2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 * FIXME: for all functions thunking down to Rtl* functions: implement SetLastError()
36 #include "wine/debug.h"
37 #include "wine/unicode.h"
39 WINE_DEFAULT_DEBUG_CHANNEL(advapi
);
41 static BOOL
ParseStringSidToSid(LPCWSTR StringSid
, PSID pSid
, LPDWORD cBytes
);
42 static BOOL
ParseStringAclToAcl(LPCWSTR StringAcl
, LPDWORD lpdwFlags
,
43 PACL pAcl
, LPDWORD cBytes
);
44 static BYTE
ParseAceStringFlags(LPCWSTR
* StringAcl
);
45 static BYTE
ParseAceStringType(LPCWSTR
* StringAcl
);
46 static DWORD
ParseAceStringRights(LPCWSTR
* StringAcl
);
47 static BOOL
ParseStringSecurityDescriptorToSecurityDescriptor(
48 LPCWSTR StringSecurityDescriptor
,
49 PSECURITY_DESCRIPTOR SecurityDescriptor
,
51 static DWORD
ParseAclStringFlags(LPCWSTR
* StringAcl
);
53 typedef struct _ACEFLAG
57 } ACEFLAG
, *LPACEFLAG
;
62 static const WCHAR SDDL_READ_CONTROL
[] = {'R','C',0};
63 static const WCHAR SDDL_WRITE_DAC
[] = {'W','D',0};
64 static const WCHAR SDDL_WRITE_OWNER
[] = {'W','O',0};
65 static const WCHAR SDDL_STANDARD_DELETE
[] = {'S','D',0};
66 static const WCHAR SDDL_GENERIC_ALL
[] = {'G','A',0};
67 static const WCHAR SDDL_GENERIC_READ
[] = {'G','R',0};
68 static const WCHAR SDDL_GENERIC_WRITE
[] = {'G','W',0};
69 static const WCHAR SDDL_GENERIC_EXECUTE
[] = {'G','X',0};
74 static const WCHAR SDDL_ACCESS_ALLOWED
[] = {'A',0};
75 static const WCHAR SDDL_ACCESS_DENIED
[] = {'D',0};
76 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED
[] = {'O','A',0};
77 static const WCHAR SDDL_OBJECT_ACCESS_DENIED
[] = {'O','D',0};
78 static const WCHAR SDDL_AUDIT
[] = {'A','U',0};
79 static const WCHAR SDDL_ALARM
[] = {'A','L',0};
80 static const WCHAR SDDL_OBJECT_AUDIT
[] = {'O','U',0};
81 static const WCHAR SDDL_OBJECT_ALARMp
[] = {'O','L',0};
86 static const WCHAR SDDL_CONTAINER_INHERIT
[] = {'C','I',0};
87 static const WCHAR SDDL_OBJECT_INHERIT
[] = {'O','I',0};
88 static const WCHAR SDDL_NO_PROPAGATE
[] = {'N','P',0};
89 static const WCHAR SDDL_INHERIT_ONLY
[] = {'I','O',0};
90 static const WCHAR SDDL_INHERITED
[] = {'I','D',0};
91 static const WCHAR SDDL_AUDIT_SUCCESS
[] = {'S','A',0};
92 static const WCHAR SDDL_AUDIT_FAILURE
[] = {'F','A',0};
94 #define CallWin32ToNt(func) \
97 if (ret !=STATUS_SUCCESS) \
98 { SetLastError (RtlNtStatusToDosError(ret)); return FALSE; } \
102 static void dumpLsaAttributes( PLSA_OBJECT_ATTRIBUTES oa
)
106 TRACE("\n\tlength=%lu, rootdir=%p, objectname=%s\n\tattr=0x%08lx, sid=%p qos=%p\n",
107 oa
->Length
, oa
->RootDirectory
,
108 oa
->ObjectName
?debugstr_w(oa
->ObjectName
->Buffer
):"null",
109 oa
->Attributes
, oa
->SecurityDescriptor
, oa
->SecurityQualityOfService
);
113 /************************************************************
114 * ADVAPI_IsLocalComputer
116 * Checks whether the server name indicates local machine.
118 BOOL
ADVAPI_IsLocalComputer(LPCWSTR ServerName
)
126 DWORD dwSize
= MAX_COMPUTERNAME_LENGTH
+ 1;
130 buf
= HeapAlloc(GetProcessHeap(), 0, dwSize
* sizeof(WCHAR
));
131 Result
= GetComputerNameW(buf
, &dwSize
);
132 if (Result
&& (ServerName
[0] == '\\') && (ServerName
[1] == '\\'))
134 Result
= Result
&& !lstrcmpW(ServerName
, buf
);
135 HeapFree(GetProcessHeap(), 0, buf
);
141 #define ADVAPI_ForceLocalComputer(ServerName, FailureCode) \
142 if (!ADVAPI_IsLocalComputer(ServerName)) \
144 FIXME("Action Implemented for local computer only. " \
145 "Requested for server %s\n", debugstr_w(ServerName)); \
146 return FailureCode; \
149 /* ##############################
150 ###### TOKEN FUNCTIONS ######
151 ##############################
154 /******************************************************************************
155 * OpenProcessToken [ADVAPI32.@]
156 * Opens the access token associated with a process handle.
159 * ProcessHandle [I] Handle to process
160 * DesiredAccess [I] Desired access to process
161 * TokenHandle [O] Pointer to handle of open access token
164 * Success: TRUE. TokenHandle contains the access token.
168 * See NtOpenProcessToken.
171 OpenProcessToken( HANDLE ProcessHandle
, DWORD DesiredAccess
,
172 HANDLE
*TokenHandle
)
174 CallWin32ToNt(NtOpenProcessToken( ProcessHandle
, DesiredAccess
, TokenHandle
));
177 /******************************************************************************
178 * OpenThreadToken [ADVAPI32.@]
180 * Opens the access token associated with a thread handle.
183 * ThreadHandle [I] Handle to process
184 * DesiredAccess [I] Desired access to the thread
186 * TokenHandle [O] Destination for the token handle
189 * Success: TRUE. TokenHandle contains the access token.
193 * See NtOpenThreadToken.
196 OpenThreadToken( HANDLE ThreadHandle
, DWORD DesiredAccess
,
197 BOOL OpenAsSelf
, HANDLE
*TokenHandle
)
199 CallWin32ToNt (NtOpenThreadToken(ThreadHandle
, DesiredAccess
, OpenAsSelf
, TokenHandle
));
202 /******************************************************************************
203 * AdjustTokenPrivileges [ADVAPI32.@]
205 * Adjust the privileges of an open token handle.
208 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
209 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
210 * NewState [I] Desired new privileges of the token
211 * BufferLength [I] Length of NewState
212 * PreviousState [O] Destination for the previous state
213 * ReturnLength [I/O] Size of PreviousState
217 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
221 * See NtAdjustPrivilegesToken.
224 AdjustTokenPrivileges( HANDLE TokenHandle
, BOOL DisableAllPrivileges
,
225 LPVOID NewState
, DWORD BufferLength
,
226 LPVOID PreviousState
, LPDWORD ReturnLength
)
228 CallWin32ToNt(NtAdjustPrivilegesToken(TokenHandle
, DisableAllPrivileges
, NewState
, BufferLength
, PreviousState
, ReturnLength
));
231 /******************************************************************************
232 * CheckTokenMembership [ADVAPI32.@]
234 * Determine if an access token is a member of a SID.
237 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
238 * SidToCheck [I] SID that possibly contains the token
239 * IsMember [O] Destination for result.
242 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
246 CheckTokenMembership( HANDLE TokenHandle
, PSID SidToCheck
,
249 FIXME("(%p %p %p) stub!\n", TokenHandle
, SidToCheck
, IsMember
);
255 /******************************************************************************
256 * GetTokenInformation [ADVAPI32.@]
259 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
260 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
261 * tokeninfo [O] Destination for token information
262 * tokeninfolength [I] Length of tokeninfo
263 * retlen [O] Destination for returned token information length
266 * Success: TRUE. tokeninfo contains retlen bytes of token information
270 * See NtQueryInformationToken.
