1906 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
1908 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1910 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1912 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1924 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1926 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
1928 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1934 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
1936 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
1940 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
1943 {
1944 NULL,
1945 NULL,
1946 SE_CREATE_TOKEN_NAME_W,
1947 SE_ASSIGNPRIMARYTOKEN_NAME_W,
1948 SE_LOCK_MEMORY_NAME_W,
1949 SE_INCREASE_QUOTA_NAME_W,
1950 SE_MACHINE_ACCOUNT_NAME_W,
1951 SE_TCB_NAME_W,
1952 SE_SECURITY_NAME_W,
1953 SE_TAKE_OWNERSHIP_NAME_W,
1954 SE_LOAD_DRIVER_NAME_W,
1955 SE_SYSTEM_PROFILE_NAME_W,
1956 SE_SYSTEMTIME_NAME_W,
1957 SE_PROF_SINGLE_PROCESS_NAME_W,
1958 SE_INC_BASE_PRIORITY_NAME_W,
1959 SE_CREATE_PAGEFILE_NAME_W,
1960 SE_CREATE_PERMANENT_NAME_W,
1961 SE_BACKUP_NAME_W,
1962 SE_RESTORE_NAME_W,
1963 SE_SHUTDOWN_NAME_W,
1964 SE_DEBUG_NAME_W,
1965 SE_AUDIT_NAME_W,
1966 SE_SYSTEM_ENVIRONMENT_NAME_W,
1967 SE_CHANGE_NOTIFY_NAME_W,
1968 SE_REMOTE_SHUTDOWN_NAME_W,
1969 SE_UNDOCK_NAME_W,
1970 SE_SYNC_AGENT_NAME_W,
1971 SE_ENABLE_DELEGATION_NAME_W,
1972 SE_MANAGE_VOLUME_NAME_W,
1973 SE_IMPERSONATE_NAME_W,
1974 SE_CREATE_GLOBAL_NAME_W,
1975 };
1978 {
1984 }
1986 /******************************************************************************
1987 * LookupPrivilegeValueW [ADVAPI32.@]
1988 *
1989 * See LookupPrivilegeValueA.
1990 */
1991 BOOL WINAPI
1993 {
1994 UINT i;
1999 {
2002 }
2004 {
2007 }
2009 {
2019 }
2022 }
2024 /******************************************************************************
2025 * LookupPrivilegeValueA [ADVAPI32.@]
2026 *
2027 * Retrieves LUID used on a system to represent the privilege name.
2028 *
2029 * PARAMS
2030 * lpSystemName [I] Name of the system
2031 * lpName [I] Name of the privilege
2032 * lpLuid [O] Destination for the resulting LUID
2033 *
2034 * RETURNS
2035 * Success: TRUE. lpLuid contains the requested LUID.
2036 * Failure: FALSE.
2037 */
2038 BOOL WINAPI
2040 {
2041 UNICODE_STRING lpSystemNameW;
2042 UNICODE_STRING lpNameW;
2043 BOOL ret;
2051 }
2053 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName,
2055 {
2060 }
2062 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName,
2064 {
2069 }
2071 /******************************************************************************
2072 * LookupPrivilegeNameA [ADVAPI32.@]
2073 *
2074 * See LookupPrivilegeNameW.
2075 */
2076 BOOL WINAPI
2078 LPDWORD cchName)
2079 {
2080 UNICODE_STRING lpSystemNameW;
2081 BOOL ret;
2089 {
2095 {
2096 /* Windows crashes if cchName is NULL, so will I */
2101 {
2102 /* WideCharToMultiByte failed */
2104 }
2106 {
2110 }
2111 else
2112 {
2113 /* WideCharToMultiByte succeeded, output length needs to be
2114 * length not including NULL terminator
2115 */
2117 }
2118 }
2120 }
2123 }
2125 /******************************************************************************
2126 * LookupPrivilegeNameW [ADVAPI32.@]
2127 *
2128 * Retrieves the privilege name referred to by the LUID lpLuid.
2129 *
2130 * PARAMS
2131 * lpSystemName [I] Name of the system
2132 * lpLuid [I] Privilege value
2133 * lpName [O] Name of the privilege
2134 * cchName [I/O] Number of characters in lpName.
2135 *
2136 * RETURNS
2137 * Success: TRUE. lpName contains the name of the privilege whose value is
2138 * *lpLuid.
2139 * Failure: FALSE.
2140 *
2141 * REMARKS
2142 * Only well-known privilege names (those defined in winnt.h) can be retrieved
2143 * using this function.
2144 * If the length of lpName is too small, on return *cchName will contain the
2145 * number of WCHARs needed to contain the privilege, including the NULL
2146 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
2147 * On success, *cchName will contain the number of characters stored in
2148 * lpName, NOT including the NULL terminator.
2149 */
2150 BOOL WINAPI
2152 LPDWORD cchName)
2153 {
2159 {
2162 }
2165 {
2168 }
2170 /* Windows crashes if cchName is NULL, so will I */
2172 {
2176 }
2177 else
2178 {
2182 }
2183 }
2185 /******************************************************************************
2186 * GetFileSecurityA [ADVAPI32.@]
2187 *
2188 * Obtains Specified information about the security of a file or directory.
2189 *
2190 * PARAMS
2191 * lpFileName [I] Name of the file to get info for
2192 * RequestedInformation [I] SE_ flags from "winnt.h"
2193 * pSecurityDescriptor [O] Destination for security information
2194 * nLength [I] Length of pSecurityDescriptor
2195 * lpnLengthNeeded [O] Destination for length of returned security information
2196 *
2197 * RETURNS
2198 * Success: TRUE. pSecurityDescriptor contains the requested information.
