search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
push 50b650a476c6f0df362ce67f063848f086de44d9
[wine/hacks.git] / dlls / advapi32 / security.c
blob82de97b2c173718c86552616c271de43cc83d887
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 *
20 */
21
22 #include <stdarg.h>
23 #include <string.h>
24
25 #include "ntstatus.h"
26 #define WIN32_NO_STATUS
27 #include "windef.h"
28 #include "winbase.h"
29 #include "winerror.h"
30 #include "winreg.h"
31 #include "winternl.h"
32 #include "winioctl.h"
33 #include "ntsecapi.h"
34 #include "accctrl.h"
35 #include "sddl.h"
36 #include "winsvc.h"
37 #include "aclapi.h"
38 #include "objbase.h"
39 #include "iads.h"
40 #include "advapi32_misc.h"
41
42 #include "wine/debug.h"
43 #include "wine/unicode.h"
44
45 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
46
47 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
48 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
49 PACL pAcl, LPDWORD cBytes);
50 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
51 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
52 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
53 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
54 LPCWSTR StringSecurityDescriptor,
55 SECURITY_DESCRIPTOR* SecurityDescriptor,
56 LPDWORD cBytes);
57 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
58
59 typedef struct _ACEFLAG
60 {
61 LPCWSTR wstr;
62 DWORD value;
63 } ACEFLAG, *LPACEFLAG;
64
65 typedef struct _MAX_SID
66 {
67 /* same fields as struct _SID */
68 BYTE Revision;
69 BYTE SubAuthorityCount;
70 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
71 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
72 } MAX_SID;
73
74 typedef struct WELLKNOWNSID
75 {
76 WCHAR wstr[2];
77 WELL_KNOWN_SID_TYPE Type;
78 MAX_SID Sid;
79 } WELLKNOWNSID;
80
81 static const WELLKNOWNSID WellKnownSids[] =
82 {
83 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
84 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
85 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
86 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
87 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
88 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
89 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
90 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
91 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
92 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
93 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
94 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
95 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
96 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
97 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
98 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
99 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
100 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
101 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
102 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
103 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
104 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
105 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
106 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
107 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
108 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
109 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
110 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
111 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
112 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
113 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
114 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
115 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
116 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
117 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
118 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
119 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
120 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
121 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
122 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
123 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
124 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
125 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
126 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
127 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
128 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
129 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
130 };
131
132 /* these SIDs must be constructed as relative to some domain - only the RID is well-kown */
133 typedef struct WELLKOWNRID
134 {
135 WELL_KNOWN_SID_TYPE Type;
136 DWORD Rid;
137 } WELLKNOWNRID;
138
139 WELLKNOWNRID WellKnownRids[] = {
140 { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
141 { WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
142 { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
143 { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
144 { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
145 { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
146 { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
147 { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
148 { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
149 { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
150 { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
151 { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
152 { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
153 };
154
155
156 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
157
158 typedef struct _AccountSid {
159 WELL_KNOWN_SID_TYPE type;
160 LPCWSTR account;
161 LPCWSTR domain;
162 SID_NAME_USE name_use;
163 } AccountSid;
164
165 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
166 static const WCHAR Administrator[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0 };
167 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 };
168 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 };
169 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 };
170 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 };
171 static const WCHAR BATCH[] = { 'B','A','T','C','H',0 };
172 static const WCHAR Blank[] = { 0 };
173 static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 };
174 static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 };
175 static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 };
176 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
177 static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 };
178 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
179 static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 };
180 static const WCHAR Digest_Authentication[] = { 'D','i','g','e','s','t',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
181 static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0};
182 static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','i','n','s',0 };
183 static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
184 static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
185 static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 };
186 static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 };
187 static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
188 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
189 static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 };
190 static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 };
191 static const WCHAR Guest[] = { 'G','u','e','s','t',0 };
192 static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 };
193 static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 };
194 static const WCHAR LOCAL[] = { 'L','O','C','A','L',0 };
195 static const WCHAR LOCAL_SERVICE[] = { 'L','O','C','A','L',' ','S','E','R','V','I','C','E',0 };
196 static const WCHAR NETWORK[] = { 'N','E','T','W','O','R','K',0 };
197 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 };
198 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 };
199 static const WCHAR NT_AUTHORITY[] = { 'N','T',' ','A','U','T','H','O','R','I','T','Y',0 };
200 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
201 static const WCHAR NTML_Authentication[] = { 'N','T','M','L',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
202 static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 };
203 static const WCHAR Other_Organization[] = { 'O','t','h','e','r',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
204 static const WCHAR Performance_Log_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','L','o','g',' ','U','s','e','r','s',0 };
205 static const WCHAR Performance_Monitor_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','M','o','n','i','t','o','r',' ','U','s','e','r','s',0 };
206 static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 };
207 static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','0','0','0',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 };
208 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
209 static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 };
210 static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 };
211 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
212 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
213 static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 };
214 static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 };
215 static const WCHAR SChannel_Authentication[] = { 'S','C','h','a','n','n','e','l',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
216 static const WCHAR Schema_Admins[] = { 'S','c','h','e','m','a',' ','A','d','m','i','n','s',0 };
217 static const WCHAR SELF[] = { 'S','E','L','F',0 };
218 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
219 static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 };
220 static const WCHAR SYSTEM[] = { 'S','Y','S','T','E','M',0 };
221 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 };
222 static const WCHAR This_Organization[] = { 'T','h','i','s',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
223 static const WCHAR Users[] = { 'U','s','e','r','s',0 };
224
225 static const AccountSid ACCOUNT_SIDS[] = {
226 { WinNullSid, NULL_SID, Blank, SidTypeWellKnownGroup },
227 { WinWorldSid, Everyone, Blank, SidTypeWellKnownGroup },
228 { WinLocalSid, LOCAL, Blank, SidTypeWellKnownGroup },
229 { WinCreatorOwnerSid, CREATOR_OWNER, Blank, SidTypeWellKnownGroup },
230 { WinCreatorGroupSid, CREATOR_GROUP, Blank, SidTypeWellKnownGroup },
231 { WinCreatorOwnerServerSid, CREATOR_OWNER_SERVER, Blank, SidTypeWellKnownGroup },
232 { WinCreatorGroupServerSid, CREATOR_GROUP_SERVER, Blank, SidTypeWellKnownGroup },
233 { WinNtAuthoritySid, NT_Pseudo_Domain, NT_Pseudo_Domain, SidTypeDomain },
234 { WinDialupSid, DIALUP, NT_AUTHORITY, SidTypeWellKnownGroup },
235 { WinNetworkSid, NETWORK, NT_AUTHORITY, SidTypeWellKnownGroup },
236 { WinBatchSid, BATCH, NT_AUTHORITY, SidTypeWellKnownGroup },
237 { WinInteractiveSid, INTERACTIVE, NT_AUTHORITY, SidTypeWellKnownGroup },
238 { WinServiceSid, SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
239 { WinAnonymousSid, ANONYMOUS_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
240 { WinProxySid, PROXY, NT_AUTHORITY, SidTypeWellKnownGroup },
241 { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup },
242 { WinSelfSid, SELF, NT_AUTHORITY, SidTypeWellKnownGroup },
243 { WinAuthenticatedUserSid, Authenticated_Users, NT_AUTHORITY, SidTypeWellKnownGroup },
244 { WinRestrictedCodeSid, RESTRICTED, NT_AUTHORITY, SidTypeWellKnownGroup },
245 { WinTerminalServerSid, TERMINAL_SERVER_USER, NT_AUTHORITY, SidTypeWellKnownGroup },
246 { WinRemoteLogonIdSid, REMOTE_INTERACTIVE_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
247 { WinLocalSystemSid, SYSTEM, NT_AUTHORITY, SidTypeWellKnownGroup },
248 { WinLocalServiceSid, LOCAL_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
249 { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
250 { WinBuiltinDomainSid, BUILTIN, BUILTIN, SidTypeDomain },
251 { WinBuiltinAdministratorsSid, Administrators, BUILTIN, SidTypeAlias },
252 { WinBuiltinUsersSid, Users, BUILTIN, SidTypeAlias },
253 { WinBuiltinGuestsSid, Guests, BUILTIN, SidTypeAlias },
254 { WinBuiltinPowerUsersSid, Power_Users, BUILTIN, SidTypeAlias },
255 { WinBuiltinAccountOperatorsSid, Account_Operators, BUILTIN, SidTypeAlias },
256 { WinBuiltinSystemOperatorsSid, Server_Operators, BUILTIN, SidTypeAlias },
257 { WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias },
258 { WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias },
259 { WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias },
260 { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias },
261 { WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias },
262 { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
263 { WinNTLMAuthenticationSid, NTML_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
264 { WinDigestAuthenticationSid, Digest_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
265 { WinSChannelAuthenticationSid, SChannel_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
266 { WinThisOrganizationSid, This_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
267 { WinOtherOrganizationSid, Other_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
268 { WinBuiltinPerfMonitoringUsersSid, Performance_Monitor_Users, BUILTIN, SidTypeAlias },
269 { WinBuiltinPerfLoggingUsersSid, Performance_Log_Users, BUILTIN, SidTypeAlias },
270 };
271 /*
272 * ACE access rights
273 */
274 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
275 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
276 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
277 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
278
279 static const WCHAR SDDL_READ_PROPERTY[] = {'R','P',0};
280 static const WCHAR SDDL_WRITE_PROPERTY[] = {'W','P',0};
281 static const WCHAR SDDL_CREATE_CHILD[] = {'C','C',0};
282 static const WCHAR SDDL_DELETE_CHILD[] = {'D','C',0};
283 static const WCHAR SDDL_LIST_CHILDREN[] = {'L','C',0};
284 static const WCHAR SDDL_SELF_WRITE[] = {'S','W',0};
285 static const WCHAR SDDL_LIST_OBJECT[] = {'L','O',0};
286 static const WCHAR SDDL_DELETE_TREE[] = {'D','T',0};
287 static const WCHAR SDDL_CONTROL_ACCESS[] = {'C','R',0};
288
289 static const WCHAR SDDL_FILE_ALL[] = {'F','A',0};
290 static const WCHAR SDDL_FILE_READ[] = {'F','R',0};
291 static const WCHAR SDDL_FILE_WRITE[] = {'F','W',0};
292 static const WCHAR SDDL_FILE_EXECUTE[] = {'F','X',0};
293
294 static const WCHAR SDDL_KEY_ALL[] = {'K','A',0};
295 static const WCHAR SDDL_KEY_READ[] = {'K','R',0};
296 static const WCHAR SDDL_KEY_WRITE[] = {'K','W',0};
297 static const WCHAR SDDL_KEY_EXECUTE[] = {'K','X',0};
298
299 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
300 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
301 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
302 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
303
304 /*
305 * ACL flags
306 */
307 static const WCHAR SDDL_PROTECTED[] = {'P',0};
308 static const WCHAR SDDL_AUTO_INHERIT_REQ[] = {'A','R',0};
309 static const WCHAR SDDL_AUTO_INHERITED[] = {'A','I',0};
310
311 /*
312 * ACE types
313 */
314 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
315 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
316 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
317 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
318 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
319 static const WCHAR SDDL_ALARM[] = {'A','L',0};
320 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
321 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
322
323 /*
324 * ACE flags
325 */
326 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
327 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
328 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
329 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
330 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
331 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
332 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
333
334 const char * debugstr_sid(PSID sid)
335 {
336 int auth = 0;
337 SID * psid = (SID *)sid;
338
339 if (psid == NULL)
340 return "(null)";
341
342 auth = psid->IdentifierAuthority.Value[5] +
343 (psid->IdentifierAuthority.Value[4] << 8) +
344 (psid->IdentifierAuthority.Value[3] << 16) +
345 (psid->IdentifierAuthority.Value[2] << 24);
346
347 switch (psid->SubAuthorityCount) {
348 case 0:
349 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
350 case 1:
351 return wine_dbg_sprintf("S-%d-%d-%u", psid->Revision, auth,
352 psid->SubAuthority[0]);
353 case 2:
354 return wine_dbg_sprintf("S-%d-%d-%u-%u", psid->Revision, auth,
355 psid->SubAuthority[0], psid->SubAuthority[1]);
356 case 3:
357 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u", psid->Revision, auth,
358 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
359 case 4:
360 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u", psid->Revision, auth,
361 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
362 psid->SubAuthority[3]);
363 case 5:
364 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u", psid->Revision, auth,
365 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
366 psid->SubAuthority[3], psid->SubAuthority[4]);
367 case 6:
368 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
369 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
370 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
371 case 7:
372 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
373 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
374 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
375 psid->SubAuthority[6]);
376 case 8:
377 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
378 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
379 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
380 psid->SubAuthority[6], psid->SubAuthority[7]);
381 }
382 return "(too-big)";
383 }
384
385 /* set last error code from NT status and get the proper boolean return value */
386 /* used for functions that are a simple wrapper around the corresponding ntdll API */
387 static inline BOOL set_ntstatus( NTSTATUS status )
388 {
389 if (status) SetLastError( RtlNtStatusToDosError( status ));
390 return !status;
391 }
392
393 #define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD))
394
395 static void GetWorldAccessACL(PACL pACL)
396 {
397 PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1);
398
399 pACL->AclRevision = ACL_REVISION;
400 pACL->Sbz1 = 0;
401 pACL->AclSize = WINE_SIZE_OF_WORLD_ACCESS_ACL;
402 pACL->AceCount = 1;
403 pACL->Sbz2 = 0;
404
405 pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
406 pACE->Header.AceFlags = CONTAINER_INHERIT_ACE;
407 pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD);
408 pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */
409 memcpy(&pACE->SidStart, &sidWorld, sizeof(sidWorld));
410 }
411
412 /************************************************************
413 * ADVAPI_IsLocalComputer
414 *
415 * Checks whether the server name indicates local machine.
416 */
417 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
418 {
419 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
420 BOOL Result;
421 LPWSTR buf;
422
423 if (!ServerName || !ServerName[0])
424 return TRUE;
425
426 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
427 Result = GetComputerNameW(buf, &dwSize);
428 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
429 ServerName += 2;
430 Result = Result && !lstrcmpW(ServerName, buf);
431 HeapFree(GetProcessHeap(), 0, buf);
432
433 return Result;
434 }
435
436 /************************************************************
437 * ADVAPI_GetComputerSid
438 *
439 * Reads the computer SID from the registry.
440 */
441 BOOL ADVAPI_GetComputerSid(PSID sid)
442 {
443 HKEY key;
444 LONG ret;
445 BOOL retval = FALSE;
446 static const WCHAR Account[] = { 'S','E','C','U','R','I','T','Y','\\','S','A','M','\\','D','o','m','a','i','n','s','\\','A','c','c','o','u','n','t',0 };
447 static const WCHAR V[] = { 'V',0 };
448
449 if ((ret = RegOpenKeyExW(HKEY_LOCAL_MACHINE, Account, 0,
450 KEY_READ, &key)) == ERROR_SUCCESS)
451 {
452 DWORD size = 0;
453 ret = RegQueryValueExW(key, V, NULL, NULL, NULL, &size);
454 if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS)
455 {
456 BYTE * data = HeapAlloc(GetProcessHeap(), 0, size);
457 if (data)
458 {
459 if ((ret = RegQueryValueExW(key, V, NULL, NULL,
460 data, &size)) == ERROR_SUCCESS)
461 {
462 /* the SID is in the last 24 bytes of the binary data */
463 CopyMemory(sid, &data[size-24], 24);
464 retval = TRUE;
465 }
466 HeapFree(GetProcessHeap(), 0, data);
467 }
468 }
469 RegCloseKey(key);
470 }
471
472 if(retval == TRUE) return retval;
473
474 /* create a new random SID */
475 if (RegCreateKeyExW(HKEY_LOCAL_MACHINE, Account,
476 0, NULL, 0, KEY_ALL_ACCESS, NULL, &key, NULL) == ERROR_SUCCESS)
477 {
478 PSID new_sid;
479 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
480 DWORD id[3];
481
482 if (RtlGenRandom(&id, sizeof(id)))
483 {
484 if (AllocateAndInitializeSid(&identifierAuthority, 4, SECURITY_NT_NON_UNIQUE, id[0], id[1], id[2], 0, 0, 0, 0, &new_sid))
485 {
486 if (RegSetValueExW(key, V, 0, REG_BINARY, new_sid, GetLengthSid(new_sid)) == ERROR_SUCCESS)
487 retval = CopySid(GetLengthSid(new_sid), sid, new_sid);
488
489 FreeSid(new_sid);
490 }
491 }
492 RegCloseKey(key);
493 }
494
495 return retval;
496 }
497
498 /* ##############################
499 ###### TOKEN FUNCTIONS ######
500 ##############################
501 */
502
503 /******************************************************************************
504 * OpenProcessToken [ADVAPI32.@]
505 * Opens the access token associated with a process handle.
506 *
507 * PARAMS
508 * ProcessHandle [I] Handle to process
509 * DesiredAccess [I] Desired access to process
510 * TokenHandle [O] Pointer to handle of open access token
511 *
512 * RETURNS
513 * Success: TRUE. TokenHandle contains the access token.
514 * Failure: FALSE.
515 *
516 * NOTES
517 * See NtOpenProcessToken.
518 */
519 BOOL WINAPI
520 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
521 HANDLE *TokenHandle )
522 {
523 return set_ntstatus(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
524 }
525
526 /******************************************************************************
527 * OpenThreadToken [ADVAPI32.@]
528 *
529 * Opens the access token associated with a thread handle.
530 *
531 * PARAMS
532 * ThreadHandle [I] Handle to process
533 * DesiredAccess [I] Desired access to the thread
534 * OpenAsSelf [I] ???
