search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
advapi32: Make ADVAPI_IsLocalComputer global and remove duplicate copy.
[wine/wine-kai.git] / dlls / advapi32 / security.c
blobd2a5d810e371ae2ab374ac0d48d5c3d3b6e0795f
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18 *
19 */
20
21 #include <stdarg.h>
22 #include <string.h>
23
24 #include "ntstatus.h"
25 #define WIN32_NO_STATUS
26 #include "windef.h"
27 #include "winbase.h"
28 #include "winerror.h"
29 #include "rpcnterr.h"
30 #include "winreg.h"
31 #include "winternl.h"
32 #include "winioctl.h"
33 #include "ntsecapi.h"
34 #include "accctrl.h"
35 #include "sddl.h"
36 #include "winsvc.h"
37 #include "aclapi.h"
38 #include "advapi32_misc.h"
39
40 #include "wine/debug.h"
41 #include "wine/unicode.h"
42
43 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
44
45 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
46 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
47 PACL pAcl, LPDWORD cBytes);
48 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
49 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
50 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
51 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
52 LPCWSTR StringSecurityDescriptor,
53 SECURITY_DESCRIPTOR* SecurityDescriptor,
54 LPDWORD cBytes);
55 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
56
57 typedef struct _ACEFLAG
58 {
59 LPCWSTR wstr;
60 DWORD value;
61 } ACEFLAG, *LPACEFLAG;
62
63 typedef struct _MAX_SID
64 {
65 /* same fields as struct _SID */
66 BYTE Revision;
67 BYTE SubAuthorityCount;
68 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
69 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
70 } MAX_SID;
71
72 typedef struct WELLKNOWNSID
73 {
74 WCHAR wstr[2];
75 WELL_KNOWN_SID_TYPE Type;
76 MAX_SID Sid;
77 } WELLKNOWNSID;
78
79 static const WELLKNOWNSID WellKnownSids[] =
80 {
81 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
82 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
83 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
84 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
85 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
86 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
87 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
88 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { } } },
89 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
90 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
91 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
92 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
93 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
94 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
95 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
96 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
97 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
98 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
99 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
100 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
101 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
102 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
103 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
104 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
105 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
106 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
107 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
108 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
109 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
110 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
111 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
112 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
113 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
114 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
115 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
116 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
117 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
118 };
119
120 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
121
122 typedef struct _AccountSid {
123 WELL_KNOWN_SID_TYPE type;
124 LPCWSTR account;
125 LPCWSTR domain;
126 SID_NAME_USE name_use;
127 } AccountSid;
128
129 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
130 static const WCHAR Administrator[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0 };
131 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 };
132 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 };
133 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 };
134 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 };
135 static const WCHAR BATCH[] = { 'B','A','T','C','H',0 };
136 static const WCHAR Blank[] = { 0 };
137 static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 };
138 static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 };
139 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
140 static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 };
141 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
142 static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 };
143 static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0};
144 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
145 static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 };
146 static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 };
147 static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 };
148 static const WCHAR LOCAL[] = { 'L','O','C','A','L',0 };
149 static const WCHAR LOCAL_SERVICE[] = { 'L','O','C','A','L',' ','S','E','R','V','I','C','E',0 };
150 static const WCHAR NETWORK[] = { 'N','E','T','W','O','R','K',0 };
151 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 };
152 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 };
153 static const WCHAR NT_AUTHORITY[] = { 'N','T',' ','A','U','T','H','O','R','I','T','Y',0 };
154 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
155 static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 };
156 static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 };
157 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
158 static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 };
159 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
160 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
161 static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 };
162 static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 };
163 static const WCHAR SELF[] = { 'S','E','L','F',0 };
164 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
165 static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 };
166 static const WCHAR SYSTEM[] = { 'S','Y','S','T','E','M',0 };
167 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 };
168 static const WCHAR Users[] = { 'U','s','e','r','s',0 };
169
170 static const AccountSid ACCOUNT_SIDS[] = {
171 { WinNullSid, NULL_SID, Blank, SidTypeWellKnownGroup },