273 GetTokenInformation( HANDLE token
, TOKEN_INFORMATION_CLASS tokeninfoclass
,
274 LPVOID tokeninfo
, DWORD tokeninfolength
, LPDWORD retlen
)
276 TRACE("(%p, %s, %p, %ld, %p): \n",
278 (tokeninfoclass
== TokenUser
) ? "TokenUser" :
279 (tokeninfoclass
== TokenGroups
) ? "TokenGroups" :
280 (tokeninfoclass
== TokenPrivileges
) ? "TokenPrivileges" :
281 (tokeninfoclass
== TokenOwner
) ? "TokenOwner" :
282 (tokeninfoclass
== TokenPrimaryGroup
) ? "TokenPrimaryGroup" :
283 (tokeninfoclass
== TokenDefaultDacl
) ? "TokenDefaultDacl" :
284 (tokeninfoclass
== TokenSource
) ? "TokenSource" :
285 (tokeninfoclass
== TokenType
) ? "TokenType" :
286 (tokeninfoclass
== TokenImpersonationLevel
) ? "TokenImpersonationLevel" :
287 (tokeninfoclass
== TokenStatistics
) ? "TokenStatistics" :
288 (tokeninfoclass
== TokenRestrictedSids
) ? "TokenRestrictedSids" :
289 (tokeninfoclass
== TokenSessionId
) ? "TokenSessionId" :
290 (tokeninfoclass
== TokenGroupsAndPrivileges
) ? "TokenGroupsAndPrivileges" :
291 (tokeninfoclass
== TokenSessionReference
) ? "TokenSessionReference" :
292 (tokeninfoclass
== TokenSandBoxInert
) ? "TokenSandBoxInert" :
294 tokeninfo
, tokeninfolength
, retlen
);
295 CallWin32ToNt (NtQueryInformationToken( token
, tokeninfoclass
, tokeninfo
, tokeninfolength
, retlen
));
298 /******************************************************************************
299 * SetTokenInformation [ADVAPI32.@]
301 * Set information for an access token.
304 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
305 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
306 * tokeninfo [I] Token information to set
307 * tokeninfolength [I] Length of tokeninfo
310 * Success: TRUE. The information for the token is set to tokeninfo.
314 SetTokenInformation( HANDLE token
, TOKEN_INFORMATION_CLASS tokeninfoclass
,
315 LPVOID tokeninfo
, DWORD tokeninfolength
)
317 FIXME("(%p, %s, %p, %ld): stub\n",
319 (tokeninfoclass
== TokenUser
) ? "TokenUser" :
320 (tokeninfoclass
== TokenGroups
) ? "TokenGroups" :
321 (tokeninfoclass
== TokenPrivileges
) ? "TokenPrivileges" :
322 (tokeninfoclass
== TokenOwner
) ? "TokenOwner" :
323 (tokeninfoclass
== TokenPrimaryGroup
) ? "TokenPrimaryGroup" :
324 (tokeninfoclass
== TokenDefaultDacl
) ? "TokenDefaultDacl" :
325 (tokeninfoclass
== TokenSource
) ? "TokenSource" :
326 (tokeninfoclass
== TokenType
) ? "TokenType" :
327 (tokeninfoclass
== TokenImpersonationLevel
) ? "TokenImpersonationLevel" :
328 (tokeninfoclass
== TokenStatistics
) ? "TokenStatistics" :
329 (tokeninfoclass
== TokenRestrictedSids
) ? "TokenRestrictedSids" :
330 (tokeninfoclass
== TokenSessionId
) ? "TokenSessionId" :
331 (tokeninfoclass
== TokenGroupsAndPrivileges
) ? "TokenGroupsAndPrivileges" :
332 (tokeninfoclass
== TokenSessionReference
) ? "TokenSessionReference" :
333 (tokeninfoclass
== TokenSandBoxInert
) ? "TokenSandBoxInert" :
335 tokeninfo
, tokeninfolength
);
337 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
342 /*************************************************************************
343 * SetThreadToken [ADVAPI32.@]
345 * Assigns an 'impersonation token' to a thread so it can assume the
346 * security privledges of another thread or process. Can also remove
347 * a previously assigned token.
350 * thread [O] Handle to thread to set the token for
351 * token [I] Token to set
354 * Success: TRUE. The threads access token is set to token
358 * Only supported on NT or higher. On Win9X this function does nothing.
359 * See SetTokenInformation.
361 BOOL WINAPI
SetThreadToken(PHANDLE thread
, HANDLE token
)
363 FIXME("(%p, %p): stub (NT impl. only)\n", thread
, token
);
365 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
370 /* ##############################
371 ###### SID FUNCTIONS ######
372 ##############################
375 /******************************************************************************
376 * AllocateAndInitializeSid [ADVAPI32.@]
379 * pIdentifierAuthority []
380 * nSubAuthorityCount []
392 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority
,
393 BYTE nSubAuthorityCount
,
394 DWORD nSubAuthority0
, DWORD nSubAuthority1
,
395 DWORD nSubAuthority2
, DWORD nSubAuthority3
,
396 DWORD nSubAuthority4
, DWORD nSubAuthority5
,
397 DWORD nSubAuthority6
, DWORD nSubAuthority7
,
400 CallWin32ToNt (RtlAllocateAndInitializeSid(
401 pIdentifierAuthority
, nSubAuthorityCount
,
402 nSubAuthority0
, nSubAuthority1
, nSubAuthority2
, nSubAuthority3
,
403 nSubAuthority4
, nSubAuthority5
, nSubAuthority6
, nSubAuthority7
,
407 /******************************************************************************
408 * FreeSid [ADVAPI32.@]
417 return NULL
; /* is documented like this */
420 /******************************************************************************
421 * CopySid [ADVAPI32.@]
424 * nDestinationSidLength []
429 CopySid( DWORD nDestinationSidLength
, PSID pDestinationSid
, PSID pSourceSid
)
431 return RtlCopySid(nDestinationSidLength
, pDestinationSid
, pSourceSid
);
434 /******************************************************************************
435 * IsValidSid [ADVAPI32.@]
441 IsValidSid( PSID pSid
)
443 return RtlValidSid( pSid
);
446 /******************************************************************************
447 * EqualSid [ADVAPI32.@]
454 EqualSid( PSID pSid1
, PSID pSid2
)
456 return RtlEqualSid( pSid1
, pSid2
);
459 /******************************************************************************
460 * EqualPrefixSid [ADVAPI32.@]
462 BOOL WINAPI
EqualPrefixSid (PSID pSid1
, PSID pSid2
)
464 return RtlEqualPrefixSid(pSid1
, pSid2
);
467 /******************************************************************************
468 * GetSidLengthRequired [ADVAPI32.@]
471 * nSubAuthorityCount []
474 GetSidLengthRequired( BYTE nSubAuthorityCount
)
476 return RtlLengthRequiredSid(nSubAuthorityCount
);
479 /******************************************************************************
480 * InitializeSid [ADVAPI32.@]
483 * pIdentifierAuthority []
488 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority
,
489 BYTE nSubAuthorityCount
)
491 return RtlInitializeSid(pSid
, pIdentifierAuthority
, nSubAuthorityCount
);
494 /******************************************************************************
495 * GetSidIdentifierAuthority [ADVAPI32.@]
500 PSID_IDENTIFIER_AUTHORITY WINAPI
501 GetSidIdentifierAuthority( PSID pSid
)
503 return RtlIdentifierAuthoritySid(pSid
);
506 /******************************************************************************
