search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
- Move target folder initialization to a dedicated function.
[wine/hacks.git] / dlls / advapi32 / security.c
blobaf5e66a31b0ddb23fc2757dcc778823bc30bad7c
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 *
19 */
20
21 #include <stdarg.h>
22 #include <string.h>
23
24 #include "windef.h"
25 #include "winbase.h"
26 #include "winerror.h"
27 #include "rpcnterr.h"
28 #include "winreg.h"
29 #include "winternl.h"
30 #include "winioctl.h"
31 #include "ntstatus.h"
32 #include "ntsecapi.h"
33 #include "accctrl.h"
34 #include "sddl.h"
35 #include "winsvc.h"
36 #include "aclapi.h"
37
38 #include "wine/debug.h"
39 #include "wine/unicode.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
42
43 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
44 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
45 PACL pAcl, LPDWORD cBytes);
46 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
47 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
48 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
49 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
50 LPCWSTR StringSecurityDescriptor,
51 SECURITY_DESCRIPTOR* SecurityDescriptor,
52 LPDWORD cBytes);
53 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
54
55 typedef struct _ACEFLAG
56 {
57 LPCWSTR wstr;
58 DWORD value;
59 } ACEFLAG, *LPACEFLAG;
60
61 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
62
63 /*
64 * ACE access rights
65 */
66 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
67 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
68 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
69 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
70 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
71 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
72 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
73 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
74
75 /*
76 * ACE types
77 */
78 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
79 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
80 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
81 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
82 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
83 static const WCHAR SDDL_ALARM[] = {'A','L',0};
84 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
85 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
86
87 /*
88 * ACE flags
89 */
90 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
91 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
92 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
93 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
94 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
95 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
96 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
97
98 /* set last error code from NT status and get the proper boolean return value */
99 /* used for functions that are a simple wrapper around the corresponding ntdll API */
100 static inline BOOL set_ntstatus( NTSTATUS status )
101 {
102 if (status) SetLastError( RtlNtStatusToDosError( status ));
103 return !status;
104 }
105
106 #define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD))
107
108 static void GetWorldAccessACL(PACL pACL)
109 {
110 PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1);
111
112 pACL->AclRevision = ACL_REVISION;
113 pACL->Sbz1 = 0;
114 pACL->AclSize = WINE_SIZE_OF_WORLD_ACCESS_ACL;
115 pACL->AceCount = 1;
116 pACL->Sbz2 = 0;
117
118 pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
119 pACE->Header.AceFlags = CONTAINER_INHERIT_ACE;
120 pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD);
121 pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */
122 memcpy(&pACE->SidStart, &sidWorld, sizeof(sidWorld));
123 }
124
125 /************************************************************
126 * ADVAPI_IsLocalComputer
127 *
128 * Checks whether the server name indicates local machine.
129 */
130 static BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
131 {
132 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
133 BOOL Result;
134 LPWSTR buf;
135
136 if (!ServerName || !ServerName[0])
137 return TRUE;
138
139 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
140 Result = GetComputerNameW(buf, &dwSize);
141 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
142 ServerName += 2;
143 Result = Result && !lstrcmpW(ServerName, buf);
144 HeapFree(GetProcessHeap(), 0, buf);
145
146 return Result;
147 }
148
149 /* ##############################
150 ###### TOKEN FUNCTIONS ######
151 ##############################
152 */
153
154 /******************************************************************************
155 * OpenProcessToken [ADVAPI32.@]
156 * Opens the access token associated with a process handle.
157 *
158 * PARAMS
159 * ProcessHandle [I] Handle to process
160 * DesiredAccess [I] Desired access to process
161 * TokenHandle [O] Pointer to handle of open access token
162 *
163 * RETURNS
164 * Success: TRUE. TokenHandle contains the access token.
165 * Failure: FALSE.
166 *
167 * NOTES
168 * See NtOpenProcessToken.
169 */
170 BOOL WINAPI
171 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
172 HANDLE *TokenHandle )
173 {
174 return set_ntstatus(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
175 }
176
177 /******************************************************************************
178 * OpenThreadToken [ADVAPI32.@]
179 *
180 * Opens the access token associated with a thread handle.
181 *
182 * PARAMS
183 * ThreadHandle [I] Handle to process
184 * DesiredAccess [I] Desired access to the thread
185 * OpenAsSelf [I] ???
186 * TokenHandle [O] Destination for the token handle
187 *
188 * RETURNS
189 * Success: TRUE. TokenHandle contains the access token.
190 * Failure: FALSE.
191 *
192 * NOTES
193 * See NtOpenThreadToken.
194 */
195 BOOL WINAPI
196 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
197 BOOL OpenAsSelf, HANDLE *TokenHandle)
198 {
199 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
200 }
201
202 BOOL WINAPI
203 AdjustTokenGroups( HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState,
204 DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength )
205 {
206 return set_ntstatus( NtAdjustGroupsToken(TokenHandle, ResetToDefault, NewState, BufferLength,
207 PreviousState, ReturnLength));
208 }
209
210 /******************************************************************************
211 * AdjustTokenPrivileges [ADVAPI32.@]
212 *
213 * Adjust the privileges of an open token handle.
214 *
215 * PARAMS
216 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
217 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
218 * NewState [I] Desired new privileges of the token
219 * BufferLength [I] Length of NewState
220 * PreviousState [O] Destination for the previous state
221 * ReturnLength [I/O] Size of PreviousState
222 *
223 *
224 * RETURNS
225 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
226 * Failure: FALSE.
227 *
228 * NOTES
229 * See NtAdjustPrivilegesToken.
230 */
231 BOOL WINAPI
232 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
233 LPVOID NewState, DWORD BufferLength,
234 LPVOID PreviousState, LPDWORD ReturnLength )
235 {
236 NTSTATUS status;
237
238 TRACE("\n");
239
240 status = NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges,
241 NewState, BufferLength, PreviousState,
242 ReturnLength);
243 SetLastError( RtlNtStatusToDosError( status ));
244 if ((status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED))
245 return TRUE;
246 else
247 return FALSE;
248 }
249
250 /******************************************************************************
251 * CheckTokenMembership [ADVAPI32.@]
252 *
253 * Determine if an access token is a member of a SID.
254 *
255 * PARAMS
256 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
257 * SidToCheck [I] SID that possibly contains the token
258 * IsMember [O] Destination for result.
259 *
260 * RETURNS
261 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
262 * Failure: FALSE.
263 */
264 BOOL WINAPI
265 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
266 PBOOL IsMember )
267 {
268 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
269
270 *IsMember = TRUE;
271 return(TRUE);
272 }
273
274 /******************************************************************************
275 * GetTokenInformation [ADVAPI32.@]
276 *
277 * PARAMS
278 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
279 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
280 * tokeninfo [O] Destination for token information
281 * tokeninfolength [I] Length of tokeninfo
282 * retlen [O] Destination for returned token information length
283 *
284 * RETURNS
285 * Success: TRUE. tokeninfo contains retlen bytes of token information
286 * Failure: FALSE.
287 *
288 * NOTES
289 * See NtQueryInformationToken.
290 */
291 BOOL WINAPI
292 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
293 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
294 {
295 TRACE("(%p, %s, %p, %ld, %p): \n",
296 token,
297 (tokeninfoclass == TokenUser) ? "TokenUser" :
298 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
299 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
300 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
301 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
302 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
303 (tokeninfoclass == TokenSource) ? "TokenSource" :
304 (tokeninfoclass == TokenType) ? "TokenType" :
305 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
306 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
307 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
308 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
309 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
310 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
311 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
312 "Unknown",
313 tokeninfo, tokeninfolength, retlen);
314 return set_ntstatus( NtQueryInformationToken( token, tokeninfoclass, tokeninfo,
315 tokeninfolength, retlen));
316 }
317
318 /******************************************************************************
319 * SetTokenInformation [ADVAPI32.@]
320 *
321 * Set information for an access token.
322 *
323 * PARAMS
324 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
325 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
326 * tokeninfo [I] Token information to set
327 * tokeninfolength [I] Length of tokeninfo
328 *
329 * RETURNS
330 * Success: TRUE. The information for the token is set to tokeninfo.
331 * Failure: FALSE.
332 */
333 BOOL WINAPI
334 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
335 LPVOID tokeninfo, DWORD tokeninfolength )
336 {
337 TRACE("(%p, %s, %p, %ld): stub\n",
338 token,
339 (tokeninfoclass == TokenUser) ? "TokenUser" :
340 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
341 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
342 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
343 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
344 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
345 (tokeninfoclass == TokenSource) ? "TokenSource" :
346 (tokeninfoclass == TokenType) ? "TokenType" :
347 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
348 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
349 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
350 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
351 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
352 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
353 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
354 "Unknown",
355 tokeninfo, tokeninfolength);
356
357 return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
358 }
359
360 /*************************************************************************
361 * SetThreadToken [ADVAPI32.@]
362 *
363 * Assigns an 'impersonation token' to a thread so it can assume the
364 * security privileges of another thread or process. Can also remove
365 * a previously assigned token.
366 *
367 * PARAMS
368 * thread [O] Handle to thread to set the token for
369 * token [I] Token to set
370 *
371 * RETURNS
372 * Success: TRUE. The threads access token is set to token
373 * Failure: FALSE.
374 *
375 * NOTES
376 * Only supported on NT or higher. On Win9X this function does nothing.
377 * See SetTokenInformation.
