search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dpwsockx: Implementation of SPInit
[wine/gsoc_dplay.git] / dlls / advapi32 / security.c
blob9bb76d569ad9a21ca3d6f9ae6244305305fd685c
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 *
20 */
21
22 #include <stdarg.h>
23 #include <string.h>
24
25 #include "ntstatus.h"
26 #define WIN32_NO_STATUS
27 #include "windef.h"
28 #include "winbase.h"
29 #include "winerror.h"
30 #include "winreg.h"
31 #include "winsafer.h"
32 #include "winternl.h"
33 #include "winioctl.h"
34 #include "ntsecapi.h"
35 #include "accctrl.h"
36 #include "sddl.h"
37 #include "winsvc.h"
38 #include "aclapi.h"
39 #include "objbase.h"
40 #include "iads.h"
41 #include "advapi32_misc.h"
42 #include "lmcons.h"
43
44 #include "wine/debug.h"
45 #include "wine/unicode.h"
46
47 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
48
49 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
50 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
51 PACL pAcl, LPDWORD cBytes);
52 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
53 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
54 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
55 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
56 LPCWSTR StringSecurityDescriptor,
57 SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
58 LPDWORD cBytes);
59 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
60
61 typedef struct _ACEFLAG
62 {
63 LPCWSTR wstr;
64 DWORD value;
65 } ACEFLAG, *LPACEFLAG;
66
67 typedef struct _MAX_SID
68 {
69 /* same fields as struct _SID */
70 BYTE Revision;
71 BYTE SubAuthorityCount;
72 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
73 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
74 } MAX_SID;
75
76 typedef struct WELLKNOWNSID
77 {
78 WCHAR wstr[2];
79 WELL_KNOWN_SID_TYPE Type;
80 MAX_SID Sid;
81 } WELLKNOWNSID;
82
83 static const WELLKNOWNSID WellKnownSids[] =
84 {
85 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
86 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
87 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
88 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
89 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
90 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
91 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
92 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
93 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
94 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
95 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
96 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
97 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
98 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
99 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
100 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
101 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
102 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
103 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
104 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
105 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
106 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
107 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
108 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
109 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
110 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
111 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
112 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
113 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
114 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
115 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
116 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
117 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
118 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
119 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
120 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
121 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
122 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
123 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
124 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
125 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
126 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
127 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
128 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
129 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
130 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
131 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
132 { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
133 { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
134 { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
135 { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
136 { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
137 };
138
139 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
140 typedef struct WELLKNOWNRID
141 {
142 WELL_KNOWN_SID_TYPE Type;
143 DWORD Rid;
144 } WELLKNOWNRID;
145
146 static const WELLKNOWNRID WellKnownRids[] = {
147 { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
148 { WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
149 { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
150 { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
151 { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
152 { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
153 { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
154 { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
155 { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
156 { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
157 { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
158 { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
159 { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
160 };
161
162
163 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
164
165 typedef struct _AccountSid {
166 WELL_KNOWN_SID_TYPE type;
167 LPCWSTR account;
168 LPCWSTR domain;
169 SID_NAME_USE name_use;
170 LPCWSTR alias;
171 } AccountSid;
172
173 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
174 static const WCHAR Administrator[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0 };
175 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 };
176 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 };
177 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 };
178 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 };
179 static const WCHAR BATCH[] = { 'B','A','T','C','H',0 };
180 static const WCHAR Blank[] = { 0 };
181 static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 };
182 static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 };
183 static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 };
184 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
185 static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 };
186 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
187 static const WCHAR CURRENT_USER[] = { 'C','U','R','R','E','N','T','_','U','S','E','R',0 };
188 static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 };
189 static const WCHAR Digest_Authentication[] = { 'D','i','g','e','s','t',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
190 static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0};
191 static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','i','n','s',0 };
192 static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
193 static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
194 static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 };
195 static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 };
196 static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
197 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
198 static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 };
199 static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 };
200 static const WCHAR Guest[] = { 'G','u','e','s','t',0 };
201 static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 };
202 static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 };
203 static const WCHAR LOCAL[] = { 'L','O','C','A','L',0 };
204 static const WCHAR LOCAL_SERVICE[] = { 'L','O','C','A','L',' ','S','E','R','V','I','C','E',0 };
205 static const WCHAR LOCAL_SERVICE2[] = { 'L','O','C','A','L','S','E','R','V','I','C','E',0 };
206 static const WCHAR NETWORK[] = { 'N','E','T','W','O','R','K',0 };
207 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 };
208 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 };
209 static const WCHAR NETWORK_SERVICE2[] = { 'N','E','T','W','O','R','K','S','E','R','V','I','C','E',0 };
210 static const WCHAR NT_AUTHORITY[] = { 'N','T',' ','A','U','T','H','O','R','I','T','Y',0 };
211 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
212 static const WCHAR NTML_Authentication[] = { 'N','T','M','L',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
213 static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 };
214 static const WCHAR Other_Organization[] = { 'O','t','h','e','r',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
215 static const WCHAR Performance_Log_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','L','o','g',' ','U','s','e','r','s',0 };
216 static const WCHAR Performance_Monitor_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','M','o','n','i','t','o','r',' ','U','s','e','r','s',0 };
217 static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 };
218 static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','0','0','0',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 };
219 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
220 static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 };
221 static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 };
222 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
223 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
224 static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 };
225 static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 };
226 static const WCHAR SChannel_Authentication[] = { 'S','C','h','a','n','n','e','l',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
227 static const WCHAR Schema_Admins[] = { 'S','c','h','e','m','a',' ','A','d','m','i','n','s',0 };
228 static const WCHAR SELF[] = { 'S','E','L','F',0 };
229 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
230 static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 };
231 static const WCHAR SYSTEM[] = { 'S','Y','S','T','E','M',0 };
232 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 };
233 static const WCHAR This_Organization[] = { 'T','h','i','s',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
234 static const WCHAR Users[] = { 'U','s','e','r','s',0 };
235
236 static const AccountSid ACCOUNT_SIDS[] = {
237 { WinNullSid, NULL_SID, Blank, SidTypeWellKnownGroup },
238 { WinWorldSid, Everyone, Blank, SidTypeWellKnownGroup },
239 { WinLocalSid, LOCAL, Blank, SidTypeWellKnownGroup },
240 { WinCreatorOwnerSid, CREATOR_OWNER, Blank, SidTypeWellKnownGroup },
241 { WinCreatorGroupSid, CREATOR_GROUP, Blank, SidTypeWellKnownGroup },
242 { WinCreatorOwnerServerSid, CREATOR_OWNER_SERVER, Blank, SidTypeWellKnownGroup },
243 { WinCreatorGroupServerSid, CREATOR_GROUP_SERVER, Blank, SidTypeWellKnownGroup },
244 { WinNtAuthoritySid, NT_Pseudo_Domain, NT_Pseudo_Domain, SidTypeDomain },
245 { WinDialupSid, DIALUP, NT_AUTHORITY, SidTypeWellKnownGroup },
246 { WinNetworkSid, NETWORK, NT_AUTHORITY, SidTypeWellKnownGroup },
247 { WinBatchSid, BATCH, NT_AUTHORITY, SidTypeWellKnownGroup },
248 { WinInteractiveSid, INTERACTIVE, NT_AUTHORITY, SidTypeWellKnownGroup },
249 { WinServiceSid, SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
250 { WinAnonymousSid, ANONYMOUS_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
251 { WinProxySid, PROXY, NT_AUTHORITY, SidTypeWellKnownGroup },
252 { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup },
253 { WinSelfSid, SELF, NT_AUTHORITY, SidTypeWellKnownGroup },
254 { WinAuthenticatedUserSid, Authenticated_Users, NT_AUTHORITY, SidTypeWellKnownGroup },
255 { WinRestrictedCodeSid, RESTRICTED, NT_AUTHORITY, SidTypeWellKnownGroup },
256 { WinTerminalServerSid, TERMINAL_SERVER_USER, NT_AUTHORITY, SidTypeWellKnownGroup },
257 { WinRemoteLogonIdSid, REMOTE_INTERACTIVE_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
258 { WinLocalSystemSid, SYSTEM, NT_AUTHORITY, SidTypeWellKnownGroup },
259 { WinLocalServiceSid, LOCAL_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup, LOCAL_SERVICE2 },
260 { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup , NETWORK_SERVICE2},
261 { WinBuiltinDomainSid, BUILTIN, BUILTIN, SidTypeDomain },
262 { WinBuiltinAdministratorsSid, Administrators, BUILTIN, SidTypeAlias },
263 { WinBuiltinUsersSid, Users, BUILTIN, SidTypeAlias },
264 { WinBuiltinGuestsSid, Guests, BUILTIN, SidTypeAlias },
265 { WinBuiltinPowerUsersSid, Power_Users, BUILTIN, SidTypeAlias },
266 { WinBuiltinAccountOperatorsSid, Account_Operators, BUILTIN, SidTypeAlias },
267 { WinBuiltinSystemOperatorsSid, Server_Operators, BUILTIN, SidTypeAlias },
268 { WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias },
269 { WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias },
270 { WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias },
271 { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias },
272 { WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias },
273 { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
274 { WinNTLMAuthenticationSid, NTML_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
275 { WinDigestAuthenticationSid, Digest_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
276 { WinSChannelAuthenticationSid, SChannel_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
277 { WinThisOrganizationSid, This_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
278 { WinOtherOrganizationSid, Other_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
279 { WinBuiltinPerfMonitoringUsersSid, Performance_Monitor_Users, BUILTIN, SidTypeAlias },
280 { WinBuiltinPerfLoggingUsersSid, Performance_Log_Users, BUILTIN, SidTypeAlias },
281 };
282 /*
283 * ACE access rights
284 */
285 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
286 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
287 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
288 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
289
290 static const WCHAR SDDL_READ_PROPERTY[] = {'R','P',0};
291 static const WCHAR SDDL_WRITE_PROPERTY[] = {'W','P',0};
292 static const WCHAR SDDL_CREATE_CHILD[] = {'C','C',0};
293 static const WCHAR SDDL_DELETE_CHILD[] = {'D','C',0};
294 static const WCHAR SDDL_LIST_CHILDREN[] = {'L','C',0};
295 static const WCHAR SDDL_SELF_WRITE[] = {'S','W',0};
296 static const WCHAR SDDL_LIST_OBJECT[] = {'L','O',0};
297 static const WCHAR SDDL_DELETE_TREE[] = {'D','T',0};
298 static const WCHAR SDDL_CONTROL_ACCESS[] = {'C','R',0};
299
300 static const WCHAR SDDL_FILE_ALL[] = {'F','A',0};
301 static const WCHAR SDDL_FILE_READ[] = {'F','R',0};
302 static const WCHAR SDDL_FILE_WRITE[] = {'F','W',0};
303 static const WCHAR SDDL_FILE_EXECUTE[] = {'F','X',0};
304
305 static const WCHAR SDDL_KEY_ALL[] = {'K','A',0};
306 static const WCHAR SDDL_KEY_READ[] = {'K','R',0};
307 static const WCHAR SDDL_KEY_WRITE[] = {'K','W',0};
308 static const WCHAR SDDL_KEY_EXECUTE[] = {'K','X',0};
309
310 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
311 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
312 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
313 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
314
315 /*
316 * ACL flags
317 */
318 static const WCHAR SDDL_PROTECTED[] = {'P',0};
319 static const WCHAR SDDL_AUTO_INHERIT_REQ[] = {'A','R',0};
320 static const WCHAR SDDL_AUTO_INHERITED[] = {'A','I',0};
321
322 /*
323 * ACE types
324 */
325 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
326 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
327 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
328 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
329 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
330 static const WCHAR SDDL_ALARM[] = {'A','L',0};
331 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
332 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
333
334 /*
335 * ACE flags
336 */
337 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
338 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
339 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
340 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
341 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
342 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
343 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
344
345 const char * debugstr_sid(PSID sid)
346 {
347 int auth = 0;
348 SID * psid = sid;
349
350 if (psid == NULL)
351 return "(null)";
352
353 auth = psid->IdentifierAuthority.Value[5] +
354 (psid->IdentifierAuthority.Value[4] << 8) +
355 (psid->IdentifierAuthority.Value[3] << 16) +
356 (psid->IdentifierAuthority.Value[2] << 24);
357
358 switch (psid->SubAuthorityCount) {
359 case 0:
360 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
361 case 1:
362 return wine_dbg_sprintf("S-%d-%d-%u", psid->Revision, auth,
363 psid->SubAuthority[0]);
364 case 2:
365 return wine_dbg_sprintf("S-%d-%d-%u-%u", psid->Revision, auth,
366 psid->SubAuthority[0], psid->SubAuthority[1]);
367 case 3:
368 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u", psid->Revision, auth,
369 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
370 case 4:
371 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u", psid->Revision, auth,
372 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
373 psid->SubAuthority[3]);
374 case 5:
375 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u", psid->Revision, auth,
376 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
377 psid->SubAuthority[3], psid->SubAuthority[4]);
378 case 6:
379 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
380 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
381 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
382 case 7:
383 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
384 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
385 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
386 psid->SubAuthority[6]);
387 case 8:
388 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
389 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
390 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
391 psid->SubAuthority[6], psid->SubAuthority[7]);
392 }
393 return "(too-big)";
394 }
395
396 /* set last error code from NT status and get the proper boolean return value */
397 /* used for functions that are a simple wrapper around the corresponding ntdll API */
398 static inline BOOL set_ntstatus( NTSTATUS status )
399 {
400 if (status) SetLastError( RtlNtStatusToDosError( status ));
401 return !status;
402 }
403
404 #define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD))
405
406 static void GetWorldAccessACL(PACL pACL)
407 {
408 PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1);
409
410 pACL->AclRevision = ACL_REVISION;
411 pACL->Sbz1 = 0;
412 pACL->AclSize = WINE_SIZE_OF_WORLD_ACCESS_ACL;
413 pACL->AceCount = 1;
414 pACL->Sbz2 = 0;
415
416 pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
417 pACE->Header.AceFlags = CONTAINER_INHERIT_ACE;
418 pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD);
419 pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */
420 memcpy(&pACE->SidStart, &sidWorld, sizeof(sidWorld));
421 }
422
423 /************************************************************
424 * ADVAPI_IsLocalComputer
425 *
426 * Checks whether the server name indicates local machine.
427 */
428 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
429 {
430 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
431 BOOL Result;
432 LPWSTR buf;
433
434 if (!ServerName || !ServerName[0])
435 return TRUE;
436
437 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
438 Result = GetComputerNameW(buf, &dwSize);
439 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
440 ServerName += 2;
441 Result = Result && !lstrcmpW(ServerName, buf);
442 HeapFree(GetProcessHeap(), 0, buf);
443
444 return Result;
445 }
446
447 /************************************************************
448 * ADVAPI_GetComputerSid
449 *
450 * Reads the computer SID from the registry.
451 */
452 BOOL ADVAPI_GetComputerSid(PSID sid)
453 {
454 HKEY key;
455 LONG ret;
456 BOOL retval = FALSE;
457 static const WCHAR Account[] = { 'S','E','C','U','R','I','T','Y','\\','S','A','M','\\','D','o','m','a','i','n','s','\\','A','c','c','o','u','n','t',0 };
458 static const WCHAR V[] = { 'V',0 };
459
460 if ((ret = RegOpenKeyExW(HKEY_LOCAL_MACHINE, Account, 0,
461 KEY_READ, &key)) == ERROR_SUCCESS)
462 {
463 DWORD size = 0;
464 ret = RegQueryValueExW(key, V, NULL, NULL, NULL, &size);
465 if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS)
466 {
467 BYTE * data = HeapAlloc(GetProcessHeap(), 0, size);
468 if (data)
469 {
470 if ((ret = RegQueryValueExW(key, V, NULL, NULL,
471 data, &size)) == ERROR_SUCCESS)
472 {
473 /* the SID is in the last 24 bytes of the binary data */
474 CopyMemory(sid, &data[size-24], 24);
475 retval = TRUE;
476 }
477 HeapFree(GetProcessHeap(), 0, data);
478 }
479 }
480 RegCloseKey(key);
481 }
482
483 if(retval == TRUE) return retval;
484
485 /* create a new random SID */
486 if (RegCreateKeyExW(HKEY_LOCAL_MACHINE, Account,
487 0, NULL, 0, KEY_ALL_ACCESS, NULL, &key, NULL) == ERROR_SUCCESS)
488 {
489 PSID new_sid;
490 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
491 DWORD id[3];
492
493 if (RtlGenRandom(id, sizeof(id)))
494 {
495 if (AllocateAndInitializeSid(&identifierAuthority, 4, SECURITY_NT_NON_UNIQUE, id[0], id[1], id[2], 0, 0, 0, 0, &new_sid))
496 {
497 if (RegSetValueExW(key, V, 0, REG_BINARY, new_sid, GetLengthSid(new_sid)) == ERROR_SUCCESS)
498 retval = CopySid(GetLengthSid(new_sid), sid, new_sid);
499
500 FreeSid(new_sid);
501 }
502 }
503 RegCloseKey(key);
504 }
505
506 return retval;
507 }
508
509 /* ##############################
510 ###### TOKEN FUNCTIONS ######
511 ##############################
512 */
513
514 /******************************************************************************
515 * OpenProcessToken [ADVAPI32.@]
516 * Opens the access token associated with a process handle.
517 *
518 * PARAMS
519 * ProcessHandle [I] Handle to process
520 * DesiredAccess [I] Desired access to process
521 * TokenHandle [O] Pointer to handle of open access token
522 *
523 * RETURNS
524 * Success: TRUE. TokenHandle contains the access token.
525 * Failure: FALSE.
526 *
527 * NOTES
528 * See NtOpenProcessToken.
529 */
530 BOOL WINAPI
531 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
532 HANDLE *TokenHandle )
533 {
534 return set_ntstatus(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
535 }
536
537 /******************************************************************************
538 * OpenThreadToken [ADVAPI32.@]
539 *
540 * Opens the access token associated with a thread handle.
541 *
542 * PARAMS
543 * ThreadHandle [I] Handle to process
544 * DesiredAccess [I] Desired access to the thread
545 * OpenAsSelf [I] ???
546 * TokenHandle [O] Destination for the token handle
547 *
548 * RETURNS
549 * Success: TRUE. TokenHandle contains the access token.
550 * Failure: FALSE.
551 *
552 * NOTES
553 * See NtOpenThreadToken.
554 */
555 BOOL WINAPI
556 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
557 BOOL OpenAsSelf, HANDLE *TokenHandle)
558 {
559 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
560 }
561
562 BOOL WINAPI
563 AdjustTokenGroups( HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState,
564 DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength )
565 {
566 return set_ntstatus( NtAdjustGroupsToken(TokenHandle, ResetToDefault, NewState, BufferLength,
567 PreviousState, ReturnLength));
568 }
569
570 /******************************************************************************
571 * AdjustTokenPrivileges [ADVAPI32.@]
572 *
573 * Adjust the privileges of an open token handle.
574 *
575 * PARAMS
576 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
577 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
578 * NewState [I] Desired new privileges of the token
579 * BufferLength [I] Length of NewState
580 * PreviousState [O] Destination for the previous state
581 * ReturnLength [I/O] Size of PreviousState
582 *
583 *
584 * RETURNS
585 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
586 * Failure: FALSE.
587 *
588 * NOTES
589 * See NtAdjustPrivilegesToken.
590 */
591 BOOL WINAPI
592 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
593 PTOKEN_PRIVILEGES NewState, DWORD BufferLength,
594 PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength )
595 {
596 NTSTATUS status;
597
598 TRACE("\n");
599
600 status = NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges,
601 NewState, BufferLength, PreviousState,
602 ReturnLength);
603 SetLastError( RtlNtStatusToDosError( status ));
604 if ((status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED))
605 return TRUE;
606 else
607 return FALSE;
608 }
609
610 /******************************************************************************
611 * CheckTokenMembership [ADVAPI32.@]
612 *
613 * Determine if an access token is a member of a SID.
614 *
615 * PARAMS
616 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
617 * SidToCheck [I] SID that possibly contains the token
618 * IsMember [O] Destination for result.
619 *
620 * RETURNS
621 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
622 * Failure: FALSE.
623 */
624 BOOL WINAPI
625 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
626 PBOOL IsMember )
627 {
628 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
629
630 *IsMember = TRUE;
631 return(TRUE);
632 }
633
634 /******************************************************************************
635 * GetTokenInformation [ADVAPI32.@]
636 *
637 * Get a type of information about an access token.
638 *
639 * PARAMS
640 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
641 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
642 * tokeninfo [O] Destination for token information
643 * tokeninfolength [I] Length of tokeninfo
644 * retlen [O] Destination for returned token information length
645 *
646 * RETURNS
647 * Success: TRUE. tokeninfo contains retlen bytes of token information
648 * Failure: FALSE.
649 *
650 * NOTES
651 * See NtQueryInformationToken.