535 * TokenHandle [O] Destination for the token handle
536 *
537 * RETURNS
538 * Success: TRUE. TokenHandle contains the access token.
539 * Failure: FALSE.
540 *
541 * NOTES
542 * See NtOpenThreadToken.
543 */
544 BOOL WINAPI
545 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
546 BOOL OpenAsSelf, HANDLE *TokenHandle)
547 {
548 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
549 }
550
551 BOOL WINAPI
552 AdjustTokenGroups( HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState,
553 DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength )
554 {
555 return set_ntstatus( NtAdjustGroupsToken(TokenHandle, ResetToDefault, NewState, BufferLength,
556 PreviousState, ReturnLength));
557 }
558
559 /******************************************************************************
560 * AdjustTokenPrivileges [ADVAPI32.@]
561 *
562 * Adjust the privileges of an open token handle.
563 *
564 * PARAMS
565 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
566 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
567 * NewState [I] Desired new privileges of the token
568 * BufferLength [I] Length of NewState
569 * PreviousState [O] Destination for the previous state
570 * ReturnLength [I/O] Size of PreviousState
571 *
572 *
573 * RETURNS
574 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
575 * Failure: FALSE.
576 *
577 * NOTES
578 * See NtAdjustPrivilegesToken.
579 */
580 BOOL WINAPI
581 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
582 PTOKEN_PRIVILEGES NewState, DWORD BufferLength,
583 PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength )
584 {
585 NTSTATUS status;
586
587 TRACE("\n");
588
589 status = NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges,
590 NewState, BufferLength, PreviousState,
591 ReturnLength);
592 SetLastError( RtlNtStatusToDosError( status ));
593 if ((status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED))
594 return TRUE;
595 else
596 return FALSE;
597 }
598
599 /******************************************************************************
600 * CheckTokenMembership [ADVAPI32.@]
601 *
602 * Determine if an access token is a member of a SID.
603 *
604 * PARAMS
605 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
606 * SidToCheck [I] SID that possibly contains the token
607 * IsMember [O] Destination for result.
608 *
609 * RETURNS
610 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
611 * Failure: FALSE.
612 */
613 BOOL WINAPI
614 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
615 PBOOL IsMember )
616 {
617 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
618
619 *IsMember = TRUE;
620 return(TRUE);
621 }
622
623 /******************************************************************************
624 * GetTokenInformation [ADVAPI32.@]
625 *
626 * Get a type of information about an access token.
627 *
628 * PARAMS
629 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
630 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
631 * tokeninfo [O] Destination for token information
632 * tokeninfolength [I] Length of tokeninfo
633 * retlen [O] Destination for returned token information length
634 *
635 * RETURNS
636 * Success: TRUE. tokeninfo contains retlen bytes of token information
637 * Failure: FALSE.
638 *
639 * NOTES
640 * See NtQueryInformationToken.
641 */
642 BOOL WINAPI
643 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
644 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
645 {
646 TRACE("(%p, %s, %p, %d, %p):\n",
647 token,
648 (tokeninfoclass == TokenUser) ? "TokenUser" :
649 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
650 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
651 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
652 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
653 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
654 (tokeninfoclass == TokenSource) ? "TokenSource" :
655 (tokeninfoclass == TokenType) ? "TokenType" :
656 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
657 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
658 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
659 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
660 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
661 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
662 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
663 "Unknown",
664 tokeninfo, tokeninfolength, retlen);
665 return set_ntstatus( NtQueryInformationToken( token, tokeninfoclass, tokeninfo,
666 tokeninfolength, retlen));
667 }
668
669 /******************************************************************************
670 * SetTokenInformation [ADVAPI32.@]
671 *
672 * Set information for an access token.
673 *
674 * PARAMS
675 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
676 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
677 * tokeninfo [I] Token information to set
678 * tokeninfolength [I] Length of tokeninfo
679 *
680 * RETURNS
681 * Success: TRUE. The information for the token is set to tokeninfo.
682 * Failure: FALSE.
683 */
684 BOOL WINAPI
685 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
686 LPVOID tokeninfo, DWORD tokeninfolength )
687 {
688 TRACE("(%p, %s, %p, %d): stub\n",
689 token,
690 (tokeninfoclass == TokenUser) ? "TokenUser" :
691 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
692 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
693 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
694 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
695 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
696 (tokeninfoclass == TokenSource) ? "TokenSource" :
697 (tokeninfoclass == TokenType) ? "TokenType" :
698 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
699 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
700 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
701 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
702 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
703 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
704 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
705 "Unknown",
706 tokeninfo, tokeninfolength);
707
708 return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
709 }
710
711 /*************************************************************************
712 * SetThreadToken [ADVAPI32.@]
713 *
714 * Assigns an 'impersonation token' to a thread so it can assume the
715 * security privileges of another thread or process. Can also remove
716 * a previously assigned token.
717 *
718 * PARAMS
719 * thread [O] Handle to thread to set the token for
720 * token [I] Token to set
721 *
722 * RETURNS
723 * Success: TRUE. The threads access token is set to token
724 * Failure: FALSE.
725 *
726 * NOTES
727 * Only supported on NT or higher. On Win9X this function does nothing.
728 * See SetTokenInformation.
729 */
730 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
731 {
732 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
733 ThreadImpersonationToken, &token, sizeof token ));
734 }
735
736 /* ##############################
737 ###### SID FUNCTIONS ######
738 ##############################
739 */
740
741 /******************************************************************************
742 * AllocateAndInitializeSid [ADVAPI32.@]
743 *
744 * PARAMS
745 * pIdentifierAuthority []
746 * nSubAuthorityCount []
747 * nSubAuthority0 []
748 * nSubAuthority1 []
749 * nSubAuthority2 []
750 * nSubAuthority3 []
751 * nSubAuthority4 []
752 * nSubAuthority5 []
753 * nSubAuthority6 []
754 * nSubAuthority7 []
755 * pSid []
756 */
757 BOOL WINAPI
758 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
759 BYTE nSubAuthorityCount,
760 DWORD nSubAuthority0, DWORD nSubAuthority1,
761 DWORD nSubAuthority2, DWORD nSubAuthority3,
762 DWORD nSubAuthority4, DWORD nSubAuthority5,
763 DWORD nSubAuthority6, DWORD nSubAuthority7,
764 PSID *pSid )
765 {
766 return set_ntstatus( RtlAllocateAndInitializeSid(
767 pIdentifierAuthority, nSubAuthorityCount,
768 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
769 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
770 pSid ));
771 }
772
773 /******************************************************************************
774 * FreeSid [ADVAPI32.@]
775 *
776 * PARAMS
777 * pSid []
778 */
779 PVOID WINAPI
780 FreeSid( PSID pSid )
781 {
782 RtlFreeSid(pSid);
783 return NULL; /* is documented like this */
784 }
785
786 /******************************************************************************
787 * CopySid [ADVAPI32.@]
788 *
789 * PARAMS
790 * nDestinationSidLength []
791 * pDestinationSid []
792 * pSourceSid []
793 */
794 BOOL WINAPI
795 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
796 {
797 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
798 }
799
800 /******************************************************************************
801 * CreateWellKnownSid [ADVAPI32.@]
802 */
803 BOOL WINAPI
804 CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
805 PSID DomainSid,
806 PSID pSid,
807 DWORD* cbSid)
808 {
809 unsigned int i;
810 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
811
812 if (cbSid == NULL || pSid == NULL || (DomainSid && !IsValidSid(DomainSid))) {
813 SetLastError(ERROR_INVALID_PARAMETER);
814 return FALSE;
815 }
816
817 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
818 if (WellKnownSids[i].Type == WellKnownSidType) {
819 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
820
821 if (*cbSid < length) {
822 SetLastError(ERROR_INSUFFICIENT_BUFFER);
823 return FALSE;
824 }
825
826 CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
827 *cbSid = length;
828 return TRUE;
829 }
830 }
831
832 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
833 {
834 SetLastError(ERROR_INVALID_PARAMETER);
835 return FALSE;
836 }
837
838 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
839 if (WellKnownRids[i].Type == WellKnownSidType) {
840 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
841 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
842 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
843
844 if (*cbSid < output_sid_length) {
845 SetLastError(ERROR_INSUFFICIENT_BUFFER);
846 return FALSE;
847 }
848
849 CopyMemory(pSid, DomainSid, domain_sid_length);
850 (*GetSidSubAuthorityCount(pSid))++;
851 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
852 *cbSid = output_sid_length;
853 return TRUE;
854 }
855
856 SetLastError(ERROR_INVALID_PARAMETER);
857 return FALSE;
858 }
859
860 /******************************************************************************
861 * IsWellKnownSid [ADVAPI32.@]
862 */
863 BOOL WINAPI
864 IsWellKnownSid( PSID pSid, WELL_KNOWN_SID_TYPE WellKnownSidType )
865 {
866 unsigned int i;
867 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
868
869 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
870 if (WellKnownSids[i].Type == WellKnownSidType)
871 if (EqualSid(pSid, (PSID)&(WellKnownSids[i].Sid.Revision)))
872 return TRUE;
873
874 return FALSE;
875 }
876
877 BOOL WINAPI
878 IsTokenRestricted( HANDLE TokenHandle )
879 {
880 TOKEN_GROUPS *groups;
881 DWORD size;
882 NTSTATUS status;
883 BOOL restricted;
884
885 TRACE("(%p)\n", TokenHandle);
886
887 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, NULL, 0, &size);
888 if (status != STATUS_BUFFER_TOO_SMALL)
889 return FALSE;
890
891 groups = HeapAlloc(GetProcessHeap(), 0, size);
892 if (!groups)
893 {
894 SetLastError(ERROR_OUTOFMEMORY);
895 return FALSE;
896 }
897
898 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, groups, size, &size);
899 if (status != STATUS_SUCCESS)
900 {
901 HeapFree(GetProcessHeap(), 0, groups);
902 return set_ntstatus(status);
903 }
904
905 if (groups->GroupCount)
906 restricted = TRUE;
907 else
908 restricted = FALSE;
909
910 HeapFree(GetProcessHeap(), 0, groups);
911
912 return restricted;
913 }
914
915 /******************************************************************************
916 * IsValidSid [ADVAPI32.@]
917 *
918 * PARAMS
919 * pSid []
920 */
921 BOOL WINAPI
922 IsValidSid( PSID pSid )
923 {
924 return RtlValidSid( pSid );
925 }
926
927 /******************************************************************************
928 * EqualSid [ADVAPI32.@]
929 *
930 * PARAMS
931 * pSid1 []
932 * pSid2 []
933 */
934 BOOL WINAPI
935 EqualSid( PSID pSid1, PSID pSid2 )
936 {
937 return RtlEqualSid( pSid1, pSid2 );
938 }
939
940 /******************************************************************************
941 * EqualPrefixSid [ADVAPI32.@]
942 */
943 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
944 {
945 return RtlEqualPrefixSid(pSid1, pSid2);
946 }
947
948 /******************************************************************************
949 * GetSidLengthRequired [ADVAPI32.@]
950 *
951 * PARAMS
952 * nSubAuthorityCount []
953 */
954 DWORD WINAPI
955 GetSidLengthRequired( BYTE nSubAuthorityCount )
956 {
957 return RtlLengthRequiredSid(nSubAuthorityCount);
958 }
959
960 /******************************************************************************
961 * InitializeSid [ADVAPI32.@]
962 *
963 * PARAMS
964 * pIdentifierAuthority []
965 */
966 BOOL WINAPI
967 InitializeSid (
968 PSID pSid,
969 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
970 BYTE nSubAuthorityCount)
971 {
972 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
973 }
974
975 DWORD WINAPI
976 GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights )
977 {
978 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
979
980 return 1;
981 }
982
983 DWORD WINAPI
984 GetEffectiveRightsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pAccessRights )
985 {
986 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
987
988 return 1;
989 }
990
991 /******************************************************************************
992 * GetSidIdentifierAuthority [ADVAPI32.@]
993 *
994 * PARAMS
995 * pSid []
996 */
997 PSID_IDENTIFIER_AUTHORITY WINAPI
998 GetSidIdentifierAuthority( PSID pSid )
999 {
1000 return RtlIdentifierAuthoritySid(pSid);
1001 }
1002
1003 /******************************************************************************
1004 * GetSidSubAuthority [ADVAPI32.@]
1005 *
1006 * PARAMS
1007 * pSid []
1008 * nSubAuthority []
1009 */
1010 PDWORD WINAPI
1011 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
1012 {
1013 return RtlSubAuthoritySid(pSid, nSubAuthority);
1014 }
1015
1016 /******************************************************************************
1017 * GetSidSubAuthorityCount [ADVAPI32.@]
1018 *
1019 * PARAMS
1020 * pSid []
1021 */
1022 PUCHAR WINAPI
1023 GetSidSubAuthorityCount (PSID pSid)
1024 {
1025 return RtlSubAuthorityCountSid(pSid);
1026 }
1027
1028 /******************************************************************************
1029 * GetLengthSid [ADVAPI32.@]
1030 *
1031 * PARAMS
1032 * pSid []
1033 */
1034 DWORD WINAPI
1035 GetLengthSid (PSID pSid)
1036 {
1037 return RtlLengthSid(pSid);
1038 }
1039
1040 /* ##############################################
1041 ###### SECURITY DESCRIPTOR FUNCTIONS ######
1042 ##############################################
1043 */
1044
1045 /******************************************************************************
1046 * BuildSecurityDescriptorA [ADVAPI32.@]
1047 *
1048 * Builds a SD from
1049 *
1050 * PARAMS
1051 * pOwner [I]
1052 * pGroup [I]
1053 * cCountOfAccessEntries [I]
1054 * pListOfAccessEntries [I]
1055 * cCountOfAuditEntries [I]
1056 * pListofAuditEntries [I]
1057 * pOldSD [I]
1058 * lpdwBufferLength [I/O]
1059 * pNewSD [O]
1060 *
1061 * RETURNS
1062 * Success: ERROR_SUCCESS
1063 * Failure: nonzero error code from Winerror.h
1064 */
1065 DWORD WINAPI BuildSecurityDescriptorA(
1066 IN PTRUSTEEA pOwner,
1067 IN PTRUSTEEA pGroup,
1068 IN ULONG cCountOfAccessEntries,
1069 IN PEXPLICIT_ACCESSA pListOfAccessEntries,
1070 IN ULONG cCountOfAuditEntries,
1071 IN PEXPLICIT_ACCESSA pListofAuditEntries,
1072 IN PSECURITY_DESCRIPTOR pOldSD,
1073 IN OUT PULONG lpdwBufferLength,
1074 OUT PSECURITY_DESCRIPTOR* pNewSD)
1075 {
1076 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
1077 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
1078 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
1079
1080 return ERROR_CALL_NOT_IMPLEMENTED;
1081 }
1082
1083 /******************************************************************************
1084 * BuildSecurityDescriptorW [ADVAPI32.@]
1085 *
1086 * See BuildSecurityDescriptorA.