378 */
379 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
380 {
381 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
382 ThreadImpersonationToken, &token, sizeof token ));
383 }
384
385 /* ##############################
386 ###### SID FUNCTIONS ######
387 ##############################
388 */
389
390 /******************************************************************************
391 * AllocateAndInitializeSid [ADVAPI32.@]
392 *
393 * PARAMS
394 * pIdentifierAuthority []
395 * nSubAuthorityCount []
396 * nSubAuthority0 []
397 * nSubAuthority1 []
398 * nSubAuthority2 []
399 * nSubAuthority3 []
400 * nSubAuthority4 []
401 * nSubAuthority5 []
402 * nSubAuthority6 []
403 * nSubAuthority7 []
404 * pSid []
405 */
406 BOOL WINAPI
407 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
408 BYTE nSubAuthorityCount,
409 DWORD nSubAuthority0, DWORD nSubAuthority1,
410 DWORD nSubAuthority2, DWORD nSubAuthority3,
411 DWORD nSubAuthority4, DWORD nSubAuthority5,
412 DWORD nSubAuthority6, DWORD nSubAuthority7,
413 PSID *pSid )
414 {
415 return set_ntstatus( RtlAllocateAndInitializeSid(
416 pIdentifierAuthority, nSubAuthorityCount,
417 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
418 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
419 pSid ));
420 }
421
422 /******************************************************************************
423 * FreeSid [ADVAPI32.@]
424 *
425 * PARAMS
426 * pSid []
427 */
428 PVOID WINAPI
429 FreeSid( PSID pSid )
430 {
431 RtlFreeSid(pSid);
432 return NULL; /* is documented like this */
433 }
434
435 /******************************************************************************
436 * CopySid [ADVAPI32.@]
437 *
438 * PARAMS
439 * nDestinationSidLength []
440 * pDestinationSid []
441 * pSourceSid []
442 */
443 BOOL WINAPI
444 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
445 {
446 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
447 }
448
449 BOOL WINAPI
450 IsTokenRestricted( HANDLE TokenHandle )
451 {
452 TOKEN_GROUPS *groups;
453 DWORD size;
454 NTSTATUS status;
455 BOOL restricted;
456
457 TRACE("(%p)\n", TokenHandle);
458
459 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, NULL, 0, &size);
460 if (status != STATUS_BUFFER_TOO_SMALL)
461 return FALSE;
462
463 groups = HeapAlloc(GetProcessHeap(), 0, size);
464 if (!groups)
465 {
466 SetLastError(ERROR_OUTOFMEMORY);
467 return FALSE;
468 }
469
470 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, groups, size, &size);
471 if (status != STATUS_SUCCESS)
472 {
473 HeapFree(GetProcessHeap(), 0, groups);
474 return set_ntstatus(status);
475 }
476
477 if (groups->GroupCount)
478 restricted = TRUE;
479 else
480 restricted = FALSE;
481
482 HeapFree(GetProcessHeap(), 0, groups);
483
484 return restricted;
485 }
486
487 /******************************************************************************
488 * IsValidSid [ADVAPI32.@]
489 *
490 * PARAMS
491 * pSid []
492 */
493 BOOL WINAPI
494 IsValidSid( PSID pSid )
495 {
496 return RtlValidSid( pSid );
497 }
498
499 /******************************************************************************
500 * EqualSid [ADVAPI32.@]
501 *
502 * PARAMS
503 * pSid1 []
504 * pSid2 []
505 */
506 BOOL WINAPI
507 EqualSid( PSID pSid1, PSID pSid2 )
508 {
509 return RtlEqualSid( pSid1, pSid2 );
510 }
511
512 /******************************************************************************
513 * EqualPrefixSid [ADVAPI32.@]
514 */
515 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
516 {
517 return RtlEqualPrefixSid(pSid1, pSid2);
518 }
519
520 /******************************************************************************
521 * GetSidLengthRequired [ADVAPI32.@]
522 *
523 * PARAMS
524 * nSubAuthorityCount []
525 */
526 DWORD WINAPI
527 GetSidLengthRequired( BYTE nSubAuthorityCount )
528 {
529 return RtlLengthRequiredSid(nSubAuthorityCount);
530 }
531
532 /******************************************************************************
533 * InitializeSid [ADVAPI32.@]
534 *
535 * PARAMS
536 * pIdentifierAuthority []
537 */
538 BOOL WINAPI
539 InitializeSid (
540 PSID pSid,
541 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
542 BYTE nSubAuthorityCount)
543 {
544 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
545 }
546
547 DWORD WINAPI
548 GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights )
549 {
550 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
551
552 return 1;
553 }
554
555 DWORD WINAPI
556 GetEffectiveRightsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pAccessRights )
557 {
558 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
559
560 return 1;
561 }
562
563 /******************************************************************************
564 * GetSidIdentifierAuthority [ADVAPI32.@]
565 *
566 * PARAMS
567 * pSid []
568 */
569 PSID_IDENTIFIER_AUTHORITY WINAPI
570 GetSidIdentifierAuthority( PSID pSid )
571 {
572 return RtlIdentifierAuthoritySid(pSid);
573 }
574
575 /******************************************************************************
576 * GetSidSubAuthority [ADVAPI32.@]
577 *
578 * PARAMS
579 * pSid []
580 * nSubAuthority []
581 */
582 PDWORD WINAPI
583 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
584 {
585 return RtlSubAuthoritySid(pSid, nSubAuthority);
586 }
587
588 /******************************************************************************
589 * GetSidSubAuthorityCount [ADVAPI32.@]
590 *
591 * PARAMS
592 * pSid []
593 */
594 PUCHAR WINAPI
595 GetSidSubAuthorityCount (PSID pSid)
596 {
597 return RtlSubAuthorityCountSid(pSid);
598 }
599
600 /******************************************************************************
601 * GetLengthSid [ADVAPI32.@]
602 *
603 * PARAMS
604 * pSid []
605 */
606 DWORD WINAPI
607 GetLengthSid (PSID pSid)
608 {
609 return RtlLengthSid(pSid);
610 }
611
612 /* ##############################################
613 ###### SECURITY DESCRIPTOR FUNCTIONS ######
614 ##############################################
615 */
616
617 /******************************************************************************
618 * BuildSecurityDescriptorA [ADVAPI32.@]
619 *
620 * Builds a SD from
621 *
622 * PARAMS
623 * pOwner [I]
624 * pGroup [I]
625 * cCountOfAccessEntries [I]
626 * pListOfAccessEntries [I]
627 * cCountOfAuditEntries [I]
628 * pListofAuditEntries [I]
629 * pOldSD [I]
630 * lpdwBufferLength [I/O]
631 * pNewSD [O]
632 */
633 DWORD WINAPI BuildSecurityDescriptorA(
634 IN PTRUSTEE_A pOwner,
635 IN PTRUSTEE_A pGroup,
636 IN DWORD cCountOfAccessEntries,
637 IN PEXPLICIT_ACCESS_A pListOfAccessEntries,
638 IN DWORD cCountOfAuditEntries,
639 IN PEXPLICIT_ACCESS_A pListofAuditEntries,
640 IN PSECURITY_DESCRIPTOR pOldSD,
641 IN OUT PDWORD lpdwBufferLength,
642 OUT PSECURITY_DESCRIPTOR pNewSD)
643 {
644 FIXME("(%p,%p,%ld,%p,%ld,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
645 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
646 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
647
648 return ERROR_CALL_NOT_IMPLEMENTED;
649 }
650
651 /******************************************************************************
652 * BuildSecurityDescriptorW [ADVAPI32.@]
653 *
654 * See BuildSecurityDescriptorA.
655 */
656 DWORD WINAPI BuildSecurityDescriptorW(
657 IN PTRUSTEE_W pOwner,
658 IN PTRUSTEE_W pGroup,
659 IN DWORD cCountOfAccessEntries,
660 IN PEXPLICIT_ACCESS_W pListOfAccessEntries,
661 IN DWORD cCountOfAuditEntries,
662 IN PEXPLICIT_ACCESS_W pListofAuditEntries,
663 IN PSECURITY_DESCRIPTOR pOldSD,
664 IN OUT PDWORD lpdwBufferLength,
665 OUT PSECURITY_DESCRIPTOR pNewSD)
666 {
667 FIXME("(%p,%p,%ld,%p,%ld,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
668 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
669 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
670
671 return ERROR_CALL_NOT_IMPLEMENTED;
672 }
673
674 /******************************************************************************
675 * InitializeSecurityDescriptor [ADVAPI32.@]
676 *
677 * PARAMS
678 * pDescr []
679 * revision []
680 */
681 BOOL WINAPI
682 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision )
683 {
684 return set_ntstatus( RtlCreateSecurityDescriptor(pDescr, revision ));
685 }
686
687
688 /******************************************************************************
689 * MakeAbsoluteSD [ADVAPI32.@]
690 */
691 BOOL WINAPI MakeAbsoluteSD (
692 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
693 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
694 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
695 OUT PACL pDacl,
696 OUT LPDWORD lpdwDaclSize,
697 OUT PACL pSacl,
698 OUT LPDWORD lpdwSaclSize,
699 OUT PSID pOwner,
700 OUT LPDWORD lpdwOwnerSize,
701 OUT PSID pPrimaryGroup,
702 OUT LPDWORD lpdwPrimaryGroupSize)
703 {
704 return set_ntstatus( RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
705 pAbsoluteSecurityDescriptor,
706 lpdwAbsoluteSecurityDescriptorSize,
707 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize,
708 pOwner, lpdwOwnerSize,
709 pPrimaryGroup, lpdwPrimaryGroupSize));
710 }
711
712 /******************************************************************************
713 * GetKernelObjectSecurity [ADVAPI32.@]
714 */
715 BOOL WINAPI GetKernelObjectSecurity(
716 HANDLE Handle,
717 SECURITY_INFORMATION RequestedInformation,
718 PSECURITY_DESCRIPTOR pSecurityDescriptor,
719 DWORD nLength,
720 LPDWORD lpnLengthNeeded )
721 {
722 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", Handle, RequestedInformation,
723 pSecurityDescriptor, nLength, lpnLengthNeeded);
724
725 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
726 nLength, lpnLengthNeeded ));
727 }
728
729 /******************************************************************************
730 * GetPrivateObjectSecurity [ADVAPI32.@]
731 */
732 BOOL WINAPI GetPrivateObjectSecurity(
733 PSECURITY_DESCRIPTOR ObjectDescriptor,
734 SECURITY_INFORMATION SecurityInformation,
735 PSECURITY_DESCRIPTOR ResultantDescriptor,
736 DWORD DescriptorLength,
737 PDWORD ReturnLength )
738 {
739 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", ObjectDescriptor, SecurityInformation,
740 ResultantDescriptor, DescriptorLength, ReturnLength);
741
742 return set_ntstatus( NtQuerySecurityObject(ObjectDescriptor, SecurityInformation,
743 ResultantDescriptor, DescriptorLength, ReturnLength ));
744 }
745
746 /******************************************************************************
747 * GetSecurityDescriptorLength [ADVAPI32.@]
748 */
749 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr)
750 {
751 return RtlLengthSecurityDescriptor(pDescr);
752 }
753
754 /******************************************************************************
755 * GetSecurityDescriptorOwner [ADVAPI32.@]
756 *
757 * PARAMS
758 * pOwner []
759 * lpbOwnerDefaulted []
760 */
761 BOOL WINAPI
762 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner,
763 LPBOOL lpbOwnerDefaulted )
764 {
765 BOOLEAN defaulted;
766 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( pDescr, pOwner, &defaulted ));
767 *lpbOwnerDefaulted = defaulted;
768 return ret;
769 }
770
771 /******************************************************************************
772 * SetSecurityDescriptorOwner [ADVAPI32.@]
773 *
774 * PARAMS
775 */
776 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
777 PSID pOwner, BOOL bOwnerDefaulted)
778 {
779 return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
780 }
781 /******************************************************************************
782 * GetSecurityDescriptorGroup [ADVAPI32.@]
783 */
784 BOOL WINAPI GetSecurityDescriptorGroup(
785 PSECURITY_DESCRIPTOR SecurityDescriptor,
786 PSID *Group,
787 LPBOOL GroupDefaulted)
788 {
789 BOOLEAN defaulted;
790 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted ));
791 *GroupDefaulted = defaulted;
792 return ret;
793 }
794 /******************************************************************************
795 * SetSecurityDescriptorGroup [ADVAPI32.@]
796 */
797 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
798 PSID Group, BOOL GroupDefaulted)
799 {
800 return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
801 }
802
803 /******************************************************************************
804 * IsValidSecurityDescriptor [ADVAPI32.@]
805 *
806 * PARAMS
807 * lpsecdesc []
808 */
809 BOOL WINAPI
810 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
811 {
812 return set_ntstatus( RtlValidSecurityDescriptor(SecurityDescriptor));
813 }
814
815 /******************************************************************************
816 * GetSecurityDescriptorDacl [ADVAPI32.@]
817 */
818 BOOL WINAPI GetSecurityDescriptorDacl(
819 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
820 OUT LPBOOL lpbDaclPresent,
821 OUT PACL *pDacl,
822 OUT LPBOOL lpbDaclDefaulted)
823 {
824 BOOLEAN present, defaulted;
825 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted));
826 *lpbDaclPresent = present;
827 *lpbDaclDefaulted = defaulted;
828 return ret;
829 }
830
831 /******************************************************************************
832 * SetSecurityDescriptorDacl [ADVAPI32.@]
833 */
834 BOOL WINAPI
835 SetSecurityDescriptorDacl (
836 PSECURITY_DESCRIPTOR lpsd,
837 BOOL daclpresent,
838 PACL dacl,
839 BOOL dacldefaulted )
840 {
841 return set_ntstatus( RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ) );
842 }
843 /******************************************************************************
844 * GetSecurityDescriptorSacl [ADVAPI32.@]
845 */
846 BOOL WINAPI GetSecurityDescriptorSacl(
847 IN PSECURITY_DESCRIPTOR lpsd,
848 OUT LPBOOL lpbSaclPresent,
849 OUT PACL *pSacl,
850 OUT LPBOOL lpbSaclDefaulted)
851 {
852 BOOLEAN present, defaulted;
853 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor(lpsd, &present, pSacl, &defaulted) );
854 *lpbSaclPresent = present;
855 *lpbSaclDefaulted = defaulted;
856 return ret;
857 }
858
859 /**************************************************************************
860 * SetSecurityDescriptorSacl [ADVAPI32.@]
861 */
862 BOOL WINAPI SetSecurityDescriptorSacl (
863 PSECURITY_DESCRIPTOR lpsd,
864 BOOL saclpresent,
865 PACL lpsacl,
866 BOOL sacldefaulted)
867 {
868 return set_ntstatus (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
869 }
870 /******************************************************************************
871 * MakeSelfRelativeSD [ADVAPI32.@]
872 *
873 * PARAMS