172 { WinWorldSid, Everyone, Blank, SidTypeWellKnownGroup },
173 { WinLocalSid, LOCAL, Blank, SidTypeWellKnownGroup },
174 { WinCreatorOwnerSid, CREATOR_OWNER, Blank, SidTypeWellKnownGroup },
175 { WinCreatorGroupSid, CREATOR_GROUP, Blank, SidTypeWellKnownGroup },
176 { WinCreatorOwnerServerSid, CREATOR_OWNER_SERVER, Blank, SidTypeWellKnownGroup },
177 { WinCreatorGroupServerSid, CREATOR_GROUP_SERVER, Blank, SidTypeWellKnownGroup },
178 { WinNtAuthoritySid, NT_Pseudo_Domain, NT_Pseudo_Domain, SidTypeDomain },
179 { WinDialupSid, DIALUP, NT_AUTHORITY, SidTypeWellKnownGroup },
180 { WinNetworkSid, NETWORK, NT_AUTHORITY, SidTypeWellKnownGroup },
181 { WinBatchSid, BATCH, NT_AUTHORITY, SidTypeWellKnownGroup },
182 { WinInteractiveSid, INTERACTIVE, NT_AUTHORITY, SidTypeWellKnownGroup },
183 { WinServiceSid, SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
184 { WinAnonymousSid, ANONYMOUS_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
185 { WinProxySid, PROXY, NT_AUTHORITY, SidTypeWellKnownGroup },
186 { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup },
187 { WinSelfSid, SELF, NT_AUTHORITY, SidTypeWellKnownGroup },
188 { WinAuthenticatedUserSid, Authenticated_Users, NT_AUTHORITY, SidTypeWellKnownGroup },
189 { WinRestrictedCodeSid, RESTRICTED, NT_AUTHORITY, SidTypeWellKnownGroup },
190 { WinTerminalServerSid, TERMINAL_SERVER_USER, NT_AUTHORITY, SidTypeWellKnownGroup },
191 { WinRemoteLogonIdSid, REMOTE_INTERACTIVE_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
192 { WinLocalSystemSid, SYSTEM, NT_AUTHORITY, SidTypeWellKnownGroup },
193 { WinLocalServiceSid, LOCAL_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
194 { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
195 { WinBuiltinDomainSid, BUILTIN, BUILTIN, SidTypeDomain },
196 { WinBuiltinAdministratorsSid, Administrators, BUILTIN, SidTypeAlias },
197 { WinBuiltinUsersSid, Users, BUILTIN, SidTypeAlias },
198 { WinBuiltinGuestsSid, Guests, BUILTIN, SidTypeAlias },
199 { WinBuiltinPowerUsersSid, Power_Users, BUILTIN, SidTypeAlias },
200 { WinBuiltinAccountOperatorsSid, Account_Operators, BUILTIN, SidTypeAlias },
201 { WinBuiltinSystemOperatorsSid, Server_Operators, BUILTIN, SidTypeAlias },
202 { WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias },
203 { WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias },
204 { WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias },
205 { WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias },
206 { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
207 };
208 /*
209 * ACE access rights
210 */
211 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
212 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
213 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
214 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
215 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
216 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
217 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
218 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
219
220 /*
221 * ACE types
222 */
223 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
224 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
225 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
226 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
227 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
228 static const WCHAR SDDL_ALARM[] = {'A','L',0};
229 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
230 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
231
232 /*
233 * ACE flags
234 */
235 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
236 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
237 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
238 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
239 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
240 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
241 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
242
243 const char * debugstr_sid(PSID sid)
244 {
245 int auth = 0;
246 SID * psid = (SID *)sid;
247
248 if (psid == NULL)
249 return "(null)";
250
251 auth = psid->IdentifierAuthority.Value[5] +
252 (psid->IdentifierAuthority.Value[4] << 8) +
253 (psid->IdentifierAuthority.Value[3] << 16) +
254 (psid->IdentifierAuthority.Value[2] << 24);
255
256 switch (psid->SubAuthorityCount) {
257 case 0:
258 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
259 case 1:
260 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
261 psid->SubAuthority[0]);
262 case 2:
263 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
264 psid->SubAuthority[0], psid->SubAuthority[1]);
265 case 3:
266 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
267 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
268 case 4:
269 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
270 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
271 psid->SubAuthority[3]);
272 case 5:
273 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
274 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
275 psid->SubAuthority[3], psid->SubAuthority[4]);
276 case 6:
277 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
278 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
279 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
280 case 7:
281 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
282 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
283 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
284 psid->SubAuthority[6]);
285 case 8:
286 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
287 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
288 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
289 psid->SubAuthority[6], psid->SubAuthority[7]);
290 }
291 return "(too-big)";
292 }
293
294 /* set last error code from NT status and get the proper boolean return value */
295 /* used for functions that are a simple wrapper around the corresponding ntdll API */
296 static inline BOOL set_ntstatus( NTSTATUS status )
297 {
298 if (status) SetLastError( RtlNtStatusToDosError( status ));
299 return !status;
300 }
301
302 #define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD))
303
304 static void GetWorldAccessACL(PACL pACL)
305 {
306 PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1);
307
308 pACL->AclRevision = ACL_REVISION;
309 pACL->Sbz1 = 0;
310 pACL->AclSize = WINE_SIZE_OF_WORLD_ACCESS_ACL;
311 pACL->AceCount = 1;
312 pACL->Sbz2 = 0;
313
314 pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
315 pACE->Header.AceFlags = CONTAINER_INHERIT_ACE;
316 pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD);
317 pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */
318 memcpy(&pACE->SidStart, &sidWorld, sizeof(sidWorld));
319 }
320
321 /************************************************************
322 * ADVAPI_IsLocalComputer
323 *
324 * Checks whether the server name indicates local machine.