2199 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
2200 *
2201 * NOTES
2202 * The information returned is constrained by the callers access rights and
2203 * privileges.
2204 */
2205 BOOL WINAPI
2207 SECURITY_INFORMATION RequestedInformation,
2208 PSECURITY_DESCRIPTOR pSecurityDescriptor,
2210 {
2211 BOOL r;
2212 LPWSTR name;
2220 }
2222 /******************************************************************************
2223 * GetFileSecurityW [ADVAPI32.@]
2224 *
2225 * See GetFileSecurityA.
2226 */
2227 BOOL WINAPI
2229 SECURITY_INFORMATION RequestedInformation,
2230 PSECURITY_DESCRIPTOR pSecurityDescriptor,
2232 {
2233 HANDLE hfile;
2234 NTSTATUS status;
2242 DACL_SECURITY_INFORMATION))
2249 {
2252 }
2258 }
2261 /******************************************************************************
2262 * LookupAccountSidA [ADVAPI32.@]
2263 */
2264 BOOL WINAPI
2266 IN LPCSTR system,
2267 IN PSID sid,
2268 OUT LPSTR account,
2269 IN OUT LPDWORD accountSize,
2270 OUT LPSTR domain,
2271 IN OUT LPDWORD domainSize,
2272 OUT PSID_NAME_USE name_use )
2273 {
2274 DWORD len;
2275 BOOL r;
2276 LPWSTR systemW;
2288 r = LookupAccountSidW( systemW, sid, accountW, &accountSizeW, domainW, &domainSizeW, name_use );
2304 }
2305 else
2306 {
2309 }
2316 }
2318 /******************************************************************************
2319 * LookupAccountSidW [ADVAPI32.@]
2320 *
2321 * PARAMS
2322 * system []
2323 * sid []
2324 * account []
2325 * accountSize []
2326 * domain []
2327 * domainSize []
2328 * name_use []
2329 */
2331 BOOL WINAPI
2333 IN LPCWSTR system,
2334 IN PSID sid,
2335 OUT LPWSTR account,
2336 IN OUT LPDWORD accountSize,
2337 OUT LPWSTR domain,
2338 IN OUT LPDWORD domainSize,
2339 OUT PSID_NAME_USE name_use )
2340 {
2352 name_use);
2358 }
2360 /* check the well known SIDs first */
2368 }
2369 }
2371 }
2372 }
2375 MAX_SID local;
2377 /* check for the local computer next */
2380 BOOL result;
2438 else
2445 }
2446 }
2447 }
2448 }
2449 }
2450 }
2460 }
2464 }
2469 {
2472 }
2475 else
2479 else
2486 }
2492 }
2494 /******************************************************************************
2495 * SetFileSecurityA [ADVAPI32.@]
2496 *
2497 * See SetFileSecurityW.
2498 */
2500 SECURITY_INFORMATION RequestedInformation,
2501 PSECURITY_DESCRIPTOR pSecurityDescriptor)
2502 {
2503 BOOL r;
2504 LPWSTR name;
2511 }
2513 /******************************************************************************
2514 * SetFileSecurityW [ADVAPI32.@]
2515 *
2516 * Sets the security of a file or directory.
2517 *
2518 * PARAMS
2519 * lpFileName []
2520 * RequestedInformation []
2521 * pSecurityDescriptor []
2522 *
2523 * RETURNS
2524 * Success: TRUE.
2525 * Failure: FALSE.
2526 */
2527 BOOL WINAPI
2529 SECURITY_INFORMATION RequestedInformation,
2530 PSECURITY_DESCRIPTOR pSecurityDescriptor )
2531 {
2532 HANDLE file;
2534 NTSTATUS status;
2537 pSecurityDescriptor );
2549 {
2552 }
2557 }
2559 /******************************************************************************
2560 * QueryWindows31FilesMigration [ADVAPI32.@]
2561 *
2562 * PARAMS
2563 * x1 []
2564 */
2565 BOOL WINAPI
2567 {
2570 }
2572 /******************************************************************************
2573 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
2574 *
2575 * PARAMS
2576 * x1 []
2577 * x2 []
2578 * x3 []
2579 * x4 []
2580 */
2581 BOOL WINAPI
2583 DWORD x4 )
2584 {
2587 }
2589 /******************************************************************************
2590 * NotifyBootConfigStatus [ADVAPI32.@]
2591 *
2592 * PARAMS
2593 * x1 []
2594 */
2595 BOOL WINAPI
2597 {
2600 }
2602 /******************************************************************************
2603 * RevertToSelf [ADVAPI32.@]
2604 *
2605 * Ends the impersonation of a user.
2606 *
2607 * PARAMS
2608 * void []
2609 *
2610 * RETURNS
2611 * Success: TRUE.
2612 * Failure: FALSE.
2613 */
2614 BOOL WINAPI
2616 {
2620 }
2622 /******************************************************************************
2623 * ImpersonateSelf [ADVAPI32.@]
2624 *
2625 * Makes an impersonation token that represents the process user and assigns
2626 * to the current thread.
2627 *
2628 * PARAMS
2629 * ImpersonationLevel [I] Level at which to impersonate.
2630 *
2631 * RETURNS
2632 * Success: TRUE.
2633 * Failure: FALSE.
