search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
advapi32: Add AddAuditAccessAceEx.
[wine/multimedia.git] / dlls / advapi32 / security.c
blob5889213240c27512bbe94a7df973b2e933d45039
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 *
20 */
21
22 #include <stdarg.h>
23 #include <string.h>
24
25 #include "ntstatus.h"
26 #define WIN32_NO_STATUS
27 #include "windef.h"
28 #include "winbase.h"
29 #include "winerror.h"
30 #include "winreg.h"
31 #include "winternl.h"
32 #include "winioctl.h"
33 #include "ntsecapi.h"
34 #include "accctrl.h"
35 #include "sddl.h"
36 #include "winsvc.h"
37 #include "aclapi.h"
38 #include "objbase.h"
39 #include "iads.h"
40 #include "advapi32_misc.h"
41
42 #include "wine/debug.h"
43 #include "wine/unicode.h"
44
45 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
46
47 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
48 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
49 PACL pAcl, LPDWORD cBytes);
50 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
51 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
52 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
53 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
54 LPCWSTR StringSecurityDescriptor,
55 SECURITY_DESCRIPTOR* SecurityDescriptor,
56 LPDWORD cBytes);
57 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
58
59 typedef struct _ACEFLAG
60 {
61 LPCWSTR wstr;
62 DWORD value;
63 } ACEFLAG, *LPACEFLAG;
64
65 typedef struct _MAX_SID
66 {
67 /* same fields as struct _SID */
68 BYTE Revision;
69 BYTE SubAuthorityCount;
70 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
71 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
72 } MAX_SID;
73
74 typedef struct WELLKNOWNSID
75 {
76 WCHAR wstr[2];
77 WELL_KNOWN_SID_TYPE Type;
78 MAX_SID Sid;
79 } WELLKNOWNSID;
80
81 static const WELLKNOWNSID WellKnownSids[] =
82 {
83 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
84 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
85 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
86 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
87 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
88 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
89 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
90 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
91 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
92 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
93 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
94 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
95 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
96 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
97 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
98 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
99 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
100 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
101 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
102 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
103 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
104 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
105 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
106 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
107 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
108 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
109 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
110 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
111 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
112 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
113 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
114 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
115 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
116 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
117 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
118 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
119 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
120 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
121 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
122 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
123 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
124 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
125 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
126 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
127 };
128
129 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
130
131 typedef struct _AccountSid {
132 WELL_KNOWN_SID_TYPE type;
133 LPCWSTR account;
134 LPCWSTR domain;
135 SID_NAME_USE name_use;
136 } AccountSid;
137
138 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
139 static const WCHAR Administrator[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0 };
140 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 };
141 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 };
142 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 };
143 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 };
144 static const WCHAR BATCH[] = { 'B','A','T','C','H',0 };
145 static const WCHAR Blank[] = { 0 };
146 static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 };
147 static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 };
148 static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 };
149 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
150 static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 };
151 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
152 static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 };
153 static const WCHAR Digest_Authentication[] = { 'D','i','g','e','s','t',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
154 static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0};
155 static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','i','n','s',0 };
156 static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
157 static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
158 static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 };
159 static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 };
160 static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
161 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
162 static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 };
163 static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 };
164 static const WCHAR Guest[] = { 'G','u','e','s','t',0 };
165 static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 };
166 static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 };
167 static const WCHAR LOCAL[] = { 'L','O','C','A','L',0 };
168 static const WCHAR LOCAL_SERVICE[] = { 'L','O','C','A','L',' ','S','E','R','V','I','C','E',0 };
169 static const WCHAR NETWORK[] = { 'N','E','T','W','O','R','K',0 };
170 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 };
171 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 };
172 static const WCHAR NT_AUTHORITY[] = { 'N','T',' ','A','U','T','H','O','R','I','T','Y',0 };
173 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
174 static const WCHAR NTML_Authentication[] = { 'N','T','M','L',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
175 static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 };
176 static const WCHAR Other_Organization[] = { 'O','t','h','e','r',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
177 static const WCHAR Performance_Log_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','L','o','g',' ','U','s','e','r','s',0 };
178 static const WCHAR Performance_Monitor_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','M','o','n','i','t','o','r',' ','U','s','e','r','s',0 };
179 static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 };
180 static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','0','0','0',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 };
181 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
182 static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 };
183 static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 };
184 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
185 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
186 static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 };
187 static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 };
188 static const WCHAR SChannel_Authentication[] = { 'S','C','h','a','n','n','e','l',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
189 static const WCHAR Schema_Admins[] = { 'S','c','h','e','m','a',' ','A','d','m','i','n','s',0 };
190 static const WCHAR SELF[] = { 'S','E','L','F',0 };
191 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
192 static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 };
193 static const WCHAR SYSTEM[] = { 'S','Y','S','T','E','M',0 };
194 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 };
195 static const WCHAR This_Organization[] = { 'T','h','i','s',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
196 static const WCHAR Users[] = { 'U','s','e','r','s',0 };
197
198 static const AccountSid ACCOUNT_SIDS[] = {
199 { WinNullSid, NULL_SID, Blank, SidTypeWellKnownGroup },
200 { WinWorldSid, Everyone, Blank, SidTypeWellKnownGroup },
201 { WinLocalSid, LOCAL, Blank, SidTypeWellKnownGroup },
202 { WinCreatorOwnerSid, CREATOR_OWNER, Blank, SidTypeWellKnownGroup },
203 { WinCreatorGroupSid, CREATOR_GROUP, Blank, SidTypeWellKnownGroup },
204 { WinCreatorOwnerServerSid, CREATOR_OWNER_SERVER, Blank, SidTypeWellKnownGroup },
205 { WinCreatorGroupServerSid, CREATOR_GROUP_SERVER, Blank, SidTypeWellKnownGroup },
206 { WinNtAuthoritySid, NT_Pseudo_Domain, NT_Pseudo_Domain, SidTypeDomain },
207 { WinDialupSid, DIALUP, NT_AUTHORITY, SidTypeWellKnownGroup },
208 { WinNetworkSid, NETWORK, NT_AUTHORITY, SidTypeWellKnownGroup },
209 { WinBatchSid, BATCH, NT_AUTHORITY, SidTypeWellKnownGroup },
210 { WinInteractiveSid, INTERACTIVE, NT_AUTHORITY, SidTypeWellKnownGroup },
211 { WinServiceSid, SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
212 { WinAnonymousSid, ANONYMOUS_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
213 { WinProxySid, PROXY, NT_AUTHORITY, SidTypeWellKnownGroup },
214 { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup },
215 { WinSelfSid, SELF, NT_AUTHORITY, SidTypeWellKnownGroup },
216 { WinAuthenticatedUserSid, Authenticated_Users, NT_AUTHORITY, SidTypeWellKnownGroup },
217 { WinRestrictedCodeSid, RESTRICTED, NT_AUTHORITY, SidTypeWellKnownGroup },
218 { WinTerminalServerSid, TERMINAL_SERVER_USER, NT_AUTHORITY, SidTypeWellKnownGroup },
219 { WinRemoteLogonIdSid, REMOTE_INTERACTIVE_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
220 { WinLocalSystemSid, SYSTEM, NT_AUTHORITY, SidTypeWellKnownGroup },
221 { WinLocalServiceSid, LOCAL_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
222 { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
223 { WinBuiltinDomainSid, BUILTIN, BUILTIN, SidTypeDomain },
224 { WinBuiltinAdministratorsSid, Administrators, BUILTIN, SidTypeAlias },
225 { WinBuiltinUsersSid, Users, BUILTIN, SidTypeAlias },
226 { WinBuiltinGuestsSid, Guests, BUILTIN, SidTypeAlias },
227 { WinBuiltinPowerUsersSid, Power_Users, BUILTIN, SidTypeAlias },
228 { WinBuiltinAccountOperatorsSid, Account_Operators, BUILTIN, SidTypeAlias },
229 { WinBuiltinSystemOperatorsSid, Server_Operators, BUILTIN, SidTypeAlias },
230 { WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias },
231 { WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias },
232 { WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias },
233 { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias },
234 { WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias },
235 { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
236 { WinNTLMAuthenticationSid, NTML_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
237 { WinDigestAuthenticationSid, Digest_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
238 { WinSChannelAuthenticationSid, SChannel_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
239 { WinThisOrganizationSid, This_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
240 { WinOtherOrganizationSid, Other_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
241 { WinBuiltinPerfMonitoringUsersSid, Performance_Monitor_Users, BUILTIN, SidTypeAlias },
242 { WinBuiltinPerfLoggingUsersSid, Performance_Log_Users, BUILTIN, SidTypeAlias },
243 };
244 /*
245 * ACE access rights
246 */
247 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
248 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
249 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
250 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
251
252 static const WCHAR SDDL_READ_PROPERTY[] = {'R','P',0};
253 static const WCHAR SDDL_WRITE_PROPERTY[] = {'W','P',0};
254 static const WCHAR SDDL_CREATE_CHILD[] = {'C','C',0};
255 static const WCHAR SDDL_DELETE_CHILD[] = {'D','C',0};
256 static const WCHAR SDDL_LIST_CHILDREN[] = {'L','C',0};
257 static const WCHAR SDDL_SELF_WRITE[] = {'S','W',0};
258 static const WCHAR SDDL_LIST_OBJECT[] = {'L','O',0};
259 static const WCHAR SDDL_DELETE_TREE[] = {'D','T',0};
260 static const WCHAR SDDL_CONTROL_ACCESS[] = {'C','R',0};
261
262 static const WCHAR SDDL_FILE_ALL[] = {'F','A',0};
263 static const WCHAR SDDL_FILE_READ[] = {'F','R',0};
264 static const WCHAR SDDL_FILE_WRITE[] = {'F','W',0};
265 static const WCHAR SDDL_FILE_EXECUTE[] = {'F','X',0};
266
267 static const WCHAR SDDL_KEY_ALL[] = {'K','A',0};
268 static const WCHAR SDDL_KEY_READ[] = {'K','R',0};
269 static const WCHAR SDDL_KEY_WRITE[] = {'K','W',0};
270 static const WCHAR SDDL_KEY_EXECUTE[] = {'K','X',0};
271
272 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
273 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
274 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
275 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
276
277 /*
278 * ACE types
279 */
280 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
281 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
282 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
283 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
284 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
285 static const WCHAR SDDL_ALARM[] = {'A','L',0};
286 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
287 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
288
289 /*
290 * ACE flags
291 */
292 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
293 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
294 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
295 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
296 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
297 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
298 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
299
300 const char * debugstr_sid(PSID sid)
301 {
302 int auth = 0;
303 SID * psid = (SID *)sid;
304
305 if (psid == NULL)
306 return "(null)";
307
308 auth = psid->IdentifierAuthority.Value[5] +
309 (psid->IdentifierAuthority.Value[4] << 8) +
310 (psid->IdentifierAuthority.Value[3] << 16) +
311 (psid->IdentifierAuthority.Value[2] << 24);
312
313 switch (psid->SubAuthorityCount) {
314 case 0:
315 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
316 case 1:
317 return wine_dbg_sprintf("S-%d-%d-%u", psid->Revision, auth,
318 psid->SubAuthority[0]);
319 case 2:
320 return wine_dbg_sprintf("S-%d-%d-%u-%u", psid->Revision, auth,
321 psid->SubAuthority[0], psid->SubAuthority[1]);
322 case 3:
323 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u", psid->Revision, auth,
324 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
325 case 4:
326 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u", psid->Revision, auth,
327 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
328 psid->SubAuthority[3]);
329 case 5:
330 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u", psid->Revision, auth,
331 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
332 psid->SubAuthority[3], psid->SubAuthority[4]);
333 case 6:
334 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
335 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
336 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
337 case 7:
338 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
339 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
340 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
341 psid->SubAuthority[6]);
342 case 8:
343 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
344 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
345 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
346 psid->SubAuthority[6], psid->SubAuthority[7]);
347 }
348 return "(too-big)";
349 }
350
351 /* set last error code from NT status and get the proper boolean return value */
352 /* used for functions that are a simple wrapper around the corresponding ntdll API */
353 static inline BOOL set_ntstatus( NTSTATUS status )
354 {
355 if (status) SetLastError( RtlNtStatusToDosError( status ));
356 return !status;
357 }
358
359 #define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD))
360
361 static void GetWorldAccessACL(PACL pACL)
362 {
363 PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1);
364
365 pACL->AclRevision = ACL_REVISION;
366 pACL->Sbz1 = 0;
367 pACL->AclSize = WINE_SIZE_OF_WORLD_ACCESS_ACL;
368 pACL->AceCount = 1;
369 pACL->Sbz2 = 0;
370
371 pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
372 pACE->Header.AceFlags = CONTAINER_INHERIT_ACE;
373 pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD);
374 pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */
375 memcpy(&pACE->SidStart, &sidWorld, sizeof(sidWorld));
376 }
377
378 /************************************************************
379 * ADVAPI_IsLocalComputer
380 *
381 * Checks whether the server name indicates local machine.
382 */
383 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
384 {
385 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
386 BOOL Result;
387 LPWSTR buf;
388
389 if (!ServerName || !ServerName[0])
390 return TRUE;
391
392 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
393 Result = GetComputerNameW(buf, &dwSize);
394 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
395 ServerName += 2;
396 Result = Result && !lstrcmpW(ServerName, buf);
397 HeapFree(GetProcessHeap(), 0, buf);
398
399 return Result;
400 }
401
402 /************************************************************
403 * ADVAPI_GetComputerSid
404 *
405 * Reads the computer SID from the registry.
406 */
407 BOOL ADVAPI_GetComputerSid(PSID sid)
408 {
409 HKEY key;
410 LONG ret;
411 BOOL retval = FALSE;
412 static const WCHAR Account[] = { 'S','E','C','U','R','I','T','Y','\\','S','A','M','\\','D','o','m','a','i','n','s','\\','A','c','c','o','u','n','t',0 };
413 static const WCHAR V[] = { 'V',0 };
414
415 if ((ret = RegOpenKeyExW(HKEY_LOCAL_MACHINE, Account, 0,
416 KEY_READ, &key)) == ERROR_SUCCESS)
417 {
418 DWORD size = 0;
419 ret = RegQueryValueExW(key, V, NULL, NULL, NULL, &size);
420 if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS)
421 {
422 BYTE * data = HeapAlloc(GetProcessHeap(), 0, size);
423 if (data)
424 {
425 if ((ret = RegQueryValueExW(key, V, NULL, NULL,
426 data, &size)) == ERROR_SUCCESS)
427 {
428 /* the SID is in the last 24 bytes of the binary data */
429 CopyMemory(sid, &data[size-24], 24);
430 retval = TRUE;
431 }
432 HeapFree(GetProcessHeap(), 0, data);
433 }
434 }
435 RegCloseKey(key);
436 }
437
438 if(retval == TRUE) return retval;
439
440 /* create a new random SID */
441 if (RegCreateKeyExW(HKEY_LOCAL_MACHINE, Account,
442 0, NULL, 0, KEY_ALL_ACCESS, NULL, &key, NULL) == ERROR_SUCCESS)
443 {
444 PSID new_sid;
445 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
446 DWORD id[3];
447
448 if (RtlGenRandom(&id, sizeof(id)))
449 {
450 if (AllocateAndInitializeSid(&identifierAuthority, 4, SECURITY_NT_NON_UNIQUE, id[0], id[1], id[2], 0, 0, 0, 0, &new_sid))
451 {
452 if (RegSetValueExW(key, V, 0, REG_BINARY, new_sid, GetLengthSid(new_sid)) == ERROR_SUCCESS)
453 retval = CopySid(GetLengthSid(new_sid), sid, new_sid);
454
455 FreeSid(new_sid);
456 }
457 }
458 RegCloseKey(key);
459 }
460
461 return retval;
462 }
463
464 /* ##############################
465 ###### TOKEN FUNCTIONS ######
466 ##############################
467 */
468
469 /******************************************************************************
470 * OpenProcessToken [ADVAPI32.@]
471 * Opens the access token associated with a process handle.