507 * GetSidSubAuthority [ADVAPI32.@]
514 GetSidSubAuthority( PSID pSid
, DWORD nSubAuthority
)
516 return RtlSubAuthoritySid(pSid
, nSubAuthority
);
519 /******************************************************************************
520 * GetSidSubAuthorityCount [ADVAPI32.@]
526 GetSidSubAuthorityCount (PSID pSid
)
528 return RtlSubAuthorityCountSid(pSid
);
531 /******************************************************************************
532 * GetLengthSid [ADVAPI32.@]
538 GetLengthSid (PSID pSid
)
540 return RtlLengthSid(pSid
);
543 /* ##############################################
544 ###### SECURITY DESCRIPTOR FUNCTIONS ######
545 ##############################################
548 /******************************************************************************
549 * InitializeSecurityDescriptor [ADVAPI32.@]
556 InitializeSecurityDescriptor( SECURITY_DESCRIPTOR
*pDescr
, DWORD revision
)
558 CallWin32ToNt (RtlCreateSecurityDescriptor(pDescr
, revision
));
562 /******************************************************************************
563 * MakeAbsoluteSD [ADVAPI32.@]
565 BOOL WINAPI
MakeAbsoluteSD (
566 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor
,
567 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor
,
568 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize
,
570 OUT LPDWORD lpdwDaclSize
,
572 OUT LPDWORD lpdwSaclSize
,
574 OUT LPDWORD lpdwOwnerSize
,
575 OUT PSID pPrimaryGroup
,
576 OUT LPDWORD lpdwPrimaryGroupSize
)
578 CallWin32ToNt (RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor
,
579 pAbsoluteSecurityDescriptor
, lpdwAbsoluteSecurityDescriptorSize
,
580 pDacl
, lpdwDaclSize
, pSacl
, lpdwSaclSize
, pOwner
, lpdwOwnerSize
,
581 pPrimaryGroup
, lpdwPrimaryGroupSize
));
585 /******************************************************************************
586 * GetSecurityDescriptorLength [ADVAPI32.@]
588 DWORD WINAPI
GetSecurityDescriptorLength( SECURITY_DESCRIPTOR
*pDescr
)
590 return (RtlLengthSecurityDescriptor(pDescr
));
593 /******************************************************************************
594 * GetSecurityDescriptorOwner [ADVAPI32.@]
598 * lpbOwnerDefaulted []
601 GetSecurityDescriptorOwner( SECURITY_DESCRIPTOR
*pDescr
, PSID
*pOwner
,
602 LPBOOL lpbOwnerDefaulted
)
604 CallWin32ToNt (RtlGetOwnerSecurityDescriptor( pDescr
, pOwner
, (PBOOLEAN
)lpbOwnerDefaulted
));
607 /******************************************************************************
608 * SetSecurityDescriptorOwner [ADVAPI32.@]
612 BOOL WINAPI
SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor
,
613 PSID pOwner
, BOOL bOwnerDefaulted
)
615 CallWin32ToNt (RtlSetOwnerSecurityDescriptor(pSecurityDescriptor
, pOwner
, bOwnerDefaulted
));
617 /******************************************************************************
618 * GetSecurityDescriptorGroup [ADVAPI32.@]
620 BOOL WINAPI
GetSecurityDescriptorGroup(
621 PSECURITY_DESCRIPTOR SecurityDescriptor
,
623 LPBOOL GroupDefaulted
)
625 CallWin32ToNt (RtlGetGroupSecurityDescriptor(SecurityDescriptor
, Group
, (PBOOLEAN
)GroupDefaulted
));
627 /******************************************************************************
628 * SetSecurityDescriptorGroup [ADVAPI32.@]
630 BOOL WINAPI
SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor
,
631 PSID Group
, BOOL GroupDefaulted
)
633 CallWin32ToNt (RtlSetGroupSecurityDescriptor( SecurityDescriptor
, Group
, GroupDefaulted
));
636 /******************************************************************************
637 * IsValidSecurityDescriptor [ADVAPI32.@]
643 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor
)
645 CallWin32ToNt (RtlValidSecurityDescriptor(SecurityDescriptor
));
648 /******************************************************************************
649 * GetSecurityDescriptorDacl [ADVAPI32.@]
651 BOOL WINAPI
GetSecurityDescriptorDacl(
652 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
653 OUT LPBOOL lpbDaclPresent
,
655 OUT LPBOOL lpbDaclDefaulted
)
657 CallWin32ToNt (RtlGetDaclSecurityDescriptor(pSecurityDescriptor
, (PBOOLEAN
)lpbDaclPresent
,
658 pDacl
, (PBOOLEAN
)lpbDaclDefaulted
));
661 /******************************************************************************
662 * SetSecurityDescriptorDacl [ADVAPI32.@]
665 SetSecurityDescriptorDacl (
666 PSECURITY_DESCRIPTOR lpsd
,
671 CallWin32ToNt (RtlSetDaclSecurityDescriptor (lpsd
, daclpresent
, dacl
, dacldefaulted
));
673 /******************************************************************************
674 * GetSecurityDescriptorSacl [ADVAPI32.@]
676 BOOL WINAPI
GetSecurityDescriptorSacl(
677 IN PSECURITY_DESCRIPTOR lpsd
,
678 OUT LPBOOL lpbSaclPresent
,
680 OUT LPBOOL lpbSaclDefaulted
)
682 CallWin32ToNt (RtlGetSaclSecurityDescriptor(lpsd
,
683 (PBOOLEAN
)lpbSaclPresent
, pSacl
, (PBOOLEAN
)lpbSaclDefaulted
));
686 /**************************************************************************
687 * SetSecurityDescriptorSacl [ADVAPI32.@]
689 BOOL WINAPI
SetSecurityDescriptorSacl (
690 PSECURITY_DESCRIPTOR lpsd
,
695 CallWin32ToNt (RtlSetSaclSecurityDescriptor(lpsd
, saclpresent
, lpsacl
, sacldefaulted
));
697 /******************************************************************************
698 * MakeSelfRelativeSD [ADVAPI32.@]
707 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor
,
708 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor
,
709 IN OUT LPDWORD lpdwBufferLength
)
711 CallWin32ToNt (RtlMakeSelfRelativeSD(pAbsoluteSecurityDescriptor
,pSelfRelativeSecurityDescriptor
, lpdwBufferLength
));
714 /******************************************************************************
715 * GetSecurityDescriptorControl [ADVAPI32.@]
718 BOOL WINAPI
GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor
,
719 PSECURITY_DESCRIPTOR_CONTROL pControl
, LPDWORD lpdwRevision
)
721 CallWin32ToNt (RtlGetControlSecurityDescriptor(pSecurityDescriptor
,pControl
,lpdwRevision
));
724 /* ##############################
725 ###### ACL FUNCTIONS ######
726 ##############################
729 /*************************************************************************
730 * InitializeAcl [ADVAPI32.@]
732 DWORD WINAPI
InitializeAcl(PACL acl
, DWORD size
, DWORD rev
)
734 CallWin32ToNt (RtlCreateAcl(acl
, size
, rev
));
737 /******************************************************************************
738 * AddAccessAllowedAce [ADVAPI32.@]
740 BOOL WINAPI
AddAccessAllowedAce(
742 IN DWORD dwAceRevision
,
746 CallWin32ToNt(RtlAddAccessAllowedAce(pAcl
, dwAceRevision
, AccessMask
, pSid
));