2634 */
2635 BOOL WINAPI
2637 {
2639 }
2641 /******************************************************************************
2642 * ImpersonateLoggedOnUser [ADVAPI32.@]
2643 */
2645 {
2646 DWORD size;
2647 NTSTATUS Status;
2648 HANDLE ImpersonationToken;
2649 TOKEN_TYPE Type;
2653 {
2656 }
2662 {
2663 OBJECT_ATTRIBUTES ObjectAttributes;
2670 SecurityImpersonation,
2671 TokenImpersonation,
2674 {
2678 }
2679 }
2680 else
2684 ThreadImpersonationToken,
2692 {
2696 }
2699 }
2701 /******************************************************************************
2702 * ImpersonateAnonymousToken [ADVAPI32.@]
2703 */
2705 {
2708 }
2710 /******************************************************************************
2711 * AccessCheck [ADVAPI32.@]
2712 */
2713 BOOL WINAPI
2715 PSECURITY_DESCRIPTOR SecurityDescriptor,
2716 HANDLE ClientToken,
2717 DWORD DesiredAccess,
2718 PGENERIC_MAPPING GenericMapping,
2719 PPRIVILEGE_SET PrivilegeSet,
2720 LPDWORD PrivilegeSetLength,
2721 LPDWORD GrantedAccess,
2722 LPBOOL AccessStatus)
2723 {
2724 NTSTATUS access_status;
2730 }
2733 /******************************************************************************
2734 * AccessCheckByType [ADVAPI32.@]
2735 */
2737 PSECURITY_DESCRIPTOR pSecurityDescriptor,
2738 PSID PrincipalSelfSid,
2739 HANDLE ClientToken,
2740 DWORD DesiredAccess,
2741 POBJECT_TYPE_LIST ObjectTypeList,
2742 DWORD ObjectTypeListLength,
2743 PGENERIC_MAPPING GenericMapping,
2744 PPRIVILEGE_SET PrivilegeSet,
2745 LPDWORD PrivilegeSetLength,
2746 LPDWORD GrantedAccess,
2747 LPBOOL AccessStatus)
2748 {
2754 }
2756 /******************************************************************************
2757 * MapGenericMask [ADVAPI32.@]
2758 *
2759 * Maps generic access rights into specific access rights according to the
2760 * supplied mapping.
2761 *
2762 * PARAMS
2763 * AccessMask [I/O] Access rights.
2764 * GenericMapping [I] The mapping between generic and specific rights.
2765 *
2766 * RETURNS
2767 * Nothing.
2768 */
2770 {
2772 }
2774 /*************************************************************************
2775 * SetKernelObjectSecurity [ADVAPI32.@]
2776 */
2778 IN HANDLE Handle,
2779 IN SECURITY_INFORMATION SecurityInformation,
2780 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
2781 {
2783 }
2786 /******************************************************************************
2787 * AddAuditAccessAce [ADVAPI32.@]
2788 */
2790 IN OUT PACL pAcl,
2791 IN DWORD dwAceRevision,
2792 IN DWORD dwAccessMask,
2793 IN PSID pSid,
2794 IN BOOL bAuditSuccess,
2795 IN BOOL bAuditFailure)
2796 {
2799 }
2801 /******************************************************************************
2802 * AddAuditAccessAceEx [ADVAPI32.@]
2803 */
2805 IN OUT PACL pAcl,
2806 IN DWORD dwAceRevision,
2807 IN DWORD dwAceFlags,
2808 IN DWORD dwAccessMask,
2809 IN PSID pSid,
2810 IN BOOL bAuditSuccess,
2811 IN BOOL bAuditFailure)
2812 {
2813 return set_ntstatus( RtlAddAuditAccessAceEx(pAcl, dwAceRevision, dwAceFlags, dwAccessMask, pSid,
2815 }
2817 /******************************************************************************
2818 * AddAuditAccessObjectAce [ADVAPI32.@]
2819 */
2821 IN OUT PACL pAcl,
2822 IN DWORD dwAceRevision,
2823 IN DWORD dwAceFlags,
2824 IN DWORD dwAccessMask,
2827 IN PSID pSid,
2828 IN BOOL bAuditSuccess,
2829 IN BOOL bAuditFailure)
2830 {
2833 }
2835 /******************************************************************************
2836 * LookupAccountNameA [ADVAPI32.@]
2837 */
2838 BOOL WINAPI
2840 IN LPCSTR system,
2841 IN LPCSTR account,
2842 OUT PSID sid,
2843 OUT LPDWORD cbSid,
2844 LPSTR ReferencedDomainName,
2845 IN OUT LPDWORD cbReferencedDomainName,
2846 OUT PSID_NAME_USE name_use )
2847 {
2848 BOOL ret;
2849 UNICODE_STRING lpSystemW;
2850 UNICODE_STRING lpAccountW;
2859 ret = LookupAccountNameW(lpSystemW.Buffer, lpAccountW.Buffer, sid, cbSid, lpReferencedDomainNameW,
2863 {
2866 }
2873 }
2875 /******************************************************************************
2876 * lookup_user_account_name
2877 */
2880 {
2883 HANDLE token;
2884 BOOL ret;
2885 PSID pSid;
2887 DWORD nameLen;
2890 {
2893 }
2905 {
2908 }
2913 {
2916 }
2918 {
2922 }
2932 }
2934 /******************************************************************************
2935 * lookup_computer_account_name
2936 */
2939 {
2940 MAX_SID local;
2941 BOOL ret;
2943 DWORD nameLen;
2946 {
2950 {
2953 }
2955 }
2959 {
2962 }
2964 {
2968 }
2978 }
2982 {
2988 {
2994 }
2995 else
2996 {
3002 }
3003 }
3006 {
3009 if (len == domain->Length / sizeof(WCHAR) && !strncmpiW( domain->Buffer, ACCOUNT_SIDS[idx].domain, len ))