472 *
473 * PARAMS
474 * ProcessHandle [I] Handle to process
475 * DesiredAccess [I] Desired access to process
476 * TokenHandle [O] Pointer to handle of open access token
477 *
478 * RETURNS
479 * Success: TRUE. TokenHandle contains the access token.
480 * Failure: FALSE.
481 *
482 * NOTES
483 * See NtOpenProcessToken.
484 */
485 BOOL WINAPI
486 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
487 HANDLE *TokenHandle )
488 {
489 return set_ntstatus(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
490 }
491
492 /******************************************************************************
493 * OpenThreadToken [ADVAPI32.@]
494 *
495 * Opens the access token associated with a thread handle.
496 *
497 * PARAMS
498 * ThreadHandle [I] Handle to process
499 * DesiredAccess [I] Desired access to the thread
500 * OpenAsSelf [I] ???
501 * TokenHandle [O] Destination for the token handle
502 *
503 * RETURNS
504 * Success: TRUE. TokenHandle contains the access token.
505 * Failure: FALSE.
506 *
507 * NOTES
508 * See NtOpenThreadToken.
509 */
510 BOOL WINAPI
511 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
512 BOOL OpenAsSelf, HANDLE *TokenHandle)
513 {
514 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
515 }
516
517 BOOL WINAPI
518 AdjustTokenGroups( HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState,
519 DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength )
520 {
521 return set_ntstatus( NtAdjustGroupsToken(TokenHandle, ResetToDefault, NewState, BufferLength,
522 PreviousState, ReturnLength));
523 }
524
525 /******************************************************************************
526 * AdjustTokenPrivileges [ADVAPI32.@]
527 *
528 * Adjust the privileges of an open token handle.
529 *
530 * PARAMS
531 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
532 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
533 * NewState [I] Desired new privileges of the token
534 * BufferLength [I] Length of NewState
535 * PreviousState [O] Destination for the previous state
536 * ReturnLength [I/O] Size of PreviousState
537 *
538 *
539 * RETURNS
540 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
541 * Failure: FALSE.
542 *
543 * NOTES
544 * See NtAdjustPrivilegesToken.
545 */
546 BOOL WINAPI
547 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
548 LPVOID NewState, DWORD BufferLength,
549 LPVOID PreviousState, LPDWORD ReturnLength )
550 {
551 NTSTATUS status;
552
553 TRACE("\n");
554
555 status = NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges,
556 NewState, BufferLength, PreviousState,
557 ReturnLength);
558 SetLastError( RtlNtStatusToDosError( status ));
559 if ((status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED))
560 return TRUE;
561 else
562 return FALSE;
563 }
564
565 /******************************************************************************
566 * CheckTokenMembership [ADVAPI32.@]
567 *
568 * Determine if an access token is a member of a SID.
569 *
570 * PARAMS
571 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
572 * SidToCheck [I] SID that possibly contains the token
573 * IsMember [O] Destination for result.
574 *
575 * RETURNS
576 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
577 * Failure: FALSE.
578 */
579 BOOL WINAPI
580 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
581 PBOOL IsMember )
582 {
583 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
584
585 *IsMember = TRUE;
586 return(TRUE);
587 }
588
589 /******************************************************************************
590 * GetTokenInformation [ADVAPI32.@]
591 *
592 * Get a type of information about an access token.
593 *
594 * PARAMS
595 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
596 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
597 * tokeninfo [O] Destination for token information
598 * tokeninfolength [I] Length of tokeninfo
599 * retlen [O] Destination for returned token information length
600 *
601 * RETURNS
602 * Success: TRUE. tokeninfo contains retlen bytes of token information
603 * Failure: FALSE.
604 *
605 * NOTES
606 * See NtQueryInformationToken.
607 */
608 BOOL WINAPI
609 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
610 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
611 {
612 TRACE("(%p, %s, %p, %d, %p):\n",
613 token,
614 (tokeninfoclass == TokenUser) ? "TokenUser" :
615 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
616 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
617 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
618 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
619 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
620 (tokeninfoclass == TokenSource) ? "TokenSource" :
621 (tokeninfoclass == TokenType) ? "TokenType" :
622 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
623 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
624 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
625 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
626 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
627 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
628 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
629 "Unknown",
630 tokeninfo, tokeninfolength, retlen);
631 return set_ntstatus( NtQueryInformationToken( token, tokeninfoclass, tokeninfo,
632 tokeninfolength, retlen));
633 }
634
635 /******************************************************************************
636 * SetTokenInformation [ADVAPI32.@]
637 *
638 * Set information for an access token.
639 *
640 * PARAMS
641 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
642 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
643 * tokeninfo [I] Token information to set
644 * tokeninfolength [I] Length of tokeninfo
645 *
646 * RETURNS
647 * Success: TRUE. The information for the token is set to tokeninfo.
648 * Failure: FALSE.
649 */
650 BOOL WINAPI
651 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
652 LPVOID tokeninfo, DWORD tokeninfolength )
653 {
654 TRACE("(%p, %s, %p, %d): stub\n",
655 token,
656 (tokeninfoclass == TokenUser) ? "TokenUser" :
657 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
658 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
659 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
660 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
661 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
662 (tokeninfoclass == TokenSource) ? "TokenSource" :
663 (tokeninfoclass == TokenType) ? "TokenType" :
664 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
665 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
666 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
667 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
668 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
669 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
670 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
671 "Unknown",
672 tokeninfo, tokeninfolength);
673
674 return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
675 }
676
677 /*************************************************************************
678 * SetThreadToken [ADVAPI32.@]
679 *
680 * Assigns an 'impersonation token' to a thread so it can assume the
681 * security privileges of another thread or process. Can also remove
682 * a previously assigned token.
683 *
684 * PARAMS
685 * thread [O] Handle to thread to set the token for
686 * token [I] Token to set
687 *
688 * RETURNS
689 * Success: TRUE. The threads access token is set to token
690 * Failure: FALSE.
691 *
692 * NOTES
693 * Only supported on NT or higher. On Win9X this function does nothing.
694 * See SetTokenInformation.
695 */
696 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
697 {
698 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
699 ThreadImpersonationToken, &token, sizeof token ));
700 }
701
702 /* ##############################
703 ###### SID FUNCTIONS ######
704 ##############################
705 */
706
707 /******************************************************************************
708 * AllocateAndInitializeSid [ADVAPI32.@]
709 *
710 * PARAMS
711 * pIdentifierAuthority []
712 * nSubAuthorityCount []
713 * nSubAuthority0 []
714 * nSubAuthority1 []
715 * nSubAuthority2 []
716 * nSubAuthority3 []
717 * nSubAuthority4 []
718 * nSubAuthority5 []
719 * nSubAuthority6 []
720 * nSubAuthority7 []
721 * pSid []
722 */
723 BOOL WINAPI
724 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
725 BYTE nSubAuthorityCount,
726 DWORD nSubAuthority0, DWORD nSubAuthority1,
727 DWORD nSubAuthority2, DWORD nSubAuthority3,
728 DWORD nSubAuthority4, DWORD nSubAuthority5,
729 DWORD nSubAuthority6, DWORD nSubAuthority7,
730 PSID *pSid )
731 {
732 return set_ntstatus( RtlAllocateAndInitializeSid(
733 pIdentifierAuthority, nSubAuthorityCount,
734 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
735 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
736 pSid ));
737 }
738
739 /******************************************************************************
740 * FreeSid [ADVAPI32.@]
741 *
742 * PARAMS
743 * pSid []
744 */
745 PVOID WINAPI
746 FreeSid( PSID pSid )
747 {
748 RtlFreeSid(pSid);
749 return NULL; /* is documented like this */
750 }
751
752 /******************************************************************************
753 * CopySid [ADVAPI32.@]
754 *
755 * PARAMS
756 * nDestinationSidLength []
757 * pDestinationSid []
758 * pSourceSid []
759 */
760 BOOL WINAPI
761 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
762 {
763 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
764 }
765
766 /******************************************************************************
767 * CreateWellKnownSid [ADVAPI32.@]
768 */
769 BOOL WINAPI
770 CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
771 PSID DomainSid,
772 PSID pSid,
773 DWORD* cbSid)
774 {
775 int i;
776 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
777
778 if (DomainSid != NULL) {
779 FIXME("Only local computer supported!\n");
780 SetLastError(ERROR_INVALID_PARAMETER); /* FIXME */
781 return FALSE;
782 }
783
784 if (cbSid == NULL || pSid == NULL) {
785 SetLastError(ERROR_INVALID_PARAMETER);
786 return FALSE;
787 }
788
789 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
790 if (WellKnownSids[i].Type == WellKnownSidType) {
791 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
792
793 if (*cbSid < length) {
794 SetLastError(ERROR_INSUFFICIENT_BUFFER);
795 return FALSE;
796 }
797
798 CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
799 *cbSid = length;
800 return TRUE;
801 }
802 }
803
804 SetLastError(ERROR_INVALID_PARAMETER);
805 return FALSE;
806 }
807
808 /******************************************************************************
809 * IsWellKnownSid [ADVAPI32.@]
810 */
811 BOOL WINAPI
812 IsWellKnownSid( PSID pSid, WELL_KNOWN_SID_TYPE WellKnownSidType )
813 {
814 int i;
815 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
816
817 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
818 if (WellKnownSids[i].Type == WellKnownSidType)
819 if (EqualSid(pSid, (PSID)&(WellKnownSids[i].Sid.Revision)))
820 return TRUE;
821
822 return FALSE;
823 }
824
825 BOOL WINAPI
826 IsTokenRestricted( HANDLE TokenHandle )
827 {
828 TOKEN_GROUPS *groups;
829 DWORD size;
830 NTSTATUS status;
831 BOOL restricted;
832
833 TRACE("(%p)\n", TokenHandle);
834
835 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, NULL, 0, &size);
836 if (status != STATUS_BUFFER_TOO_SMALL)
837 return FALSE;
838
839 groups = HeapAlloc(GetProcessHeap(), 0, size);
840 if (!groups)
841 {
842 SetLastError(ERROR_OUTOFMEMORY);
843 return FALSE;
844 }
845
846 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, groups, size, &size);
847 if (status != STATUS_SUCCESS)
848 {
849 HeapFree(GetProcessHeap(), 0, groups);
850 return set_ntstatus(status);
851 }
852
853 if (groups->GroupCount)
854 restricted = TRUE;
855 else
856 restricted = FALSE;
857
858 HeapFree(GetProcessHeap(), 0, groups);
859
860 return restricted;
861 }
862
863 /******************************************************************************
864 * IsValidSid [ADVAPI32.@]
865 *
866 * PARAMS
867 * pSid []
868 */
869 BOOL WINAPI
870 IsValidSid( PSID pSid )
871 {
872 return RtlValidSid( pSid );
873 }
874
875 /******************************************************************************
876 * EqualSid [ADVAPI32.@]
877 *
878 * PARAMS
879 * pSid1 []
880 * pSid2 []
881 */
882 BOOL WINAPI
883 EqualSid( PSID pSid1, PSID pSid2 )
884 {
885 return RtlEqualSid( pSid1, pSid2 );
886 }
887
888 /******************************************************************************
889 * EqualPrefixSid [ADVAPI32.@]
890 */
891 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
892 {
893 return RtlEqualPrefixSid(pSid1, pSid2);
894 }
895
896 /******************************************************************************
897 * GetSidLengthRequired [ADVAPI32.@]
898 *
899 * PARAMS
900 * nSubAuthorityCount []
901 */
902 DWORD WINAPI
903 GetSidLengthRequired( BYTE nSubAuthorityCount )
904 {
905 return RtlLengthRequiredSid(nSubAuthorityCount);
906 }
907
908 /******************************************************************************
909 * InitializeSid [ADVAPI32.@]
910 *
911 * PARAMS
912 * pIdentifierAuthority []
913 */
914 BOOL WINAPI
915 InitializeSid (
916 PSID pSid,
917 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
918 BYTE nSubAuthorityCount)
919 {
920 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
921 }
922
923 DWORD WINAPI
924 GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights )
925 {
926 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
927
928 return 1;
929 }
930
931 DWORD WINAPI
932 GetEffectiveRightsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pAccessRights )
933 {
934 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
935
936 return 1;
937 }
938
939 /******************************************************************************
940 * GetSidIdentifierAuthority [ADVAPI32.@]
941 *
942 * PARAMS
943 * pSid []
944 */
945 PSID_IDENTIFIER_AUTHORITY WINAPI
946 GetSidIdentifierAuthority( PSID pSid )
947 {
948 return RtlIdentifierAuthoritySid(pSid);
949 }
950
951 /******************************************************************************
952 * GetSidSubAuthority [ADVAPI32.@]
953 *
954 * PARAMS
955 * pSid []
956 * nSubAuthority []
957 */
958 PDWORD WINAPI
959 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
960 {
961 return RtlSubAuthoritySid(pSid, nSubAuthority);
962 }
963
964 /******************************************************************************
965 * GetSidSubAuthorityCount [ADVAPI32.@]
966 *
967 * PARAMS
968 * pSid []
969 */
970 PUCHAR WINAPI
971 GetSidSubAuthorityCount (PSID pSid)
972 {
973 return RtlSubAuthorityCountSid(pSid);
974 }
975
976 /******************************************************************************
977 * GetLengthSid [ADVAPI32.@]
978 *
979 * PARAMS
980 * pSid []
981 */
982 DWORD WINAPI
983 GetLengthSid (PSID pSid)
984 {
985 return RtlLengthSid(pSid);
986 }
987
988 /* ##############################################
989 ###### SECURITY DESCRIPTOR FUNCTIONS ######
990 ##############################################
991 */
992
993 /******************************************************************************
994 * BuildSecurityDescriptorA [ADVAPI32.@]
995 *
996 * Builds a SD from
997 *
998 * PARAMS
999 * pOwner [I]
1000 * pGroup [I]
1001 * cCountOfAccessEntries [I]
1002 * pListOfAccessEntries [I]
1003 * cCountOfAuditEntries [I]
1004 * pListofAuditEntries [I]
1005 * pOldSD [I]
1006 * lpdwBufferLength [I/O]
1007 * pNewSD [O]
1008 *
1009 * RETURNS
1010 * Success: ERROR_SUCCESS
1011 * Failure: nonzero error code from Winerror.h
1012 */
1013 DWORD WINAPI BuildSecurityDescriptorA(
1014 IN PTRUSTEEA pOwner,
1015 IN PTRUSTEEA pGroup,
1016 IN ULONG cCountOfAccessEntries,
1017 IN PEXPLICIT_ACCESSA pListOfAccessEntries,
1018 IN ULONG cCountOfAuditEntries,
1019 IN PEXPLICIT_ACCESSA pListofAuditEntries,
1020 IN PSECURITY_DESCRIPTOR pOldSD,
1021 IN OUT PULONG lpdwBufferLength,
1022 OUT PSECURITY_DESCRIPTOR* pNewSD)
1023 {
1024 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
1025 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
1026 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
1027
1028 return ERROR_CALL_NOT_IMPLEMENTED;
1029 }
1030
1031 /******************************************************************************
1032 * BuildSecurityDescriptorW [ADVAPI32.@]
1033 *
1034 * See BuildSecurityDescriptorA.
