search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
comctl32/tests: Use CRT allocation functions.
[wine.git] / dlls / sechost / security.c
blob90e227b29483f52041214ebe4689e2f388861492
1 /*
2 * Security API
3 *
4 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <assert.h>
22 #include <stdarg.h>
23
24 #define WINADVAPI
25 #include "windef.h"
26 #include "winbase.h"
27 #include "sddl.h"
28 #include "iads.h"
29
30 #include "wine/debug.h"
31
32 WINE_DEFAULT_DEBUG_CHANNEL(security);
33
34 static const struct
35 {
36 WCHAR str[3];
37 DWORD value;
38 }
39 ace_rights[] =
40 {
41 { L"GA", GENERIC_ALL },
42 { L"GR", GENERIC_READ },
43 { L"GW", GENERIC_WRITE },
44 { L"GX", GENERIC_EXECUTE },
45
46 { L"RC", READ_CONTROL },
47 { L"SD", DELETE },
48 { L"WD", WRITE_DAC },
49 { L"WO", WRITE_OWNER },
50
51 { L"RP", ADS_RIGHT_DS_READ_PROP },
52 { L"WP", ADS_RIGHT_DS_WRITE_PROP },
53 { L"CC", ADS_RIGHT_DS_CREATE_CHILD },
54 { L"DC", ADS_RIGHT_DS_DELETE_CHILD },
55 { L"LC", ADS_RIGHT_ACTRL_DS_LIST },
56 { L"SW", ADS_RIGHT_DS_SELF },
57 { L"LO", ADS_RIGHT_DS_LIST_OBJECT },
58 { L"DT", ADS_RIGHT_DS_DELETE_TREE },
59 { L"CR", ADS_RIGHT_DS_CONTROL_ACCESS },
60
61 { L"FA", FILE_ALL_ACCESS },
62 { L"FR", FILE_GENERIC_READ },
63 { L"FW", FILE_GENERIC_WRITE },
64 { L"FX", FILE_GENERIC_EXECUTE },
65
66 { L"KA", KEY_ALL_ACCESS },
67 { L"KR", KEY_READ },
68 { L"KW", KEY_WRITE },
69 { L"KX", KEY_EXECUTE },
70
71 { L"NR", SYSTEM_MANDATORY_LABEL_NO_READ_UP },
72 { L"NW", SYSTEM_MANDATORY_LABEL_NO_WRITE_UP },
73 { L"NX", SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP },
74 };
75
76 struct max_sid
77 {
78 /* same fields as struct _SID */
79 BYTE Revision;
80 BYTE SubAuthorityCount;
81 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
82 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
83 };
84
85 static const struct
86 {
87 WCHAR str[2];
88 WELL_KNOWN_SID_TYPE Type;
89 struct max_sid sid;
90 }
91 well_known_sids[] =
92 {
93 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
94 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
95 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
96 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
97 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
98 { {'O','W'}, WinCreatorOwnerRightsSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RIGHTS_RID } } },
99 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
100 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
101 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
102 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
103 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
104 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
105 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
106 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
107 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
108 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
109 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
110 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
111 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
112 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
113 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
114 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
115 { {0,0}, WinLogonIdsSid, { SID_REVISION, SECURITY_LOGON_IDS_RID_COUNT, { SECURITY_NT_AUTHORITY }, { SECURITY_LOGON_IDS_RID } } },
116 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
117 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
118 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
119 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
120 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
121 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
122 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
123 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
124 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
125 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
126 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