3013 }
3016 {
3019 if (len == account->Length / sizeof(WCHAR) && !strncmpiW( account->Buffer, ACCOUNT_SIDS[idx].account, len ))
3023 {
3025 if (len == account->Length / sizeof(WCHAR) && !strncmpiW( account->Buffer, ACCOUNT_SIDS[idx].alias, len ))
3027 }
3029 }
3031 /*
3032 * Helper function for LookupAccountNameW
3033 */
3036 LPWSTR ReferencedDomainName,
3037 LPDWORD cchReferencedDomainName,
3039 {
3040 PSID pSid;
3043 ULONG i;
3049 {
3050 /* check domain first */
3054 {
3060 {
3062 {
3065 }
3067 {
3069 }
3071 }
3075 {
3077 len++;
3079 }
3081 {
3083 }
3092 }
3093 }
3095 }
3099 LPWSTR ReferencedDomainName,
3100 LPDWORD cchReferencedDomainName,
3102 {
3103 DWORD nameLen;
3111 /* Let the current Unix user id masquerade as first Windows user account */
3117 {
3118 /* check to make sure this account is on this computer */
3121 {
3124 }
3126 }
3129 account.Length / sizeof(WCHAR) == nameLen - 1 && !strncmpW( account.Buffer, userName, nameLen - 1 ))
3130 {
3131 ret = lookup_user_account_name( Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse );
3133 }
3134 else
3135 {
3139 {
3140 ret = lookup_computer_account_name( Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse );
3142 }
3143 }
3147 }
3149 /******************************************************************************
3150 * LookupAccountNameW [ADVAPI32.@]
3151 */
3155 {
3157 LSA_UNICODE_STRING account;
3163 {
3167 }
3170 {
3172 }
3176 /* Check well known SIDs first */
3182 /* Check user names */
3190 }
3192 /******************************************************************************
3193 * PrivilegeCheck [ADVAPI32.@]
3194 */
3195 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
3196 {
3197 BOOL ret;
3198 BOOLEAN Result;
3206 }
3208 /******************************************************************************
3209 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
3210 */
3215 {
3221 }
3223 /******************************************************************************
3224 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
3225 */
3226 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
3230 {
3236 }
3238 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
3239 {
3243 }
3245 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
3246 {
3250 }
3252 BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
3253 {
3257 }
3260 LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
3262 LPBOOL GenerateOnClose)
3263 {
3267 GenerateOnClose);
3270 }
3272 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName,
3273 LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
3275 LPBOOL GenerateOnClose)
3276 {
3280 GenerateOnClose);
3283 }
3285 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
3287 {
3292 }
3294 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
3296 {
3301 }
3303 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken,
3305 {
3310 }
3312 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken,
3314 {
3319 }
3321 /******************************************************************************
3322 * GetSecurityInfo [ADVAPI32.@]
3323 *
3324 * Retrieves a copy of the security descriptor associated with an object.
3325 *
3326 * PARAMS
3327 * hObject [I] A handle for the object.
3328 * ObjectType [I] The type of object.
3329 * SecurityInfo [I] A bitmask indicating what info to retrieve.
3330 * ppsidOwner [O] If non-null, receives a pointer to the owner SID.
3331 * ppsidGroup [O] If non-null, receives a pointer to the group SID.
3332 * ppDacl [O] If non-null, receives a pointer to the DACL.
3333 * ppSacl [O] If non-null, receives a pointer to the SACL.
3334 * ppSecurityDescriptor [O] Receives a pointer to the security descriptor,
3335 * which must be freed with LocalFree.
3336 *
3337 * RETURNS
3338 * ERROR_SUCCESS if all's well, and a WIN32 error code otherwise.
3339 */
3344 PSECURITY_DESCRIPTOR *ppSecurityDescriptor
3345 )
3346 {
3347 PSECURITY_DESCRIPTOR sd;
3348 NTSTATUS status;
3352 /* A NULL descriptor is allowed if any one of the other pointers is not NULL */
3353 if (!(ppsidOwner||ppsidGroup||ppDacl||ppSacl||ppSecurityDescriptor)) return ERROR_INVALID_PARAMETER;
3355 /* If no descriptor, we have to check that there's a pointer for the requested information */
3364 {
3371 }
3380 {
3387 }
3389 {
3392 }
3395 {
3398 }
3400 {
3403 }
3405 {
3408 }
3410 {
3413 }
3417 /* The security descriptor (sd) cannot be freed if ppSecurityDescriptor is
3418 * NULL, because native happily returns the SIDs and ACLs that are requested
3419 * in this case.