749 /******************************************************************************
750 * AddAccessAllowedAceEx [ADVAPI32.@]
752 BOOL WINAPI
AddAccessAllowedAceEx(
754 IN DWORD dwAceRevision
,
759 CallWin32ToNt(RtlAddAccessAllowedAceEx(pAcl
, dwAceRevision
, AceFlags
, AccessMask
, pSid
));
762 /******************************************************************************
763 * AddAccessDeniedAce [ADVAPI32.@]
765 BOOL WINAPI
AddAccessDeniedAce(
767 IN DWORD dwAceRevision
,
771 CallWin32ToNt(RtlAddAccessDeniedAce(pAcl
, dwAceRevision
, AccessMask
, pSid
));
774 /******************************************************************************
775 * AddAccessDeniedAceEx [ADVAPI32.@]
777 BOOL WINAPI
AddAccessDeniedAceEx(
779 IN DWORD dwAceRevision
,
784 CallWin32ToNt(RtlAddAccessDeniedAceEx(pAcl
, dwAceRevision
, AceFlags
, AccessMask
, pSid
));
787 /******************************************************************************
788 * AddAce [ADVAPI32.@]
792 IN DWORD dwAceRevision
,
793 IN DWORD dwStartingAceIndex
,
795 DWORD nAceListLength
)
797 CallWin32ToNt(RtlAddAce(pAcl
, dwAceRevision
, dwStartingAceIndex
, pAceList
, nAceListLength
));
800 /******************************************************************************
801 * DeleteAce [ADVAPI32.@]
803 BOOL WINAPI
DeleteAce(PACL pAcl
, DWORD dwAceIndex
)
805 CallWin32ToNt(RtlDeleteAce(pAcl
, dwAceIndex
));
808 /******************************************************************************
809 * FindFirstFreeAce [ADVAPI32.@]
811 BOOL WINAPI
FindFirstFreeAce(IN PACL pAcl
, LPVOID
* pAce
)
813 return RtlFirstFreeAce(pAcl
, (PACE_HEADER
*)pAce
);
816 /******************************************************************************
817 * GetAce [ADVAPI32.@]
819 BOOL WINAPI
GetAce(PACL pAcl
,DWORD dwAceIndex
,LPVOID
*pAce
)
821 CallWin32ToNt(RtlGetAce(pAcl
, dwAceIndex
, pAce
));
824 /******************************************************************************
825 * GetAclInformation [ADVAPI32.@]
827 BOOL WINAPI
GetAclInformation(
829 LPVOID pAclInformation
,
830 DWORD nAclInformationLength
,
831 ACL_INFORMATION_CLASS dwAclInformationClass
)
833 CallWin32ToNt(RtlQueryInformationAcl(pAcl
, pAclInformation
,
834 nAclInformationLength
, dwAclInformationClass
));
837 /******************************************************************************
838 * IsValidAcl [ADVAPI32.@]
840 BOOL WINAPI
IsValidAcl(IN PACL pAcl
)
842 return RtlValidAcl(pAcl
);
845 /* ##############################
846 ###### MISC FUNCTIONS ######
847 ##############################
850 static const char * const DefaultPrivNames
[] =
853 "SeCreateTokenPrivilege", "SeAssignPrimaryTokenPrivilege",
854 "SeLockMemoryPrivilege", "SeIncreaseQuotaPrivilege",
855 "SeMachineAccountPrivilege", "SeTcbPrivilege",
856 "SeSecurityPrivilege", "SeTakeOwnershipPrivilege",
857 "SeLoadDriverPrivilege", "SeSystemProfilePrivilege",
858 "SeSystemtimePrivilege", "SeProfileSingleProcessPrivilege",
859 "SeIncreaseBasePriorityPrivilege", "SeCreatePagefilePrivilege",
860 "SeCreatePermanentPrivilege", "SeBackupPrivilege",
861 "SeRestorePrivilege", "SeShutdownPrivilege",
862 "SeDebugPrivilege", "SeAuditPrivilege",
863 "SeSystemEnvironmentPrivilege", "SeChangeNotifyPrivilege",
864 "SeRemoteShutdownPrivilege",
866 #define NUMPRIVS (sizeof DefaultPrivNames/sizeof DefaultPrivNames[0])
868 /******************************************************************************
869 * LookupPrivilegeValueW [ADVAPI32.@]
871 * See LookupPrivilegeValueA.
874 LookupPrivilegeValueW( LPCWSTR lpSystemName
, LPCWSTR lpName
, PLUID lpLuid
)
879 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName
), debugstr_w(lpName
), lpLuid
);
881 for( i
=0; i
<NUMPRIVS
; i
++ )
883 if( !DefaultPrivNames
[i
] )
885 MultiByteToWideChar( CP_ACP
, 0, DefaultPrivNames
[i
], -1,
887 if( strcmpW( priv
, lpName
) )
890 lpLuid
->HighPart
= 0;
891 TRACE( "%s -> %08lx-%08lx\n",debugstr_w( lpSystemName
),
892 lpLuid
->HighPart
, lpLuid
->LowPart
);
898 /******************************************************************************
899 * LookupPrivilegeValueA [ADVAPI32.@]
901 * Retrieves LUID used on a system to represent the privilege name.
904 * lpSystemName [I] Name of the system
905 * lpName [I] Name of the privilege
906 * pLuid [O] Destination for the resulting LUID
909 * Success: TRUE. pLuid contains the requested LUID.
913 LookupPrivilegeValueA( LPCSTR lpSystemName
, LPCSTR lpName
, PLUID lpLuid
)
915 UNICODE_STRING lpSystemNameW
;
916 UNICODE_STRING lpNameW
;
919 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW
, lpSystemName
);
920 RtlCreateUnicodeStringFromAsciiz(&lpNameW
,lpName
);
921 ret
= LookupPrivilegeValueW(lpSystemNameW
.Buffer
, lpNameW
.Buffer
, lpLuid
);
922 RtlFreeUnicodeString(&lpNameW
);
923 RtlFreeUnicodeString(&lpSystemNameW
);
928 /******************************************************************************
929 * LookupPrivilegeNameA [ADVAPI32.@]
932 LookupPrivilegeNameA( LPCSTR lpSystemName
, PLUID lpLuid
, LPSTR lpName
, LPDWORD cchName
)
934 FIXME("%s %p %p %p\n", debugstr_a(lpSystemName
), lpLuid
, lpName
, cchName
);
938 /******************************************************************************
939 * LookupPrivilegeNameW [ADVAPI32.@]
942 LookupPrivilegeNameW( LPCWSTR lpSystemName
, PLUID lpLuid
, LPSTR lpName
, LPDWORD cchName
)
944 FIXME("%s %p %p %p\n", debugstr_w(lpSystemName
), lpLuid
, lpName
, cchName
);
948 /******************************************************************************
949 * GetFileSecurityA [ADVAPI32.@]
951 * Obtains Specified information about the security of a file or directory.
954 * lpFileName [I] Name of the file to get info for
955 * RequestedInformation [I] SE_ flags from "winnt.h"
956 * pSecurityDescriptor [O] Destination for security information
957 * nLength [I] Length of pSecurityDescriptor
958 * lpnLengthNeeded [O] Destination for length of returned security information
961 * Success: TRUE. pSecurityDescriptor contains the requested information.
962 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
965 * The information returned is constrained by the callers access rights and
969 GetFileSecurityA( LPCSTR lpFileName
,
970 SECURITY_INFORMATION RequestedInformation
,
971 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
972 DWORD nLength
, LPDWORD lpnLengthNeeded
)
974 FIXME("(%s) : stub\n", debugstr_a(lpFileName
));
978 /******************************************************************************
979 * GetFileSecurityW [ADVAPI32.@]
981 * See GetFileSecurityA.