1087 */
1088 DWORD WINAPI BuildSecurityDescriptorW(
1089 IN PTRUSTEEW pOwner,
1090 IN PTRUSTEEW pGroup,
1091 IN ULONG cCountOfAccessEntries,
1092 IN PEXPLICIT_ACCESSW pListOfAccessEntries,
1093 IN ULONG cCountOfAuditEntries,
1094 IN PEXPLICIT_ACCESSW pListofAuditEntries,
1095 IN PSECURITY_DESCRIPTOR pOldSD,
1096 IN OUT PULONG lpdwBufferLength,
1097 OUT PSECURITY_DESCRIPTOR* pNewSD)
1098 {
1099 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
1100 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
1101 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
1102
1103 return ERROR_CALL_NOT_IMPLEMENTED;
1104 }
1105
1106 /******************************************************************************
1107 * InitializeSecurityDescriptor [ADVAPI32.@]
1108 *
1109 * PARAMS
1110 * pDescr []
1111 * revision []
1112 */
1113 BOOL WINAPI
1114 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision )
1115 {
1116 return set_ntstatus( RtlCreateSecurityDescriptor(pDescr, revision ));
1117 }
1118
1119
1120 /******************************************************************************
1121 * MakeAbsoluteSD [ADVAPI32.@]
1122 */
1123 BOOL WINAPI MakeAbsoluteSD (
1124 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1125 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1126 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
1127 OUT PACL pDacl,
1128 OUT LPDWORD lpdwDaclSize,
1129 OUT PACL pSacl,
1130 OUT LPDWORD lpdwSaclSize,
1131 OUT PSID pOwner,
1132 OUT LPDWORD lpdwOwnerSize,
1133 OUT PSID pPrimaryGroup,
1134 OUT LPDWORD lpdwPrimaryGroupSize)
1135 {
1136 return set_ntstatus( RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
1137 pAbsoluteSecurityDescriptor,
1138 lpdwAbsoluteSecurityDescriptorSize,
1139 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize,
1140 pOwner, lpdwOwnerSize,
1141 pPrimaryGroup, lpdwPrimaryGroupSize));
1142 }
1143
1144 /******************************************************************************
1145 * GetKernelObjectSecurity [ADVAPI32.@]
1146 */
1147 BOOL WINAPI GetKernelObjectSecurity(
1148 HANDLE Handle,
1149 SECURITY_INFORMATION RequestedInformation,
1150 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1151 DWORD nLength,
1152 LPDWORD lpnLengthNeeded )
1153 {
1154 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
1155 pSecurityDescriptor, nLength, lpnLengthNeeded);
1156
1157 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
1158 nLength, lpnLengthNeeded ));
1159 }
1160
1161 /******************************************************************************
1162 * GetPrivateObjectSecurity [ADVAPI32.@]
1163 */
1164 BOOL WINAPI GetPrivateObjectSecurity(
1165 PSECURITY_DESCRIPTOR ObjectDescriptor,
1166 SECURITY_INFORMATION SecurityInformation,
1167 PSECURITY_DESCRIPTOR ResultantDescriptor,
1168 DWORD DescriptorLength,
1169 PDWORD ReturnLength )
1170 {
1171 SECURITY_DESCRIPTOR desc;
1172 BOOL defaulted, present;
1173 PACL pacl;
1174 PSID psid;
1175
1176 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", ObjectDescriptor, SecurityInformation,
1177 ResultantDescriptor, DescriptorLength, ReturnLength);
1178
1179 if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION))
1180 return FALSE;
1181
1182 if (SecurityInformation & OWNER_SECURITY_INFORMATION)
1183 {
1184 if (!GetSecurityDescriptorOwner(ObjectDescriptor, &psid, &defaulted))
1185 return FALSE;
1186 SetSecurityDescriptorOwner(&desc, psid, defaulted);
1187 }
1188
1189 if (SecurityInformation & GROUP_SECURITY_INFORMATION)
1190 {
1191 if (!GetSecurityDescriptorGroup(ObjectDescriptor, &psid, &defaulted))
1192 return FALSE;
1193 SetSecurityDescriptorGroup(&desc, psid, defaulted);
1194 }
1195
1196 if (SecurityInformation & DACL_SECURITY_INFORMATION)
1197 {
1198 if (!GetSecurityDescriptorDacl(ObjectDescriptor, &present, &pacl, &defaulted))
1199 return FALSE;
1200 SetSecurityDescriptorDacl(&desc, present, pacl, defaulted);
1201 }
1202
1203 if (SecurityInformation & SACL_SECURITY_INFORMATION)
1204 {
1205 if (!GetSecurityDescriptorSacl(ObjectDescriptor, &present, &pacl, &defaulted))
1206 return FALSE;
1207 SetSecurityDescriptorSacl(&desc, present, pacl, defaulted);
1208 }
1209
1210 *ReturnLength = DescriptorLength;
1211 return MakeSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength);
1212 }
1213
1214 /******************************************************************************
1215 * GetSecurityDescriptorLength [ADVAPI32.@]
1216 */
1217 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr)
1218 {
1219 return RtlLengthSecurityDescriptor(pDescr);
1220 }
1221
1222 /******************************************************************************
1223 * GetSecurityDescriptorOwner [ADVAPI32.@]
1224 *
1225 * PARAMS
1226 * pOwner []
1227 * lpbOwnerDefaulted []
1228 */
1229 BOOL WINAPI
1230 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner,
1231 LPBOOL lpbOwnerDefaulted )
1232 {
1233 BOOLEAN defaulted;
1234 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( pDescr, pOwner, &defaulted ));
1235 *lpbOwnerDefaulted = defaulted;
1236 return ret;
1237 }
1238
1239 /******************************************************************************
1240 * SetSecurityDescriptorOwner [ADVAPI32.@]
1241 *
1242 * PARAMS
1243 */
1244 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1245 PSID pOwner, BOOL bOwnerDefaulted)
1246 {
1247 return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
1248 }
1249 /******************************************************************************
1250 * GetSecurityDescriptorGroup [ADVAPI32.@]
1251 */
1252 BOOL WINAPI GetSecurityDescriptorGroup(
1253 PSECURITY_DESCRIPTOR SecurityDescriptor,
1254 PSID *Group,
1255 LPBOOL GroupDefaulted)
1256 {
1257 BOOLEAN defaulted;
1258 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted ));
1259 *GroupDefaulted = defaulted;
1260 return ret;
1261 }
1262 /******************************************************************************
1263 * SetSecurityDescriptorGroup [ADVAPI32.@]
1264 */
1265 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
1266 PSID Group, BOOL GroupDefaulted)
1267 {
1268 return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
1269 }
1270
1271 /******************************************************************************
1272 * IsValidSecurityDescriptor [ADVAPI32.@]
1273 *
1274 * PARAMS
1275 * lpsecdesc []
1276 */
1277 BOOL WINAPI
1278 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
1279 {
1280 return set_ntstatus( RtlValidSecurityDescriptor(SecurityDescriptor));
1281 }
1282
1283 /******************************************************************************
1284 * GetSecurityDescriptorDacl [ADVAPI32.@]
1285 */
1286 BOOL WINAPI GetSecurityDescriptorDacl(
1287 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
1288 OUT LPBOOL lpbDaclPresent,
1289 OUT PACL *pDacl,
1290 OUT LPBOOL lpbDaclDefaulted)
1291 {
1292 BOOLEAN present, defaulted;
1293 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted));
1294 *lpbDaclPresent = present;
1295 *lpbDaclDefaulted = defaulted;
1296 return ret;
1297 }
1298
1299 /******************************************************************************
1300 * SetSecurityDescriptorDacl [ADVAPI32.@]
1301 */
1302 BOOL WINAPI
1303 SetSecurityDescriptorDacl (
1304 PSECURITY_DESCRIPTOR lpsd,
1305 BOOL daclpresent,
1306 PACL dacl,
1307 BOOL dacldefaulted )
1308 {
1309 return set_ntstatus( RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ) );
1310 }
1311 /******************************************************************************
1312 * GetSecurityDescriptorSacl [ADVAPI32.@]
1313 */
1314 BOOL WINAPI GetSecurityDescriptorSacl(
1315 IN PSECURITY_DESCRIPTOR lpsd,
1316 OUT LPBOOL lpbSaclPresent,
1317 OUT PACL *pSacl,
1318 OUT LPBOOL lpbSaclDefaulted)
1319 {
1320 BOOLEAN present, defaulted;
1321 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor(lpsd, &present, pSacl, &defaulted) );
1322 *lpbSaclPresent = present;
1323 *lpbSaclDefaulted = defaulted;
1324 return ret;
1325 }
1326
1327 /**************************************************************************
1328 * SetSecurityDescriptorSacl [ADVAPI32.@]
1329 */
1330 BOOL WINAPI SetSecurityDescriptorSacl (
1331 PSECURITY_DESCRIPTOR lpsd,
1332 BOOL saclpresent,
1333 PACL lpsacl,
1334 BOOL sacldefaulted)
1335 {
1336 return set_ntstatus (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
1337 }
1338 /******************************************************************************
1339 * MakeSelfRelativeSD [ADVAPI32.@]
1340 *
1341 * PARAMS
1342 * lpabssecdesc []
1343 * lpselfsecdesc []
1344 * lpbuflen []
1345 */
1346 BOOL WINAPI
1347 MakeSelfRelativeSD(
1348 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1349 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1350 IN OUT LPDWORD lpdwBufferLength)
1351 {
1352 return set_ntstatus( RtlMakeSelfRelativeSD( pAbsoluteSecurityDescriptor,
1353 pSelfRelativeSecurityDescriptor, lpdwBufferLength));
1354 }
1355
1356 /******************************************************************************
1357 * GetSecurityDescriptorControl [ADVAPI32.@]
1358 */
1359
1360 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1361 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
1362 {
1363 return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
1364 }
1365
1366 /******************************************************************************
1367 * SetSecurityDescriptorControl [ADVAPI32.@]
1368 */
1369 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1370 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
1371 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet )
1372 {
1373 return set_ntstatus( RtlSetControlSecurityDescriptor(
1374 pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet ) );
1375 }
1376
1377 /* ##############################
1378 ###### ACL FUNCTIONS ######
1379 ##############################
1380 */
1381
1382 /*************************************************************************
1383 * InitializeAcl [ADVAPI32.@]
1384 */
1385 BOOL WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
1386 {
1387 return set_ntstatus( RtlCreateAcl(acl, size, rev));
1388 }
1389
1390 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
1391 {
1392 IO_STATUS_BLOCK io_block;
1393
1394 TRACE("(%p)\n", hNamedPipe);
1395
1396 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
1397 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
1398 }
1399
1400 /******************************************************************************
1401 * AddAccessAllowedAce [ADVAPI32.@]
1402 */
1403 BOOL WINAPI AddAccessAllowedAce(
1404 IN OUT PACL pAcl,
1405 IN DWORD dwAceRevision,
1406 IN DWORD AccessMask,
1407 IN PSID pSid)
1408 {
1409 return set_ntstatus(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
1410 }
1411
1412 /******************************************************************************
1413 * AddAccessAllowedAceEx [ADVAPI32.@]
1414 */
1415 BOOL WINAPI AddAccessAllowedAceEx(
1416 IN OUT PACL pAcl,
1417 IN DWORD dwAceRevision,
1418 IN DWORD AceFlags,
1419 IN DWORD AccessMask,
1420 IN PSID pSid)
1421 {
1422 return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1423 }
1424
1425 /******************************************************************************
1426 * AddAccessDeniedAce [ADVAPI32.@]
1427 */
1428 BOOL WINAPI AddAccessDeniedAce(
1429 IN OUT PACL pAcl,
1430 IN DWORD dwAceRevision,
1431 IN DWORD AccessMask,
1432 IN PSID pSid)
1433 {
1434 return set_ntstatus(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
1435 }
1436
1437 /******************************************************************************
1438 * AddAccessDeniedAceEx [ADVAPI32.@]
1439 */
1440 BOOL WINAPI AddAccessDeniedAceEx(
1441 IN OUT PACL pAcl,
1442 IN DWORD dwAceRevision,
1443 IN DWORD AceFlags,
1444 IN DWORD AccessMask,
1445 IN PSID pSid)
1446 {
1447 return set_ntstatus(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1448 }
1449
1450 /******************************************************************************
1451 * AddAce [ADVAPI32.@]
1452 */
1453 BOOL WINAPI AddAce(
1454 IN OUT PACL pAcl,
1455 IN DWORD dwAceRevision,
1456 IN DWORD dwStartingAceIndex,
1457 LPVOID pAceList,
1458 DWORD nAceListLength)
1459 {
1460 return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
1461 }
1462
1463 /******************************************************************************
1464 * DeleteAce [ADVAPI32.@]
1465 */
1466 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
1467 {
1468 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1469 }
1470
1471 /******************************************************************************
1472 * FindFirstFreeAce [ADVAPI32.@]
1473 */
1474 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
1475 {
1476 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
1477 }
1478
1479 /******************************************************************************
1480 * GetAce [ADVAPI32.@]
1481 */
1482 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1483 {
1484 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1485 }
1486
1487 /******************************************************************************
1488 * GetAclInformation [ADVAPI32.@]
1489 */
1490 BOOL WINAPI GetAclInformation(
1491 PACL pAcl,
1492 LPVOID pAclInformation,
1493 DWORD nAclInformationLength,
1494 ACL_INFORMATION_CLASS dwAclInformationClass)
1495 {
1496 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1497 nAclInformationLength, dwAclInformationClass));
1498 }
1499
1500 /******************************************************************************
1501 * IsValidAcl [ADVAPI32.@]
1502 */
1503 BOOL WINAPI IsValidAcl(IN PACL pAcl)
1504 {
1505 return RtlValidAcl(pAcl);
1506 }
1507
1508 /* ##############################
1509 ###### MISC FUNCTIONS ######
1510 ##############################
1511 */
1512
1513 /******************************************************************************
1514 * AllocateLocallyUniqueId [ADVAPI32.@]
1515 *
1516 * PARAMS
1517 * lpLuid []
1518 */
1519 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid )
1520 {
1521 return set_ntstatus(NtAllocateLocallyUniqueId(lpLuid));
1522 }
1523
1524 static const WCHAR SE_CREATE_TOKEN_NAME_W[] =
1525 { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1526 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] =
1527 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1528 static const WCHAR SE_LOCK_MEMORY_NAME_W[] =
1529 { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 };
1530 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] =
1531 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
1532 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] =
1533 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
1534 static const WCHAR SE_TCB_NAME_W[] =
1535 { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 };
1536 static const WCHAR SE_SECURITY_NAME_W[] =
1537 { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1538 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] =
1539 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
1540 static const WCHAR SE_LOAD_DRIVER_NAME_W[] =
1541 { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 };
1542 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] =
1543 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1544 static const WCHAR SE_SYSTEMTIME_NAME_W[] =
1545 { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 };
1546 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] =
1547 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
1548 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] =
1549 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1550 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] =
1551 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1552 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] =
1553 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1554 static const WCHAR SE_BACKUP_NAME_W[] =
1555 { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 };
1556 static const WCHAR SE_RESTORE_NAME_W[] =
1557 { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 };
1558 static const WCHAR SE_SHUTDOWN_NAME_W[] =
1559 { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1560 static const WCHAR SE_DEBUG_NAME_W[] =
1561 { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 };
1562 static const WCHAR SE_AUDIT_NAME_W[] =
1563 { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 };
1564 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] =
1565 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1566 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] =
1567 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
1568 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] =
1569 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1570 static const WCHAR SE_UNDOCK_NAME_W[] =
1571 { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 };
1572 static const WCHAR SE_SYNC_AGENT_NAME_W[] =
1573 { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1574 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] =
1575 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
1576 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] =
1577 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
1578 static const WCHAR SE_IMPERSONATE_NAME_W[] =
1579 { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 };
1580 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
1581 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
1582
1583 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
1584 {
1585 NULL,
1586 NULL,
1587 SE_CREATE_TOKEN_NAME_W,
1588 SE_ASSIGNPRIMARYTOKEN_NAME_W,
1589 SE_LOCK_MEMORY_NAME_W,
1590 SE_INCREASE_QUOTA_NAME_W,
1591 SE_MACHINE_ACCOUNT_NAME_W,
1592 SE_TCB_NAME_W,
1593 SE_SECURITY_NAME_W,
1594 SE_TAKE_OWNERSHIP_NAME_W,
1595 SE_LOAD_DRIVER_NAME_W,
1596 SE_SYSTEM_PROFILE_NAME_W,
1597 SE_SYSTEMTIME_NAME_W,
1598 SE_PROF_SINGLE_PROCESS_NAME_W,
1599 SE_INC_BASE_PRIORITY_NAME_W,
1600 SE_CREATE_PAGEFILE_NAME_W,
1601 SE_CREATE_PERMANENT_NAME_W,
1602 SE_BACKUP_NAME_W,
1603 SE_RESTORE_NAME_W,
1604 SE_SHUTDOWN_NAME_W,
1605 SE_DEBUG_NAME_W,
1606 SE_AUDIT_NAME_W,
1607 SE_SYSTEM_ENVIRONMENT_NAME_W,
1608 SE_CHANGE_NOTIFY_NAME_W,
1609 SE_REMOTE_SHUTDOWN_NAME_W,
1610 SE_UNDOCK_NAME_W,
1611 SE_SYNC_AGENT_NAME_W,
1612 SE_ENABLE_DELEGATION_NAME_W,
1613 SE_MANAGE_VOLUME_NAME_W,
1614 SE_IMPERSONATE_NAME_W,
1615 SE_CREATE_GLOBAL_NAME_W,
1616 };
1617
1618 /******************************************************************************
1619 * LookupPrivilegeValueW [ADVAPI32.@]
1620 *
1621 * See LookupPrivilegeValueA.
1622 */
1623 BOOL WINAPI
1624 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
1625 {
1626 UINT i;
1627
1628 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
1629
1630 if (!ADVAPI_IsLocalComputer(lpSystemName))
1631 {
1632 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1633 return FALSE;
1634 }
1635 if (!lpName)
1636 {
1637 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1638 return FALSE;
1639 }
1640 for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<SE_MAX_WELL_KNOWN_PRIVILEGE; i++ )
1641 {
1642 if( !WellKnownPrivNames[i] )
1643 continue;
1644 if( strcmpiW( WellKnownPrivNames[i], lpName) )
1645 continue;
1646 lpLuid->LowPart = i;
1647 lpLuid->HighPart = 0;
1648 TRACE( "%s -> %08x-%08x\n",debugstr_w( lpSystemName ),
1649 lpLuid->HighPart, lpLuid->LowPart );
1650 return TRUE;
1651 }
1652 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1653 return FALSE;
1654 }
1655
1656 /******************************************************************************
1657 * LookupPrivilegeValueA [ADVAPI32.@]
1658 *
1659 * Retrieves LUID used on a system to represent the privilege name.
1660 *
1661 * PARAMS
1662 * lpSystemName [I] Name of the system
1663 * lpName [I] Name of the privilege
1664 * lpLuid [O] Destination for the resulting LUID
1665 *
1666 * RETURNS
1667 * Success: TRUE. lpLuid contains the requested LUID.
1668 * Failure: FALSE.
1669 */
1670 BOOL WINAPI
1671 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
1672 {
1673 UNICODE_STRING lpSystemNameW;
1674 UNICODE_STRING lpNameW;
1675 BOOL ret;
1676
1677 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1678 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
1679 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
1680 RtlFreeUnicodeString(&lpNameW);
1681 RtlFreeUnicodeString(&lpSystemNameW);
1682 return ret;
1683 }
1684
1685 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName,
1686 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1687 {
1688 FIXME("%s %s %s %p %p - stub\n", debugstr_a(lpSystemName), debugstr_a(lpName),
1689 debugstr_a(lpDisplayName), cchDisplayName, lpLanguageId);
1690
1691 return FALSE;
1692 }
1693
1694 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName,
1695 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1696 {
1697 FIXME("%s %s %s %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpName),
1698 debugstr_w(lpDisplayName), cchDisplayName, lpLanguageId);
1699
1700 return FALSE;
1701 }
1702
1703 /******************************************************************************
1704 * LookupPrivilegeNameA [ADVAPI32.@]
1705 *
1706 * See LookupPrivilegeNameW.