127 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
128 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
129 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
130 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
131 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
132 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
133 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
134 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
135 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
136 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
137 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
138 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
139 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
140 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
141 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
142 { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
143 { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
144 { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
145 { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
146 { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
147 { {'A','C'}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
148 };
149
150 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
151 static const struct
152 {
153 WCHAR str[2];
154 WELL_KNOWN_SID_TYPE type;
155 DWORD rid;
156 }
157 well_known_rids[] =
158 {
159 { {'L','A'}, WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
160 { {'L','G'}, WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
161 { {0,0}, WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
162 { {'D','A'}, WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
163 { {'D','U'}, WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
164 { {'D','G'}, WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
165 { {'D','C'}, WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
166 { {'D','D'}, WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
167 { {'C','A'}, WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
168 { {'S','A'}, WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
169 { {'E','A'}, WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
170 { {'P','A'}, WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
171 { {'R','S'}, WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
172 };
173
174
175 static void print_string(const WCHAR *string, int cch, WCHAR **pwptr, ULONG *plen)
176 {
177 if (cch == -1)
178 cch = wcslen(string);
179
180 if (plen)
181 *plen += cch;
182
183 if (pwptr)
184 {
185 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
186 *pwptr += cch;
187 }
188 }
189
190 static BOOL print_sid_numeric(PSID psid, WCHAR **pwptr, ULONG *plen)
191 {
192 DWORD i;
193 WCHAR buf[26];
194 SID *pisid = psid;
195
196 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
197 {
198 SetLastError(ERROR_INVALID_SID);
199 return FALSE;
200 }
201
202 if (pisid->IdentifierAuthority.Value[0] ||
203 pisid->IdentifierAuthority.Value[1])
204 {
205 FIXME("not matching MS' bugs\n");
206 SetLastError(ERROR_INVALID_SID);
207 return FALSE;
208 }
209
210 swprintf( buf, ARRAY_SIZE(buf), L"S-%u-%d", pisid->Revision, MAKELONG(
211 MAKEWORD( pisid->IdentifierAuthority.Value[5], pisid->IdentifierAuthority.Value[4] ),
212 MAKEWORD( pisid->IdentifierAuthority.Value[3], pisid->IdentifierAuthority.Value[2] )
213 ) );
214 print_string(buf, -1, pwptr, plen);
215
216 for( i=0; i<pisid->SubAuthorityCount; i++ )
217 {
218 swprintf( buf, ARRAY_SIZE(buf), L"-%u", pisid->SubAuthority[i] );
219 print_string(buf, -1, pwptr, plen);
220 }
221 return TRUE;
222 }
223
224 /******************************************************************************
225 * ConvertSidToStringSidW (sechost.@)
226 */
227 BOOL WINAPI DECLSPEC_HOTPATCH ConvertSidToStringSidW( PSID sid, WCHAR **pstr )
228 {
229 DWORD len = 0;
230 WCHAR *wstr, *wptr;
231
232 TRACE("%p %p\n", sid, pstr );
233
234 len = 0;
235 if (!print_sid_numeric( sid, NULL, &len ))
236 return FALSE;
237 wstr = wptr = LocalAlloc( 0, (len + 1) * sizeof(WCHAR) );