1035 */
1036 DWORD WINAPI BuildSecurityDescriptorW(
1037 IN PTRUSTEEW pOwner,
1038 IN PTRUSTEEW pGroup,
1039 IN ULONG cCountOfAccessEntries,
1040 IN PEXPLICIT_ACCESSW pListOfAccessEntries,
1041 IN ULONG cCountOfAuditEntries,
1042 IN PEXPLICIT_ACCESSW pListofAuditEntries,
1043 IN PSECURITY_DESCRIPTOR pOldSD,
1044 IN OUT PULONG lpdwBufferLength,
1045 OUT PSECURITY_DESCRIPTOR* pNewSD)
1046 {
1047 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
1048 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
1049 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
1050
1051 return ERROR_CALL_NOT_IMPLEMENTED;
1052 }
1053
1054 /******************************************************************************
1055 * InitializeSecurityDescriptor [ADVAPI32.@]
1056 *
1057 * PARAMS
1058 * pDescr []
1059 * revision []
1060 */
1061 BOOL WINAPI
1062 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision )
1063 {
1064 return set_ntstatus( RtlCreateSecurityDescriptor(pDescr, revision ));
1065 }
1066
1067
1068 /******************************************************************************
1069 * MakeAbsoluteSD [ADVAPI32.@]
1070 */
1071 BOOL WINAPI MakeAbsoluteSD (
1072 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1073 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1074 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
1075 OUT PACL pDacl,
1076 OUT LPDWORD lpdwDaclSize,
1077 OUT PACL pSacl,
1078 OUT LPDWORD lpdwSaclSize,
1079 OUT PSID pOwner,
1080 OUT LPDWORD lpdwOwnerSize,
1081 OUT PSID pPrimaryGroup,
1082 OUT LPDWORD lpdwPrimaryGroupSize)
1083 {
1084 return set_ntstatus( RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
1085 pAbsoluteSecurityDescriptor,
1086 lpdwAbsoluteSecurityDescriptorSize,
1087 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize,
1088 pOwner, lpdwOwnerSize,
1089 pPrimaryGroup, lpdwPrimaryGroupSize));
1090 }
1091
1092 /******************************************************************************
1093 * GetKernelObjectSecurity [ADVAPI32.@]
1094 */
1095 BOOL WINAPI GetKernelObjectSecurity(
1096 HANDLE Handle,
1097 SECURITY_INFORMATION RequestedInformation,
1098 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1099 DWORD nLength,
1100 LPDWORD lpnLengthNeeded )
1101 {
1102 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
1103 pSecurityDescriptor, nLength, lpnLengthNeeded);
1104
1105 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
1106 nLength, lpnLengthNeeded ));
1107 }
1108
1109 /******************************************************************************
1110 * GetPrivateObjectSecurity [ADVAPI32.@]
1111 */
1112 BOOL WINAPI GetPrivateObjectSecurity(
1113 PSECURITY_DESCRIPTOR ObjectDescriptor,
1114 SECURITY_INFORMATION SecurityInformation,
1115 PSECURITY_DESCRIPTOR ResultantDescriptor,
1116 DWORD DescriptorLength,
1117 PDWORD ReturnLength )
1118 {
1119 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", ObjectDescriptor, SecurityInformation,
1120 ResultantDescriptor, DescriptorLength, ReturnLength);
1121
1122 return set_ntstatus( NtQuerySecurityObject(ObjectDescriptor, SecurityInformation,
1123 ResultantDescriptor, DescriptorLength, ReturnLength ));
1124 }
1125
1126 /******************************************************************************
1127 * GetSecurityDescriptorLength [ADVAPI32.@]
1128 */
1129 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr)
1130 {
1131 return RtlLengthSecurityDescriptor(pDescr);
1132 }
1133
1134 /******************************************************************************
1135 * GetSecurityDescriptorOwner [ADVAPI32.@]
1136 *
1137 * PARAMS
1138 * pOwner []
1139 * lpbOwnerDefaulted []
1140 */
1141 BOOL WINAPI
1142 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner,
1143 LPBOOL lpbOwnerDefaulted )
1144 {
1145 BOOLEAN defaulted;
1146 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( pDescr, pOwner, &defaulted ));
1147 *lpbOwnerDefaulted = defaulted;
1148 return ret;
1149 }
1150
1151 /******************************************************************************
1152 * SetSecurityDescriptorOwner [ADVAPI32.@]
1153 *
1154 * PARAMS
1155 */
1156 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1157 PSID pOwner, BOOL bOwnerDefaulted)
1158 {
1159 return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
1160 }
1161 /******************************************************************************
1162 * GetSecurityDescriptorGroup [ADVAPI32.@]
1163 */
1164 BOOL WINAPI GetSecurityDescriptorGroup(
1165 PSECURITY_DESCRIPTOR SecurityDescriptor,
1166 PSID *Group,
1167 LPBOOL GroupDefaulted)
1168 {
1169 BOOLEAN defaulted;
1170 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted ));
1171 *GroupDefaulted = defaulted;
1172 return ret;
1173 }
1174 /******************************************************************************
1175 * SetSecurityDescriptorGroup [ADVAPI32.@]
1176 */
1177 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
1178 PSID Group, BOOL GroupDefaulted)
1179 {
1180 return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
1181 }
1182
1183 /******************************************************************************
1184 * IsValidSecurityDescriptor [ADVAPI32.@]
1185 *
1186 * PARAMS
1187 * lpsecdesc []
1188 */
1189 BOOL WINAPI
1190 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
1191 {
1192 return set_ntstatus( RtlValidSecurityDescriptor(SecurityDescriptor));
1193 }
1194
1195 /******************************************************************************
1196 * GetSecurityDescriptorDacl [ADVAPI32.@]
1197 */
1198 BOOL WINAPI GetSecurityDescriptorDacl(
1199 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
1200 OUT LPBOOL lpbDaclPresent,
1201 OUT PACL *pDacl,
1202 OUT LPBOOL lpbDaclDefaulted)
1203 {
1204 BOOLEAN present, defaulted;
1205 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted));
1206 *lpbDaclPresent = present;
1207 *lpbDaclDefaulted = defaulted;
1208 return ret;
1209 }
1210
1211 /******************************************************************************
1212 * SetSecurityDescriptorDacl [ADVAPI32.@]
1213 */
1214 BOOL WINAPI
1215 SetSecurityDescriptorDacl (
1216 PSECURITY_DESCRIPTOR lpsd,
1217 BOOL daclpresent,
1218 PACL dacl,
1219 BOOL dacldefaulted )
1220 {
1221 return set_ntstatus( RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ) );
1222 }
1223 /******************************************************************************
1224 * GetSecurityDescriptorSacl [ADVAPI32.@]
1225 */
1226 BOOL WINAPI GetSecurityDescriptorSacl(
1227 IN PSECURITY_DESCRIPTOR lpsd,
1228 OUT LPBOOL lpbSaclPresent,
1229 OUT PACL *pSacl,
1230 OUT LPBOOL lpbSaclDefaulted)
1231 {
1232 BOOLEAN present, defaulted;
1233 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor(lpsd, &present, pSacl, &defaulted) );
1234 *lpbSaclPresent = present;
1235 *lpbSaclDefaulted = defaulted;
1236 return ret;
1237 }
1238
1239 /**************************************************************************
1240 * SetSecurityDescriptorSacl [ADVAPI32.@]
1241 */
1242 BOOL WINAPI SetSecurityDescriptorSacl (
1243 PSECURITY_DESCRIPTOR lpsd,
1244 BOOL saclpresent,
1245 PACL lpsacl,
1246 BOOL sacldefaulted)
1247 {
1248 return set_ntstatus (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
1249 }
1250 /******************************************************************************
1251 * MakeSelfRelativeSD [ADVAPI32.@]
1252 *
1253 * PARAMS
1254 * lpabssecdesc []
1255 * lpselfsecdesc []
1256 * lpbuflen []
1257 */
1258 BOOL WINAPI
1259 MakeSelfRelativeSD(
1260 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1261 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1262 IN OUT LPDWORD lpdwBufferLength)
1263 {
1264 return set_ntstatus( RtlMakeSelfRelativeSD( pAbsoluteSecurityDescriptor,
1265 pSelfRelativeSecurityDescriptor, lpdwBufferLength));
1266 }
1267
1268 /******************************************************************************
1269 * GetSecurityDescriptorControl [ADVAPI32.@]
1270 */
1271
1272 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1273 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
1274 {
1275 return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
1276 }
1277
1278 /* ##############################
1279 ###### ACL FUNCTIONS ######
1280 ##############################
1281 */
1282
1283 /*************************************************************************
1284 * InitializeAcl [ADVAPI32.@]
1285 */
1286 BOOL WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
1287 {
1288 return set_ntstatus( RtlCreateAcl(acl, size, rev));
1289 }
1290
1291 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
1292 {
1293 IO_STATUS_BLOCK io_block;
1294
1295 TRACE("(%p)\n", hNamedPipe);
1296
1297 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
1298 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
1299 }
1300
1301 /******************************************************************************
1302 * AddAccessAllowedAce [ADVAPI32.@]
1303 */
1304 BOOL WINAPI AddAccessAllowedAce(
1305 IN OUT PACL pAcl,
1306 IN DWORD dwAceRevision,
1307 IN DWORD AccessMask,
1308 IN PSID pSid)
1309 {
1310 return set_ntstatus(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
1311 }
1312
1313 /******************************************************************************
1314 * AddAccessAllowedAceEx [ADVAPI32.@]
1315 */
1316 BOOL WINAPI AddAccessAllowedAceEx(
1317 IN OUT PACL pAcl,
1318 IN DWORD dwAceRevision,
1319 IN DWORD AceFlags,
1320 IN DWORD AccessMask,
1321 IN PSID pSid)
1322 {
1323 return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1324 }
1325
1326 /******************************************************************************
1327 * AddAccessDeniedAce [ADVAPI32.@]
1328 */
1329 BOOL WINAPI AddAccessDeniedAce(
1330 IN OUT PACL pAcl,
1331 IN DWORD dwAceRevision,
1332 IN DWORD AccessMask,
1333 IN PSID pSid)
1334 {
1335 return set_ntstatus(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
1336 }
1337
1338 /******************************************************************************
1339 * AddAccessDeniedAceEx [ADVAPI32.@]
1340 */
1341 BOOL WINAPI AddAccessDeniedAceEx(
1342 IN OUT PACL pAcl,
1343 IN DWORD dwAceRevision,
1344 IN DWORD AceFlags,
1345 IN DWORD AccessMask,
1346 IN PSID pSid)
1347 {
1348 return set_ntstatus(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1349 }
1350
1351 /******************************************************************************
1352 * AddAce [ADVAPI32.@]
1353 */
1354 BOOL WINAPI AddAce(
1355 IN OUT PACL pAcl,
1356 IN DWORD dwAceRevision,
1357 IN DWORD dwStartingAceIndex,
1358 LPVOID pAceList,
1359 DWORD nAceListLength)
1360 {
1361 return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
1362 }
1363
1364 /******************************************************************************
1365 * DeleteAce [ADVAPI32.@]
1366 */
1367 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
1368 {
1369 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1370 }
1371
1372 /******************************************************************************
1373 * FindFirstFreeAce [ADVAPI32.@]
1374 */
1375 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
1376 {
1377 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
1378 }
1379
1380 /******************************************************************************
1381 * GetAce [ADVAPI32.@]
1382 */
1383 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1384 {
1385 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1386 }
1387
1388 /******************************************************************************
1389 * GetAclInformation [ADVAPI32.@]
1390 */
1391 BOOL WINAPI GetAclInformation(
1392 PACL pAcl,
1393 LPVOID pAclInformation,
1394 DWORD nAclInformationLength,
1395 ACL_INFORMATION_CLASS dwAclInformationClass)
1396 {
1397 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1398 nAclInformationLength, dwAclInformationClass));
1399 }
1400
1401 /******************************************************************************
1402 * IsValidAcl [ADVAPI32.@]
1403 */
1404 BOOL WINAPI IsValidAcl(IN PACL pAcl)
1405 {
1406 return RtlValidAcl(pAcl);
1407 }
1408
1409 /* ##############################
1410 ###### MISC FUNCTIONS ######
1411 ##############################
1412 */
1413
1414 /******************************************************************************
1415 * AllocateLocallyUniqueId [ADVAPI32.@]
1416 *
1417 * PARAMS
1418 * lpLuid []
1419 */
1420 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid )
1421 {
1422 return set_ntstatus(NtAllocateLocallyUniqueId(lpLuid));
1423 }
1424
1425 static const WCHAR SE_CREATE_TOKEN_NAME_W[] =
1426 { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1427 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] =
1428 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1429 static const WCHAR SE_LOCK_MEMORY_NAME_W[] =
1430 { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 };
1431 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] =
1432 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
1433 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] =
1434 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
1435 static const WCHAR SE_TCB_NAME_W[] =
1436 { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 };
1437 static const WCHAR SE_SECURITY_NAME_W[] =
1438 { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1439 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] =
1440 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
1441 static const WCHAR SE_LOAD_DRIVER_NAME_W[] =
1442 { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 };
1443 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] =
1444 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1445 static const WCHAR SE_SYSTEMTIME_NAME_W[] =
1446 { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 };
1447 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] =
1448 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
1449 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] =
1450 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1451 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] =
1452 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1453 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] =
1454 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1455 static const WCHAR SE_BACKUP_NAME_W[] =
1456 { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 };
1457 static const WCHAR SE_RESTORE_NAME_W[] =
1458 { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 };
1459 static const WCHAR SE_SHUTDOWN_NAME_W[] =
1460 { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1461 static const WCHAR SE_DEBUG_NAME_W[] =
1462 { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 };
1463 static const WCHAR SE_AUDIT_NAME_W[] =
1464 { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 };
1465 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] =
1466 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1467 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] =
1468 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
1469 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] =
1470 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1471 static const WCHAR SE_UNDOCK_NAME_W[] =
1472 { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 };
1473 static const WCHAR SE_SYNC_AGENT_NAME_W[] =
1474 { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1475 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] =
1476 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
1477 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] =
1478 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
1479 static const WCHAR SE_IMPERSONATE_NAME_W[] =
1480 { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 };
1481 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
1482 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
1483
1484 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
1485 {
1486 NULL,
1487 NULL,
1488 SE_CREATE_TOKEN_NAME_W,
1489 SE_ASSIGNPRIMARYTOKEN_NAME_W,
1490 SE_LOCK_MEMORY_NAME_W,
1491 SE_INCREASE_QUOTA_NAME_W,
1492 SE_MACHINE_ACCOUNT_NAME_W,
1493 SE_TCB_NAME_W,
1494 SE_SECURITY_NAME_W,
1495 SE_TAKE_OWNERSHIP_NAME_W,
1496 SE_LOAD_DRIVER_NAME_W,
1497 SE_SYSTEM_PROFILE_NAME_W,
1498 SE_SYSTEMTIME_NAME_W,
1499 SE_PROF_SINGLE_PROCESS_NAME_W,
1500 SE_INC_BASE_PRIORITY_NAME_W,
1501 SE_CREATE_PAGEFILE_NAME_W,
1502 SE_CREATE_PERMANENT_NAME_W,
1503 SE_BACKUP_NAME_W,
1504 SE_RESTORE_NAME_W,
1505 SE_SHUTDOWN_NAME_W,
1506 SE_DEBUG_NAME_W,
1507 SE_AUDIT_NAME_W,
1508 SE_SYSTEM_ENVIRONMENT_NAME_W,
1509 SE_CHANGE_NOTIFY_NAME_W,
1510 SE_REMOTE_SHUTDOWN_NAME_W,
1511 SE_UNDOCK_NAME_W,
1512 SE_SYNC_AGENT_NAME_W,
1513 SE_ENABLE_DELEGATION_NAME_W,
1514 SE_MANAGE_VOLUME_NAME_W,
1515 SE_IMPERSONATE_NAME_W,
1516 SE_CREATE_GLOBAL_NAME_W,
1517 };
1518
1519 /******************************************************************************
1520 * LookupPrivilegeValueW [ADVAPI32.@]
1521 *
1522 * See LookupPrivilegeValueA.