325 */
326 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
327 {
328 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
329 BOOL Result;
330 LPWSTR buf;
331
332 if (!ServerName || !ServerName[0])
333 return TRUE;
334
335 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
336 Result = GetComputerNameW(buf, &dwSize);
337 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
338 ServerName += 2;
339 Result = Result && !lstrcmpW(ServerName, buf);
340 HeapFree(GetProcessHeap(), 0, buf);
341
342 return Result;
343 }
344
345 /* ##############################
346 ###### TOKEN FUNCTIONS ######
347 ##############################
348 */
349
350 /******************************************************************************
351 * OpenProcessToken [ADVAPI32.@]
352 * Opens the access token associated with a process handle.
353 *
354 * PARAMS
355 * ProcessHandle [I] Handle to process
356 * DesiredAccess [I] Desired access to process
357 * TokenHandle [O] Pointer to handle of open access token
358 *
359 * RETURNS
360 * Success: TRUE. TokenHandle contains the access token.
361 * Failure: FALSE.
362 *
363 * NOTES
364 * See NtOpenProcessToken.
365 */
366 BOOL WINAPI
367 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
368 HANDLE *TokenHandle )
369 {
370 return set_ntstatus(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
371 }
372
373 /******************************************************************************
374 * OpenThreadToken [ADVAPI32.@]
375 *
376 * Opens the access token associated with a thread handle.
377 *
378 * PARAMS
379 * ThreadHandle [I] Handle to process
380 * DesiredAccess [I] Desired access to the thread
381 * OpenAsSelf [I] ???
382 * TokenHandle [O] Destination for the token handle
383 *
384 * RETURNS
385 * Success: TRUE. TokenHandle contains the access token.
386 * Failure: FALSE.
387 *
388 * NOTES
389 * See NtOpenThreadToken.
390 */
391 BOOL WINAPI
392 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
393 BOOL OpenAsSelf, HANDLE *TokenHandle)
394 {
395 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
396 }
397
398 BOOL WINAPI
399 AdjustTokenGroups( HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState,
400 DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength )
401 {
402 return set_ntstatus( NtAdjustGroupsToken(TokenHandle, ResetToDefault, NewState, BufferLength,
403 PreviousState, ReturnLength));
404 }
405
406 /******************************************************************************
407 * AdjustTokenPrivileges [ADVAPI32.@]
408 *
409 * Adjust the privileges of an open token handle.
410 *
411 * PARAMS
412 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
413 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
414 * NewState [I] Desired new privileges of the token
415 * BufferLength [I] Length of NewState
416 * PreviousState [O] Destination for the previous state
417 * ReturnLength [I/O] Size of PreviousState
418 *
419 *
420 * RETURNS
421 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
422 * Failure: FALSE.
423 *
424 * NOTES
425 * See NtAdjustPrivilegesToken.
426 */
427 BOOL WINAPI
428 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
429 LPVOID NewState, DWORD BufferLength,
430 LPVOID PreviousState, LPDWORD ReturnLength )
431 {
432 NTSTATUS status;
433
434 TRACE("\n");
435
436 status = NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges,
437 NewState, BufferLength, PreviousState,
438 ReturnLength);
439 SetLastError( RtlNtStatusToDosError( status ));
440 if ((status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED))
441 return TRUE;
442 else
443 return FALSE;
444 }
445
446 /******************************************************************************
447 * CheckTokenMembership [ADVAPI32.@]
448 *
449 * Determine if an access token is a member of a SID.