984 GetFileSecurityW( LPCWSTR lpFileName
,
985 SECURITY_INFORMATION RequestedInformation
,
986 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
987 DWORD nLength
, LPDWORD lpnLengthNeeded
)
989 FIXME("(%s) : stub\n", debugstr_w(lpFileName
) );
994 /******************************************************************************
995 * LookupAccountSidA [ADVAPI32.@]
1002 IN OUT LPDWORD accountSize
,
1004 IN OUT LPDWORD domainSize
,
1005 OUT PSID_NAME_USE name_use
)
1007 static const char ac
[] = "Administrator";
1008 static const char dm
[] = "DOMAIN";
1009 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1010 debugstr_a(system
),sid
,
1011 account
,accountSize
,accountSize
?*accountSize
:0,
1012 domain
,domainSize
,domainSize
?*domainSize
:0,
1015 if (accountSize
) *accountSize
= strlen(ac
)+1;
1016 if (account
&& (*accountSize
> strlen(ac
)))
1017 strcpy(account
, ac
);
1019 if (domainSize
) *domainSize
= strlen(dm
)+1;
1020 if (domain
&& (*domainSize
> strlen(dm
)))
1023 if (name_use
) *name_use
= SidTypeUser
;
1027 /******************************************************************************
1028 * LookupAccountSidW [ADVAPI32.@]
1044 IN OUT LPDWORD accountSize
,
1046 IN OUT LPDWORD domainSize
,
1047 OUT PSID_NAME_USE name_use
)
1049 static const WCHAR ac
[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0};
1050 static const WCHAR dm
[] = {'D','O','M','A','I','N',0};
1051 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1052 debugstr_w(system
),sid
,
1053 account
,accountSize
,accountSize
?*accountSize
:0,
1054 domain
,domainSize
,domainSize
?*domainSize
:0,
1057 if (accountSize
) *accountSize
= strlenW(ac
)+1;
1058 if (account
&& (*accountSize
> strlenW(ac
)))
1059 strcpyW(account
, ac
);
1061 if (domainSize
) *domainSize
= strlenW(dm
)+1;
1062 if (domain
&& (*domainSize
> strlenW(dm
)))
1065 if (name_use
) *name_use
= SidTypeUser
;
1069 /******************************************************************************
1070 * SetFileSecurityA [ADVAPI32.@]
1071 * Sets the security of a file or directory
1073 BOOL WINAPI
SetFileSecurityA( LPCSTR lpFileName
,
1074 SECURITY_INFORMATION RequestedInformation
,
1075 PSECURITY_DESCRIPTOR pSecurityDescriptor
)
1077 FIXME("(%s) : stub\n", debugstr_a(lpFileName
));
1081 /******************************************************************************
1082 * SetFileSecurityW [ADVAPI32.@]
1083 * Sets the security of a file or directory
1087 * RequestedInformation []
1088 * pSecurityDescriptor []
1091 SetFileSecurityW( LPCWSTR lpFileName
,
1092 SECURITY_INFORMATION RequestedInformation
,
1093 PSECURITY_DESCRIPTOR pSecurityDescriptor
)
1095 FIXME("(%s) : stub\n", debugstr_w(lpFileName
) );
1099 /******************************************************************************
1100 * QueryWindows31FilesMigration [ADVAPI32.@]
1106 QueryWindows31FilesMigration( DWORD x1
)
1108 FIXME("(%ld):stub\n",x1
);
1112 /******************************************************************************
1113 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1122 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1
, DWORD x2
, DWORD x3
,
1125 FIXME("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1
,x2
,x3
,x4
);
1129 /******************************************************************************
1130 * LsaOpenPolicy [ADVAPI32.@]
1140 IN PLSA_UNICODE_STRING SystemName
,
1141 IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes
,
1142 IN ACCESS_MASK DesiredAccess
,
1143 IN OUT PLSA_HANDLE PolicyHandle
)
1145 FIXME("(%s,%p,0x%08lx,%p):stub\n",
1146 SystemName
?debugstr_w(SystemName
->Buffer
):"null",
1147 ObjectAttributes
, DesiredAccess
, PolicyHandle
);
1148 ADVAPI_ForceLocalComputer(SystemName
? SystemName
->Buffer
: NULL
,
1149 STATUS_ACCESS_VIOLATION
);
1150 dumpLsaAttributes(ObjectAttributes
);
1151 if(PolicyHandle
) *PolicyHandle
= (LSA_HANDLE
)0xcafe;
1152 return STATUS_SUCCESS
;
1155 /******************************************************************************
1156 * LsaQueryInformationPolicy [ADVAPI32.@]
1159 LsaQueryInformationPolicy(
1160 IN LSA_HANDLE PolicyHandle
,
1161 IN POLICY_INFORMATION_CLASS InformationClass
,
1164 FIXME("(%p,0x%08x,%p):stub\n",
1165 PolicyHandle
, InformationClass
, Buffer
);
1167 if(!Buffer
) return FALSE
;
1168 switch (InformationClass
)
1170 case PolicyAuditEventsInformation
: /* 2 */
1172 PPOLICY_AUDIT_EVENTS_INFO p
= HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY
, sizeof(POLICY_AUDIT_EVENTS_INFO
));
1173 p
->AuditingMode
= FALSE
; /* no auditing */
1177 case PolicyPrimaryDomainInformation
: /* 3 */
1178 case PolicyAccountDomainInformation
: /* 5 */
1181 { POLICY_PRIMARY_DOMAIN_INFO ppdi
;
1184 SID_IDENTIFIER_AUTHORITY localSidAuthority
= {SECURITY_NT_AUTHORITY
};
1186 struct di
* xdi
= HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY
, sizeof(xdi
));
1187 RtlCreateUnicodeStringFromAsciiz(&(xdi
->ppdi
.Name
), "DOMAIN");
1189 xdi
->ppdi
.Sid
= &(xdi
->sid
);
1190 xdi
->sid
.Revision
= SID_REVISION
;
1191 xdi
->sid
.SubAuthorityCount
= 1;
1192 xdi
->sid
.IdentifierAuthority
= localSidAuthority
;
1193 xdi
->sid
.SubAuthority
[0] = SECURITY_LOCAL_SYSTEM_RID
;
1197 case PolicyAuditLogInformation
:
1198 case PolicyPdAccountInformation
:
1199 case PolicyLsaServerRoleInformation
:
1200 case PolicyReplicaSourceInformation
:
1201 case PolicyDefaultQuotaInformation
:
1202 case PolicyModificationInformation
:
1203 case PolicyAuditFullSetInformation
:
1204 case PolicyAuditFullQueryInformation
:
1205 case PolicyDnsDomainInformation
:
1207 FIXME("category not implemented\n");
1214 /******************************************************************************
1215 * LsaLookupSids [ADVAPI32.@]
1220 LSA_UNICODE_STRING Name
;
1222 } LSA_TRANSLATED_NAME
, *PLSA_TRANSLATED_NAME
;
1226 LSA_UNICODE_STRING Name
;
1228 } LSA_TRUST_INFORMATION
, *PLSA_TRUST_INFORMATION
;
1233 PLSA_TRUST_INFORMATION Domains
;
1234 } LSA_REFERENCED_DOMAIN_LIST
, *PLSA_REFERENCED_DOMAIN_LIST
;
1238 IN LSA_HANDLE PolicyHandle
,
1241 OUT PLSA_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
1242 OUT PLSA_TRANSLATED_NAME
*Names
)
1244 FIXME("%p %lu %p %p %p\n",
1245 PolicyHandle
, Count
, Sids
, ReferencedDomains
, Names
);
1249 /******************************************************************************
1250 * LsaFreeMemory [ADVAPI32.@]
1253 LsaFreeMemory(IN PVOID Buffer
)
1255 TRACE("(%p)\n",Buffer
);
1256 return HeapFree(GetProcessHeap(), 0, Buffer
);
1258 /******************************************************************************
1259 * LsaClose [ADVAPI32.@]
