search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
userenv/tests: Enable compilation with long types.
[wine.git] / dlls / sechost / security.c
blob6916b3ad662c8276da4091ecbef9a9439efc387c
1 /*
2 * Security API
3 *
4 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <assert.h>
22 #include <stdarg.h>
23 #include "windef.h"
24 #include "winbase.h"
25 #include "sddl.h"
26 #include "iads.h"
27
28 #include "wine/debug.h"
29 #include "wine/heap.h"
30
31 WINE_DEFAULT_DEBUG_CHANNEL(security);
32
33 static const struct
34 {
35 WCHAR str[3];
36 DWORD value;
37 }
38 ace_rights[] =
39 {
40 { L"GA", GENERIC_ALL },
41 { L"GR", GENERIC_READ },
42 { L"GW", GENERIC_WRITE },
43 { L"GX", GENERIC_EXECUTE },
44
45 { L"RC", READ_CONTROL },
46 { L"SD", DELETE },
47 { L"WD", WRITE_DAC },
48 { L"WO", WRITE_OWNER },
49
50 { L"RP", ADS_RIGHT_DS_READ_PROP },
51 { L"WP", ADS_RIGHT_DS_WRITE_PROP },
52 { L"CC", ADS_RIGHT_DS_CREATE_CHILD },
53 { L"DC", ADS_RIGHT_DS_DELETE_CHILD },
54 { L"LC", ADS_RIGHT_ACTRL_DS_LIST },
55 { L"SW", ADS_RIGHT_DS_SELF },
56 { L"LO", ADS_RIGHT_DS_LIST_OBJECT },
57 { L"DT", ADS_RIGHT_DS_DELETE_TREE },
58 { L"CR", ADS_RIGHT_DS_CONTROL_ACCESS },
59
60 { L"FA", FILE_ALL_ACCESS },
61 { L"FR", FILE_GENERIC_READ },
62 { L"FW", FILE_GENERIC_WRITE },
63 { L"FX", FILE_GENERIC_EXECUTE },
64
65 { L"KA", KEY_ALL_ACCESS },
66 { L"KR", KEY_READ },
67 { L"KW", KEY_WRITE },
68 { L"KX", KEY_EXECUTE },
69
70 { L"NR", SYSTEM_MANDATORY_LABEL_NO_READ_UP },
71 { L"NW", SYSTEM_MANDATORY_LABEL_NO_WRITE_UP },
72 { L"NX", SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP },
73 };
74
75 struct max_sid
76 {
77 /* same fields as struct _SID */
78 BYTE Revision;
79 BYTE SubAuthorityCount;
80 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
81 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
82 };
83
84 static const struct
85 {
86 WCHAR str[2];
87 WELL_KNOWN_SID_TYPE Type;
88 struct max_sid sid;
89 }
90 well_known_sids[] =
91 {
92 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
93 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
94 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
95 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
96 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
97 { {'O','W'}, WinCreatorOwnerRightsSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RIGHTS_RID } } },
98 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
99 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
100 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
101 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
102 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
103 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
104 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
105 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
106 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
107 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
108 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
109 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
110 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
111 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
112 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
113 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
114 { {0,0}, WinLogonIdsSid, { SID_REVISION, SECURITY_LOGON_IDS_RID_COUNT, { SECURITY_NT_AUTHORITY }, { SECURITY_LOGON_IDS_RID } } },
115 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
116 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
117 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
118 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
119 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
120 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
121 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
122 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
123 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
124 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
125 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