652 */
653 BOOL WINAPI
654 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
655 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
656 {
657 TRACE("(%p, %s, %p, %d, %p):\n",
658 token,
659 (tokeninfoclass == TokenUser) ? "TokenUser" :
660 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
661 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
662 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
663 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
664 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
665 (tokeninfoclass == TokenSource) ? "TokenSource" :
666 (tokeninfoclass == TokenType) ? "TokenType" :
667 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
668 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
669 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
670 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
671 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
672 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
673 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
674 "Unknown",
675 tokeninfo, tokeninfolength, retlen);
676 return set_ntstatus( NtQueryInformationToken( token, tokeninfoclass, tokeninfo,
677 tokeninfolength, retlen));
678 }
679
680 /******************************************************************************
681 * SetTokenInformation [ADVAPI32.@]
682 *
683 * Set information for an access token.
684 *
685 * PARAMS
686 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
687 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
688 * tokeninfo [I] Token information to set
689 * tokeninfolength [I] Length of tokeninfo
690 *
691 * RETURNS
692 * Success: TRUE. The information for the token is set to tokeninfo.
693 * Failure: FALSE.
694 */
695 BOOL WINAPI
696 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
697 LPVOID tokeninfo, DWORD tokeninfolength )
698 {
699 TRACE("(%p, %s, %p, %d): stub\n",
700 token,
701 (tokeninfoclass == TokenUser) ? "TokenUser" :
702 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
703 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
704 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
705 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
706 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
707 (tokeninfoclass == TokenSource) ? "TokenSource" :
708 (tokeninfoclass == TokenType) ? "TokenType" :
709 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
710 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
711 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
712 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
713 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
714 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
715 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
716 "Unknown",
717 tokeninfo, tokeninfolength);
718
719 return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
720 }
721
722 /*************************************************************************
723 * SetThreadToken [ADVAPI32.@]
724 *
725 * Assigns an 'impersonation token' to a thread so it can assume the
726 * security privileges of another thread or process. Can also remove
727 * a previously assigned token.
728 *
729 * PARAMS
730 * thread [O] Handle to thread to set the token for
731 * token [I] Token to set
732 *
733 * RETURNS
734 * Success: TRUE. The threads access token is set to token
735 * Failure: FALSE.
736 *
737 * NOTES
738 * Only supported on NT or higher. On Win9X this function does nothing.
739 * See SetTokenInformation.
740 */
741 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
742 {
743 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
744 ThreadImpersonationToken, &token, sizeof token ));
745 }
746
747 /*************************************************************************
748 * CreateRestrictedToken [ADVAPI32.@]
749 *
750 * Create a new more restricted token from an existing token.
751 *
752 * PARAMS
753 * baseToken [I] Token to base the new restricted token on
754 * flags [I] Options
755 * nDisableSids [I] Length of disableSids array
756 * disableSids [I] Array of SIDs to disable in the new token
757 * nDeletePrivs [I] Length of deletePrivs array
758 * deletePrivs [I] Array of privileges to delete in the new token
759 * nRestrictSids [I] Length of restrictSids array
760 * restrictSids [I] Array of SIDs to restrict in the new token
761 * newToken [O] Address where the new token is stored
762 *
763 * RETURNS
764 * Success: TRUE
765 * Failure: FALSE
766 */
767 BOOL WINAPI CreateRestrictedToken(
768 HANDLE baseToken,
769 DWORD flags,
770 DWORD nDisableSids,
771 PSID_AND_ATTRIBUTES disableSids,
772 DWORD nDeletePrivs,
773 PLUID_AND_ATTRIBUTES deletePrivs,
774 DWORD nRestrictSids,
775 PSID_AND_ATTRIBUTES restrictSids,
776 PHANDLE newToken)
777 {
778 FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n",
779 baseToken, flags, nDisableSids, disableSids,
780 nDeletePrivs, deletePrivs,
781 nRestrictSids, restrictSids,
782 newToken);
783 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
784 return FALSE;
785 }
786
787 /* ##############################
788 ###### SID FUNCTIONS ######
789 ##############################
790 */
791
792 /******************************************************************************
793 * AllocateAndInitializeSid [ADVAPI32.@]
794 *
795 * PARAMS
796 * pIdentifierAuthority []
797 * nSubAuthorityCount []
798 * nSubAuthority0 []
799 * nSubAuthority1 []
800 * nSubAuthority2 []
801 * nSubAuthority3 []
802 * nSubAuthority4 []
803 * nSubAuthority5 []
804 * nSubAuthority6 []
805 * nSubAuthority7 []
806 * pSid []
807 */
808 BOOL WINAPI
809 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
810 BYTE nSubAuthorityCount,
811 DWORD nSubAuthority0, DWORD nSubAuthority1,
812 DWORD nSubAuthority2, DWORD nSubAuthority3,
813 DWORD nSubAuthority4, DWORD nSubAuthority5,
814 DWORD nSubAuthority6, DWORD nSubAuthority7,
815 PSID *pSid )
816 {
817 return set_ntstatus( RtlAllocateAndInitializeSid(
818 pIdentifierAuthority, nSubAuthorityCount,
819 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
820 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
821 pSid ));
822 }
823
824 /******************************************************************************
825 * FreeSid [ADVAPI32.@]
826 *
827 * PARAMS
828 * pSid []
829 */
830 PVOID WINAPI
831 FreeSid( PSID pSid )
832 {
833 RtlFreeSid(pSid);
834 return NULL; /* is documented like this */
835 }
836
837 /******************************************************************************
838 * CopySid [ADVAPI32.@]
839 *
840 * PARAMS
841 * nDestinationSidLength []
842 * pDestinationSid []
843 * pSourceSid []
844 */
845 BOOL WINAPI
846 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
847 {
848 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
849 }
850
851 /******************************************************************************
852 * CreateWellKnownSid [ADVAPI32.@]
853 */
854 BOOL WINAPI
855 CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
856 PSID DomainSid,
857 PSID pSid,
858 DWORD* cbSid)
859 {
860 unsigned int i;
861 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
862
863 if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
864 {
865 SetLastError(ERROR_INVALID_PARAMETER);
866 return FALSE;
867 }
868
869 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
870 if (WellKnownSids[i].Type == WellKnownSidType) {
871 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
872
873 if (*cbSid < length)
874 {
875 *cbSid = length;
876 SetLastError(ERROR_INSUFFICIENT_BUFFER);
877 return FALSE;
878 }
879 if (!pSid)
880 {
881 SetLastError(ERROR_INVALID_PARAMETER);
882 return FALSE;
883 }
884 CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
885 *cbSid = length;
886 return TRUE;
887 }
888 }
889
890 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
891 {
892 SetLastError(ERROR_INVALID_PARAMETER);
893 return FALSE;
894 }
895
896 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
897 if (WellKnownRids[i].Type == WellKnownSidType) {
898 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
899 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
900 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
901
902 if (*cbSid < output_sid_length)
903 {
904 *cbSid = output_sid_length;
905 SetLastError(ERROR_INSUFFICIENT_BUFFER);
906 return FALSE;
907 }
908 if (!pSid)
909 {
910 SetLastError(ERROR_INVALID_PARAMETER);
911 return FALSE;
912 }
913 CopyMemory(pSid, DomainSid, domain_sid_length);
914 (*GetSidSubAuthorityCount(pSid))++;
915 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
916 *cbSid = output_sid_length;
917 return TRUE;
918 }
919
920 SetLastError(ERROR_INVALID_PARAMETER);
921 return FALSE;
922 }
923
924 /******************************************************************************
925 * IsWellKnownSid [ADVAPI32.@]
926 */
927 BOOL WINAPI
928 IsWellKnownSid( PSID pSid, WELL_KNOWN_SID_TYPE WellKnownSidType )
929 {
930 unsigned int i;
931 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
932
933 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
934 if (WellKnownSids[i].Type == WellKnownSidType)
935 if (EqualSid(pSid, (PSID)&(WellKnownSids[i].Sid.Revision)))
936 return TRUE;
937
938 return FALSE;
939 }
940
941 BOOL WINAPI
942 IsTokenRestricted( HANDLE TokenHandle )
943 {
944 TOKEN_GROUPS *groups;
945 DWORD size;
946 NTSTATUS status;
947 BOOL restricted;
948
949 TRACE("(%p)\n", TokenHandle);
950
951 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, NULL, 0, &size);
952 if (status != STATUS_BUFFER_TOO_SMALL)
953 return FALSE;
954
955 groups = HeapAlloc(GetProcessHeap(), 0, size);
956 if (!groups)
957 {
958 SetLastError(ERROR_OUTOFMEMORY);
959 return FALSE;
960 }
961
962 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, groups, size, &size);
963 if (status != STATUS_SUCCESS)
964 {
965 HeapFree(GetProcessHeap(), 0, groups);
966 return set_ntstatus(status);
967 }
968
969 if (groups->GroupCount)
970 restricted = TRUE;
971 else
972 restricted = FALSE;
973
974 HeapFree(GetProcessHeap(), 0, groups);
975
976 return restricted;
977 }
978
979 /******************************************************************************
980 * IsValidSid [ADVAPI32.@]
981 *
982 * PARAMS
983 * pSid []
984 */
985 BOOL WINAPI
986 IsValidSid( PSID pSid )
987 {
988 return RtlValidSid( pSid );
989 }
990
991 /******************************************************************************
992 * EqualSid [ADVAPI32.@]
993 *
994 * PARAMS
995 * pSid1 []
996 * pSid2 []
997 */
998 BOOL WINAPI
999 EqualSid( PSID pSid1, PSID pSid2 )
1000 {
1001 return RtlEqualSid( pSid1, pSid2 );
1002 }
1003
1004 /******************************************************************************
1005 * EqualPrefixSid [ADVAPI32.@]
1006 */
1007 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
1008 {
1009 return RtlEqualPrefixSid(pSid1, pSid2);
1010 }
1011
1012 /******************************************************************************
1013 * GetSidLengthRequired [ADVAPI32.@]
1014 *
1015 * PARAMS
1016 * nSubAuthorityCount []
1017 */
1018 DWORD WINAPI
1019 GetSidLengthRequired( BYTE nSubAuthorityCount )
1020 {
1021 return RtlLengthRequiredSid(nSubAuthorityCount);
1022 }
1023
1024 /******************************************************************************
1025 * InitializeSid [ADVAPI32.@]
1026 *
1027 * PARAMS
1028 * pIdentifierAuthority []
1029 */
1030 BOOL WINAPI
1031 InitializeSid (
1032 PSID pSid,
1033 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
1034 BYTE nSubAuthorityCount)
1035 {
1036 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
1037 }
1038
1039 DWORD WINAPI
1040 GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights )
1041 {
1042 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
1043
1044 return 1;
1045 }
1046
1047 DWORD WINAPI
1048 GetEffectiveRightsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pAccessRights )
1049 {
1050 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
1051
1052 return 1;
1053 }
1054
1055 /******************************************************************************
1056 * GetSidIdentifierAuthority [ADVAPI32.@]
1057 *
1058 * PARAMS
1059 * pSid []
1060 */
1061 PSID_IDENTIFIER_AUTHORITY WINAPI
1062 GetSidIdentifierAuthority( PSID pSid )
1063 {
1064 return RtlIdentifierAuthoritySid(pSid);
1065 }
1066
1067 /******************************************************************************
1068 * GetSidSubAuthority [ADVAPI32.@]
1069 *
1070 * PARAMS
1071 * pSid []
1072 * nSubAuthority []
1073 */
1074 PDWORD WINAPI
1075 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
1076 {
1077 SetLastError(ERROR_SUCCESS);
1078 return RtlSubAuthoritySid(pSid, nSubAuthority);
1079 }
1080
1081 /******************************************************************************
1082 * GetSidSubAuthorityCount [ADVAPI32.@]
1083 *
1084 * PARAMS
1085 * pSid []
1086 */
1087 PUCHAR WINAPI
1088 GetSidSubAuthorityCount (PSID pSid)
1089 {
1090 SetLastError(ERROR_SUCCESS);
1091 return RtlSubAuthorityCountSid(pSid);
1092 }
1093
1094 /******************************************************************************
1095 * GetLengthSid [ADVAPI32.@]
1096 *
1097 * PARAMS
1098 * pSid []
1099 */
1100 DWORD WINAPI
1101 GetLengthSid (PSID pSid)
1102 {
1103 return RtlLengthSid(pSid);
1104 }
1105
1106 /* ##############################################
1107 ###### SECURITY DESCRIPTOR FUNCTIONS ######
1108 ##############################################
1109 */
1110
1111 /******************************************************************************
1112 * BuildSecurityDescriptorA [ADVAPI32.@]
1113 *
1114 * Builds a SD from
1115 *
1116 * PARAMS
1117 * pOwner [I]
1118 * pGroup [I]
1119 * cCountOfAccessEntries [I]
1120 * pListOfAccessEntries [I]
1121 * cCountOfAuditEntries [I]
1122 * pListofAuditEntries [I]
1123 * pOldSD [I]
1124 * lpdwBufferLength [I/O]
1125 * pNewSD [O]
1126 *
1127 * RETURNS
1128 * Success: ERROR_SUCCESS
1129 * Failure: nonzero error code from Winerror.h
1130 */
1131 DWORD WINAPI BuildSecurityDescriptorA(
1132 IN PTRUSTEEA pOwner,
1133 IN PTRUSTEEA pGroup,
1134 IN ULONG cCountOfAccessEntries,
1135 IN PEXPLICIT_ACCESSA pListOfAccessEntries,
1136 IN ULONG cCountOfAuditEntries,
1137 IN PEXPLICIT_ACCESSA pListofAuditEntries,
1138 IN PSECURITY_DESCRIPTOR pOldSD,
1139 IN OUT PULONG lpdwBufferLength,
1140 OUT PSECURITY_DESCRIPTOR* pNewSD)
1141 {
1142 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
1143 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
1144 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
1145
1146 return ERROR_CALL_NOT_IMPLEMENTED;
1147 }
1148
1149 /******************************************************************************
1150 * BuildSecurityDescriptorW [ADVAPI32.@]
1151 *
1152 * See BuildSecurityDescriptorA.
1153 */
1154 DWORD WINAPI BuildSecurityDescriptorW(
1155 IN PTRUSTEEW pOwner,
1156 IN PTRUSTEEW pGroup,
1157 IN ULONG cCountOfAccessEntries,
1158 IN PEXPLICIT_ACCESSW pListOfAccessEntries,
1159 IN ULONG cCountOfAuditEntries,
1160 IN PEXPLICIT_ACCESSW pListofAuditEntries,
1161 IN PSECURITY_DESCRIPTOR pOldSD,
1162 IN OUT PULONG lpdwBufferLength,
1163 OUT PSECURITY_DESCRIPTOR* pNewSD)
1164 {
1165 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
1166 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
1167 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
1168
1169 return ERROR_CALL_NOT_IMPLEMENTED;
1170 }
1171
1172 /******************************************************************************
1173 * InitializeSecurityDescriptor [ADVAPI32.@]
1174 *
1175 * PARAMS
1176 * pDescr []
1177 * revision []
1178 */
1179 BOOL WINAPI
1180 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision )
1181 {
1182 return set_ntstatus( RtlCreateSecurityDescriptor(pDescr, revision ));
1183 }
1184
1185
1186 /******************************************************************************
1187 * MakeAbsoluteSD [ADVAPI32.@]
1188 */
1189 BOOL WINAPI MakeAbsoluteSD (
1190 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1191 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1192 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
1193 OUT PACL pDacl,
1194 OUT LPDWORD lpdwDaclSize,
1195 OUT PACL pSacl,
1196 OUT LPDWORD lpdwSaclSize,
1197 OUT PSID pOwner,
1198 OUT LPDWORD lpdwOwnerSize,
1199 OUT PSID pPrimaryGroup,
1200 OUT LPDWORD lpdwPrimaryGroupSize)
1201 {
1202 return set_ntstatus( RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
1203 pAbsoluteSecurityDescriptor,
1204 lpdwAbsoluteSecurityDescriptorSize,
1205 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize,
1206 pOwner, lpdwOwnerSize,
1207 pPrimaryGroup, lpdwPrimaryGroupSize));
1208 }
1209
1210 /******************************************************************************
1211 * GetKernelObjectSecurity [ADVAPI32.@]
1212 */
1213 BOOL WINAPI GetKernelObjectSecurity(
1214 HANDLE Handle,
1215 SECURITY_INFORMATION RequestedInformation,
1216 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1217 DWORD nLength,
1218 LPDWORD lpnLengthNeeded )
1219 {
1220 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
1221 pSecurityDescriptor, nLength, lpnLengthNeeded);
1222
1223 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
1224 nLength, lpnLengthNeeded ));
1225 }
1226
1227 /******************************************************************************
1228 * GetPrivateObjectSecurity [ADVAPI32.@]
1229 */
1230 BOOL WINAPI GetPrivateObjectSecurity(
1231 PSECURITY_DESCRIPTOR ObjectDescriptor,
1232 SECURITY_INFORMATION SecurityInformation,
1233 PSECURITY_DESCRIPTOR ResultantDescriptor,
1234 DWORD DescriptorLength,
1235 PDWORD ReturnLength )
1236 {
1237 SECURITY_DESCRIPTOR desc;
1238 BOOL defaulted, present;
1239 PACL pacl;
1240 PSID psid;
1241
1242 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", ObjectDescriptor, SecurityInformation,
1243 ResultantDescriptor, DescriptorLength, ReturnLength);
1244
1245 if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION))
1246 return FALSE;
1247
1248 if (SecurityInformation & OWNER_SECURITY_INFORMATION)
1249 {
1250 if (!GetSecurityDescriptorOwner(ObjectDescriptor, &psid, &defaulted))
1251 return FALSE;
1252 SetSecurityDescriptorOwner(&desc, psid, defaulted);
1253 }
1254
1255 if (SecurityInformation & GROUP_SECURITY_INFORMATION)
1256 {
1257 if (!GetSecurityDescriptorGroup(ObjectDescriptor, &psid, &defaulted))
1258 return FALSE;
1259 SetSecurityDescriptorGroup(&desc, psid, defaulted);
1260 }
1261
1262 if (SecurityInformation & DACL_SECURITY_INFORMATION)
1263 {
1264 if (!GetSecurityDescriptorDacl(ObjectDescriptor, &present, &pacl, &defaulted))
1265 return FALSE;
1266 SetSecurityDescriptorDacl(&desc, present, pacl, defaulted);
1267 }
1268
1269 if (SecurityInformation & SACL_SECURITY_INFORMATION)
1270 {
1271 if (!GetSecurityDescriptorSacl(ObjectDescriptor, &present, &pacl, &defaulted))
1272 return FALSE;
1273 SetSecurityDescriptorSacl(&desc, present, pacl, defaulted);
1274 }
1275
1276 *ReturnLength = DescriptorLength;
1277 return MakeSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength);
1278 }
1279
1280 /******************************************************************************
1281 * GetSecurityDescriptorLength [ADVAPI32.@]
1282 */
1283 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr)
1284 {
1285 return RtlLengthSecurityDescriptor(pDescr);
1286 }
1287
1288 /******************************************************************************
1289 * GetSecurityDescriptorOwner [ADVAPI32.@]
1290 *
1291 * PARAMS
1292 * pOwner []
1293 * lpbOwnerDefaulted []
1294 */
1295 BOOL WINAPI
1296 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner,
1297 LPBOOL lpbOwnerDefaulted )
1298 {
1299 BOOLEAN defaulted;
1300 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( pDescr, pOwner, &defaulted ));
1301 *lpbOwnerDefaulted = defaulted;
1302 return ret;
1303 }
1304
1305 /******************************************************************************
1306 * SetSecurityDescriptorOwner [ADVAPI32.@]
1307 *
1308 * PARAMS
1309 */
1310 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1311 PSID pOwner, BOOL bOwnerDefaulted)
1312 {
1313 return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
1314 }
1315 /******************************************************************************
1316 * GetSecurityDescriptorGroup [ADVAPI32.@]
1317 */
1318 BOOL WINAPI GetSecurityDescriptorGroup(
1319 PSECURITY_DESCRIPTOR SecurityDescriptor,
1320 PSID *Group,
1321 LPBOOL GroupDefaulted)