238 print_sid_numeric( sid, &wptr, NULL );
239 *wptr = 0;
240
241 *pstr = wstr;
242 return TRUE;
243 }
244
245 static BOOL print_sid(PSID psid, WCHAR **pwptr, ULONG *plen)
246 {
247 size_t i;
248 for (i = 0; i < ARRAY_SIZE(well_known_sids); i++)
249 {
250 if (well_known_sids[i].str[0] && EqualSid(psid, (PSID)&well_known_sids[i].sid.Revision))
251 {
252 print_string(well_known_sids[i].str, 2, pwptr, plen);
253 return TRUE;
254 }
255 }
256
257 return print_sid_numeric(psid, pwptr, plen);
258 }
259
260 static void print_rights(DWORD mask, WCHAR **pwptr, ULONG *plen)
261 {
262 static const WCHAR *bit_names[32] =
263 {
264 L"CC", /* 0 */
265 L"DC",
266 L"LC",
267 L"SW",
268 L"RP", /* 4 */
269 L"WP",
270 L"DT",
271 L"LO",
272 L"CR", /* 8 */
273 NULL,
274 NULL,
275 NULL,
276 NULL, /* 12 */
277 NULL,
278 NULL,
279 NULL,
280 L"SD", /* 16 */
281 L"RC",
282 L"WD",
283 L"WO",
284 NULL, /* 20 */
285 NULL,
286 NULL,
287 NULL,
288 NULL, /* 24 */
289 NULL,
290 NULL,
291 NULL,
292 L"GA", /* 28 */
293 L"GX",
294 L"GW",
295 L"GR",
296 };
297
298 WCHAR buf[15];
299 size_t i;
300
301 if (mask == 0)
302 return;
303
304 /* first check if the right have name */
305 for (i = 0; i < ARRAY_SIZE(ace_rights); i++)
306 {
307 if (mask == ace_rights[i].value)
308 {
309 print_string(ace_rights[i].str, -1, pwptr, plen);
310 return;
311 }
312 }
313
314 /* then check if it can be built from bit names */
315 for (i = 0; i < 32; i++)
316 {
317 if ((mask & (1 << i)) && !bit_names[i])
318 {
319 /* can't be built from bit names */
320 swprintf(buf, ARRAY_SIZE(buf), L"0x%x", mask);
321 print_string(buf, -1, pwptr, plen);
322 return;
323 }
324 }
325
326 /* build from bit names */
327 for (i = 0; i < 32; i++)
328 if (mask & (1 << i))
329 print_string(bit_names[i], -1, pwptr, plen);
330 }
331
332 static inline BOOL is_object_ace(BYTE type)
333 {
334 switch (type)
335 {
336 case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
337 case ACCESS_DENIED_OBJECT_ACE_TYPE:
338 case ACCESS_AUDIT_OBJECT_ACE_TYPE:
339 case ACCESS_ALARM_OBJECT_ACE_TYPE:
340 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
341 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
342 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
343 case SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE:
344 return TRUE;
345
346 default:
347 return FALSE;
348 }
349 }
350
351 static BOOL print_ace(void *pace, WCHAR **pwptr, ULONG *plen)
352 {
353 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
354 DWORD *sid_start;
355
356 piace = pace;
357
358 if (piace->Header.AceType > ACCESS_MAX_MS_V5_ACE_TYPE || piace->Header.AceSize < sizeof(ACCESS_ALLOWED_ACE))
359 {
360 SetLastError(ERROR_INVALID_ACL);
361 return FALSE;
362 }
363
364 print_string(L"(", -1, pwptr, plen);
365 switch (piace->Header.AceType)
366 {
367 case ACCESS_ALLOWED_ACE_TYPE:
368 print_string(L"A", -1, pwptr, plen);
369 break;
370 case ACCESS_DENIED_ACE_TYPE:
371 print_string(L"D", -1, pwptr, plen);
372 break;
373 case SYSTEM_AUDIT_ACE_TYPE:
374 print_string(L"AU", -1, pwptr, plen);
375 break;
376 case SYSTEM_ALARM_ACE_TYPE:
377 print_string(L"AL", -1, pwptr, plen);
378 break;
379 }
380 print_string(L";", -1, pwptr, plen);
381
382 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
383 print_string(L"OI", -1, pwptr, plen);
384 if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
385 print_string(L"CI", -1, pwptr, plen);
386 if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE)
387 print_string(L"NP", -1, pwptr, plen);
388 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
389 print_string(L"IO", -1, pwptr, plen);
390 if (piace->Header.AceFlags & INHERITED_ACE)
391 print_string(L"ID", -1, pwptr, plen);
392 if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
393 print_string(L"SA", -1, pwptr, plen);
394 if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
395 print_string(L"FA", -1, pwptr, plen);
396 print_string(L";", -1, pwptr, plen);
397 print_rights(piace->Mask, pwptr, plen);
398 print_string(L";", -1, pwptr, plen);
399 sid_start = &piace->SidStart;