874 * lpabssecdesc []
875 * lpselfsecdesc []
876 * lpbuflen []
877 */
878 BOOL WINAPI
879 MakeSelfRelativeSD(
880 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
881 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
882 IN OUT LPDWORD lpdwBufferLength)
883 {
884 return set_ntstatus( RtlMakeSelfRelativeSD( pAbsoluteSecurityDescriptor,
885 pSelfRelativeSecurityDescriptor, lpdwBufferLength));
886 }
887
888 /******************************************************************************
889 * GetSecurityDescriptorControl [ADVAPI32.@]
890 */
891
892 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
893 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
894 {
895 return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
896 }
897
898 /* ##############################
899 ###### ACL FUNCTIONS ######
900 ##############################
901 */
902
903 /*************************************************************************
904 * InitializeAcl [ADVAPI32.@]
905 */
906 BOOL WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
907 {
908 return set_ntstatus( RtlCreateAcl(acl, size, rev));
909 }
910
911 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
912 {
913 TRACE("(%p)\n", hNamedPipe);
914
915 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL, NULL,
916 FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
917 }
918
919 /******************************************************************************
920 * AddAccessAllowedAce [ADVAPI32.@]
921 */
922 BOOL WINAPI AddAccessAllowedAce(
923 IN OUT PACL pAcl,
924 IN DWORD dwAceRevision,
925 IN DWORD AccessMask,
926 IN PSID pSid)
927 {
928 return set_ntstatus(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
929 }
930
931 /******************************************************************************
932 * AddAccessAllowedAceEx [ADVAPI32.@]
933 */
934 BOOL WINAPI AddAccessAllowedAceEx(
935 IN OUT PACL pAcl,
936 IN DWORD dwAceRevision,
937 IN DWORD AceFlags,
938 IN DWORD AccessMask,
939 IN PSID pSid)
940 {
941 return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
942 }
943
944 /******************************************************************************
945 * AddAccessDeniedAce [ADVAPI32.@]
946 */
947 BOOL WINAPI AddAccessDeniedAce(
948 IN OUT PACL pAcl,
949 IN DWORD dwAceRevision,
950 IN DWORD AccessMask,
951 IN PSID pSid)
952 {
953 return set_ntstatus(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
954 }
955
956 /******************************************************************************
957 * AddAccessDeniedAceEx [ADVAPI32.@]
958 */
959 BOOL WINAPI AddAccessDeniedAceEx(
960 IN OUT PACL pAcl,
961 IN DWORD dwAceRevision,
962 IN DWORD AceFlags,
963 IN DWORD AccessMask,
964 IN PSID pSid)
965 {
966 return set_ntstatus(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
967 }
968
969 /******************************************************************************
970 * AddAce [ADVAPI32.@]
971 */
972 BOOL WINAPI AddAce(
973 IN OUT PACL pAcl,
974 IN DWORD dwAceRevision,
975 IN DWORD dwStartingAceIndex,
976 LPVOID pAceList,
977 DWORD nAceListLength)
978 {
979 return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
980 }
981
982 /******************************************************************************
983 * DeleteAce [ADVAPI32.@]
984 */
985 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
986 {
987 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
988 }
989
990 /******************************************************************************
991 * FindFirstFreeAce [ADVAPI32.@]
992 */
993 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
994 {
995 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
996 }
997
998 /******************************************************************************
999 * GetAce [ADVAPI32.@]
1000 */
1001 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1002 {
1003 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1004 }
1005
1006 /******************************************************************************
1007 * GetAclInformation [ADVAPI32.@]
1008 */
1009 BOOL WINAPI GetAclInformation(
1010 PACL pAcl,
1011 LPVOID pAclInformation,
1012 DWORD nAclInformationLength,
1013 ACL_INFORMATION_CLASS dwAclInformationClass)
1014 {
1015 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1016 nAclInformationLength, dwAclInformationClass));
1017 }
1018
1019 /******************************************************************************
1020 * IsValidAcl [ADVAPI32.@]
1021 */
1022 BOOL WINAPI IsValidAcl(IN PACL pAcl)
1023 {
1024 return RtlValidAcl(pAcl);
1025 }
1026
1027 /* ##############################
1028 ###### MISC FUNCTIONS ######
1029 ##############################
1030 */
1031
1032 /******************************************************************************
1033 * AllocateLocallyUniqueId [ADVAPI32.@]
1034 *
1035 * PARAMS
1036 * lpLuid []
1037 */
1038 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid )
1039 {
1040 return set_ntstatus(NtAllocateLocallyUniqueId(lpLuid));
1041 }
1042
1043 static const WCHAR SE_CREATE_TOKEN_NAME_W[] =
1044 { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1045 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] =
1046 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1047 static const WCHAR SE_LOCK_MEMORY_NAME_W[] =
1048 { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 };
1049 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] =
1050 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
1051 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] =
1052 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
1053 static const WCHAR SE_TCB_NAME_W[] =
1054 { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 };
1055 static const WCHAR SE_SECURITY_NAME_W[] =
1056 { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1057 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] =
1058 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
1059 static const WCHAR SE_LOAD_DRIVER_NAME_W[] =
1060 { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 };
1061 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] =
1062 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1063 static const WCHAR SE_SYSTEMTIME_NAME_W[] =
1064 { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 };
1065 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] =
1066 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
1067 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] =
1068 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1069 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] =
1070 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1071 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] =
1072 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1073 static const WCHAR SE_BACKUP_NAME_W[] =
1074 { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 };
1075 static const WCHAR SE_RESTORE_NAME_W[] =
1076 { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 };
1077 static const WCHAR SE_SHUTDOWN_NAME_W[] =
1078 { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1079 static const WCHAR SE_DEBUG_NAME_W[] =
1080 { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 };
1081 static const WCHAR SE_AUDIT_NAME_W[] =
1082 { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 };
1083 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] =
1084 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1085 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] =
1086 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
1087 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] =
1088 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1089 static const WCHAR SE_UNDOCK_NAME_W[] =
1090 { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 };
1091 static const WCHAR SE_SYNC_AGENT_NAME_W[] =
1092 { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1093 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] =
1094 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
1095 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] =
1096 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
1097 static const WCHAR SE_IMPERSONATE_NAME_W[] =
1098 { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 };
1099 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
1100 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
1101
1102 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
1103 {
1104 NULL,
1105 NULL,
1106 SE_CREATE_TOKEN_NAME_W,
1107 SE_ASSIGNPRIMARYTOKEN_NAME_W,
1108 SE_LOCK_MEMORY_NAME_W,
1109 SE_INCREASE_QUOTA_NAME_W,
1110 SE_MACHINE_ACCOUNT_NAME_W,
1111 SE_TCB_NAME_W,
1112 SE_SECURITY_NAME_W,
1113 SE_TAKE_OWNERSHIP_NAME_W,
1114 SE_LOAD_DRIVER_NAME_W,
1115 SE_SYSTEM_PROFILE_NAME_W,
1116 SE_SYSTEMTIME_NAME_W,
1117 SE_PROF_SINGLE_PROCESS_NAME_W,
1118 SE_INC_BASE_PRIORITY_NAME_W,
1119 SE_CREATE_PAGEFILE_NAME_W,
1120 SE_CREATE_PERMANENT_NAME_W,
1121 SE_BACKUP_NAME_W,
1122 SE_RESTORE_NAME_W,
1123 SE_SHUTDOWN_NAME_W,
1124 SE_DEBUG_NAME_W,
1125 SE_AUDIT_NAME_W,
1126 SE_SYSTEM_ENVIRONMENT_NAME_W,
1127 SE_CHANGE_NOTIFY_NAME_W,
1128 SE_REMOTE_SHUTDOWN_NAME_W,
1129 SE_UNDOCK_NAME_W,
1130 SE_SYNC_AGENT_NAME_W,
1131 SE_ENABLE_DELEGATION_NAME_W,
1132 SE_MANAGE_VOLUME_NAME_W,
1133 SE_IMPERSONATE_NAME_W,
1134 SE_CREATE_GLOBAL_NAME_W,
1135 };
1136
1137 /******************************************************************************
1138 * LookupPrivilegeValueW [ADVAPI32.@]
1139 *
1140 * See LookupPrivilegeValueA.
1141 */
1142 BOOL WINAPI
1143 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
1144 {
1145 UINT i;
1146
1147 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
1148
1149 if (!ADVAPI_IsLocalComputer(lpSystemName))
1150 {
1151 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1152 return FALSE;
1153 }
1154 if (!lpName)
1155 {
1156 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1157 return FALSE;
1158 }
1159 for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<SE_MAX_WELL_KNOWN_PRIVILEGE; i++ )
1160 {
1161 if( !WellKnownPrivNames[i] )
1162 continue;
1163 if( strcmpiW( WellKnownPrivNames[i], lpName) )
1164 continue;
1165 lpLuid->LowPart = i;
1166 lpLuid->HighPart = 0;
1167 TRACE( "%s -> %08lx-%08lx\n",debugstr_w( lpSystemName ),
1168 lpLuid->HighPart, lpLuid->LowPart );
1169 return TRUE;
1170 }
1171 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1172 return FALSE;
1173 }
1174
1175 /******************************************************************************
1176 * LookupPrivilegeValueA [ADVAPI32.@]
1177 *
1178 * Retrieves LUID used on a system to represent the privilege name.
1179 *
1180 * PARAMS
1181 * lpSystemName [I] Name of the system
1182 * lpName [I] Name of the privilege
1183 * lpLuid [O] Destination for the resulting LUID
1184 *
1185 * RETURNS
1186 * Success: TRUE. lpLuid contains the requested LUID.
1187 * Failure: FALSE.
1188 */
1189 BOOL WINAPI
1190 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
1191 {
1192 UNICODE_STRING lpSystemNameW;
1193 UNICODE_STRING lpNameW;
1194 BOOL ret;
1195
1196 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1197 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
1198 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
1199 RtlFreeUnicodeString(&lpNameW);
1200 RtlFreeUnicodeString(&lpSystemNameW);
1201 return ret;
1202 }
1203
1204 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName,
1205 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1206 {
1207 FIXME("%s %s %s %p %p - stub\n", debugstr_a(lpSystemName), debugstr_a(lpName),
1208 debugstr_a(lpDisplayName), cchDisplayName, lpLanguageId);
1209
1210 return FALSE;
1211 }
1212
1213 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName,
1214 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1215 {
1216 FIXME("%s %s %s %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpName),
1217 debugstr_w(lpDisplayName), cchDisplayName, lpLanguageId);
1218
1219 return FALSE;
1220 }
1221
1222 /******************************************************************************
1223 * LookupPrivilegeNameA [ADVAPI32.@]
1224 *
1225 * See LookupPrivilegeNameW.
1226 */
1227 BOOL WINAPI
1228 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName,
1229 LPDWORD cchName)
1230 {
1231 UNICODE_STRING lpSystemNameW;
1232 BOOL ret;
1233 DWORD wLen = 0;
1234
1235 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1236
1237 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1238 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1239 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1240 {
1241 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1242
1243 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1244 &wLen);
1245 if (ret)
1246 {
1247 /* Windows crashes if cchName is NULL, so will I */
1248 int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1249 *cchName, NULL, NULL);
1250
1251 if (len == 0)
1252 {
1253 /* WideCharToMultiByte failed */
1254 ret = FALSE;
1255 }
1256 else if (len > *cchName)
1257 {
1258 *cchName = len;
1259 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1260 ret = FALSE;
1261 }
1262 else
1263 {
1264 /* WideCharToMultiByte succeeded, output length needs to be
1265 * length not including NULL terminator
1266 */
1267 *cchName = len - 1;
1268 }
1269 }
1270 HeapFree(GetProcessHeap(), 0, lpNameW);
1271 }
1272 RtlFreeUnicodeString(&lpSystemNameW);
1273 return ret;
1274 }
1275
1276 /******************************************************************************
1277 * LookupPrivilegeNameW [ADVAPI32.@]
1278 *
1279 * Retrieves the privilege name referred to by the LUID lpLuid.
1280 *
1281 * PARAMS
1282 * lpSystemName [I] Name of the system
1283 * lpLuid [I] Privilege value
1284 * lpName [O] Name of the privilege
1285 * cchName [I/O] Number of characters in lpName.
1286 *
1287 * RETURNS
1288 * Success: TRUE. lpName contains the name of the privilege whose value is
1289 * *lpLuid.
1290 * Failure: FALSE.
1291 *
1292 * REMARKS
1293 * Only well-known privilege names (those defined in winnt.h) can be retrieved
1294 * using this function.
1295 * If the length of lpName is too small, on return *cchName will contain the
1296 * number of WCHARs needed to contain the privilege, including the NULL
1297 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
1298 * On success, *cchName will contain the number of characters stored in
1299 * lpName, NOT including the NULL terminator.