1322 {
1323 BOOLEAN defaulted;
1324 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted ));
1325 *GroupDefaulted = defaulted;
1326 return ret;
1327 }
1328 /******************************************************************************
1329 * SetSecurityDescriptorGroup [ADVAPI32.@]
1330 */
1331 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
1332 PSID Group, BOOL GroupDefaulted)
1333 {
1334 return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
1335 }
1336
1337 /******************************************************************************
1338 * IsValidSecurityDescriptor [ADVAPI32.@]
1339 *
1340 * PARAMS
1341 * lpsecdesc []
1342 */
1343 BOOL WINAPI
1344 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
1345 {
1346 return set_ntstatus( RtlValidSecurityDescriptor(SecurityDescriptor));
1347 }
1348
1349 /******************************************************************************
1350 * GetSecurityDescriptorDacl [ADVAPI32.@]
1351 */
1352 BOOL WINAPI GetSecurityDescriptorDacl(
1353 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
1354 OUT LPBOOL lpbDaclPresent,
1355 OUT PACL *pDacl,
1356 OUT LPBOOL lpbDaclDefaulted)
1357 {
1358 BOOLEAN present, defaulted;
1359 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted));
1360 *lpbDaclPresent = present;
1361 *lpbDaclDefaulted = defaulted;
1362 return ret;
1363 }
1364
1365 /******************************************************************************
1366 * SetSecurityDescriptorDacl [ADVAPI32.@]
1367 */
1368 BOOL WINAPI
1369 SetSecurityDescriptorDacl (
1370 PSECURITY_DESCRIPTOR lpsd,
1371 BOOL daclpresent,
1372 PACL dacl,
1373 BOOL dacldefaulted )
1374 {
1375 return set_ntstatus( RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ) );
1376 }
1377 /******************************************************************************
1378 * GetSecurityDescriptorSacl [ADVAPI32.@]
1379 */
1380 BOOL WINAPI GetSecurityDescriptorSacl(
1381 IN PSECURITY_DESCRIPTOR lpsd,
1382 OUT LPBOOL lpbSaclPresent,
1383 OUT PACL *pSacl,
1384 OUT LPBOOL lpbSaclDefaulted)
1385 {
1386 BOOLEAN present, defaulted;
1387 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor(lpsd, &present, pSacl, &defaulted) );
1388 *lpbSaclPresent = present;
1389 *lpbSaclDefaulted = defaulted;
1390 return ret;
1391 }
1392
1393 /**************************************************************************
1394 * SetSecurityDescriptorSacl [ADVAPI32.@]
1395 */
1396 BOOL WINAPI SetSecurityDescriptorSacl (
1397 PSECURITY_DESCRIPTOR lpsd,
1398 BOOL saclpresent,
1399 PACL lpsacl,
1400 BOOL sacldefaulted)
1401 {
1402 return set_ntstatus (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
1403 }
1404 /******************************************************************************
1405 * MakeSelfRelativeSD [ADVAPI32.@]
1406 *
1407 * PARAMS
1408 * lpabssecdesc []
1409 * lpselfsecdesc []
1410 * lpbuflen []
1411 */
1412 BOOL WINAPI
1413 MakeSelfRelativeSD(
1414 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1415 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1416 IN OUT LPDWORD lpdwBufferLength)
1417 {
1418 return set_ntstatus( RtlMakeSelfRelativeSD( pAbsoluteSecurityDescriptor,
1419 pSelfRelativeSecurityDescriptor, lpdwBufferLength));
1420 }
1421
1422 /******************************************************************************
1423 * GetSecurityDescriptorControl [ADVAPI32.@]
1424 */
1425
1426 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1427 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
1428 {
1429 return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
1430 }
1431
1432 /******************************************************************************
1433 * SetSecurityDescriptorControl [ADVAPI32.@]
1434 */
1435 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1436 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
1437 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet )
1438 {
1439 return set_ntstatus( RtlSetControlSecurityDescriptor(
1440 pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet ) );
1441 }
1442
1443 /* ##############################
1444 ###### ACL FUNCTIONS ######
1445 ##############################
1446 */
1447
1448 /*************************************************************************
1449 * InitializeAcl [ADVAPI32.@]
1450 */
1451 BOOL WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
1452 {
1453 return set_ntstatus( RtlCreateAcl(acl, size, rev));
1454 }
1455
1456 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
1457 {
1458 IO_STATUS_BLOCK io_block;
1459
1460 TRACE("(%p)\n", hNamedPipe);
1461
1462 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
1463 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
1464 }
1465
1466 /******************************************************************************
1467 * AddAccessAllowedAce [ADVAPI32.@]
1468 */
1469 BOOL WINAPI AddAccessAllowedAce(
1470 IN OUT PACL pAcl,
1471 IN DWORD dwAceRevision,
1472 IN DWORD AccessMask,
1473 IN PSID pSid)
1474 {
1475 return set_ntstatus(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
1476 }
1477
1478 /******************************************************************************
1479 * AddAccessAllowedAceEx [ADVAPI32.@]
1480 */
1481 BOOL WINAPI AddAccessAllowedAceEx(
1482 IN OUT PACL pAcl,
1483 IN DWORD dwAceRevision,
1484 IN DWORD AceFlags,
1485 IN DWORD AccessMask,
1486 IN PSID pSid)
1487 {
1488 return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1489 }
1490
1491 /******************************************************************************
1492 * AddAccessDeniedAce [ADVAPI32.@]
1493 */
1494 BOOL WINAPI AddAccessDeniedAce(
1495 IN OUT PACL pAcl,
1496 IN DWORD dwAceRevision,
1497 IN DWORD AccessMask,
1498 IN PSID pSid)
1499 {
1500 return set_ntstatus(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
1501 }
1502
1503 /******************************************************************************
1504 * AddAccessDeniedAceEx [ADVAPI32.@]
1505 */
1506 BOOL WINAPI AddAccessDeniedAceEx(
1507 IN OUT PACL pAcl,
1508 IN DWORD dwAceRevision,
1509 IN DWORD AceFlags,
1510 IN DWORD AccessMask,
1511 IN PSID pSid)
1512 {
1513 return set_ntstatus(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1514 }
1515
1516 /******************************************************************************
1517 * AddAce [ADVAPI32.@]
1518 */
1519 BOOL WINAPI AddAce(
1520 IN OUT PACL pAcl,
1521 IN DWORD dwAceRevision,
1522 IN DWORD dwStartingAceIndex,
1523 LPVOID pAceList,
1524 DWORD nAceListLength)
1525 {
1526 return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
1527 }
1528
1529 /******************************************************************************
1530 * DeleteAce [ADVAPI32.@]
1531 */
1532 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
1533 {
1534 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1535 }
1536
1537 /******************************************************************************
1538 * FindFirstFreeAce [ADVAPI32.@]
1539 */
1540 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
1541 {
1542 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
1543 }
1544
1545 /******************************************************************************
1546 * GetAce [ADVAPI32.@]
1547 */
1548 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1549 {
1550 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1551 }
1552
1553 /******************************************************************************
1554 * GetAclInformation [ADVAPI32.@]
1555 */
1556 BOOL WINAPI GetAclInformation(
1557 PACL pAcl,
1558 LPVOID pAclInformation,
1559 DWORD nAclInformationLength,
1560 ACL_INFORMATION_CLASS dwAclInformationClass)
1561 {
1562 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1563 nAclInformationLength, dwAclInformationClass));
1564 }
1565
1566 /******************************************************************************
1567 * IsValidAcl [ADVAPI32.@]
1568 */
1569 BOOL WINAPI IsValidAcl(IN PACL pAcl)
1570 {
1571 return RtlValidAcl(pAcl);
1572 }
1573
1574 /* ##############################
1575 ###### MISC FUNCTIONS ######
1576 ##############################
1577 */
1578
1579 /******************************************************************************
1580 * AllocateLocallyUniqueId [ADVAPI32.@]
1581 *
1582 * PARAMS
1583 * lpLuid []
1584 */
1585 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid )
1586 {
1587 return set_ntstatus(NtAllocateLocallyUniqueId(lpLuid));
1588 }
1589
1590 static const WCHAR SE_CREATE_TOKEN_NAME_W[] =
1591 { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1592 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] =
1593 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1594 static const WCHAR SE_LOCK_MEMORY_NAME_W[] =
1595 { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 };
1596 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] =
1597 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
1598 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] =
1599 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
1600 static const WCHAR SE_TCB_NAME_W[] =
1601 { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 };
1602 static const WCHAR SE_SECURITY_NAME_W[] =
1603 { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1604 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] =
1605 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
1606 static const WCHAR SE_LOAD_DRIVER_NAME_W[] =
1607 { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 };
1608 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] =
1609 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1610 static const WCHAR SE_SYSTEMTIME_NAME_W[] =
1611 { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 };
1612 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] =
1613 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
1614 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] =
1615 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1616 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] =
1617 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1618 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] =
1619 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1620 static const WCHAR SE_BACKUP_NAME_W[] =
1621 { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 };
1622 static const WCHAR SE_RESTORE_NAME_W[] =
1623 { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 };
1624 static const WCHAR SE_SHUTDOWN_NAME_W[] =
1625 { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1626 static const WCHAR SE_DEBUG_NAME_W[] =
1627 { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 };
1628 static const WCHAR SE_AUDIT_NAME_W[] =
1629 { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 };
1630 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] =
1631 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1632 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] =
1633 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
1634 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] =
1635 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1636 static const WCHAR SE_UNDOCK_NAME_W[] =
1637 { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 };
1638 static const WCHAR SE_SYNC_AGENT_NAME_W[] =
1639 { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1640 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] =
1641 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
1642 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] =
1643 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
1644 static const WCHAR SE_IMPERSONATE_NAME_W[] =
1645 { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 };
1646 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
1647 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
1648
1649 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
1650 {
1651 NULL,
1652 NULL,
1653 SE_CREATE_TOKEN_NAME_W,
1654 SE_ASSIGNPRIMARYTOKEN_NAME_W,
1655 SE_LOCK_MEMORY_NAME_W,
1656 SE_INCREASE_QUOTA_NAME_W,
1657 SE_MACHINE_ACCOUNT_NAME_W,
1658 SE_TCB_NAME_W,
1659 SE_SECURITY_NAME_W,
1660 SE_TAKE_OWNERSHIP_NAME_W,
1661 SE_LOAD_DRIVER_NAME_W,
1662 SE_SYSTEM_PROFILE_NAME_W,
1663 SE_SYSTEMTIME_NAME_W,
1664 SE_PROF_SINGLE_PROCESS_NAME_W,
1665 SE_INC_BASE_PRIORITY_NAME_W,
1666 SE_CREATE_PAGEFILE_NAME_W,
1667 SE_CREATE_PERMANENT_NAME_W,
1668 SE_BACKUP_NAME_W,
1669 SE_RESTORE_NAME_W,
1670 SE_SHUTDOWN_NAME_W,
1671 SE_DEBUG_NAME_W,
1672 SE_AUDIT_NAME_W,
1673 SE_SYSTEM_ENVIRONMENT_NAME_W,
1674 SE_CHANGE_NOTIFY_NAME_W,
1675 SE_REMOTE_SHUTDOWN_NAME_W,
1676 SE_UNDOCK_NAME_W,
1677 SE_SYNC_AGENT_NAME_W,
1678 SE_ENABLE_DELEGATION_NAME_W,
1679 SE_MANAGE_VOLUME_NAME_W,
1680 SE_IMPERSONATE_NAME_W,
1681 SE_CREATE_GLOBAL_NAME_W,
1682 };
1683
1684 /******************************************************************************
1685 * LookupPrivilegeValueW [ADVAPI32.@]
1686 *
1687 * See LookupPrivilegeValueA.
1688 */
1689 BOOL WINAPI
1690 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
1691 {
1692 UINT i;
1693
1694 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
1695
1696 if (!ADVAPI_IsLocalComputer(lpSystemName))
1697 {
1698 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1699 return FALSE;
1700 }
1701 if (!lpName)
1702 {
1703 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1704 return FALSE;
1705 }
1706 for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<=SE_MAX_WELL_KNOWN_PRIVILEGE; i++ )
1707 {
1708 if( !WellKnownPrivNames[i] )
1709 continue;
1710 if( strcmpiW( WellKnownPrivNames[i], lpName) )
1711 continue;
1712 lpLuid->LowPart = i;
1713 lpLuid->HighPart = 0;
1714 TRACE( "%s -> %08x-%08x\n",debugstr_w( lpSystemName ),
1715 lpLuid->HighPart, lpLuid->LowPart );
1716 return TRUE;
1717 }
1718 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1719 return FALSE;
1720 }
1721
1722 /******************************************************************************
1723 * LookupPrivilegeValueA [ADVAPI32.@]
1724 *
1725 * Retrieves LUID used on a system to represent the privilege name.
1726 *
1727 * PARAMS
1728 * lpSystemName [I] Name of the system
1729 * lpName [I] Name of the privilege
1730 * lpLuid [O] Destination for the resulting LUID
1731 *
1732 * RETURNS
1733 * Success: TRUE. lpLuid contains the requested LUID.
1734 * Failure: FALSE.
1735 */
1736 BOOL WINAPI
1737 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
1738 {
1739 UNICODE_STRING lpSystemNameW;
1740 UNICODE_STRING lpNameW;
1741 BOOL ret;
1742
1743 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1744 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
1745 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
1746 RtlFreeUnicodeString(&lpNameW);
1747 RtlFreeUnicodeString(&lpSystemNameW);
1748 return ret;
1749 }
1750
1751 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName,
1752 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1753 {
1754 FIXME("%s %s %s %p %p - stub\n", debugstr_a(lpSystemName), debugstr_a(lpName),
1755 debugstr_a(lpDisplayName), cchDisplayName, lpLanguageId);
1756
1757 return FALSE;
1758 }
1759
1760 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName,
1761 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1762 {
1763 FIXME("%s %s %s %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpName),
1764 debugstr_w(lpDisplayName), cchDisplayName, lpLanguageId);
1765
1766 return FALSE;
1767 }
1768
1769 /******************************************************************************
1770 * LookupPrivilegeNameA [ADVAPI32.@]
1771 *
1772 * See LookupPrivilegeNameW.
1773 */
1774 BOOL WINAPI
1775 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName,
1776 LPDWORD cchName)
1777 {
1778 UNICODE_STRING lpSystemNameW;
1779 BOOL ret;
1780 DWORD wLen = 0;
1781
1782 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1783
1784 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1785 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1786 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1787 {
1788 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1789
1790 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1791 &wLen);
1792 if (ret)
1793 {
1794 /* Windows crashes if cchName is NULL, so will I */
1795 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1796 *cchName, NULL, NULL);
1797
1798 if (len == 0)
1799 {
1800 /* WideCharToMultiByte failed */
1801 ret = FALSE;
1802 }
1803 else if (len > *cchName)
1804 {
1805 *cchName = len;
1806 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1807 ret = FALSE;
1808 }
1809 else
1810 {
1811 /* WideCharToMultiByte succeeded, output length needs to be
1812 * length not including NULL terminator
1813 */
1814 *cchName = len - 1;
1815 }
1816 }
1817 HeapFree(GetProcessHeap(), 0, lpNameW);
1818 }
1819 RtlFreeUnicodeString(&lpSystemNameW);
1820 return ret;
1821 }
1822
1823 /******************************************************************************
1824 * LookupPrivilegeNameW [ADVAPI32.@]
1825 *
1826 * Retrieves the privilege name referred to by the LUID lpLuid.
1827 *
1828 * PARAMS
1829 * lpSystemName [I] Name of the system
1830 * lpLuid [I] Privilege value
1831 * lpName [O] Name of the privilege
1832 * cchName [I/O] Number of characters in lpName.
1833 *
1834 * RETURNS
1835 * Success: TRUE. lpName contains the name of the privilege whose value is
1836 * *lpLuid.
1837 * Failure: FALSE.
1838 *
1839 * REMARKS
1840 * Only well-known privilege names (those defined in winnt.h) can be retrieved
1841 * using this function.
1842 * If the length of lpName is too small, on return *cchName will contain the
1843 * number of WCHARs needed to contain the privilege, including the NULL
1844 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
1845 * On success, *cchName will contain the number of characters stored in
1846 * lpName, NOT including the NULL terminator.
1847 */
1848 BOOL WINAPI
1849 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
1850 LPDWORD cchName)
1851 {
1852 size_t privNameLen;
1853
1854 TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
1855
1856 if (!ADVAPI_IsLocalComputer(lpSystemName))
1857 {
1858 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1859 return FALSE;
1860 }
1861 if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
1862 lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
1863 {
1864 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1865 return FALSE;
1866 }
1867 privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
1868 /* Windows crashes if cchName is NULL, so will I */
1869 if (*cchName <= privNameLen)
1870 {
1871 *cchName = privNameLen + 1;
1872 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1873 return FALSE;
1874 }
1875 else
1876 {
1877 strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
1878 *cchName = privNameLen;
1879 return TRUE;
1880 }
1881 }
1882
1883 /******************************************************************************
1884 * GetFileSecurityA [ADVAPI32.@]
1885 *
1886 * Obtains Specified information about the security of a file or directory.
1887 *
1888 * PARAMS
1889 * lpFileName [I] Name of the file to get info for
1890 * RequestedInformation [I] SE_ flags from "winnt.h"
1891 * pSecurityDescriptor [O] Destination for security information
1892 * nLength [I] Length of pSecurityDescriptor
1893 * lpnLengthNeeded [O] Destination for length of returned security information
1894 *
1895 * RETURNS
1896 * Success: TRUE. pSecurityDescriptor contains the requested information.
1897 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1898 *
1899 * NOTES
1900 * The information returned is constrained by the callers access rights and
1901 * privileges.
1902 */
1903 BOOL WINAPI
1904 GetFileSecurityA( LPCSTR lpFileName,
1905 SECURITY_INFORMATION RequestedInformation,
1906 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1907 DWORD nLength, LPDWORD lpnLengthNeeded )
1908 {
1909 DWORD len;
1910 BOOL r;
1911 LPWSTR name = NULL;
1912
1913 if( lpFileName )
1914 {
1915 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1916 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1917 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1918 }
1919
1920 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor,
1921 nLength, lpnLengthNeeded );
1922 HeapFree( GetProcessHeap(), 0, name );
1923
1924 return r;
1925 }
1926
1927 /******************************************************************************
1928 * GetFileSecurityW [ADVAPI32.@]
1929 *
1930 * See GetFileSecurityA.