450 *
451 * PARAMS
452 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
453 * SidToCheck [I] SID that possibly contains the token
454 * IsMember [O] Destination for result.
455 *
456 * RETURNS
457 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
458 * Failure: FALSE.
459 */
460 BOOL WINAPI
461 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
462 PBOOL IsMember )
463 {
464 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
465
466 *IsMember = TRUE;
467 return(TRUE);
468 }
469
470 /******************************************************************************
471 * GetTokenInformation [ADVAPI32.@]
472 *
473 * Get a type of information about an access token.
474 *
475 * PARAMS
476 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
477 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
478 * tokeninfo [O] Destination for token information
479 * tokeninfolength [I] Length of tokeninfo
480 * retlen [O] Destination for returned token information length
481 *
482 * RETURNS
483 * Success: TRUE. tokeninfo contains retlen bytes of token information
484 * Failure: FALSE.
485 *
486 * NOTES
487 * See NtQueryInformationToken.
488 */
489 BOOL WINAPI
490 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
491 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
492 {
493 TRACE("(%p, %s, %p, %ld, %p):\n",
494 token,
495 (tokeninfoclass == TokenUser) ? "TokenUser" :
496 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
497 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
498 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
499 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
500 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
501 (tokeninfoclass == TokenSource) ? "TokenSource" :
502 (tokeninfoclass == TokenType) ? "TokenType" :
503 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
504 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
505 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
506 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
507 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
508 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
509 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
510 "Unknown",
511 tokeninfo, tokeninfolength, retlen);
512 return set_ntstatus( NtQueryInformationToken( token, tokeninfoclass, tokeninfo,
513 tokeninfolength, retlen));
514 }
515
516 /******************************************************************************
517 * SetTokenInformation [ADVAPI32.@]
518 *
519 * Set information for an access token.
520 *
521 * PARAMS
522 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
523 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
524 * tokeninfo [I] Token information to set
525 * tokeninfolength [I] Length of tokeninfo
526 *
527 * RETURNS
528 * Success: TRUE. The information for the token is set to tokeninfo.
529 * Failure: FALSE.
530 */
531 BOOL WINAPI
532 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
533 LPVOID tokeninfo, DWORD tokeninfolength )
534 {
535 TRACE("(%p, %s, %p, %ld): stub\n",
536 token,
537 (tokeninfoclass == TokenUser) ? "TokenUser" :
538 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
539 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
540 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
541 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
542 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
543 (tokeninfoclass == TokenSource) ? "TokenSource" :
544 (tokeninfoclass == TokenType) ? "TokenType" :
545 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
546 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
547 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
548 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
549 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
550 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
551 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
552 "Unknown",
553 tokeninfo, tokeninfolength);
554
555 return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
556 }
557
558 /*************************************************************************
559 * SetThreadToken [ADVAPI32.@]
560 *
561 * Assigns an 'impersonation token' to a thread so it can assume the
562 * security privileges of another thread or process. Can also remove
563 * a previously assigned token.
564 *
565 * PARAMS
566 * thread [O] Handle to thread to set the token for
567 * token [I] Token to set
568 *
569 * RETURNS
570 * Success: TRUE. The threads access token is set to token
571 * Failure: FALSE.
572 *
573 * NOTES
574 * Only supported on NT or higher. On Win9X this function does nothing.
575 * See SetTokenInformation.