1707 */
1708 BOOL WINAPI
1709 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName,
1710 LPDWORD cchName)
1711 {
1712 UNICODE_STRING lpSystemNameW;
1713 BOOL ret;
1714 DWORD wLen = 0;
1715
1716 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1717
1718 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1719 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1720 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1721 {
1722 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1723
1724 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1725 &wLen);
1726 if (ret)
1727 {
1728 /* Windows crashes if cchName is NULL, so will I */
1729 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1730 *cchName, NULL, NULL);
1731
1732 if (len == 0)
1733 {
1734 /* WideCharToMultiByte failed */
1735 ret = FALSE;
1736 }
1737 else if (len > *cchName)
1738 {
1739 *cchName = len;
1740 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1741 ret = FALSE;
1742 }
1743 else
1744 {
1745 /* WideCharToMultiByte succeeded, output length needs to be
1746 * length not including NULL terminator
1747 */
1748 *cchName = len - 1;
1749 }
1750 }
1751 HeapFree(GetProcessHeap(), 0, lpNameW);
1752 }
1753 RtlFreeUnicodeString(&lpSystemNameW);
1754 return ret;
1755 }
1756
1757 /******************************************************************************
1758 * LookupPrivilegeNameW [ADVAPI32.@]
1759 *
1760 * Retrieves the privilege name referred to by the LUID lpLuid.
1761 *
1762 * PARAMS
1763 * lpSystemName [I] Name of the system
1764 * lpLuid [I] Privilege value
1765 * lpName [O] Name of the privilege
1766 * cchName [I/O] Number of characters in lpName.
1767 *
1768 * RETURNS
1769 * Success: TRUE. lpName contains the name of the privilege whose value is
1770 * *lpLuid.
1771 * Failure: FALSE.
1772 *
1773 * REMARKS
1774 * Only well-known privilege names (those defined in winnt.h) can be retrieved
1775 * using this function.
1776 * If the length of lpName is too small, on return *cchName will contain the
1777 * number of WCHARs needed to contain the privilege, including the NULL
1778 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
1779 * On success, *cchName will contain the number of characters stored in
1780 * lpName, NOT including the NULL terminator.
1781 */
1782 BOOL WINAPI
1783 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
1784 LPDWORD cchName)
1785 {
1786 size_t privNameLen;
1787
1788 TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
1789
1790 if (!ADVAPI_IsLocalComputer(lpSystemName))
1791 {
1792 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1793 return FALSE;
1794 }
1795 if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
1796 lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
1797 {
1798 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1799 return FALSE;
1800 }
1801 privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
1802 /* Windows crashes if cchName is NULL, so will I */
1803 if (*cchName <= privNameLen)
1804 {
1805 *cchName = privNameLen + 1;
1806 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1807 return FALSE;
1808 }
1809 else
1810 {
1811 strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
1812 *cchName = privNameLen;
1813 return TRUE;
1814 }
1815 }
1816
1817 /******************************************************************************
1818 * GetFileSecurityA [ADVAPI32.@]
1819 *
1820 * Obtains Specified information about the security of a file or directory.
1821 *
1822 * PARAMS
1823 * lpFileName [I] Name of the file to get info for
1824 * RequestedInformation [I] SE_ flags from "winnt.h"
1825 * pSecurityDescriptor [O] Destination for security information
1826 * nLength [I] Length of pSecurityDescriptor
1827 * lpnLengthNeeded [O] Destination for length of returned security information
1828 *
1829 * RETURNS
1830 * Success: TRUE. pSecurityDescriptor contains the requested information.
1831 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1832 *
1833 * NOTES
1834 * The information returned is constrained by the callers access rights and
1835 * privileges.
1836 */
1837 BOOL WINAPI
1838 GetFileSecurityA( LPCSTR lpFileName,
1839 SECURITY_INFORMATION RequestedInformation,
1840 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1841 DWORD nLength, LPDWORD lpnLengthNeeded )
1842 {
1843 DWORD len;
1844 BOOL r;
1845 LPWSTR name = NULL;
1846
1847 if( lpFileName )
1848 {
1849 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1850 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1851 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1852 }
1853
1854 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor,
1855 nLength, lpnLengthNeeded );
1856 HeapFree( GetProcessHeap(), 0, name );
1857
1858 return r;
1859 }
1860
1861 /******************************************************************************
1862 * GetFileSecurityW [ADVAPI32.@]
1863 *
1864 * See GetFileSecurityA.
1865 */
1866 BOOL WINAPI
1867 GetFileSecurityW( LPCWSTR lpFileName,
1868 SECURITY_INFORMATION RequestedInformation,
1869 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1870 DWORD nLength, LPDWORD lpnLengthNeeded )
1871 {
1872 HANDLE hfile;
1873 NTSTATUS status;
1874 DWORD access = 0;
1875
1876 if (RequestedInformation & (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|
1877 DACL_SECURITY_INFORMATION))
1878 access |= READ_CONTROL;
1879 if (RequestedInformation & SACL_SECURITY_INFORMATION)
1880 access |= ACCESS_SYSTEM_SECURITY;
1881
1882 hfile = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
1883 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0 );
1884 if ( hfile == INVALID_HANDLE_VALUE )
1885 return FALSE;
1886
1887 status = NtQuerySecurityObject( hfile, RequestedInformation, pSecurityDescriptor,
1888 nLength, lpnLengthNeeded );
1889 CloseHandle( hfile );
1890 return set_ntstatus( status );
1891 }
1892
1893
1894 /******************************************************************************
1895 * LookupAccountSidA [ADVAPI32.@]
1896 */
1897 BOOL WINAPI
1898 LookupAccountSidA(
1899 IN LPCSTR system,
1900 IN PSID sid,
1901 OUT LPSTR account,
1902 IN OUT LPDWORD accountSize,
1903 OUT LPSTR domain,
1904 IN OUT LPDWORD domainSize,
1905 OUT PSID_NAME_USE name_use )
1906 {
1907 DWORD len;
1908 BOOL r;
1909 LPWSTR systemW = NULL;
1910 LPWSTR accountW = NULL;
1911 LPWSTR domainW = NULL;
1912 DWORD accountSizeW = *accountSize;
1913 DWORD domainSizeW = *domainSize;
1914
1915 TRACE("(%s,sid=%s,%p,%p(%u),%p,%p(%u),%p)\n",
1916 debugstr_a(system),debugstr_sid(sid),
1917 account,accountSize,accountSize?*accountSize:0,
1918 domain,domainSize,domainSize?*domainSize:0,
1919 name_use);
1920
1921 if (system) {
1922 len = MultiByteToWideChar( CP_ACP, 0, system, -1, NULL, 0 );
1923 systemW = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) );
1924 MultiByteToWideChar( CP_ACP, 0, system, -1, systemW, len );
1925 }
1926 if (account)
1927 accountW = HeapAlloc( GetProcessHeap(), 0, accountSizeW * sizeof(WCHAR) );
1928 if (domain)
1929 domainW = HeapAlloc( GetProcessHeap(), 0, domainSizeW * sizeof(WCHAR) );
1930
1931 r = LookupAccountSidW( systemW, sid, accountW, &accountSizeW, domainW, &domainSizeW, name_use );
1932
1933 if (r) {
1934 if (accountW && *accountSize) {
1935 len = WideCharToMultiByte( CP_ACP, 0, accountW, -1, NULL, 0, NULL, NULL );
1936 WideCharToMultiByte( CP_ACP, 0, accountW, -1, account, len, NULL, NULL );
1937 *accountSize = len;
1938 } else
1939 *accountSize = accountSizeW + 1;
1940
1941 if (domainW && *domainSize) {
1942 len = WideCharToMultiByte( CP_ACP, 0, domainW, -1, NULL, 0, NULL, NULL );
1943 WideCharToMultiByte( CP_ACP, 0, domainW, -1, domain, len, NULL, NULL );
1944 *domainSize = len;
1945 } else
1946 *domainSize = domainSizeW + 1;
1947 }
1948
1949 HeapFree( GetProcessHeap(), 0, systemW );
1950 HeapFree( GetProcessHeap(), 0, accountW );
1951 HeapFree( GetProcessHeap(), 0, domainW );
1952
1953 return r;
1954 }
1955
1956 /******************************************************************************
1957 * LookupAccountSidW [ADVAPI32.@]
1958 *
1959 * PARAMS
1960 * system []
1961 * sid []
1962 * account []
1963 * accountSize []
1964 * domain []
1965 * domainSize []
1966 * name_use []
1967 */
1968
1969 BOOL WINAPI
1970 LookupAccountSidW(
1971 IN LPCWSTR system,
1972 IN PSID sid,
1973 OUT LPWSTR account,
1974 IN OUT LPDWORD accountSize,
1975 OUT LPWSTR domain,
1976 IN OUT LPDWORD domainSize,
1977 OUT PSID_NAME_USE name_use )
1978 {
1979 unsigned int i, j;
1980 const WCHAR * ac = NULL;
1981 const WCHAR * dm = NULL;
1982 SID_NAME_USE use = 0;
1983 LPWSTR computer_name = NULL;
1984
1985 TRACE("(%s,sid=%s,%p,%p(%u),%p,%p(%u),%p)\n",
1986 debugstr_w(system),debugstr_sid(sid),
1987 account,accountSize,accountSize?*accountSize:0,
1988 domain,domainSize,domainSize?*domainSize:0,
1989 name_use);
1990
1991 if (!ADVAPI_IsLocalComputer(system)) {
1992 FIXME("Only local computer supported!\n");
1993 SetLastError(ERROR_NONE_MAPPED);
1994 return FALSE;
1995 }
1996
1997 /* check the well known SIDs first */
1998 for (i = 0; i <= 60; i++) {
1999 if (IsWellKnownSid(sid, i)) {
2000 for (j = 0; j < (sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0])); j++) {
2001 if (ACCOUNT_SIDS[j].type == i) {
2002 ac = ACCOUNT_SIDS[j].account;
2003 dm = ACCOUNT_SIDS[j].domain;
2004 use = ACCOUNT_SIDS[j].name_use;
2005 }
2006 }
2007 break;
2008 }
2009 }
2010
2011 if (dm == NULL) {
2012 MAX_SID local;
2013
2014 /* check for the local computer next */
2015 if (ADVAPI_GetComputerSid(&local)) {
2016 DWORD size = MAX_COMPUTERNAME_LENGTH + 1;
2017 BOOL result;
2018
2019 computer_name = HeapAlloc(GetProcessHeap(), 0, size * sizeof(WCHAR));
2020 result = GetComputerNameW(computer_name, &size);
2021
2022 if (result) {
2023 if (EqualSid(sid, &local)) {
2024 dm = computer_name;
2025 ac = Blank;
2026 use = 3;
2027 } else {
2028 local.SubAuthorityCount++;
2029
2030 if (EqualPrefixSid(sid, &local)) {
2031 dm = computer_name;
2032 use = 1;
2033 switch (((MAX_SID *)sid)->SubAuthority[4]) {
2034 case DOMAIN_USER_RID_ADMIN:
2035 ac = Administrator;
2036 break;
2037 case DOMAIN_USER_RID_GUEST:
2038 ac = Guest;
2039 break;
2040 case DOMAIN_GROUP_RID_ADMINS:
2041 ac = Domain_Admins;
2042 break;
2043 case DOMAIN_GROUP_RID_USERS:
2044 ac = Domain_Users;
2045 break;
2046 case DOMAIN_GROUP_RID_GUESTS:
2047 ac = Domain_Guests;
2048 break;
2049 case DOMAIN_GROUP_RID_COMPUTERS:
2050 ac = Domain_Computers;
2051 break;
2052 case DOMAIN_GROUP_RID_CONTROLLERS:
2053 ac = Domain_Controllers;
2054 break;
2055 case DOMAIN_GROUP_RID_CERT_ADMINS:
2056 ac = Cert_Publishers;
2057 break;
2058 case DOMAIN_GROUP_RID_SCHEMA_ADMINS:
2059 ac = Schema_Admins;
2060 break;
2061 case DOMAIN_GROUP_RID_ENTERPRISE_ADMINS:
2062 ac = Enterprise_Admins;
2063 break;
2064 case DOMAIN_GROUP_RID_POLICY_ADMINS:
2065 ac = Group_Policy_Creator_Owners;
2066 break;
2067 case DOMAIN_ALIAS_RID_RAS_SERVERS:
2068 ac = RAS_and_IAS_Servers;
2069 break;
2070 default:
2071 dm = NULL;
2072 break;
2073 }
2074 }
2075 }
2076 }
2077 }
2078 }
2079
2080 if (dm) {
2081 BOOL status = TRUE;
2082 if (*accountSize > lstrlenW(ac)) {
2083 if (account)
2084 lstrcpyW(account, ac);
2085 }
2086 if (*domainSize > lstrlenW(dm)) {
2087 if (domain)
2088 lstrcpyW(domain, dm);
2089 }
2090 if (((*accountSize != 0) && (*accountSize < strlenW(ac))) ||
2091 ((*domainSize != 0) && (*domainSize < strlenW(dm)))) {
2092 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2093 status = FALSE;
2094 }
2095 if (*domainSize)
2096 *domainSize = strlenW(dm);
2097 else
2098 *domainSize = strlenW(dm) + 1;
2099 if (*accountSize)
2100 *accountSize = strlenW(ac);
2101 else
2102 *accountSize = strlenW(ac) + 1;
2103 *name_use = use;
2104 HeapFree(GetProcessHeap(), 0, computer_name);
2105 return status;
2106 }
2107
2108 HeapFree(GetProcessHeap(), 0, computer_name);
2109 SetLastError(ERROR_NONE_MAPPED);
2110 return FALSE;
2111 }
2112
2113 /******************************************************************************
2114 * SetFileSecurityA [ADVAPI32.@]
2115 *
2116 * See SetFileSecurityW.
2117 */
2118 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
2119 SECURITY_INFORMATION RequestedInformation,
2120 PSECURITY_DESCRIPTOR pSecurityDescriptor)
2121 {
2122 DWORD len;
2123 BOOL r;
2124 LPWSTR name = NULL;
2125
2126 if( lpFileName )
2127 {
2128 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
2129 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
2130 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
2131 }
2132
2133 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor );
2134 HeapFree( GetProcessHeap(), 0, name );
2135
2136 return r;
2137 }
2138
2139 /******************************************************************************
2140 * SetFileSecurityW [ADVAPI32.@]
2141 *
2142 * Sets the security of a file or directory.
2143 *
2144 * PARAMS
2145 * lpFileName []
2146 * RequestedInformation []
2147 * pSecurityDescriptor []
2148 *
2149 * RETURNS
2150 * Success: TRUE.
2151 * Failure: FALSE.
2152 */
2153 BOOL WINAPI
2154 SetFileSecurityW( LPCWSTR lpFileName,
2155 SECURITY_INFORMATION RequestedInformation,
2156 PSECURITY_DESCRIPTOR pSecurityDescriptor )
2157 {
2158 HANDLE file;
2159 DWORD access = 0;
2160 NTSTATUS status;
2161
2162 TRACE("(%s, 0x%x, %p)\n", debugstr_w(lpFileName), RequestedInformation,
2163 pSecurityDescriptor );
2164
2165 if (RequestedInformation & OWNER_SECURITY_INFORMATION ||
2166 RequestedInformation & GROUP_SECURITY_INFORMATION)
2167 access |= WRITE_OWNER;
2168 if (RequestedInformation & SACL_SECURITY_INFORMATION)
2169 access |= ACCESS_SYSTEM_SECURITY;
2170 if (RequestedInformation & DACL_SECURITY_INFORMATION)
2171 access |= WRITE_DAC;
2172
2173 file = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
2174 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL );
2175 if (file == INVALID_HANDLE_VALUE)
2176 return FALSE;
2177
2178 status = NtSetSecurityObject( file, RequestedInformation, pSecurityDescriptor );
2179 CloseHandle( file );
2180 return set_ntstatus( status );
2181 }
2182
2183 /******************************************************************************
2184 * QueryWindows31FilesMigration [ADVAPI32.@]
2185 *
2186 * PARAMS
2187 * x1 []
2188 */
2189 BOOL WINAPI
2190 QueryWindows31FilesMigration( DWORD x1 )
2191 {
2192 FIXME("(%d):stub\n",x1);
2193 return TRUE;
2194 }
2195
2196 /******************************************************************************
2197 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
2198 *
2199 * PARAMS
2200 * x1 []
2201 * x2 []
2202 * x3 []
2203 * x4 []
2204 */
2205 BOOL WINAPI
2206 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
2207 DWORD x4 )
2208 {
2209 FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
2210 return TRUE;
2211 }
2212
2213 /******************************************************************************
2214 * NotifyBootConfigStatus [ADVAPI32.@]
2215 *
2216 * PARAMS
2217 * x1 []
2218 */
2219 BOOL WINAPI
2220 NotifyBootConfigStatus( BOOL x1 )
2221 {
2222 FIXME("(0x%08d):stub\n",x1);
2223 return 1;
2224 }
2225
2226 /******************************************************************************
2227 * RevertToSelf [ADVAPI32.@]
2228 *
2229 * Ends the impersonation of a user.
2230 *
2231 * PARAMS
2232 * void []
2233 *
2234 * RETURNS
2235 * Success: TRUE.
2236 * Failure: FALSE.
2237 */
2238 BOOL WINAPI
2239 RevertToSelf( void )
2240 {
2241 HANDLE Token = NULL;
2242 return set_ntstatus( NtSetInformationThread( GetCurrentThread(),
2243 ThreadImpersonationToken, &Token, sizeof(Token) ) );
2244 }
2245
2246 /******************************************************************************
2247 * ImpersonateSelf [ADVAPI32.@]
2248 *
2249 * Makes an impersonation token that represents the process user and assigns
2250 * to the current thread.
2251 *
2252 * PARAMS
2253 * ImpersonationLevel [I] Level at which to impersonate.