1523 */
1524 BOOL WINAPI
1525 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
1526 {
1527 UINT i;
1528
1529 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
1530
1531 if (!ADVAPI_IsLocalComputer(lpSystemName))
1532 {
1533 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1534 return FALSE;
1535 }
1536 if (!lpName)
1537 {
1538 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1539 return FALSE;
1540 }
1541 for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<SE_MAX_WELL_KNOWN_PRIVILEGE; i++ )
1542 {
1543 if( !WellKnownPrivNames[i] )
1544 continue;
1545 if( strcmpiW( WellKnownPrivNames[i], lpName) )
1546 continue;
1547 lpLuid->LowPart = i;
1548 lpLuid->HighPart = 0;
1549 TRACE( "%s -> %08x-%08x\n",debugstr_w( lpSystemName ),
1550 lpLuid->HighPart, lpLuid->LowPart );
1551 return TRUE;
1552 }
1553 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1554 return FALSE;
1555 }
1556
1557 /******************************************************************************
1558 * LookupPrivilegeValueA [ADVAPI32.@]
1559 *
1560 * Retrieves LUID used on a system to represent the privilege name.
1561 *
1562 * PARAMS
1563 * lpSystemName [I] Name of the system
1564 * lpName [I] Name of the privilege
1565 * lpLuid [O] Destination for the resulting LUID
1566 *
1567 * RETURNS
1568 * Success: TRUE. lpLuid contains the requested LUID.
1569 * Failure: FALSE.
1570 */
1571 BOOL WINAPI
1572 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
1573 {
1574 UNICODE_STRING lpSystemNameW;
1575 UNICODE_STRING lpNameW;
1576 BOOL ret;
1577
1578 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1579 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
1580 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
1581 RtlFreeUnicodeString(&lpNameW);
1582 RtlFreeUnicodeString(&lpSystemNameW);
1583 return ret;
1584 }
1585
1586 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName,
1587 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1588 {
1589 FIXME("%s %s %s %p %p - stub\n", debugstr_a(lpSystemName), debugstr_a(lpName),
1590 debugstr_a(lpDisplayName), cchDisplayName, lpLanguageId);
1591
1592 return FALSE;
1593 }
1594
1595 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName,
1596 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1597 {
1598 FIXME("%s %s %s %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpName),
1599 debugstr_w(lpDisplayName), cchDisplayName, lpLanguageId);
1600
1601 return FALSE;
1602 }
1603
1604 /******************************************************************************
1605 * LookupPrivilegeNameA [ADVAPI32.@]
1606 *
1607 * See LookupPrivilegeNameW.
1608 */
1609 BOOL WINAPI
1610 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName,
1611 LPDWORD cchName)
1612 {
1613 UNICODE_STRING lpSystemNameW;
1614 BOOL ret;
1615 DWORD wLen = 0;
1616
1617 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1618
1619 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1620 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1621 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1622 {
1623 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1624
1625 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1626 &wLen);
1627 if (ret)
1628 {
1629 /* Windows crashes if cchName is NULL, so will I */
1630 int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1631 *cchName, NULL, NULL);
1632
1633 if (len == 0)
1634 {
1635 /* WideCharToMultiByte failed */
1636 ret = FALSE;
1637 }
1638 else if (len > *cchName)
1639 {
1640 *cchName = len;
1641 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1642 ret = FALSE;
1643 }
1644 else
1645 {
1646 /* WideCharToMultiByte succeeded, output length needs to be
1647 * length not including NULL terminator
1648 */
1649 *cchName = len - 1;
1650 }
1651 }
1652 HeapFree(GetProcessHeap(), 0, lpNameW);
1653 }
1654 RtlFreeUnicodeString(&lpSystemNameW);
1655 return ret;
1656 }
1657
1658 /******************************************************************************
1659 * LookupPrivilegeNameW [ADVAPI32.@]
1660 *
1661 * Retrieves the privilege name referred to by the LUID lpLuid.
1662 *
1663 * PARAMS
1664 * lpSystemName [I] Name of the system
1665 * lpLuid [I] Privilege value
1666 * lpName [O] Name of the privilege
1667 * cchName [I/O] Number of characters in lpName.
1668 *
1669 * RETURNS
1670 * Success: TRUE. lpName contains the name of the privilege whose value is
1671 * *lpLuid.
1672 * Failure: FALSE.
1673 *
1674 * REMARKS
1675 * Only well-known privilege names (those defined in winnt.h) can be retrieved
1676 * using this function.
1677 * If the length of lpName is too small, on return *cchName will contain the
1678 * number of WCHARs needed to contain the privilege, including the NULL
1679 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
1680 * On success, *cchName will contain the number of characters stored in
1681 * lpName, NOT including the NULL terminator.
1682 */
1683 BOOL WINAPI
1684 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
1685 LPDWORD cchName)
1686 {
1687 size_t privNameLen;
1688
1689 TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
1690
1691 if (!ADVAPI_IsLocalComputer(lpSystemName))
1692 {
1693 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1694 return FALSE;
1695 }
1696 if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
1697 lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
1698 {
1699 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1700 return FALSE;
1701 }
1702 privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
1703 /* Windows crashes if cchName is NULL, so will I */
1704 if (*cchName <= privNameLen)
1705 {
1706 *cchName = privNameLen + 1;
1707 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1708 return FALSE;
1709 }
1710 else
1711 {
1712 strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
1713 *cchName = privNameLen;
1714 return TRUE;
1715 }
1716 }
1717
1718 /******************************************************************************
1719 * GetFileSecurityA [ADVAPI32.@]
1720 *
1721 * Obtains Specified information about the security of a file or directory.
1722 *
1723 * PARAMS
1724 * lpFileName [I] Name of the file to get info for
1725 * RequestedInformation [I] SE_ flags from "winnt.h"
1726 * pSecurityDescriptor [O] Destination for security information
1727 * nLength [I] Length of pSecurityDescriptor
1728 * lpnLengthNeeded [O] Destination for length of returned security information
1729 *
1730 * RETURNS
1731 * Success: TRUE. pSecurityDescriptor contains the requested information.
1732 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1733 *
1734 * NOTES
1735 * The information returned is constrained by the callers access rights and
1736 * privileges.
1737 */
1738 BOOL WINAPI
1739 GetFileSecurityA( LPCSTR lpFileName,
1740 SECURITY_INFORMATION RequestedInformation,
1741 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1742 DWORD nLength, LPDWORD lpnLengthNeeded )
1743 {
1744 DWORD len;
1745 BOOL r;
1746 LPWSTR name = NULL;
1747
1748 if( lpFileName )
1749 {
1750 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1751 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1752 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1753 }
1754
1755 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor,
1756 nLength, lpnLengthNeeded );
1757 HeapFree( GetProcessHeap(), 0, name );
1758
1759 return r;
1760 }
1761
1762 /******************************************************************************
1763 * GetFileSecurityW [ADVAPI32.@]
1764 *
1765 * See GetFileSecurityA.
1766 */
1767 BOOL WINAPI
1768 GetFileSecurityW( LPCWSTR lpFileName,
1769 SECURITY_INFORMATION RequestedInformation,
1770 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1771 DWORD nLength, LPDWORD lpnLengthNeeded )
1772 {
1773 HANDLE hfile;
1774 NTSTATUS status;
1775
1776 hfile = CreateFileW( lpFileName, GENERIC_READ, FILE_SHARE_READ,
1777 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0 );
1778 if ( hfile == INVALID_HANDLE_VALUE )
1779 return FALSE;
1780
1781 status = NtQuerySecurityObject( hfile, RequestedInformation, pSecurityDescriptor,
1782 nLength, lpnLengthNeeded );
1783 CloseHandle( hfile );
1784 return set_ntstatus( status );
1785 }
1786
1787
1788 /******************************************************************************
1789 * LookupAccountSidA [ADVAPI32.@]
1790 */
1791 BOOL WINAPI
1792 LookupAccountSidA(
1793 IN LPCSTR system,
1794 IN PSID sid,
1795 OUT LPSTR account,
1796 IN OUT LPDWORD accountSize,
1797 OUT LPSTR domain,
1798 IN OUT LPDWORD domainSize,
1799 OUT PSID_NAME_USE name_use )
1800 {
1801 DWORD len;
1802 BOOL r;
1803 LPWSTR systemW = NULL;
1804 LPWSTR accountW = NULL;
1805 LPWSTR domainW = NULL;
1806 DWORD accountSizeW = *accountSize;
1807 DWORD domainSizeW = *domainSize;
1808
1809 TRACE("(%s,sid=%s,%p,%p(%u),%p,%p(%u),%p)\n",
1810 debugstr_a(system),debugstr_sid(sid),
1811 account,accountSize,accountSize?*accountSize:0,
1812 domain,domainSize,domainSize?*domainSize:0,
1813 name_use);
1814
1815 if (system) {
1816 len = MultiByteToWideChar( CP_ACP, 0, system, -1, NULL, 0 );
1817 systemW = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) );
1818 MultiByteToWideChar( CP_ACP, 0, system, -1, systemW, len );
1819 }
1820 if (account)
1821 accountW = HeapAlloc( GetProcessHeap(), 0, accountSizeW * sizeof(WCHAR) );
1822 if (domain)
1823 domainW = HeapAlloc( GetProcessHeap(), 0, domainSizeW * sizeof(WCHAR) );
1824
1825 r = LookupAccountSidW( systemW, sid, accountW, &accountSizeW, domainW, &domainSizeW, name_use );
1826
1827 if (r) {
1828 if (accountW && *accountSize) {
1829 len = WideCharToMultiByte( CP_ACP, 0, accountW, -1, NULL, 0, NULL, NULL );
1830 WideCharToMultiByte( CP_ACP, 0, accountW, -1, account, len, NULL, NULL );
1831 *accountSize = len;
1832 } else
1833 *accountSize = accountSizeW + 1;
1834
1835 if (domainW && *domainSize) {
1836 len = WideCharToMultiByte( CP_ACP, 0, domainW, -1, NULL, 0, NULL, NULL );
1837 WideCharToMultiByte( CP_ACP, 0, domainW, -1, domain, len, NULL, NULL );
1838 *domainSize = len;
1839 } else
1840 *domainSize = domainSizeW + 1;
1841 }
1842
1843 HeapFree( GetProcessHeap(), 0, systemW );
1844 HeapFree( GetProcessHeap(), 0, accountW );
1845 HeapFree( GetProcessHeap(), 0, domainW );
1846
1847 return r;
1848 }
1849
1850 /******************************************************************************
1851 * LookupAccountSidW [ADVAPI32.@]
1852 *
1853 * PARAMS
1854 * system []
1855 * sid []
1856 * account []
1857 * accountSize []
1858 * domain []
1859 * domainSize []
1860 * name_use []
1861 */
1862
1863 BOOL WINAPI
1864 LookupAccountSidW(
1865 IN LPCWSTR system,
1866 IN PSID sid,
1867 OUT LPWSTR account,
1868 IN OUT LPDWORD accountSize,
1869 OUT LPWSTR domain,
1870 IN OUT LPDWORD domainSize,
1871 OUT PSID_NAME_USE name_use )
1872 {
1873 int i, j;
1874 const WCHAR * ac = NULL;
1875 const WCHAR * dm = NULL;
1876 SID_NAME_USE use = 0;
1877 LPWSTR computer_name = NULL;
1878
1879 TRACE("(%s,sid=%s,%p,%p(%u),%p,%p(%u),%p)\n",
1880 debugstr_w(system),debugstr_sid(sid),
1881 account,accountSize,accountSize?*accountSize:0,
1882 domain,domainSize,domainSize?*domainSize:0,
1883 name_use);
1884
1885 if (!ADVAPI_IsLocalComputer(system)) {
1886 FIXME("Only local computer supported!\n");
1887 SetLastError(ERROR_NONE_MAPPED);
1888 return FALSE;
1889 }
1890
1891 /* check the well known SIDs first */
1892 for (i = 0; i <= 60; i++) {
1893 if (IsWellKnownSid(sid, i)) {
1894 for (j = 0; j < (sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0])); j++) {
1895 if (ACCOUNT_SIDS[j].type == i) {
1896 ac = ACCOUNT_SIDS[j].account;
1897 dm = ACCOUNT_SIDS[j].domain;
1898 use = ACCOUNT_SIDS[j].name_use;
1899 }
1900 }
1901 break;
1902 }
1903 }
1904
1905 if (dm == NULL) {
1906 MAX_SID local;
1907
1908 /* check for the local computer next */
1909 if (ADVAPI_GetComputerSid(&local)) {
1910 DWORD size = MAX_COMPUTERNAME_LENGTH + 1;
1911 BOOL result;
1912
1913 computer_name = HeapAlloc(GetProcessHeap(), 0, size * sizeof(WCHAR));
1914 result = GetComputerNameW(computer_name, &size);
1915
1916 if (result) {
1917 if (EqualSid(sid, &local)) {
1918 dm = computer_name;
1919 ac = Blank;
1920 use = 3;
1921 } else {
1922 local.SubAuthorityCount++;
1923
1924 if (EqualPrefixSid(sid, &local)) {
1925 dm = computer_name;
1926 use = 1;
1927 switch (((MAX_SID *)sid)->SubAuthority[4]) {
1928 case DOMAIN_USER_RID_ADMIN:
1929 ac = Administrator;
1930 break;
1931 case DOMAIN_USER_RID_GUEST:
1932 ac = Guest;
1933 break;
1934 case DOMAIN_GROUP_RID_ADMINS:
1935 ac = Domain_Admins;
1936 break;
1937 case DOMAIN_GROUP_RID_USERS:
1938 ac = Domain_Users;
1939 break;
1940 case DOMAIN_GROUP_RID_GUESTS:
1941 ac = Domain_Guests;
1942 break;
1943 case DOMAIN_GROUP_RID_COMPUTERS:
1944 ac = Domain_Computers;
1945 break;
1946 case DOMAIN_GROUP_RID_CONTROLLERS:
1947 ac = Domain_Controllers;
1948 break;
1949 case DOMAIN_GROUP_RID_CERT_ADMINS:
1950 ac = Cert_Publishers;
1951 break;
1952 case DOMAIN_GROUP_RID_SCHEMA_ADMINS:
1953 ac = Schema_Admins;
1954 break;
1955 case DOMAIN_GROUP_RID_ENTERPRISE_ADMINS:
1956 ac = Enterprise_Admins;
1957 break;
1958 case DOMAIN_GROUP_RID_POLICY_ADMINS:
1959 ac = Group_Policy_Creator_Owners;
1960 break;
1961 case DOMAIN_ALIAS_RID_RAS_SERVERS:
1962 ac = RAS_and_IAS_Servers;
1963 break;
1964 default:
1965 dm = NULL;
1966 break;
1967 }
1968 }
1969 }
1970 }
1971 }
1972 }
1973
1974 if (dm) {
1975 BOOL status = TRUE;
1976 if (*accountSize > lstrlenW(ac)) {
1977 if (account)
1978 lstrcpyW(account, ac);
1979 }
1980 if (*domainSize > lstrlenW(dm)) {
1981 if (domain)
1982 lstrcpyW(domain, dm);
1983 }
1984 if (((*accountSize != 0) && (*accountSize < strlenW(ac))) ||
1985 ((*domainSize != 0) && (*domainSize < strlenW(dm)))) {
1986 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1987 status = FALSE;
1988 }
1989 if (*domainSize)
1990 *domainSize = strlenW(dm);
1991 else
1992 *domainSize = strlenW(dm) + 1;
1993 if (*accountSize)
1994 *accountSize = strlenW(ac);
1995 else
1996 *accountSize = strlenW(ac) + 1;
1997 *name_use = use;
1998 HeapFree(GetProcessHeap(), 0, computer_name);
1999 return status;
2000 }
2001
2002 HeapFree(GetProcessHeap(), 0, computer_name);
2003 SetLastError(ERROR_NONE_MAPPED);
2004 return FALSE;
2005 }
2006
2007 /******************************************************************************
2008 * SetFileSecurityA [ADVAPI32.@]
2009 *
2010 * See SetFileSecurityW.