400 if (is_object_ace(piace->Header.AceType))
401 {
402 ACCESS_ALLOWED_OBJECT_ACE *objace = pace;
403
404 sid_start++; /* Flags */
405 if (objace->Flags & ACE_OBJECT_TYPE_PRESENT)
406 sid_start += sizeof(GUID) / sizeof(*sid_start); /* ObjectType */
407 if (objace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
408 sid_start += sizeof(GUID) / sizeof(*sid_start); /* InheritedObjectType */
409 }
410 /* objects not supported */
411 print_string(L";", -1, pwptr, plen);
412 /* objects not supported */
413 print_string(L";", -1, pwptr, plen);
414 if (!print_sid(sid_start, pwptr, plen))
415 return FALSE;
416 print_string(L")", -1, pwptr, plen);
417 return TRUE;
418 }
419
420 static BOOL print_acl(ACL *pacl, WCHAR **pwptr, ULONG *plen, SECURITY_DESCRIPTOR_CONTROL control)
421 {
422 WORD count;
423 UINT i;
424
425 if (control & SE_DACL_PROTECTED)
426 print_string(L"P", -1, pwptr, plen);
427 if (control & SE_DACL_AUTO_INHERIT_REQ)
428 print_string(L"AR", -1, pwptr, plen);
429 if (control & SE_DACL_AUTO_INHERITED)
430 print_string(L"AI", -1, pwptr, plen);
431
432 if (pacl == NULL)
433 return TRUE;
434
435 if (!IsValidAcl(pacl))
436 return FALSE;
437
438 count = pacl->AceCount;
439 for (i = 0; i < count; i++)
440 {
441 void *ace;
442 if (!GetAce(pacl, i, &ace))
443 return FALSE;
444 if (!print_ace(ace, pwptr, plen))
445 return FALSE;
446 }
447
448 return TRUE;
449 }
450
451 static BOOL print_owner(PSECURITY_DESCRIPTOR sd, WCHAR **pwptr, ULONG *plen)
452 {
453 BOOL defaulted;
454 PSID psid;
455
456 if (!GetSecurityDescriptorOwner(sd, &psid, &defaulted))
457 return FALSE;
458
459 if (psid == NULL)
460 return TRUE;
461
462 print_string(L"O:", -1, pwptr, plen);
463 if (!print_sid(psid, pwptr, plen))
464 return FALSE;
465 return TRUE;
466 }
467
468 static BOOL print_group(PSECURITY_DESCRIPTOR sd, WCHAR **pwptr, ULONG *plen)
469 {
470 BOOL defaulted;
471 PSID psid;
472
473 if (!GetSecurityDescriptorGroup(sd, &psid, &defaulted))
474 return FALSE;
475
476 if (psid == NULL)
477 return TRUE;
478
479 print_string(L"G:", -1, pwptr, plen);
480 if (!print_sid(psid, pwptr, plen))
481 return FALSE;
482 return TRUE;
483 }
484
485 static BOOL print_dacl(PSECURITY_DESCRIPTOR sd, WCHAR **pwptr, ULONG *plen)
486 {
487 SECURITY_DESCRIPTOR_CONTROL control;
488 BOOL present, defaulted;
489 DWORD revision;
490 ACL *pacl;
491
492 if (!GetSecurityDescriptorDacl(sd, &present, &pacl, &defaulted))
493 return FALSE;
494
495 if (!GetSecurityDescriptorControl(sd, &control, &revision))
496 return FALSE;
497
498 if (!present)
499 return TRUE;
500
501 print_string(L"D:", -1, pwptr, plen);
502 if (!print_acl(pacl, pwptr, plen, control))
503 return FALSE;
504 return TRUE;
505 }
506
507 static BOOL print_sacl(PSECURITY_DESCRIPTOR sd, WCHAR **pwptr, ULONG *plen)
508 {
509 SECURITY_DESCRIPTOR_CONTROL control;
510 BOOL present, defaulted;
511 DWORD revision;
512 ACL *pacl;
513
514 if (!GetSecurityDescriptorSacl(sd, &present, &pacl, &defaulted))
515 return FALSE;
516
517 if (!GetSecurityDescriptorControl(sd, &control, &revision))
518 return FALSE;
519
520 if (!present)
521 return TRUE;
522
523 print_string(L"S:", -1, pwptr, plen);
524 if (!print_acl(pacl, pwptr, plen, control))
525 return FALSE;
526 return TRUE;
527 }
528
529 /******************************************************************************
530 * ConvertSecurityDescriptorToStringSecurityDescriptorW (sechost.@)
531 */
532 BOOL WINAPI DECLSPEC_HOTPATCH ConvertSecurityDescriptorToStringSecurityDescriptorW( PSECURITY_DESCRIPTOR sd,
533 DWORD revision, SECURITY_INFORMATION flags, WCHAR **string, ULONG *ret_len )
534 {
535 ULONG len = 0;
536 WCHAR *wptr, *wstr;
537
538 if (revision != SDDL_REVISION_1)
539 {
540 ERR("Unhandled SDDL revision %ld\n", revision);
541 SetLastError( ERROR_UNKNOWN_REVISION );
542 return FALSE;
543 }
544
545 if ((flags & OWNER_SECURITY_INFORMATION) && !print_owner(sd, NULL, &len))
546 return FALSE;
547 if ((flags & GROUP_SECURITY_INFORMATION) && !print_group(sd, NULL, &len))
548 return FALSE;
549 if ((flags & DACL_SECURITY_INFORMATION) && !print_dacl(sd, NULL, &len))