3420 */
3423 }
3425 /******************************************************************************
3426 * GetSecurityInfoExA [ADVAPI32.@]
3427 */
3433 )
3434 {
3437 }
3439 /******************************************************************************
3440 * GetSecurityInfoExW [ADVAPI32.@]
3441 */
3447 )
3448 {
3451 }
3453 /******************************************************************************
3454 * BuildExplicitAccessWithNameA [ADVAPI32.@]
3455 */
3459 {
3472 }
3474 /******************************************************************************
3475 * BuildExplicitAccessWithNameW [ADVAPI32.@]
3476 */
3480 {
3493 }
3495 /******************************************************************************
3496 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
3497 */
3501 {
3507 /* Fill the OBJECTS_AND_NAME structure */
3510 {
3512 }
3516 {
3518 }
3523 /* Fill the TRUSTEE structure */
3529 }
3531 /******************************************************************************
3532 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
3533 */
3537 {
3543 /* Fill the OBJECTS_AND_NAME structure */
3546 {
3548 }
3552 {
3554 }
3559 /* Fill the TRUSTEE structure */
3565 }
3567 /******************************************************************************
3568 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
3569 */
3572 {
3577 /* Fill the OBJECTS_AND_SID structure */
3579 {
3582 }
3583 else
3584 {
3587 }
3590 {
3593 }
3594 else
3595 {
3598 }
3603 /* Fill the TRUSTEE structure */
3609 }
3611 /******************************************************************************
3612 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
3613 */
3616 {
3621 /* Fill the OBJECTS_AND_SID structure */
3623 {
3626 }
3627 else
3628 {
3631 }
3634 {
3637 }
3638 else
3639 {
3642 }
3647 /* Fill the TRUSTEE structure */
3653 }
3655 /******************************************************************************
3656 * BuildTrusteeWithSidA [ADVAPI32.@]
3657 */
3659 {
3667 }
3669 /******************************************************************************
3670 * BuildTrusteeWithSidW [ADVAPI32.@]
3671 */
3673 {
3681 }
3683 /******************************************************************************
3684 * BuildTrusteeWithNameA [ADVAPI32.@]
3685 */
3687 {
3695 }
3697 /******************************************************************************
3698 * BuildTrusteeWithNameW [ADVAPI32.@]
3699 */
3701 {
3709 }
3711 /******************************************************************************
3712 * GetTrusteeFormA [ADVAPI32.@]
3713 */
3715 {
3722 }
3724 /******************************************************************************
3725 * GetTrusteeFormW [ADVAPI32.@]
3726 */
3728 {
3735 }
3737 /******************************************************************************
3738 * GetTrusteeNameA [ADVAPI32.@]
3739 */
3741 {
3748 }
3750 /******************************************************************************
3751 * GetTrusteeNameW [ADVAPI32.@]
3752 */
3754 {
3761 }
3763 /******************************************************************************
3764 * GetTrusteeTypeA [ADVAPI32.@]
3765 */
3767 {
3774 }
3776 /******************************************************************************
3777 * GetTrusteeTypeW [ADVAPI32.@]
3778 */
3780 {
3787 }
3790 DWORD nAclInformationLength,
3791 ACL_INFORMATION_CLASS dwAclInformationClass )
3792 {
3797 }
3799 static DWORD trustee_name_A_to_W(TRUSTEE_FORM form, char *trustee_nameA, WCHAR **ptrustee_nameW)
3800 {
3802 {
3804 {
3807 }
3809 {
3814 {
3823 }
3827 }
3828 /* These forms do not require conversion. */
3835 }
3836 }
3839 {
3841 {
3846 {
3850 {
3855 }
3858 }
3859 /* Other forms did not require allocation, so no freeing is necessary. */
3862 }
3863 }
3865 static DWORD trustee_to_sid( DWORD nDestinationSidLength, PSID pDestinationSid, PTRUSTEEW pTrustee )
3866 {
3868 {
3871 }
3874 {
3877 {
3880 }
3883 {
3886 SID_NAME_USE use;
3888 {
3890 {
3892 }
3893 }
3894 else if (!LookupAccountNameW(NULL, pTrustee->ptstrName, pDestinationSid, &sid_size, NULL, &domain_size, &use))
3895 {
3898 }
3900 }
3910 }
3913 }
3915 /******************************************************************************
3916 * SetEntriesInAclA [ADVAPI32.@]
3917 */
3920 {
3938 {
3943 pEntriesW[alloc_index].Trustee.MultipleTrusteeOperation = pEntries[alloc_index].Trustee.MultipleTrusteeOperation;
3951 {
3957 }
3958 }
3962 cleanup:
3963 /* Free any previously allocated trustee name buffers, taking into account
3964 * a possible out-of-memory condition while building the EXPLICIT_ACCESSW
3965 * list. */
3967 free_trustee_name( pEntriesW[free_index].Trustee.TrusteeForm, pEntriesW[free_index].Trustee.ptstrName );
3971 }
3973 /******************************************************************************
3974 * SetEntriesInAclW [ADVAPI32.@]
3975 */
3978 {
3979 ULONG i;
3983 NTSTATUS status;
3993 /* allocate array of maximum sized sids allowed */
3994 ppsid = heap_alloc(count * (sizeof(SID *) + FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES])));
3999 {
4000 ppsid[i] = (char *)&ppsid[count] + i * FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]);
4002 TRACE("[%d]:\n\tgrfAccessPermissions = 0x%x\n\tgrfAccessMode = %d\n\tgrfInheritance = 0x%x\n\t"
4010 ret = trustee_to_sid( FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]), ppsid[i], &pEntries[i].Trustee);
4014 /* Note: we overestimate the ACL size here as a tradeoff between
4015 * instructions (simplicity) and memory */
4017 {
4035 }
4036 }
4039 {
4040 ACL_SIZE_INFORMATION size_info;
4044 {
4047 }
4049 }
4053 {
4056 }
4060 {
4063 }
4066 {
4068 {
4076 {
4077 ULONG j;
4080 {
4082 {
4090 {
4093 }
4094 }
4095 }
4102 }
4123 }
4124 }
4127 {
4129 {
4131 ULONG j;
4136 {
4140 {
4141 status = RtlAddAccessAllowedAceEx(*NewAcl, ACL_REVISION, pEntries[j].grfInheritance, pEntries[j].grfAccessPermissions, ppsid[j]);
4144 }
4146 {
4148 {
4167 }
4171 }
4172 }
4174 status = RtlAddAce(*NewAcl, ACL_REVISION, 1, (PACE_HEADER)old_ace_header, old_ace_header->AceSize);
4176 {
4180 }
4181 }
4182 }
4184 exit:
4187 }
4189 /******************************************************************************
4190 * SetNamedSecurityInfoA [ADVAPI32.@]
4191 */
4195 {
4196 LPWSTR wstr;
4197 DWORD r;
4209 }
4212 PSECURITY_DESCRIPTOR ModificationDescriptor,
4214 PGENERIC_MAPPING GenericMapping,
4215 HANDLE Token )
4216 {
4221 }
4224 {
4226 }
4228 /******************************************************************************
4229 * AreAnyAccessesGranted [ADVAPI32.@]
4230 *
4231 * Determines whether or not any of a set of specified access permissions have
4232 * been granted or not.