2254 *
2255 * RETURNS
2256 * Success: TRUE.
2257 * Failure: FALSE.
2258 */
2259 BOOL WINAPI
2260 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
2261 {
2262 return set_ntstatus( RtlImpersonateSelf( ImpersonationLevel ) );
2263 }
2264
2265 /******************************************************************************
2266 * ImpersonateLoggedOnUser [ADVAPI32.@]
2267 */
2268 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
2269 {
2270 DWORD size;
2271 NTSTATUS Status;
2272 HANDLE ImpersonationToken;
2273 TOKEN_TYPE Type;
2274
2275 FIXME( "(%p)\n", hToken );
2276
2277 if (!GetTokenInformation( hToken, TokenType, &Type,
2278 sizeof(TOKEN_TYPE), &size ))
2279 return FALSE;
2280
2281 if (Type == TokenPrimary)
2282 {
2283 OBJECT_ATTRIBUTES ObjectAttributes;
2284
2285 InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL );
2286
2287 Status = NtDuplicateToken( hToken,
2288 TOKEN_IMPERSONATE | TOKEN_QUERY,
2289 &ObjectAttributes,
2290 SecurityImpersonation,
2291 TokenImpersonation,
2292 &ImpersonationToken );
2293 if (Status != STATUS_SUCCESS)
2294 {
2295 ERR( "NtDuplicateToken failed with error 0x%08x\n", Status );
2296 SetLastError( RtlNtStatusToDosError( Status ) );
2297 return FALSE;
2298 }
2299 }
2300 else
2301 ImpersonationToken = hToken;
2302
2303 Status = NtSetInformationThread( GetCurrentThread(),
2304 ThreadImpersonationToken,
2305 &ImpersonationToken,
2306 sizeof(ImpersonationToken) );
2307
2308 if (Type == TokenPrimary)
2309 NtClose( ImpersonationToken );
2310
2311 if (Status != STATUS_SUCCESS)
2312 {
2313 ERR( "NtSetInformationThread failed with error 0x%08x\n", Status );
2314 SetLastError( RtlNtStatusToDosError( Status ) );
2315 return FALSE;
2316 }
2317
2318 return TRUE;
2319 }
2320
2321 /******************************************************************************
2322 * AccessCheck [ADVAPI32.@]
2323 */
2324 BOOL WINAPI
2325 AccessCheck(
2326 PSECURITY_DESCRIPTOR SecurityDescriptor,
2327 HANDLE ClientToken,
2328 DWORD DesiredAccess,
2329 PGENERIC_MAPPING GenericMapping,
2330 PPRIVILEGE_SET PrivilegeSet,
2331 LPDWORD PrivilegeSetLength,
2332 LPDWORD GrantedAccess,
2333 LPBOOL AccessStatus)
2334 {
2335 NTSTATUS access_status;
2336 BOOL ret = set_ntstatus( NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
2337 GenericMapping, PrivilegeSet, PrivilegeSetLength,
2338 GrantedAccess, &access_status) );
2339 if (ret) *AccessStatus = set_ntstatus( access_status );
2340 return ret;
2341 }
2342
2343
2344 /******************************************************************************
2345 * AccessCheckByType [ADVAPI32.@]
2346 */
2347 BOOL WINAPI AccessCheckByType(
2348 PSECURITY_DESCRIPTOR pSecurityDescriptor,
2349 PSID PrincipalSelfSid,
2350 HANDLE ClientToken,
2351 DWORD DesiredAccess,
2352 POBJECT_TYPE_LIST ObjectTypeList,
2353 DWORD ObjectTypeListLength,
2354 PGENERIC_MAPPING GenericMapping,
2355 PPRIVILEGE_SET PrivilegeSet,
2356 LPDWORD PrivilegeSetLength,
2357 LPDWORD GrantedAccess,
2358 LPBOOL AccessStatus)
2359 {
2360 FIXME("stub\n");
2361
2362 *AccessStatus = TRUE;
2363
2364 return !*AccessStatus;
2365 }
2366
2367 /******************************************************************************
2368 * MapGenericMask [ADVAPI32.@]
2369 *
2370 * Maps generic access rights into specific access rights according to the
2371 * supplied mapping.
2372 *
2373 * PARAMS
2374 * AccessMask [I/O] Access rights.
2375 * GenericMapping [I] The mapping between generic and specific rights.
2376 *
2377 * RETURNS
2378 * Nothing.
2379 */
2380 VOID WINAPI MapGenericMask( PDWORD AccessMask, PGENERIC_MAPPING GenericMapping )
2381 {
2382 RtlMapGenericMask( AccessMask, GenericMapping );
2383 }
2384
2385 /*************************************************************************
2386 * SetKernelObjectSecurity [ADVAPI32.@]
2387 */
2388 BOOL WINAPI SetKernelObjectSecurity (
2389 IN HANDLE Handle,
2390 IN SECURITY_INFORMATION SecurityInformation,
2391 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
2392 {
2393 return set_ntstatus (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
2394 }
2395
2396
2397 /******************************************************************************
2398 * AddAuditAccessAce [ADVAPI32.@]
2399 */
2400 BOOL WINAPI AddAuditAccessAce(
2401 IN OUT PACL pAcl,
2402 IN DWORD dwAceRevision,
2403 IN DWORD dwAccessMask,
2404 IN PSID pSid,
2405 IN BOOL bAuditSuccess,
2406 IN BOOL bAuditFailure)
2407 {
2408 return set_ntstatus( RtlAddAuditAccessAce(pAcl, dwAceRevision, dwAccessMask, pSid,
2409 bAuditSuccess, bAuditFailure) );
2410 }
2411
2412 /******************************************************************************
2413 * AddAuditAccessAce [ADVAPI32.@]
2414 */
2415 BOOL WINAPI AddAuditAccessAceEx(
2416 IN OUT PACL pAcl,
2417 IN DWORD dwAceRevision,
2418 IN DWORD dwAceFlags,
2419 IN DWORD dwAccessMask,
2420 IN PSID pSid,
2421 IN BOOL bAuditSuccess,
2422 IN BOOL bAuditFailure)
2423 {
2424 return set_ntstatus( RtlAddAuditAccessAceEx(pAcl, dwAceRevision, dwAceFlags, dwAccessMask, pSid,
2425 bAuditSuccess, bAuditFailure) );
2426 }
2427
2428 /******************************************************************************
2429 * LookupAccountNameA [ADVAPI32.@]
2430 */
2431 BOOL WINAPI
2432 LookupAccountNameA(
2433 IN LPCSTR system,
2434 IN LPCSTR account,
2435 OUT PSID sid,
2436 OUT LPDWORD cbSid,
2437 LPSTR ReferencedDomainName,
2438 IN OUT LPDWORD cbReferencedDomainName,
2439 OUT PSID_NAME_USE name_use )
2440 {
2441 BOOL ret;
2442 UNICODE_STRING lpSystemW;
2443 UNICODE_STRING lpAccountW;
2444 LPWSTR lpReferencedDomainNameW = NULL;
2445
2446 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, system);
2447 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, account);
2448
2449 if (ReferencedDomainName)
2450 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(), 0, *cbReferencedDomainName * sizeof(WCHAR));
2451
2452 ret = LookupAccountNameW(lpSystemW.Buffer, lpAccountW.Buffer, sid, cbSid, lpReferencedDomainNameW,
2453 cbReferencedDomainName, name_use);
2454
2455 if (ret && lpReferencedDomainNameW)
2456 {
2457 WideCharToMultiByte(CP_ACP, 0, lpReferencedDomainNameW, *cbReferencedDomainName,
2458 ReferencedDomainName, *cbReferencedDomainName, NULL, NULL);
2459 }
2460
2461 RtlFreeUnicodeString(&lpSystemW);
2462 RtlFreeUnicodeString(&lpAccountW);
2463 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
2464
2465 return ret;
2466 }
2467
2468 /******************************************************************************
2469 * LookupAccountNameW [ADVAPI32.@]
2470 */
2471 BOOL WINAPI LookupAccountNameW( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid,
2472 LPDWORD cbSid, LPWSTR ReferencedDomainName,
2473 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
2474 {
2475 /* Default implementation: Always return a default SID */
2476 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
2477 BOOL ret;
2478 PSID pSid;
2479 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
2480
2481 FIXME("%s %s %p %p %p %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpAccountName),
2482 Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse);
2483
2484 ret = AllocateAndInitializeSid(&identifierAuthority,
2485 2,
2486 SECURITY_BUILTIN_DOMAIN_RID,
2487 DOMAIN_ALIAS_RID_ADMINS,
2488 0, 0, 0, 0, 0, 0,
2489 &pSid);
2490
2491 if (!ret)
2492 return FALSE;
2493
2494 if (!RtlValidSid(pSid))
2495 {
2496 FreeSid(pSid);
2497 return FALSE;
2498 }
2499
2500 if (Sid != NULL && (*cbSid >= GetLengthSid(pSid)))
2501 CopySid(*cbSid, Sid, pSid);
2502 if (*cbSid < GetLengthSid(pSid))
2503 {
2504 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2505 ret = FALSE;
2506 }
2507 *cbSid = GetLengthSid(pSid);
2508
2509 if (ReferencedDomainName != NULL && (*cchReferencedDomainName > strlenW(dm)))
2510 strcpyW(ReferencedDomainName, dm);
2511
2512 if (*cchReferencedDomainName <= strlenW(dm))
2513 {
2514 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2515 ret = FALSE;
2516 }
2517
2518 *cchReferencedDomainName = strlenW(dm)+1;
2519
2520 FreeSid(pSid);
2521
2522 return ret;
2523 }
2524
2525 /******************************************************************************
2526 * PrivilegeCheck [ADVAPI32.@]
2527 */
2528 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
2529 {
2530 BOOL ret;
2531 BOOLEAN Result;
2532
2533 TRACE("%p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
2534
2535 ret = set_ntstatus (NtPrivilegeCheck (ClientToken, RequiredPrivileges, &Result));
2536 if (ret)
2537 *pfResult = Result;
2538 return ret;
2539 }
2540
2541 /******************************************************************************
2542 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
2543 */
2544 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
2545 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
2546 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
2547 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
2548 {
2549 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
2550 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
2551 SecurityDescriptor, DesiredAccess, GenericMapping,
2552 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
2553 return TRUE;
2554 }
2555
2556 /******************************************************************************
2557 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
2558 */
2559 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
2560 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
2561 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
2562 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
2563 {
2564 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
2565 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
2566 SecurityDescriptor, DesiredAccess, GenericMapping,
2567 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
2568 return TRUE;
2569 }
2570
2571 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2572 {
2573 FIXME("stub (%s,%p,%x)\n", debugstr_a(SubsystemName), HandleId, GenerateOnClose);
2574
2575 return TRUE;
2576 }
2577
2578 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2579 {
2580 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
2581
2582 return TRUE;
2583 }
2584
2585 BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2586 {
2587 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
2588
2589 return TRUE;
2590 }
2591
2592 BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName,
2593 LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
2594 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
2595 LPBOOL GenerateOnClose)
2596 {
2597 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_a(SubsystemName),
2598 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), pSecurityDescriptor,
2599 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
2600 GenerateOnClose);
2601
2602 return TRUE;
2603 }
2604
2605 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName,
2606 LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
2607 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
2608 LPBOOL GenerateOnClose)
2609 {
2610 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_w(SubsystemName),
2611 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), pSecurityDescriptor,
2612 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
2613 GenerateOnClose);
2614
2615 return TRUE;
2616 }
2617
2618 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
2619 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2620 {
2621 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_a(SubsystemName), HandleId, ClientToken,
2622 DesiredAccess, Privileges, AccessGranted);
2623
2624 return TRUE;
2625 }
2626
2627 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
2628 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2629 {
2630 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_w(SubsystemName), HandleId, ClientToken,
2631 DesiredAccess, Privileges, AccessGranted);
2632
2633 return TRUE;
2634 }
2635
2636 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken,
2637 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2638 {
2639 FIXME("stub (%s,%s,%p,%p,%x)\n", debugstr_a(SubsystemName), debugstr_a(ServiceName),
2640 ClientToken, Privileges, AccessGranted);
2641
2642 return TRUE;
2643 }
2644
2645 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken,
2646 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2647 {
2648 FIXME("stub %s,%s,%p,%p,%x)\n", debugstr_w(SubsystemName), debugstr_w(ServiceName),
2649 ClientToken, Privileges, AccessGranted);
2650
2651 return TRUE;
2652 }
2653
2654 /******************************************************************************
2655 * GetSecurityInfo [ADVAPI32.@]
2656 */
2657 DWORD WINAPI GetSecurityInfo(
2658 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
2659 SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner,
2660 PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl,
2661 PSECURITY_DESCRIPTOR *ppSecurityDescriptor
2662 )
2663 {
2664 FIXME("stub!\n");
2665 return ERROR_BAD_PROVIDER;
2666 }
2667
2668 /******************************************************************************
2669 * GetSecurityInfoExW [ADVAPI32.@]
2670 */
2671 DWORD WINAPI GetSecurityInfoExW(
2672 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
2673 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
2674 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
2675 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
2676 )
2677 {
2678 FIXME("stub!\n");
2679 return ERROR_BAD_PROVIDER;
2680 }
2681
2682 /******************************************************************************
2683 * BuildExplicitAccessWithNameA [ADVAPI32.@]
2684 */
2685 VOID WINAPI BuildExplicitAccessWithNameA( PEXPLICIT_ACCESSA pExplicitAccess,
2686 LPSTR pTrusteeName, DWORD AccessPermissions,
2687 ACCESS_MODE AccessMode, DWORD Inheritance )
2688 {
2689 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_a(pTrusteeName),
2690 AccessPermissions, AccessMode, Inheritance);
2691
2692 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2693 pExplicitAccess->grfAccessMode = AccessMode;
2694 pExplicitAccess->grfInheritance = Inheritance;
2695
2696 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2697 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2698 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2699 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2700 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2701 }
2702
2703 /******************************************************************************
2704 * BuildExplicitAccessWithNameW [ADVAPI32.@]
2705 */
2706 VOID WINAPI BuildExplicitAccessWithNameW( PEXPLICIT_ACCESSW pExplicitAccess,
2707 LPWSTR pTrusteeName, DWORD AccessPermissions,
2708 ACCESS_MODE AccessMode, DWORD Inheritance )
2709 {
2710 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_w(pTrusteeName),
2711 AccessPermissions, AccessMode, Inheritance);
2712
2713 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2714 pExplicitAccess->grfAccessMode = AccessMode;
2715 pExplicitAccess->grfInheritance = Inheritance;
2716
2717 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2718 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2719 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2720 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2721 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2722 }
2723
2724 /******************************************************************************
2725 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
2726 */
2727 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
2728 SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
2729 LPSTR InheritedObjectTypeName, LPSTR Name )
2730 {
2731 DWORD ObjectsPresent = 0;
2732
2733 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2734 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
2735
2736 /* Fill the OBJECTS_AND_NAME structure */
2737 pObjName->ObjectType = ObjectType;
2738 if (ObjectTypeName != NULL)
2739 {
2740 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2741 }
2742
2743 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2744 if (InheritedObjectTypeName != NULL)
2745 {
2746 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2747 }
2748
2749 pObjName->ObjectsPresent = ObjectsPresent;
2750 pObjName->ptstrName = Name;
2751
2752 /* Fill the TRUSTEE structure */
2753 pTrustee->pMultipleTrustee = NULL;
2754 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2755 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2756 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2757 pTrustee->ptstrName = (LPSTR)pObjName;
2758 }
2759
2760 /******************************************************************************
2761 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
2762 */
2763 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
2764 SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
2765 LPWSTR InheritedObjectTypeName, LPWSTR Name )
2766 {
2767 DWORD ObjectsPresent = 0;
2768
2769 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2770 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
2771
2772 /* Fill the OBJECTS_AND_NAME structure */
2773 pObjName->ObjectType = ObjectType;
2774 if (ObjectTypeName != NULL)
2775 {
2776 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2777 }
2778
2779 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2780 if (InheritedObjectTypeName != NULL)
2781 {
2782 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2783 }
2784
2785 pObjName->ObjectsPresent = ObjectsPresent;
2786 pObjName->ptstrName = Name;
2787
2788 /* Fill the TRUSTEE structure */
2789 pTrustee->pMultipleTrustee = NULL;