1931 */
1932 BOOL WINAPI
1933 GetFileSecurityW( LPCWSTR lpFileName,
1934 SECURITY_INFORMATION RequestedInformation,
1935 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1936 DWORD nLength, LPDWORD lpnLengthNeeded )
1937 {
1938 HANDLE hfile;
1939 NTSTATUS status;
1940 DWORD access = 0;
1941
1942 TRACE("(%s,%d,%p,%d,%p)\n", debugstr_w(lpFileName),
1943 RequestedInformation, pSecurityDescriptor,
1944 nLength, lpnLengthNeeded);
1945
1946 if (RequestedInformation & (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|
1947 DACL_SECURITY_INFORMATION))
1948 access |= READ_CONTROL;
1949 if (RequestedInformation & SACL_SECURITY_INFORMATION)
1950 access |= ACCESS_SYSTEM_SECURITY;
1951
1952 hfile = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
1953 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0 );
1954 if ( hfile == INVALID_HANDLE_VALUE )
1955 return FALSE;
1956
1957 status = NtQuerySecurityObject( hfile, RequestedInformation, pSecurityDescriptor,
1958 nLength, lpnLengthNeeded );
1959 CloseHandle( hfile );
1960 return set_ntstatus( status );
1961 }
1962
1963
1964 /******************************************************************************
1965 * LookupAccountSidA [ADVAPI32.@]
1966 */
1967 BOOL WINAPI
1968 LookupAccountSidA(
1969 IN LPCSTR system,
1970 IN PSID sid,
1971 OUT LPSTR account,
1972 IN OUT LPDWORD accountSize,
1973 OUT LPSTR domain,
1974 IN OUT LPDWORD domainSize,
1975 OUT PSID_NAME_USE name_use )
1976 {
1977 DWORD len;
1978 BOOL r;
1979 LPWSTR systemW = NULL;
1980 LPWSTR accountW = NULL;
1981 LPWSTR domainW = NULL;
1982 DWORD accountSizeW = *accountSize;
1983 DWORD domainSizeW = *domainSize;
1984
1985 if (system) {
1986 len = MultiByteToWideChar( CP_ACP, 0, system, -1, NULL, 0 );
1987 systemW = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) );
1988 MultiByteToWideChar( CP_ACP, 0, system, -1, systemW, len );
1989 }
1990 if (account)
1991 accountW = HeapAlloc( GetProcessHeap(), 0, accountSizeW * sizeof(WCHAR) );
1992 if (domain)
1993 domainW = HeapAlloc( GetProcessHeap(), 0, domainSizeW * sizeof(WCHAR) );
1994
1995 r = LookupAccountSidW( systemW, sid, accountW, &accountSizeW, domainW, &domainSizeW, name_use );
1996
1997 if (r) {
1998 if (accountW && *accountSize) {
1999 len = WideCharToMultiByte( CP_ACP, 0, accountW, -1, NULL, 0, NULL, NULL );
2000 WideCharToMultiByte( CP_ACP, 0, accountW, -1, account, len, NULL, NULL );
2001 *accountSize = len;
2002 } else
2003 *accountSize = accountSizeW + 1;
2004
2005 if (domainW && *domainSize) {
2006 len = WideCharToMultiByte( CP_ACP, 0, domainW, -1, NULL, 0, NULL, NULL );
2007 WideCharToMultiByte( CP_ACP, 0, domainW, -1, domain, len, NULL, NULL );
2008 *domainSize = len;
2009 } else
2010 *domainSize = domainSizeW + 1;
2011 }
2012
2013 HeapFree( GetProcessHeap(), 0, systemW );
2014 HeapFree( GetProcessHeap(), 0, accountW );
2015 HeapFree( GetProcessHeap(), 0, domainW );
2016
2017 return r;
2018 }
2019
2020 /******************************************************************************
2021 * LookupAccountSidW [ADVAPI32.@]
2022 *
2023 * PARAMS
2024 * system []
2025 * sid []
2026 * account []
2027 * accountSize []
2028 * domain []
2029 * domainSize []
2030 * name_use []
2031 */
2032
2033 BOOL WINAPI
2034 LookupAccountSidW(
2035 IN LPCWSTR system,
2036 IN PSID sid,
2037 OUT LPWSTR account,
2038 IN OUT LPDWORD accountSize,
2039 OUT LPWSTR domain,
2040 IN OUT LPDWORD domainSize,
2041 OUT PSID_NAME_USE name_use )
2042 {
2043 unsigned int i, j;
2044 const WCHAR * ac = NULL;
2045 const WCHAR * dm = NULL;
2046 SID_NAME_USE use = 0;
2047 LPWSTR computer_name = NULL;
2048 LPWSTR account_name = NULL;
2049
2050 TRACE("(%s,sid=%s,%p,%p(%u),%p,%p(%u),%p)\n",
2051 debugstr_w(system),debugstr_sid(sid),
2052 account,accountSize,accountSize?*accountSize:0,
2053 domain,domainSize,domainSize?*domainSize:0,
2054 name_use);
2055
2056 if (!ADVAPI_IsLocalComputer(system)) {
2057 FIXME("Only local computer supported!\n");
2058 SetLastError(RPC_S_SERVER_UNAVAILABLE);
2059 return FALSE;
2060 }
2061
2062 /* check the well known SIDs first */
2063 for (i = 0; i <= 60; i++) {
2064 if (IsWellKnownSid(sid, i)) {
2065 for (j = 0; j < (sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0])); j++) {
2066 if (ACCOUNT_SIDS[j].type == i) {
2067 ac = ACCOUNT_SIDS[j].account;
2068 dm = ACCOUNT_SIDS[j].domain;
2069 use = ACCOUNT_SIDS[j].name_use;
2070 }
2071 }
2072 break;
2073 }
2074 }
2075
2076 if (dm == NULL) {
2077 MAX_SID local;
2078
2079 /* check for the local computer next */
2080 if (ADVAPI_GetComputerSid(&local)) {
2081 DWORD size = MAX_COMPUTERNAME_LENGTH + 1;
2082 BOOL result;
2083
2084 computer_name = HeapAlloc(GetProcessHeap(), 0, size * sizeof(WCHAR));
2085 result = GetComputerNameW(computer_name, &size);
2086
2087 if (result) {
2088 if (EqualSid(sid, &local)) {
2089 dm = computer_name;
2090 ac = Blank;
2091 use = 3;
2092 } else {
2093 local.SubAuthorityCount++;
2094
2095 if (EqualPrefixSid(sid, &local)) {
2096 dm = computer_name;
2097 use = 1;
2098 switch (((MAX_SID *)sid)->SubAuthority[4]) {
2099 case DOMAIN_USER_RID_ADMIN:
2100 ac = Administrator;
2101 break;
2102 case DOMAIN_USER_RID_GUEST:
2103 ac = Guest;
2104 break;
2105 case DOMAIN_GROUP_RID_ADMINS:
2106 ac = Domain_Admins;
2107 break;
2108 case DOMAIN_GROUP_RID_USERS:
2109 ac = Domain_Users;
2110 break;
2111 case DOMAIN_GROUP_RID_GUESTS:
2112 ac = Domain_Guests;
2113 break;
2114 case DOMAIN_GROUP_RID_COMPUTERS:
2115 ac = Domain_Computers;
2116 break;
2117 case DOMAIN_GROUP_RID_CONTROLLERS:
2118 ac = Domain_Controllers;
2119 break;
2120 case DOMAIN_GROUP_RID_CERT_ADMINS:
2121 ac = Cert_Publishers;
2122 break;
2123 case DOMAIN_GROUP_RID_SCHEMA_ADMINS:
2124 ac = Schema_Admins;
2125 break;
2126 case DOMAIN_GROUP_RID_ENTERPRISE_ADMINS:
2127 ac = Enterprise_Admins;
2128 break;
2129 case DOMAIN_GROUP_RID_POLICY_ADMINS:
2130 ac = Group_Policy_Creator_Owners;
2131 break;
2132 case DOMAIN_ALIAS_RID_RAS_SERVERS:
2133 ac = RAS_and_IAS_Servers;
2134 break;
2135 case 1000: /* first user account */
2136 size = UNLEN + 1;
2137 account_name = HeapAlloc(
2138 GetProcessHeap(), 0, size * sizeof(WCHAR));
2139 if (GetUserNameW(account_name, &size))
2140 ac = account_name;
2141 else
2142 dm = NULL;
2143
2144 break;
2145 default:
2146 dm = NULL;
2147 break;
2148 }
2149 }
2150 }
2151 }
2152 }
2153 }
2154
2155 if (dm) {
2156 DWORD ac_len = lstrlenW(ac);
2157 DWORD dm_len = lstrlenW(dm);
2158 BOOL status = TRUE;
2159
2160 if (*accountSize > ac_len) {
2161 if (account)
2162 lstrcpyW(account, ac);
2163 }
2164 if (*domainSize > dm_len) {
2165 if (domain)
2166 lstrcpyW(domain, dm);
2167 }
2168 if (((*accountSize != 0) && (*accountSize < ac_len)) ||
2169 ((*domainSize != 0) && (*domainSize < dm_len))) {
2170 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2171 status = FALSE;
2172 }
2173 if (*domainSize)
2174 *domainSize = dm_len;
2175 else
2176 *domainSize = dm_len + 1;
2177 if (*accountSize)
2178 *accountSize = ac_len;
2179 else
2180 *accountSize = ac_len + 1;
2181 *name_use = use;
2182 HeapFree(GetProcessHeap(), 0, account_name);
2183 HeapFree(GetProcessHeap(), 0, computer_name);
2184 return status;
2185 }
2186
2187 HeapFree(GetProcessHeap(), 0, account_name);
2188 HeapFree(GetProcessHeap(), 0, computer_name);
2189 SetLastError(ERROR_NONE_MAPPED);
2190 return FALSE;
2191 }
2192
2193 /******************************************************************************
2194 * SetFileSecurityA [ADVAPI32.@]
2195 *
2196 * See SetFileSecurityW.
2197 */
2198 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
2199 SECURITY_INFORMATION RequestedInformation,
2200 PSECURITY_DESCRIPTOR pSecurityDescriptor)
2201 {
2202 DWORD len;
2203 BOOL r;
2204 LPWSTR name = NULL;
2205
2206 if( lpFileName )
2207 {
2208 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
2209 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
2210 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
2211 }
2212
2213 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor );
2214 HeapFree( GetProcessHeap(), 0, name );
2215
2216 return r;
2217 }
2218
2219 /******************************************************************************
2220 * SetFileSecurityW [ADVAPI32.@]
2221 *
2222 * Sets the security of a file or directory.
2223 *
2224 * PARAMS
2225 * lpFileName []
2226 * RequestedInformation []
2227 * pSecurityDescriptor []
2228 *
2229 * RETURNS
2230 * Success: TRUE.
2231 * Failure: FALSE.
2232 */
2233 BOOL WINAPI
2234 SetFileSecurityW( LPCWSTR lpFileName,
2235 SECURITY_INFORMATION RequestedInformation,
2236 PSECURITY_DESCRIPTOR pSecurityDescriptor )
2237 {
2238 HANDLE file;
2239 DWORD access = 0;
2240 NTSTATUS status;
2241
2242 TRACE("(%s, 0x%x, %p)\n", debugstr_w(lpFileName), RequestedInformation,
2243 pSecurityDescriptor );
2244
2245 if (RequestedInformation & OWNER_SECURITY_INFORMATION ||
2246 RequestedInformation & GROUP_SECURITY_INFORMATION)
2247 access |= WRITE_OWNER;
2248 if (RequestedInformation & SACL_SECURITY_INFORMATION)
2249 access |= ACCESS_SYSTEM_SECURITY;
2250 if (RequestedInformation & DACL_SECURITY_INFORMATION)
2251 access |= WRITE_DAC;
2252
2253 file = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
2254 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL );
2255 if (file == INVALID_HANDLE_VALUE)
2256 return FALSE;
2257
2258 status = NtSetSecurityObject( file, RequestedInformation, pSecurityDescriptor );
2259 CloseHandle( file );
2260 return set_ntstatus( status );
2261 }
2262
2263 /******************************************************************************
2264 * QueryWindows31FilesMigration [ADVAPI32.@]
2265 *
2266 * PARAMS
2267 * x1 []
2268 */
2269 BOOL WINAPI
2270 QueryWindows31FilesMigration( DWORD x1 )
2271 {
2272 FIXME("(%d):stub\n",x1);
2273 return TRUE;
2274 }
2275
2276 /******************************************************************************
2277 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
2278 *
2279 * PARAMS
2280 * x1 []
2281 * x2 []
2282 * x3 []
2283 * x4 []
2284 */
2285 BOOL WINAPI
2286 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
2287 DWORD x4 )
2288 {
2289 FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
2290 return TRUE;
2291 }
2292
2293 /******************************************************************************
2294 * NotifyBootConfigStatus [ADVAPI32.@]
2295 *
2296 * PARAMS
2297 * x1 []
2298 */
2299 BOOL WINAPI
2300 NotifyBootConfigStatus( BOOL x1 )
2301 {
2302 FIXME("(0x%08d):stub\n",x1);
2303 return 1;
2304 }
2305
2306 /******************************************************************************
2307 * RevertToSelf [ADVAPI32.@]
2308 *
2309 * Ends the impersonation of a user.
2310 *
2311 * PARAMS
2312 * void []
2313 *
2314 * RETURNS
2315 * Success: TRUE.
2316 * Failure: FALSE.
2317 */
2318 BOOL WINAPI
2319 RevertToSelf( void )
2320 {
2321 HANDLE Token = NULL;
2322 return set_ntstatus( NtSetInformationThread( GetCurrentThread(),
2323 ThreadImpersonationToken, &Token, sizeof(Token) ) );
2324 }
2325
2326 /******************************************************************************
2327 * ImpersonateSelf [ADVAPI32.@]
2328 *
2329 * Makes an impersonation token that represents the process user and assigns
2330 * to the current thread.
2331 *
2332 * PARAMS
2333 * ImpersonationLevel [I] Level at which to impersonate.
2334 *
2335 * RETURNS
2336 * Success: TRUE.
2337 * Failure: FALSE.
2338 */
2339 BOOL WINAPI
2340 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
2341 {
2342 return set_ntstatus( RtlImpersonateSelf( ImpersonationLevel ) );
2343 }
2344
2345 /******************************************************************************
2346 * ImpersonateLoggedOnUser [ADVAPI32.@]
2347 */
2348 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
2349 {
2350 DWORD size;
2351 NTSTATUS Status;
2352 HANDLE ImpersonationToken;
2353 TOKEN_TYPE Type;
2354 static BOOL warn = TRUE;
2355
2356 if (warn)
2357 {
2358 FIXME( "(%p)\n", hToken );
2359 warn = FALSE;
2360 }
2361 if (!GetTokenInformation( hToken, TokenType, &Type,
2362 sizeof(TOKEN_TYPE), &size ))
2363 return FALSE;
2364
2365 if (Type == TokenPrimary)
2366 {
2367 OBJECT_ATTRIBUTES ObjectAttributes;
2368
2369 InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL );
2370
2371 Status = NtDuplicateToken( hToken,
2372 TOKEN_IMPERSONATE | TOKEN_QUERY,
2373 &ObjectAttributes,
2374 SecurityImpersonation,
2375 TokenImpersonation,
2376 &ImpersonationToken );
2377 if (Status != STATUS_SUCCESS)
2378 {
2379 ERR( "NtDuplicateToken failed with error 0x%08x\n", Status );
2380 SetLastError( RtlNtStatusToDosError( Status ) );
2381 return FALSE;
2382 }
2383 }
2384 else
2385 ImpersonationToken = hToken;
2386
2387 Status = NtSetInformationThread( GetCurrentThread(),
2388 ThreadImpersonationToken,
2389 &ImpersonationToken,
2390 sizeof(ImpersonationToken) );
2391
2392 if (Type == TokenPrimary)
2393 NtClose( ImpersonationToken );
2394
2395 if (Status != STATUS_SUCCESS)
2396 {
2397 ERR( "NtSetInformationThread failed with error 0x%08x\n", Status );
2398 SetLastError( RtlNtStatusToDosError( Status ) );
2399 return FALSE;
2400 }
2401
2402 return TRUE;
2403 }
2404
2405 /******************************************************************************
2406 * AccessCheck [ADVAPI32.@]
2407 */
2408 BOOL WINAPI
2409 AccessCheck(
2410 PSECURITY_DESCRIPTOR SecurityDescriptor,
2411 HANDLE ClientToken,
2412 DWORD DesiredAccess,
2413 PGENERIC_MAPPING GenericMapping,
2414 PPRIVILEGE_SET PrivilegeSet,
2415 LPDWORD PrivilegeSetLength,
2416 LPDWORD GrantedAccess,
2417 LPBOOL AccessStatus)
2418 {
2419 NTSTATUS access_status;
2420 BOOL ret = set_ntstatus( NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
2421 GenericMapping, PrivilegeSet, PrivilegeSetLength,
2422 GrantedAccess, &access_status) );
2423 if (ret) *AccessStatus = set_ntstatus( access_status );
2424 return ret;
2425 }
2426
2427
2428 /******************************************************************************
2429 * AccessCheckByType [ADVAPI32.@]
2430 */
2431 BOOL WINAPI AccessCheckByType(
2432 PSECURITY_DESCRIPTOR pSecurityDescriptor,
2433 PSID PrincipalSelfSid,
2434 HANDLE ClientToken,
2435 DWORD DesiredAccess,
2436 POBJECT_TYPE_LIST ObjectTypeList,
2437 DWORD ObjectTypeListLength,
2438 PGENERIC_MAPPING GenericMapping,
2439 PPRIVILEGE_SET PrivilegeSet,
2440 LPDWORD PrivilegeSetLength,
2441 LPDWORD GrantedAccess,
2442 LPBOOL AccessStatus)
2443 {
2444 FIXME("stub\n");
2445
2446 *AccessStatus = TRUE;
2447
2448 return !*AccessStatus;
2449 }
2450
2451 /******************************************************************************
2452 * MapGenericMask [ADVAPI32.@]
2453 *
2454 * Maps generic access rights into specific access rights according to the
2455 * supplied mapping.
2456 *
2457 * PARAMS
2458 * AccessMask [I/O] Access rights.
2459 * GenericMapping [I] The mapping between generic and specific rights.
2460 *
2461 * RETURNS
2462 * Nothing.
2463 */
2464 VOID WINAPI MapGenericMask( PDWORD AccessMask, PGENERIC_MAPPING GenericMapping )
2465 {
2466 RtlMapGenericMask( AccessMask, GenericMapping );
2467 }
2468
2469 /*************************************************************************
2470 * SetKernelObjectSecurity [ADVAPI32.@]
2471 */
2472 BOOL WINAPI SetKernelObjectSecurity (
2473 IN HANDLE Handle,
2474 IN SECURITY_INFORMATION SecurityInformation,
2475 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
2476 {
2477 return set_ntstatus (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
2478 }
2479
2480
2481 /******************************************************************************
2482 * AddAuditAccessAce [ADVAPI32.@]
2483 */
2484 BOOL WINAPI AddAuditAccessAce(
2485 IN OUT PACL pAcl,
2486 IN DWORD dwAceRevision,
2487 IN DWORD dwAccessMask,
2488 IN PSID pSid,
2489 IN BOOL bAuditSuccess,
2490 IN BOOL bAuditFailure)
2491 {
2492 return set_ntstatus( RtlAddAuditAccessAce(pAcl, dwAceRevision, dwAccessMask, pSid,
2493 bAuditSuccess, bAuditFailure) );
2494 }
2495
2496 /******************************************************************************
2497 * AddAuditAccessAce [ADVAPI32.@]
2498 */
2499 BOOL WINAPI AddAuditAccessAceEx(
2500 IN OUT PACL pAcl,
2501 IN DWORD dwAceRevision,
2502 IN DWORD dwAceFlags,
2503 IN DWORD dwAccessMask,
2504 IN PSID pSid,
2505 IN BOOL bAuditSuccess,
2506 IN BOOL bAuditFailure)
2507 {
2508 return set_ntstatus( RtlAddAuditAccessAceEx(pAcl, dwAceRevision, dwAceFlags, dwAccessMask, pSid,
2509 bAuditSuccess, bAuditFailure) );
2510 }
2511
2512 /******************************************************************************
2513 * LookupAccountNameA [ADVAPI32.@]
2514 */
2515 BOOL WINAPI
2516 LookupAccountNameA(
2517 IN LPCSTR system,
2518 IN LPCSTR account,
2519 OUT PSID sid,
2520 OUT LPDWORD cbSid,
2521 LPSTR ReferencedDomainName,
2522 IN OUT LPDWORD cbReferencedDomainName,
2523 OUT PSID_NAME_USE name_use )
2524 {
2525 BOOL ret;
2526 UNICODE_STRING lpSystemW;
2527 UNICODE_STRING lpAccountW;
2528 LPWSTR lpReferencedDomainNameW = NULL;
2529
2530 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, system);
2531 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, account);
2532
2533 if (ReferencedDomainName)
2534 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(), 0, *cbReferencedDomainName * sizeof(WCHAR));
2535
2536 ret = LookupAccountNameW(lpSystemW.Buffer, lpAccountW.Buffer, sid, cbSid, lpReferencedDomainNameW,
2537 cbReferencedDomainName, name_use);
2538
2539 if (ret && lpReferencedDomainNameW)
2540 {
2541 WideCharToMultiByte(CP_ACP, 0, lpReferencedDomainNameW, -1,
2542 ReferencedDomainName, *cbReferencedDomainName+1, NULL, NULL);
2543 }
2544
2545 RtlFreeUnicodeString(&lpSystemW);
2546 RtlFreeUnicodeString(&lpAccountW);
2547 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
2548
2549 return ret;
2550 }
2551
2552 /******************************************************************************
2553 * lookup_user_account_name
2554 */
2555 static BOOL lookup_user_account_name(PSID Sid, PDWORD cbSid, LPWSTR ReferencedDomainName,
2556 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
2557 {
2558 /* Default implementation: Always return a default SID */
2559 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
2560 BOOL ret;
2561 PSID pSid;
2562 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
2563 DWORD nameLen;
2564 LPCWSTR domainName;
2565
2566 ret = AllocateAndInitializeSid(&identifierAuthority,
2567 2,
2568 SECURITY_BUILTIN_DOMAIN_RID,
2569 DOMAIN_ALIAS_RID_ADMINS,
2570 0, 0, 0, 0, 0, 0,
2571 &pSid);
2572
2573 if (!ret)
2574 return FALSE;
2575
2576 if (!RtlValidSid(pSid))
2577 {
2578 FreeSid(pSid);
2579 return FALSE;
2580 }
2581
2582 if (Sid != NULL && (*cbSid >= GetLengthSid(pSid)))
2583 CopySid(*cbSid, Sid, pSid);
2584 if (*cbSid < GetLengthSid(pSid))
2585 {
2586 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2587 ret = FALSE;
2588 }
2589 *cbSid = GetLengthSid(pSid);
2590
2591 domainName = dm;