4233 *
4234 * PARAMS
4235 * GrantedAccess [I] The permissions that have been granted.
4236 * DesiredAccess [I] The permissions that you want to have.
4237 *
4238 * RETURNS
4239 * Nonzero if any of the permissions have been granted, zero if none of the
4240 * permissions have been granted.
4241 */
4244 {
4246 }
4248 /******************************************************************************
4249 * SetNamedSecurityInfoW [ADVAPI32.@]
4250 */
4254 {
4256 HANDLE handle;
4257 DWORD err;
4272 {
4275 {
4278 }
4282 {
4285 }
4291 {
4294 }
4299 }
4301 }
4303 /******************************************************************************
4304 * GetExplicitEntriesFromAclA [ADVAPI32.@]
4305 */
4308 {
4311 }
4313 /******************************************************************************
4314 * GetExplicitEntriesFromAclW [ADVAPI32.@]
4315 */
4317 {
4318 ACL_SIZE_INFORMATION sizeinfo;
4322 NTSTATUS status;
4334 {
4338 }
4340 entries = LocalAlloc(LMEM_FIXED | LMEM_ZEROINIT, (sizeof(EXPLICIT_ACCESSW) + sizeof(MAX_SID)) * sizeinfo.AceCount);
4345 {
4350 {
4352 {
4365 }
4368 {
4381 }
4387 }
4388 }
4394 error:
4397 }
4399 /******************************************************************************
4400 * GetAuditedPermissionsFromAclA [ADVAPI32.@]
4401 */
4402 DWORD WINAPI GetAuditedPermissionsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pSuccessfulAuditedRights,
4403 PACCESS_MASK pFailedAuditRights)
4404 {
4408 }
4410 /******************************************************************************
4411 * GetAuditedPermissionsFromAclW [ADVAPI32.@]
4412 */
4413 DWORD WINAPI GetAuditedPermissionsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pSuccessfulAuditedRights,
4414 PACCESS_MASK pFailedAuditRights)
4415 {
4419 }
4421 /******************************************************************************
4422 * ParseAclStringFlags
4423 */
4425 {
4430 {
4432 {
4434 }
4436 {
4437 szAcl++;
4442 }
4443 szAcl++;
4444 }
4448 }
4450 /******************************************************************************
4451 * ParseAceStringType
4452 */
4454 {
4460 /*
4461 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
4462 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
4463 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
4464 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
4465 */
4467 };
4470 {
4476 szAcl++;
4481 lpaf++;
4488 }
4491 /******************************************************************************
4492 * ParseAceStringFlags
4493 */
4495 {
4504 };
4507 {
4513 szAcl++;
4516 {
4522 lpaf++;
4529 }
4533 }
4536 /******************************************************************************
4537 * ParseAceStringRights
4538 */
4540 {
4575 };
4578 {
4584 szAcl++;
4587 {
4591 p++;
4594 {
4597 }
4598 else
4600 }
4601 else
4602 {
4604 {
4610 {
4611 lpaf++;
4612 }
4619 }
4620 }
4624 }
4627 /******************************************************************************
4628 * ParseStringAclToAcl
4629 *
4630 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
4631 */
4634 {
4635 DWORD val;
4636 DWORD sidlen;
4651 /* Parse ACL flags */
4654 /* Parse ACE */
4656 {
4657 StringAcl++;
4659 /* Parse ACE type */
4664 {
4667 }
4668 StringAcl++;
4670 /* Parse ACE flags */
4676 StringAcl++;
4678 /* Parse ACE rights */
4684 StringAcl++;
4686 /* Parse ACE object guid */
4688 StringAcl++;
4690 {
4693 }
4694 StringAcl++;
4696 /* Parse ACE inherit object guid */
4698 StringAcl++;
4700 {
4703 }
4704 StringAcl++;
4706 /* Parse ACE account sid */
4708 {
4710 StringAcl++;
4711 }
4715 StringAcl++;
4720 {
4723 }
4724 acecount++;
4725 }
4730 {
4733 }
4736 {
4742 }
4745 lerr:
4749 }
4752 /******************************************************************************
4753 * ParseStringSecurityDescriptorToSecurityDescriptor
4754 */
4756 LPCWSTR StringSecurityDescriptor,
4758 LPDWORD cBytes)
4759 {
4761 WCHAR toktype;
4763 LPCWSTR lptoken;
4765 DWORD len;
4775 StringSecurityDescriptor++;
4778 {
4781 /* Expect char identifier followed by ':' */
4782 StringSecurityDescriptor++;
4784 {
4787 }
4788 StringSecurityDescriptor++;
4790 /* Extract token */
4793 lptoken++;
4796 lptoken--;
4803 {
4805 {
4806 DWORD bytes;
4812 {
4815 }
4820 }
4823 {
4824 DWORD bytes;
4830 {
4833 }
4838 }
4841 {
4842 DWORD flags;
4843 DWORD bytes;
4849 {
4853 }
4858 }
4861 {
4862 DWORD flags;
4863 DWORD bytes;
4869 {
4873 }
4878 }
4884 }
4887 }
4891 lend:
4894 }
4896 /******************************************************************************
4897 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
4898 */
4900 LPCSTR StringSecurityDescriptor,
4901 DWORD StringSDRevision,
4903 PULONG SecurityDescriptorSize)
4904 {
4905 BOOL ret;
4906 LPWSTR StringSecurityDescriptorW;
4917 SecurityDescriptorSize);
4921 }
4923 /******************************************************************************
4924 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
4925 */
4927 LPCWSTR StringSecurityDescriptor,
4928 DWORD StringSDRevision,
4930 PULONG SecurityDescriptorSize)
4931 {
4932 DWORD cBytes;
4940 {
4943 }