1300 */
1301 BOOL WINAPI
1302 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
1303 LPDWORD cchName)
1304 {
1305 size_t privNameLen;
1306
1307 TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
1308
1309 if (!ADVAPI_IsLocalComputer(lpSystemName))
1310 {
1311 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1312 return FALSE;
1313 }
1314 if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
1315 lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
1316 {
1317 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1318 return FALSE;
1319 }
1320 privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
1321 /* Windows crashes if cchName is NULL, so will I */
1322 if (*cchName <= privNameLen)
1323 {
1324 *cchName = privNameLen + 1;
1325 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1326 return FALSE;
1327 }
1328 else
1329 {
1330 strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
1331 *cchName = privNameLen;
1332 return TRUE;
1333 }
1334 }
1335
1336 /******************************************************************************
1337 * GetFileSecurityA [ADVAPI32.@]
1338 *
1339 * Obtains Specified information about the security of a file or directory.
1340 *
1341 * PARAMS
1342 * lpFileName [I] Name of the file to get info for
1343 * RequestedInformation [I] SE_ flags from "winnt.h"
1344 * pSecurityDescriptor [O] Destination for security information
1345 * nLength [I] Length of pSecurityDescriptor
1346 * lpnLengthNeeded [O] Destination for length of returned security information
1347 *
1348 * RETURNS
1349 * Success: TRUE. pSecurityDescriptor contains the requested information.
1350 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1351 *
1352 * NOTES
1353 * The information returned is constrained by the callers access rights and
1354 * privileges.
1355 */
1356 BOOL WINAPI
1357 GetFileSecurityA( LPCSTR lpFileName,
1358 SECURITY_INFORMATION RequestedInformation,
1359 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1360 DWORD nLength, LPDWORD lpnLengthNeeded )
1361 {
1362 DWORD len;
1363 BOOL r;
1364 LPWSTR name = NULL;
1365
1366 if( lpFileName )
1367 {
1368 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1369 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1370 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1371 }
1372
1373 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor,
1374 nLength, lpnLengthNeeded );
1375 HeapFree( GetProcessHeap(), 0, name );
1376
1377 return r;
1378 }
1379
1380 /******************************************************************************
1381 * GetFileSecurityW [ADVAPI32.@]
1382 *
1383 * See GetFileSecurityA.
1384 */
1385 BOOL WINAPI
1386 GetFileSecurityW( LPCWSTR lpFileName,
1387 SECURITY_INFORMATION RequestedInformation,
1388 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1389 DWORD nLength, LPDWORD lpnLengthNeeded )
1390 {
1391 DWORD nNeeded;
1392 LPBYTE pBuffer;
1393 DWORD iLocNow;
1394 SECURITY_DESCRIPTOR_RELATIVE *pSDRelative;
1395
1396 if(INVALID_FILE_ATTRIBUTES == GetFileAttributesW(lpFileName))
1397 return FALSE;
1398
1399 FIXME("(%s) : returns fake SECURITY_DESCRIPTOR\n", debugstr_w(lpFileName) );
1400
1401 nNeeded = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1402 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
1403 nNeeded += sizeof(sidWorld);
1404 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
1405 nNeeded += sizeof(sidWorld);
1406 if (RequestedInformation & DACL_SECURITY_INFORMATION)
1407 nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1408 if (RequestedInformation & SACL_SECURITY_INFORMATION)
1409 nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1410
1411 *lpnLengthNeeded = nNeeded;
1412
1413 if (nNeeded > nLength)
1414 return TRUE;
1415
1416 if (!InitializeSecurityDescriptor(pSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
1417 return FALSE;
1418
1419 pSDRelative = (PISECURITY_DESCRIPTOR_RELATIVE) pSecurityDescriptor;
1420 pSDRelative->Control |= SE_SELF_RELATIVE;
1421 pBuffer = (LPBYTE) pSDRelative;
1422 iLocNow = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1423
1424 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
1425 {
1426 memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
1427 pSDRelative->Owner = iLocNow;
1428 iLocNow += sizeof(sidWorld);
1429 }
1430 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
1431 {
1432 memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
1433 pSDRelative->Group = iLocNow;
1434 iLocNow += sizeof(sidWorld);
1435 }
1436 if (RequestedInformation & DACL_SECURITY_INFORMATION)
1437 {
1438 GetWorldAccessACL((PACL) (pBuffer + iLocNow));
1439 pSDRelative->Dacl = iLocNow;
1440 iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1441 }
1442 if (RequestedInformation & SACL_SECURITY_INFORMATION)
1443 {
1444 GetWorldAccessACL((PACL) (pBuffer + iLocNow));
1445 pSDRelative->Sacl = iLocNow;
1446 /* iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL; */
1447 }
1448 return TRUE;
1449 }
1450
1451
1452 /******************************************************************************
1453 * LookupAccountSidA [ADVAPI32.@]
1454 */
1455 BOOL WINAPI
1456 LookupAccountSidA(
1457 IN LPCSTR system,
1458 IN PSID sid,
1459 OUT LPSTR account,
1460 IN OUT LPDWORD accountSize,
1461 OUT LPSTR domain,
1462 IN OUT LPDWORD domainSize,
1463 OUT PSID_NAME_USE name_use )
1464 {
1465 static const char ac[] = "Administrator";
1466 static const char dm[] = "DOMAIN";
1467 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1468 debugstr_a(system),sid,
1469 account,accountSize,accountSize?*accountSize:0,
1470 domain,domainSize,domainSize?*domainSize:0,
1471 name_use);
1472
1473 if (accountSize) *accountSize = strlen(ac)+1;
1474 if (account && (*accountSize > strlen(ac)))
1475 strcpy(account, ac);
1476
1477 if (domainSize) *domainSize = strlen(dm)+1;
1478 if (domain && (*domainSize > strlen(dm)))
1479 strcpy(domain,dm);
1480
1481 if (name_use) *name_use = SidTypeUser;
1482 return TRUE;
1483 }
1484
1485 /******************************************************************************
1486 * LookupAccountSidW [ADVAPI32.@]
1487 *
1488 * PARAMS
1489 * system []
1490 * sid []
1491 * account []
1492 * accountSize []
1493 * domain []
1494 * domainSize []
1495 * name_use []
1496 */
1497 BOOL WINAPI
1498 LookupAccountSidW(
1499 IN LPCWSTR system,
1500 IN PSID sid,
1501 OUT LPWSTR account,
1502 IN OUT LPDWORD accountSize,
1503 OUT LPWSTR domain,
1504 IN OUT LPDWORD domainSize,
1505 OUT PSID_NAME_USE name_use )
1506 {
1507 static const WCHAR ac[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0};
1508 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
1509 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1510 debugstr_w(system),sid,
1511 account,accountSize,accountSize?*accountSize:0,
1512 domain,domainSize,domainSize?*domainSize:0,
1513 name_use);
1514
1515 if (accountSize) *accountSize = strlenW(ac)+1;
1516 if (account && (*accountSize > strlenW(ac)))
1517 strcpyW(account, ac);
1518
1519 if (domainSize) *domainSize = strlenW(dm)+1;
1520 if (domain && (*domainSize > strlenW(dm)))
1521 strcpyW(domain,dm);
1522
1523 if (name_use) *name_use = SidTypeUser;
1524 return TRUE;
1525 }
1526
1527 /******************************************************************************
1528 * SetFileSecurityA [ADVAPI32.@]
1529 *
1530 * See SetFileSecurityW.
1531 */
1532 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
1533 SECURITY_INFORMATION RequestedInformation,
1534 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1535 {
1536 DWORD len;
1537 BOOL r;
1538 LPWSTR name = NULL;
1539
1540 if( lpFileName )
1541 {
1542 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1543 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1544 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1545 }
1546
1547 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor );
1548 HeapFree( GetProcessHeap(), 0, name );
1549
1550 return r;
1551 }
1552
1553 /******************************************************************************
1554 * SetFileSecurityW [ADVAPI32.@]
1555 *
1556 * Sets the security of a file or directory.
1557 *
1558 * PARAMS
1559 * lpFileName []
1560 * RequestedInformation []
1561 * pSecurityDescriptor []
1562 *
1563 * RETURNS
1564 * Success: TRUE.
1565 * Failure: FALSE.
1566 */
1567 BOOL WINAPI
1568 SetFileSecurityW( LPCWSTR lpFileName,
1569 SECURITY_INFORMATION RequestedInformation,
1570 PSECURITY_DESCRIPTOR pSecurityDescriptor )
1571 {
1572 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1573 return TRUE;
1574 }
1575
1576 /******************************************************************************
1577 * QueryWindows31FilesMigration [ADVAPI32.@]
1578 *
1579 * PARAMS
1580 * x1 []
1581 */
1582 BOOL WINAPI
1583 QueryWindows31FilesMigration( DWORD x1 )
1584 {
1585 FIXME("(%ld):stub\n",x1);
1586 return TRUE;
1587 }
1588
1589 /******************************************************************************
1590 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1591 *
1592 * PARAMS
1593 * x1 []
1594 * x2 []
1595 * x3 []
1596 * x4 []
1597 */
1598 BOOL WINAPI
1599 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1600 DWORD x4 )
1601 {
1602 FIXME("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1,x2,x3,x4);
1603 return TRUE;
1604 }
1605
1606 /******************************************************************************
1607 * NotifyBootConfigStatus [ADVAPI32.@]
1608 *
1609 * PARAMS
1610 * x1 []
1611 */
1612 BOOL WINAPI
1613 NotifyBootConfigStatus( DWORD x1 )
1614 {
1615 FIXME("(0x%08lx):stub\n",x1);
1616 return 1;
1617 }
1618
1619 /******************************************************************************
1620 * RevertToSelf [ADVAPI32.@]
1621 *
1622 * Ends the impersonation of a user.
1623 *
1624 * PARAMS
1625 * void []
1626 *
1627 * RETURNS
1628 * Success: TRUE.
1629 * Failure: FALSE.
1630 */
1631 BOOL WINAPI
1632 RevertToSelf( void )
1633 {
1634 HANDLE Token = NULL;
1635 return set_ntstatus( NtSetInformationThread( GetCurrentThread(),
1636 ThreadImpersonationToken, &Token, sizeof(Token) ) );
1637 }
1638
1639 /******************************************************************************
1640 * ImpersonateSelf [ADVAPI32.@]
1641 *
1642 * Makes an impersonation token that represents the process user and assigns
1643 * to the current thread.
1644 *
1645 * PARAMS
1646 * ImpersonationLevel [I] Level at which to impersonate.
1647 *
1648 * RETURNS
1649 * Success: TRUE.
1650 * Failure: FALSE.
1651 */
1652 BOOL WINAPI
1653 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1654 {
1655 return set_ntstatus( RtlImpersonateSelf( ImpersonationLevel ) );
1656 }
1657
1658 /******************************************************************************
1659 * ImpersonateLoggedOnUser [ADVAPI32.@]
1660 */
1661 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
1662 {
1663 FIXME("(%p):stub returning FALSE\n", hToken);
1664 return FALSE;
1665 }
1666
1667 /******************************************************************************
1668 * AccessCheck [ADVAPI32.@]
1669 */
1670 BOOL WINAPI
1671 AccessCheck(
1672 PSECURITY_DESCRIPTOR SecurityDescriptor,
1673 HANDLE ClientToken,
1674 DWORD DesiredAccess,
1675 PGENERIC_MAPPING GenericMapping,
1676 PPRIVILEGE_SET PrivilegeSet,
1677 LPDWORD PrivilegeSetLength,
1678 LPDWORD GrantedAccess,
1679 LPBOOL AccessStatus)
1680 {
1681 NTSTATUS access_status;
1682 BOOL ret = set_ntstatus( NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
1683 GenericMapping, PrivilegeSet, PrivilegeSetLength,
1684 GrantedAccess, &access_status) );
1685 if (ret) *AccessStatus = set_ntstatus( access_status );
1686 return ret;
1687 }
1688
1689
1690 /******************************************************************************
1691 * AccessCheckByType [ADVAPI32.@]
1692 */
1693 BOOL WINAPI AccessCheckByType(
1694 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1695 PSID PrincipalSelfSid,
1696 HANDLE ClientToken,
1697 DWORD DesiredAccess,
1698 POBJECT_TYPE_LIST ObjectTypeList,
1699 DWORD ObjectTypeListLength,
1700 PGENERIC_MAPPING GenericMapping,
1701 PPRIVILEGE_SET PrivilegeSet,
1702 LPDWORD PrivilegeSetLength,
1703 LPDWORD GrantedAccess,
1704 LPBOOL AccessStatus)
1705 {
1706 FIXME("stub\n");
1707
1708 *AccessStatus = TRUE;
1709
1710 return !*AccessStatus;
1711 }
1712
1713 /******************************************************************************
1714 * MapGenericMask [ADVAPI32.@]
1715 *
1716 * Maps generic access rights into specific access rights according to the
1717 * supplied mapping.