2592 nameLen = strlenW(domainName);
2593
2594 if (*cchReferencedDomainName <= nameLen || !ret)
2595 {
2596 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2597 nameLen += 1;
2598 ret = FALSE;
2599 }
2600 else if (ReferencedDomainName)
2601 strcpyW(ReferencedDomainName, domainName);
2602
2603 *cchReferencedDomainName = nameLen;
2604
2605 if (ret)
2606 *peUse = SidTypeUser;
2607
2608 FreeSid(pSid);
2609
2610 return ret;
2611 }
2612
2613 /******************************************************************************
2614 * lookup_computer_account_name
2615 */
2616 static BOOL lookup_computer_account_name(PSID Sid, PDWORD cbSid, LPWSTR ReferencedDomainName,
2617 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
2618 {
2619 MAX_SID local;
2620 BOOL ret;
2621 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
2622 DWORD nameLen;
2623 LPCWSTR domainName;
2624
2625 if ((ret = ADVAPI_GetComputerSid(&local)))
2626 {
2627 if (Sid != NULL && (*cbSid >= GetLengthSid(&local)))
2628 CopySid(*cbSid, Sid, &local);
2629 if (*cbSid < GetLengthSid(&local))
2630 {
2631 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2632 ret = FALSE;
2633 }
2634 *cbSid = GetLengthSid(&local);
2635 }
2636
2637 domainName = dm;
2638 nameLen = strlenW(domainName);
2639
2640 if (*cchReferencedDomainName <= nameLen || !ret)
2641 {
2642 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2643 nameLen += 1;
2644 ret = FALSE;
2645 }
2646 else if (ReferencedDomainName)
2647 strcpyW(ReferencedDomainName, domainName);
2648
2649 *cchReferencedDomainName = nameLen;
2650
2651 if (ret)
2652 *peUse = SidTypeDomain;
2653
2654 return ret;
2655 }
2656
2657 static void split_domain_account( const LSA_UNICODE_STRING *str, LSA_UNICODE_STRING *account,
2658 LSA_UNICODE_STRING *domain )
2659 {
2660 WCHAR *p = str->Buffer + str->Length / sizeof(WCHAR) - 1;
2661
2662 while (p > str->Buffer && *p != '\\') p--;
2663
2664 if (*p == '\\')
2665 {
2666 domain->Buffer = str->Buffer;
2667 domain->Length = (p - str->Buffer) * sizeof(WCHAR);
2668
2669 account->Buffer = p + 1;
2670 account->Length = str->Length - ((p - str->Buffer + 1) * sizeof(WCHAR));
2671 }
2672 else
2673 {
2674 domain->Buffer = NULL;
2675 domain->Length = 0;
2676
2677 account->Buffer = str->Buffer;
2678 account->Length = str->Length;
2679 }
2680 }
2681
2682 static BOOL match_domain( ULONG idx, LSA_UNICODE_STRING *domain )
2683 {
2684 ULONG len = strlenW( ACCOUNT_SIDS[idx].domain );
2685
2686 if (len == domain->Length / sizeof(WCHAR) && !strncmpiW( domain->Buffer, ACCOUNT_SIDS[idx].domain, len ))
2687 return TRUE;
2688
2689 return FALSE;
2690 }
2691
2692 static BOOL match_account( ULONG idx, LSA_UNICODE_STRING *account )
2693 {
2694 ULONG len = strlenW( ACCOUNT_SIDS[idx].account );
2695
2696 if (len == account->Length / sizeof(WCHAR) && !strncmpiW( account->Buffer, ACCOUNT_SIDS[idx].account, len ))
2697 return TRUE;
2698
2699 if (ACCOUNT_SIDS[idx].alias)
2700 {
2701 len = strlenW( ACCOUNT_SIDS[idx].alias );
2702 if (len == account->Length / sizeof(WCHAR) && !strncmpiW( account->Buffer, ACCOUNT_SIDS[idx].alias, len ))
2703 return TRUE;
2704 }
2705 return FALSE;
2706 }
2707
2708 /*
2709 * Helper function for LookupAccountNameW
2710 */
2711 BOOL lookup_local_wellknown_name( LSA_UNICODE_STRING *account_and_domain,
2712 PSID Sid, LPDWORD cbSid,
2713 LPWSTR ReferencedDomainName,
2714 LPDWORD cchReferencedDomainName,
2715 PSID_NAME_USE peUse, BOOL *handled )
2716 {
2717 PSID pSid;
2718 LSA_UNICODE_STRING account, domain;
2719 BOOL ret = TRUE;
2720 ULONG i;
2721
2722 *handled = FALSE;
2723 split_domain_account( account_and_domain, &account, &domain );
2724
2725 for (i = 0; i < sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0]); i++)
2726 {
2727 /* check domain first */
2728 if (domain.Buffer && !match_domain( i, &domain )) continue;
2729
2730 if (match_account( i, &account ))
2731 {
2732 DWORD len, sidLen = SECURITY_MAX_SID_SIZE;
2733
2734 if (!(pSid = HeapAlloc( GetProcessHeap(), 0, sidLen ))) return FALSE;
2735
2736 if ((ret = CreateWellKnownSid( ACCOUNT_SIDS[i].type, NULL, pSid, &sidLen )))
2737 {
2738 if (*cbSid < sidLen)
2739 {
2740 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2741 ret = FALSE;
2742 }
2743 else if (Sid)
2744 {
2745 CopySid(*cbSid, Sid, pSid);
2746 }
2747 *cbSid = sidLen;
2748 }
2749
2750 len = strlenW( ACCOUNT_SIDS[i].domain );
2751 if (*cchReferencedDomainName <= len || !ret)
2752 {
2753 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2754 len++;
2755 ret = FALSE;
2756 }
2757 else if (ReferencedDomainName)
2758 {
2759 strcpyW( ReferencedDomainName, ACCOUNT_SIDS[i].domain );
2760 }
2761
2762 *cchReferencedDomainName = len;
2763 if (ret)
2764 *peUse = ACCOUNT_SIDS[i].name_use;
2765
2766 HeapFree(GetProcessHeap(), 0, pSid);
2767 *handled = TRUE;
2768 return ret;
2769 }
2770 }
2771 return ret;
2772 }
2773
2774 BOOL lookup_local_user_name( LSA_UNICODE_STRING *account_and_domain,
2775 PSID Sid, LPDWORD cbSid,
2776 LPWSTR ReferencedDomainName,
2777 LPDWORD cchReferencedDomainName,
2778 PSID_NAME_USE peUse, BOOL *handled )
2779 {
2780 DWORD nameLen;
2781 LPWSTR userName = NULL;
2782 LSA_UNICODE_STRING account, domain;
2783 BOOL ret = TRUE;
2784
2785 *handled = FALSE;
2786 split_domain_account( account_and_domain, &account, &domain );
2787
2788 /* Let the current Unix user id masquerade as first Windows user account */
2789
2790 nameLen = UNLEN + 1;
2791 if (!(userName = HeapAlloc( GetProcessHeap(), 0, nameLen * sizeof(WCHAR) ))) return FALSE;
2792
2793 if (domain.Buffer)
2794 {
2795 /* check to make sure this account is on this computer */
2796 if (GetComputerNameW( userName, &nameLen ) &&
2797 (domain.Length / sizeof(WCHAR) != nameLen || strncmpW( domain.Buffer, userName, nameLen )))
2798 {
2799 SetLastError(ERROR_NONE_MAPPED);
2800 ret = FALSE;
2801 }
2802 nameLen = UNLEN + 1;
2803 }
2804
2805 if (GetUserNameW( userName, &nameLen ) &&
2806 account.Length / sizeof(WCHAR) == nameLen - 1 && !strncmpW( account.Buffer, userName, nameLen - 1 ))
2807 {
2808 ret = lookup_user_account_name( Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse );
2809 *handled = TRUE;
2810 }
2811 else
2812 {
2813 nameLen = UNLEN + 1;
2814 if (GetComputerNameW( userName, &nameLen ) &&
2815 account.Length / sizeof(WCHAR) == nameLen && !strncmpW( account.Buffer, userName , nameLen ))
2816 {
2817 ret = lookup_computer_account_name( Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse );
2818 *handled = TRUE;
2819 }
2820 }
2821
2822 HeapFree(GetProcessHeap(), 0, userName);
2823 return ret;
2824 }
2825
2826 /******************************************************************************
2827 * LookupAccountNameW [ADVAPI32.@]
2828 */
2829 BOOL WINAPI LookupAccountNameW( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid,
2830 LPDWORD cbSid, LPWSTR ReferencedDomainName,
2831 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
2832 {
2833 BOOL ret, handled;
2834 LSA_UNICODE_STRING account;
2835
2836 FIXME("%s %s %p %p %p %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpAccountName),
2837 Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse);
2838
2839 if (!ADVAPI_IsLocalComputer( lpSystemName ))
2840 {
2841 SetLastError( RPC_S_SERVER_UNAVAILABLE );
2842 return FALSE;
2843 }
2844
2845 if (!lpAccountName || !strcmpW( lpAccountName, Blank ))
2846 {
2847 lpAccountName = BUILTIN;
2848 }
2849
2850 RtlInitUnicodeString( &account, lpAccountName );
2851
2852 /* Check well known SIDs first */
2853 ret = lookup_local_wellknown_name( &account, Sid, cbSid, ReferencedDomainName,
2854 cchReferencedDomainName, peUse, &handled );
2855 if (handled)
2856 return ret;
2857
2858 /* Check user names */
2859 ret = lookup_local_user_name( &account, Sid, cbSid, ReferencedDomainName,
2860 cchReferencedDomainName, peUse, &handled);
2861 if (handled)
2862 return ret;
2863
2864 SetLastError( ERROR_NONE_MAPPED );
2865 return FALSE;
2866 }
2867
2868 /******************************************************************************
2869 * PrivilegeCheck [ADVAPI32.@]
2870 */
2871 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
2872 {
2873 BOOL ret;
2874 BOOLEAN Result;
2875
2876 TRACE("%p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
2877
2878 ret = set_ntstatus (NtPrivilegeCheck (ClientToken, RequiredPrivileges, &Result));
2879 if (ret)
2880 *pfResult = Result;
2881 return ret;
2882 }
2883
2884 /******************************************************************************
2885 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
2886 */
2887 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
2888 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
2889 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
2890 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
2891 {
2892 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
2893 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
2894 SecurityDescriptor, DesiredAccess, GenericMapping,
2895 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
2896 return TRUE;
2897 }
2898
2899 /******************************************************************************
2900 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
2901 */
2902 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
2903 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
2904 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
2905 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
2906 {
2907 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
2908 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
2909 SecurityDescriptor, DesiredAccess, GenericMapping,
2910 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
2911 return TRUE;
2912 }
2913
2914 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2915 {
2916 FIXME("stub (%s,%p,%x)\n", debugstr_a(SubsystemName), HandleId, GenerateOnClose);
2917
2918 return TRUE;
2919 }
2920
2921 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2922 {
2923 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
2924
2925 return TRUE;
2926 }
2927
2928 BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2929 {
2930 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
2931
2932 return TRUE;
2933 }
2934
2935 BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName,
2936 LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
2937 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
2938 LPBOOL GenerateOnClose)
2939 {
2940 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_a(SubsystemName),
2941 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), pSecurityDescriptor,
2942 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
2943 GenerateOnClose);
2944
2945 return TRUE;
2946 }
2947
2948 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName,
2949 LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
2950 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
2951 LPBOOL GenerateOnClose)
2952 {
2953 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_w(SubsystemName),
2954 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), pSecurityDescriptor,
2955 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
2956 GenerateOnClose);
2957
2958 return TRUE;
2959 }
2960
2961 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
2962 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2963 {
2964 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_a(SubsystemName), HandleId, ClientToken,
2965 DesiredAccess, Privileges, AccessGranted);
2966
2967 return TRUE;
2968 }
2969
2970 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
2971 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2972 {
2973 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_w(SubsystemName), HandleId, ClientToken,
2974 DesiredAccess, Privileges, AccessGranted);
2975
2976 return TRUE;
2977 }
2978
2979 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken,
2980 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2981 {
2982 FIXME("stub (%s,%s,%p,%p,%x)\n", debugstr_a(SubsystemName), debugstr_a(ServiceName),
2983 ClientToken, Privileges, AccessGranted);
2984
2985 return TRUE;
2986 }
2987
2988 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken,
2989 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2990 {
2991 FIXME("stub %s,%s,%p,%p,%x)\n", debugstr_w(SubsystemName), debugstr_w(ServiceName),
2992 ClientToken, Privileges, AccessGranted);
2993
2994 return TRUE;
2995 }
2996
2997 /******************************************************************************
2998 * GetSecurityInfo [ADVAPI32.@]
2999 *
3000 * Retrieves a copy of the security descriptor associated with an object.
3001 *
3002 * PARAMS
3003 * hObject [I] A handle for the object.
3004 * ObjectType [I] The type of object.
3005 * SecurityInfo [I] A bitmask indicating what info to retrieve.
3006 * ppsidOwner [O] If non-null, receives a pointer to the owner SID.
3007 * ppsidGroup [O] If non-null, receives a pointer to the group SID.
3008 * ppDacl [O] If non-null, receives a pointer to the DACL.
3009 * ppSacl [O] If non-null, receives a pointer to the SACL.
3010 * ppSecurityDescriptor [O] Receives a pointer to the security descriptor,
3011 * which must be freed with LocalFree.
3012 *
3013 * RETURNS
3014 * ERROR_SUCCESS if all's well, and a WIN32 error code otherwise.
3015 */
3016 DWORD WINAPI GetSecurityInfo(
3017 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
3018 SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner,
3019 PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl,
3020 PSECURITY_DESCRIPTOR *ppSecurityDescriptor
3021 )
3022 {
3023 PSECURITY_DESCRIPTOR sd;
3024 NTSTATUS status;
3025 ULONG n1, n2;
3026 BOOL present, defaulted;
3027
3028 status = NtQuerySecurityObject(hObject, SecurityInfo, NULL, 0, &n1);
3029 if (status != STATUS_BUFFER_TOO_SMALL && status != STATUS_SUCCESS)
3030 return RtlNtStatusToDosError(status);
3031
3032 sd = LocalAlloc(0, n1);
3033 if (!sd)
3034 return ERROR_NOT_ENOUGH_MEMORY;
3035
3036 status = NtQuerySecurityObject(hObject, SecurityInfo, sd, n1, &n2);
3037 if (status != STATUS_SUCCESS)
3038 {
3039 LocalFree(sd);
3040 return RtlNtStatusToDosError(status);
3041 }
3042
3043 if (ppsidOwner)
3044 {
3045 *ppsidOwner = NULL;
3046 GetSecurityDescriptorOwner(sd, ppsidOwner, &defaulted);
3047 }
3048 if (ppsidGroup)
3049 {
3050 *ppsidGroup = NULL;
3051 GetSecurityDescriptorGroup(sd, ppsidGroup, &defaulted);
3052 }
3053 if (ppDacl)
3054 {
3055 *ppDacl = NULL;
3056 GetSecurityDescriptorDacl(sd, &present, ppDacl, &defaulted);
3057 }
3058 if (ppSacl)
3059 {
3060 *ppSacl = NULL;
3061 GetSecurityDescriptorSacl(sd, &present, ppSacl, &defaulted);
3062 }
3063 if (ppSecurityDescriptor)
3064 *ppSecurityDescriptor = sd;
3065
3066 return ERROR_SUCCESS;
3067 }
3068
3069 /******************************************************************************
3070 * GetSecurityInfoExA [ADVAPI32.@]
3071 */
3072 DWORD WINAPI GetSecurityInfoExA(
3073 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
3074 SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider,
3075 LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList,
3076 PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup
3077 )
3078 {
3079 FIXME("stub!\n");
3080 return ERROR_BAD_PROVIDER;
3081 }
3082
3083 /******************************************************************************
3084 * GetSecurityInfoExW [ADVAPI32.@]
3085 */
3086 DWORD WINAPI GetSecurityInfoExW(
3087 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
3088 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
3089 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
3090 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
3091 )
3092 {
3093 FIXME("stub!\n");
3094 return ERROR_BAD_PROVIDER;
3095 }
3096
3097 /******************************************************************************
3098 * BuildExplicitAccessWithNameA [ADVAPI32.@]
3099 */
3100 VOID WINAPI BuildExplicitAccessWithNameA( PEXPLICIT_ACCESSA pExplicitAccess,
3101 LPSTR pTrusteeName, DWORD AccessPermissions,
3102 ACCESS_MODE AccessMode, DWORD Inheritance )
3103 {
3104 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_a(pTrusteeName),
3105 AccessPermissions, AccessMode, Inheritance);
3106
3107 pExplicitAccess->grfAccessPermissions = AccessPermissions;
3108 pExplicitAccess->grfAccessMode = AccessMode;
3109 pExplicitAccess->grfInheritance = Inheritance;
3110
3111 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
3112 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3113 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
3114 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
3115 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
3116 }
3117
3118 /******************************************************************************
3119 * BuildExplicitAccessWithNameW [ADVAPI32.@]
3120 */
3121 VOID WINAPI BuildExplicitAccessWithNameW( PEXPLICIT_ACCESSW pExplicitAccess,
3122 LPWSTR pTrusteeName, DWORD AccessPermissions,
3123 ACCESS_MODE AccessMode, DWORD Inheritance )
3124 {
3125 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_w(pTrusteeName),
3126 AccessPermissions, AccessMode, Inheritance);
3127
3128 pExplicitAccess->grfAccessPermissions = AccessPermissions;
3129 pExplicitAccess->grfAccessMode = AccessMode;
3130 pExplicitAccess->grfInheritance = Inheritance;
3131
3132 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
3133 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3134 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
3135 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
3136 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
3137 }
3138
3139 /******************************************************************************
3140 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
3141 */
3142 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
3143 SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
3144 LPSTR InheritedObjectTypeName, LPSTR Name )
3145 {
3146 DWORD ObjectsPresent = 0;
3147
3148 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
3149 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
3150
3151 /* Fill the OBJECTS_AND_NAME structure */
3152 pObjName->ObjectType = ObjectType;
3153 if (ObjectTypeName != NULL)
3154 {
3155 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
3156 }
3157
3158 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
3159 if (InheritedObjectTypeName != NULL)
3160 {
3161 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
3162 }
3163
3164 pObjName->ObjectsPresent = ObjectsPresent;
3165 pObjName->ptstrName = Name;
3166
3167 /* Fill the TRUSTEE structure */
3168 pTrustee->pMultipleTrustee = NULL;
3169 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3170 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
3171 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3172 pTrustee->ptstrName = (LPSTR)pObjName;