2011 */
2012 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
2013 SECURITY_INFORMATION RequestedInformation,
2014 PSECURITY_DESCRIPTOR pSecurityDescriptor)
2015 {
2016 DWORD len;
2017 BOOL r;
2018 LPWSTR name = NULL;
2019
2020 if( lpFileName )
2021 {
2022 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
2023 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
2024 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
2025 }
2026
2027 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor );
2028 HeapFree( GetProcessHeap(), 0, name );
2029
2030 return r;
2031 }
2032
2033 /******************************************************************************
2034 * SetFileSecurityW [ADVAPI32.@]
2035 *
2036 * Sets the security of a file or directory.
2037 *
2038 * PARAMS
2039 * lpFileName []
2040 * RequestedInformation []
2041 * pSecurityDescriptor []
2042 *
2043 * RETURNS
2044 * Success: TRUE.
2045 * Failure: FALSE.
2046 */
2047 BOOL WINAPI
2048 SetFileSecurityW( LPCWSTR lpFileName,
2049 SECURITY_INFORMATION RequestedInformation,
2050 PSECURITY_DESCRIPTOR pSecurityDescriptor )
2051 {
2052 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
2053 return TRUE;
2054 }
2055
2056 /******************************************************************************
2057 * QueryWindows31FilesMigration [ADVAPI32.@]
2058 *
2059 * PARAMS
2060 * x1 []
2061 */
2062 BOOL WINAPI
2063 QueryWindows31FilesMigration( DWORD x1 )
2064 {
2065 FIXME("(%d):stub\n",x1);
2066 return TRUE;
2067 }
2068
2069 /******************************************************************************
2070 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
2071 *
2072 * PARAMS
2073 * x1 []
2074 * x2 []
2075 * x3 []
2076 * x4 []
2077 */
2078 BOOL WINAPI
2079 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
2080 DWORD x4 )
2081 {
2082 FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
2083 return TRUE;
2084 }
2085
2086 /******************************************************************************
2087 * NotifyBootConfigStatus [ADVAPI32.@]
2088 *
2089 * PARAMS
2090 * x1 []
2091 */
2092 BOOL WINAPI
2093 NotifyBootConfigStatus( BOOL x1 )
2094 {
2095 FIXME("(0x%08d):stub\n",x1);
2096 return 1;
2097 }
2098
2099 /******************************************************************************
2100 * RevertToSelf [ADVAPI32.@]
2101 *
2102 * Ends the impersonation of a user.
2103 *
2104 * PARAMS
2105 * void []
2106 *
2107 * RETURNS
2108 * Success: TRUE.
2109 * Failure: FALSE.
2110 */
2111 BOOL WINAPI
2112 RevertToSelf( void )
2113 {
2114 HANDLE Token = NULL;
2115 return set_ntstatus( NtSetInformationThread( GetCurrentThread(),
2116 ThreadImpersonationToken, &Token, sizeof(Token) ) );
2117 }
2118
2119 /******************************************************************************
2120 * ImpersonateSelf [ADVAPI32.@]
2121 *
2122 * Makes an impersonation token that represents the process user and assigns
2123 * to the current thread.
2124 *
2125 * PARAMS
2126 * ImpersonationLevel [I] Level at which to impersonate.
2127 *
2128 * RETURNS
2129 * Success: TRUE.
2130 * Failure: FALSE.
2131 */
2132 BOOL WINAPI
2133 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
2134 {
2135 return set_ntstatus( RtlImpersonateSelf( ImpersonationLevel ) );
2136 }
2137
2138 /******************************************************************************
2139 * ImpersonateLoggedOnUser [ADVAPI32.@]
2140 */
2141 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
2142 {
2143 DWORD size;
2144 NTSTATUS Status;
2145 HANDLE ImpersonationToken;
2146 TOKEN_TYPE Type;
2147
2148 FIXME( "(%p)\n", hToken );
2149
2150 if (!GetTokenInformation( hToken, TokenType, &Type,
2151 sizeof(TOKEN_TYPE), &size ))
2152 return FALSE;
2153
2154 if (Type == TokenPrimary)
2155 {
2156 OBJECT_ATTRIBUTES ObjectAttributes;
2157
2158 InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL );
2159
2160 Status = NtDuplicateToken( hToken,
2161 TOKEN_IMPERSONATE | TOKEN_QUERY,
2162 &ObjectAttributes,
2163 SecurityImpersonation,
2164 TokenImpersonation,
2165 &ImpersonationToken );
2166 if (Status != STATUS_SUCCESS)
2167 {
2168 ERR( "NtDuplicateToken failed with error 0x%08x\n", Status );
2169 SetLastError( RtlNtStatusToDosError( Status ) );
2170 return FALSE;
2171 }
2172 }
2173 else
2174 ImpersonationToken = hToken;
2175
2176 Status = NtSetInformationThread( GetCurrentThread(),
2177 ThreadImpersonationToken,
2178 &ImpersonationToken,
2179 sizeof(ImpersonationToken) );
2180
2181 if (Type == TokenPrimary)
2182 NtClose( ImpersonationToken );
2183
2184 if (Status != STATUS_SUCCESS)
2185 {
2186 ERR( "NtSetInformationThread failed with error 0x%08x\n", Status );
2187 SetLastError( RtlNtStatusToDosError( Status ) );
2188 return FALSE;
2189 }
2190
2191 return TRUE;
2192 }
2193
2194 /******************************************************************************
2195 * AccessCheck [ADVAPI32.@]
2196 */
2197 BOOL WINAPI
2198 AccessCheck(
2199 PSECURITY_DESCRIPTOR SecurityDescriptor,
2200 HANDLE ClientToken,
2201 DWORD DesiredAccess,
2202 PGENERIC_MAPPING GenericMapping,
2203 PPRIVILEGE_SET PrivilegeSet,
2204 LPDWORD PrivilegeSetLength,
2205 LPDWORD GrantedAccess,
2206 LPBOOL AccessStatus)
2207 {
2208 NTSTATUS access_status;
2209 BOOL ret = set_ntstatus( NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
2210 GenericMapping, PrivilegeSet, PrivilegeSetLength,
2211 GrantedAccess, &access_status) );
2212 if (ret) *AccessStatus = set_ntstatus( access_status );
2213 return ret;
2214 }
2215
2216
2217 /******************************************************************************
2218 * AccessCheckByType [ADVAPI32.@]
2219 */
2220 BOOL WINAPI AccessCheckByType(
2221 PSECURITY_DESCRIPTOR pSecurityDescriptor,
2222 PSID PrincipalSelfSid,
2223 HANDLE ClientToken,
2224 DWORD DesiredAccess,
2225 POBJECT_TYPE_LIST ObjectTypeList,
2226 DWORD ObjectTypeListLength,
2227 PGENERIC_MAPPING GenericMapping,
2228 PPRIVILEGE_SET PrivilegeSet,
2229 LPDWORD PrivilegeSetLength,
2230 LPDWORD GrantedAccess,
2231 LPBOOL AccessStatus)
2232 {
2233 FIXME("stub\n");
2234
2235 *AccessStatus = TRUE;
2236
2237 return !*AccessStatus;
2238 }
2239
2240 /******************************************************************************
2241 * MapGenericMask [ADVAPI32.@]
2242 *
2243 * Maps generic access rights into specific access rights according to the
2244 * supplied mapping.
2245 *
2246 * PARAMS
2247 * AccessMask [I/O] Access rights.
2248 * GenericMapping [I] The mapping between generic and specific rights.
2249 *
2250 * RETURNS
2251 * Nothing.
2252 */
2253 VOID WINAPI MapGenericMask( PDWORD AccessMask, PGENERIC_MAPPING GenericMapping )
2254 {
2255 RtlMapGenericMask( AccessMask, GenericMapping );
2256 }
2257
2258 /*************************************************************************
2259 * SetKernelObjectSecurity [ADVAPI32.@]
2260 */
2261 BOOL WINAPI SetKernelObjectSecurity (
2262 IN HANDLE Handle,
2263 IN SECURITY_INFORMATION SecurityInformation,
2264 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
2265 {
2266 return set_ntstatus (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
2267 }
2268
2269
2270 /******************************************************************************
2271 * AddAuditAccessAce [ADVAPI32.@]
2272 */
2273 BOOL WINAPI AddAuditAccessAce(
2274 IN OUT PACL pAcl,
2275 IN DWORD dwAceRevision,
2276 IN DWORD dwAccessMask,
2277 IN PSID pSid,
2278 IN BOOL bAuditSuccess,
2279 IN BOOL bAuditFailure)
2280 {
2281 return set_ntstatus( RtlAddAuditAccessAce(pAcl, dwAceRevision, dwAccessMask, pSid,
2282 bAuditSuccess, bAuditFailure) );
2283 }
2284
2285 /******************************************************************************
2286 * AddAuditAccessAce [ADVAPI32.@]
2287 */
2288 BOOL WINAPI AddAuditAccessAceEx(
2289 IN OUT PACL pAcl,
2290 IN DWORD dwAceRevision,
2291 IN DWORD dwAceFlags,
2292 IN DWORD dwAccessMask,
2293 IN PSID pSid,
2294 IN BOOL bAuditSuccess,
2295 IN BOOL bAuditFailure)
2296 {
2297 return set_ntstatus( RtlAddAuditAccessAceEx(pAcl, dwAceRevision, dwAceFlags, dwAccessMask, pSid,
2298 bAuditSuccess, bAuditFailure) );
2299 }
2300
2301 /******************************************************************************
2302 * LookupAccountNameA [ADVAPI32.@]
2303 */
2304 BOOL WINAPI
2305 LookupAccountNameA(
2306 IN LPCSTR system,
2307 IN LPCSTR account,
2308 OUT PSID sid,
2309 OUT LPDWORD cbSid,
2310 LPSTR ReferencedDomainName,
2311 IN OUT LPDWORD cbReferencedDomainName,
2312 OUT PSID_NAME_USE name_use )
2313 {
2314 BOOL ret;
2315 UNICODE_STRING lpSystemW;
2316 UNICODE_STRING lpAccountW;
2317 LPWSTR lpReferencedDomainNameW = NULL;
2318
2319 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, system);
2320 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, account);
2321
2322 if (ReferencedDomainName)
2323 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(), 0, *cbReferencedDomainName * sizeof(WCHAR));
2324
2325 ret = LookupAccountNameW(lpSystemW.Buffer, lpAccountW.Buffer, sid, cbSid, lpReferencedDomainNameW,
2326 cbReferencedDomainName, name_use);
2327
2328 if (ret && lpReferencedDomainNameW)
2329 {
2330 WideCharToMultiByte(CP_ACP, 0, lpReferencedDomainNameW, *cbReferencedDomainName,
2331 ReferencedDomainName, *cbReferencedDomainName, NULL, NULL);
2332 }
2333
2334 RtlFreeUnicodeString(&lpSystemW);
2335 RtlFreeUnicodeString(&lpAccountW);
2336 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
2337
2338 return ret;
2339 }
2340
2341 /******************************************************************************
2342 * LookupAccountNameW [ADVAPI32.@]
2343 */
2344 BOOL WINAPI LookupAccountNameW( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid,
2345 LPDWORD cbSid, LPWSTR ReferencedDomainName,
2346 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
2347 {
2348 /* Default implementation: Always return a default SID */
2349 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
2350 BOOL ret;
2351 PSID pSid;
2352 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
2353
2354 FIXME("%s %s %p %p %p %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpAccountName),
2355 Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse);
2356
2357 ret = AllocateAndInitializeSid(&identifierAuthority,
2358 2,
2359 SECURITY_BUILTIN_DOMAIN_RID,
2360 DOMAIN_ALIAS_RID_ADMINS,
2361 0, 0, 0, 0, 0, 0,
2362 &pSid);
2363
2364 if (!ret)
2365 return FALSE;
2366
2367 if (!RtlValidSid(pSid))
2368 {
2369 FreeSid(pSid);
2370 return FALSE;
2371 }
2372
2373 if (Sid != NULL && (*cbSid >= GetLengthSid(pSid)))
2374 CopySid(*cbSid, Sid, pSid);
2375 if (*cbSid < GetLengthSid(pSid))
2376 {
2377 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2378 ret = FALSE;
2379 }
2380 *cbSid = GetLengthSid(pSid);
2381
2382 if (ReferencedDomainName != NULL && (*cchReferencedDomainName > strlenW(dm)))
2383 strcpyW(ReferencedDomainName, dm);
2384
2385 if (*cchReferencedDomainName <= strlenW(dm))
2386 {
2387 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2388 ret = FALSE;
2389 }
2390
2391 *cchReferencedDomainName = strlenW(dm)+1;
2392
2393 FreeSid(pSid);
2394
2395 return ret;
2396 }
2397
2398 /******************************************************************************
2399 * PrivilegeCheck [ADVAPI32.@]
2400 */
2401 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
2402 {
2403 BOOL ret;
2404 BOOLEAN Result;
2405
2406 TRACE("%p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
2407
2408 ret = set_ntstatus (NtPrivilegeCheck (ClientToken, RequiredPrivileges, &Result));
2409 if (ret)
2410 *pfResult = Result;
2411 return ret;
2412 }
2413
2414 /******************************************************************************
2415 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
2416 */
2417 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
2418 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
2419 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
2420 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
2421 {
2422 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
2423 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
2424 SecurityDescriptor, DesiredAccess, GenericMapping,
2425 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
2426 return TRUE;
2427 }
2428
2429 /******************************************************************************
2430 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
2431 */
2432 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
2433 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
2434 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
2435 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
2436 {
2437 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
2438 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
2439 SecurityDescriptor, DesiredAccess, GenericMapping,
2440 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
2441 return TRUE;
2442 }
2443
2444 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2445 {
2446 FIXME("stub (%s,%p,%x)\n", debugstr_a(SubsystemName), HandleId, GenerateOnClose);
2447
2448 return TRUE;
2449 }
2450
2451 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2452 {
2453 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
2454
2455 return TRUE;
2456 }
2457
2458 BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2459 {
2460 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
2461
2462 return TRUE;
2463 }
2464
2465 BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName,
2466 LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
2467 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
2468 LPBOOL GenerateOnClose)
2469 {
2470 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_a(SubsystemName),
2471 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), pSecurityDescriptor,
2472 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
2473 GenerateOnClose);
2474
2475 return TRUE;
2476 }
2477
2478 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName,
2479 LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
2480 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
2481 LPBOOL GenerateOnClose)
2482 {
2483 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_w(SubsystemName),
2484 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), pSecurityDescriptor,
2485 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
2486 GenerateOnClose);
2487
2488 return TRUE;
2489 }
2490
2491 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
2492 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2493 {
2494 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_a(SubsystemName), HandleId, ClientToken,
2495 DesiredAccess, Privileges, AccessGranted);
2496
2497 return TRUE;
2498 }
2499
2500 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
2501 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2502 {
2503 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_w(SubsystemName), HandleId, ClientToken,
2504 DesiredAccess, Privileges, AccessGranted);
2505
2506 return TRUE;
2507 }
2508
2509 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken,
2510 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2511 {
2512 FIXME("stub (%s,%s,%p,%p,%x)\n", debugstr_a(SubsystemName), debugstr_a(ServiceName),
2513 ClientToken, Privileges, AccessGranted);
2514
2515 return TRUE;
2516 }
2517
2518 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken,
2519 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2520 {
2521 FIXME("stub %s,%s,%p,%p,%x)\n", debugstr_w(SubsystemName), debugstr_w(ServiceName),
2522 ClientToken, Privileges, AccessGranted);
2523
2524 return TRUE;
2525 }
2526