1718 *
1719 * PARAMS
1720 * AccessMask [I/O] Access rights.
1721 * GenericMapping [I] The mapping between generic and specific rights.
1722 *
1723 * RETURNS
1724 * Nothing.
1725 */
1726 VOID WINAPI MapGenericMask( PDWORD AccessMask, PGENERIC_MAPPING GenericMapping )
1727 {
1728 RtlMapGenericMask( AccessMask, GenericMapping );
1729 }
1730
1731 /*************************************************************************
1732 * SetKernelObjectSecurity [ADVAPI32.@]
1733 */
1734 BOOL WINAPI SetKernelObjectSecurity (
1735 IN HANDLE Handle,
1736 IN SECURITY_INFORMATION SecurityInformation,
1737 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
1738 {
1739 return set_ntstatus (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
1740 }
1741
1742
1743 /******************************************************************************
1744 * AddAuditAccessAce [ADVAPI32.@]
1745 */
1746 BOOL WINAPI AddAuditAccessAce(
1747 IN OUT PACL pAcl,
1748 IN DWORD dwAceRevision,
1749 IN DWORD dwAccessMask,
1750 IN PSID pSid,
1751 IN BOOL bAuditSuccess,
1752 IN BOOL bAuditFailure)
1753 {
1754 return set_ntstatus( RtlAddAuditAccessAce(pAcl, dwAceRevision, dwAccessMask, pSid,
1755 bAuditSuccess, bAuditFailure) );
1756 }
1757
1758 /******************************************************************************
1759 * LookupAccountNameA [ADVAPI32.@]
1760 */
1761 BOOL WINAPI
1762 LookupAccountNameA(
1763 IN LPCSTR system,
1764 IN LPCSTR account,
1765 OUT PSID sid,
1766 OUT LPDWORD cbSid,
1767 LPSTR ReferencedDomainName,
1768 IN OUT LPDWORD cbReferencedDomainName,
1769 OUT PSID_NAME_USE name_use )
1770 {
1771 /* Default implementation: Always return a default SID */
1772 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
1773 BOOL ret;
1774 PSID pSid;
1775 static const char dm[] = "DOMAIN";
1776
1777 FIXME("(%s,%s,%p,%p,%p,%p,%p), stub.\n",system,account,sid,cbSid,ReferencedDomainName,cbReferencedDomainName,name_use);
1778
1779 ret = AllocateAndInitializeSid(&identifierAuthority,
1780 2,
1781 SECURITY_BUILTIN_DOMAIN_RID,
1782 DOMAIN_ALIAS_RID_ADMINS,
1783 0, 0, 0, 0, 0, 0,
1784 &pSid);
1785
1786 if (!ret)
1787 return FALSE;
1788 if(!RtlValidSid(pSid))
1789 {
1790 FreeSid(pSid);
1791 return FALSE;
1792 }
1793
1794 if (sid != NULL && (*cbSid >= GetLengthSid(pSid)))
1795 CopySid(*cbSid, sid, pSid);
1796 if (*cbSid < GetLengthSid(pSid))
1797 {
1798 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1799 ret = FALSE;
1800 }
1801 *cbSid = GetLengthSid(pSid);
1802
1803 if (ReferencedDomainName != NULL && (*cbReferencedDomainName > strlen(dm)))
1804 strcpy(ReferencedDomainName, dm);
1805 if (*cbReferencedDomainName <= strlen(dm))
1806 {
1807 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1808 ret = FALSE;
1809 }
1810 *cbReferencedDomainName = strlen(dm)+1;
1811
1812 FreeSid(pSid);
1813
1814 return ret;
1815 }
1816
1817 /******************************************************************************
1818 * LookupAccountNameW [ADVAPI32.@]
1819 */
1820 BOOL WINAPI LookupAccountNameW( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid,
1821 LPDWORD cbSid, LPWSTR ReferencedDomainName,
1822 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
1823 {
1824 FIXME("%s %s %p %p %p %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpAccountName),
1825 Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse);
1826
1827 return FALSE;
1828 }
1829
1830 /******************************************************************************
1831 * PrivilegeCheck [ADVAPI32.@]
1832 */
1833 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
1834 {
1835 BOOL ret;
1836 BOOLEAN Result;
1837
1838 TRACE("%p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
1839
1840 ret = set_ntstatus (NtPrivilegeCheck (ClientToken, RequiredPrivileges, &Result));
1841 if (ret)
1842 *pfResult = Result;
1843 return ret;
1844 }
1845
1846 /******************************************************************************
1847 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
1848 */
1849 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
1850 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1851 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1852 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1853 {
1854 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
1855 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
1856 SecurityDescriptor, DesiredAccess, GenericMapping,
1857 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1858 return TRUE;
1859 }
1860
1861 /******************************************************************************
1862 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
1863 */
1864 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
1865 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1866 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1867 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1868 {
1869 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
1870 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
1871 SecurityDescriptor, DesiredAccess, GenericMapping,
1872 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1873 return TRUE;
1874 }
1875
1876 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
1877 {
1878 FIXME("stub (%s,%p,%x)\n", debugstr_a(SubsystemName), HandleId, GenerateOnClose);
1879
1880 return TRUE;
1881 }
1882
1883 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
1884 {
1885 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
1886
1887 return TRUE;
1888 }
1889
1890 BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName,
1891 LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
1892 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
1893 LPBOOL GenerateOnClose)
1894 {
1895 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_a(SubsystemName),
1896 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), pSecurityDescriptor,
1897 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
1898 GenerateOnClose);
1899
1900 return TRUE;
1901 }
1902
1903 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName,
1904 LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
1905 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
1906 LPBOOL GenerateOnClose)
1907 {
1908 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_w(SubsystemName),
1909 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), pSecurityDescriptor,
1910 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
1911 GenerateOnClose);
1912
1913 return TRUE;
1914 }
1915
1916 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
1917 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1918 {
1919 FIXME("stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_a(SubsystemName), HandleId, ClientToken,
1920 DesiredAccess, Privileges, AccessGranted);
1921
1922 return TRUE;
1923 }
1924
1925 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
1926 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1927 {
1928 FIXME("stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_w(SubsystemName), HandleId, ClientToken,
1929 DesiredAccess, Privileges, AccessGranted);
1930
1931 return TRUE;
1932 }
1933
1934 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken,
1935 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1936 {
1937 FIXME("stub (%s,%s,%p,%p,%x)\n", debugstr_a(SubsystemName), debugstr_a(ServiceName),
1938 ClientToken, Privileges, AccessGranted);
1939
1940 return TRUE;
1941 }
1942
1943 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken,
1944 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1945 {
1946 FIXME("stub %s,%s,%p,%p,%x)\n", debugstr_w(SubsystemName), debugstr_w(ServiceName),
1947 ClientToken, Privileges, AccessGranted);
1948
1949 return TRUE;
1950 }
1951
1952 /******************************************************************************
1953 * GetSecurityInfo [ADVAPI32.@]
1954 */
1955 DWORD WINAPI GetSecurityInfo(
1956 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1957 SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner,
1958 PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl,
1959 PSECURITY_DESCRIPTOR *ppSecurityDescriptor
1960 )
1961 {
1962 FIXME("stub!\n");
1963 return ERROR_BAD_PROVIDER;
1964 }
1965
1966 /******************************************************************************
1967 * GetSecurityInfoExW [ADVAPI32.@]
1968 */
1969 DWORD WINAPI GetSecurityInfoExW(
1970 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1971 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
1972 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
1973 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
1974 )
1975 {
1976 FIXME("stub!\n");
1977 return ERROR_BAD_PROVIDER;
1978 }
1979
1980 /******************************************************************************
1981 * BuildExplicitAccessWithNameA [ADVAPI32.@]
1982 */
1983 VOID WINAPI BuildExplicitAccessWithNameA( PEXPLICIT_ACCESSA pExplicitAccess,
1984 LPSTR pTrusteeName, DWORD AccessPermissions,
1985 ACCESS_MODE AccessMode, DWORD Inheritance )
1986 {
1987 TRACE("%p %s 0x%08lx 0x%08x 0x%08lx\n", pExplicitAccess, debugstr_a(pTrusteeName),
1988 AccessPermissions, AccessMode, Inheritance);
1989
1990 pExplicitAccess->grfAccessPermissions = AccessPermissions;
1991 pExplicitAccess->grfAccessMode = AccessMode;
1992 pExplicitAccess->grfInheritance = Inheritance;
1993
1994 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
1995 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1996 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
1997 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
1998 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
1999 }
2000
2001 /******************************************************************************
2002 * BuildExplicitAccessWithNameW [ADVAPI32.@]
2003 */
2004 VOID WINAPI BuildExplicitAccessWithNameW( PEXPLICIT_ACCESSW pExplicitAccess,
2005 LPWSTR pTrusteeName, DWORD AccessPermissions,
2006 ACCESS_MODE AccessMode, DWORD Inheritance )
2007 {
2008 TRACE("%p %s 0x%08lx 0x%08x 0x%08lx\n", pExplicitAccess, debugstr_w(pTrusteeName),
2009 AccessPermissions, AccessMode, Inheritance);
2010
2011 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2012 pExplicitAccess->grfAccessMode = AccessMode;
2013 pExplicitAccess->grfInheritance = Inheritance;
2014
2015 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2016 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2017 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2018 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2019 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2020 }
2021
2022 /******************************************************************************
2023 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
2024 */
2025 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
2026 SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
2027 LPSTR InheritedObjectTypeName, LPSTR Name )
2028 {
2029 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2030 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
2031
2032 pTrustee->pMultipleTrustee = NULL;
2033 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2034 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2035 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2036 pTrustee->ptstrName = Name;
2037 }
2038
2039 /******************************************************************************
2040 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
2041 */
2042 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
2043 SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
2044 LPWSTR InheritedObjectTypeName, LPWSTR Name )
2045 {
2046 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2047 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
2048
2049 pTrustee->pMultipleTrustee = NULL;
2050 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2051 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2052 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2053 pTrustee->ptstrName = Name;
2054 }
2055
2056 VOID WINAPI BuildTrusteeWithObjectsAndSidA( PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid,
2057 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2058 {
2059 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2060
2061 pTrustee->pMultipleTrustee = NULL;
2062 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2063 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2064 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2065 pTrustee->ptstrName = (LPSTR) pSid;
2066 }
2067
2068 VOID WINAPI BuildTrusteeWithObjectsAndSidW( PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid,