126 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
127 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
128 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
129 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
130 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
131 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
132 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
133 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
134 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
135 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
136 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
137 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
138 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
139 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
140 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
141 { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
142 { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
143 { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
144 { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
145 { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
146 { {'A','C'}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
147 };
148
149 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
150 static const struct
151 {
152 WCHAR str[2];
153 WELL_KNOWN_SID_TYPE type;
154 DWORD rid;
155 }
156 well_known_rids[] =
157 {
158 { {'L','A'}, WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
159 { {'L','G'}, WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
160 { {0,0}, WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
161 { {'D','A'}, WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
162 { {'D','U'}, WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
163 { {'D','G'}, WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
164 { {'D','C'}, WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
165 { {'D','D'}, WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
166 { {'C','A'}, WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
167 { {'S','A'}, WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
168 { {'E','A'}, WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
169 { {'P','A'}, WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
170 { {'R','S'}, WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
171 };
172
173
174 static void print_string(const WCHAR *string, int cch, WCHAR **pwptr, ULONG *plen)
175 {
176 if (cch == -1)
177 cch = wcslen(string);
178
179 if (plen)
180 *plen += cch;
181
182 if (pwptr)
183 {
184 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
185 *pwptr += cch;
186 }
187 }
188
189 static BOOL print_sid_numeric(PSID psid, WCHAR **pwptr, ULONG *plen)
190 {
191 DWORD i;
192 WCHAR buf[26];
193 SID *pisid = psid;
194
195 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
196 {
197 SetLastError(ERROR_INVALID_SID);
198 return FALSE;
199 }
200
201 if (pisid->IdentifierAuthority.Value[0] ||
202 pisid->IdentifierAuthority.Value[1])
203 {
204 FIXME("not matching MS' bugs\n");
205 SetLastError(ERROR_INVALID_SID);
206 return FALSE;
207 }
208
209 swprintf( buf, ARRAY_SIZE(buf), L"S-%u-%d", pisid->Revision, MAKELONG(
210 MAKEWORD( pisid->IdentifierAuthority.Value[5], pisid->IdentifierAuthority.Value[4] ),
211 MAKEWORD( pisid->IdentifierAuthority.Value[3], pisid->IdentifierAuthority.Value[2] )
212 ) );
213 print_string(buf, -1, pwptr, plen);
214
215 for( i=0; i<pisid->SubAuthorityCount; i++ )
216 {
217 swprintf( buf, ARRAY_SIZE(buf), L"-%u", pisid->SubAuthority[i] );
218 print_string(buf, -1, pwptr, plen);
219 }
220 return TRUE;
221 }
222
223 /******************************************************************************
224 * ConvertSidToStringSidW (sechost.@)
225 */
226 BOOL WINAPI DECLSPEC_HOTPATCH ConvertSidToStringSidW( PSID sid, WCHAR **pstr )
227 {
228 DWORD len = 0;
229 WCHAR *wstr, *wptr;
230
231 TRACE("%p %p\n", sid, pstr );
232
233 len = 0;
234 if (!print_sid_numeric( sid, NULL, &len ))
235 return FALSE;
236 wstr = wptr = LocalAlloc( 0, (len + 1) * sizeof(WCHAR) );