1262 LsaClose(IN LSA_HANDLE ObjectHandle
)
1264 FIXME("(%p):stub\n",ObjectHandle
);
1268 /******************************************************************************
1269 * LsaNtStatusToWinError [ADVAPI32.@]
1275 LsaNtStatusToWinError(NTSTATUS Status
)
1277 return RtlNtStatusToDosError(Status
);
1280 /******************************************************************************
1281 * NotifyBootConfigStatus [ADVAPI32.@]
1287 NotifyBootConfigStatus( DWORD x1
)
1289 FIXME("(0x%08lx):stub\n",x1
);
1293 /******************************************************************************
1294 * RevertToSelf [ADVAPI32.@]
1300 RevertToSelf( void )
1302 FIXME("(), stub\n");
1306 /******************************************************************************
1307 * ImpersonateSelf [ADVAPI32.@]
1310 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
)
1312 return RtlImpersonateSelf(ImpersonationLevel
);
1315 /******************************************************************************
1316 * ImpersonateLoggedOnUser [ADVAPI32.@]
1318 BOOL WINAPI
ImpersonateLoggedOnUser(HANDLE hToken
)
1320 FIXME("(%p):stub returning FALSE\n", hToken
);
1324 /******************************************************************************
1325 * AccessCheck [ADVAPI32.@]
1327 * FIXME check cast LPBOOL to PBOOLEAN
1331 PSECURITY_DESCRIPTOR SecurityDescriptor
,
1333 DWORD DesiredAccess
,
1334 PGENERIC_MAPPING GenericMapping
,
1335 PPRIVILEGE_SET PrivilegeSet
,
1336 LPDWORD PrivilegeSetLength
,
1337 LPDWORD GrantedAccess
,
1338 LPBOOL AccessStatus
)
1340 CallWin32ToNt (NtAccessCheck(SecurityDescriptor
, ClientToken
, DesiredAccess
,
1341 GenericMapping
, PrivilegeSet
, PrivilegeSetLength
, GrantedAccess
, (PBOOLEAN
)AccessStatus
));
1345 /******************************************************************************
1346 * AccessCheckByType [ADVAPI32.@]
1348 BOOL WINAPI
AccessCheckByType(
1349 PSECURITY_DESCRIPTOR pSecurityDescriptor
,
1350 PSID PrincipalSelfSid
,
1352 DWORD DesiredAccess
,
1353 POBJECT_TYPE_LIST ObjectTypeList
,
1354 DWORD ObjectTypeListLength
,
1355 PGENERIC_MAPPING GenericMapping
,
1356 PPRIVILEGE_SET PrivilegeSet
,
1357 LPDWORD PrivilegeSetLength
,
1358 LPDWORD GrantedAccess
,
1359 LPBOOL AccessStatus
)
1363 *AccessStatus
= TRUE
;
1365 return !*AccessStatus
;
1369 /*************************************************************************
1370 * SetKernelObjectSecurity [ADVAPI32.@]
1372 BOOL WINAPI
SetKernelObjectSecurity (
1374 IN SECURITY_INFORMATION SecurityInformation
,
1375 IN PSECURITY_DESCRIPTOR SecurityDescriptor
)
1377 CallWin32ToNt (NtSetSecurityObject (Handle
, SecurityInformation
, SecurityDescriptor
));
1381 /******************************************************************************
1382 * AddAuditAccessAce [ADVAPI32.@]
1384 BOOL WINAPI
AddAuditAccessAce(
1386 IN DWORD dwAceRevision
,
1387 IN DWORD dwAccessMask
,
1389 IN BOOL bAuditSuccess
,
1390 IN BOOL bAuditFailure
)
1396 /******************************************************************************
1397 * LookupAccountNameA [ADVAPI32.@]
1405 LPSTR ReferencedDomainName
,
1406 IN OUT LPDWORD cbReferencedDomainName
,
1407 OUT PSID_NAME_USE name_use
)
1409 FIXME("(%s,%s,%p,%p,%p,%p,%p), stub.\n",system
,account
,sid
,cbSid
,ReferencedDomainName
,cbReferencedDomainName
,name_use
);
1413 /******************************************************************************
1414 * PrivilegeCheck [ADVAPI32.@]
1416 BOOL WINAPI
PrivilegeCheck( HANDLE ClientToken
, PPRIVILEGE_SET RequiredPrivileges
, LPBOOL pfResult
)
1418 FIXME("stub %p %p %p\n", ClientToken
, RequiredPrivileges
, pfResult
);
1424 /******************************************************************************
1425 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
1427 BOOL WINAPI
AccessCheckAndAuditAlarmA(LPCSTR Subsystem
, LPVOID HandleId
, LPSTR ObjectTypeName
,
1428 LPSTR ObjectName
, PSECURITY_DESCRIPTOR SecurityDescriptor
, DWORD DesiredAccess
,
1429 PGENERIC_MAPPING GenericMapping
, BOOL ObjectCreation
, LPDWORD GrantedAccess
,
1430 LPBOOL AccessStatus
, LPBOOL pfGenerateOnClose
)
1432 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem
),
1433 HandleId
, debugstr_a(ObjectTypeName
), debugstr_a(ObjectName
),
1434 SecurityDescriptor
, DesiredAccess
, GenericMapping
,
1435 ObjectCreation
, GrantedAccess
, AccessStatus
, pfGenerateOnClose
);
1439 /******************************************************************************
1440 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
1442 BOOL WINAPI
AccessCheckAndAuditAlarmW(LPCWSTR Subsystem
, LPVOID HandleId
, LPWSTR ObjectTypeName
,
1443 LPWSTR ObjectName
, PSECURITY_DESCRIPTOR SecurityDescriptor
, DWORD DesiredAccess
,
1444 PGENERIC_MAPPING GenericMapping
, BOOL ObjectCreation
, LPDWORD GrantedAccess
,
1445 LPBOOL AccessStatus
, LPBOOL pfGenerateOnClose
)
1447 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem
),
1448 HandleId
, debugstr_w(ObjectTypeName
), debugstr_w(ObjectName
),
1449 SecurityDescriptor
, DesiredAccess
, GenericMapping
,
1450 ObjectCreation
, GrantedAccess
, AccessStatus
, pfGenerateOnClose
);
1455 /******************************************************************************
1456 * GetSecurityInfoExW [ADVAPI32.@]
1458 DWORD WINAPI
GetSecurityInfoExW(
1459 HANDLE hObject
, SE_OBJECT_TYPE ObjectType
,
1460 SECURITY_INFORMATION SecurityInfo
, LPCWSTR lpProvider
,
1461 LPCWSTR lpProperty
, PACTRL_ACCESSW
*ppAccessList
,
1462 PACTRL_AUDITW
*ppAuditList
, LPWSTR
*lppOwner
, LPWSTR
*lppGroup
1466 return ERROR_BAD_PROVIDER
;
1469 /******************************************************************************
1470 * BuildTrusteeWithSidA [ADVAPI32.@]
1472 VOID WINAPI
BuildTrusteeWithSidA(PTRUSTEEA pTrustee
, PSID pSid
)
1474 FIXME("%p %p\n", pTrustee
, pSid
);
1477 /******************************************************************************
1478 * BuildTrusteeWithSidW [ADVAPI32.@]
1480 VOID WINAPI
BuildTrusteeWithSidW(PTRUSTEEW pTrustee
, PSID pSid
)
1482 FIXME("%p %p\n", pTrustee
, pSid
);
1485 /******************************************************************************
1486 * SetEntriesInAclA [ADVAPI32.@]
1488 DWORD WINAPI
SetEntriesInAclA( ULONG count
, PEXPLICIT_ACCESSA pEntries
,
1489 PACL OldAcl
, PACL
* NewAcl
)
1491 FIXME("%ld %p %p %p\n",count
,pEntries
,OldAcl
,NewAcl
);
1492 return ERROR_CALL_NOT_IMPLEMENTED
;
1495 /******************************************************************************
1496 * SetEntriesInAclW [ADVAPI32.@]
1498 DWORD WINAPI
SetEntriesInAclW( ULONG count
, PEXPLICIT_ACCESSW pEntries
,
1499 PACL OldAcl
, PACL
* NewAcl
)
1501 FIXME("%ld %p %p %p\n",count