2527 /******************************************************************************
2528 * GetSecurityInfo [ADVAPI32.@]
2529 */
2530 DWORD WINAPI GetSecurityInfo(
2531 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
2532 SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner,
2533 PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl,
2534 PSECURITY_DESCRIPTOR *ppSecurityDescriptor
2535 )
2536 {
2537 FIXME("stub!\n");
2538 return ERROR_BAD_PROVIDER;
2539 }
2540
2541 /******************************************************************************
2542 * GetSecurityInfoExW [ADVAPI32.@]
2543 */
2544 DWORD WINAPI GetSecurityInfoExW(
2545 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
2546 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
2547 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
2548 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
2549 )
2550 {
2551 FIXME("stub!\n");
2552 return ERROR_BAD_PROVIDER;
2553 }
2554
2555 /******************************************************************************
2556 * BuildExplicitAccessWithNameA [ADVAPI32.@]
2557 */
2558 VOID WINAPI BuildExplicitAccessWithNameA( PEXPLICIT_ACCESSA pExplicitAccess,
2559 LPSTR pTrusteeName, DWORD AccessPermissions,
2560 ACCESS_MODE AccessMode, DWORD Inheritance )
2561 {
2562 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_a(pTrusteeName),
2563 AccessPermissions, AccessMode, Inheritance);
2564
2565 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2566 pExplicitAccess->grfAccessMode = AccessMode;
2567 pExplicitAccess->grfInheritance = Inheritance;
2568
2569 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2570 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2571 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2572 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2573 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2574 }
2575
2576 /******************************************************************************
2577 * BuildExplicitAccessWithNameW [ADVAPI32.@]
2578 */
2579 VOID WINAPI BuildExplicitAccessWithNameW( PEXPLICIT_ACCESSW pExplicitAccess,
2580 LPWSTR pTrusteeName, DWORD AccessPermissions,
2581 ACCESS_MODE AccessMode, DWORD Inheritance )
2582 {
2583 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_w(pTrusteeName),
2584 AccessPermissions, AccessMode, Inheritance);
2585
2586 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2587 pExplicitAccess->grfAccessMode = AccessMode;
2588 pExplicitAccess->grfInheritance = Inheritance;
2589
2590 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2591 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2592 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2593 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2594 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2595 }
2596
2597 /******************************************************************************
2598 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
2599 */
2600 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
2601 SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
2602 LPSTR InheritedObjectTypeName, LPSTR Name )
2603 {
2604 DWORD ObjectsPresent = 0;
2605
2606 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2607 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
2608
2609 /* Fill the OBJECTS_AND_NAME structure */
2610 pObjName->ObjectType = ObjectType;
2611 if (ObjectTypeName != NULL)
2612 {
2613 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2614 }
2615
2616 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2617 if (InheritedObjectTypeName != NULL)
2618 {
2619 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2620 }
2621
2622 pObjName->ObjectsPresent = ObjectsPresent;
2623 pObjName->ptstrName = Name;
2624
2625 /* Fill the TRUSTEE structure */
2626 pTrustee->pMultipleTrustee = NULL;
2627 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2628 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2629 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2630 pTrustee->ptstrName = (LPSTR)pObjName;
2631 }
2632
2633 /******************************************************************************
2634 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
2635 */
2636 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
2637 SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
2638 LPWSTR InheritedObjectTypeName, LPWSTR Name )
2639 {
2640 DWORD ObjectsPresent = 0;
2641
2642 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2643 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
2644
2645 /* Fill the OBJECTS_AND_NAME structure */
2646 pObjName->ObjectType = ObjectType;
2647 if (ObjectTypeName != NULL)
2648 {
2649 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2650 }
2651
2652 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2653 if (InheritedObjectTypeName != NULL)
2654 {
2655 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2656 }
2657
2658 pObjName->ObjectsPresent = ObjectsPresent;
2659 pObjName->ptstrName = Name;
2660
2661 /* Fill the TRUSTEE structure */
2662 pTrustee->pMultipleTrustee = NULL;
2663 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2664 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2665 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2666 pTrustee->ptstrName = (LPWSTR)pObjName;
2667 }
2668
2669 /******************************************************************************
2670 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
2671 */
2672 VOID WINAPI BuildTrusteeWithObjectsAndSidA( PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid,
2673 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2674 {
2675 DWORD ObjectsPresent = 0;
2676
2677 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2678
2679 /* Fill the OBJECTS_AND_SID structure */
2680 if (pObjectGuid != NULL)
2681 {
2682 pObjSid->ObjectTypeGuid = *pObjectGuid;
2683 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2684 }
2685 else
2686 {
2687 ZeroMemory(&pObjSid->ObjectTypeGuid,
2688 sizeof(GUID));
2689 }
2690
2691 if (pInheritedObjectGuid != NULL)
2692 {
2693 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2694 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2695 }
2696 else
2697 {
2698 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2699 sizeof(GUID));
2700 }
2701
2702 pObjSid->ObjectsPresent = ObjectsPresent;
2703 pObjSid->pSid = pSid;
2704
2705 /* Fill the TRUSTEE structure */
2706 pTrustee->pMultipleTrustee = NULL;
2707 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2708 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2709 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2710 pTrustee->ptstrName = (LPSTR) pObjSid;
2711 }
2712
2713 /******************************************************************************
2714 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
2715 */
2716 VOID WINAPI BuildTrusteeWithObjectsAndSidW( PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid,
2717 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2718 {
2719 DWORD ObjectsPresent = 0;
2720
2721 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2722
2723 /* Fill the OBJECTS_AND_SID structure */
2724 if (pObjectGuid != NULL)
2725 {
2726 pObjSid->ObjectTypeGuid = *pObjectGuid;
2727 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2728 }
2729 else
2730 {
2731 ZeroMemory(&pObjSid->ObjectTypeGuid,
2732 sizeof(GUID));
2733 }
2734
2735 if (pInheritedObjectGuid != NULL)
2736 {
2737 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2738 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2739 }
2740 else
2741 {
2742 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2743 sizeof(GUID));
2744 }
2745
2746 pObjSid->ObjectsPresent = ObjectsPresent;
2747 pObjSid->pSid = pSid;
2748
2749 /* Fill the TRUSTEE structure */
2750 pTrustee->pMultipleTrustee = NULL;
2751 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2752 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2753 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2754 pTrustee->ptstrName = (LPWSTR) pObjSid;
2755 }
2756
2757 /******************************************************************************
2758 * BuildTrusteeWithSidA [ADVAPI32.@]
2759 */
2760 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
2761 {
2762 TRACE("%p %p\n", pTrustee, pSid);
2763
2764 pTrustee->pMultipleTrustee = NULL;
2765 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2766 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2767 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2768 pTrustee->ptstrName = (LPSTR) pSid;
2769 }
2770
2771 /******************************************************************************
2772 * BuildTrusteeWithSidW [ADVAPI32.@]
2773 */
2774 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
2775 {
2776 TRACE("%p %p\n", pTrustee, pSid);
2777
2778 pTrustee->pMultipleTrustee = NULL;
2779 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2780 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2781 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2782 pTrustee->ptstrName = (LPWSTR) pSid;
2783 }
2784
2785 /******************************************************************************
2786 * BuildTrusteeWithNameA [ADVAPI32.@]
2787 */
2788 VOID WINAPI BuildTrusteeWithNameA(PTRUSTEEA pTrustee, LPSTR name)
2789 {
2790 TRACE("%p %s\n", pTrustee, debugstr_a(name) );
2791
2792 pTrustee->pMultipleTrustee = NULL;
2793 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2794 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2795 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2796 pTrustee->ptstrName = name;
2797 }
2798
2799 /******************************************************************************
2800 * BuildTrusteeWithNameW [ADVAPI32.@]
2801 */
2802 VOID WINAPI BuildTrusteeWithNameW(PTRUSTEEW pTrustee, LPWSTR name)
2803 {
2804 TRACE("%p %s\n", pTrustee, debugstr_w(name) );
2805
2806 pTrustee->pMultipleTrustee = NULL;
2807 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2808 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2809 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2810 pTrustee->ptstrName = name;
2811 }
2812
2813 /******************************************************************************
2814 * GetTrusteeFormA [ADVAPI32.@]
2815 */
2816 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
2817 {
2818 TRACE("(%p)\n", pTrustee);
2819
2820 if (!pTrustee)
2821 return TRUSTEE_BAD_FORM;
2822
2823 return pTrustee->TrusteeForm;
2824 }
2825
2826 /******************************************************************************
2827 * GetTrusteeFormW [ADVAPI32.@]
2828 */
2829 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
2830 {
2831 TRACE("(%p)\n", pTrustee);
2832
2833 if (!pTrustee)
2834 return TRUSTEE_BAD_FORM;
2835
2836 return pTrustee->TrusteeForm;
2837 }
2838
2839 /******************************************************************************
2840 * GetTrusteeNameA [ADVAPI32.@]
2841 */
2842 LPSTR WINAPI GetTrusteeNameA(PTRUSTEEA pTrustee)
2843 {
2844 TRACE("(%p)\n", pTrustee);
2845
2846 if (!pTrustee)
2847 return NULL;
2848
2849 return pTrustee->ptstrName;
2850 }
2851
2852 /******************************************************************************
2853 * GetTrusteeNameW [ADVAPI32.@]
2854 */
2855 LPWSTR WINAPI GetTrusteeNameW(PTRUSTEEW pTrustee)
2856 {
2857 TRACE("(%p)\n", pTrustee);
2858
2859 if (!pTrustee)
2860 return NULL;
2861
2862 return pTrustee->ptstrName;
2863 }
2864
2865 /******************************************************************************
2866 * GetTrusteeTypeA [ADVAPI32.@]
2867 */
2868 TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEEA pTrustee)
2869 {
2870 TRACE("(%p)\n", pTrustee);
2871
2872 if (!pTrustee)
2873 return TRUSTEE_IS_UNKNOWN;
2874
2875 return pTrustee->TrusteeType;
2876 }
2877
2878 /******************************************************************************
2879 * GetTrusteeTypeW [ADVAPI32.@]
2880 */
2881 TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEEW pTrustee)
2882 {
2883 TRACE("(%p)\n", pTrustee);
2884
2885 if (!pTrustee)
2886 return TRUSTEE_IS_UNKNOWN;
2887
2888 return pTrustee->TrusteeType;
2889 }
2890
2891 BOOL WINAPI SetAclInformation( PACL pAcl, LPVOID pAclInformation,
2892 DWORD nAclInformationLength,
2893 ACL_INFORMATION_CLASS dwAclInformationClass )
2894 {
2895 FIXME("%p %p 0x%08x 0x%08x - stub\n", pAcl, pAclInformation,
2896 nAclInformationLength, dwAclInformationClass);
2897
2898 return TRUE;
2899 }
2900
2901 /******************************************************************************
2902 * SetEntriesInAclA [ADVAPI32.@]
2903 */
2904 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
2905 PACL OldAcl, PACL* NewAcl )
2906 {
2907 FIXME("%d %p %p %p\n",count,pEntries,OldAcl,NewAcl);
2908 *NewAcl = NULL;
2909 return ERROR_SUCCESS;
2910 }
2911
2912 /******************************************************************************
2913 * SetEntriesInAclW [ADVAPI32.@]
2914 */
2915 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
2916 PACL OldAcl, PACL* NewAcl )
2917 {
2918 FIXME("%d %p %p %p\n",count,pEntries,OldAcl,NewAcl);
2919 *NewAcl = NULL;
2920 return ERROR_SUCCESS;
2921 }
2922
2923 /******************************************************************************
2924 * SetNamedSecurityInfoA [ADVAPI32.@]
2925 */
2926 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
2927 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2928 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
2929 {
2930 DWORD len;
2931 LPWSTR wstr = NULL;
2932 DWORD r;
2933
2934 TRACE("%s %d %d %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
2935 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
2936
2937 if( pObjectName )
2938 {
2939 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
2940 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
2941 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
2942 }
2943
2944 r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner,
2945 psidGroup, pDacl, pSacl );
2946
2947 HeapFree( GetProcessHeap(), 0, wstr );
2948
2949 return r;
2950 }
2951
2952 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION SecurityInformation,
2953 PSECURITY_DESCRIPTOR ModificationDescriptor,
2954 PSECURITY_DESCRIPTOR* ObjectsSecurityDescriptor,
2955 PGENERIC_MAPPING GenericMapping,
2956 HANDLE Token )
2957 {
2958 FIXME("0x%08x %p %p %p %p - stub\n", SecurityInformation, ModificationDescriptor,
2959 ObjectsSecurityDescriptor, GenericMapping, Token);
2960
2961 return TRUE;
2962 }
2963
2964 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor,
2965 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
2966 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet )
2967 {
2968 FIXME("%p 0x%08x 0x%08x - stub\n", pSecurityDescriptor, ControlBitsOfInterest,
2969 ControlBitsToSet);
2970
2971 return TRUE;
2972 }
2973
2974 BOOL WINAPI AreAllAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
2975 {
2976 return RtlAreAllAccessesGranted( GrantedAccess, DesiredAccess );
2977 }
2978
2979 /******************************************************************************
2980 * AreAnyAccessesGranted [ADVAPI32.@]
2981 *
2982 * Determines whether or not any of a set of specified access permissions have
2983 * been granted or not.
2984 *
2985 * PARAMS
2986 * GrantedAccess [I] The permissions that have been granted.
2987 * DesiredAccess [I] The permissions that you want to have.
2988 *
2989 * RETURNS
2990 * Nonzero if any of the permissions have been granted, zero if none of the
2991 * permissions have been granted.