237 print_sid_numeric( sid, &wptr, NULL );
238 *wptr = 0;
239
240 *pstr = wstr;
241 return TRUE;
242 }
243
244 static BOOL print_sid(PSID psid, WCHAR **pwptr, ULONG *plen)
245 {
246 size_t i;
247 for (i = 0; i < ARRAY_SIZE(well_known_sids); i++)
248 {
249 if (well_known_sids[i].str[0] && EqualSid(psid, (PSID)&well_known_sids[i].sid.Revision))
250 {
251 print_string(well_known_sids[i].str, 2, pwptr, plen);
252 return TRUE;
253 }
254 }
255
256 return print_sid_numeric(psid, pwptr, plen);
257 }
258
259 static void print_rights(DWORD mask, WCHAR **pwptr, ULONG *plen)
260 {
261 static const WCHAR *bit_names[32] =
262 {
263 L"CC", /* 0 */
264 L"DC",
265 L"LC",
266 L"SW",
267 L"RP", /* 4 */
268 L"WP",
269 L"DT",
270 L"LO",
271 L"CR", /* 8 */
272 NULL,
273 NULL,
274 NULL,
275 NULL, /* 12 */
276 NULL,
277 NULL,
278 NULL,
279 L"SD", /* 16 */
280 L"RC",
281 L"WD",
282 L"WO",
283 NULL, /* 20 */
284 NULL,
285 NULL,
286 NULL,
287 NULL, /* 24 */
288 NULL,
289 NULL,
290 NULL,
291 L"GA", /* 28 */
292 L"GX",
293 L"GW",
294 L"GR",
295 };
296
297 WCHAR buf[15];
298 size_t i;
299
300 if (mask == 0)
301 return;
302
303 /* first check if the right have name */
304 for (i = 0; i < ARRAY_SIZE(ace_rights); i++)
305 {
306 if (mask == ace_rights[i].value)
307 {
308 print_string(ace_rights[i].str, -1, pwptr, plen);
309 return;
310 }
311 }
312
313 /* then check if it can be built from bit names */
314 for (i = 0; i < 32; i++)
315 {
316 if ((mask & (1 << i)) && !bit_names[i])
317 {
318 /* can't be built from bit names */
319 swprintf(buf, ARRAY_SIZE(buf), L"0x%x", mask);
320 print_string(buf, -1, pwptr, plen);
321 return;
322 }
323 }
324
325 /* build from bit names */
326 for (i = 0; i < 32; i++)
327 if (mask & (1 << i))
328 print_string(bit_names[i], -1, pwptr, plen);
329 }
330
331 static inline BOOL is_object_ace(BYTE type)
332 {
333 switch (type)
334 {
335 case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
336 case ACCESS_DENIED_OBJECT_ACE_TYPE:
337 case ACCESS_AUDIT_OBJECT_ACE_TYPE:
338 case ACCESS_ALARM_OBJECT_ACE_TYPE:
339 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
340 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
341 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
342 case SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE:
343 return TRUE;
344
345 default:
346 return FALSE;
347 }
348 }
349
350 static BOOL print_ace(void *pace, WCHAR **pwptr, ULONG *plen)
351 {
352 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
353 DWORD *sid_start;
354
355 piace = pace;
356
357 if (piace->Header.AceType > ACCESS_MAX_MS_V5_ACE_TYPE || piace->Header.AceSize < sizeof(ACCESS_ALLOWED_ACE))
358 {
359 SetLastError(ERROR_INVALID_ACL);
360 return FALSE;
361 }
362
363 print_string(L"(", -1, pwptr, plen);
364 switch (piace->Header.AceType)
365 {
366 case ACCESS_ALLOWED_ACE_TYPE:
367 print_string(L"A", -1, pwptr, plen);
368 break;
369 case ACCESS_DENIED_ACE_TYPE:
370 print_string(L"D", -1, pwptr, plen);
371 break;
372 case SYSTEM_AUDIT_ACE_TYPE:
373 print_string(L"AU", -1, pwptr, plen);
374 break;
375 case SYSTEM_ALARM_ACE_TYPE:
376 print_string(L"AL", -1, pwptr, plen);
377 break;
378 }
379 print_string(L";", -1, pwptr, plen);
380
381 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
382 print_string(L"OI", -1, pwptr, plen);
383 if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
384 print_string(L"CI", -1, pwptr, plen);
385 if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE)
386 print_string(L"NP", -1, pwptr, plen);
387 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
388 print_string(L"IO", -1, pwptr, plen);
389 if (piace->Header.AceFlags & INHERITED_ACE)
390 print_string(L"ID", -1, pwptr, plen);
391 if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
392 print_string(L"SA", -1, pwptr, plen);
393 if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
394 print_string(L"FA", -1, pwptr, plen);
395 print_string(L";", -1, pwptr, plen);
396 print_rights(piace->Mask, pwptr, plen);
397 print_string(L";", -1, pwptr, plen);
398 sid_start = &piace->SidStart;
399 if (is_object_ace(piace->Header.AceType))