,pEntries
,OldAcl
,NewAcl
);
1502 return ERROR_CALL_NOT_IMPLEMENTED
;
1505 /******************************************************************************
1506 * SetNamedSecurityInfoA [ADVAPI32.@]
1508 DWORD WINAPI
SetNamedSecurityInfoA(LPSTR pObjectName
,
1509 SE_OBJECT_TYPE ObjectType
, SECURITY_INFORMATION SecurityInfo
,
1510 PSID psidOwner
, PSID psidGroup
, PACL pDacl
, PACL pSacl
)
1512 FIXME("%s %d %ld %p %p %p %p\n", debugstr_a(pObjectName
), ObjectType
,
1513 SecurityInfo
, psidOwner
, psidGroup
, pDacl
, pSacl
);
1514 return ERROR_CALL_NOT_IMPLEMENTED
;
1517 /******************************************************************************
1518 * SetNamedSecurityInfoW [ADVAPI32.@]
1520 DWORD WINAPI
SetNamedSecurityInfoW(LPWSTR pObjectName
,
1521 SE_OBJECT_TYPE ObjectType
, SECURITY_INFORMATION SecurityInfo
,
1522 PSID psidOwner
, PSID psidGroup
, PACL pDacl
, PACL pSacl
)
1524 FIXME("%s %d %ld %p %p %p %p\n", debugstr_w(pObjectName
), ObjectType
,
1525 SecurityInfo
, psidOwner
, psidGroup
, pDacl
, pSacl
);
1526 return ERROR_CALL_NOT_IMPLEMENTED
;
1529 /******************************************************************************
1530 * GetExplicitEntriesFromAclA [ADVAPI32.@]
1532 DWORD WINAPI
GetExplicitEntriesFromAclA( PACL pacl
, PULONG pcCountOfExplicitEntries
,
1533 PEXPLICIT_ACCESSA
* pListOfExplicitEntries
)
1535 FIXME("%p %p %p\n",pacl
, pcCountOfExplicitEntries
, pListOfExplicitEntries
);
1536 return ERROR_CALL_NOT_IMPLEMENTED
;
1539 /******************************************************************************
1540 * GetExplicitEntriesFromAclW [ADVAPI32.@]
1542 DWORD WINAPI
GetExplicitEntriesFromAclW( PACL pacl
, PULONG pcCountOfExplicitEntries
,
1543 PEXPLICIT_ACCESSW
* pListOfExplicitEntries
)
1545 FIXME("%p %p %p\n",pacl
, pcCountOfExplicitEntries
, pListOfExplicitEntries
);
1546 return ERROR_CALL_NOT_IMPLEMENTED
;
1550 /******************************************************************************
1551 * ParseAclStringFlags
1553 static DWORD
ParseAclStringFlags(LPCWSTR
* StringAcl
)
1556 LPCWSTR szAcl
= *StringAcl
;
1558 while (*szAcl
!= '(')
1562 flags
|= SE_DACL_PROTECTED
;
1564 else if (*szAcl
== 'A')
1568 flags
|= SE_DACL_AUTO_INHERIT_REQ
;
1569 else if (*szAcl
== 'I')
1570 flags
|= SE_DACL_AUTO_INHERITED
;
1579 /******************************************************************************
1580 * ParseAceStringType
1584 { SDDL_ACCESS_ALLOWED
, ACCESS_ALLOWED_ACE_TYPE
},
1585 { SDDL_ALARM
, SYSTEM_ALARM_ACE_TYPE
},
1586 { SDDL_AUDIT
, SYSTEM_AUDIT_ACE_TYPE
},
1587 { SDDL_ACCESS_DENIED
, ACCESS_DENIED_ACE_TYPE
},
1589 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
1590 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
1591 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
1592 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
1597 static BYTE
ParseAceStringType(LPCWSTR
* StringAcl
)
1600 LPCWSTR szAcl
= *StringAcl
;
1601 LPACEFLAG lpaf
= AceType
;
1603 while (lpaf
->wstr
&&
1604 (len
= strlenW(lpaf
->wstr
)) &&
1605 strncmpW(lpaf
->wstr
, szAcl
, len
))
1616 /******************************************************************************
1617 * ParseAceStringFlags
1619 ACEFLAG AceFlags
[] =
1621 { SDDL_CONTAINER_INHERIT
, CONTAINER_INHERIT_ACE
},
1622 { SDDL_AUDIT_FAILURE
, FAILED_ACCESS_ACE_FLAG
},
1623 { SDDL_INHERITED
, INHERITED_ACE
},
1624 { SDDL_INHERIT_ONLY
, INHERIT_ONLY_ACE
},
1625 { SDDL_NO_PROPAGATE
, NO_PROPAGATE_INHERIT_ACE
},
1626 { SDDL_OBJECT_INHERIT
, OBJECT_INHERIT_ACE
},
1627 { SDDL_AUDIT_SUCCESS
, SUCCESSFUL_ACCESS_ACE_FLAG
},
1631 static BYTE
ParseAceStringFlags(LPCWSTR
* StringAcl
)
1635 LPCWSTR szAcl
= *StringAcl
;
1637 while (*szAcl
!= ';')
1639 LPACEFLAG lpaf
= AceFlags
;
1641 while (lpaf
->wstr
&&
1642 (len
= strlenW(lpaf
->wstr
)) &&
1643 strncmpW(lpaf
->wstr
, szAcl
, len
))
1649 flags
|= lpaf
->value
;
1658 /******************************************************************************
1659 * ParseAceStringRights
1661 ACEFLAG AceRights
[] =
1663 { SDDL_GENERIC_ALL
, GENERIC_ALL
},
1664 { SDDL_GENERIC_READ
, GENERIC_READ
},
1665 { SDDL_GENERIC_WRITE
, GENERIC_WRITE
},
1666 { SDDL_GENERIC_EXECUTE
, GENERIC_EXECUTE
},
1667 { SDDL_READ_CONTROL
, READ_CONTROL
},
1668 { SDDL_STANDARD_DELETE
, DELETE
},
1669 { SDDL_WRITE_DAC
, WRITE_DAC
},
1670 { SDDL_WRITE_OWNER
, WRITE_OWNER
},
1674 static DWORD
ParseAceStringRights(LPCWSTR
* StringAcl
)
1678 LPCWSTR szAcl
= *StringAcl
;
1680 if ((*szAcl
== '0') && (*(szAcl
+ 1) == 'x'))
1684 while (*p
&& *p
!= ';')
1689 rights
= strtoulW(szAcl
, NULL
, 16);
1693 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl
, p
- szAcl
));
1697 while (*szAcl
!= ';')
1699 LPACEFLAG lpaf
= AceRights
;
1701 while (lpaf
->wstr
&&
1702 (len
= strlenW(lpaf
->wstr
)) &&
1703 strncmpW(lpaf
->wstr
, szAcl
, len
))
1711 rights
|= lpaf
->value
;
1721 /******************************************************************************
1722 * ParseStringAclToAcl
1724 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
1726 static BOOL
ParseStringAclToAcl(LPCWSTR StringAcl
, LPDWORD lpdwFlags
,
1727 PACL pAcl
, LPDWORD cBytes
)
1731 DWORD length
= sizeof(ACL
);
1732 PACCESS_ALLOWED_ACE pAce
= NULL
; /* pointer to current ACE */
1734 TRACE("%s\n", debugstr_w(StringAcl
));
1739 if (pAcl
) /* pAce is only useful if we're setting values */
1740 pAce
= (PACCESS_ALLOWED_ACE
) ((LPBYTE
)pAcl
+ sizeof(PACL
));
1742 /* Parse ACL flags */
1743 *lpdwFlags
= ParseAclStringFlags(&StringAcl
);
1746 while (*StringAcl
== '(')
1750 /* Parse ACE type */
1751 val
= ParseAceStringType(&StringAcl
);
1753 pAce
->Header
.AceType
= (BYTE
) val
;
1754 if (*StringAcl
!= ';')
1758 /* Parse ACE flags */
1759 val
= ParseAceStringFlags(&StringAcl
);
1761 pAce
->Header
.AceFlags
= (BYTE
) val
;
1762 if (*StringAcl
!= ';')
1766 /* Parse ACE rights */
1767 val
= ParseAceStringRights(&StringAcl
);
1770 if (*StringAcl
!= ';')
1774 /* Parse ACE object guid */
1775 if (*StringAcl
!= ';')
1777 FIXME("Support for *_OBJECT_ACE_TYPE not implemented");
1782 /* Parse ACE inherit object guid */
1783 if (*StringAcl
!= ';')
1785 FIXME("Support for *_OBJECT_ACE_TYPE not implemented");
1790 /* Parse ACE account sid */
1791 if (ParseStringSidToSid(StringAcl
, pAce
? (PSID
)&pAce
->SidStart
: NULL
, &sidlen
))
1793 while (*StringAcl
&& *StringAcl
!= ')')
1797 if (*StringAcl
!= ')')
1801 length
+= sizeof(ACCESS_ALLOWED_ACE
) - sizeof(DWORD
) + sidlen
;
1808 WARN("Invalid ACE string format\n");
1813 /******************************************************************************