576 */
577 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
578 {
579 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
580 ThreadImpersonationToken, &token, sizeof token ));
581 }
582
583 /* ##############################
584 ###### SID FUNCTIONS ######
585 ##############################
586 */
587
588 /******************************************************************************
589 * AllocateAndInitializeSid [ADVAPI32.@]
590 *
591 * PARAMS
592 * pIdentifierAuthority []
593 * nSubAuthorityCount []
594 * nSubAuthority0 []
595 * nSubAuthority1 []
596 * nSubAuthority2 []
597 * nSubAuthority3 []
598 * nSubAuthority4 []
599 * nSubAuthority5 []
600 * nSubAuthority6 []
601 * nSubAuthority7 []
602 * pSid []
603 */
604 BOOL WINAPI
605 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
606 BYTE nSubAuthorityCount,
607 DWORD nSubAuthority0, DWORD nSubAuthority1,
608 DWORD nSubAuthority2, DWORD nSubAuthority3,
609 DWORD nSubAuthority4, DWORD nSubAuthority5,
610 DWORD nSubAuthority6, DWORD nSubAuthority7,
611 PSID *pSid )
612 {
613 return set_ntstatus( RtlAllocateAndInitializeSid(
614 pIdentifierAuthority, nSubAuthorityCount,
615 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
616 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
617 pSid ));
618 }
619
620 /******************************************************************************
621 * FreeSid [ADVAPI32.@]
622 *
623 * PARAMS
624 * pSid []
625 */
626 PVOID WINAPI
627 FreeSid( PSID pSid )
628 {
629 RtlFreeSid(pSid);
630 return NULL; /* is documented like this */
631 }
632
633 /******************************************************************************
634 * CopySid [ADVAPI32.@]
635 *
636 * PARAMS
637 * nDestinationSidLength []
638 * pDestinationSid []
639 * pSourceSid []
640 */
641 BOOL WINAPI
642 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
643 {
644 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
645 }
646
647 /******************************************************************************
648 * CreateWellKnownSid [ADVAPI32.@]
649 */
650 BOOL WINAPI
651 CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
652 PSID DomainSid,
653 PSID pSid,
654 DWORD* cbSid)
655 {
656 int i;
657 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
658
659 if (DomainSid != NULL) {
660 FIXME("Only local computer supported!\n");
661 SetLastError(ERROR_INVALID_PARAMETER); /* FIXME */
662 return FALSE;
663 }
664
665 if (cbSid == NULL || pSid == NULL) {
666 SetLastError(ERROR_INVALID_PARAMETER);
667 return FALSE;
668 }
669
670 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
671 if (WellKnownSids[i].Type == WellKnownSidType) {
672 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
673
674 if (*cbSid < length) {
675 SetLastError(ERROR_INSUFFICIENT_BUFFER);
676 return FALSE;
677 }
678
679 CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
680 *cbSid = length;
681 return TRUE;
682 }
683 }
684
685 SetLastError(ERROR_INVALID_PARAMETER);
686 return FALSE;
687 }
688
689 /******************************************************************************
690 * IsWellKnownSid [ADVAPI32.@]
691 */
692 BOOL WINAPI
693 IsWellKnownSid( PSID pSid, WELL_KNOWN_SID_TYPE WellKnownSidType )
694 {
695 int i;
696 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
697
698 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
699 if (WellKnownSids[i].Type == WellKnownSidType)
700 if (EqualSid(pSid, (PSID)&(WellKnownSids[i].Sid.Revision)))
701 return TRUE;
702
703 return FALSE;
704 }
705
706 BOOL WINAPI
707 IsTokenRestricted( HANDLE TokenHandle )
708 {
709 TOKEN_GROUPS *groups;
710 DWORD size;
711 NTSTATUS status;
712 BOOL restricted;
713
714 TRACE("(%p)\n", TokenHandle);
715
716 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, NULL, 0, &size);
717 if (status != STATUS_BUFFER_TOO_SMALL)
718 return FALSE;
719
720 groups = HeapAlloc(GetProcessHeap(), 0, size);
721 if (!groups)
722 {
723 SetLastError(ERROR_OUTOFMEMORY);
724 return FALSE;
725 }
726
727 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, groups, size, &size);
728 if (status != STATUS_SUCCESS)
729 {
730 HeapFree(GetProcessHeap(), 0, groups);
731 return set_ntstatus(status);
732 }
733
734 if (groups->GroupCount)
735 restricted = TRUE;
736 else
737 restricted = FALSE;
738
739 HeapFree(GetProcessHeap(), 0, groups);
740
741 return restricted;
742 }
743
744 /******************************************************************************