400 {
401 ACCESS_ALLOWED_OBJECT_ACE *objace = pace;
402
403 sid_start++; /* Flags */
404 if (objace->Flags & ACE_OBJECT_TYPE_PRESENT)
405 sid_start += sizeof(GUID) / sizeof(*sid_start); /* ObjectType */
406 if (objace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
407 sid_start += sizeof(GUID) / sizeof(*sid_start); /* InheritedObjectType */
408 }
409 /* objects not supported */
410 print_string(L";", -1, pwptr, plen);
411 /* objects not supported */
412 print_string(L";", -1, pwptr, plen);
413 if (!print_sid(sid_start, pwptr, plen))
414 return FALSE;
415 print_string(L")", -1, pwptr, plen);
416 return TRUE;
417 }
418
419 static BOOL print_acl(ACL *pacl, WCHAR **pwptr, ULONG *plen, SECURITY_DESCRIPTOR_CONTROL control)
420 {
421 WORD count;
422 UINT i;
423
424 if (control & SE_DACL_PROTECTED)
425 print_string(L"P", -1, pwptr, plen);
426 if (control & SE_DACL_AUTO_INHERIT_REQ)
427 print_string(L"AR", -1, pwptr, plen);
428 if (control & SE_DACL_AUTO_INHERITED)
429 print_string(L"AI", -1, pwptr, plen);
430
431 if (pacl == NULL)
432 return TRUE;
433
434 if (!IsValidAcl(pacl))
435 return FALSE;
436
437 count = pacl->AceCount;
438 for (i = 0; i < count; i++)
439 {
440 void *ace;
441 if (!GetAce(pacl, i, &ace))
442 return FALSE;
443 if (!print_ace(ace, pwptr, plen))
444 return FALSE;
445 }
446
447 return TRUE;
448 }
449
450 static BOOL print_owner(PSECURITY_DESCRIPTOR sd, WCHAR **pwptr, ULONG *plen)
451 {
452 BOOL defaulted;
453 PSID psid;
454
455 if (!GetSecurityDescriptorOwner(sd, &psid, &defaulted))
456 return FALSE;
457
458 if (psid == NULL)
459 return TRUE;
460
461 print_string(L"O:", -1, pwptr, plen);
462 if (!print_sid(psid, pwptr, plen))
463 return FALSE;
464 return TRUE;
465 }
466
467 static BOOL print_group(PSECURITY_DESCRIPTOR sd, WCHAR **pwptr, ULONG *plen)
468 {
469 BOOL defaulted;
470 PSID psid;
471
472 if (!GetSecurityDescriptorGroup(sd, &psid, &defaulted))
473 return FALSE;
474
475 if (psid == NULL)
476 return TRUE;
477
478 print_string(L"G:", -1, pwptr, plen);
479 if (!print_sid(psid, pwptr, plen))
480 return FALSE;
481 return TRUE;
482 }
483
484 static BOOL print_dacl(PSECURITY_DESCRIPTOR sd, WCHAR **pwptr, ULONG *plen)
485 {
486 SECURITY_DESCRIPTOR_CONTROL control;
487 BOOL present, defaulted;
488 DWORD revision;
489 ACL *pacl;
490
491 if (!GetSecurityDescriptorDacl(sd, &present, &pacl, &defaulted))
492 return FALSE;
493
494 if (!GetSecurityDescriptorControl(sd, &control, &revision))
495 return FALSE;
496
497 if (!present)
498 return TRUE;
499
500 print_string(L"D:", -1, pwptr, plen);
501 if (!print_acl(pacl, pwptr, plen, control))
502 return FALSE;
503 return TRUE;
504 }
505
506 static BOOL print_sacl(PSECURITY_DESCRIPTOR sd, WCHAR **pwptr, ULONG *plen)
507 {
508 SECURITY_DESCRIPTOR_CONTROL control;
509 BOOL present, defaulted;
510 DWORD revision;
511 ACL *pacl;
512
513 if (!GetSecurityDescriptorSacl(sd, &present, &pacl, &defaulted))
514 return FALSE;
515
516 if (!GetSecurityDescriptorControl(sd, &control, &revision))
517 return FALSE;
518
519 if (!present)
520 return TRUE;
521
522 print_string(L"S:", -1, pwptr, plen);
523 if (!print_acl(pacl, pwptr, plen, control))
524 return FALSE;
525 return TRUE;
526 }
527
528 /******************************************************************************
529 * ConvertSecurityDescriptorToStringSecurityDescriptorW (sechost.@)
530 */
531 BOOL WINAPI DECLSPEC_HOTPATCH ConvertSecurityDescriptorToStringSecurityDescriptorW( PSECURITY_DESCRIPTOR sd,
532 DWORD revision, SECURITY_INFORMATION flags, WCHAR **string, ULONG *ret_len )
533 {
534 ULONG len = 0;
535 WCHAR *wptr, *wstr;
536
537 if (revision != SDDL_REVISION_1)
538 {
539 ERR("Unhandled SDDL revision %ld\n", revision);
540 SetLastError( ERROR_UNKNOWN_REVISION );
541 return FALSE;
542 }
543
544 if ((flags & OWNER_SECURITY_INFORMATION) && !print_owner(sd, NULL, &len))
545 return FALSE;
546 if ((flags & GROUP_SECURITY_INFORMATION) && !print_group(sd, NULL, &len))
547 return FALSE;
548 if ((flags & DACL_SECURITY_INFORMATION) && !print_dacl(sd, NULL, &len))
549 return FALSE;