2790 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2791 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2792 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2793 pTrustee->ptstrName = (LPWSTR)pObjName;
2794 }
2795
2796 /******************************************************************************
2797 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
2798 */
2799 VOID WINAPI BuildTrusteeWithObjectsAndSidA( PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid,
2800 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2801 {
2802 DWORD ObjectsPresent = 0;
2803
2804 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2805
2806 /* Fill the OBJECTS_AND_SID structure */
2807 if (pObjectGuid != NULL)
2808 {
2809 pObjSid->ObjectTypeGuid = *pObjectGuid;
2810 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2811 }
2812 else
2813 {
2814 ZeroMemory(&pObjSid->ObjectTypeGuid,
2815 sizeof(GUID));
2816 }
2817
2818 if (pInheritedObjectGuid != NULL)
2819 {
2820 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2821 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2822 }
2823 else
2824 {
2825 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2826 sizeof(GUID));
2827 }
2828
2829 pObjSid->ObjectsPresent = ObjectsPresent;
2830 pObjSid->pSid = pSid;
2831
2832 /* Fill the TRUSTEE structure */
2833 pTrustee->pMultipleTrustee = NULL;
2834 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2835 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2836 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2837 pTrustee->ptstrName = (LPSTR) pObjSid;
2838 }
2839
2840 /******************************************************************************
2841 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
2842 */
2843 VOID WINAPI BuildTrusteeWithObjectsAndSidW( PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid,
2844 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2845 {
2846 DWORD ObjectsPresent = 0;
2847
2848 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2849
2850 /* Fill the OBJECTS_AND_SID structure */
2851 if (pObjectGuid != NULL)
2852 {
2853 pObjSid->ObjectTypeGuid = *pObjectGuid;
2854 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2855 }
2856 else
2857 {
2858 ZeroMemory(&pObjSid->ObjectTypeGuid,
2859 sizeof(GUID));
2860 }
2861
2862 if (pInheritedObjectGuid != NULL)
2863 {
2864 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2865 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2866 }
2867 else
2868 {
2869 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2870 sizeof(GUID));
2871 }
2872
2873 pObjSid->ObjectsPresent = ObjectsPresent;
2874 pObjSid->pSid = pSid;
2875
2876 /* Fill the TRUSTEE structure */
2877 pTrustee->pMultipleTrustee = NULL;
2878 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2879 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2880 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2881 pTrustee->ptstrName = (LPWSTR) pObjSid;
2882 }
2883
2884 /******************************************************************************
2885 * BuildTrusteeWithSidA [ADVAPI32.@]
2886 */
2887 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
2888 {
2889 TRACE("%p %p\n", pTrustee, pSid);
2890
2891 pTrustee->pMultipleTrustee = NULL;
2892 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2893 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2894 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2895 pTrustee->ptstrName = (LPSTR) pSid;
2896 }
2897
2898 /******************************************************************************
2899 * BuildTrusteeWithSidW [ADVAPI32.@]
2900 */
2901 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
2902 {
2903 TRACE("%p %p\n", pTrustee, pSid);
2904
2905 pTrustee->pMultipleTrustee = NULL;
2906 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2907 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2908 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2909 pTrustee->ptstrName = (LPWSTR) pSid;
2910 }
2911
2912 /******************************************************************************
2913 * BuildTrusteeWithNameA [ADVAPI32.@]
2914 */
2915 VOID WINAPI BuildTrusteeWithNameA(PTRUSTEEA pTrustee, LPSTR name)
2916 {
2917 TRACE("%p %s\n", pTrustee, debugstr_a(name) );
2918
2919 pTrustee->pMultipleTrustee = NULL;
2920 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2921 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2922 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2923 pTrustee->ptstrName = name;
2924 }
2925
2926 /******************************************************************************
2927 * BuildTrusteeWithNameW [ADVAPI32.@]
2928 */
2929 VOID WINAPI BuildTrusteeWithNameW(PTRUSTEEW pTrustee, LPWSTR name)
2930 {
2931 TRACE("%p %s\n", pTrustee, debugstr_w(name) );
2932
2933 pTrustee->pMultipleTrustee = NULL;
2934 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2935 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2936 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2937 pTrustee->ptstrName = name;
2938 }
2939
2940 /******************************************************************************
2941 * GetTrusteeFormA [ADVAPI32.@]
2942 */
2943 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
2944 {
2945 TRACE("(%p)\n", pTrustee);
2946
2947 if (!pTrustee)
2948 return TRUSTEE_BAD_FORM;
2949
2950 return pTrustee->TrusteeForm;
2951 }
2952
2953 /******************************************************************************
2954 * GetTrusteeFormW [ADVAPI32.@]
2955 */
2956 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
2957 {
2958 TRACE("(%p)\n", pTrustee);
2959
2960 if (!pTrustee)
2961 return TRUSTEE_BAD_FORM;
2962
2963 return pTrustee->TrusteeForm;
2964 }
2965
2966 /******************************************************************************
2967 * GetTrusteeNameA [ADVAPI32.@]
2968 */
2969 LPSTR WINAPI GetTrusteeNameA(PTRUSTEEA pTrustee)
2970 {
2971 TRACE("(%p)\n", pTrustee);
2972
2973 if (!pTrustee)
2974 return NULL;
2975
2976 return pTrustee->ptstrName;
2977 }
2978
2979 /******************************************************************************
2980 * GetTrusteeNameW [ADVAPI32.@]
2981 */
2982 LPWSTR WINAPI GetTrusteeNameW(PTRUSTEEW pTrustee)
2983 {
2984 TRACE("(%p)\n", pTrustee);
2985
2986 if (!pTrustee)
2987 return NULL;
2988
2989 return pTrustee->ptstrName;
2990 }
2991
2992 /******************************************************************************
2993 * GetTrusteeTypeA [ADVAPI32.@]
2994 */
2995 TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEEA pTrustee)
2996 {
2997 TRACE("(%p)\n", pTrustee);
2998
2999 if (!pTrustee)
3000 return TRUSTEE_IS_UNKNOWN;
3001
3002 return pTrustee->TrusteeType;
3003 }
3004
3005 /******************************************************************************
3006 * GetTrusteeTypeW [ADVAPI32.@]
3007 */
3008 TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEEW pTrustee)
3009 {
3010 TRACE("(%p)\n", pTrustee);
3011
3012 if (!pTrustee)
3013 return TRUSTEE_IS_UNKNOWN;
3014
3015 return pTrustee->TrusteeType;
3016 }
3017
3018 BOOL WINAPI SetAclInformation( PACL pAcl, LPVOID pAclInformation,
3019 DWORD nAclInformationLength,
3020 ACL_INFORMATION_CLASS dwAclInformationClass )
3021 {
3022 FIXME("%p %p 0x%08x 0x%08x - stub\n", pAcl, pAclInformation,
3023 nAclInformationLength, dwAclInformationClass);
3024
3025 return TRUE;
3026 }
3027
3028 /******************************************************************************
3029 * SetEntriesInAclA [ADVAPI32.@]
3030 */
3031 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
3032 PACL OldAcl, PACL* NewAcl )
3033 {
3034 FIXME("%d %p %p %p\n",count,pEntries,OldAcl,NewAcl);
3035 *NewAcl = NULL;
3036 return ERROR_SUCCESS;
3037 }
3038
3039 /******************************************************************************
3040 * SetEntriesInAclW [ADVAPI32.@]
3041 */
3042 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
3043 PACL OldAcl, PACL* NewAcl )
3044 {
3045 FIXME("%d %p %p %p\n",count,pEntries,OldAcl,NewAcl);
3046 *NewAcl = NULL;
3047 return ERROR_SUCCESS;
3048 }
3049
3050 /******************************************************************************
3051 * SetNamedSecurityInfoA [ADVAPI32.@]
3052 */
3053 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
3054 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3055 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
3056 {
3057 DWORD len;
3058 LPWSTR wstr = NULL;
3059 DWORD r;
3060
3061 TRACE("%s %d %d %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
3062 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
3063
3064 if( pObjectName )
3065 {
3066 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3067 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3068 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3069 }
3070
3071 r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner,
3072 psidGroup, pDacl, pSacl );
3073
3074 HeapFree( GetProcessHeap(), 0, wstr );
3075
3076 return r;
3077 }
3078
3079 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION SecurityInformation,
3080 PSECURITY_DESCRIPTOR ModificationDescriptor,
3081 PSECURITY_DESCRIPTOR* ObjectsSecurityDescriptor,
3082 PGENERIC_MAPPING GenericMapping,
3083 HANDLE Token )
3084 {
3085 FIXME("0x%08x %p %p %p %p - stub\n", SecurityInformation, ModificationDescriptor,
3086 ObjectsSecurityDescriptor, GenericMapping, Token);
3087
3088 return TRUE;
3089 }
3090
3091 BOOL WINAPI AreAllAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
3092 {
3093 return RtlAreAllAccessesGranted( GrantedAccess, DesiredAccess );
3094 }
3095
3096 /******************************************************************************
3097 * AreAnyAccessesGranted [ADVAPI32.@]
3098 *
3099 * Determines whether or not any of a set of specified access permissions have
3100 * been granted or not.
3101 *
3102 * PARAMS
3103 * GrantedAccess [I] The permissions that have been granted.
3104 * DesiredAccess [I] The permissions that you want to have.
3105 *
3106 * RETURNS
3107 * Nonzero if any of the permissions have been granted, zero if none of the
3108 * permissions have been granted.
3109 */
3110
3111 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
3112 {
3113 return RtlAreAnyAccessesGranted( GrantedAccess, DesiredAccess );
3114 }
3115
3116 /******************************************************************************
3117 * SetNamedSecurityInfoW [ADVAPI32.@]
3118 */
3119 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
3120 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3121 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
3122 {
3123 FIXME("%s %d %d %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
3124 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
3125 return ERROR_SUCCESS;
3126 }
3127
3128 /******************************************************************************
3129 * GetExplicitEntriesFromAclA [ADVAPI32.@]
3130 */
3131 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
3132 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
3133 {
3134 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
3135 return ERROR_CALL_NOT_IMPLEMENTED;
3136 }
3137
3138 /******************************************************************************
3139 * GetExplicitEntriesFromAclW [ADVAPI32.@]
3140 */
3141 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
3142 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
3143 {
3144 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
3145 return ERROR_CALL_NOT_IMPLEMENTED;
3146 }
3147
3148
3149 /******************************************************************************
3150 * ParseAclStringFlags
3151 */
3152 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
3153 {
3154 DWORD flags = 0;
3155 LPCWSTR szAcl = *StringAcl;
3156
3157 while (*szAcl != '(')
3158 {
3159 if (*szAcl == 'P')
3160 {
3161 flags |= SE_DACL_PROTECTED;
3162 }
3163 else if (*szAcl == 'A')
3164 {
3165 szAcl++;
3166 if (*szAcl == 'R')
3167 flags |= SE_DACL_AUTO_INHERIT_REQ;
3168 else if (*szAcl == 'I')
3169 flags |= SE_DACL_AUTO_INHERITED;
3170 }
3171 szAcl++;
3172 }
3173
3174 *StringAcl = szAcl;
3175 return flags;
3176 }
3177
3178 /******************************************************************************
3179 * ParseAceStringType
3180 */
3181 static const ACEFLAG AceType[] =
3182 {
3183 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
3184 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
3185 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
3186 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
3187 /*
3188 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
3189 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
3190 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
3191 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
3192 */
3193 { NULL, 0 },
3194 };
3195
3196 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
3197 {
3198 UINT len = 0;
3199 LPCWSTR szAcl = *StringAcl;
3200 const ACEFLAG *lpaf = AceType;
3201
3202 while (lpaf->wstr &&
3203 (len = strlenW(lpaf->wstr)) &&
3204 strncmpW(lpaf->wstr, szAcl, len))
3205 lpaf++;
3206
3207 if (!lpaf->wstr)
3208 return 0;
3209
3210 *StringAcl += len;
3211 return lpaf->value;
3212 }
3213
3214
3215 /******************************************************************************
3216 * ParseAceStringFlags
3217 */
3218 static const ACEFLAG AceFlags[] =
3219 {
3220 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
3221 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
3222 { SDDL_INHERITED, INHERITED_ACE },
3223 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
3224 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
3225 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
3226 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
3227 { NULL, 0 },
3228 };
3229
3230 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
3231 {
3232 UINT len = 0;
3233 BYTE flags = 0;
3234 LPCWSTR szAcl = *StringAcl;
3235
3236 while (*szAcl != ';')
3237 {
3238 const ACEFLAG *lpaf = AceFlags;
3239
3240 while (lpaf->wstr &&
3241 (len = strlenW(lpaf->wstr)) &&
3242 strncmpW(lpaf->wstr, szAcl, len))
3243 lpaf++;
3244
3245 if (!lpaf->wstr)
3246 return 0;
3247
3248 flags |= lpaf->value;
3249 szAcl += len;
3250 }
3251
3252 *StringAcl = szAcl;
3253 return flags;
3254 }
3255
3256
3257 /******************************************************************************
3258 * ParseAceStringRights
3259 */
3260 static const ACEFLAG AceRights[] =
3261 {
3262 { SDDL_GENERIC_ALL, GENERIC_ALL },
3263 { SDDL_GENERIC_READ, GENERIC_READ },
3264 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
3265 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
3266
3267 { SDDL_READ_CONTROL, READ_CONTROL },
3268 { SDDL_STANDARD_DELETE, DELETE },
3269 { SDDL_WRITE_DAC, WRITE_DAC },
3270 { SDDL_WRITE_OWNER, WRITE_OWNER },
3271
3272 { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP},
3273 { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP},
3274 { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD},
3275 { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD},
3276 { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST},
3277 { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF},
3278 { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT},
3279 { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE},
3280 { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS},
3281
3282 { SDDL_FILE_ALL, FILE_ALL_ACCESS },
3283 { SDDL_FILE_READ, FILE_GENERIC_READ },
3284 { SDDL_FILE_WRITE, FILE_GENERIC_WRITE },
3285 { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE },
3286
3287 { SDDL_KEY_ALL, KEY_ALL_ACCESS },
3288 { SDDL_KEY_READ, KEY_READ },
3289 { SDDL_KEY_WRITE, KEY_WRITE },
3290 { SDDL_KEY_EXECUTE, KEY_EXECUTE },
3291 { NULL, 0 },
3292 };
3293
3294 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
3295 {
3296 UINT len = 0;
3297 DWORD rights = 0;
3298 LPCWSTR szAcl = *StringAcl;
3299
3300 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
3301 {
3302 LPCWSTR p = szAcl;
3303
3304 while (*p && *p != ';')
3305 p++;
3306
3307 if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
3308 {
3309 rights = strtoulW(szAcl, NULL, 16);
3310 szAcl = p;
3311 }
3312 else
3313 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
3314 }
3315 else
3316 {
3317 while (*szAcl != ';')
3318 {
3319 const ACEFLAG *lpaf = AceRights;
3320
3321 while (lpaf->wstr &&
3322 (len = strlenW(lpaf->wstr)) &&
3323 strncmpW(lpaf->wstr, szAcl, len))
3324 {
3325 lpaf++;
3326 }
3327
3328 if (!lpaf->wstr)
3329 return 0;
3330
3331 rights |= lpaf->value;
3332 szAcl += len;
3333 }
3334 }
3335
3336 *StringAcl = szAcl;
3337 return rights;
3338 }
3339
3340
3341 /******************************************************************************
3342 * ParseStringAclToAcl
3343 *
3344 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
3345 */
3346 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
3347 PACL pAcl, LPDWORD cBytes)
3348 {
3349 DWORD val;
3350 DWORD sidlen;
3351 DWORD length = sizeof(ACL);
3352 DWORD acesize = 0;
3353 DWORD acecount = 0;
3354 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
3355
3356 TRACE("%s\n", debugstr_w(StringAcl));
3357
3358 if (!StringAcl)
3359 return FALSE;
3360
3361 if (pAcl) /* pAce is only useful if we're setting values */
3362 pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);
3363
3364 /* Parse ACL flags */
3365 *lpdwFlags = ParseAclStringFlags(&StringAcl);
3366
3367 /* Parse ACE */
3368 while (*StringAcl == '(')
3369 {
3370 StringAcl++;
3371
3372 /* Parse ACE type */
3373 val = ParseAceStringType(&StringAcl);
3374 if (pAce)
3375 pAce->Header.AceType = (BYTE) val;
3376 if (*StringAcl != ';')
3377 goto lerr;
3378 StringAcl++;
3379
3380 /* Parse ACE flags */
3381 val = ParseAceStringFlags(&StringAcl);
3382 if (pAce)