745 * IsValidSid [ADVAPI32.@]
746 *
747 * PARAMS
748 * pSid []
749 */
750 BOOL WINAPI
751 IsValidSid( PSID pSid )
752 {
753 return RtlValidSid( pSid );
754 }
755
756 /******************************************************************************
757 * EqualSid [ADVAPI32.@]
758 *
759 * PARAMS
760 * pSid1 []
761 * pSid2 []
762 */
763 BOOL WINAPI
764 EqualSid( PSID pSid1, PSID pSid2 )
765 {
766 return RtlEqualSid( pSid1, pSid2 );
767 }
768
769 /******************************************************************************
770 * EqualPrefixSid [ADVAPI32.@]
771 */
772 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
773 {
774 return RtlEqualPrefixSid(pSid1, pSid2);
775 }
776
777 /******************************************************************************
778 * GetSidLengthRequired [ADVAPI32.@]
779 *
780 * PARAMS
781 * nSubAuthorityCount []
782 */
783 DWORD WINAPI
784 GetSidLengthRequired( BYTE nSubAuthorityCount )
785 {
786 return RtlLengthRequiredSid(nSubAuthorityCount);
787 }
788
789 /******************************************************************************
790 * InitializeSid [ADVAPI32.@]
791 *
792 * PARAMS
793 * pIdentifierAuthority []
794 */
795 BOOL WINAPI
796 InitializeSid (
797 PSID pSid,
798 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
799 BYTE nSubAuthorityCount)
800 {
801 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
802 }
803
804 DWORD WINAPI
805 GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights )
806 {
807 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
808
809 return 1;
810 }
811
812 DWORD WINAPI
813 GetEffectiveRightsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pAccessRights )
814 {
815 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
816
817 return 1;
818 }
819
820 /******************************************************************************
821 * GetSidIdentifierAuthority [ADVAPI32.@]
822 *
823 * PARAMS
824 * pSid []
825 */
826 PSID_IDENTIFIER_AUTHORITY WINAPI
827 GetSidIdentifierAuthority( PSID pSid )
828 {
829 return RtlIdentifierAuthoritySid(pSid);
830 }
831
832 /******************************************************************************
833 * GetSidSubAuthority [ADVAPI32.@]
834 *
835 * PARAMS
836 * pSid []
837 * nSubAuthority []
838 */
839 PDWORD WINAPI
840 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
841 {
842 return RtlSubAuthoritySid(pSid, nSubAuthority);
843 }
844
845 /******************************************************************************
846 * GetSidSubAuthorityCount [ADVAPI32.@]
847 *
848 * PARAMS
849 * pSid []
850 */
851 PUCHAR WINAPI
852 GetSidSubAuthorityCount (PSID pSid)
853 {
854 return RtlSubAuthorityCountSid(pSid);
855 }
856
857 /******************************************************************************
858 * GetLengthSid [ADVAPI32.@]
859 *
860 * PARAMS
861 * pSid []
862 */
863 DWORD WINAPI
864 GetLengthSid (PSID pSid)
865 {
866 return RtlLengthSid(pSid);
867 }
868
869 /* ##############################################
870 ###### SECURITY DESCRIPTOR FUNCTIONS ######
871 ##############################################
872 */
873
874 /******************************************************************************
875 * BuildSecurityDescriptorA [ADVAPI32.@]
876 *
877 * Builds a SD from
878 *
879 * PARAMS
880 * pOwner [I]
881 * pGroup [I]
882 * cCountOfAccessEntries [I]
883 * pListOfAccessEntries [I]
884 * cCountOfAuditEntries [I]
885 * pListofAuditEntries [I]
886 * pOldSD [I]
887 * lpdwBufferLength [I/O]
888 * pNewSD [O]
889 *
890 * RETURNS
891 * Success: ERROR_SUCCESS
892 * Failure: nonzero error code from Winerror.h
893 */
894 DWORD WINAPI BuildSecurityDescriptorA(
895 IN PTRUSTEEA pOwner,
896 IN PTRUSTEEA pGroup,
897 IN ULONG cCountOfAccessEntries,
898 IN PEXPLICIT_ACCESSA pListOfAccessEntries,
899 IN ULONG cCountOfAuditEntries,
900 IN PEXPLICIT_ACCESSA pListofAuditEntries,
901 IN PSECURITY_DESCRIPTOR pOldSD,
902 IN OUT PULONG lpdwBufferLength,
903 OUT PSECURITY_DESCRIPTOR* pNewSD)
904 {
905 FIXME("(%p,%p,%ld,%p,%ld,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
906 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
907 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
908
909 return ERROR_CALL_NOT_IMPLEMENTED;
910 }
911
912 /******************************************************************************
913 * BuildSecurityDescriptorW [ADVAPI32.@]
914 *
915 * See BuildSecurityDescriptorA.