4945 {
4948 }
4950 {
4953 }
4955 /* Compute security descriptor length */
4968 {
4971 }
4978 lend:
4981 }
4984 {
4992 {
4995 }
4996 }
4999 {
5002 DWORD i;
5007 {
5010 }
5014 {
5018 }
5026 ) );
5030 {
5033 }
5035 }
5038 {
5041 {
5043 {
5046 }
5047 }
5050 }
5054 SDDL_DELETE_CHILD,
5055 SDDL_LIST_CHILDREN,
5056 SDDL_SELF_WRITE,
5058 SDDL_WRITE_PROPERTY,
5059 SDDL_DELETE_TREE,
5060 SDDL_LIST_OBJECT,
5062 NULL,
5063 NULL,
5064 NULL,
5066 NULL,
5067 NULL,
5068 NULL,
5070 SDDL_READ_CONTROL,
5071 SDDL_WRITE_DAC,
5072 SDDL_WRITE_OWNER,
5074 NULL,
5075 NULL,
5076 NULL,
5078 NULL,
5079 NULL,
5080 NULL,
5082 SDDL_GENERIC_EXECUTE,
5083 SDDL_GENERIC_WRITE,
5084 SDDL_GENERIC_READ
5085 };
5088 {
5096 /* first check if the right have name */
5098 {
5102 {
5105 }
5106 }
5108 /* then check if it can be built from bit names */
5110 {
5112 {
5113 /* can't be built from bit names */
5117 }
5118 }
5120 /* build from bit names */
5124 }
5127 {
5133 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
5134 {
5137 }
5142 {
5155 }
5175 /* objects not supported */
5177 /* objects not supported */
5183 }
5185 static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
5186 {
5187 WORD count;
5188 UINT i;
5205 {
5206 LPVOID ace;
5211 }
5214 }
5217 {
5219 BOOL bDefaulted;
5220 PSID psid;
5232 }
5235 {
5237 BOOL bDefaulted;
5238 PSID psid;
5250 }
5253 {
5255 SECURITY_DESCRIPTOR_CONTROL control;
5257 DWORD revision;
5258 PACL pacl;
5270 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
5273 }
5276 {
5278 SECURITY_DESCRIPTOR_CONTROL control;
5280 DWORD revision;
5281 PACL pacl;
5293 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
5296 }
5298 /******************************************************************************
5299 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
5300 */
5301 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
5302 {
5303 ULONG len;
5307 {
5311 }
5332 }
5337 }
5342 }
5347 }
5355 }
5357 /******************************************************************************
5358 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
5359 */
5360 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
5361 {
5362 LPWSTR wstr;
5363 ULONG len;
5364 if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
5365 {
5376 }
5377 else
5378 {
5383 }
5384 }
5386 /******************************************************************************
5387 * ConvertStringSidToSidW [ADVAPI32.@]
5388 */
5390 {
5392 DWORD cBytes;
5400 {
5406 }
5408 }
5410 /******************************************************************************
5411 * ConvertStringSidToSidA [ADVAPI32.@]
5412 */
5414 {
5422 else
5423 {
5427 }
5429 }
5431 /******************************************************************************
5432 * ConvertSidToStringSidW [ADVAPI32.@]
5433 *
5434 * format of SID string is:
5435 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
5436 * where
5437 * <rev> is the revision of the SID encoded as decimal
5438 * <auth> is the identifier authority encoded as hex
5439 * <subauthN> is the subauthority id encoded as decimal
5440 */
5442 {
5457 }
5459 /******************************************************************************
5460 * ConvertSidToStringSidA [ADVAPI32.@]
5461 */
5463 {
5465 LPSTR str;
5466 UINT len;
5481 }
5484 PSECURITY_DESCRIPTOR pdesc,
5485 PSECURITY_DESCRIPTOR cdesc,
5488 BOOL isdir,
5489 PGENERIC_MAPPING genmap )
5490 {
5494 }
5499 {
5516 {
5519 }
5540 }
5545 {
5546 return CreatePrivateObjectSecurityEx(parent, creator, out, NULL, is_container, 0, token, mapping);
5547 }
5551 GUID **types, ULONG count, BOOL is_container, ULONG flags, HANDLE token, PGENERIC_MAPPING mapping)
5552 {
5554 return CreatePrivateObjectSecurityEx(parent, creator, out, NULL, is_container, flags, token, mapping);
5555 }
5558 {
5563 }
5565 /******************************************************************************
5566 * CreateProcessWithLogonW
5567 */
5568 BOOL WINAPI CreateProcessWithLogonW( LPCWSTR lpUsername, LPCWSTR lpDomain, LPCWSTR lpPassword, DWORD dwLogonFlags,
5570 LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation )
5571 {
5572 FIXME("%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p stub\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
5578 }
5580 BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line,
5581 DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info,
5583 {
5589 /* FIXME: check if handles should be inherited */
5590 return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
5592 }
5594 /******************************************************************************
5595 * DuplicateTokenEx [ADVAPI32.@]
5596 */
5599 LPSECURITY_ATTRIBUTES lpTokenAttributes,
5600 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
5601 TOKEN_TYPE TokenType,
5602 PHANDLE DuplicateTokenHandle )
5603 {
5604 OBJECT_ATTRIBUTES ObjectAttributes;
5611 NULL,
5613 NULL,
5617 dwDesiredAccess,
5619 ImpersonationLevel,
5620 TokenType,
5621 DuplicateTokenHandle ) );
5622 }
5625 HANDLE ExistingTokenHandle,
5626 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