3383 pAce->Header.AceFlags = (BYTE) val;
3384 if (*StringAcl != ';')
3385 goto lerr;
3386 StringAcl++;
3387
3388 /* Parse ACE rights */
3389 val = ParseAceStringRights(&StringAcl);
3390 if (pAce)
3391 pAce->Mask = val;
3392 if (*StringAcl != ';')
3393 goto lerr;
3394 StringAcl++;
3395
3396 /* Parse ACE object guid */
3397 if (*StringAcl != ';')
3398 {
3399 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
3400 goto lerr;
3401 }
3402 StringAcl++;
3403
3404 /* Parse ACE inherit object guid */
3405 if (*StringAcl != ';')
3406 {
3407 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
3408 goto lerr;
3409 }
3410 StringAcl++;
3411
3412 /* Parse ACE account sid */
3413 if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
3414 {
3415 while (*StringAcl && *StringAcl != ')')
3416 StringAcl++;
3417 }
3418
3419 if (*StringAcl != ')')
3420 goto lerr;
3421 StringAcl++;
3422
3423 acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
3424 length += acesize;
3425 if (pAce)
3426 {
3427 pAce->Header.AceSize = acesize;
3428 pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize);
3429 }
3430 acecount++;
3431 }
3432
3433 *cBytes = length;
3434
3435 if (length > 0xffff)
3436 {
3437 ERR("ACL too large\n");
3438 goto lerr;
3439 }
3440
3441 if (pAcl)
3442 {
3443 pAcl->AclRevision = ACL_REVISION;
3444 pAcl->Sbz1 = 0;
3445 pAcl->AclSize = length;
3446 pAcl->AceCount = acecount++;
3447 pAcl->Sbz2 = 0;
3448 }
3449 return TRUE;
3450
3451 lerr:
3452 WARN("Invalid ACE string format\n");
3453 return FALSE;
3454 }
3455
3456
3457 /******************************************************************************
3458 * ParseStringSecurityDescriptorToSecurityDescriptor
3459 */
3460 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
3461 LPCWSTR StringSecurityDescriptor,
3462 SECURITY_DESCRIPTOR* SecurityDescriptor,
3463 LPDWORD cBytes)
3464 {
3465 BOOL bret = FALSE;
3466 WCHAR toktype;
3467 WCHAR tok[MAX_PATH];
3468 LPCWSTR lptoken;
3469 LPBYTE lpNext = NULL;
3470 DWORD len;
3471
3472 *cBytes = sizeof(SECURITY_DESCRIPTOR);
3473
3474 if (SecurityDescriptor)
3475 lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
3476
3477 while (*StringSecurityDescriptor)
3478 {
3479 toktype = *StringSecurityDescriptor;
3480
3481 /* Expect char identifier followed by ':' */
3482 StringSecurityDescriptor++;
3483 if (*StringSecurityDescriptor != ':')
3484 {
3485 SetLastError(ERROR_INVALID_PARAMETER);
3486 goto lend;
3487 }
3488 StringSecurityDescriptor++;
3489
3490 /* Extract token */
3491 lptoken = StringSecurityDescriptor;
3492 while (*lptoken && *lptoken != ':')
3493 lptoken++;
3494
3495 if (*lptoken)
3496 lptoken--;
3497
3498 len = lptoken - StringSecurityDescriptor;
3499 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
3500 tok[len] = 0;
3501
3502 switch (toktype)
3503 {
3504 case 'O':
3505 {
3506 DWORD bytes;
3507
3508 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
3509 goto lend;
3510
3511 if (SecurityDescriptor)
3512 {
3513 SecurityDescriptor->Owner = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
3514 lpNext += bytes; /* Advance to next token */
3515 }
3516
3517 *cBytes += bytes;
3518
3519 break;
3520 }
3521
3522 case 'G':
3523 {
3524 DWORD bytes;
3525
3526 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
3527 goto lend;
3528
3529 if (SecurityDescriptor)
3530 {
3531 SecurityDescriptor->Group = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
3532 lpNext += bytes; /* Advance to next token */
3533 }
3534
3535 *cBytes += bytes;
3536
3537 break;
3538 }
3539
3540 case 'D':
3541 {
3542 DWORD flags;
3543 DWORD bytes;
3544
3545 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
3546 goto lend;
3547
3548 if (SecurityDescriptor)
3549 {
3550 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
3551 SecurityDescriptor->Dacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
3552 lpNext += bytes; /* Advance to next token */
3553 }
3554
3555 *cBytes += bytes;
3556
3557 break;
3558 }
3559
3560 case 'S':
3561 {
3562 DWORD flags;
3563 DWORD bytes;
3564
3565 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
3566 goto lend;
3567
3568 if (SecurityDescriptor)
3569 {
3570 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
3571 SecurityDescriptor->Sacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
3572 lpNext += bytes; /* Advance to next token */
3573 }
3574
3575 *cBytes += bytes;
3576
3577 break;
3578 }
3579
3580 default:
3581 FIXME("Unknown token\n");
3582 SetLastError(ERROR_INVALID_PARAMETER);
3583 goto lend;
3584 }
3585
3586 StringSecurityDescriptor = lptoken;
3587 }
3588
3589 bret = TRUE;
3590
3591 lend:
3592 return bret;
3593 }
3594
3595 /******************************************************************************
3596 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
3597 */
3598 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(
3599 LPCSTR StringSecurityDescriptor,
3600 DWORD StringSDRevision,
3601 PSECURITY_DESCRIPTOR* SecurityDescriptor,
3602 PULONG SecurityDescriptorSize)
3603 {
3604 UINT len;
3605 BOOL ret = FALSE;
3606 LPWSTR StringSecurityDescriptorW;
3607
3608 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
3609 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
3610
3611 if (StringSecurityDescriptorW)
3612 {
3613 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
3614
3615 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
3616 StringSDRevision, SecurityDescriptor,
3617 SecurityDescriptorSize);
3618 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
3619 }
3620
3621 return ret;
3622 }
3623
3624 /******************************************************************************
3625 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
3626 */
3627 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
3628 LPCWSTR StringSecurityDescriptor,
3629 DWORD StringSDRevision,
3630 PSECURITY_DESCRIPTOR* SecurityDescriptor,
3631 PULONG SecurityDescriptorSize)
3632 {
3633 DWORD cBytes;
3634 SECURITY_DESCRIPTOR* psd;
3635 BOOL bret = FALSE;
3636
3637 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
3638
3639 if (GetVersion() & 0x80000000)
3640 {
3641 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3642 goto lend;
3643 }
3644 else if (StringSDRevision != SID_REVISION)
3645 {
3646 SetLastError(ERROR_UNKNOWN_REVISION);
3647 goto lend;
3648 }
3649
3650 /* Compute security descriptor length */
3651 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3652 NULL, &cBytes))
3653 goto lend;
3654
3655 psd = *SecurityDescriptor = (SECURITY_DESCRIPTOR*) LocalAlloc(
3656 GMEM_ZEROINIT, cBytes);
3657 if (!psd) goto lend;
3658
3659 psd->Revision = SID_REVISION;
3660 psd->Control |= SE_SELF_RELATIVE;
3661
3662 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3663 psd, &cBytes))
3664 {
3665 LocalFree(psd);
3666 goto lend;
3667 }
3668
3669 if (SecurityDescriptorSize)
3670 *SecurityDescriptorSize = cBytes;
3671
3672 bret = TRUE;
3673
3674 lend:
3675 TRACE(" ret=%d\n", bret);
3676 return bret;
3677 }
3678
3679 static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
3680 {
3681 if (cch == -1)
3682 cch = strlenW(string);
3683
3684 if (plen)
3685 *plen += cch;
3686
3687 if (pwptr)
3688 {
3689 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
3690 *pwptr += cch;
3691 }
3692 }
3693
3694 static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
3695 {
3696 DWORD i;
3697 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
3698 WCHAR subauthfmt[] = { '-','%','u',0 };
3699 WCHAR buf[26];
3700 SID *pisid = psid;
3701
3702 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
3703 {
3704 SetLastError(ERROR_INVALID_SID);
3705 return FALSE;
3706 }
3707
3708 if (pisid->IdentifierAuthority.Value[0] ||
3709 pisid->IdentifierAuthority.Value[1])
3710 {
3711 FIXME("not matching MS' bugs\n");
3712 SetLastError(ERROR_INVALID_SID);
3713 return FALSE;
3714 }
3715
3716 sprintfW( buf, fmt, pisid->Revision,
3717 MAKELONG(
3718 MAKEWORD( pisid->IdentifierAuthority.Value[5],
3719 pisid->IdentifierAuthority.Value[4] ),
3720 MAKEWORD( pisid->IdentifierAuthority.Value[3],
3721 pisid->IdentifierAuthority.Value[2] )
3722 ) );
3723 DumpString(buf, -1, pwptr, plen);
3724
3725 for( i=0; i<pisid->SubAuthorityCount; i++ )
3726 {
3727 sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
3728 DumpString(buf, -1, pwptr, plen);
3729 }
3730 return TRUE;
3731 }
3732
3733 static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
3734 {
3735 int i;
3736 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
3737 {
3738 if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
3739 {
3740 DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
3741 return TRUE;
3742 }
3743 }
3744
3745 return DumpSidNumeric(psid, pwptr, plen);
3746 }
3747
3748 static const LPCWSTR AceRightBitNames[32] = {
3749 SDDL_CREATE_CHILD, /* 0 */
3750 SDDL_DELETE_CHILD,
3751 SDDL_LIST_CHILDREN,
3752 SDDL_SELF_WRITE,
3753 SDDL_READ_PROPERTY, /* 4 */
3754 SDDL_WRITE_PROPERTY,
3755 SDDL_DELETE_TREE,
3756 SDDL_LIST_OBJECT,
3757 SDDL_CONTROL_ACCESS, /* 8 */
3758 NULL,
3759 NULL,
3760 NULL,
3761 NULL, /* 12 */
3762 NULL,
3763 NULL,
3764 NULL,
3765 SDDL_STANDARD_DELETE, /* 16 */
3766 SDDL_READ_CONTROL,
3767 SDDL_WRITE_DAC,
3768 SDDL_WRITE_OWNER,
3769 NULL, /* 20 */
3770 NULL,
3771 NULL,
3772 NULL,
3773 NULL, /* 24 */
3774 NULL,
3775 NULL,
3776 NULL,
3777 SDDL_GENERIC_ALL, /* 28 */
3778 SDDL_GENERIC_EXECUTE,
3779 SDDL_GENERIC_WRITE,
3780 SDDL_GENERIC_READ
3781 };
3782
3783 static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
3784 {
3785 static const WCHAR fmtW[] = {'0','x','%','x',0};
3786 WCHAR buf[15];
3787 int i;
3788
3789 if (mask == 0)
3790 return;
3791
3792 /* first check if the right have name */
3793 for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
3794 {
3795 if (AceRights[i].wstr == NULL)
3796 break;
3797 if (mask == AceRights[i].value)
3798 {
3799 DumpString(AceRights[i].wstr, -1, pwptr, plen);
3800 return;
3801 }
3802 }
3803
3804 /* then check if it can be built from bit names */
3805 for (i = 0; i < 32; i++)
3806 {
3807 if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
3808 {
3809 /* can't be built from bit names */
3810 sprintfW(buf, fmtW, mask);
3811 DumpString(buf, -1, pwptr, plen);
3812 return;
3813 }
3814 }
3815
3816 /* build from bit names */
3817 for (i = 0; i < 32; i++)
3818 if (mask & (1 << i))
3819 DumpString(AceRightBitNames[i], -1, pwptr, plen);
3820 }
3821
3822 static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
3823 {
3824 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
3825 static const WCHAR openbr = '(';
3826 static const WCHAR closebr = ')';
3827 static const WCHAR semicolon = ';';
3828
3829 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
3830 {
3831 SetLastError(ERROR_INVALID_ACL);
3832 return FALSE;
3833 }
3834
3835 piace = (ACCESS_ALLOWED_ACE *)pace;
3836 DumpString(&openbr, 1, pwptr, plen);
3837 switch (piace->Header.AceType)
3838 {
3839 case ACCESS_ALLOWED_ACE_TYPE:
3840 DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
3841 break;
3842 case ACCESS_DENIED_ACE_TYPE:
3843 DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
3844 break;
3845 case SYSTEM_AUDIT_ACE_TYPE:
3846 DumpString(SDDL_AUDIT, -1, pwptr, plen);
3847 break;
3848 case SYSTEM_ALARM_ACE_TYPE:
3849 DumpString(SDDL_ALARM, -1, pwptr, plen);
3850 break;
3851 }
3852 DumpString(&semicolon, 1, pwptr, plen);
3853
3854 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
3855 DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
3856 if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
3857 DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
3858 if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE)
3859 DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
3860 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
3861 DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
3862 if (piace->Header.AceFlags & INHERITED_ACE)
3863 DumpString(SDDL_INHERITED, -1, pwptr, plen);
3864 if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
3865 DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
3866 if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
3867 DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
3868 DumpString(&semicolon, 1, pwptr, plen);
3869 DumpRights(piace->Mask, pwptr, plen);
3870 DumpString(&semicolon, 1, pwptr, plen);
3871 /* objects not supported */
3872 DumpString(&semicolon, 1, pwptr, plen);
3873 /* objects not supported */
3874 DumpString(&semicolon, 1, pwptr, plen);
3875 if (!DumpSid((PSID)&piace->SidStart, pwptr, plen))
3876 return FALSE;
3877 DumpString(&closebr, 1, pwptr, plen);
3878 return TRUE;
3879 }
3880
3881 static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
3882 {
3883 WORD count;
3884 int i;
3885
3886 if (protected)
3887 DumpString(SDDL_PROTECTED, -1, pwptr, plen);
3888 if (autoInheritReq)
3889 DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
3890 if (autoInherited)
3891 DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
3892
3893 if (pacl == NULL)
3894 return TRUE;
3895
3896 if (!IsValidAcl(pacl))
3897 return FALSE;
3898
3899 count = pacl->AceCount;
3900 for (i = 0; i < count; i++)
3901 {
3902 LPVOID ace;
3903 if (!GetAce(pacl, i, &ace))
3904 return FALSE;
3905 if (!DumpAce(ace, pwptr, plen))
3906 return FALSE;
3907 }
3908
3909 return TRUE;
3910 }
3911
3912 static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3913 {
3914 static const WCHAR prefix[] = {'O',':',0};
3915 BOOL bDefaulted;
3916 PSID psid;
3917
3918 if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
3919 return FALSE;
3920
3921 if (psid == NULL)
3922 return TRUE;
3923
3924 DumpString(prefix, -1, pwptr, plen);
3925 if (!DumpSid(psid, pwptr, plen))
3926 return FALSE;
3927 return TRUE;
3928 }
3929
3930 static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3931 {
3932 static const WCHAR prefix[] = {'G',':',0};
3933 BOOL bDefaulted;
3934 PSID psid;
3935
3936 if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
3937 return FALSE;
3938
3939 if (psid == NULL)
3940 return TRUE;
3941
3942 DumpString(prefix, -1, pwptr, plen);
3943 if (!DumpSid(psid, pwptr, plen))
3944 return FALSE;
3945 return TRUE;
3946 }
3947
3948 static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3949 {
3950 static const WCHAR dacl[] = {'D',':',0};
3951 SECURITY_DESCRIPTOR_CONTROL control;
3952 BOOL present, defaulted;
3953 DWORD revision;
3954 PACL pacl;
3955
3956 if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
3957 return FALSE;
3958
3959 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3960 return FALSE;
3961
3962 if (!present)
3963 return TRUE;
3964
3965 DumpString(dacl, 2, pwptr, plen);
3966 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
3967 return FALSE;
3968 return TRUE;
3969 }
3970
3971 static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3972 {
3973 static const WCHAR sacl[] = {'S',':',0};
3974 SECURITY_DESCRIPTOR_CONTROL control;
3975 BOOL present, defaulted;
3976 DWORD revision;
3977 PACL pacl;
3978
3979 if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
3980 return FALSE;
3981
3982 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3983 return FALSE;
3984
3985 if (!present)
3986 return TRUE;
3987
3988 DumpString(sacl, 2, pwptr, plen);
3989 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
3990 return FALSE;
3991 return TRUE;
3992 }
3993
3994 /******************************************************************************
3995 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
3996 */
3997 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
3998 {
3999 ULONG len;
4000 WCHAR *wptr, *wstr;
4001
4002 if (SDRevision != SDDL_REVISION_1)
4003 {
4004 ERR("Pogram requested unknown SDDL revision %d\n", SDRevision);
4005 SetLastError(ERROR_UNKNOWN_REVISION);
4006 return FALSE;
4007 }
4008
4009 len = 0;
4010 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
4011 if (!DumpOwner(SecurityDescriptor, NULL, &len))
4012 return FALSE;
4013 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
4014 if (!DumpGroup(SecurityDescriptor, NULL, &len))
4015 return FALSE;
4016 if (RequestedInformation & DACL_SECURITY_INFORMATION)
4017 if (!DumpDacl(SecurityDescriptor, NULL, &len))
4018 return FALSE;
4019 if (RequestedInformation & SACL_SECURITY_INFORMATION)
4020 if (!DumpSacl(SecurityDescriptor, NULL, &len))
4021 return FALSE;
4022
4023 wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
4024 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
4025 if (!DumpOwner(SecurityDescriptor, &wptr, NULL))
4026 return FALSE;
4027 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
4028 if (!DumpGroup(SecurityDescriptor, &wptr, NULL))
4029 return FALSE;
4030 if (RequestedInformation & DACL_SECURITY_INFORMATION)
4031 if (!DumpDacl(SecurityDescriptor, &wptr, NULL))
4032 return FALSE;
4033 if (RequestedInformation & SACL_SECURITY_INFORMATION)
4034 if (!DumpSacl(SecurityDescriptor, &wptr, NULL))
4035 return FALSE;
4036 *wptr = 0;
4037
4038 TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
4039 *OutputString = wstr;
4040 if (OutputLen)
4041 *OutputLen = strlenW(*OutputString)+1;
4042 return TRUE;
4043 }
4044
4045 /******************************************************************************
4046 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
4047 */
4048 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
4049 {
4050 LPWSTR wstr;
4051 ULONG len;
4052 if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
4053 {
4054 int lenA;
4055
4056 lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
4057 *OutputString = HeapAlloc(GetProcessHeap(), 0, lenA);
4058 WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
4059 LocalFree(wstr);
4060
4061 if (OutputLen != NULL)
4062 *OutputLen = lenA;
4063 return TRUE;
4064 }
4065 else
4066 {
4067 *OutputString = NULL;