550 return FALSE;
551 if ((flags & SACL_SECURITY_INFORMATION) && !print_sacl(sd, NULL, &len))
552 return FALSE;
553
554 wstr = wptr = LocalAlloc( 0, (len + 1) * sizeof(WCHAR) );
555 if ((flags & OWNER_SECURITY_INFORMATION) && !print_owner(sd, &wptr, NULL))
556 {
557 LocalFree(wstr);
558 return FALSE;
559 }
560 if ((flags & GROUP_SECURITY_INFORMATION) && !print_group(sd, &wptr, NULL))
561 {
562 LocalFree(wstr);
563 return FALSE;
564 }
565 if ((flags & DACL_SECURITY_INFORMATION) && !print_dacl(sd, &wptr, NULL))
566 {
567 LocalFree(wstr);
568 return FALSE;
569 }
570 if ((flags & SACL_SECURITY_INFORMATION) && !print_sacl(sd, &wptr, NULL))
571 {
572 LocalFree(wstr);
573 return FALSE;
574 }
575 *wptr = 0;
576
577 TRACE("ret: %s, %ld\n", wine_dbgstr_w(wstr), len);
578 *string = wstr;
579 if (ret_len) *ret_len = wcslen(*string) + 1;
580 return TRUE;
581 }
582
583 static BOOL get_computer_sid( PSID sid )
584 {
585 static const struct /* same fields as struct SID */
586 {
587 BYTE Revision;
588 BYTE SubAuthorityCount;
589 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
590 DWORD SubAuthority[4];
591 } computer_sid =
592 { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } };
593
594 memcpy( sid, &computer_sid, sizeof(computer_sid) );
595 return TRUE;
596 }
597
598 static BOOL parse_token( const WCHAR *string, const WCHAR **end, DWORD *result )
599 {
600 if (string[0] == '0' && (string[1] == 'X' || string[1] == 'x'))
601 {
602 /* hexadecimal */
603 *result = wcstoul( string + 2, (WCHAR**)&string, 16 );
604 if (*string == '-')
605 string++;
606 *end = string;
607 return TRUE;
608 }
609 else if (iswdigit(string[0]) || string[0] == '-')
610 {
611 *result = wcstoul( string, (WCHAR**)&string, 10 );
612 if (*string == '-')
613 string++;
614 *end = string;
615 return TRUE;
616 }
617
618 *result = 0;
619 *end = string;
620 return FALSE;
621 }
622
623 static DWORD get_sid_size( const WCHAR *string, const WCHAR **end )
624 {
625 if ((string[0] == 'S' || string[0] == 's') && string[1] == '-') /* S-R-I(-S)+ */
626 {
627 int token_count = 0;
628 DWORD value;
629
630 string += 2;
631
632 while (parse_token( string, &string, &value ))
633 token_count++;
634
635 if (end)
636 *end = string;
637
638 if (token_count >= 3)
639 return GetSidLengthRequired( token_count - 2 );
640 }
641 else /* String constant format - Only available in winxp and above */
642 {
643 unsigned int i;
644
645 if (end)
646 *end = string + 2;
647
648 for (i = 0; i < ARRAY_SIZE(well_known_sids); i++)
649 {
650 if (!wcsnicmp( well_known_sids[i].str, string, 2 ))
651 return GetSidLengthRequired( well_known_sids[i].sid.SubAuthorityCount );
652 }
653
654 for (i = 0; i < ARRAY_SIZE(well_known_rids); i++)
655 {
656 if (!wcsnicmp( well_known_rids[i].str, string, 2 ))
657 {
658 struct max_sid local;
659 get_computer_sid(&local);
660 return GetSidLengthRequired( *GetSidSubAuthorityCount(&local) + 1 );
661 }
662 }
663 }
664
665 return GetSidLengthRequired( 0 );
666 }
667
668 static BOOL parse_sid( const WCHAR *string, const WCHAR **end, SID *pisid, DWORD *size )
669 {
670 while (*string == ' ')
671 string++;
672
673 *size = get_sid_size( string, end );
674 if (!pisid) /* Simply compute the size */
675 return TRUE;
676
677 if ((string[0] == 'S' || string[0] == 's') && string[1] == '-') /* S-R-I-S-S */
678 {
679 DWORD i = 0, identAuth;
680 DWORD csubauth = ((*size - GetSidLengthRequired(0)) / sizeof(DWORD));
681 DWORD token;
682
683 string += 2; /* Advance to Revision */
684 parse_token( string, &string, &token );
685 pisid->Revision = token;
686
687 if (pisid->Revision != SDDL_REVISION)
688 {
689 TRACE("Revision %d is unknown\n", pisid->Revision);
690 SetLastError( ERROR_INVALID_SID );
691 return FALSE;
692 }
693 if (csubauth == 0)
694 {
695 TRACE("SubAuthorityCount is 0\n");
696 SetLastError( ERROR_INVALID_SID );
697 return FALSE;
698 }
699
700 pisid->SubAuthorityCount = csubauth;
701
702 /* MS' implementation can't handle values greater than 2^32 - 1, so
703 * we don't either; assume most significant bytes are always 0
704 */
705 pisid->IdentifierAuthority.Value[0] = 0;