5627 PHANDLE DuplicateTokenHandle )
5628 {
5631 DuplicateTokenHandle );
5632 }
5634 /******************************************************************************
5635 * ComputeStringSidSize
5636 */
5638 {
5640 {
5643 {
5645 ctok++;
5646 StringSid++;
5647 }
5651 }
5653 {
5662 {
5663 MAX_SID local;
5666 }
5668 }
5671 }
5673 /******************************************************************************
5674 * ParseStringSidToSid
5675 */
5677 {
5683 {
5687 }
5690 StringSid++;
5694 {
5697 }
5700 {
5708 {
5711 }
5713 {
5716 }
5720 /* Advance to identifier authority */
5722 StringSid++;
5724 StringSid++;
5726 /* MS' implementation can't handle values greater than 2^32 - 1, so
5727 * we don't either; assume most significant bytes are always 0
5728 */
5737 /* Advance to first sub authority */
5739 StringSid++;
5741 StringSid++;
5744 {
5748 StringSid++;
5750 StringSid++;
5751 }
5757 }
5759 {
5765 {
5766 DWORD j;
5772 }
5776 {
5781 }
5785 }
5787 lend:
5793 }
5795 /******************************************************************************
5796 * GetNamedSecurityInfoA [ADVAPI32.@]
5797 */
5802 {
5803 LPWSTR wstr;
5804 DWORD r;
5816 }
5818 /******************************************************************************
5819 * GetNamedSecurityInfoW [ADVAPI32.@]
5820 */
5824 {
5826 HANDLE handle;
5827 DWORD err;
5832 /* A NULL descriptor is allowed if any one of the other pointers is not NULL */
5835 /* If no descriptor, we have to check that there's a pointer for the requested information */
5849 {
5852 {
5855 }
5859 {
5862 }
5866 {
5869 }
5879 }
5881 }
5883 /******************************************************************************
5884 * GetNamedSecurityInfoExW [ADVAPI32.@]
5885 */
5889 {
5893 }
5895 /******************************************************************************
5896 * GetNamedSecurityInfoExA [ADVAPI32.@]
5897 */
5901 {
5905 }
5907 /******************************************************************************
5908 * DecryptFileW [ADVAPI32.@]
5909 */
5911 {
5914 }
5916 /******************************************************************************
5917 * DecryptFileA [ADVAPI32.@]
5918 */
5920 {
5923 }
5925 /******************************************************************************
5926 * EncryptFileW [ADVAPI32.@]
5927 */
5929 {
5932 }
5934 /******************************************************************************
5935 * EncryptFileA [ADVAPI32.@]
5936 */
5938 {
5941 }
5943 /******************************************************************************
5944 * FileEncryptionStatusW [ADVAPI32.@]
5945 */
5947 {
5953 }
5955 /******************************************************************************
5956 * FileEncryptionStatusA [ADVAPI32.@]
5957 */
5959 {
5965 }
5967 /******************************************************************************
5968 * SetSecurityInfo [ADVAPI32.@]
5969 */
5973 {
5974 SECURITY_DESCRIPTOR sd;
5976 NTSTATUS status;
5986 {
5988 {
5989 SECURITY_DESCRIPTOR_CONTROL control;
5990 PSECURITY_DESCRIPTOR psd;
6004 {
6007 }
6013 /* TODO: copy some control flags to new sd */
6015 /* inherit parent directory DACL */
6017 {
6028 {
6031 }
6038 {
6039 OBJECT_ATTRIBUTES attr;
6040 IO_STATUS_BLOCK io;
6041 HANDLE parent;
6042 PSECURITY_DESCRIPTOR parent_sd;
6055 FILE_OPEN_FOR_BACKUP_INTENT);
6058 {
6062 }
6065 {
6070 {
6073 }
6078 {
6087 {
6090 }
6099 }
6101 }
6102 }
6103 else
6105 }
6106 }
6109 }
6114 {
6122 }
6126 }
6128 /******************************************************************************
6129 * SaferCreateLevel [ADVAPI32.@]
6130 */
6133 {
6138 }
6140 /******************************************************************************
6141 * SaferComputeTokenFromLevel [ADVAPI32.@]
6142 */
6143 BOOL WINAPI SaferComputeTokenFromLevel(SAFER_LEVEL_HANDLE handle, HANDLE token, PHANDLE access_token,
6145 {
6150 }
6152 /******************************************************************************
6153 * SaferCloseLevel [ADVAPI32.@]
6154 */
6156 {
6159 }
6161 /******************************************************************************
6162 * TreeResetNamedSecurityInfoW [ADVAPI32.@]
6163 */
6169 {
6175 }
6177 /******************************************************************************
6178 * SaferGetPolicyInformation [ADVAPI32.@]
6179 */
6182 {
6185 }
6187 /******************************************************************************
6188 * SaferSetLevelInformation [ADVAPI32.@]
6189 */
6190 BOOL WINAPI SaferSetLevelInformation(SAFER_LEVEL_HANDLE handle, SAFER_OBJECT_INFO_CLASS infotype,
6192 {
6195 }
6197 /******************************************************************************
6198 * LookupSecurityDescriptorPartsA [ADVAPI32.@]
6199 */
6200 DWORD WINAPI LookupSecurityDescriptorPartsA(TRUSTEEA *owner, TRUSTEEA *group, ULONG *access_count,
6203 {
6207 }
6209 /******************************************************************************
6210 * LookupSecurityDescriptorPartsW [ADVAPI32.@]
6211 */
6212 DWORD WINAPI LookupSecurityDescriptorPartsW(TRUSTEEW *owner, TRUSTEEW *group, ULONG *access_count,
6215 {
6219 }