3173 }
3174
3175 /******************************************************************************
3176 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
3177 */
3178 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
3179 SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
3180 LPWSTR InheritedObjectTypeName, LPWSTR Name )
3181 {
3182 DWORD ObjectsPresent = 0;
3183
3184 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
3185 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
3186
3187 /* Fill the OBJECTS_AND_NAME structure */
3188 pObjName->ObjectType = ObjectType;
3189 if (ObjectTypeName != NULL)
3190 {
3191 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
3192 }
3193
3194 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
3195 if (InheritedObjectTypeName != NULL)
3196 {
3197 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
3198 }
3199
3200 pObjName->ObjectsPresent = ObjectsPresent;
3201 pObjName->ptstrName = Name;
3202
3203 /* Fill the TRUSTEE structure */
3204 pTrustee->pMultipleTrustee = NULL;
3205 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3206 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
3207 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3208 pTrustee->ptstrName = (LPWSTR)pObjName;
3209 }
3210
3211 /******************************************************************************
3212 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
3213 */
3214 VOID WINAPI BuildTrusteeWithObjectsAndSidA( PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid,
3215 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
3216 {
3217 DWORD ObjectsPresent = 0;
3218
3219 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
3220
3221 /* Fill the OBJECTS_AND_SID structure */
3222 if (pObjectGuid != NULL)
3223 {
3224 pObjSid->ObjectTypeGuid = *pObjectGuid;
3225 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
3226 }
3227 else
3228 {
3229 ZeroMemory(&pObjSid->ObjectTypeGuid,
3230 sizeof(GUID));
3231 }
3232
3233 if (pInheritedObjectGuid != NULL)
3234 {
3235 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
3236 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
3237 }
3238 else
3239 {
3240 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
3241 sizeof(GUID));
3242 }
3243
3244 pObjSid->ObjectsPresent = ObjectsPresent;
3245 pObjSid->pSid = pSid;
3246
3247 /* Fill the TRUSTEE structure */
3248 pTrustee->pMultipleTrustee = NULL;
3249 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3250 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
3251 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3252 pTrustee->ptstrName = (LPSTR) pObjSid;
3253 }
3254
3255 /******************************************************************************
3256 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
3257 */
3258 VOID WINAPI BuildTrusteeWithObjectsAndSidW( PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid,
3259 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
3260 {
3261 DWORD ObjectsPresent = 0;
3262
3263 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
3264
3265 /* Fill the OBJECTS_AND_SID structure */
3266 if (pObjectGuid != NULL)
3267 {
3268 pObjSid->ObjectTypeGuid = *pObjectGuid;
3269 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
3270 }
3271 else
3272 {
3273 ZeroMemory(&pObjSid->ObjectTypeGuid,
3274 sizeof(GUID));
3275 }
3276
3277 if (pInheritedObjectGuid != NULL)
3278 {
3279 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
3280 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
3281 }
3282 else
3283 {
3284 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
3285 sizeof(GUID));
3286 }
3287
3288 pObjSid->ObjectsPresent = ObjectsPresent;
3289 pObjSid->pSid = pSid;
3290
3291 /* Fill the TRUSTEE structure */
3292 pTrustee->pMultipleTrustee = NULL;
3293 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3294 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
3295 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3296 pTrustee->ptstrName = (LPWSTR) pObjSid;
3297 }
3298
3299 /******************************************************************************
3300 * BuildTrusteeWithSidA [ADVAPI32.@]
3301 */
3302 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
3303 {
3304 TRACE("%p %p\n", pTrustee, pSid);
3305
3306 pTrustee->pMultipleTrustee = NULL;
3307 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3308 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
3309 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3310 pTrustee->ptstrName = pSid;
3311 }
3312
3313 /******************************************************************************
3314 * BuildTrusteeWithSidW [ADVAPI32.@]
3315 */
3316 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
3317 {
3318 TRACE("%p %p\n", pTrustee, pSid);
3319
3320 pTrustee->pMultipleTrustee = NULL;
3321 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3322 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
3323 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3324 pTrustee->ptstrName = pSid;
3325 }
3326
3327 /******************************************************************************
3328 * BuildTrusteeWithNameA [ADVAPI32.@]
3329 */
3330 VOID WINAPI BuildTrusteeWithNameA(PTRUSTEEA pTrustee, LPSTR name)
3331 {
3332 TRACE("%p %s\n", pTrustee, debugstr_a(name) );
3333
3334 pTrustee->pMultipleTrustee = NULL;
3335 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3336 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
3337 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3338 pTrustee->ptstrName = name;
3339 }
3340
3341 /******************************************************************************
3342 * BuildTrusteeWithNameW [ADVAPI32.@]
3343 */
3344 VOID WINAPI BuildTrusteeWithNameW(PTRUSTEEW pTrustee, LPWSTR name)
3345 {
3346 TRACE("%p %s\n", pTrustee, debugstr_w(name) );
3347
3348 pTrustee->pMultipleTrustee = NULL;
3349 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3350 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
3351 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3352 pTrustee->ptstrName = name;
3353 }
3354
3355 /******************************************************************************
3356 * GetTrusteeFormA [ADVAPI32.@]
3357 */
3358 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
3359 {
3360 TRACE("(%p)\n", pTrustee);
3361
3362 if (!pTrustee)
3363 return TRUSTEE_BAD_FORM;
3364
3365 return pTrustee->TrusteeForm;
3366 }
3367
3368 /******************************************************************************
3369 * GetTrusteeFormW [ADVAPI32.@]
3370 */
3371 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
3372 {
3373 TRACE("(%p)\n", pTrustee);
3374
3375 if (!pTrustee)
3376 return TRUSTEE_BAD_FORM;
3377
3378 return pTrustee->TrusteeForm;
3379 }
3380
3381 /******************************************************************************
3382 * GetTrusteeNameA [ADVAPI32.@]
3383 */
3384 LPSTR WINAPI GetTrusteeNameA(PTRUSTEEA pTrustee)
3385 {
3386 TRACE("(%p)\n", pTrustee);
3387
3388 if (!pTrustee)
3389 return NULL;
3390
3391 return pTrustee->ptstrName;
3392 }
3393
3394 /******************************************************************************
3395 * GetTrusteeNameW [ADVAPI32.@]
3396 */
3397 LPWSTR WINAPI GetTrusteeNameW(PTRUSTEEW pTrustee)
3398 {
3399 TRACE("(%p)\n", pTrustee);
3400
3401 if (!pTrustee)
3402 return NULL;
3403
3404 return pTrustee->ptstrName;
3405 }
3406
3407 /******************************************************************************
3408 * GetTrusteeTypeA [ADVAPI32.@]
3409 */
3410 TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEEA pTrustee)
3411 {
3412 TRACE("(%p)\n", pTrustee);
3413
3414 if (!pTrustee)
3415 return TRUSTEE_IS_UNKNOWN;
3416
3417 return pTrustee->TrusteeType;
3418 }
3419
3420 /******************************************************************************
3421 * GetTrusteeTypeW [ADVAPI32.@]
3422 */
3423 TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEEW pTrustee)
3424 {
3425 TRACE("(%p)\n", pTrustee);
3426
3427 if (!pTrustee)
3428 return TRUSTEE_IS_UNKNOWN;
3429
3430 return pTrustee->TrusteeType;
3431 }
3432
3433 BOOL WINAPI SetAclInformation( PACL pAcl, LPVOID pAclInformation,
3434 DWORD nAclInformationLength,
3435 ACL_INFORMATION_CLASS dwAclInformationClass )
3436 {
3437 FIXME("%p %p 0x%08x 0x%08x - stub\n", pAcl, pAclInformation,
3438 nAclInformationLength, dwAclInformationClass);
3439
3440 return TRUE;
3441 }
3442
3443 /******************************************************************************
3444 * SetEntriesInAclA [ADVAPI32.@]
3445 */
3446 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
3447 PACL OldAcl, PACL* NewAcl )
3448 {
3449 FIXME("%d %p %p %p\n",count,pEntries,OldAcl,NewAcl);
3450 if (NewAcl)
3451 *NewAcl = NULL;
3452 return ERROR_SUCCESS;
3453 }
3454
3455 /******************************************************************************
3456 * SetEntriesInAclW [ADVAPI32.@]
3457 */
3458 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
3459 PACL OldAcl, PACL* NewAcl )
3460 {
3461 ULONG i;
3462 PSID *ppsid;
3463 DWORD ret = ERROR_SUCCESS;
3464 DWORD acl_size = sizeof(ACL);
3465 NTSTATUS status;
3466
3467 TRACE("%d %p %p %p\n", count, pEntries, OldAcl, NewAcl);
3468
3469 *NewAcl = NULL;
3470
3471 if (!count && !OldAcl)
3472 return ERROR_SUCCESS;
3473
3474 /* allocate array of maximum sized sids allowed */
3475 ppsid = HeapAlloc(GetProcessHeap(), 0, count * (sizeof(SID *) + FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES])));
3476 if (!ppsid)
3477 return ERROR_OUTOFMEMORY;
3478
3479 for (i = 0; i < count; i++)
3480 {
3481 ppsid[i] = (char *)&ppsid[count] + i * FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]);
3482
3483 TRACE("[%d]:\n\tgrfAccessPermissions = 0x%x\n\tgrfAccessMode = %d\n\tgrfInheritance = 0x%x\n\t"
3484 "Trustee.pMultipleTrustee = %p\n\tMultipleTrusteeOperation = %d\n\tTrusteeForm = %d\n\t"
3485 "Trustee.TrusteeType = %d\n\tptstrName = %p\n", i,
3486 pEntries[i].grfAccessPermissions, pEntries[i].grfAccessMode, pEntries[i].grfInheritance,
3487 pEntries[i].Trustee.pMultipleTrustee, pEntries[i].Trustee.MultipleTrusteeOperation,
3488 pEntries[i].Trustee.TrusteeForm, pEntries[i].Trustee.TrusteeType,
3489 pEntries[i].Trustee.ptstrName);
3490
3491 if (pEntries[i].Trustee.MultipleTrusteeOperation != NO_MULTIPLE_TRUSTEE)
3492 {
3493 WARN("bad multiple trustee operation %d for trustee %d\n", pEntries[i].Trustee.MultipleTrusteeOperation, i);
3494 ret = ERROR_INVALID_PARAMETER;
3495 goto exit;
3496 }
3497
3498 switch (pEntries[i].Trustee.TrusteeForm)
3499 {
3500 case TRUSTEE_IS_SID:
3501 if (!CopySid(FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]),
3502 ppsid[i], pEntries[i].Trustee.ptstrName))
3503 {
3504 WARN("bad sid %p for trustee %d\n", pEntries[i].Trustee.ptstrName, i);
3505 ret = ERROR_INVALID_PARAMETER;
3506 goto exit;
3507 }
3508 break;
3509 case TRUSTEE_IS_NAME:
3510 {
3511 DWORD sid_size = FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]);
3512 DWORD domain_size = MAX_COMPUTERNAME_LENGTH + 1;
3513 SID_NAME_USE use;
3514 if ( strcmpW( pEntries[i].Trustee.ptstrName, CURRENT_USER ) &&
3515 !LookupAccountNameW(NULL, pEntries[i].Trustee.ptstrName, ppsid[i], &sid_size, NULL, &domain_size, &use))
3516 {
3517 WARN("bad user name %s for trustee %d\n", debugstr_w(pEntries[i].Trustee.ptstrName), i);
3518 ret = ERROR_INVALID_PARAMETER;
3519 goto exit;
3520 }
3521 break;
3522 }
3523 case TRUSTEE_IS_OBJECTS_AND_SID:
3524 FIXME("TRUSTEE_IS_OBJECTS_AND_SID unimplemented\n");
3525 break;
3526 case TRUSTEE_IS_OBJECTS_AND_NAME:
3527 FIXME("TRUSTEE_IS_OBJECTS_AND_NAME unimplemented\n");
3528 break;
3529 default:
3530 WARN("bad trustee form %d for trustee %d\n", pEntries[i].Trustee.TrusteeForm, i);
3531 ret = ERROR_INVALID_PARAMETER;
3532 goto exit;
3533 }
3534
3535 /* Note: we overestimate the ACL size here as a tradeoff between
3536 * instructions (simplicity) and memory */
3537 switch (pEntries[i].grfAccessMode)
3538 {
3539 case GRANT_ACCESS:
3540 case SET_ACCESS:
3541 acl_size += FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(ppsid[i]);
3542 break;
3543 case DENY_ACCESS:
3544 acl_size += FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) + GetLengthSid(ppsid[i]);
3545 break;
3546 case SET_AUDIT_SUCCESS:
3547 case SET_AUDIT_FAILURE:
3548 acl_size += FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart) + GetLengthSid(ppsid[i]);
3549 break;
3550 case REVOKE_ACCESS:
3551 break;
3552 default:
3553 WARN("bad access mode %d for trustee %d\n", pEntries[i].grfAccessMode, i);
3554 ret = ERROR_INVALID_PARAMETER;
3555 goto exit;
3556 }
3557 }
3558
3559 if (OldAcl)
3560 {
3561 ACL_SIZE_INFORMATION size_info;
3562
3563 status = RtlQueryInformationAcl(OldAcl, &size_info, sizeof(size_info), AclSizeInformation);
3564 if (status != STATUS_SUCCESS)
3565 {
3566 ret = RtlNtStatusToDosError(status);
3567 goto exit;
3568 }
3569 acl_size += size_info.AclBytesInUse - sizeof(ACL);
3570 }
3571
3572 *NewAcl = LocalAlloc(0, acl_size);
3573 if (!*NewAcl)
3574 {
3575 ret = ERROR_OUTOFMEMORY;
3576 goto exit;
3577 }
3578
3579 status = RtlCreateAcl( *NewAcl, acl_size, ACL_REVISION );
3580 if (status != STATUS_SUCCESS)
3581 {
3582 ret = RtlNtStatusToDosError(status);
3583 goto exit;
3584 }
3585
3586 for (i = 0; i < count; i++)
3587 {
3588 switch (pEntries[i].grfAccessMode)
3589 {
3590 case GRANT_ACCESS:
3591 status = RtlAddAccessAllowedAceEx(*NewAcl, ACL_REVISION,
3592 pEntries[i].grfInheritance,
3593 pEntries[i].grfAccessPermissions,
3594 ppsid[i]);
3595 break;
3596 case SET_ACCESS:
3597 {
3598 ULONG j;
3599 BOOL add = TRUE;
3600 if (OldAcl)
3601 {
3602 for (j = 0; ; j++)
3603 {
3604 const ACE_HEADER *existing_ace_header;
3605 status = RtlGetAce(OldAcl, j, (LPVOID *)&existing_ace_header);
3606 if (status != STATUS_SUCCESS)
3607 break;
3608 if (pEntries[i].grfAccessMode == SET_ACCESS &&
3609 existing_ace_header->AceType == ACCESS_ALLOWED_ACE_TYPE &&
3610 EqualSid(ppsid[i], &((ACCESS_ALLOWED_ACE *)existing_ace_header)->SidStart))
3611 {
3612 add = FALSE;
3613 break;
3614 }
3615 }
3616 }
3617 if (add)
3618 status = RtlAddAccessAllowedAceEx(*NewAcl, ACL_REVISION,
3619 pEntries[i].grfInheritance,
3620 pEntries[i].grfAccessPermissions,
3621 ppsid[i]);
3622 break;
3623 }
3624 case DENY_ACCESS:
3625 status = RtlAddAccessDeniedAceEx(*NewAcl, ACL_REVISION,
3626 pEntries[i].grfInheritance,
3627 pEntries[i].grfAccessPermissions,
3628 ppsid[i]);
3629 break;
3630 case SET_AUDIT_SUCCESS:
3631 status = RtlAddAuditAccessAceEx(*NewAcl, ACL_REVISION,
3632 pEntries[i].grfInheritance,
3633 pEntries[i].grfAccessPermissions,
3634 ppsid[i], TRUE, FALSE);
3635 break;
3636 case SET_AUDIT_FAILURE:
3637 status = RtlAddAuditAccessAceEx(*NewAcl, ACL_REVISION,
3638 pEntries[i].grfInheritance,
3639 pEntries[i].grfAccessPermissions,
3640 ppsid[i], FALSE, TRUE);
3641 break;
3642 default:
3643 FIXME("unhandled access mode %d\n", pEntries[i].grfAccessMode);
3644 }
3645 }
3646
3647 if (OldAcl)
3648 {
3649 for (i = 0; ; i++)
3650 {
3651 BOOL add = TRUE;
3652 ULONG j;
3653 const ACE_HEADER *old_ace_header;
3654 status = RtlGetAce(OldAcl, i, (LPVOID *)&old_ace_header);
3655 if (status != STATUS_SUCCESS) break;
3656 for (j = 0; j < count; j++)
3657 {
3658 if (pEntries[j].grfAccessMode == SET_ACCESS &&
3659 old_ace_header->AceType == ACCESS_ALLOWED_ACE_TYPE &&
3660 EqualSid(ppsid[j], &((ACCESS_ALLOWED_ACE *)old_ace_header)->SidStart))
3661 {
3662 status = RtlAddAccessAllowedAceEx(*NewAcl, ACL_REVISION, pEntries[j].grfInheritance, pEntries[j].grfAccessPermissions, ppsid[j]);
3663 add = FALSE;
3664 break;
3665 }
3666 else if (pEntries[j].grfAccessMode == REVOKE_ACCESS)
3667 {
3668 switch (old_ace_header->AceType)
3669 {
3670 case ACCESS_ALLOWED_ACE_TYPE:
3671 if (EqualSid(ppsid[j], &((ACCESS_ALLOWED_ACE *)old_ace_header)->SidStart))
3672 add = FALSE;
3673 break;
3674 case ACCESS_DENIED_ACE_TYPE:
3675 if (EqualSid(ppsid[j], &((ACCESS_DENIED_ACE *)old_ace_header)->SidStart))
3676 add = FALSE;
3677 break;
3678 case SYSTEM_AUDIT_ACE_TYPE:
3679 if (EqualSid(ppsid[j], &((SYSTEM_AUDIT_ACE *)old_ace_header)->SidStart))
3680 add = FALSE;
3681 break;
3682 case SYSTEM_ALARM_ACE_TYPE:
3683 if (EqualSid(ppsid[j], &((SYSTEM_ALARM_ACE *)old_ace_header)->SidStart))
3684 add = FALSE;
3685 break;
3686 default:
3687 FIXME("unhandled ace type %d\n", old_ace_header->AceType);
3688 }
3689
3690 if (!add)
3691 break;
3692 }
3693 }
3694 if (add)
3695 status = RtlAddAce(*NewAcl, ACL_REVISION, 1, (PACE_HEADER)old_ace_header, old_ace_header->AceSize);
3696 if (status != STATUS_SUCCESS)
3697 {
3698 WARN("RtlAddAce failed with error 0x%08x\n", status);
3699 ret = RtlNtStatusToDosError(status);
3700 break;
3701 }
3702 }
3703 }
3704
3705 exit:
3706 HeapFree(GetProcessHeap(), 0, ppsid);
3707 return ret;
3708 }
3709
3710 /******************************************************************************
3711 * SetNamedSecurityInfoA [ADVAPI32.@]
3712 */
3713 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
3714 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3715 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
3716 {
3717 DWORD len;
3718 LPWSTR wstr = NULL;
3719 DWORD r;
3720
3721 TRACE("%s %d %d %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
3722 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
3723
3724 if( pObjectName )
3725 {
3726 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3727 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3728 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3729 }
3730
3731 r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner,
3732 psidGroup, pDacl, pSacl );
3733
3734 HeapFree( GetProcessHeap(), 0, wstr );
3735
3736 return r;
3737 }
3738
3739 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION SecurityInformation,
3740 PSECURITY_DESCRIPTOR ModificationDescriptor,
3741 PSECURITY_DESCRIPTOR* ObjectsSecurityDescriptor,
3742 PGENERIC_MAPPING GenericMapping,
3743 HANDLE Token )
3744 {
3745 FIXME("0x%08x %p %p %p %p - stub\n", SecurityInformation, ModificationDescriptor,
3746 ObjectsSecurityDescriptor, GenericMapping, Token);
3747
3748 return TRUE;
3749 }
3750
3751 BOOL WINAPI AreAllAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
3752 {
3753 return RtlAreAllAccessesGranted( GrantedAccess, DesiredAccess );
3754 }
3755
3756 /******************************************************************************
3757 * AreAnyAccessesGranted [ADVAPI32.@]
3758 *
3759 * Determines whether or not any of a set of specified access permissions have
3760 * been granted or not.
3761 *
3762 * PARAMS
3763 * GrantedAccess [I] The permissions that have been granted.
3764 * DesiredAccess [I] The permissions that you want to have.
3765 *
3766 * RETURNS
3767 * Nonzero if any of the permissions have been granted, zero if none of the
3768 * permissions have been granted.