550 if ((flags & SACL_SECURITY_INFORMATION) && !print_sacl(sd, NULL, &len))
551 return FALSE;
552
553 wstr = wptr = LocalAlloc( 0, (len + 1) * sizeof(WCHAR) );
554 if ((flags & OWNER_SECURITY_INFORMATION) && !print_owner(sd, &wptr, NULL))
555 {
556 LocalFree(wstr);
557 return FALSE;
558 }
559 if ((flags & GROUP_SECURITY_INFORMATION) && !print_group(sd, &wptr, NULL))
560 {
561 LocalFree(wstr);
562 return FALSE;
563 }
564 if ((flags & DACL_SECURITY_INFORMATION) && !print_dacl(sd, &wptr, NULL))
565 {
566 LocalFree(wstr);
567 return FALSE;
568 }
569 if ((flags & SACL_SECURITY_INFORMATION) && !print_sacl(sd, &wptr, NULL))
570 {
571 LocalFree(wstr);
572 return FALSE;
573 }
574 *wptr = 0;
575
576 TRACE("ret: %s, %ld\n", wine_dbgstr_w(wstr), len);
577 *string = wstr;
578 if (ret_len) *ret_len = wcslen(*string) + 1;
579 return TRUE;
580 }
581
582 static BOOL get_computer_sid( PSID sid )
583 {
584 static const struct /* same fields as struct SID */
585 {
586 BYTE Revision;
587 BYTE SubAuthorityCount;
588 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
589 DWORD SubAuthority[4];
590 } computer_sid =
591 { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } };
592
593 memcpy( sid, &computer_sid, sizeof(computer_sid) );
594 return TRUE;
595 }
596
597 static BOOL parse_token( const WCHAR *string, const WCHAR **end, DWORD *result )
598 {
599 if (string[0] == '0' && (string[1] == 'X' || string[1] == 'x'))
600 {
601 /* hexadecimal */
602 *result = wcstoul( string + 2, (WCHAR**)&string, 16 );
603 if (*string == '-')
604 string++;
605 *end = string;
606 return TRUE;
607 }
608 else if (iswdigit(string[0]) || string[0] == '-')
609 {
610 *result = wcstoul( string, (WCHAR**)&string, 10 );
611 if (*string == '-')
612 string++;
613 *end = string;
614 return TRUE;
615 }
616
617 *result = 0;
618 *end = string;
619 return FALSE;
620 }
621
622 static DWORD get_sid_size( const WCHAR *string, const WCHAR **end )
623 {
624 if ((string[0] == 'S' || string[0] == 's') && string[1] == '-') /* S-R-I(-S)+ */
625 {
626 int token_count = 0;
627 DWORD value;
628
629 string += 2;
630
631 while (parse_token( string, &string, &value ))
632 token_count++;
633
634 if (end)
635 *end = string;
636
637 if (token_count >= 3)
638 return GetSidLengthRequired( token_count - 2 );
639 }
640 else /* String constant format - Only available in winxp and above */
641 {
642 unsigned int i;
643
644 if (end)
645 *end = string + 2;
646
647 for (i = 0; i < ARRAY_SIZE(well_known_sids); i++)
648 {
649 if (!wcsnicmp( well_known_sids[i].str, string, 2 ))
650 return GetSidLengthRequired( well_known_sids[i].sid.SubAuthorityCount );
651 }
652
653 for (i = 0; i < ARRAY_SIZE(well_known_rids); i++)
654 {
655 if (!wcsnicmp( well_known_rids[i].str, string, 2 ))
656 {
657 struct max_sid local;
658 get_computer_sid(&local);
659 return GetSidLengthRequired( *GetSidSubAuthorityCount(&local) + 1 );
660 }
661 }
662 }
663
664 return GetSidLengthRequired( 0 );
665 }
666
667 static BOOL parse_sid( const WCHAR *string, const WCHAR **end, SID *pisid, DWORD *size )
668 {
669 while (*string == ' ')
670 string++;
671
672 *size = get_sid_size( string, end );
673 if (!pisid) /* Simply compute the size */
674 return TRUE;
675
676 if ((string[0] == 'S' || string[0] == 's') && string[1] == '-') /* S-R-I-S-S */
677 {
678 DWORD i = 0, identAuth;
679 DWORD csubauth = ((*size - GetSidLengthRequired(0)) / sizeof(DWORD));
680 DWORD token;
681
682 string += 2; /* Advance to Revision */
683 parse_token( string, &string, &token );
684 pisid->Revision = token;
685
686 if (pisid->Revision != SDDL_REVISION)
687 {
688 TRACE("Revision %d is unknown\n", pisid->Revision);
689 SetLastError( ERROR_INVALID_SID );
690 return FALSE;
691 }
692 if (csubauth == 0)
693 {
694 TRACE("SubAuthorityCount is 0\n");
695 SetLastError( ERROR_INVALID_SID );
696 return FALSE;
697 }
698
699 pisid->SubAuthorityCount = csubauth;
700
701 /* MS' implementation can't handle values greater than 2^32 - 1, so
702 * we don't either; assume most significant bytes are always 0
703 */
704 pisid->IdentifierAuthority.Value[0] = 0;