2069 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2070 {
2071 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2072
2073 pTrustee->pMultipleTrustee = NULL;
2074 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2075 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2076 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2077 pTrustee->ptstrName = (LPWSTR) pSid;
2078 }
2079
2080 /******************************************************************************
2081 * BuildTrusteeWithSidA [ADVAPI32.@]
2082 */
2083 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
2084 {
2085 TRACE("%p %p\n", pTrustee, pSid);
2086
2087 pTrustee->pMultipleTrustee = NULL;
2088 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2089 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2090 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2091 pTrustee->ptstrName = (LPSTR) pSid;
2092 }
2093
2094 /******************************************************************************
2095 * BuildTrusteeWithSidW [ADVAPI32.@]
2096 */
2097 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
2098 {
2099 TRACE("%p %p\n", pTrustee, pSid);
2100
2101 pTrustee->pMultipleTrustee = NULL;
2102 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2103 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2104 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2105 pTrustee->ptstrName = (LPWSTR) pSid;
2106 }
2107
2108 /******************************************************************************
2109 * BuildTrusteeWithNameA [ADVAPI32.@]
2110 */
2111 VOID WINAPI BuildTrusteeWithNameA(PTRUSTEEA pTrustee, LPSTR name)
2112 {
2113 TRACE("%p %s\n", pTrustee, debugstr_a(name) );
2114
2115 pTrustee->pMultipleTrustee = NULL;
2116 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2117 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2118 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2119 pTrustee->ptstrName = name;
2120 }
2121
2122 /******************************************************************************
2123 * BuildTrusteeWithNameW [ADVAPI32.@]
2124 */
2125 VOID WINAPI BuildTrusteeWithNameW(PTRUSTEEW pTrustee, LPWSTR name)
2126 {
2127 TRACE("%p %s\n", pTrustee, debugstr_w(name) );
2128
2129 pTrustee->pMultipleTrustee = NULL;
2130 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2131 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2132 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2133 pTrustee->ptstrName = name;
2134 }
2135
2136 /******************************************************************************
2137 * GetTrusteeFormA [ADVAPI32.@]
2138 */
2139 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
2140 {
2141 TRACE("(%p)\n", pTrustee);
2142
2143 if (!pTrustee)
2144 return TRUSTEE_BAD_FORM;
2145
2146 return pTrustee->TrusteeForm;
2147 }
2148
2149 /******************************************************************************
2150 * GetTrusteeFormW [ADVAPI32.@]
2151 */
2152 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
2153 {
2154 TRACE("(%p)\n", pTrustee);
2155
2156 if (!pTrustee)
2157 return TRUSTEE_BAD_FORM;
2158
2159 return pTrustee->TrusteeForm;
2160 }
2161
2162 /******************************************************************************
2163 * GetTrusteeNameA [ADVAPI32.@]
2164 */
2165 LPSTR WINAPI GetTrusteeNameA(PTRUSTEEA pTrustee)
2166 {
2167 TRACE("(%p)\n", pTrustee);
2168
2169 if (!pTrustee)
2170 return NULL;
2171
2172 return pTrustee->ptstrName;
2173 }
2174
2175 /******************************************************************************
2176 * GetTrusteeNameW [ADVAPI32.@]
2177 */
2178 LPWSTR WINAPI GetTrusteeNameW(PTRUSTEEW pTrustee)
2179 {
2180 TRACE("(%p)\n", pTrustee);
2181
2182 if (!pTrustee)
2183 return NULL;
2184
2185 return pTrustee->ptstrName;
2186 }
2187
2188 /******************************************************************************
2189 * GetTrusteeTypeA [ADVAPI32.@]
2190 */
2191 TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEEA pTrustee)
2192 {
2193 TRACE("(%p)\n", pTrustee);
2194
2195 if (!pTrustee)
2196 return TRUSTEE_IS_UNKNOWN;
2197
2198 return pTrustee->TrusteeType;
2199 }
2200
2201 /******************************************************************************
2202 * GetTrusteeTypeW [ADVAPI32.@]
2203 */
2204 TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEEW pTrustee)
2205 {
2206 TRACE("(%p)\n", pTrustee);
2207
2208 if (!pTrustee)
2209 return TRUSTEE_IS_UNKNOWN;
2210
2211 return pTrustee->TrusteeType;
2212 }
2213
2214 BOOL WINAPI SetAclInformation( PACL pAcl, LPVOID pAclInformation,
2215 DWORD nAclInformationLength,
2216 ACL_INFORMATION_CLASS dwAclInformationClass )
2217 {
2218 FIXME("%p %p 0x%08lx 0x%08x - stub\n", pAcl, pAclInformation,
2219 nAclInformationLength, dwAclInformationClass);
2220
2221 return TRUE;
2222 }
2223
2224 /******************************************************************************
2225 * SetEntriesInAclA [ADVAPI32.@]
2226 */
2227 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
2228 PACL OldAcl, PACL* NewAcl )
2229 {
2230 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
2231 return ERROR_CALL_NOT_IMPLEMENTED;
2232 }
2233
2234 /******************************************************************************
2235 * SetEntriesInAclW [ADVAPI32.@]
2236 */
2237 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
2238 PACL OldAcl, PACL* NewAcl )
2239 {
2240 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
2241 return ERROR_CALL_NOT_IMPLEMENTED;
2242 }
2243
2244 /******************************************************************************
2245 * SetNamedSecurityInfoA [ADVAPI32.@]
2246 */
2247 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
2248 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2249 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
2250 {
2251 DWORD len;
2252 LPWSTR wstr = NULL;
2253 DWORD r;
2254
2255 TRACE("%s %d %ld %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
2256 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
2257
2258 if( pObjectName )
2259 {
2260 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
2261 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
2262 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
2263 }
2264
2265 r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner,
2266 psidGroup, pDacl, pSacl );
2267
2268 HeapFree( GetProcessHeap(), 0, wstr );
2269
2270 return r;
2271 }
2272
2273 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION SecurityInformation,
2274 PSECURITY_DESCRIPTOR ModificationDescriptor,
2275 PSECURITY_DESCRIPTOR* ObjectsSecurityDescriptor,
2276 PGENERIC_MAPPING GenericMapping,
2277 HANDLE Token )
2278 {
2279 FIXME("0x%08lx %p %p %p %p - stub\n", SecurityInformation, ModificationDescriptor,
2280 ObjectsSecurityDescriptor, GenericMapping, Token);
2281
2282 return TRUE;
2283 }
2284
2285 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor,
2286 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
2287 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet )
2288 {
2289 FIXME("%p 0x%08x 0x%08x - stub\n", pSecurityDescriptor, ControlBitsOfInterest,
2290 ControlBitsToSet);
2291
2292 return TRUE;
2293 }
2294
2295 BOOL WINAPI AreAllAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
2296 {
2297 return RtlAreAllAccessesGranted( GrantedAccess, DesiredAccess );
2298 }
2299
2300 /******************************************************************************
2301 * AreAnyAccessesGranted [ADVAPI32.@]
2302 *
2303 * Determines whether or not any of a set of specified access permissions have
2304 * been granted or not.
2305 *
2306 * PARAMS
2307 * GrantedAccess [I] The permissions that have been granted.
2308 * DesiredAccess [I] The permissions that you want to have.
2309 *
2310 * RETURNS
2311 * Nonzero if any of the permissions have been granted, zero if none of the
2312 * permissions have been granted.
2313 */
2314
2315 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
2316 {
2317 return RtlAreAnyAccessesGranted( GrantedAccess, DesiredAccess );
2318 }
2319
2320 /******************************************************************************
2321 * SetNamedSecurityInfoW [ADVAPI32.@]
2322 */
2323 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
2324 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2325 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
2326 {
2327 FIXME("%s %d %ld %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
2328 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
2329 return ERROR_SUCCESS;
2330 }
2331
2332 /******************************************************************************
2333 * GetExplicitEntriesFromAclA [ADVAPI32.@]
2334 */
2335 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
2336 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
2337 {
2338 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
2339 return ERROR_CALL_NOT_IMPLEMENTED;
2340 }
2341
2342 /******************************************************************************
2343 * GetExplicitEntriesFromAclW [ADVAPI32.@]
2344 */
2345 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
2346 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
2347 {
2348 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
2349 return ERROR_CALL_NOT_IMPLEMENTED;
2350 }
2351
2352
2353 /******************************************************************************
2354 * ParseAclStringFlags
2355 */
2356 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
2357 {
2358 DWORD flags = 0;
2359 LPCWSTR szAcl = *StringAcl;
2360
2361 while (*szAcl != '(')
2362 {
2363 if (*szAcl == 'P')
2364 {
2365 flags |= SE_DACL_PROTECTED;
2366 }
2367 else if (*szAcl == 'A')
2368 {
2369 szAcl++;
2370 if (*szAcl == 'R')
2371 flags |= SE_DACL_AUTO_INHERIT_REQ;
2372 else if (*szAcl == 'I')
2373 flags |= SE_DACL_AUTO_INHERITED;
2374 }
2375 szAcl++;
2376 }
2377
2378 *StringAcl = szAcl;
2379 return flags;
2380 }
2381
2382 /******************************************************************************
2383 * ParseAceStringType
2384 */
2385 ACEFLAG AceType[] =
2386 {
2387 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
2388 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
2389 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
2390 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
2391 /*
2392 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
2393 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
2394 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
2395 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
2396 */
2397 { NULL, 0 },
2398 };
2399
2400 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
2401 {
2402 UINT len = 0;
2403 LPCWSTR szAcl = *StringAcl;
2404 LPACEFLAG lpaf = AceType;
2405
2406 while (lpaf->wstr &&
2407 (len = strlenW(lpaf->wstr)) &&
2408 strncmpW(lpaf->wstr, szAcl, len))
2409 lpaf++;
2410
2411 if (!lpaf->wstr)
2412 return 0;
2413
2414 *StringAcl += len;
2415 return lpaf->value;
2416 }
2417
2418
2419 /******************************************************************************
2420 * ParseAceStringFlags
2421 */
2422 ACEFLAG AceFlags[] =
2423 {
2424 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
2425 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
2426 { SDDL_INHERITED, INHERITED_ACE },
2427 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
2428 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
2429 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
2430 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
2431 { NULL, 0 },
2432 };
2433
2434 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
2435 {
2436 UINT len = 0;
2437 BYTE flags = 0;
2438 LPCWSTR szAcl = *StringAcl;
2439
2440 while (*szAcl != ';')
2441 {
2442 LPACEFLAG lpaf = AceFlags;
2443
2444 while (lpaf->wstr &&
2445 (len = strlenW(lpaf->wstr)) &&
2446 strncmpW(lpaf->wstr, szAcl, len))
2447 lpaf++;
2448
2449 if (!lpaf->wstr)
2450 return 0;
2451
2452 flags |= lpaf->value;
2453 szAcl += len;
2454 }
2455
2456 *StringAcl = szAcl;
2457 return flags;
2458 }
2459
2460
2461 /******************************************************************************
2462 * ParseAceStringRights
2463 */
2464 ACEFLAG AceRights[] =
2465 {
2466 { SDDL_GENERIC_ALL, GENERIC_ALL },
2467 { SDDL_GENERIC_READ, GENERIC_READ },
2468 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
2469 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
2470 { SDDL_READ_CONTROL, READ_CONTROL },
2471 { SDDL_STANDARD_DELETE, DELETE },
2472 { SDDL_WRITE_DAC, WRITE_DAC },