3769 */
3770
3771 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
3772 {
3773 return RtlAreAnyAccessesGranted( GrantedAccess, DesiredAccess );
3774 }
3775
3776 /******************************************************************************
3777 * SetNamedSecurityInfoW [ADVAPI32.@]
3778 */
3779 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
3780 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3781 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
3782 {
3783 FIXME("%s %d %d %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
3784 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
3785 return ERROR_SUCCESS;
3786 }
3787
3788 /******************************************************************************
3789 * GetExplicitEntriesFromAclA [ADVAPI32.@]
3790 */
3791 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
3792 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
3793 {
3794 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
3795 return ERROR_CALL_NOT_IMPLEMENTED;
3796 }
3797
3798 /******************************************************************************
3799 * GetExplicitEntriesFromAclW [ADVAPI32.@]
3800 */
3801 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
3802 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
3803 {
3804 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
3805 return ERROR_CALL_NOT_IMPLEMENTED;
3806 }
3807
3808 /******************************************************************************
3809 * GetAuditedPermissionsFromAclA [ADVAPI32.@]
3810 */
3811 DWORD WINAPI GetAuditedPermissionsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pSuccessfulAuditedRights,
3812 PACCESS_MASK pFailedAuditRights)
3813 {
3814 FIXME("%p %p %p %p\n",pacl, pTrustee, pSuccessfulAuditedRights, pFailedAuditRights);
3815 return ERROR_CALL_NOT_IMPLEMENTED;
3816
3817 }
3818
3819 /******************************************************************************
3820 * GetAuditedPermissionsFromAclW [ADVAPI32.@]
3821 */
3822 DWORD WINAPI GetAuditedPermissionsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pSuccessfulAuditedRights,
3823 PACCESS_MASK pFailedAuditRights)
3824 {
3825 FIXME("%p %p %p %p\n",pacl, pTrustee, pSuccessfulAuditedRights, pFailedAuditRights);
3826 return ERROR_CALL_NOT_IMPLEMENTED;
3827
3828 }
3829
3830 /******************************************************************************
3831 * ParseAclStringFlags
3832 */
3833 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
3834 {
3835 DWORD flags = 0;
3836 LPCWSTR szAcl = *StringAcl;
3837
3838 while (*szAcl != '(')
3839 {
3840 if (*szAcl == 'P')
3841 {
3842 flags |= SE_DACL_PROTECTED;
3843 }
3844 else if (*szAcl == 'A')
3845 {
3846 szAcl++;
3847 if (*szAcl == 'R')
3848 flags |= SE_DACL_AUTO_INHERIT_REQ;
3849 else if (*szAcl == 'I')
3850 flags |= SE_DACL_AUTO_INHERITED;
3851 }
3852 szAcl++;
3853 }
3854
3855 *StringAcl = szAcl;
3856 return flags;
3857 }
3858
3859 /******************************************************************************
3860 * ParseAceStringType
3861 */
3862 static const ACEFLAG AceType[] =
3863 {
3864 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
3865 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
3866 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
3867 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
3868 /*
3869 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
3870 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
3871 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
3872 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
3873 */
3874 { NULL, 0 },
3875 };
3876
3877 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
3878 {
3879 UINT len = 0;
3880 LPCWSTR szAcl = *StringAcl;
3881 const ACEFLAG *lpaf = AceType;
3882
3883 while (lpaf->wstr &&
3884 (len = strlenW(lpaf->wstr)) &&
3885 strncmpW(lpaf->wstr, szAcl, len))
3886 lpaf++;
3887
3888 if (!lpaf->wstr)
3889 return 0;
3890
3891 *StringAcl += len;
3892 return lpaf->value;
3893 }
3894
3895
3896 /******************************************************************************
3897 * ParseAceStringFlags
3898 */
3899 static const ACEFLAG AceFlags[] =
3900 {
3901 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
3902 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
3903 { SDDL_INHERITED, INHERITED_ACE },
3904 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
3905 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
3906 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
3907 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
3908 { NULL, 0 },
3909 };
3910
3911 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
3912 {
3913 UINT len = 0;
3914 BYTE flags = 0;
3915 LPCWSTR szAcl = *StringAcl;
3916
3917 while (*szAcl != ';')
3918 {
3919 const ACEFLAG *lpaf = AceFlags;
3920
3921 while (lpaf->wstr &&
3922 (len = strlenW(lpaf->wstr)) &&
3923 strncmpW(lpaf->wstr, szAcl, len))
3924 lpaf++;
3925
3926 if (!lpaf->wstr)
3927 return 0;
3928
3929 flags |= lpaf->value;
3930 szAcl += len;
3931 }
3932
3933 *StringAcl = szAcl;
3934 return flags;
3935 }
3936
3937
3938 /******************************************************************************
3939 * ParseAceStringRights
3940 */
3941 static const ACEFLAG AceRights[] =
3942 {
3943 { SDDL_GENERIC_ALL, GENERIC_ALL },
3944 { SDDL_GENERIC_READ, GENERIC_READ },
3945 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
3946 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
3947
3948 { SDDL_READ_CONTROL, READ_CONTROL },
3949 { SDDL_STANDARD_DELETE, DELETE },
3950 { SDDL_WRITE_DAC, WRITE_DAC },
3951 { SDDL_WRITE_OWNER, WRITE_OWNER },
3952
3953 { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP},
3954 { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP},
3955 { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD},
3956 { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD},
3957 { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST},
3958 { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF},
3959 { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT},
3960 { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE},
3961 { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS},
3962
3963 { SDDL_FILE_ALL, FILE_ALL_ACCESS },
3964 { SDDL_FILE_READ, FILE_GENERIC_READ },
3965 { SDDL_FILE_WRITE, FILE_GENERIC_WRITE },
3966 { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE },
3967
3968 { SDDL_KEY_ALL, KEY_ALL_ACCESS },
3969 { SDDL_KEY_READ, KEY_READ },
3970 { SDDL_KEY_WRITE, KEY_WRITE },
3971 { SDDL_KEY_EXECUTE, KEY_EXECUTE },
3972 { NULL, 0 },
3973 };
3974
3975 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
3976 {
3977 UINT len = 0;
3978 DWORD rights = 0;
3979 LPCWSTR szAcl = *StringAcl;
3980
3981 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
3982 {
3983 LPCWSTR p = szAcl;
3984
3985 while (*p && *p != ';')
3986 p++;
3987
3988 if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
3989 {
3990 rights = strtoulW(szAcl, NULL, 16);
3991 szAcl = p;
3992 }
3993 else
3994 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
3995 }
3996 else
3997 {
3998 while (*szAcl != ';')
3999 {
4000 const ACEFLAG *lpaf = AceRights;
4001
4002 while (lpaf->wstr &&
4003 (len = strlenW(lpaf->wstr)) &&
4004 strncmpW(lpaf->wstr, szAcl, len))
4005 {
4006 lpaf++;
4007 }
4008
4009 if (!lpaf->wstr)
4010 return 0;
4011
4012 rights |= lpaf->value;
4013 szAcl += len;
4014 }
4015 }
4016
4017 *StringAcl = szAcl;
4018 return rights;
4019 }
4020
4021
4022 /******************************************************************************
4023 * ParseStringAclToAcl
4024 *
4025 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
4026 */
4027 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
4028 PACL pAcl, LPDWORD cBytes)
4029 {
4030 DWORD val;
4031 DWORD sidlen;
4032 DWORD length = sizeof(ACL);
4033 DWORD acesize = 0;
4034 DWORD acecount = 0;
4035 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
4036
4037 TRACE("%s\n", debugstr_w(StringAcl));
4038
4039 if (!StringAcl)
4040 return FALSE;
4041
4042 if (pAcl) /* pAce is only useful if we're setting values */
4043 pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);
4044
4045 /* Parse ACL flags */
4046 *lpdwFlags = ParseAclStringFlags(&StringAcl);
4047
4048 /* Parse ACE */
4049 while (*StringAcl == '(')
4050 {
4051 StringAcl++;
4052
4053 /* Parse ACE type */
4054 val = ParseAceStringType(&StringAcl);
4055 if (pAce)
4056 pAce->Header.AceType = (BYTE) val;
4057 if (*StringAcl != ';')
4058 goto lerr;
4059 StringAcl++;
4060
4061 /* Parse ACE flags */
4062 val = ParseAceStringFlags(&StringAcl);
4063 if (pAce)
4064 pAce->Header.AceFlags = (BYTE) val;
4065 if (*StringAcl != ';')
4066 goto lerr;
4067 StringAcl++;
4068
4069 /* Parse ACE rights */
4070 val = ParseAceStringRights(&StringAcl);
4071 if (pAce)
4072 pAce->Mask = val;
4073 if (*StringAcl != ';')
4074 goto lerr;
4075 StringAcl++;
4076
4077 /* Parse ACE object guid */
4078 if (*StringAcl != ';')
4079 {
4080 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
4081 goto lerr;
4082 }
4083 StringAcl++;
4084
4085 /* Parse ACE inherit object guid */
4086 if (*StringAcl != ';')
4087 {
4088 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
4089 goto lerr;
4090 }
4091 StringAcl++;
4092
4093 /* Parse ACE account sid */
4094 if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen))
4095 {
4096 while (*StringAcl && *StringAcl != ')')
4097 StringAcl++;
4098 }
4099
4100 if (*StringAcl != ')')
4101 goto lerr;
4102 StringAcl++;
4103
4104 acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
4105 length += acesize;
4106 if (pAce)
4107 {
4108 pAce->Header.AceSize = acesize;
4109 pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize);
4110 }
4111 acecount++;
4112 }
4113
4114 *cBytes = length;
4115
4116 if (length > 0xffff)
4117 {
4118 ERR("ACL too large\n");
4119 goto lerr;
4120 }
4121
4122 if (pAcl)
4123 {
4124 pAcl->AclRevision = ACL_REVISION;
4125 pAcl->Sbz1 = 0;
4126 pAcl->AclSize = length;
4127 pAcl->AceCount = acecount++;
4128 pAcl->Sbz2 = 0;
4129 }
4130 return TRUE;
4131
4132 lerr:
4133 SetLastError(ERROR_INVALID_ACL);
4134 WARN("Invalid ACE string format\n");
4135 return FALSE;
4136 }
4137
4138
4139 /******************************************************************************
4140 * ParseStringSecurityDescriptorToSecurityDescriptor
4141 */
4142 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
4143 LPCWSTR StringSecurityDescriptor,
4144 SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
4145 LPDWORD cBytes)
4146 {
4147 BOOL bret = FALSE;
4148 WCHAR toktype;
4149 WCHAR tok[MAX_PATH];
4150 LPCWSTR lptoken;
4151 LPBYTE lpNext = NULL;
4152 DWORD len;
4153
4154 *cBytes = sizeof(SECURITY_DESCRIPTOR);
4155
4156 if (SecurityDescriptor)
4157 lpNext = (LPBYTE)(SecurityDescriptor + 1);
4158
4159 while (*StringSecurityDescriptor)
4160 {
4161 toktype = *StringSecurityDescriptor;
4162
4163 /* Expect char identifier followed by ':' */
4164 StringSecurityDescriptor++;
4165 if (*StringSecurityDescriptor != ':')
4166 {
4167 SetLastError(ERROR_INVALID_PARAMETER);
4168 goto lend;
4169 }
4170 StringSecurityDescriptor++;
4171
4172 /* Extract token */
4173 lptoken = StringSecurityDescriptor;
4174 while (*lptoken && *lptoken != ':')
4175 lptoken++;
4176
4177 if (*lptoken)
4178 lptoken--;
4179
4180 len = lptoken - StringSecurityDescriptor;
4181 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
4182 tok[len] = 0;
4183
4184 switch (toktype)
4185 {
4186 case 'O':
4187 {
4188 DWORD bytes;
4189
4190 if (!ParseStringSidToSid(tok, lpNext, &bytes))
4191 goto lend;
4192
4193 if (SecurityDescriptor)
4194 {
4195 SecurityDescriptor->Owner = lpNext - (LPBYTE)SecurityDescriptor;
4196 lpNext += bytes; /* Advance to next token */
4197 }
4198
4199 *cBytes += bytes;
4200
4201 break;
4202 }
4203
4204 case 'G':
4205 {
4206 DWORD bytes;
4207
4208 if (!ParseStringSidToSid(tok, lpNext, &bytes))
4209 goto lend;
4210
4211 if (SecurityDescriptor)
4212 {
4213 SecurityDescriptor->Group = lpNext - (LPBYTE)SecurityDescriptor;
4214 lpNext += bytes; /* Advance to next token */
4215 }
4216
4217 *cBytes += bytes;
4218
4219 break;
4220 }
4221
4222 case 'D':
4223 {
4224 DWORD flags;
4225 DWORD bytes;
4226
4227 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
4228 goto lend;
4229
4230 if (SecurityDescriptor)
4231 {
4232 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
4233 SecurityDescriptor->Dacl = lpNext - (LPBYTE)SecurityDescriptor;
4234 lpNext += bytes; /* Advance to next token */
4235 }
4236
4237 *cBytes += bytes;
4238
4239 break;
4240 }
4241
4242 case 'S':
4243 {
4244 DWORD flags;
4245 DWORD bytes;
4246
4247 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
4248 goto lend;
4249
4250 if (SecurityDescriptor)
4251 {
4252 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
4253 SecurityDescriptor->Sacl = lpNext - (LPBYTE)SecurityDescriptor;
4254 lpNext += bytes; /* Advance to next token */
4255 }
4256
4257 *cBytes += bytes;
4258
4259 break;
4260 }
4261
4262 default:
4263 FIXME("Unknown token\n");
4264 SetLastError(ERROR_INVALID_PARAMETER);
4265 goto lend;
4266 }
4267
4268 StringSecurityDescriptor = lptoken;
4269 }
4270
4271 bret = TRUE;
4272
4273 lend:
4274 return bret;
4275 }
4276
4277 /******************************************************************************
4278 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
4279 */
4280 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(
4281 LPCSTR StringSecurityDescriptor,
4282 DWORD StringSDRevision,
4283 PSECURITY_DESCRIPTOR* SecurityDescriptor,
4284 PULONG SecurityDescriptorSize)
4285 {
4286 UINT len;
4287 BOOL ret = FALSE;
4288 LPWSTR StringSecurityDescriptorW;
4289
4290 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
4291 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
4292
4293 if (StringSecurityDescriptorW)
4294 {
4295 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
4296
4297 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
4298 StringSDRevision, SecurityDescriptor,
4299 SecurityDescriptorSize);
4300 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
4301 }
4302
4303 return ret;
4304 }
4305
4306 /******************************************************************************
4307 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
4308 */
4309 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
4310 LPCWSTR StringSecurityDescriptor,
4311 DWORD StringSDRevision,
4312 PSECURITY_DESCRIPTOR* SecurityDescriptor,
4313 PULONG SecurityDescriptorSize)
4314 {
4315 DWORD cBytes;
4316 SECURITY_DESCRIPTOR* psd;
4317 BOOL bret = FALSE;
4318
4319 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
4320
4321 if (GetVersion() & 0x80000000)
4322 {
4323 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
4324 goto lend;
4325 }
4326 else if (!StringSecurityDescriptor || !SecurityDescriptor)
4327 {
4328 SetLastError(ERROR_INVALID_PARAMETER);
4329 goto lend;
4330 }
4331 else if (StringSDRevision != SID_REVISION)
4332 {
4333 SetLastError(ERROR_UNKNOWN_REVISION);
4334 goto lend;
4335 }
4336
4337 /* Compute security descriptor length */
4338 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
4339 NULL, &cBytes))
4340 goto lend;
4341
4342 psd = *SecurityDescriptor = LocalAlloc(GMEM_ZEROINIT, cBytes);
4343 if (!psd) goto lend;
4344
4345 psd->Revision = SID_REVISION;
4346 psd->Control |= SE_SELF_RELATIVE;
4347
4348 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
4349 (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
4350 {
4351 LocalFree(psd);
4352 goto lend;
4353 }
4354
4355 if (SecurityDescriptorSize)
4356 *SecurityDescriptorSize = cBytes;
4357
4358 bret = TRUE;
4359
4360 lend:
4361 TRACE(" ret=%d\n", bret);
4362 return bret;
4363 }
4364
4365 static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
4366 {
4367 if (cch == -1)
4368 cch = strlenW(string);
4369
4370 if (plen)
4371 *plen += cch;
4372
4373 if (pwptr)
4374 {
4375 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
4376 *pwptr += cch;
4377 }
4378 }
4379
4380 static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
4381 {
4382 DWORD i;
4383 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
4384 WCHAR subauthfmt[] = { '-','%','u',0 };
4385 WCHAR buf[26];
4386 SID *pisid = psid;
4387
4388 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
4389 {
4390 SetLastError(ERROR_INVALID_SID);
4391 return FALSE;
4392 }
4393
4394 if (pisid->IdentifierAuthority.Value[0] ||
4395 pisid->IdentifierAuthority.Value[1])
4396 {
4397 FIXME("not matching MS' bugs\n");
4398 SetLastError(ERROR_INVALID_SID);
4399 return FALSE;
4400 }
4401
4402 sprintfW( buf, fmt, pisid->Revision,
4403 MAKELONG(
4404 MAKEWORD( pisid->IdentifierAuthority.Value[5],
4405 pisid->IdentifierAuthority.Value[4] ),
4406 MAKEWORD( pisid->IdentifierAuthority.Value[3],
4407 pisid->IdentifierAuthority.Value[2] )
4408 ) );
4409 DumpString(buf, -1, pwptr, plen);
4410
4411 for( i=0; i<pisid->SubAuthorityCount; i++ )
4412 {
4413 sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
4414 DumpString(buf, -1, pwptr, plen);
4415 }
4416 return TRUE;
4417 }
4418
4419 static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
4420 {
4421 size_t i;
4422 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
4423 {
4424 if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
4425 {
4426 DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
4427 return TRUE;
4428 }
4429 }
4430
4431 return DumpSidNumeric(psid, pwptr, plen);
4432 }
4433
4434 static const LPCWSTR AceRightBitNames[32] = {
4435 SDDL_CREATE_CHILD, /* 0 */
4436 SDDL_DELETE_CHILD,
4437 SDDL_LIST_CHILDREN,
4438 SDDL_SELF_WRITE,
4439 SDDL_READ_PROPERTY, /* 4 */
4440 SDDL_WRITE_PROPERTY,
4441 SDDL_DELETE_TREE,
4442 SDDL_LIST_OBJECT,
4443 SDDL_CONTROL_ACCESS, /* 8 */
4444 NULL,
4445 NULL,
4446 NULL,
4447 NULL, /* 12 */
4448 NULL,
4449 NULL,
4450 NULL,
4451 SDDL_STANDARD_DELETE, /* 16 */
4452 SDDL_READ_CONTROL,
4453 SDDL_WRITE_DAC,
4454 SDDL_WRITE_OWNER,
4455 NULL, /* 20 */
4456 NULL,
4457 NULL,
4458 NULL,
4459 NULL, /* 24 */
4460 NULL,
4461 NULL,
4462 NULL,
4463 SDDL_GENERIC_ALL, /* 28 */
4464 SDDL_GENERIC_EXECUTE,
4465 SDDL_GENERIC_WRITE,
4466 SDDL_GENERIC_READ
4467 };
4468
4469 static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
4470 {
4471 static const WCHAR fmtW[] = {'0','x','%','x',0};
4472 WCHAR buf[15];
4473 size_t i;
4474
4475 if (mask == 0)
4476 return;
4477
4478 /* first check if the right have name */
4479 for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
4480 {
4481 if (AceRights[i].wstr == NULL)
4482 break;
4483 if (mask == AceRights[i].value)
4484 {
4485 DumpString(AceRights[i].wstr, -1, pwptr, plen);
4486 return;
4487 }
4488 }
4489
4490 /* then check if it can be built from bit names */
4491 for (i = 0; i < 32; i++)
4492 {
4493 if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
4494 {
4495 /* can't be built from bit names */
4496 sprintfW(buf, fmtW, mask);
4497 DumpString(buf, -1, pwptr, plen);
4498 return;
4499 }
4500 }
4501
4502 /* build from bit names */
4503 for (i = 0; i < 32; i++)
4504 if (mask & (1 << i))
4505 DumpString(AceRightBitNames[i], -1, pwptr, plen);
4506 }
4507
4508 static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
4509 {
4510 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
4511 static const WCHAR openbr = '(';
4512 static const WCHAR closebr = ')';
4513 static const WCHAR semicolon = ';';
4514
4515 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
4516 {
4517 SetLastError(ERROR_INVALID_ACL);
4518 return FALSE;
4519 }
4520
4521 piace = pace;
4522 DumpString(&openbr, 1, pwptr, plen);
4523 switch (piace->Header.AceType)
4524 {
4525 case ACCESS_ALLOWED_ACE_TYPE:
4526 DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
4527 break;
4528 case ACCESS_DENIED_ACE_TYPE:
4529 DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
4530 break;
4531 case SYSTEM_AUDIT_ACE_TYPE:
4532 DumpString(SDDL_AUDIT, -1, pwptr, plen);
4533 break;
4534 case SYSTEM_ALARM_ACE_TYPE:
4535 DumpString(SDDL_ALARM, -1, pwptr, plen);
4536 break;
4537 }
4538 DumpString(&semicolon, 1, pwptr, plen);
4539
4540 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
4541 DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
4542 if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
4543 DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
4544 if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE)
4545 DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
4546 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
4547 DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
4548 if (piace->Header.AceFlags & INHERITED_ACE)
4549 DumpString(SDDL_INHERITED, -1, pwptr, plen);
4550 if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
4551 DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
4552 if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
4553 DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
4554 DumpString(&semicolon, 1, pwptr, plen);
4555 DumpRights(piace->Mask, pwptr, plen);
4556 DumpString(&semicolon, 1, pwptr, plen);
4557 /* objects not supported */
4558 DumpString(&semicolon, 1, pwptr, plen);
4559 /* objects not supported */
4560 DumpString(&semicolon, 1, pwptr, plen);
4561 if (!DumpSid(&piace->SidStart, pwptr, plen))
4562 return FALSE;
4563 DumpString(&closebr, 1, pwptr, plen);
4564 return TRUE;
4565 }
4566
4567 static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
4568 {
4569 WORD count;
4570 int i;
4571
4572 if (protected)
4573 DumpString(SDDL_PROTECTED, -1, pwptr, plen);
4574 if (autoInheritReq)
4575 DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
4576 if (autoInherited)
4577 DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
4578
4579 if (pacl == NULL)
4580 return TRUE;
4581
4582 if (!IsValidAcl(pacl))
4583 return FALSE;
4584
4585 count = pacl->AceCount;
4586 for (i = 0; i < count; i++)
4587 {
4588 LPVOID ace;
4589 if (!GetAce(pacl, i, &ace))
4590 return FALSE;
4591 if (!DumpAce(ace, pwptr, plen))
4592 return FALSE;
4593 }
4594
4595 return TRUE;
4596 }
4597
4598 static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
4599 {
4600 static const WCHAR prefix[] = {'O',':',0};
4601 BOOL bDefaulted;
4602 PSID psid;
4603
4604 if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
4605 return FALSE;
4606
4607 if (psid == NULL)
4608 return TRUE;
4609
4610 DumpString(prefix, -1, pwptr, plen);
4611 if (!DumpSid(psid, pwptr, plen))
4612 return FALSE;
4613 return TRUE;
4614 }
4615
4616 static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
4617 {
4618 static const WCHAR prefix[] = {'G',':',0};
4619 BOOL bDefaulted;
4620 PSID psid;
4621
4622 if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
4623 return FALSE;
4624
4625 if (psid == NULL)
4626 return TRUE;
4627
4628 DumpString(prefix, -1, pwptr, plen);
4629 if (!DumpSid(psid, pwptr, plen))
4630 return FALSE;
4631 return TRUE;
4632 }
4633