916 */
917 DWORD WINAPI BuildSecurityDescriptorW(
918 IN PTRUSTEEW pOwner,
919 IN PTRUSTEEW pGroup,
920 IN ULONG cCountOfAccessEntries,
921 IN PEXPLICIT_ACCESSW pListOfAccessEntries,
922 IN ULONG cCountOfAuditEntries,
923 IN PEXPLICIT_ACCESSW pListofAuditEntries,
924 IN PSECURITY_DESCRIPTOR pOldSD,
925 IN OUT PULONG lpdwBufferLength,
926 OUT PSECURITY_DESCRIPTOR* pNewSD)
927 {
928 FIXME("(%p,%p,%ld,%p,%ld,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
929 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
930 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
931
932 return ERROR_CALL_NOT_IMPLEMENTED;
933 }
934
935 /******************************************************************************
936 * InitializeSecurityDescriptor [ADVAPI32.@]
937 *
938 * PARAMS
939 * pDescr []
940 * revision []
941 */
942 BOOL WINAPI
943 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision )
944 {
945 return set_ntstatus( RtlCreateSecurityDescriptor(pDescr, revision ));
946 }
947
948
949 /******************************************************************************
950 * MakeAbsoluteSD [ADVAPI32.@]
951 */
952 BOOL WINAPI MakeAbsoluteSD (
953 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
954 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
955 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
956 OUT PACL pDacl,
957 OUT LPDWORD lpdwDaclSize,
958 OUT PACL pSacl,
959 OUT LPDWORD lpdwSaclSize,
960 OUT PSID pOwner,
961 OUT LPDWORD lpdwOwnerSize,
962 OUT PSID pPrimaryGroup,
963 OUT LPDWORD lpdwPrimaryGroupSize)
964 {
965 return set_ntstatus( RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
966 pAbsoluteSecurityDescriptor,
967 lpdwAbsoluteSecurityDescriptorSize,
968 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize,
969 pOwner, lpdwOwnerSize,
970 pPrimaryGroup, lpdwPrimaryGroupSize));
971 }
972
973 /******************************************************************************
974 * GetKernelObjectSecurity [ADVAPI32.@]
975 */
976 BOOL WINAPI GetKernelObjectSecurity(
977 HANDLE Handle,
978 SECURITY_INFORMATION RequestedInformation,
979 PSECURITY_DESCRIPTOR pSecurityDescriptor,
980 DWORD nLength,
981 LPDWORD lpnLengthNeeded )
982 {
983 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", Handle, RequestedInformation,
984 pSecurityDescriptor, nLength, lpnLengthNeeded);
985
986 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
987 nLength, lpnLengthNeeded ));
988 }
989
990 /******************************************************************************
991 * GetPrivateObjectSecurity [ADVAPI32.@]
992 */
993 BOOL WINAPI GetPrivateObjectSecurity(
994 PSECURITY_DESCRIPTOR ObjectDescriptor,
995 SECURITY_INFORMATION SecurityInformation,
996 PSECURITY_DESCRIPTOR ResultantDescriptor,
997 DWORD DescriptorLength,
998 PDWORD ReturnLength )
999 {
1000 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", ObjectDescriptor, SecurityInformation,
1001 ResultantDescriptor, DescriptorLength, ReturnLength);
1002
1003 return set_ntstatus( NtQuerySecurityObject(ObjectDescriptor, SecurityInformation,
1004 ResultantDescriptor, DescriptorLength, ReturnLength ));
1005 }
1006
1007 /******************************************************************************
1008 * GetSecurityDescriptorLength [ADVAPI32.@]
1009 */
1010 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr)
1011 {
1012 return RtlLengthSecurityDescriptor(pDescr);
1013 }
1014
1015 /******************************************************************************
1016 * GetSecurityDescriptorOwner [ADVAPI32.@]
1017 *
1018 * PARAMS
1019 * pOwner []
1020 * lpbOwnerDefaulted []
1021 */
1022 BOOL WINAPI
1023 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner,
1024 LPBOOL lpbOwnerDefaulted )
1025 {
1026 BOOLEAN defaulted;
1027 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( pDescr, pOwner, &defaulted ));
1028 *lpbOwnerDefaulted = defaulted;
1029 return ret;
1030 }
1031
1032 /******************************************************************************
1033 * SetSecurityDescriptorOwner [ADVAPI32.@]
1034 *
1035 * PARAMS
1036 */
1037 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1038 PSID pOwner, BOOL bOwnerDefaulted)