2473 { SDDL_WRITE_OWNER, WRITE_OWNER },
2474 { NULL, 0 },
2475 };
2476
2477 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
2478 {
2479 UINT len = 0;
2480 DWORD rights = 0;
2481 LPCWSTR szAcl = *StringAcl;
2482
2483 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2484 {
2485 LPCWSTR p = szAcl;
2486
2487 while (*p && *p != ';')
2488 p++;
2489
2490 if (p - szAcl <= 8)
2491 {
2492 rights = strtoulW(szAcl, NULL, 16);
2493 *StringAcl = p;
2494 }
2495 else
2496 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2497 }
2498 else
2499 {
2500 while (*szAcl != ';')
2501 {
2502 LPACEFLAG lpaf = AceRights;
2503
2504 while (lpaf->wstr &&
2505 (len = strlenW(lpaf->wstr)) &&
2506 strncmpW(lpaf->wstr, szAcl, len))
2507 {
2508 lpaf++;
2509 }
2510
2511 if (!lpaf->wstr)
2512 return 0;
2513
2514 rights |= lpaf->value;
2515 szAcl += len;
2516 }
2517 }
2518
2519 *StringAcl = szAcl;
2520 return rights;
2521 }
2522
2523
2524 /******************************************************************************
2525 * ParseStringAclToAcl
2526 *
2527 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
2528 */
2529 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
2530 PACL pAcl, LPDWORD cBytes)
2531 {
2532 DWORD val;
2533 DWORD sidlen;
2534 DWORD length = sizeof(ACL);
2535 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
2536
2537 TRACE("%s\n", debugstr_w(StringAcl));
2538
2539 if (!StringAcl)
2540 return FALSE;
2541
2542 if (pAcl) /* pAce is only useful if we're setting values */
2543 pAce = (PACCESS_ALLOWED_ACE) ((LPBYTE)pAcl + sizeof(PACL));
2544
2545 /* Parse ACL flags */
2546 *lpdwFlags = ParseAclStringFlags(&StringAcl);
2547
2548 /* Parse ACE */
2549 while (*StringAcl == '(')
2550 {
2551 StringAcl++;
2552
2553 /* Parse ACE type */
2554 val = ParseAceStringType(&StringAcl);
2555 if (pAce)
2556 pAce->Header.AceType = (BYTE) val;
2557 if (*StringAcl != ';')
2558 goto lerr;
2559 StringAcl++;
2560
2561 /* Parse ACE flags */
2562 val = ParseAceStringFlags(&StringAcl);
2563 if (pAce)
2564 pAce->Header.AceFlags = (BYTE) val;
2565 if (*StringAcl != ';')
2566 goto lerr;
2567 StringAcl++;
2568
2569 /* Parse ACE rights */
2570 val = ParseAceStringRights(&StringAcl);
2571 if (pAce)
2572 pAce->Mask = val;
2573 if (*StringAcl != ';')
2574 goto lerr;
2575 StringAcl++;
2576
2577 /* Parse ACE object guid */
2578 if (*StringAcl != ';')
2579 {
2580 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2581 goto lerr;
2582 }
2583 StringAcl++;
2584
2585 /* Parse ACE inherit object guid */
2586 if (*StringAcl != ';')
2587 {
2588 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2589 goto lerr;
2590 }
2591 StringAcl++;
2592
2593 /* Parse ACE account sid */
2594 if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
2595 {
2596 while (*StringAcl && *StringAcl != ')')
2597 StringAcl++;
2598 }
2599
2600 if (*StringAcl != ')')
2601 goto lerr;
2602 StringAcl++;
2603
2604 length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
2605 }
2606
2607 *cBytes = length;
2608 return TRUE;
2609
2610 lerr:
2611 WARN("Invalid ACE string format\n");
2612 return FALSE;
2613 }
2614
2615
2616 /******************************************************************************
2617 * ParseStringSecurityDescriptorToSecurityDescriptor
2618 */
2619 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
2620 LPCWSTR StringSecurityDescriptor,
2621 SECURITY_DESCRIPTOR* SecurityDescriptor,
2622 LPDWORD cBytes)
2623 {
2624 BOOL bret = FALSE;
2625 WCHAR toktype;
2626 WCHAR tok[MAX_PATH];
2627 LPCWSTR lptoken;
2628 LPBYTE lpNext = NULL;
2629 DWORD len;
2630
2631 *cBytes = 0;
2632
2633 if (SecurityDescriptor)
2634 lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
2635
2636 while (*StringSecurityDescriptor)
2637 {
2638 toktype = *StringSecurityDescriptor;
2639
2640 /* Expect char identifier followed by ':' */
2641 StringSecurityDescriptor++;
2642 if (*StringSecurityDescriptor != ':')
2643 {
2644 SetLastError(ERROR_INVALID_PARAMETER);
2645 goto lend;
2646 }
2647 StringSecurityDescriptor++;
2648
2649 /* Extract token */
2650 lptoken = StringSecurityDescriptor;
2651 while (*lptoken && *lptoken != ':')
2652 lptoken++;
2653
2654 if (*lptoken)
2655 lptoken--;
2656
2657 len = lptoken - StringSecurityDescriptor;
2658 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
2659 tok[len] = 0;
2660
2661 switch (toktype)
2662 {
2663 case 'O':
2664 {
2665 DWORD bytes;
2666
2667 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
2668 goto lend;
2669
2670 if (SecurityDescriptor)
2671 {
2672 SecurityDescriptor->Owner = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
2673 lpNext += bytes; /* Advance to next token */
2674 }
2675
2676 *cBytes += bytes;
2677
2678 break;
2679 }
2680
2681 case 'G':
2682 {
2683 DWORD bytes;
2684
2685 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
2686 goto lend;
2687
2688 if (SecurityDescriptor)
2689 {
2690 SecurityDescriptor->Group = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
2691 lpNext += bytes; /* Advance to next token */
2692 }
2693
2694 *cBytes += bytes;
2695
2696 break;
2697 }
2698
2699 case 'D':
2700 {
2701 DWORD flags;
2702 DWORD bytes;
2703
2704 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2705 goto lend;
2706
2707 if (SecurityDescriptor)
2708 {
2709 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
2710 SecurityDescriptor->Dacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
2711 lpNext += bytes; /* Advance to next token */
2712 }
2713
2714 *cBytes += bytes;
2715
2716 break;
2717 }
2718
2719 case 'S':
2720 {
2721 DWORD flags;
2722 DWORD bytes;
2723
2724 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2725 goto lend;
2726
2727 if (SecurityDescriptor)
2728 {
2729 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
2730 SecurityDescriptor->Sacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
2731 lpNext += bytes; /* Advance to next token */
2732 }
2733
2734 *cBytes += bytes;
2735
2736 break;
2737 }
2738
2739 default:
2740 FIXME("Unknown token\n");
2741 SetLastError(ERROR_INVALID_PARAMETER);
2742 goto lend;
2743 }
2744
2745 StringSecurityDescriptor = lptoken;
2746 }
2747
2748 bret = TRUE;
2749
2750 lend:
2751 return bret;
2752 }
2753
2754 /******************************************************************************
2755 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
2756 */
2757 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(
2758 LPCSTR StringSecurityDescriptor,
2759 DWORD StringSDRevision,
2760 PSECURITY_DESCRIPTOR* SecurityDescriptor,
2761 PULONG SecurityDescriptorSize)
2762 {
2763 UINT len;
2764 BOOL ret = FALSE;
2765 LPWSTR StringSecurityDescriptorW;
2766
2767 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
2768 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
2769
2770 if (StringSecurityDescriptorW)
2771 {
2772 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
2773
2774 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
2775 StringSDRevision, SecurityDescriptor,
2776 SecurityDescriptorSize);
2777 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
2778 }
2779
2780 return ret;
2781 }
2782
2783 /******************************************************************************
2784 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2785 */
2786 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
2787 LPCWSTR StringSecurityDescriptor,
2788 DWORD StringSDRevision,
2789 PSECURITY_DESCRIPTOR* SecurityDescriptor,
2790 PULONG SecurityDescriptorSize)
2791 {
2792 DWORD cBytes;
2793 SECURITY_DESCRIPTOR* psd;
2794 BOOL bret = FALSE;
2795
2796 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2797
2798 if (GetVersion() & 0x80000000)
2799 {
2800 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2801 goto lend;
2802 }
2803 else if (StringSDRevision != SID_REVISION)
2804 {
2805 SetLastError(ERROR_UNKNOWN_REVISION);
2806 goto lend;
2807 }
2808
2809 /* Compute security descriptor length */
2810 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2811 NULL, &cBytes))
2812 goto lend;
2813
2814 psd = *SecurityDescriptor = (SECURITY_DESCRIPTOR*) LocalAlloc(
2815 GMEM_ZEROINIT, cBytes);
2816
2817 psd->Revision = SID_REVISION;
2818 psd->Control |= SE_SELF_RELATIVE;
2819
2820 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2821 psd, &cBytes))
2822 {
2823 LocalFree(psd);
2824 goto lend;
2825 }
2826
2827 if (SecurityDescriptorSize)
2828 *SecurityDescriptorSize = cBytes;
2829
2830 bret = TRUE;
2831
2832 lend:
2833 TRACE(" ret=%d\n", bret);
2834 return bret;
2835 }
2836
2837 /******************************************************************************
2838 * ConvertStringSidToSidW [ADVAPI32.@]
2839 */
2840 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
2841 {
2842 BOOL bret = FALSE;
2843 DWORD cBytes;
2844
2845 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
2846 if (GetVersion() & 0x80000000)
2847 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2848 else if (!StringSid || !Sid)
2849 SetLastError(ERROR_INVALID_PARAMETER);
2850 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
2851 {
2852 PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
2853
2854 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
2855 if (!bret)
2856 LocalFree(*Sid);
2857 }
2858 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2859 return bret;
2860 }
2861
2862 /******************************************************************************
2863 * ConvertStringSidToSidA [ADVAPI32.@]
2864 */
2865 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
2866 {
2867 BOOL bret = FALSE;
2868
2869 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
2870 if (GetVersion() & 0x80000000)
2871 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2872 else if (!StringSid || !Sid)
2873 SetLastError(ERROR_INVALID_PARAMETER);
2874 else
2875 {
2876 UINT len = MultiByteToWideChar(CP_ACP, 0, StringSid, -1, NULL, 0);
2877 LPWSTR wStringSid = HeapAlloc(GetProcessHeap(), 0,
2878 len * sizeof(WCHAR));
2879
2880 MultiByteToWideChar(CP_ACP, 0, StringSid, -1, wStringSid, len);
2881 bret = ConvertStringSidToSidW(wStringSid, Sid);
2882 HeapFree(GetProcessHeap(), 0, wStringSid);
2883 }
2884 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2885 return bret;
2886 }
2887
2888 /******************************************************************************
2889 * ConvertSidToStringSidW [ADVAPI32.@]
2890 *
2891 * format of SID string is:
2892 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
2893 * where
2894 * <rev> is the revision of the SID encoded as decimal
2895 * <auth> is the identifier authority encoded as hex
2896 * <subauthN> is the subauthority id encoded as decimal
2897 */
2898 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr )
2899 {
2900 DWORD sz, i;
2901 LPWSTR str;
2902 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
2903 WCHAR subauthfmt[] = { '-','%','u',0 };
2904 SID* pisid=pSid;
2905
2906 TRACE("%p %p\n", pSid, pstr );
2907
2908 if( !IsValidSid( pSid ) )
2909 return FALSE;
2910
2911 if (pisid->Revision != SDDL_REVISION)
2912 return FALSE;
2913 if (pisid->IdentifierAuthority.Value[0] ||
2914 pisid->IdentifierAuthority.Value[1])
2915 {
2916 FIXME("not matching MS' bugs\n");
2917 return FALSE;
2918 }
2919
2920 sz = 14 + pisid->SubAuthorityCount * 11;
2921 str = LocalAlloc( 0, sz*sizeof(WCHAR) );
2922 sprintfW( str, fmt, pisid->Revision, MAKELONG(
2923 MAKEWORD( pisid->IdentifierAuthority.Value[5],
2924 pisid->IdentifierAuthority.Value[4] ),
2925 MAKEWORD( pisid->IdentifierAuthority.Value[3],
2926 pisid->IdentifierAuthority.Value[2] ) ) );
2927 for( i=0; i<pisid->SubAuthorityCount; i++ )
2928 sprintfW( str + strlenW(str), subauthfmt, pisid->SubAuthority[i] );
2929 *pstr = str;
2930
2931 return TRUE;
2932 }
2933
2934 /******************************************************************************
2935 * ConvertSidToStringSidA [ADVAPI32.@]
2936 */
2937 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr)
2938 {
2939 LPWSTR wstr = NULL;
2940 LPSTR str;
2941 UINT len;
2942
2943 TRACE("%p %p\n", pSid, pstr );
2944
2945 if( !ConvertSidToStringSidW( pSid, &wstr ) )
2946 return FALSE;
2947
2948 len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL );
2949 str = LocalAlloc( 0, len );
2950 WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL );
2951 LocalFree( wstr );
2952
2953 *pstr = str;
2954
2955 return TRUE;
2956 }
2957
2958 BOOL WINAPI CreatePrivateObjectSecurity(
2959 PSECURITY_DESCRIPTOR ParentDescriptor,
2960 PSECURITY_DESCRIPTOR CreatorDescriptor,
2961 PSECURITY_DESCRIPTOR* NewDescriptor,
2962 BOOL IsDirectoryObject,
2963 HANDLE Token,
2964 PGENERIC_MAPPING GenericMapping )