1814 * ParseStringSecurityDescriptorToSecurityDescriptor
1816 static BOOL
ParseStringSecurityDescriptorToSecurityDescriptor(
1817 LPCWSTR StringSecurityDescriptor
,
1818 PSECURITY_DESCRIPTOR SecurityDescriptor
,
1823 WCHAR tok
[MAX_PATH
];
1825 LPBYTE lpNext
= NULL
;
1829 if (SecurityDescriptor
)
1830 lpNext
= ((LPBYTE
) SecurityDescriptor
) + sizeof(SECURITY_DESCRIPTOR
);
1832 while (*StringSecurityDescriptor
)
1834 toktype
= *StringSecurityDescriptor
;
1836 /* Expect char identifier followed by ':' */
1837 StringSecurityDescriptor
++;
1838 if (*StringSecurityDescriptor
!= ':')
1840 SetLastError(ERROR_INVALID_PARAMETER
);
1843 StringSecurityDescriptor
++;
1846 lptoken
= StringSecurityDescriptor
;
1847 while (*lptoken
&& *lptoken
!= ':')
1853 strncpyW(tok
, StringSecurityDescriptor
, lptoken
- StringSecurityDescriptor
);
1861 if (!ParseStringSidToSid(tok
, (PSID
)lpNext
, &bytes
))
1864 if (SecurityDescriptor
)
1866 SecurityDescriptor
->Owner
= (PSID
) ((DWORD
) lpNext
-
1867 (DWORD
) SecurityDescriptor
);
1868 lpNext
+= bytes
; /* Advance to next token */
1880 if (!ParseStringSidToSid(tok
, (PSID
)lpNext
, &bytes
))
1883 if (SecurityDescriptor
)
1885 SecurityDescriptor
->Group
= (PSID
) ((DWORD
) lpNext
-
1886 (DWORD
) SecurityDescriptor
);
1887 lpNext
+= bytes
; /* Advance to next token */
1900 if (!ParseStringAclToAcl(tok
, &flags
, (PACL
)lpNext
, &bytes
))
1903 if (SecurityDescriptor
)
1905 SecurityDescriptor
->Control
|= SE_DACL_PRESENT
| flags
;
1906 SecurityDescriptor
->Dacl
= (PACL
) ((DWORD
) lpNext
-
1907 (DWORD
) SecurityDescriptor
);
1908 lpNext
+= bytes
; /* Advance to next token */
1921 if (!ParseStringAclToAcl(tok
, &flags
, (PACL
)lpNext
, &bytes
))
1924 if (SecurityDescriptor
)
1926 SecurityDescriptor
->Control
|= SE_SACL_PRESENT
| flags
;
1927 SecurityDescriptor
->Sacl
= (PACL
) ((DWORD
) lpNext
-
1928 (DWORD
) SecurityDescriptor
);
1929 lpNext
+= bytes
; /* Advance to next token */
1938 FIXME("Unknown token\n");
1939 SetLastError(ERROR_INVALID_PARAMETER
);
1943 StringSecurityDescriptor
= lptoken
;
1952 /******************************************************************************
1953 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
1955 BOOL WINAPI
ConvertStringSecurityDescriptorToSecurityDescriptorW(
1956 LPCWSTR StringSecurityDescriptor
,
1957 DWORD StringSDRevision
,
1958 PSECURITY_DESCRIPTOR
* SecurityDescriptor
,
1959 PULONG SecurityDescriptorSize
)
1962 PSECURITY_DESCRIPTOR psd
;
1965 TRACE("%s\n", debugstr_w(StringSecurityDescriptor
));
1967 if (GetVersion() & 0x80000000)
1969 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
1972 else if (StringSDRevision
!= SID_REVISION
)
1974 SetLastError(ERROR_UNKNOWN_REVISION
);
1978 /* Compute security descriptor length */
1979 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor
,
1983 psd
= *SecurityDescriptor
= (PSECURITY_DESCRIPTOR
) LocalAlloc(
1984 GMEM_ZEROINIT
, cBytes
);
1986 psd
->Revision
= SID_REVISION
;
1987 psd
->Control
|= SE_SELF_RELATIVE
;
1989 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor
,
1996 if (SecurityDescriptorSize
)
1997 *SecurityDescriptorSize
= cBytes
;
2002 TRACE(" ret=%d\n", bret
);
2006 /******************************************************************************
2007 * ConvertStringSidToSidW [ADVAPI32.@]
2009 BOOL WINAPI
ConvertStringSidToSidW(LPCWSTR StringSid
, PSID
* Sid
)
2014 if (GetVersion() & 0x80000000)
2015 SetLastError(ERROR_CALL_NOT_IMPLEMENTED
);
2016 else if (ParseStringSidToSid(StringSid
, NULL
, &cBytes
))
2018 PSID pSid
= *Sid
= (PSID
) LocalAlloc(0, cBytes
);
2020 bret
= ParseStringSidToSid(StringSid
, pSid
, &cBytes
);
2028 /******************************************************************************
2029 * ComputeStringSidSize
2031 static DWORD
ComputeStringSidSize(LPCWSTR StringSid
)
2034 DWORD size
= sizeof(SID
);
2038 if (*StringSid
== '-')
2044 size
+= (ctok
- 3) * sizeof(DWORD
);
2049 /******************************************************************************
2050 * ParseStringSidToSid
2052 static BOOL
ParseStringSidToSid(LPCWSTR StringSid
, PSID pSid
, LPDWORD cBytes
)
2058 SetLastError(ERROR_INVALID_PARAMETER
);
2062 *cBytes
= ComputeStringSidSize(StringSid
);
2063 if (!pSid
) /* Simply compute the size */
2066 if (*StringSid
!= 'S' || *StringSid
!= '-') /* S-R-I-S-S */
2069 int csubauth
= ((*cBytes
- sizeof(SID
)) / sizeof(DWORD
)) + 1;
2071 StringSid
+= 2; /* Advance to Revision */
2072 pSid
->Revision
= atoiW(StringSid
);
2074 if (pSid
->Revision
!= SDDL_REVISION
)
2075 goto lend
; /* ERROR_INVALID_SID */
2077 pSid
->SubAuthorityCount
= csubauth
;
2079 while (*StringSid
&& *StringSid
!= '-')
2080 StringSid
++; /* Advance to identifier authority */
2082 pSid
->IdentifierAuthority
.Value
[5] = atoiW(StringSid
);
2084 if (pSid
->IdentifierAuthority
.Value
[5] > 5)
2085 goto lend
; /* ERROR_INVALID_SID */
2089 while (*StringSid
&& *StringSid
!= '-')
2092 pSid
->SubAuthority
[i
++] = atoiW(StringSid
);
2095 if (i
!= pSid
->SubAuthorityCount
)
2096 goto lend
; /* ERROR_INVALID_SID */
2100 else /* String constant format - Only available in winxp and above */
2102 pSid
->Revision
= SDDL_REVISION
;
2103 pSid
->SubAuthorityCount
= 1;
2105 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid
, 2));
2107 /* TODO: Lookup string of well-known SIDs in table */
2108 pSid
->IdentifierAuthority
.Value
[5] = 0;
2109 pSid
->SubAuthority
[0] = 0;
2116 SetLastError(ERROR_INVALID_SID
);
2121 /******************************************************************************
2122 * GetNamedSecurityInfoA [ADVAPI32.@]
2124 DWORD WINAPI
GetNamedSecurityInfoA(LPSTR pObjectName
,
2125 SE_OBJECT_TYPE ObjectType
, SECURITY_INFORMATION SecurityInfo
,
2126 PSID
* ppsidOwner
, PSID
* ppsidGroup
, PACL
* ppDacl
, PACL
* ppSacl
,
2127 PSECURITY_DESCRIPTOR
* ppSecurityDescriptor
)
2129 FIXME("%s %d %ld %p %p %p %p %p\n", pObjectName
, ObjectType
, SecurityInfo
,
2130 ppsidOwner
, ppsidGroup
, ppDacl
, ppSacl
, ppSecurityDescriptor
);
2131 return ERROR_CALL_NOT_IMPLEMENTED
;
2134 /******************************************************************************
2135 * GetNamedSecurityInfoW [ADVAPI32.@]
2137 DWORD WINAPI
GetNamedSecurityInfoW(LPWSTR pObjectName
,
2138 SE_OBJECT_TYPE ObjectType
, SECURITY_INFORMATION SecurityInfo
,
2139 PSID
* ppsidOwner
, PSID
* ppsidGroup
, PACL
* ppDacl
, PACL
* ppSacl
,
2140 PSECURITY_DESCRIPTOR
* ppSecurityDescriptor
)
2142 FIXME("%s %d %ld %p %p %p %p %p\n", debugstr_w(pObjectName
), ObjectType
, SecurityInfo
,
2143 ppsidOwner
, ppsidGroup
, ppDacl
, ppSacl
, ppSecurityDescriptor
);
2144 return ERROR_CALL_NOT_IMPLEMENTED
;