705 pisid->IdentifierAuthority.Value[1] = 0;
706 parse_token( string, &string, &identAuth );
707 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
708 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
709 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
710 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
711
712 while (parse_token( string, &string, &token ))
713 {
714 pisid->SubAuthority[i++] = token;
715 }
716
717 if (i != pisid->SubAuthorityCount)
718 {
719 SetLastError( ERROR_INVALID_SID );
720 return FALSE;
721 }
722
723 if (end)
724 assert(*end == string);
725
726 return TRUE;
727 }
728 else /* String constant format - Only available in winxp and above */
729 {
730 unsigned int i;
731 pisid->Revision = SDDL_REVISION;
732
733 for (i = 0; i < ARRAY_SIZE(well_known_sids); i++)
734 {
735 if (!wcsnicmp(well_known_sids[i].str, string, 2))
736 {
737 DWORD j;
738 pisid->SubAuthorityCount = well_known_sids[i].sid.SubAuthorityCount;
739 pisid->IdentifierAuthority = well_known_sids[i].sid.IdentifierAuthority;
740 for (j = 0; j < well_known_sids[i].sid.SubAuthorityCount; j++)
741 pisid->SubAuthority[j] = well_known_sids[i].sid.SubAuthority[j];
742 return TRUE;
743 }
744 }
745
746 for (i = 0; i < ARRAY_SIZE(well_known_rids); i++)
747 {
748 if (!wcsnicmp(well_known_rids[i].str, string, 2))
749 {
750 get_computer_sid(pisid);
751 pisid->SubAuthority[pisid->SubAuthorityCount] = well_known_rids[i].rid;
752 pisid->SubAuthorityCount++;
753 return TRUE;
754 }
755 }
756
757 FIXME("String constant not supported: %s\n", debugstr_wn(string, 2));
758 SetLastError( ERROR_INVALID_SID );
759 return FALSE;
760 }
761 }
762
763 /******************************************************************************
764 * ConvertStringSidToSidW (sechost.@)
765 */
766 BOOL WINAPI DECLSPEC_HOTPATCH ConvertStringSidToSidW( const WCHAR *string, PSID *sid )
767 {
768 DWORD size;
769 const WCHAR *string_end;
770
771 TRACE("%s, %p\n", debugstr_w(string), sid);
772
773 if (GetVersion() & 0x80000000)
774 {
775 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
776 return FALSE;
777 }
778
779 if (!string || !sid)
780 {
781 SetLastError(ERROR_INVALID_PARAMETER);
782 return FALSE;
783 }
784
785 if (!parse_sid( string, &string_end, NULL, &size ))
786 return FALSE;
787
788 if (*string_end)
789 {
790 SetLastError(ERROR_INVALID_SID);
791 return FALSE;
792 }
793
794 *sid = LocalAlloc( 0, size );
795
796 if (!parse_sid( string, NULL, *sid, &size ))
797 {
798 LocalFree( *sid );
799 return FALSE;
800 }
801 return TRUE;
802 }
803
804 static DWORD parse_acl_flags( const WCHAR **string_ptr )
805 {
806 DWORD flags = 0;
807 const WCHAR *string = *string_ptr;
808
809 while (*string && *string != '(')
810 {
811 if (*string == 'P')
812 {
813 flags |= SE_DACL_PROTECTED;
814 }
815 else if (*string == 'A')
816 {
817 string++;
818 if (*string == 'R')
819 flags |= SE_DACL_AUTO_INHERIT_REQ;
820 else if (*string == 'I')
821 flags |= SE_DACL_AUTO_INHERITED;
822 }
823 string++;
824 }
825
826 *string_ptr = string;
827 return flags;
828 }
829
830 static BYTE parse_ace_type( const WCHAR **string_ptr )
831 {
832 static const struct
833 {
834 const WCHAR *str;
835 DWORD value;
836 }
837 ace_types[] =
838 {
839 { L"AL", SYSTEM_ALARM_ACE_TYPE },
840 { L"AU", SYSTEM_AUDIT_ACE_TYPE },
841 { L"A", ACCESS_ALLOWED_ACE_TYPE },
842 { L"D", ACCESS_DENIED_ACE_TYPE },
843 { L"ML", SYSTEM_MANDATORY_LABEL_ACE_TYPE },
844 /*
845 { ACCESS_ALLOWED_OBJECT_ACE_TYPE },
846 { ACCESS_DENIED_OBJECT_ACE_TYPE },
847 { SYSTEM_ALARM_OBJECT_ACE_TYPE },
848 { SYSTEM_AUDIT_OBJECT_ACE_TYPE },
849 */
850 };
851
852 const WCHAR *string = *string_ptr;
853 unsigned int i;
854
855 while (*string == ' ')
856 string++;
857
858 for (i = 0; i < ARRAY_SIZE(ace_types); ++i)
859 {
860 size_t len = wcslen( ace_types[i].str );
861 if (!wcsncmp( string, ace_types[i].str, len ))
862 {
863 *string_ptr = string + len;
864 return ace_types[i].value;
865 }
866 }
867 return 0;
868 }
869
870 static DWORD parse_ace_flag( const WCHAR *string )
871 {
872 static const struct
873 {
874 WCHAR str[3];