2965 {
2966 FIXME("%p %p %p %d %p %p - stub\n", ParentDescriptor, CreatorDescriptor,
2967 NewDescriptor, IsDirectoryObject, Token, GenericMapping);
2968
2969 return FALSE;
2970 }
2971
2972 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR* ObjectDescriptor )
2973 {
2974 FIXME("%p - stub\n", ObjectDescriptor);
2975
2976 return TRUE;
2977 }
2978
2979 BOOL WINAPI CreateProcessAsUserA(
2980 HANDLE hToken,
2981 LPCSTR lpApplicationName,
2982 LPSTR lpCommandLine,
2983 LPSECURITY_ATTRIBUTES lpProcessAttributes,
2984 LPSECURITY_ATTRIBUTES lpThreadAttributes,
2985 BOOL bInheritHandles,
2986 DWORD dwCreationFlags,
2987 LPVOID lpEnvironment,
2988 LPCSTR lpCurrentDirectory,
2989 LPSTARTUPINFOA lpStartupInfo,
2990 LPPROCESS_INFORMATION lpProcessInformation )
2991 {
2992 FIXME("%p %s %s %p %p %d 0x%08lx %p %s %p %p - stub\n", hToken, debugstr_a(lpApplicationName),
2993 debugstr_a(lpCommandLine), lpProcessAttributes, lpThreadAttributes, bInheritHandles,
2994 dwCreationFlags, lpEnvironment, debugstr_a(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
2995
2996 return FALSE;
2997 }
2998
2999 BOOL WINAPI CreateProcessAsUserW(
3000 HANDLE hToken,
3001 LPCWSTR lpApplicationName,
3002 LPWSTR lpCommandLine,
3003 LPSECURITY_ATTRIBUTES lpProcessAttributes,
3004 LPSECURITY_ATTRIBUTES lpThreadAttributes,
3005 BOOL bInheritHandles,
3006 DWORD dwCreationFlags,
3007 LPVOID lpEnvironment,
3008 LPCWSTR lpCurrentDirectory,
3009 LPSTARTUPINFOW lpStartupInfo,
3010 LPPROCESS_INFORMATION lpProcessInformation )
3011 {
3012 FIXME("%p %s %s %p %p %d 0x%08lx %p %s %p %p - semi- stub\n", hToken,
3013 debugstr_w(lpApplicationName), debugstr_w(lpCommandLine), lpProcessAttributes,
3014 lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
3015 debugstr_w(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
3016
3017 /* We should create the process with a suspended main thread */
3018 if (!CreateProcessW (lpApplicationName,
3019 lpCommandLine,
3020 lpProcessAttributes,
3021 lpThreadAttributes,
3022 bInheritHandles,
3023 dwCreationFlags, /* CREATE_SUSPENDED */
3024 lpEnvironment,
3025 lpCurrentDirectory,
3026 lpStartupInfo,
3027 lpProcessInformation))
3028 {
3029 return FALSE;
3030 }
3031
3032 return TRUE;
3033 }
3034
3035 /******************************************************************************
3036 * ComputeStringSidSize
3037 */
3038 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
3039 {
3040 int ctok = 0;
3041 DWORD size = sizeof(SID);
3042
3043 while (*StringSid)
3044 {
3045 if (*StringSid == '-')
3046 ctok++;
3047 StringSid++;
3048 }
3049
3050 if (ctok > 3)
3051 size += (ctok - 3) * sizeof(DWORD);
3052
3053 return size;
3054 }
3055
3056 BOOL WINAPI DuplicateTokenEx(
3057 HANDLE ExistingTokenHandle, DWORD dwDesiredAccess,
3058 LPSECURITY_ATTRIBUTES lpTokenAttributes,
3059 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3060 TOKEN_TYPE TokenType,
3061 PHANDLE DuplicateTokenHandle )
3062 {
3063 OBJECT_ATTRIBUTES ObjectAttributes;
3064
3065 TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3066 ImpersonationLevel, TokenType, DuplicateTokenHandle);
3067
3068 InitializeObjectAttributes(
3069 &ObjectAttributes,
3070 NULL,
3071 (lpTokenAttributes && lpTokenAttributes->bInheritHandle) ? OBJ_INHERIT : 0,
3072 NULL,
3073 lpTokenAttributes ? lpTokenAttributes->lpSecurityDescriptor : NULL );
3074
3075 return set_ntstatus( NtDuplicateToken( ExistingTokenHandle,
3076 dwDesiredAccess,
3077 &ObjectAttributes,
3078 ImpersonationLevel,
3079 TokenType,
3080 DuplicateTokenHandle ) );
3081 }
3082
3083 BOOL WINAPI DuplicateToken(
3084 HANDLE ExistingTokenHandle,
3085 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3086 PHANDLE DuplicateTokenHandle )
3087 {
3088 return DuplicateTokenEx( ExistingTokenHandle, TOKEN_IMPERSONATE | TOKEN_QUERY,
3089 NULL, ImpersonationLevel, TokenImpersonation,
3090 DuplicateTokenHandle );
3091 }
3092
3093 BOOL WINAPI EnumDependentServicesA(
3094 SC_HANDLE hService,
3095 DWORD dwServiceState,
3096 LPENUM_SERVICE_STATUSA lpServices,
3097 DWORD cbBufSize,
3098 LPDWORD pcbBytesNeeded,
3099 LPDWORD lpServicesReturned )
3100 {
3101 FIXME("%p 0x%08lx %p 0x%08lx %p %p - stub\n", hService, dwServiceState,
3102 lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
3103
3104 return FALSE;
3105 }
3106
3107 BOOL WINAPI EnumDependentServicesW(
3108 SC_HANDLE hService,
3109 DWORD dwServiceState,
3110 LPENUM_SERVICE_STATUSW lpServices,
3111 DWORD cbBufSize,
3112 LPDWORD pcbBytesNeeded,
3113 LPDWORD lpServicesReturned )
3114 {
3115 FIXME("%p 0x%08lx %p 0x%08lx %p %p - stub\n", hService, dwServiceState,
3116 lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
3117
3118 return FALSE;
3119 }
3120
3121 /******************************************************************************
3122 * ParseStringSidToSid
3123 */
3124 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
3125 {
3126 BOOL bret = FALSE;
3127 SID* pisid=pSid;
3128
3129 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
3130 if (!StringSid)
3131 {
3132 SetLastError(ERROR_INVALID_PARAMETER);
3133 TRACE("StringSid is NULL, returning FALSE\n");
3134 return FALSE;
3135 }
3136
3137 *cBytes = ComputeStringSidSize(StringSid);
3138 if (!pisid) /* Simply compute the size */
3139 {
3140 TRACE("only size requested, returning TRUE\n");
3141 return TRUE;
3142 }
3143
3144 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
3145 {
3146 DWORD i = 0, identAuth;
3147 DWORD csubauth = ((*cBytes - sizeof(SID)) / sizeof(DWORD)) + 1;
3148
3149 StringSid += 2; /* Advance to Revision */
3150 pisid->Revision = atoiW(StringSid);
3151
3152 if (pisid->Revision != SDDL_REVISION)
3153 {
3154 TRACE("Revision %d is unknown\n", pisid->Revision);
3155 goto lend; /* ERROR_INVALID_SID */
3156 }
3157 if (csubauth == 0)
3158 {
3159 TRACE("SubAuthorityCount is 0\n");
3160 goto lend; /* ERROR_INVALID_SID */
3161 }
3162
3163 pisid->SubAuthorityCount = csubauth;
3164
3165 /* Advance to identifier authority */
3166 while (*StringSid && *StringSid != '-')
3167 StringSid++;
3168 if (*StringSid == '-')
3169 StringSid++;
3170
3171 /* MS' implementation can't handle values greater than 2^32 - 1, so
3172 * we don't either; assume most significant bytes are always 0
3173 */
3174 pisid->IdentifierAuthority.Value[0] = 0;
3175 pisid->IdentifierAuthority.Value[1] = 0;
3176 identAuth = atoiW(StringSid);
3177 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
3178 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
3179 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
3180 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
3181
3182 /* Advance to first sub authority */
3183 while (*StringSid && *StringSid != '-')
3184 StringSid++;
3185 if (*StringSid == '-')
3186 StringSid++;
3187
3188 while (*StringSid)
3189 {
3190 while (*StringSid && *StringSid != '-')
3191 StringSid++;
3192
3193 pisid->SubAuthority[i++] = atoiW(StringSid);
3194 }
3195
3196 if (i != pisid->SubAuthorityCount)
3197 goto lend; /* ERROR_INVALID_SID */
3198
3199 bret = TRUE;
3200 }
3201 else /* String constant format - Only available in winxp and above */
3202 {
3203 pisid->Revision = SDDL_REVISION;
3204 pisid->SubAuthorityCount = 1;
3205
3206 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
3207
3208 /* TODO: Lookup string of well-known SIDs in table */
3209 pisid->IdentifierAuthority.Value[5] = 0;
3210 pisid->SubAuthority[0] = 0;
3211
3212 bret = TRUE;
3213 }
3214
3215 lend:
3216 if (!bret)
3217 SetLastError(ERROR_INVALID_SID);
3218
3219 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3220 return bret;
3221 }
3222
3223 /******************************************************************************
3224 * GetNamedSecurityInfoA [ADVAPI32.@]
3225 */
3226 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
3227 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3228 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
3229 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
3230 {
3231 DWORD len;
3232 LPWSTR wstr = NULL;
3233 DWORD r;
3234
3235 TRACE("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
3236 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
3237
3238 if( pObjectName )
3239 {
3240 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3241 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3242 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3243 }
3244
3245 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
3246 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
3247
3248 HeapFree( GetProcessHeap(), 0, wstr );
3249
3250 return r;
3251 }
3252
3253 /******************************************************************************
3254 * GetNamedSecurityInfoW [ADVAPI32.@]
3255 */
3256 DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type,
3257 SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl,
3258 PACL* sacl, PSECURITY_DESCRIPTOR* descriptor )
3259 {
3260 DWORD needed, offset;
3261 SECURITY_DESCRIPTOR_RELATIVE *relative;
3262 BYTE *buffer;
3263
3264 TRACE( "%s %d %ld %p %p %p %p %p\n", debugstr_w(name), type, info, owner,
3265 group, dacl, sacl, descriptor );
3266
3267 if (!name || !descriptor) return ERROR_INVALID_PARAMETER;
3268
3269 needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
3270 if (info & OWNER_SECURITY_INFORMATION)
3271 needed += sizeof(sidWorld);
3272 if (info & GROUP_SECURITY_INFORMATION)
3273 needed += sizeof(sidWorld);
3274 if (info & DACL_SECURITY_INFORMATION)
3275 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3276 if (info & SACL_SECURITY_INFORMATION)
3277 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3278
3279 /* must be freed by caller */
3280 *descriptor = HeapAlloc( GetProcessHeap(), 0, needed );
3281 if (!*descriptor) return ERROR_NOT_ENOUGH_MEMORY;
3282
3283 if (!InitializeSecurityDescriptor( *descriptor, SECURITY_DESCRIPTOR_REVISION ))
3284 {
3285 HeapFree( GetProcessHeap(), 0, *descriptor );
3286 return ERROR_INVALID_SECURITY_DESCR;
3287 }
3288
3289 relative = (SECURITY_DESCRIPTOR_RELATIVE *)*descriptor;
3290 relative->Control |= SE_SELF_RELATIVE;
3291 buffer = (BYTE *)relative;
3292 offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
3293
3294 if (owner && (info & OWNER_SECURITY_INFORMATION))
3295 {
3296 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
3297 relative->Owner = offset;
3298 *owner = buffer + offset;
3299 offset += sizeof(sidWorld);
3300 }
3301 if (group && (info & GROUP_SECURITY_INFORMATION))
3302 {
3303 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
3304 relative->Group = offset;
3305 *group = buffer + offset;
3306 offset += sizeof(sidWorld);
3307 }
3308 if (dacl && (info & DACL_SECURITY_INFORMATION))
3309 {
3310 GetWorldAccessACL( (PACL)(buffer + offset) );
3311 relative->Dacl = offset;
3312 *dacl = (PACL)(buffer + offset);
3313 offset += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3314 }
3315 if (sacl && (info & SACL_SECURITY_INFORMATION))
3316 {
3317 GetWorldAccessACL( (PACL)(buffer + offset) );
3318 relative->Sacl = offset;
3319 *sacl = (PACL)(buffer + offset);
3320 }
3321 return ERROR_SUCCESS;
3322 }
3323
3324 /******************************************************************************
3325 * DecryptFileW [ADVAPI32.@]
3326 */
3327 BOOL WINAPI DecryptFileW(LPCWSTR lpFileName, DWORD dwReserved)
3328 {
3329 FIXME("%s %08lx\n", debugstr_w(lpFileName), dwReserved);
3330 return TRUE;
3331 }
3332
3333 /******************************************************************************
3334 * DecryptFileA [ADVAPI32.@]
3335 */
3336 BOOL WINAPI DecryptFileA(LPCSTR lpFileName, DWORD dwReserved)
3337 {
3338 FIXME("%s %08lx\n", debugstr_a(lpFileName), dwReserved);
3339 return TRUE;
3340 }
3341
3342 /******************************************************************************
3343 * EncryptFileW [ADVAPI32.@]
3344 */
3345 BOOL WINAPI EncryptFileW(LPCWSTR lpFileName)
3346 {
3347 FIXME("%s\n", debugstr_w(lpFileName));
3348 return TRUE;
3349 }
3350
3351 /******************************************************************************
3352 * EncryptFileA [ADVAPI32.@]
3353 */
3354 BOOL WINAPI EncryptFileA(LPCSTR lpFileName)
3355 {
3356 FIXME("%s\n", debugstr_a(lpFileName));
3357 return TRUE;
3358 }
3359
3360 /******************************************************************************
3361 * SetSecurityInfo [ADVAPI32.@]
3362 */
3363 DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
3364 SECURITY_INFORMATION SecurityInfo, PSID psidOwner,
3365 PSID psidGroup, PACL pDacl, PACL pSacl) {
3366 FIXME("stub\n");
3367 return ERROR_SUCCESS;
3368 }
useful hacks and other patches not (yet) suitable for mainline