4634 static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
4635 {
4636 static const WCHAR dacl[] = {'D',':',0};
4637 SECURITY_DESCRIPTOR_CONTROL control;
4638 BOOL present, defaulted;
4639 DWORD revision;
4640 PACL pacl;
4641
4642 if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
4643 return FALSE;
4644
4645 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
4646 return FALSE;
4647
4648 if (!present)
4649 return TRUE;
4650
4651 DumpString(dacl, 2, pwptr, plen);
4652 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
4653 return FALSE;
4654 return TRUE;
4655 }
4656
4657 static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
4658 {
4659 static const WCHAR sacl[] = {'S',':',0};
4660 SECURITY_DESCRIPTOR_CONTROL control;
4661 BOOL present, defaulted;
4662 DWORD revision;
4663 PACL pacl;
4664
4665 if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
4666 return FALSE;
4667
4668 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
4669 return FALSE;
4670
4671 if (!present)
4672 return TRUE;
4673
4674 DumpString(sacl, 2, pwptr, plen);
4675 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
4676 return FALSE;
4677 return TRUE;
4678 }
4679
4680 /******************************************************************************
4681 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
4682 */
4683 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
4684 {
4685 ULONG len;
4686 WCHAR *wptr, *wstr;
4687
4688 if (SDRevision != SDDL_REVISION_1)
4689 {
4690 ERR("Pogram requested unknown SDDL revision %d\n", SDRevision);
4691 SetLastError(ERROR_UNKNOWN_REVISION);
4692 return FALSE;
4693 }
4694
4695 len = 0;
4696 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
4697 if (!DumpOwner(SecurityDescriptor, NULL, &len))
4698 return FALSE;
4699 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
4700 if (!DumpGroup(SecurityDescriptor, NULL, &len))
4701 return FALSE;
4702 if (RequestedInformation & DACL_SECURITY_INFORMATION)
4703 if (!DumpDacl(SecurityDescriptor, NULL, &len))
4704 return FALSE;
4705 if (RequestedInformation & SACL_SECURITY_INFORMATION)
4706 if (!DumpSacl(SecurityDescriptor, NULL, &len))
4707 return FALSE;
4708
4709 wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
4710 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
4711 if (!DumpOwner(SecurityDescriptor, &wptr, NULL))
4712 return FALSE;
4713 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
4714 if (!DumpGroup(SecurityDescriptor, &wptr, NULL))
4715 return FALSE;
4716 if (RequestedInformation & DACL_SECURITY_INFORMATION)
4717 if (!DumpDacl(SecurityDescriptor, &wptr, NULL))
4718 return FALSE;
4719 if (RequestedInformation & SACL_SECURITY_INFORMATION)
4720 if (!DumpSacl(SecurityDescriptor, &wptr, NULL))
4721 return FALSE;
4722 *wptr = 0;
4723
4724 TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
4725 *OutputString = wstr;
4726 if (OutputLen)
4727 *OutputLen = strlenW(*OutputString)+1;
4728 return TRUE;
4729 }
4730
4731 /******************************************************************************
4732 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
4733 */
4734 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
4735 {
4736 LPWSTR wstr;
4737 ULONG len;
4738 if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
4739 {
4740 int lenA;
4741
4742 lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
4743 *OutputString = HeapAlloc(GetProcessHeap(), 0, lenA);
4744 WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
4745 LocalFree(wstr);
4746
4747 if (OutputLen != NULL)
4748 *OutputLen = lenA;
4749 return TRUE;
4750 }
4751 else
4752 {
4753 *OutputString = NULL;
4754 if (OutputLen)
4755 *OutputLen = 0;
4756 return FALSE;
4757 }
4758 }
4759
4760 /******************************************************************************
4761 * ConvertStringSidToSidW [ADVAPI32.@]
4762 */
4763 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
4764 {
4765 BOOL bret = FALSE;
4766 DWORD cBytes;
4767
4768 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
4769 if (GetVersion() & 0x80000000)
4770 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
4771 else if (!StringSid || !Sid)
4772 SetLastError(ERROR_INVALID_PARAMETER);
4773 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
4774 {
4775 PSID pSid = *Sid = LocalAlloc(0, cBytes);
4776
4777 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
4778 if (!bret)
4779 LocalFree(*Sid);
4780 }
4781 return bret;
4782 }
4783
4784 /******************************************************************************
4785 * ConvertStringSidToSidA [ADVAPI32.@]
4786 */
4787 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
4788 {
4789 BOOL bret = FALSE;
4790
4791 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
4792 if (GetVersion() & 0x80000000)
4793 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
4794 else if (!StringSid || !Sid)
4795 SetLastError(ERROR_INVALID_PARAMETER);
4796 else
4797 {
4798 UINT len = MultiByteToWideChar(CP_ACP, 0, StringSid, -1, NULL, 0);
4799 LPWSTR wStringSid = HeapAlloc(GetProcessHeap(), 0,
4800 len * sizeof(WCHAR));
4801
4802 MultiByteToWideChar(CP_ACP, 0, StringSid, -1, wStringSid, len);
4803 bret = ConvertStringSidToSidW(wStringSid, Sid);
4804 HeapFree(GetProcessHeap(), 0, wStringSid);
4805 }
4806 return bret;
4807 }
4808
4809 /******************************************************************************
4810 * ConvertSidToStringSidW [ADVAPI32.@]
4811 *
4812 * format of SID string is:
4813 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
4814 * where
4815 * <rev> is the revision of the SID encoded as decimal
4816 * <auth> is the identifier authority encoded as hex
4817 * <subauthN> is the subauthority id encoded as decimal
4818 */
4819 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr )
4820 {
4821 DWORD len = 0;
4822 LPWSTR wstr, wptr;
4823
4824 TRACE("%p %p\n", pSid, pstr );
4825
4826 len = 0;
4827 if (!DumpSidNumeric(pSid, NULL, &len))
4828 return FALSE;
4829 wstr = wptr = LocalAlloc(0, (len+1) * sizeof(WCHAR));
4830 DumpSidNumeric(pSid, &wptr, NULL);
4831 *wptr = 0;
4832
4833 *pstr = wstr;
4834 return TRUE;
4835 }
4836
4837 /******************************************************************************
4838 * ConvertSidToStringSidA [ADVAPI32.@]
4839 */
4840 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr)
4841 {
4842 LPWSTR wstr = NULL;
4843 LPSTR str;
4844 UINT len;
4845
4846 TRACE("%p %p\n", pSid, pstr );
4847
4848 if( !ConvertSidToStringSidW( pSid, &wstr ) )
4849 return FALSE;
4850
4851 len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL );
4852 str = LocalAlloc( 0, len );
4853 WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL );
4854 LocalFree( wstr );
4855
4856 *pstr = str;
4857
4858 return TRUE;
4859 }
4860
4861 BOOL WINAPI ConvertToAutoInheritPrivateObjectSecurity(
4862 PSECURITY_DESCRIPTOR pdesc,
4863 PSECURITY_DESCRIPTOR cdesc,
4864 PSECURITY_DESCRIPTOR* ndesc,
4865 GUID* objtype,
4866 BOOL isdir,
4867 PGENERIC_MAPPING genmap )
4868 {
4869 FIXME("%p %p %p %p %d %p - stub\n", pdesc, cdesc, ndesc, objtype, isdir, genmap);
4870
4871 return FALSE;
4872 }
4873
4874 BOOL WINAPI CreatePrivateObjectSecurity(
4875 PSECURITY_DESCRIPTOR ParentDescriptor,
4876 PSECURITY_DESCRIPTOR CreatorDescriptor,
4877 PSECURITY_DESCRIPTOR* NewDescriptor,
4878 BOOL IsDirectoryObject,
4879 HANDLE Token,
4880 PGENERIC_MAPPING GenericMapping )
4881 {
4882 FIXME("%p %p %p %d %p %p - stub\n", ParentDescriptor, CreatorDescriptor,
4883 NewDescriptor, IsDirectoryObject, Token, GenericMapping);
4884
4885 return FALSE;
4886 }
4887
4888 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR* ObjectDescriptor )
4889 {
4890 FIXME("%p - stub\n", ObjectDescriptor);
4891
4892 return TRUE;
4893 }
4894
4895 BOOL WINAPI CreateProcessAsUserA(
4896 HANDLE hToken,
4897 LPCSTR lpApplicationName,
4898 LPSTR lpCommandLine,
4899 LPSECURITY_ATTRIBUTES lpProcessAttributes,
4900 LPSECURITY_ATTRIBUTES lpThreadAttributes,
4901 BOOL bInheritHandles,
4902 DWORD dwCreationFlags,
4903 LPVOID lpEnvironment,
4904 LPCSTR lpCurrentDirectory,
4905 LPSTARTUPINFOA lpStartupInfo,
4906 LPPROCESS_INFORMATION lpProcessInformation )
4907 {
4908 FIXME("%p %s %s %p %p %d 0x%08x %p %s %p %p - stub\n", hToken, debugstr_a(lpApplicationName),
4909 debugstr_a(lpCommandLine), lpProcessAttributes, lpThreadAttributes, bInheritHandles,
4910 dwCreationFlags, lpEnvironment, debugstr_a(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
4911
4912 return FALSE;
4913 }
4914
4915 BOOL WINAPI CreateProcessAsUserW(
4916 HANDLE hToken,
4917 LPCWSTR lpApplicationName,
4918 LPWSTR lpCommandLine,
4919 LPSECURITY_ATTRIBUTES lpProcessAttributes,
4920 LPSECURITY_ATTRIBUTES lpThreadAttributes,
4921 BOOL bInheritHandles,
4922 DWORD dwCreationFlags,
4923 LPVOID lpEnvironment,
4924 LPCWSTR lpCurrentDirectory,
4925 LPSTARTUPINFOW lpStartupInfo,
4926 LPPROCESS_INFORMATION lpProcessInformation )
4927 {
4928 FIXME("%p %s %s %p %p %d 0x%08x %p %s %p %p - semi- stub\n", hToken,
4929 debugstr_w(lpApplicationName), debugstr_w(lpCommandLine), lpProcessAttributes,
4930 lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
4931 debugstr_w(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
4932
4933 /* We should create the process with a suspended main thread */
4934 if (!CreateProcessW (lpApplicationName,
4935 lpCommandLine,
4936 lpProcessAttributes,
4937 lpThreadAttributes,
4938 bInheritHandles,
4939 dwCreationFlags, /* CREATE_SUSPENDED */
4940 lpEnvironment,
4941 lpCurrentDirectory,
4942 lpStartupInfo,
4943 lpProcessInformation))
4944 {
4945 return FALSE;
4946 }
4947
4948 return TRUE;
4949 }
4950
4951 /******************************************************************************
4952 * CreateProcessWithLogonW
4953 */
4954 BOOL WINAPI CreateProcessWithLogonW( LPCWSTR lpUsername, LPCWSTR lpDomain, LPCWSTR lpPassword, DWORD dwLogonFlags,
4955 LPCWSTR lpApplicationName, LPWSTR lpCommandLine, DWORD dwCreationFlags, LPVOID lpEnvironment,
4956 LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation )
4957 {
4958 FIXME("%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p stub\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
4959 debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
4960 debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
4961 lpStartupInfo, lpProcessInformation);
4962
4963 return FALSE;
4964 }
4965
4966 /******************************************************************************
4967 * DuplicateTokenEx [ADVAPI32.@]
4968 */
4969 BOOL WINAPI DuplicateTokenEx(
4970 HANDLE ExistingTokenHandle, DWORD dwDesiredAccess,
4971 LPSECURITY_ATTRIBUTES lpTokenAttributes,
4972 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
4973 TOKEN_TYPE TokenType,
4974 PHANDLE DuplicateTokenHandle )
4975 {
4976 OBJECT_ATTRIBUTES ObjectAttributes;
4977
4978 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
4979 ImpersonationLevel, TokenType, DuplicateTokenHandle);
4980
4981 InitializeObjectAttributes(
4982 &ObjectAttributes,
4983 NULL,
4984 (lpTokenAttributes && lpTokenAttributes->bInheritHandle) ? OBJ_INHERIT : 0,
4985 NULL,
4986 lpTokenAttributes ? lpTokenAttributes->lpSecurityDescriptor : NULL );
4987
4988 return set_ntstatus( NtDuplicateToken( ExistingTokenHandle,
4989 dwDesiredAccess,
4990 &ObjectAttributes,
4991 ImpersonationLevel,
4992 TokenType,
4993 DuplicateTokenHandle ) );
4994 }
4995
4996 BOOL WINAPI DuplicateToken(
4997 HANDLE ExistingTokenHandle,
4998 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
4999 PHANDLE DuplicateTokenHandle )
5000 {
5001 return DuplicateTokenEx( ExistingTokenHandle, TOKEN_IMPERSONATE | TOKEN_QUERY,
5002 NULL, ImpersonationLevel, TokenImpersonation,
5003 DuplicateTokenHandle );
5004 }
5005
5006 /******************************************************************************
5007 * ComputeStringSidSize
5008 */
5009 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
5010 {
5011 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
5012 {
5013 int ctok = 0;
5014 while (*StringSid)
5015 {
5016 if (*StringSid == '-')
5017 ctok++;
5018 StringSid++;
5019 }
5020
5021 if (ctok >= 3)
5022 return GetSidLengthRequired(ctok - 2);
5023 }
5024 else /* String constant format - Only available in winxp and above */
5025 {
5026 unsigned int i;
5027
5028 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
5029 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
5030 return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
5031 }
5032
5033 return GetSidLengthRequired(0);
5034 }
5035
5036 /******************************************************************************
5037 * ParseStringSidToSid
5038 */
5039 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
5040 {
5041 BOOL bret = FALSE;
5042 SID* pisid=pSid;
5043
5044 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
5045 if (!StringSid)
5046 {
5047 SetLastError(ERROR_INVALID_PARAMETER);
5048 TRACE("StringSid is NULL, returning FALSE\n");
5049 return FALSE;
5050 }
5051
5052 *cBytes = ComputeStringSidSize(StringSid);
5053 if (!pisid) /* Simply compute the size */
5054 {
5055 TRACE("only size requested, returning TRUE\n");
5056 return TRUE;
5057 }
5058
5059 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
5060 {
5061 DWORD i = 0, identAuth;
5062 DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD));
5063
5064 StringSid += 2; /* Advance to Revision */
5065 pisid->Revision = atoiW(StringSid);
5066
5067 if (pisid->Revision != SDDL_REVISION)
5068 {
5069 TRACE("Revision %d is unknown\n", pisid->Revision);
5070 goto lend; /* ERROR_INVALID_SID */
5071 }
5072 if (csubauth == 0)
5073 {
5074 TRACE("SubAuthorityCount is 0\n");
5075 goto lend; /* ERROR_INVALID_SID */
5076 }
5077
5078 pisid->SubAuthorityCount = csubauth;
5079
5080 /* Advance to identifier authority */
5081 while (*StringSid && *StringSid != '-')
5082 StringSid++;
5083 if (*StringSid == '-')
5084 StringSid++;
5085
5086 /* MS' implementation can't handle values greater than 2^32 - 1, so
5087 * we don't either; assume most significant bytes are always 0
5088 */
5089 pisid->IdentifierAuthority.Value[0] = 0;
5090 pisid->IdentifierAuthority.Value[1] = 0;
5091 identAuth = atoiW(StringSid);
5092 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
5093 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
5094 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
5095 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
5096
5097 /* Advance to first sub authority */
5098 while (*StringSid && *StringSid != '-')
5099 StringSid++;
5100 if (*StringSid == '-')
5101 StringSid++;
5102
5103 while (*StringSid)
5104 {
5105 pisid->SubAuthority[i++] = atoiW(StringSid);
5106
5107 while (*StringSid && *StringSid != '-')
5108 StringSid++;
5109 if (*StringSid == '-')
5110 StringSid++;
5111 }
5112
5113 if (i != pisid->SubAuthorityCount)
5114 goto lend; /* ERROR_INVALID_SID */
5115
5116 bret = TRUE;
5117 }
5118 else /* String constant format - Only available in winxp and above */
5119 {
5120 unsigned int i;
5121 pisid->Revision = SDDL_REVISION;
5122
5123 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
5124 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
5125 {
5126 DWORD j;
5127 pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount;
5128 pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority;
5129 for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
5130 pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j];
5131 bret = TRUE;
5132 }
5133
5134 if (!bret)
5135 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
5136 }
5137
5138 lend:
5139 if (!bret)
5140 SetLastError(ERROR_INVALID_SID);
5141
5142 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
5143 return bret;
5144 }
5145
5146 /******************************************************************************
5147 * GetNamedSecurityInfoA [ADVAPI32.@]
5148 */
5149 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
5150 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
5151 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
5152 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
5153 {
5154 DWORD len;
5155 LPWSTR wstr = NULL;
5156 DWORD r;
5157
5158 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
5159 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
5160
5161 if( pObjectName )
5162 {
5163 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
5164 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
5165 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
5166 }
5167
5168 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
5169 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
5170
5171 HeapFree( GetProcessHeap(), 0, wstr );
5172
5173 return r;
5174 }
5175
5176 /******************************************************************************
5177 * GetNamedSecurityInfoW [ADVAPI32.@]
5178 */
5179 DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type,
5180 SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl,
5181 PACL* sacl, PSECURITY_DESCRIPTOR* descriptor )
5182 {
5183 DWORD needed, offset;
5184 SECURITY_DESCRIPTOR_RELATIVE *relative;
5185 BYTE *buffer;
5186
5187 TRACE( "%s %d %d %p %p %p %p %p\n", debugstr_w(name), type, info, owner,
5188 group, dacl, sacl, descriptor );
5189
5190 if (!name || !descriptor) return ERROR_INVALID_PARAMETER;
5191
5192 needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
5193 if (info & OWNER_SECURITY_INFORMATION)
5194 needed += sizeof(sidWorld);
5195 if (info & GROUP_SECURITY_INFORMATION)
5196 needed += sizeof(sidWorld);
5197 if (info & DACL_SECURITY_INFORMATION)
5198 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
5199 if (info & SACL_SECURITY_INFORMATION)
5200 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
5201
5202 /* must be freed by caller */
5203 *descriptor = HeapAlloc( GetProcessHeap(), 0, needed );
5204 if (!*descriptor) return ERROR_NOT_ENOUGH_MEMORY;
5205
5206 if (!InitializeSecurityDescriptor( *descriptor, SECURITY_DESCRIPTOR_REVISION ))
5207 {
5208 HeapFree( GetProcessHeap(), 0, *descriptor );
5209 return ERROR_INVALID_SECURITY_DESCR;
5210 }
5211
5212 relative = *descriptor;
5213 relative->Control |= SE_SELF_RELATIVE;
5214 buffer = (BYTE *)relative;
5215 offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
5216
5217 if (info & OWNER_SECURITY_INFORMATION)
5218 {
5219 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
5220 relative->Owner = offset;
5221 if (owner)
5222 *owner = buffer + offset;
5223 offset += sizeof(sidWorld);
5224 }
5225 if (info & GROUP_SECURITY_INFORMATION)
5226 {
5227 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
5228 relative->Group = offset;
5229 if (group)
5230 *group = buffer + offset;
5231 offset += sizeof(sidWorld);
5232 }
5233 if (info & DACL_SECURITY_INFORMATION)
5234 {
5235 relative->Control |= SE_DACL_PRESENT;
5236 GetWorldAccessACL( (PACL)(buffer + offset) );
5237 relative->Dacl = offset;
5238 if (dacl)
5239 *dacl = (PACL)(buffer + offset);
5240 offset += WINE_SIZE_OF_WORLD_ACCESS_ACL;
5241 }
5242 if (info & SACL_SECURITY_INFORMATION)
5243 {
5244 relative->Control |= SE_SACL_PRESENT;
5245 GetWorldAccessACL( (PACL)(buffer + offset) );
5246 relative->Sacl = offset;
5247 if (sacl)
5248 *sacl = (PACL)(buffer + offset);
5249 }
5250 return ERROR_SUCCESS;
5251 }
5252
5253 /******************************************************************************
5254 * DecryptFileW [ADVAPI32.@]
5255 */
5256 BOOL WINAPI DecryptFileW(LPCWSTR lpFileName, DWORD dwReserved)
5257 {
5258 FIXME("%s %08x\n", debugstr_w(lpFileName), dwReserved);
5259 return TRUE;
5260 }
5261
5262 /******************************************************************************
5263 * DecryptFileA [ADVAPI32.@]
5264 */
5265 BOOL WINAPI DecryptFileA(LPCSTR lpFileName, DWORD dwReserved)
5266 {
5267 FIXME("%s %08x\n", debugstr_a(lpFileName), dwReserved);
5268 return TRUE;
5269 }
5270
5271 /******************************************************************************
5272 * EncryptFileW [ADVAPI32.@]
5273 */
5274 BOOL WINAPI EncryptFileW(LPCWSTR lpFileName)
5275 {
5276 FIXME("%s\n", debugstr_w(lpFileName));
5277 return TRUE;
5278 }
5279
5280 /******************************************************************************
5281 * EncryptFileA [ADVAPI32.@]
5282 */
5283 BOOL WINAPI EncryptFileA(LPCSTR lpFileName)
5284 {
5285 FIXME("%s\n", debugstr_a(lpFileName));
5286 return TRUE;
5287 }
5288
5289 /******************************************************************************
5290 * FileEncryptionStatusW [ADVAPI32.@]
5291 */
5292 BOOL WINAPI FileEncryptionStatusW(LPCWSTR lpFileName, LPDWORD lpStatus)
5293 {
5294 FIXME("(%s %p): stub\n", debugstr_w(lpFileName), lpStatus);
5295 if (!lpStatus)
5296 return FALSE;
5297 *lpStatus = FILE_SYSTEM_NOT_SUPPORT;
5298 return TRUE;
5299 }
5300
5301 /******************************************************************************
5302 * FileEncryptionStatusA [ADVAPI32.@]
5303 */
5304 BOOL WINAPI FileEncryptionStatusA(LPCSTR lpFileName, LPDWORD lpStatus)
5305 {
5306 FIXME("(%s %p): stub\n", debugstr_a(lpFileName), lpStatus);
5307 if (!lpStatus)
5308 return FALSE;
5309 *lpStatus = FILE_SYSTEM_NOT_SUPPORT;
5310 return TRUE;
5311 }
5312
5313 /******************************************************************************
5314 * SetSecurityInfo [ADVAPI32.@]
5315 */
5316 DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
5317 SECURITY_INFORMATION SecurityInfo, PSID psidOwner,
5318 PSID psidGroup, PACL pDacl, PACL pSacl) {
5319 FIXME("stub\n");
5320 return ERROR_SUCCESS;
5321 }
5322
5323 /******************************************************************************
5324 * SaferCreateLevel [ADVAPI32.@]
5325 */
5326 BOOL WINAPI SaferCreateLevel(DWORD ScopeId, DWORD LevelId, DWORD OpenFlags,
5327 SAFER_LEVEL_HANDLE* LevelHandle, LPVOID lpReserved)
5328 {
5329 FIXME("(%u, %x, %u, %p, %p) stub\n", ScopeId, LevelId, OpenFlags, LevelHandle, lpReserved);
5330 return FALSE;
5331 }
5332
5333 DWORD WINAPI TreeResetNamedSecurityInfoW( LPWSTR pObjectName,
5334 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
5335 PSID pOwner, PSID pGroup, PACL pDacl, PACL pSacl,
5336 BOOL KeepExplicit, FN_PROGRESS fnProgress,
5337 PROG_INVOKE_SETTING ProgressInvokeSetting, PVOID Args)
5338 {
5339 FIXME("(%s, %i, %i, %p, %p, %p, %p, %i, %p, %i, %p Stub\n",
5340 debugstr_w(pObjectName), ObjectType, SecurityInfo, pOwner, pGroup,
5341 pDacl, pSacl, KeepExplicit, fnProgress, ProgressInvokeSetting, Args);
5342
5343 return ERROR_SUCCESS;
5344 }
5345
5346 /******************************************************************************
5347 * SaferGetPolicyInformation [ADVAPI32.@]
5348 */
5349 BOOL WINAPI SaferGetPolicyInformation(DWORD scope, SAFER_POLICY_INFO_CLASS class, DWORD size,
5350 PVOID buffer, PDWORD required, LPVOID lpReserved)
5351 {
5352 FIXME("(%u %u %u %p %p %p) stub\n", scope, class, size, buffer, required, lpReserved);
5353 return FALSE;
5354 }
DirectPlay implementation for GSoC