875 DWORD value;
876 }
877 ace_flags[] =
878 {
879 { L"CI", CONTAINER_INHERIT_ACE },
880 { L"FA", FAILED_ACCESS_ACE_FLAG },
881 { L"ID", INHERITED_ACE },
882 { L"IO", INHERIT_ONLY_ACE },
883 { L"NP", NO_PROPAGATE_INHERIT_ACE },
884 { L"OI", OBJECT_INHERIT_ACE },
885 { L"SA", SUCCESSFUL_ACCESS_ACE_FLAG },
886 };
887
888 unsigned int i;
889
890 for (i = 0; i < ARRAY_SIZE(ace_flags); ++i)
891 {
892 if (!wcsncmp( string, ace_flags[i].str, 2 ))
893 return ace_flags[i].value;
894 }
895 return 0;
896 }
897
898 static DWORD parse_ace_right( const WCHAR **string_ptr )
899 {
900 const WCHAR *string = *string_ptr;
901 unsigned int i;
902
903 if (string[0] == '0' && string[1] == 'x')
904 return wcstoul( string, (WCHAR **)string_ptr, 16 );
905
906 for (i = 0; i < ARRAY_SIZE(ace_rights); ++i)
907 {
908 if (!wcsncmp( string, ace_rights[i].str, 2 ))
909 {
910 *string_ptr += 2;
911 return ace_rights[i].value;
912 }
913 }
914 return 0;
915 }
916
917 static BYTE parse_ace_flags( const WCHAR **string_ptr )
918 {
919 const WCHAR *string = *string_ptr;
920 BYTE flags = 0;
921
922 while (*string == ' ')
923 string++;
924
925 while (*string != ';')
926 {
927 DWORD flag = parse_ace_flag( string );
928 if (!flag) return 0;
929 flags |= flag;
930 string += 2;
931 }
932
933 *string_ptr = string;
934 return flags;
935 }
936
937 static DWORD parse_ace_rights( const WCHAR **string_ptr )
938 {
939 DWORD rights = 0;
940 const WCHAR *string = *string_ptr;
941
942 while (*string == ' ')
943 string++;
944
945 while (*string != ';')
946 {
947 DWORD right = parse_ace_right( &string );
948 if (!right) return 0;
949 rights |= right;
950 }
951
952 *string_ptr = string;
953 return rights;
954 }
955
956 static BOOL parse_acl( const WCHAR *string, DWORD *flags, ACL *acl, DWORD *ret_size )
957 {
958 DWORD val;
959 DWORD sidlen;
960 DWORD length = sizeof(ACL);
961 DWORD acesize = 0;
962 DWORD acecount = 0;
963 ACCESS_ALLOWED_ACE *ace = NULL; /* pointer to current ACE */
964
965 TRACE("%s\n", debugstr_w(string));
966
967 if (acl) /* ace is only useful if we're setting values */
968 ace = (ACCESS_ALLOWED_ACE *)(acl + 1);
969
970 /* Parse ACL flags */
971 *flags = parse_acl_flags( &string );
972
973 /* Parse ACE */
974 while (*string == '(')
975 {
976 string++;
977
978 /* Parse ACE type */
979 val = parse_ace_type( &string );
980 if (ace)
981 ace->Header.AceType = val;
982 if (*string != ';')
983 {
984 SetLastError( RPC_S_INVALID_STRING_UUID );
985 return FALSE;
986 }
987 string++;
988
989 /* Parse ACE flags */
990 val = parse_ace_flags( &string );
991 if (ace)
992 ace->Header.AceFlags = val;
993 if (*string != ';')
994 goto err;
995 string++;
996
997 /* Parse ACE rights */
998 val = parse_ace_rights( &string );
999 if (ace)
1000 ace->Mask = val;
1001 if (*string != ';')
1002 goto err;
1003 string++;
1004
1005 /* Parse ACE object guid */
1006 while (*string == ' ')
1007 string++;
1008 if (*string != ';')
1009 {
1010 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
1011 goto err;
1012 }
1013 string++;
1014
1015 /* Parse ACE inherit object guid */
1016 while (*string == ' ')
1017 string++;
1018 if (*string != ';')
1019 {
1020 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
1021 goto err;
1022 }
1023 string++;
1024
1025 /* Parse ACE account sid */
1026 if (!parse_sid( string, &string, ace ? (SID *)&ace->SidStart : NULL, &sidlen ))
1027 goto err;
1028
1029 while (*string == ' ')
1030 string++;
1031
1032 if (*string != ')')
1033 goto err;
1034 string++;
1035
1036 acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
1037 length += acesize;
1038 if (ace)
1039 {
1040 ace->Header.AceSize = acesize;
1041 ace = (ACCESS_ALLOWED_ACE *)((BYTE *)ace + acesize);
1042 }
1043 acecount++;
1044 }
1045
1046 *ret_size = length;
1047
1048 if (length > 0xffff)
1049 {
1050 ERR("ACL too large\n");
1051 goto err;
1052 }
1053
1054 if (acl)
1055 {
1056 acl->AclRevision = ACL_REVISION;
1057 acl->Sbz1 = 0;
1058 acl->AclSize = length;
1059 acl->AceCount = acecount;
1060 acl->Sbz2 = 0;
1061 }
1062 return TRUE;
1063
1064 err:
1065 SetLastError( ERROR_INVALID_ACL );