706 pisid->IdentifierAuthority.Value[1] = 0;
707 parse_token( string, &string, &identAuth );
708 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
709 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
710 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
711 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
712
713 while (parse_token( string, &string, &token ))
714 {
715 pisid->SubAuthority[i++] = token;
716 }
717
718 if (i != pisid->SubAuthorityCount)
719 {
720 SetLastError( ERROR_INVALID_SID );
721 return FALSE;
722 }
723
724 if (end)
725 assert(*end == string);
726
727 return TRUE;
728 }
729 else /* String constant format - Only available in winxp and above */
730 {
731 unsigned int i;
732 pisid->Revision = SDDL_REVISION;
733
734 for (i = 0; i < ARRAY_SIZE(well_known_sids); i++)
735 {
736 if (!wcsnicmp(well_known_sids[i].str, string, 2))
737 {
738 DWORD j;
739 pisid->SubAuthorityCount = well_known_sids[i].sid.SubAuthorityCount;
740 pisid->IdentifierAuthority = well_known_sids[i].sid.IdentifierAuthority;
741 for (j = 0; j < well_known_sids[i].sid.SubAuthorityCount; j++)
742 pisid->SubAuthority[j] = well_known_sids[i].sid.SubAuthority[j];
743 return TRUE;
744 }
745 }
746
747 for (i = 0; i < ARRAY_SIZE(well_known_rids); i++)
748 {
749 if (!wcsnicmp(well_known_rids[i].str, string, 2))
750 {
751 get_computer_sid(pisid);
752 pisid->SubAuthority[pisid->SubAuthorityCount] = well_known_rids[i].rid;
753 pisid->SubAuthorityCount++;
754 return TRUE;
755 }
756 }
757
758 FIXME("String constant not supported: %s\n", debugstr_wn(string, 2));
759 SetLastError( ERROR_INVALID_SID );
760 return FALSE;
761 }
762 }
763
764 /******************************************************************************
765 * ConvertStringSidToSidW (sechost.@)
766 */
767 BOOL WINAPI DECLSPEC_HOTPATCH ConvertStringSidToSidW( const WCHAR *string, PSID *sid )
768 {
769 DWORD size;
770 const WCHAR *string_end;
771
772 TRACE("%s, %p\n", debugstr_w(string), sid);
773
774 if (GetVersion() & 0x80000000)
775 {
776 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
777 return FALSE;
778 }
779
780 if (!string || !sid)
781 {
782 SetLastError(ERROR_INVALID_PARAMETER);
783 return FALSE;
784 }
785
786 if (!parse_sid( string, &string_end, NULL, &size ))
787 return FALSE;
788
789 if (*string_end)
790 {
791 SetLastError(ERROR_INVALID_SID);
792 return FALSE;
793 }
794
795 *sid = LocalAlloc( 0, size );
796
797 if (!parse_sid( string, NULL, *sid, &size ))
798 {
799 LocalFree( *sid );
800 return FALSE;
801 }
802 return TRUE;
803 }
804
805 static DWORD parse_acl_flags( const WCHAR **string_ptr )
806 {
807 DWORD flags = 0;
808 const WCHAR *string = *string_ptr;
809
810 while (*string && *string != '(')
811 {
812 if (*string == 'P')
813 {
814 flags |= SE_DACL_PROTECTED;
815 }
816 else if (*string == 'A')
817 {
818 string++;
819 if (*string == 'R')
820 flags |= SE_DACL_AUTO_INHERIT_REQ;
821 else if (*string == 'I')
822 flags |= SE_DACL_AUTO_INHERITED;
823 }
824 string++;
825 }
826
827 *string_ptr = string;
828 return flags;
829 }
830
831 static BYTE parse_ace_type( const WCHAR **string_ptr )
832 {
833 static const struct
834 {
835 const WCHAR *str;
836 DWORD value;
837 }
838 ace_types[] =
839 {
840 { L"AL", SYSTEM_ALARM_ACE_TYPE },
841 { L"AU", SYSTEM_AUDIT_ACE_TYPE },
842 { L"A", ACCESS_ALLOWED_ACE_TYPE },
843 { L"D", ACCESS_DENIED_ACE_TYPE },
844 { L"ML", SYSTEM_MANDATORY_LABEL_ACE_TYPE },
845 /*
846 { ACCESS_ALLOWED_OBJECT_ACE_TYPE },
847 { ACCESS_DENIED_OBJECT_ACE_TYPE },
848 { SYSTEM_ALARM_OBJECT_ACE_TYPE },
849 { SYSTEM_AUDIT_OBJECT_ACE_TYPE },
850 */
851 };
852
853 const WCHAR *string = *string_ptr;
854 unsigned int i;
855
856 while (*string == ' ')
857 string++;
858
859 for (i = 0; i < ARRAY_SIZE(ace_types); ++i)
860 {
861 size_t len = wcslen( ace_types[i].str );
862 if (!wcsncmp( string, ace_types[i].str, len ))
863 {
864 *string_ptr = string + len;
865 return ace_types[i].value;
866 }
867 }
868 return 0;
869 }
870
871 static DWORD parse_ace_flag( const WCHAR *string )
872 {
873 static const struct
874 {