4068 if (OutputLen)
4069 *OutputLen = 0;
4070 return FALSE;
4071 }
4072 }
4073
4074 /******************************************************************************
4075 * ConvertStringSidToSidW [ADVAPI32.@]
4076 */
4077 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
4078 {
4079 BOOL bret = FALSE;
4080 DWORD cBytes;
4081
4082 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
4083 if (GetVersion() & 0x80000000)
4084 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
4085 else if (!StringSid || !Sid)
4086 SetLastError(ERROR_INVALID_PARAMETER);
4087 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
4088 {
4089 PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
4090
4091 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
4092 if (!bret)
4093 LocalFree(*Sid);
4094 }
4095 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
4096 return bret;
4097 }
4098
4099 /******************************************************************************
4100 * ConvertStringSidToSidA [ADVAPI32.@]
4101 */
4102 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
4103 {
4104 BOOL bret = FALSE;
4105
4106 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
4107 if (GetVersion() & 0x80000000)
4108 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
4109 else if (!StringSid || !Sid)
4110 SetLastError(ERROR_INVALID_PARAMETER);
4111 else
4112 {
4113 UINT len = MultiByteToWideChar(CP_ACP, 0, StringSid, -1, NULL, 0);
4114 LPWSTR wStringSid = HeapAlloc(GetProcessHeap(), 0,
4115 len * sizeof(WCHAR));
4116
4117 MultiByteToWideChar(CP_ACP, 0, StringSid, -1, wStringSid, len);
4118 bret = ConvertStringSidToSidW(wStringSid, Sid);
4119 HeapFree(GetProcessHeap(), 0, wStringSid);
4120 }
4121 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
4122 return bret;
4123 }
4124
4125 /******************************************************************************
4126 * ConvertSidToStringSidW [ADVAPI32.@]
4127 *
4128 * format of SID string is:
4129 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
4130 * where
4131 * <rev> is the revision of the SID encoded as decimal
4132 * <auth> is the identifier authority encoded as hex
4133 * <subauthN> is the subauthority id encoded as decimal
4134 */
4135 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr )
4136 {
4137 DWORD len = 0;
4138 LPWSTR wstr, wptr;
4139
4140 TRACE("%p %p\n", pSid, pstr );
4141
4142 len = 0;
4143 if (!DumpSidNumeric(pSid, NULL, &len))
4144 return FALSE;
4145 wstr = wptr = LocalAlloc(0, (len+1) * sizeof(WCHAR));
4146 DumpSidNumeric(pSid, &wptr, NULL);
4147 *wptr = 0;
4148
4149 *pstr = wstr;
4150 return TRUE;
4151 }
4152
4153 /******************************************************************************
4154 * ConvertSidToStringSidA [ADVAPI32.@]
4155 */
4156 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr)
4157 {
4158 LPWSTR wstr = NULL;
4159 LPSTR str;
4160 UINT len;
4161
4162 TRACE("%p %p\n", pSid, pstr );
4163
4164 if( !ConvertSidToStringSidW( pSid, &wstr ) )
4165 return FALSE;
4166
4167 len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL );
4168 str = LocalAlloc( 0, len );
4169 WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL );
4170 LocalFree( wstr );
4171
4172 *pstr = str;
4173
4174 return TRUE;
4175 }
4176
4177 BOOL WINAPI CreatePrivateObjectSecurity(
4178 PSECURITY_DESCRIPTOR ParentDescriptor,
4179 PSECURITY_DESCRIPTOR CreatorDescriptor,
4180 PSECURITY_DESCRIPTOR* NewDescriptor,
4181 BOOL IsDirectoryObject,
4182 HANDLE Token,
4183 PGENERIC_MAPPING GenericMapping )
4184 {
4185 FIXME("%p %p %p %d %p %p - stub\n", ParentDescriptor, CreatorDescriptor,
4186 NewDescriptor, IsDirectoryObject, Token, GenericMapping);
4187
4188 return FALSE;
4189 }
4190
4191 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR* ObjectDescriptor )
4192 {
4193 FIXME("%p - stub\n", ObjectDescriptor);
4194
4195 return TRUE;
4196 }
4197
4198 BOOL WINAPI CreateProcessAsUserA(
4199 HANDLE hToken,
4200 LPCSTR lpApplicationName,
4201 LPSTR lpCommandLine,
4202 LPSECURITY_ATTRIBUTES lpProcessAttributes,
4203 LPSECURITY_ATTRIBUTES lpThreadAttributes,
4204 BOOL bInheritHandles,
4205 DWORD dwCreationFlags,
4206 LPVOID lpEnvironment,
4207 LPCSTR lpCurrentDirectory,
4208 LPSTARTUPINFOA lpStartupInfo,
4209 LPPROCESS_INFORMATION lpProcessInformation )
4210 {
4211 FIXME("%p %s %s %p %p %d 0x%08x %p %s %p %p - stub\n", hToken, debugstr_a(lpApplicationName),
4212 debugstr_a(lpCommandLine), lpProcessAttributes, lpThreadAttributes, bInheritHandles,
4213 dwCreationFlags, lpEnvironment, debugstr_a(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
4214
4215 return FALSE;
4216 }
4217
4218 BOOL WINAPI CreateProcessAsUserW(
4219 HANDLE hToken,
4220 LPCWSTR lpApplicationName,
4221 LPWSTR lpCommandLine,
4222 LPSECURITY_ATTRIBUTES lpProcessAttributes,
4223 LPSECURITY_ATTRIBUTES lpThreadAttributes,
4224 BOOL bInheritHandles,
4225 DWORD dwCreationFlags,
4226 LPVOID lpEnvironment,
4227 LPCWSTR lpCurrentDirectory,
4228 LPSTARTUPINFOW lpStartupInfo,
4229 LPPROCESS_INFORMATION lpProcessInformation )
4230 {
4231 FIXME("%p %s %s %p %p %d 0x%08x %p %s %p %p - semi- stub\n", hToken,
4232 debugstr_w(lpApplicationName), debugstr_w(lpCommandLine), lpProcessAttributes,
4233 lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
4234 debugstr_w(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
4235
4236 /* We should create the process with a suspended main thread */
4237 if (!CreateProcessW (lpApplicationName,
4238 lpCommandLine,
4239 lpProcessAttributes,
4240 lpThreadAttributes,
4241 bInheritHandles,
4242 dwCreationFlags, /* CREATE_SUSPENDED */
4243 lpEnvironment,
4244 lpCurrentDirectory,
4245 lpStartupInfo,
4246 lpProcessInformation))
4247 {
4248 return FALSE;
4249 }
4250
4251 return TRUE;
4252 }
4253
4254 /******************************************************************************
4255 * DuplicateTokenEx [ADVAPI32.@]
4256 */
4257 BOOL WINAPI DuplicateTokenEx(
4258 HANDLE ExistingTokenHandle, DWORD dwDesiredAccess,
4259 LPSECURITY_ATTRIBUTES lpTokenAttributes,
4260 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
4261 TOKEN_TYPE TokenType,
4262 PHANDLE DuplicateTokenHandle )
4263 {
4264 OBJECT_ATTRIBUTES ObjectAttributes;
4265
4266 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
4267 ImpersonationLevel, TokenType, DuplicateTokenHandle);
4268
4269 InitializeObjectAttributes(
4270 &ObjectAttributes,
4271 NULL,
4272 (lpTokenAttributes && lpTokenAttributes->bInheritHandle) ? OBJ_INHERIT : 0,
4273 NULL,
4274 lpTokenAttributes ? lpTokenAttributes->lpSecurityDescriptor : NULL );
4275
4276 return set_ntstatus( NtDuplicateToken( ExistingTokenHandle,
4277 dwDesiredAccess,
4278 &ObjectAttributes,
4279 ImpersonationLevel,
4280 TokenType,
4281 DuplicateTokenHandle ) );
4282 }
4283
4284 BOOL WINAPI DuplicateToken(
4285 HANDLE ExistingTokenHandle,
4286 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
4287 PHANDLE DuplicateTokenHandle )
4288 {
4289 return DuplicateTokenEx( ExistingTokenHandle, TOKEN_IMPERSONATE | TOKEN_QUERY,
4290 NULL, ImpersonationLevel, TokenImpersonation,
4291 DuplicateTokenHandle );
4292 }
4293
4294 BOOL WINAPI EnumDependentServicesA(
4295 SC_HANDLE hService,
4296 DWORD dwServiceState,
4297 LPENUM_SERVICE_STATUSA lpServices,
4298 DWORD cbBufSize,
4299 LPDWORD pcbBytesNeeded,
4300 LPDWORD lpServicesReturned )
4301 {
4302 FIXME("%p 0x%08x %p 0x%08x %p %p - stub\n", hService, dwServiceState,
4303 lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
4304
4305 return FALSE;
4306 }
4307
4308 BOOL WINAPI EnumDependentServicesW(
4309 SC_HANDLE hService,
4310 DWORD dwServiceState,
4311 LPENUM_SERVICE_STATUSW lpServices,
4312 DWORD cbBufSize,
4313 LPDWORD pcbBytesNeeded,
4314 LPDWORD lpServicesReturned )
4315 {
4316 FIXME("%p 0x%08x %p 0x%08x %p %p - stub\n", hService, dwServiceState,
4317 lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
4318
4319 return FALSE;
4320 }
4321
4322 /******************************************************************************
4323 * ComputeStringSidSize
4324 */
4325 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
4326 {
4327 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
4328 {
4329 int ctok = 0;
4330 while (*StringSid)
4331 {
4332 if (*StringSid == '-')
4333 ctok++;
4334 StringSid++;
4335 }
4336
4337 if (ctok >= 3)
4338 return GetSidLengthRequired(ctok - 2);
4339 }
4340 else /* String constant format - Only available in winxp and above */
4341 {
4342 unsigned int i;
4343
4344 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
4345 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
4346 return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
4347 }
4348
4349 return GetSidLengthRequired(0);
4350 }
4351
4352 /******************************************************************************
4353 * ParseStringSidToSid
4354 */
4355 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
4356 {
4357 BOOL bret = FALSE;
4358 SID* pisid=pSid;
4359
4360 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
4361 if (!StringSid)
4362 {
4363 SetLastError(ERROR_INVALID_PARAMETER);
4364 TRACE("StringSid is NULL, returning FALSE\n");
4365 return FALSE;
4366 }
4367
4368 *cBytes = ComputeStringSidSize(StringSid);
4369 if (!pisid) /* Simply compute the size */
4370 {
4371 TRACE("only size requested, returning TRUE\n");
4372 return TRUE;
4373 }
4374
4375 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
4376 {
4377 DWORD i = 0, identAuth;
4378 DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD));
4379
4380 StringSid += 2; /* Advance to Revision */
4381 pisid->Revision = atoiW(StringSid);
4382
4383 if (pisid->Revision != SDDL_REVISION)
4384 {
4385 TRACE("Revision %d is unknown\n", pisid->Revision);
4386 goto lend; /* ERROR_INVALID_SID */
4387 }
4388 if (csubauth == 0)
4389 {
4390 TRACE("SubAuthorityCount is 0\n");
4391 goto lend; /* ERROR_INVALID_SID */
4392 }
4393
4394 pisid->SubAuthorityCount = csubauth;
4395
4396 /* Advance to identifier authority */
4397 while (*StringSid && *StringSid != '-')
4398 StringSid++;
4399 if (*StringSid == '-')
4400 StringSid++;
4401
4402 /* MS' implementation can't handle values greater than 2^32 - 1, so
4403 * we don't either; assume most significant bytes are always 0
4404 */
4405 pisid->IdentifierAuthority.Value[0] = 0;
4406 pisid->IdentifierAuthority.Value[1] = 0;
4407 identAuth = atoiW(StringSid);
4408 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
4409 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
4410 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
4411 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
4412
4413 /* Advance to first sub authority */
4414 while (*StringSid && *StringSid != '-')
4415 StringSid++;
4416 if (*StringSid == '-')
4417 StringSid++;
4418
4419 while (*StringSid)
4420 {
4421 pisid->SubAuthority[i++] = atoiW(StringSid);
4422
4423 while (*StringSid && *StringSid != '-')
4424 StringSid++;
4425 if (*StringSid == '-')
4426 StringSid++;
4427 }
4428
4429 if (i != pisid->SubAuthorityCount)
4430 goto lend; /* ERROR_INVALID_SID */
4431
4432 bret = TRUE;
4433 }
4434 else /* String constant format - Only available in winxp and above */
4435 {
4436 unsigned int i;
4437 pisid->Revision = SDDL_REVISION;
4438
4439 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
4440 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
4441 {
4442 DWORD j;
4443 pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount;
4444 pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority;
4445 for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
4446 pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j];
4447 bret = TRUE;
4448 }
4449
4450 if (!bret)
4451 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
4452 }
4453
4454 lend:
4455 if (!bret)
4456 SetLastError(ERROR_INVALID_SID);
4457
4458 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
4459 return bret;
4460 }
4461
4462 /******************************************************************************
4463 * GetNamedSecurityInfoA [ADVAPI32.@]
4464 */
4465 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
4466 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
4467 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
4468 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
4469 {
4470 DWORD len;
4471 LPWSTR wstr = NULL;
4472 DWORD r;
4473
4474 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
4475 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
4476
4477 if( pObjectName )
4478 {
4479 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
4480 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
4481 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
4482 }
4483
4484 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
4485 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
4486
4487 HeapFree( GetProcessHeap(), 0, wstr );
4488
4489 return r;
4490 }
4491
4492 /******************************************************************************
4493 * GetNamedSecurityInfoW [ADVAPI32.@]
4494 */
4495 DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type,
4496 SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl,
4497 PACL* sacl, PSECURITY_DESCRIPTOR* descriptor )
4498 {
4499 DWORD needed, offset;
4500 SECURITY_DESCRIPTOR_RELATIVE *relative;
4501 BYTE *buffer;
4502
4503 TRACE( "%s %d %d %p %p %p %p %p\n", debugstr_w(name), type, info, owner,
4504 group, dacl, sacl, descriptor );
4505
4506 if (!name || !descriptor) return ERROR_INVALID_PARAMETER;
4507
4508 needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
4509 if (info & OWNER_SECURITY_INFORMATION)
4510 needed += sizeof(sidWorld);
4511 if (info & GROUP_SECURITY_INFORMATION)
4512 needed += sizeof(sidWorld);
4513 if (info & DACL_SECURITY_INFORMATION)
4514 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
4515 if (info & SACL_SECURITY_INFORMATION)
4516 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
4517
4518 /* must be freed by caller */
4519 *descriptor = HeapAlloc( GetProcessHeap(), 0, needed );
4520 if (!*descriptor) return ERROR_NOT_ENOUGH_MEMORY;
4521
4522 if (!InitializeSecurityDescriptor( *descriptor, SECURITY_DESCRIPTOR_REVISION ))
4523 {
4524 HeapFree( GetProcessHeap(), 0, *descriptor );
4525 return ERROR_INVALID_SECURITY_DESCR;
4526 }
4527
4528 relative = (SECURITY_DESCRIPTOR_RELATIVE *)*descriptor;
4529 relative->Control |= SE_SELF_RELATIVE;
4530 buffer = (BYTE *)relative;
4531 offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
4532
4533 if (info & OWNER_SECURITY_INFORMATION)
4534 {
4535 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
4536 relative->Owner = offset;
4537 if (owner)
4538 *owner = buffer + offset;
4539 offset += sizeof(sidWorld);
4540 }
4541 if (info & GROUP_SECURITY_INFORMATION)
4542 {
4543 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
4544 relative->Group = offset;
4545 if (group)
4546 *group = buffer + offset;
4547 offset += sizeof(sidWorld);
4548 }
4549 if (info & DACL_SECURITY_INFORMATION)
4550 {
4551 relative->Control |= SE_DACL_PRESENT;
4552 GetWorldAccessACL( (PACL)(buffer + offset) );
4553 relative->Dacl = offset;
4554 if (dacl)
4555 *dacl = (PACL)(buffer + offset);
4556 offset += WINE_SIZE_OF_WORLD_ACCESS_ACL;
4557 }
4558 if (info & SACL_SECURITY_INFORMATION)
4559 {
4560 relative->Control |= SE_SACL_PRESENT;
4561 GetWorldAccessACL( (PACL)(buffer + offset) );
4562 relative->Sacl = offset;
4563 if (sacl)
4564 *sacl = (PACL)(buffer + offset);
4565 }
4566 return ERROR_SUCCESS;
4567 }
4568
4569 /******************************************************************************
4570 * DecryptFileW [ADVAPI32.@]
4571 */
4572 BOOL WINAPI DecryptFileW(LPCWSTR lpFileName, DWORD dwReserved)
4573 {
4574 FIXME("%s %08x\n", debugstr_w(lpFileName), dwReserved);
4575 return TRUE;
4576 }
4577
4578 /******************************************************************************
4579 * DecryptFileA [ADVAPI32.@]
4580 */
4581 BOOL WINAPI DecryptFileA(LPCSTR lpFileName, DWORD dwReserved)
4582 {
4583 FIXME("%s %08x\n", debugstr_a(lpFileName), dwReserved);
4584 return TRUE;
4585 }
4586
4587 /******************************************************************************
4588 * EncryptFileW [ADVAPI32.@]
4589 */
4590 BOOL WINAPI EncryptFileW(LPCWSTR lpFileName)
4591 {
4592 FIXME("%s\n", debugstr_w(lpFileName));
4593 return TRUE;
4594 }
4595
4596 /******************************************************************************
4597 * EncryptFileA [ADVAPI32.@]
4598 */
4599 BOOL WINAPI EncryptFileA(LPCSTR lpFileName)
4600 {
4601 FIXME("%s\n", debugstr_a(lpFileName));
4602 return TRUE;
4603 }
4604
4605 /******************************************************************************
4606 * FileEncryptionStatusW [ADVAPI32.@]
4607 */
4608 BOOL WINAPI FileEncryptionStatusW(LPCWSTR lpFileName, LPDWORD lpStatus)
4609 {
4610 FIXME("(%s %p): stub\n", debugstr_w(lpFileName), lpStatus);
4611 if (!lpStatus)
4612 return FALSE;
4613 *lpStatus = FILE_SYSTEM_NOT_SUPPORT;
4614 return TRUE;
4615 }
4616
4617 /******************************************************************************
4618 * FileEncryptionStatusA [ADVAPI32.@]
4619 */
4620 BOOL WINAPI FileEncryptionStatusA(LPCSTR lpFileName, LPDWORD lpStatus)
4621 {
4622 FIXME("(%s %p): stub\n", debugstr_a(lpFileName), lpStatus);
4623 if (!lpStatus)
4624 return FALSE;
4625 *lpStatus = FILE_SYSTEM_NOT_SUPPORT;
4626 return TRUE;
4627 }
4628
4629 /******************************************************************************
4630 * SetSecurityInfo [ADVAPI32.@]
4631 */
4632 DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
4633 SECURITY_INFORMATION SecurityInfo, PSID psidOwner,
4634 PSID psidGroup, PACL pDacl, PACL pSacl) {
4635 FIXME("stub\n");
4636 return ERROR_SUCCESS;
4637 }
useful hacks and other patches not (yet) suitable for mainline