1066 WARN("Invalid ACE string format\n");
1067 return FALSE;
1068 }
1069
1070 static BOOL parse_sd( const WCHAR *string, SECURITY_DESCRIPTOR_RELATIVE *sd, DWORD *size)
1071 {
1072 BOOL ret = FALSE;
1073 WCHAR toktype;
1074 WCHAR *tok;
1075 const WCHAR *lptoken;
1076 BYTE *next = NULL;
1077 DWORD len;
1078
1079 *size = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1080
1081 tok = heap_alloc( (wcslen(string) + 1) * sizeof(WCHAR) );
1082 if (!tok)
1083 {
1084 SetLastError( ERROR_NOT_ENOUGH_MEMORY );
1085 return FALSE;
1086 }
1087
1088 if (sd)
1089 next = (BYTE *)(sd + 1);
1090
1091 while (*string == ' ')
1092 string++;
1093
1094 while (*string)
1095 {
1096 toktype = *string;
1097
1098 /* Expect char identifier followed by ':' */
1099 string++;
1100 if (*string != ':')
1101 {
1102 SetLastError( ERROR_INVALID_PARAMETER );
1103 goto out;
1104 }
1105 string++;
1106
1107 /* Extract token */
1108 lptoken = string;
1109 while (*lptoken && *lptoken != ':')
1110 lptoken++;
1111
1112 if (*lptoken)
1113 lptoken--;
1114
1115 len = lptoken - string;
1116 memcpy( tok, string, len * sizeof(WCHAR) );
1117 tok[len] = 0;
1118
1119 switch (toktype)
1120 {
1121 case 'O':
1122 {
1123 DWORD bytes;
1124
1125 if (!parse_sid( tok, NULL, (SID *)next, &bytes ))
1126 goto out;
1127
1128 if (sd)
1129 {
1130 sd->Owner = next - (BYTE *)sd;
1131 next += bytes; /* Advance to next token */
1132 }
1133
1134 *size += bytes;
1135
1136 break;
1137 }
1138
1139 case 'G':
1140 {
1141 DWORD bytes;
1142
1143 if (!parse_sid( tok, NULL, (SID *)next, &bytes ))
1144 goto out;
1145
1146 if (sd)
1147 {
1148 sd->Group = next - (BYTE *)sd;
1149 next += bytes; /* Advance to next token */
1150 }
1151
1152 *size += bytes;
1153
1154 break;
1155 }
1156
1157 case 'D':
1158 {
1159 DWORD flags;
1160 DWORD bytes;
1161
1162 if (!parse_acl( tok, &flags, (ACL *)next, &bytes ))
1163 goto out;
1164
1165 if (sd)
1166 {
1167 sd->Control |= SE_DACL_PRESENT | flags;
1168 sd->Dacl = next - (BYTE *)sd;
1169 next += bytes; /* Advance to next token */
1170 }
1171
1172 *size += bytes;
1173
1174 break;
1175 }
1176
1177 case 'S':
1178 {
1179 DWORD flags;
1180 DWORD bytes;
1181
1182 if (!parse_acl( tok, &flags, (ACL *)next, &bytes ))
1183 goto out;
1184
1185 if (sd)
1186 {
1187 sd->Control |= SE_SACL_PRESENT | flags;
1188 sd->Sacl = next - (BYTE *)sd;
1189 next += bytes; /* Advance to next token */
1190 }
1191
1192 *size += bytes;
1193
1194 break;
1195 }
1196
1197 default:
1198 FIXME("Unknown token\n");
1199 SetLastError( ERROR_INVALID_PARAMETER );
1200 goto out;
1201 }
1202
1203 string = lptoken;
1204 }
1205
1206 ret = TRUE;
1207
1208 out:
1209 heap_free(tok);
1210 return ret;
1211 }
1212
1213 /******************************************************************************
1214 * ConvertStringSecurityDescriptorToSecurityDescriptorW (sechost.@)
1215 */
1216 BOOL WINAPI DECLSPEC_HOTPATCH ConvertStringSecurityDescriptorToSecurityDescriptorW(
1217 const WCHAR *string, DWORD revision, PSECURITY_DESCRIPTOR *sd, ULONG *ret_size )
1218 {
1219 DWORD size;
1220 SECURITY_DESCRIPTOR *psd;
1221
1222 TRACE("%s, %lu, %p, %p\n", debugstr_w(string), revision, sd, ret_size);
1223
1224 if (GetVersion() & 0x80000000)
1225 {
1226 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
1227 return FALSE;
1228 }
1229 if (!string || !sd)
1230 {
1231 SetLastError(ERROR_INVALID_PARAMETER);
1232 return FALSE;
1233 }
1234 if (revision != SID_REVISION)
1235 {
1236 SetLastError(ERROR_UNKNOWN_REVISION);
1237 return FALSE;
1238 }
1239
1240 /* Compute security descriptor length */
1241 if (!parse_sd( string, NULL, &size ))
1242 return FALSE;
1243
1244 psd = *sd = LocalAlloc( GMEM_ZEROINIT, size );
1245 if (!psd)
1246 {
1247 SetLastError( ERROR_NOT_ENOUGH_MEMORY );
1248 return FALSE;
1249 }
1250
1251 psd->Revision = SID_REVISION;
1252 psd->Control |= SE_SELF_RELATIVE;
1253
1254 if (!parse_sd( string, (SECURITY_DESCRIPTOR_RELATIVE *)psd, &size ))
1255 {
1256 LocalFree(psd);
1257 return FALSE;
1258 }
1259
1260 if (ret_size) *ret_size = size;
1261 return TRUE;
1262 }
Windows API implementation