875 WCHAR str[3];
876 DWORD value;
877 }
878 ace_flags[] =
879 {
880 { L"CI", CONTAINER_INHERIT_ACE },
881 { L"FA", FAILED_ACCESS_ACE_FLAG },
882 { L"ID", INHERITED_ACE },
883 { L"IO", INHERIT_ONLY_ACE },
884 { L"NP", NO_PROPAGATE_INHERIT_ACE },
885 { L"OI", OBJECT_INHERIT_ACE },
886 { L"SA", SUCCESSFUL_ACCESS_ACE_FLAG },
887 };
888
889 unsigned int i;
890
891 for (i = 0; i < ARRAY_SIZE(ace_flags); ++i)
892 {
893 if (!wcsncmp( string, ace_flags[i].str, 2 ))
894 return ace_flags[i].value;
895 }
896 return 0;
897 }
898
899 static DWORD parse_ace_right( const WCHAR **string_ptr )
900 {
901 const WCHAR *string = *string_ptr;
902 unsigned int i;
903
904 if (iswdigit( string[0] ))
905 return wcstoul( string, (WCHAR **)string_ptr, 0 );
906
907 for (i = 0; i < ARRAY_SIZE(ace_rights); ++i)
908 {
909 if (!wcsncmp( string, ace_rights[i].str, 2 ))
910 {
911 *string_ptr += 2;
912 return ace_rights[i].value;
913 }
914 }
915 return 0;
916 }
917
918 static BYTE parse_ace_flags( const WCHAR **string_ptr )
919 {
920 const WCHAR *string = *string_ptr;
921 BYTE flags = 0;
922
923 while (*string == ' ')
924 string++;
925
926 while (*string != ';')
927 {
928 DWORD flag = parse_ace_flag( string );
929 if (!flag) return 0;
930 flags |= flag;
931 string += 2;
932 }
933
934 *string_ptr = string;
935 return flags;
936 }
937
938 static DWORD parse_ace_rights( const WCHAR **string_ptr )
939 {
940 DWORD rights = 0;
941 const WCHAR *string = *string_ptr;
942
943 while (*string == ' ')
944 string++;
945
946 while (*string != ';')
947 {
948 DWORD right = parse_ace_right( &string );
949 if (!right) return 0;
950 rights |= right;
951 }
952
953 *string_ptr = string;
954 return rights;
955 }
956
957 static BOOL parse_acl( const WCHAR *string, DWORD *flags, ACL *acl, DWORD *ret_size )
958 {
959 DWORD val;
960 DWORD sidlen;
961 DWORD length = sizeof(ACL);
962 DWORD acesize = 0;
963 DWORD acecount = 0;
964 ACCESS_ALLOWED_ACE *ace = NULL; /* pointer to current ACE */
965
966 TRACE("%s\n", debugstr_w(string));
967
968 if (acl) /* ace is only useful if we're setting values */
969 ace = (ACCESS_ALLOWED_ACE *)(acl + 1);
970
971 /* Parse ACL flags */
972 *flags = parse_acl_flags( &string );
973
974 /* Parse ACE */
975 while (*string == '(')
976 {
977 string++;
978
979 /* Parse ACE type */
980 val = parse_ace_type( &string );
981 if (ace)
982 ace->Header.AceType = val;
983 if (*string != ';')
984 {
985 SetLastError( RPC_S_INVALID_STRING_UUID );
986 return FALSE;
987 }
988 string++;
989
990 /* Parse ACE flags */
991 val = parse_ace_flags( &string );
992 if (ace)
993 ace->Header.AceFlags = val;
994 if (*string != ';')
995 goto err;
996 string++;
997
998 /* Parse ACE rights */
999 val = parse_ace_rights( &string );
1000 if (ace)
1001 ace->Mask = val;
1002 if (*string != ';')
1003 goto err;
1004 string++;
1005
1006 /* Parse ACE object guid */
1007 while (*string == ' ')
1008 string++;
1009 if (*string != ';')
1010 {
1011 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
1012 goto err;
1013 }
1014 string++;
1015
1016 /* Parse ACE inherit object guid */
1017 while (*string == ' ')
1018 string++;
1019 if (*string != ';')
1020 {
1021 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
1022 goto err;
1023 }
1024 string++;
1025
1026 /* Parse ACE account sid */
1027 if (!parse_sid( string, &string, ace ? (SID *)&ace->SidStart : NULL, &sidlen ))
1028 goto err;
1029
1030 while (*string == ' ')
1031 string++;
1032
1033 if (*string != ')')
1034 goto err;
1035 string++;
1036
1037 acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
1038 length += acesize;
1039 if (ace)
1040 {
1041 ace->Header.AceSize = acesize;
1042 ace = (ACCESS_ALLOWED_ACE *)((BYTE *)ace + acesize);
1043 }
1044 acecount++;
1045 }
1046
1047 *ret_size = length;
1048
1049 if (length > 0xffff)
1050 {
1051 ERR("ACL too large\n");
1052 goto err;
1053 }
1054
1055 if (acl)
1056 {
1057 acl->AclRevision = ACL_REVISION;
1058 acl->Sbz1 = 0;
1059 acl->AclSize = length;
1060 acl->AceCount = acecount;
1061 acl->Sbz2 = 0;
1062 }
1063 return TRUE;
1064
1065 err:
1066 SetLastError( ERROR_INVALID_ACL );