2992 */
2993
2994 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
2995 {
2996 return RtlAreAnyAccessesGranted( GrantedAccess, DesiredAccess );
2997 }
2998
2999 /******************************************************************************
3000 * SetNamedSecurityInfoW [ADVAPI32.@]
3001 */
3002 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
3003 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3004 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
3005 {
3006 FIXME("%s %d %d %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
3007 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
3008 return ERROR_SUCCESS;
3009 }
3010
3011 /******************************************************************************
3012 * GetExplicitEntriesFromAclA [ADVAPI32.@]
3013 */
3014 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
3015 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
3016 {
3017 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
3018 return ERROR_CALL_NOT_IMPLEMENTED;
3019 }
3020
3021 /******************************************************************************
3022 * GetExplicitEntriesFromAclW [ADVAPI32.@]
3023 */
3024 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
3025 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
3026 {
3027 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
3028 return ERROR_CALL_NOT_IMPLEMENTED;
3029 }
3030
3031
3032 /******************************************************************************
3033 * ParseAclStringFlags
3034 */
3035 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
3036 {
3037 DWORD flags = 0;
3038 LPCWSTR szAcl = *StringAcl;
3039
3040 while (*szAcl != '(')
3041 {
3042 if (*szAcl == 'P')
3043 {
3044 flags |= SE_DACL_PROTECTED;
3045 }
3046 else if (*szAcl == 'A')
3047 {
3048 szAcl++;
3049 if (*szAcl == 'R')
3050 flags |= SE_DACL_AUTO_INHERIT_REQ;
3051 else if (*szAcl == 'I')
3052 flags |= SE_DACL_AUTO_INHERITED;
3053 }
3054 szAcl++;
3055 }
3056
3057 *StringAcl = szAcl;
3058 return flags;
3059 }
3060
3061 /******************************************************************************
3062 * ParseAceStringType
3063 */
3064 static const ACEFLAG AceType[] =
3065 {
3066 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
3067 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
3068 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
3069 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
3070 /*
3071 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
3072 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
3073 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
3074 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
3075 */
3076 { NULL, 0 },
3077 };
3078
3079 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
3080 {
3081 UINT len = 0;
3082 LPCWSTR szAcl = *StringAcl;
3083 const ACEFLAG *lpaf = AceType;
3084
3085 while (lpaf->wstr &&
3086 (len = strlenW(lpaf->wstr)) &&
3087 strncmpW(lpaf->wstr, szAcl, len))
3088 lpaf++;
3089
3090 if (!lpaf->wstr)
3091 return 0;
3092
3093 *StringAcl += len;
3094 return lpaf->value;
3095 }
3096
3097
3098 /******************************************************************************
3099 * ParseAceStringFlags
3100 */
3101 static const ACEFLAG AceFlags[] =
3102 {
3103 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
3104 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
3105 { SDDL_INHERITED, INHERITED_ACE },
3106 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
3107 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
3108 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
3109 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
3110 { NULL, 0 },
3111 };
3112
3113 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
3114 {
3115 UINT len = 0;
3116 BYTE flags = 0;
3117 LPCWSTR szAcl = *StringAcl;
3118
3119 while (*szAcl != ';')
3120 {
3121 const ACEFLAG *lpaf = AceFlags;
3122
3123 while (lpaf->wstr &&
3124 (len = strlenW(lpaf->wstr)) &&
3125 strncmpW(lpaf->wstr, szAcl, len))
3126 lpaf++;
3127
3128 if (!lpaf->wstr)
3129 return 0;
3130
3131 flags |= lpaf->value;
3132 szAcl += len;
3133 }
3134
3135 *StringAcl = szAcl;
3136 return flags;
3137 }
3138
3139
3140 /******************************************************************************
3141 * ParseAceStringRights
3142 */
3143 static const ACEFLAG AceRights[] =
3144 {
3145 { SDDL_GENERIC_ALL, GENERIC_ALL },
3146 { SDDL_GENERIC_READ, GENERIC_READ },
3147 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
3148 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
3149
3150 { SDDL_READ_CONTROL, READ_CONTROL },
3151 { SDDL_STANDARD_DELETE, DELETE },
3152 { SDDL_WRITE_DAC, WRITE_DAC },
3153 { SDDL_WRITE_OWNER, WRITE_OWNER },
3154
3155 { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP},
3156 { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP},
3157 { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD},
3158 { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD},
3159 { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST},
3160 { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF},
3161 { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT},
3162 { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE},
3163 { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS},
3164
3165 { SDDL_FILE_ALL, FILE_ALL_ACCESS },
3166 { SDDL_FILE_READ, FILE_GENERIC_READ },
3167 { SDDL_FILE_WRITE, FILE_GENERIC_WRITE },
3168 { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE },
3169
3170 { SDDL_KEY_ALL, KEY_ALL_ACCESS },
3171 { SDDL_KEY_READ, KEY_READ },
3172 { SDDL_KEY_WRITE, KEY_WRITE },
3173 { SDDL_KEY_EXECUTE, KEY_EXECUTE },
3174 { NULL, 0 },
3175 };
3176
3177 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
3178 {
3179 UINT len = 0;
3180 DWORD rights = 0;
3181 LPCWSTR szAcl = *StringAcl;
3182
3183 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
3184 {
3185 LPCWSTR p = szAcl;
3186
3187 while (*p && *p != ';')
3188 p++;
3189
3190 if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
3191 {
3192 rights = strtoulW(szAcl, NULL, 16);
3193 szAcl = p;
3194 }
3195 else
3196 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
3197 }
3198 else
3199 {
3200 while (*szAcl != ';')
3201 {
3202 const ACEFLAG *lpaf = AceRights;
3203
3204 while (lpaf->wstr &&
3205 (len = strlenW(lpaf->wstr)) &&
3206 strncmpW(lpaf->wstr, szAcl, len))
3207 {
3208 lpaf++;
3209 }
3210
3211 if (!lpaf->wstr)
3212 return 0;
3213
3214 rights |= lpaf->value;
3215 szAcl += len;
3216 }
3217 }
3218
3219 *StringAcl = szAcl;
3220 return rights;
3221 }
3222
3223
3224 /******************************************************************************
3225 * ParseStringAclToAcl
3226 *
3227 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
3228 */
3229 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
3230 PACL pAcl, LPDWORD cBytes)
3231 {
3232 DWORD val;
3233 DWORD sidlen;
3234 DWORD length = sizeof(ACL);
3235 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
3236
3237 TRACE("%s\n", debugstr_w(StringAcl));
3238
3239 if (!StringAcl)
3240 return FALSE;
3241
3242 if (pAcl) /* pAce is only useful if we're setting values */
3243 pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);
3244
3245 /* Parse ACL flags */
3246 *lpdwFlags = ParseAclStringFlags(&StringAcl);
3247
3248 /* Parse ACE */
3249 while (*StringAcl == '(')
3250 {
3251 StringAcl++;
3252
3253 /* Parse ACE type */
3254 val = ParseAceStringType(&StringAcl);
3255 if (pAce)
3256 pAce->Header.AceType = (BYTE) val;
3257 if (*StringAcl != ';')
3258 goto lerr;
3259 StringAcl++;
3260
3261 /* Parse ACE flags */
3262 val = ParseAceStringFlags(&StringAcl);
3263 if (pAce)
3264 pAce->Header.AceFlags = (BYTE) val;
3265 if (*StringAcl != ';')
3266 goto lerr;
3267 StringAcl++;
3268
3269 /* Parse ACE rights */
3270 val = ParseAceStringRights(&StringAcl);
3271 if (pAce)
3272 pAce->Mask = val;
3273 if (*StringAcl != ';')
3274 goto lerr;
3275 StringAcl++;
3276
3277 /* Parse ACE object guid */
3278 if (*StringAcl != ';')
3279 {
3280 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
3281 goto lerr;
3282 }
3283 StringAcl++;
3284
3285 /* Parse ACE inherit object guid */
3286 if (*StringAcl != ';')
3287 {
3288 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
3289 goto lerr;
3290 }
3291 StringAcl++;
3292
3293 /* Parse ACE account sid */
3294 if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
3295 {
3296 while (*StringAcl && *StringAcl != ')')
3297 StringAcl++;
3298 }
3299
3300 if (*StringAcl != ')')
3301 goto lerr;
3302 StringAcl++;
3303
3304 length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
3305 }
3306
3307 *cBytes = length;
3308 return TRUE;
3309
3310 lerr:
3311 WARN("Invalid ACE string format\n");
3312 return FALSE;
3313 }
3314
3315
3316 /******************************************************************************
3317 * ParseStringSecurityDescriptorToSecurityDescriptor
3318 */
3319 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
3320 LPCWSTR StringSecurityDescriptor,
3321 SECURITY_DESCRIPTOR* SecurityDescriptor,
3322 LPDWORD cBytes)
3323 {
3324 BOOL bret = FALSE;
3325 WCHAR toktype;
3326 WCHAR tok[MAX_PATH];
3327 LPCWSTR lptoken;
3328 LPBYTE lpNext = NULL;
3329 DWORD len;
3330
3331 *cBytes = sizeof(SECURITY_DESCRIPTOR);
3332
3333 if (SecurityDescriptor)
3334 lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
3335
3336 while (*StringSecurityDescriptor)
3337 {
3338 toktype = *StringSecurityDescriptor;
3339
3340 /* Expect char identifier followed by ':' */
3341 StringSecurityDescriptor++;
3342 if (*StringSecurityDescriptor != ':')
3343 {
3344 SetLastError(ERROR_INVALID_PARAMETER);
3345 goto lend;
3346 }
3347 StringSecurityDescriptor++;
3348
3349 /* Extract token */
3350 lptoken = StringSecurityDescriptor;
3351 while (*lptoken && *lptoken != ':')
3352 lptoken++;
3353
3354 if (*lptoken)
3355 lptoken--;
3356
3357 len = lptoken - StringSecurityDescriptor;
3358 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
3359 tok[len] = 0;
3360
3361 switch (toktype)
3362 {
3363 case 'O':
3364 {
3365 DWORD bytes;
3366
3367 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
3368 goto lend;
3369
3370 if (SecurityDescriptor)
3371 {
3372 SecurityDescriptor->Owner = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
3373 lpNext += bytes; /* Advance to next token */
3374 }
3375
3376 *cBytes += bytes;
3377
3378 break;
3379 }
3380
3381 case 'G':
3382 {
3383 DWORD bytes;
3384
3385 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
3386 goto lend;
3387
3388 if (SecurityDescriptor)
3389 {
3390 SecurityDescriptor->Group = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
3391 lpNext += bytes; /* Advance to next token */
3392 }
3393
3394 *cBytes += bytes;
3395
3396 break;
3397 }
3398
3399 case 'D':
3400 {
3401 DWORD flags;
3402 DWORD bytes;
3403
3404 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
3405 goto lend;
3406
3407 if (SecurityDescriptor)
3408 {
3409 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
3410 SecurityDescriptor->Dacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
3411 lpNext += bytes; /* Advance to next token */
3412 }
3413
3414 *cBytes += bytes;
3415
3416 break;
3417 }
3418
3419 case 'S':
3420 {
3421 DWORD flags;
3422 DWORD bytes;
3423
3424 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
3425 goto lend;
3426
3427 if (SecurityDescriptor)
3428 {
3429 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
3430 SecurityDescriptor->Sacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
3431 lpNext += bytes; /* Advance to next token */
3432 }
3433
3434 *cBytes += bytes;
3435
3436 break;
3437 }
3438
3439 default:
3440 FIXME("Unknown token\n");
3441 SetLastError(ERROR_INVALID_PARAMETER);
3442 goto lend;
3443 }
3444
3445 StringSecurityDescriptor = lptoken;
3446 }
3447
3448 bret = TRUE;
3449
3450 lend:
3451 return bret;
3452 }
3453
3454 /******************************************************************************
3455 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
3456 */
3457 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(
3458 LPCSTR StringSecurityDescriptor,
3459 DWORD StringSDRevision,
3460 PSECURITY_DESCRIPTOR* SecurityDescriptor,
3461 PULONG SecurityDescriptorSize)
3462 {
3463 UINT len;
3464 BOOL ret = FALSE;
3465 LPWSTR StringSecurityDescriptorW;
3466
3467 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
3468 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
3469
3470 if (StringSecurityDescriptorW)
3471 {
3472 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
3473
3474 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
3475 StringSDRevision, SecurityDescriptor,
3476 SecurityDescriptorSize);
3477 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
3478 }
3479
3480 return ret;
3481 }
3482
3483 /******************************************************************************
3484 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
3485 */
3486 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
3487 LPCWSTR StringSecurityDescriptor,
3488 DWORD StringSDRevision,
3489 PSECURITY_DESCRIPTOR* SecurityDescriptor,
3490 PULONG SecurityDescriptorSize)
3491 {
3492 DWORD cBytes;
3493 SECURITY_DESCRIPTOR* psd;
3494 BOOL bret = FALSE;
3495
3496 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
3497
3498 if (GetVersion() & 0x80000000)
3499 {
3500 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3501 goto lend;
3502 }
3503 else if (StringSDRevision != SID_REVISION)
3504 {
3505 SetLastError(ERROR_UNKNOWN_REVISION);
3506 goto lend;
3507 }
3508
3509 /* Compute security descriptor length */
3510 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3511 NULL, &cBytes))
3512 goto lend;
3513
3514 psd = *SecurityDescriptor = (SECURITY_DESCRIPTOR*) LocalAlloc(
3515 GMEM_ZEROINIT, cBytes);
3516 if (!psd) goto lend;
3517
3518 psd->Revision = SID_REVISION;
3519 psd->Control |= SE_SELF_RELATIVE;
3520
3521 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3522 psd, &cBytes))
3523 {
3524 LocalFree(psd);
3525 goto lend;
3526 }
3527
3528 if (SecurityDescriptorSize)
3529 *SecurityDescriptorSize = cBytes;
3530
3531 bret = TRUE;
3532
3533 lend:
3534 TRACE(" ret=%d\n", bret);
3535 return bret;
3536 }
3537
3538 /******************************************************************************
3539 * ConvertStringSidToSidW [ADVAPI32.@]
3540 */
3541 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
3542 {
3543 BOOL bret = FALSE;
3544 DWORD cBytes;
3545
3546 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
3547 if (GetVersion() & 0x80000000)
3548 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3549 else if (!StringSid || !Sid)
3550 SetLastError(ERROR_INVALID_PARAMETER);
3551 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
3552 {
3553 PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
3554
3555 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
3556 if (!bret)
3557 LocalFree(*Sid);
3558 }
3559 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3560 return bret;
3561 }
3562
3563 /******************************************************************************
3564 * ConvertStringSidToSidA [ADVAPI32.@]
3565 */
3566 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
3567 {
3568 BOOL bret = FALSE;
3569
3570 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
3571 if (GetVersion() & 0x80000000)
3572 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3573 else if (!StringSid || !Sid)
3574 SetLastError(ERROR_INVALID_PARAMETER);
3575 else
3576 {
3577 UINT len = MultiByteToWideChar(CP_ACP, 0, StringSid, -1, NULL, 0);
3578 LPWSTR wStringSid = HeapAlloc(GetProcessHeap(), 0,
3579 len * sizeof(WCHAR));
3580
3581 MultiByteToWideChar(CP_ACP, 0, StringSid, -1, wStringSid, len);
3582 bret = ConvertStringSidToSidW(wStringSid, Sid);
3583 HeapFree(GetProcessHeap(), 0, wStringSid);
3584 }
3585 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3586 return bret;
3587 }
3588
3589 /******************************************************************************
3590 * ConvertSidToStringSidW [ADVAPI32.@]
3591 *
3592 * format of SID string is:
3593 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
3594 * where
3595 * <rev> is the revision of the SID encoded as decimal
3596 * <auth> is the identifier authority encoded as hex
3597 * <subauthN> is the subauthority id encoded as decimal
3598 */
3599 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr )
3600 {
3601 DWORD sz, i;
3602 LPWSTR str;
3603 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
3604 WCHAR subauthfmt[] = { '-','%','u',0 };
3605 SID* pisid=pSid;
3606
3607 TRACE("%p %p\n", pSid, pstr );
3608
3609 if( !IsValidSid( pSid ) )
3610 return FALSE;
3611
3612 if (pisid->Revision != SDDL_REVISION)
3613 return FALSE;
3614 if (pisid->IdentifierAuthority.Value[0] ||
3615 pisid->IdentifierAuthority.Value[1])
3616 {
3617 FIXME("not matching MS' bugs\n");
3618 return FALSE;
3619 }
3620
3621 sz = 14 + pisid->SubAuthorityCount * 11;
3622 str = LocalAlloc( 0, sz*sizeof(WCHAR) );
3623 sprintfW( str, fmt, pisid->Revision, MAKELONG(
3624 MAKEWORD( pisid->IdentifierAuthority.Value[5],
3625 pisid->IdentifierAuthority.Value[4] ),
3626 MAKEWORD( pisid->IdentifierAuthority.Value[3],
3627 pisid->IdentifierAuthority.Value[2] ) ) );
3628 for( i=0; i<pisid->SubAuthorityCount; i++ )
3629 sprintfW( str + strlenW(str), subauthfmt, pisid->SubAuthority[i] );
3630 *pstr = str;
3631
3632 return TRUE;
3633 }
3634
3635 /******************************************************************************
3636 * ConvertSidToStringSidA [ADVAPI32.@]
3637 */
3638 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr)
3639 {
3640 LPWSTR wstr = NULL;
3641 LPSTR str;
3642 UINT len;
3643
3644 TRACE("%p %p\n", pSid, pstr );
3645
3646 if( !ConvertSidToStringSidW( pSid, &wstr ) )
3647 return FALSE;
3648
3649 len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL );
3650 str = LocalAlloc( 0, len );
3651 WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL );
3652 LocalFree( wstr );
3653
3654 *pstr = str;
3655
3656 return TRUE;
3657 }
3658
3659 BOOL WINAPI CreatePrivateObjectSecurity(
3660 PSECURITY_DESCRIPTOR ParentDescriptor,
3661 PSECURITY_DESCRIPTOR CreatorDescriptor,
3662 PSECURITY_DESCRIPTOR* NewDescriptor,
3663 BOOL IsDirectoryObject,
3664 HANDLE Token,
3665 PGENERIC_MAPPING GenericMapping )
3666 {
3667 FIXME("%p %p %p %d %p %p - stub\n", ParentDescriptor, CreatorDescriptor,
3668 NewDescriptor, IsDirectoryObject, Token, GenericMapping);
3669
3670 return FALSE;
3671 }
3672
3673 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR* ObjectDescriptor )
3674 {
3675 FIXME("%p - stub\n", ObjectDescriptor);
3676
3677 return TRUE;
3678 }
3679
3680 BOOL WINAPI CreateProcessAsUserA(
3681 HANDLE hToken,
3682 LPCSTR lpApplicationName,
3683 LPSTR lpCommandLine,
3684 LPSECURITY_ATTRIBUTES lpProcessAttributes,
3685 LPSECURITY_ATTRIBUTES lpThreadAttributes,
3686 BOOL bInheritHandles,
3687 DWORD dwCreationFlags,
3688 LPVOID lpEnvironment,
3689 LPCSTR lpCurrentDirectory,
3690 LPSTARTUPINFOA lpStartupInfo,
3691 LPPROCESS_INFORMATION lpProcessInformation )
3692 {
3693 FIXME("%p %s %s %p %p %d 0x%08x %p %s %p %p - stub\n", hToken, debugstr_a(lpApplicationName),
3694 debugstr_a(lpCommandLine), lpProcessAttributes, lpThreadAttributes, bInheritHandles,
3695 dwCreationFlags, lpEnvironment, debugstr_a(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
3696
3697 return FALSE;
3698 }
3699
3700 BOOL WINAPI CreateProcessAsUserW(
3701 HANDLE hToken,
3702 LPCWSTR lpApplicationName,
3703 LPWSTR lpCommandLine,
3704 LPSECURITY_ATTRIBUTES lpProcessAttributes,
3705 LPSECURITY_ATTRIBUTES lpThreadAttributes,
3706 BOOL bInheritHandles,
3707 DWORD dwCreationFlags,
3708 LPVOID lpEnvironment,
3709 LPCWSTR lpCurrentDirectory,
3710 LPSTARTUPINFOW lpStartupInfo,
3711 LPPROCESS_INFORMATION lpProcessInformation )
3712 {
3713 FIXME("%p %s %s %p %p %d 0x%08x %p %s %p %p - semi- stub\n", hToken,
3714 debugstr_w(lpApplicationName), debugstr_w(lpCommandLine), lpProcessAttributes,
3715 lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
3716 debugstr_w(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
3717
3718 /* We should create the process with a suspended main thread */
3719 if (!CreateProcessW (lpApplicationName,
3720 lpCommandLine,
3721 lpProcessAttributes,
3722 lpThreadAttributes,
3723 bInheritHandles,
3724 dwCreationFlags, /* CREATE_SUSPENDED */
3725 lpEnvironment,
3726 lpCurrentDirectory,
3727 lpStartupInfo,
3728 lpProcessInformation))
3729 {
3730 return FALSE;
3731 }
3732
3733 return TRUE;
3734 }
3735
3736 /******************************************************************************
3737 * DuplicateTokenEx [ADVAPI32.@]
3738 */
3739 BOOL WINAPI DuplicateTokenEx(
3740 HANDLE ExistingTokenHandle, DWORD dwDesiredAccess,
3741 LPSECURITY_ATTRIBUTES lpTokenAttributes,
3742 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3743 TOKEN_TYPE TokenType,
3744 PHANDLE DuplicateTokenHandle )
3745 {
3746 OBJECT_ATTRIBUTES ObjectAttributes;
3747
3748 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3749 ImpersonationLevel, TokenType, DuplicateTokenHandle);
3750
3751 InitializeObjectAttributes(
3752 &ObjectAttributes,
3753 NULL,
3754 (lpTokenAttributes && lpTokenAttributes->bInheritHandle) ? OBJ_INHERIT : 0,
3755 NULL,
3756 lpTokenAttributes ? lpTokenAttributes->lpSecurityDescriptor : NULL );
3757
3758 return set_ntstatus( NtDuplicateToken( ExistingTokenHandle,
3759 dwDesiredAccess,
3760 &ObjectAttributes,
3761 ImpersonationLevel,
3762 TokenType,
3763 DuplicateTokenHandle ) );
3764 }
3765
3766 BOOL WINAPI DuplicateToken(
3767 HANDLE ExistingTokenHandle,
3768 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3769 PHANDLE DuplicateTokenHandle )
3770 {
3771 return DuplicateTokenEx( ExistingTokenHandle, TOKEN_IMPERSONATE | TOKEN_QUERY,
3772 NULL, ImpersonationLevel, TokenImpersonation,
3773 DuplicateTokenHandle );
3774 }
3775
3776 BOOL WINAPI EnumDependentServicesA(
3777 SC_HANDLE hService,
3778 DWORD dwServiceState,
3779 LPENUM_SERVICE_STATUSA lpServices,
3780 DWORD cbBufSize,
3781 LPDWORD pcbBytesNeeded,
3782 LPDWORD lpServicesReturned )
3783 {
3784 FIXME("%p 0x%08x %p 0x%08x %p %p - stub\n", hService, dwServiceState,
3785 lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
3786
3787 return FALSE;
3788 }
3789
3790 BOOL WINAPI EnumDependentServicesW(
3791 SC_HANDLE hService,
3792 DWORD dwServiceState,
3793 LPENUM_SERVICE_STATUSW lpServices,
3794 DWORD cbBufSize,
3795 LPDWORD pcbBytesNeeded,
3796 LPDWORD lpServicesReturned )
3797 {
3798 FIXME("%p 0x%08x %p 0x%08x %p %p - stub\n", hService, dwServiceState,
3799 lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
3800
3801 return FALSE;
3802 }
3803
3804 /******************************************************************************
3805 * ComputeStringSidSize
3806 */
3807 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
3808 {
3809 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
3810 {
3811 int ctok = 0;
3812 while (*StringSid)
3813 {
3814 if (*StringSid == '-')
3815 ctok++;
3816 StringSid++;
3817 }
3818
3819 if (ctok >= 3)
3820 return GetSidLengthRequired(ctok - 2);
3821 }
3822 else /* String constant format - Only available in winxp and above */
3823 {
3824 int i;
3825
3826 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3827 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3828 return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
3829 }
3830
3831 return GetSidLengthRequired(0);
3832 }
3833
3834 /******************************************************************************
3835 * ParseStringSidToSid
3836 */
3837 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
3838 {
3839 BOOL bret = FALSE;
3840 SID* pisid=pSid;
3841
3842 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
3843 if (!StringSid)
3844 {
3845 SetLastError(ERROR_INVALID_PARAMETER);
3846 TRACE("StringSid is NULL, returning FALSE\n");
3847 return FALSE;
3848 }
3849
3850 *cBytes = ComputeStringSidSize(StringSid);
3851 if (!pisid) /* Simply compute the size */
3852 {
3853 TRACE("only size requested, returning TRUE\n");
3854 return TRUE;
3855 }
3856
3857 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
3858 {
3859 DWORD i = 0, identAuth;
3860 DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD));
3861
3862 StringSid += 2; /* Advance to Revision */
3863 pisid->Revision = atoiW(StringSid);
3864
3865 if (pisid->Revision != SDDL_REVISION)
3866 {
3867 TRACE("Revision %d is unknown\n", pisid->Revision);
3868 goto lend; /* ERROR_INVALID_SID */
3869 }
3870 if (csubauth == 0)
3871 {
3872 TRACE("SubAuthorityCount is 0\n");
3873 goto lend; /* ERROR_INVALID_SID */
3874 }
3875
3876 pisid->SubAuthorityCount = csubauth;
3877
3878 /* Advance to identifier authority */
3879 while (*StringSid && *StringSid != '-')
3880 StringSid++;
3881 if (*StringSid == '-')
3882 StringSid++;
3883
3884 /* MS' implementation can't handle values greater than 2^32 - 1, so
3885 * we don't either; assume most significant bytes are always 0
3886 */
3887 pisid->IdentifierAuthority.Value[0] = 0;
3888 pisid->IdentifierAuthority.Value[1] = 0;
3889 identAuth = atoiW(StringSid);
3890 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
3891 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
3892 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
3893 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
3894
3895 /* Advance to first sub authority */
3896 while (*StringSid && *StringSid != '-')
3897 StringSid++;
3898 if (*StringSid == '-')
3899 StringSid++;
3900
3901 while (*StringSid)
3902 {
3903 while (*StringSid && *StringSid != '-')
3904 StringSid++;
3905 if (*StringSid == '-')
3906 StringSid++;
3907
3908 pisid->SubAuthority[i++] = atoiW(StringSid);
3909 }
3910
3911 if (i != pisid->SubAuthorityCount)
3912 goto lend; /* ERROR_INVALID_SID */
3913
3914 bret = TRUE;
3915 }
3916 else /* String constant format - Only available in winxp and above */
3917 {
3918 int i;
3919 pisid->Revision = SDDL_REVISION;
3920
3921 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3922 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3923 {
3924 DWORD j;
3925 pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount;
3926 pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority;
3927 for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
3928 pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j];
3929 bret = TRUE;
3930 }
3931
3932 if (!bret)
3933 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
3934 }
3935
3936 lend:
3937 if (!bret)
3938 SetLastError(ERROR_INVALID_SID);
3939
3940 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3941 return bret;
3942 }
3943
3944 /******************************************************************************
3945 * GetNamedSecurityInfoA [ADVAPI32.@]
3946 */
3947 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
3948 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3949 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
3950 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
3951 {
3952 DWORD len;
3953 LPWSTR wstr = NULL;
3954 DWORD r;
3955
3956 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
3957 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
3958
3959 if( pObjectName )
3960 {
3961 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3962 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3963 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3964 }
3965
3966 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
3967 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
3968
3969 HeapFree( GetProcessHeap(), 0, wstr );
3970
3971 return r;
3972 }
3973
3974 /******************************************************************************
3975 * GetNamedSecurityInfoW [ADVAPI32.@]
3976 */
3977 DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type,
3978 SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl,
3979 PACL* sacl, PSECURITY_DESCRIPTOR* descriptor )
3980 {
3981 DWORD needed, offset;
3982 SECURITY_DESCRIPTOR_RELATIVE *relative;
3983 BYTE *buffer;
3984
3985 TRACE( "%s %d %d %p %p %p %p %p\n", debugstr_w(name), type, info, owner,
3986 group, dacl, sacl, descriptor );
3987
3988 if (!name || !descriptor) return ERROR_INVALID_PARAMETER;
3989
3990 needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
3991 if (info & OWNER_SECURITY_INFORMATION)
3992 needed += sizeof(sidWorld);
3993 if (info & GROUP_SECURITY_INFORMATION)
3994 needed += sizeof(sidWorld);
3995 if (info & DACL_SECURITY_INFORMATION)
3996 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3997 if (info & SACL_SECURITY_INFORMATION)
3998 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3999
4000 /* must be freed by caller */
4001 *descriptor = HeapAlloc( GetProcessHeap(), 0, needed );
4002 if (!*descriptor) return ERROR_NOT_ENOUGH_MEMORY;
4003
4004 if (!InitializeSecurityDescriptor( *descriptor, SECURITY_DESCRIPTOR_REVISION ))
4005 {
4006 HeapFree( GetProcessHeap(), 0, *descriptor );
4007 return ERROR_INVALID_SECURITY_DESCR;
4008 }
4009
4010 relative = (SECURITY_DESCRIPTOR_RELATIVE *)*descriptor;
4011 relative->Control |= SE_SELF_RELATIVE;
4012 buffer = (BYTE *)relative;
4013 offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
4014
4015 if (info & OWNER_SECURITY_INFORMATION)
4016 {
4017 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
4018 relative->Owner = offset;
4019 if (owner)
4020 *owner = buffer + offset;
4021 offset += sizeof(sidWorld);
4022 }
4023 if (info & GROUP_SECURITY_INFORMATION)
4024 {
4025 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
4026 relative->Group = offset;
4027 if (group)
4028 *group = buffer + offset;
4029 offset += sizeof(sidWorld);
4030 }
4031 if (info & DACL_SECURITY_INFORMATION)
4032 {
4033 relative->Control |= SE_DACL_PRESENT;
4034 GetWorldAccessACL( (PACL)(buffer + offset) );
4035 relative->Dacl = offset;
4036 if (dacl)
4037 *dacl = (PACL)(buffer + offset);
4038 offset += WINE_SIZE_OF_WORLD_ACCESS_ACL;
4039 }
4040 if (info & SACL_SECURITY_INFORMATION)
4041 {
4042 relative->Control |= SE_SACL_PRESENT;
4043 GetWorldAccessACL( (PACL)(buffer + offset) );
4044 relative->Sacl = offset;
4045 if (sacl)
4046 *sacl = (PACL)(buffer + offset);
4047 }
4048 return ERROR_SUCCESS;
4049 }
4050
4051 /******************************************************************************
4052 * DecryptFileW [ADVAPI32.@]
4053 */
4054 BOOL WINAPI DecryptFileW(LPCWSTR lpFileName, DWORD dwReserved)
4055 {
4056 FIXME("%s %08x\n", debugstr_w(lpFileName), dwReserved);
4057 return TRUE;
4058 }
4059
4060 /******************************************************************************
4061 * DecryptFileA [ADVAPI32.@]
4062 */
4063 BOOL WINAPI DecryptFileA(LPCSTR lpFileName, DWORD dwReserved)
4064 {
4065 FIXME("%s %08x\n", debugstr_a(lpFileName), dwReserved);
4066 return TRUE;
4067 }
4068
4069 /******************************************************************************
4070 * EncryptFileW [ADVAPI32.@]
4071 */
4072 BOOL WINAPI EncryptFileW(LPCWSTR lpFileName)
4073 {
4074 FIXME("%s\n", debugstr_w(lpFileName));
4075 return TRUE;
4076 }
4077
4078 /******************************************************************************
4079 * EncryptFileA [ADVAPI32.@]
4080 */
4081 BOOL WINAPI EncryptFileA(LPCSTR lpFileName)
4082 {
4083 FIXME("%s\n", debugstr_a(lpFileName));
4084 return TRUE;
4085 }
4086
4087 /******************************************************************************
4088 * FileEncryptionStatusW [ADVAPI32.@]
4089 */
4090 BOOL WINAPI FileEncryptionStatusW(LPCWSTR lpFileName, LPDWORD lpStatus)
4091 {
4092 FIXME("(%s %p): stub\n", debugstr_w(lpFileName), lpStatus);
4093 if (!lpStatus)
4094 return FALSE;
4095 *lpStatus = FILE_SYSTEM_NOT_SUPPORT;
4096 return TRUE;
4097 }
4098
4099 /******************************************************************************
4100 * FileEncryptionStatusA [ADVAPI32.@]
4101 */
4102 BOOL WINAPI FileEncryptionStatusA(LPCSTR lpFileName, LPDWORD lpStatus)
4103 {
4104 FIXME("(%s %p): stub\n", debugstr_a(lpFileName), lpStatus);
4105 if (!lpStatus)
4106 return FALSE;
4107 *lpStatus = FILE_SYSTEM_NOT_SUPPORT;
4108 return TRUE;
4109 }
4110
4111 /******************************************************************************
4112 * SetSecurityInfo [ADVAPI32.@]
4113 */
4114 DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
4115 SECURITY_INFORMATION SecurityInfo, PSID psidOwner,
4116 PSID psidGroup, PACL pDacl, PACL pSacl) {
4117 FIXME("stub\n");
4118 return ERROR_SUCCESS;
4119 }
Maarten's multimedia branch