1067 WARN("Invalid ACE string format\n");
1068 return FALSE;
1069 }
1070
1071 static BOOL parse_sd( const WCHAR *string, SECURITY_DESCRIPTOR_RELATIVE *sd, DWORD *size)
1072 {
1073 BOOL ret = FALSE;
1074 WCHAR toktype;
1075 WCHAR *tok;
1076 const WCHAR *lptoken;
1077 BYTE *next = NULL;
1078 DWORD len;
1079
1080 *size = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1081
1082 tok = malloc( (wcslen(string) + 1) * sizeof(WCHAR) );
1083 if (!tok)
1084 {
1085 SetLastError( ERROR_NOT_ENOUGH_MEMORY );
1086 return FALSE;
1087 }
1088
1089 if (sd)
1090 next = (BYTE *)(sd + 1);
1091
1092 while (*string == ' ')
1093 string++;
1094
1095 while (*string)
1096 {
1097 toktype = *string;
1098
1099 /* Expect char identifier followed by ':' */
1100 string++;
1101 if (*string != ':')
1102 {
1103 SetLastError( ERROR_INVALID_PARAMETER );
1104 goto out;
1105 }
1106 string++;
1107
1108 /* Extract token */
1109 lptoken = string;
1110 while (*lptoken && *lptoken != ':')
1111 lptoken++;
1112
1113 if (*lptoken)
1114 lptoken--;
1115
1116 len = lptoken - string;
1117 memcpy( tok, string, len * sizeof(WCHAR) );
1118 tok[len] = 0;
1119
1120 switch (toktype)
1121 {
1122 case 'O':
1123 {
1124 DWORD bytes;
1125
1126 if (!parse_sid( tok, NULL, (SID *)next, &bytes ))
1127 goto out;
1128
1129 if (sd)
1130 {
1131 sd->Owner = next - (BYTE *)sd;
1132 next += bytes; /* Advance to next token */
1133 }
1134
1135 *size += bytes;
1136
1137 break;
1138 }
1139
1140 case 'G':
1141 {
1142 DWORD bytes;
1143
1144 if (!parse_sid( tok, NULL, (SID *)next, &bytes ))
1145 goto out;
1146
1147 if (sd)
1148 {
1149 sd->Group = next - (BYTE *)sd;
1150 next += bytes; /* Advance to next token */
1151 }
1152
1153 *size += bytes;
1154
1155 break;
1156 }
1157
1158 case 'D':
1159 {
1160 DWORD flags;
1161 DWORD bytes;
1162
1163 if (!parse_acl( tok, &flags, (ACL *)next, &bytes ))
1164 goto out;
1165
1166 if (sd)
1167 {
1168 sd->Control |= SE_DACL_PRESENT | flags;
1169 sd->Dacl = next - (BYTE *)sd;
1170 next += bytes; /* Advance to next token */
1171 }
1172
1173 *size += bytes;
1174
1175 break;
1176 }
1177
1178 case 'S':
1179 {
1180 DWORD flags;
1181 DWORD bytes;
1182
1183 if (!parse_acl( tok, &flags, (ACL *)next, &bytes ))
1184 goto out;
1185
1186 if (sd)
1187 {
1188 sd->Control |= SE_SACL_PRESENT | flags;
1189 sd->Sacl = next - (BYTE *)sd;
1190 next += bytes; /* Advance to next token */
1191 }
1192
1193 *size += bytes;
1194
1195 break;
1196 }
1197
1198 default:
1199 FIXME("Unknown token\n");
1200 SetLastError( ERROR_INVALID_PARAMETER );
1201 goto out;
1202 }
1203
1204 string = lptoken;
1205 }
1206
1207 ret = TRUE;
1208
1209 out:
1210 free(tok);
1211 return ret;
1212 }
1213
1214 /******************************************************************************
1215 * ConvertStringSecurityDescriptorToSecurityDescriptorW (sechost.@)
1216 */
1217 BOOL WINAPI DECLSPEC_HOTPATCH ConvertStringSecurityDescriptorToSecurityDescriptorW(
1218 const WCHAR *string, DWORD revision, PSECURITY_DESCRIPTOR *sd, ULONG *ret_size )
1219 {
1220 DWORD size;
1221 SECURITY_DESCRIPTOR *psd;
1222
1223 TRACE("%s, %lu, %p, %p\n", debugstr_w(string), revision, sd, ret_size);
1224
1225 if (GetVersion() & 0x80000000)
1226 {
1227 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
1228 return FALSE;
1229 }
1230 if (!string || !sd)
1231 {
1232 SetLastError(ERROR_INVALID_PARAMETER);
1233 return FALSE;
1234 }
1235 if (revision != SID_REVISION)
1236 {
1237 SetLastError(ERROR_UNKNOWN_REVISION);
1238 return FALSE;
1239 }
1240
1241 /* Compute security descriptor length */
1242 if (!parse_sd( string, NULL, &size ))
1243 return FALSE;
1244
1245 psd = *sd = LocalAlloc( GMEM_ZEROINIT, size );
1246 if (!psd)
1247 {
1248 SetLastError( ERROR_NOT_ENOUGH_MEMORY );
1249 return FALSE;
1250 }
1251
1252 psd->Revision = SID_REVISION;
1253 psd->Control |= SE_SELF_RELATIVE;
1254
1255 if (!parse_sd( string, (SECURITY_DESCRIPTOR_RELATIVE *)psd, &size ))
1256 {
1257 LocalFree(psd);
1258 return FALSE;
1259 }
1260
1261 if (ret_size) *ret_size = size;
1262 return TRUE;
1263 }
Windows API implementation