1039 {
1040 return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
1041 }
1042 /******************************************************************************
1043 * GetSecurityDescriptorGroup [ADVAPI32.@]
1044 */
1045 BOOL WINAPI GetSecurityDescriptorGroup(
1046 PSECURITY_DESCRIPTOR SecurityDescriptor,
1047 PSID *Group,
1048 LPBOOL GroupDefaulted)
1049 {
1050 BOOLEAN defaulted;
1051 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted ));
1052 *GroupDefaulted = defaulted;
1053 return ret;
1054 }
1055 /******************************************************************************
1056 * SetSecurityDescriptorGroup [ADVAPI32.@]
1057 */
1058 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
1059 PSID Group, BOOL GroupDefaulted)
1060 {
1061 return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
1062 }
1063
1064 /******************************************************************************
1065 * IsValidSecurityDescriptor [ADVAPI32.@]
1066 *
1067 * PARAMS
1068 * lpsecdesc []
1069 */
1070 BOOL WINAPI
1071 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
1072 {
1073 return set_ntstatus( RtlValidSecurityDescriptor(SecurityDescriptor));
1074 }
1075
1076 /******************************************************************************
1077 * GetSecurityDescriptorDacl [ADVAPI32.@]
1078 */
1079 BOOL WINAPI GetSecurityDescriptorDacl(
1080 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
1081 OUT LPBOOL lpbDaclPresent,
1082 OUT PACL *pDacl,
1083 OUT LPBOOL lpbDaclDefaulted)
1084 {
1085 BOOLEAN present, defaulted;
1086 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted));
1087 *lpbDaclPresent = present;
1088 *lpbDaclDefaulted = defaulted;
1089 return ret;
1090 }
1091
1092 /******************************************************************************
1093 * SetSecurityDescriptorDacl [ADVAPI32.@]
1094 */
1095 BOOL WINAPI
1096 SetSecurityDescriptorDacl (
1097 PSECURITY_DESCRIPTOR lpsd,
1098 BOOL daclpresent,
1099 PACL dacl,
1100 BOOL dacldefaulted )
1101 {
1102 return set_ntstatus( RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ) );
1103 }
1104 /******************************************************************************
1105 * GetSecurityDescriptorSacl [ADVAPI32.@]
1106 */
1107 BOOL WINAPI GetSecurityDescriptorSacl(
1108 IN PSECURITY_DESCRIPTOR lpsd,
1109 OUT LPBOOL lpbSaclPresent,
1110 OUT PACL *pSacl,
1111 OUT LPBOOL lpbSaclDefaulted)
1112 {
1113 BOOLEAN present, defaulted;
1114 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor(lpsd, &present, pSacl, &defaulted) );
1115 *lpbSaclPresent = present;
1116 *lpbSaclDefaulted = defaulted;
1117 return ret;
1118 }
1119
1120 /**************************************************************************
1121 * SetSecurityDescriptorSacl [ADVAPI32.@]
1122 */
1123 BOOL WINAPI SetSecurityDescriptorSacl (
1124 PSECURITY_DESCRIPTOR lpsd,
1125 BOOL saclpresent,
1126 PACL lpsacl,
1127 BOOL sacldefaulted)
1128 {
1129 return set_ntstatus (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
1130 }
1131 /******************************************************************************
1132 * MakeSelfRelativeSD [ADVAPI32.@]
1133 *
1134 * PARAMS
1135 * lpabssecdesc []
1136 * lpselfsecdesc []
1137 * lpbuflen []
1138 */
1139 BOOL WINAPI
1140 MakeSelfRelativeSD(
1141 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1142 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1143 IN OUT LPDWORD lpdwBufferLength)
1144 {
1145 return set_ntstatus( RtlMakeSelfRelativeSD( pAbsoluteSecurityDescriptor,
1146 pSelfRelativeSecurityDescriptor, lpdwBufferLength));
1147 }
1148
1149 /******************************************************************************
1150 * GetSecurityDescriptorControl [ADVAPI32.@]
1151 */
1152
1153 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1154 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
1155 {
1156 return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
1157 }
1158
1159 /* ##############################
1160 ###### ACL FUNCTIONS ######
1161 ##############################
1162 */
1163
1164 /*************************************************************************
1165 * InitializeAcl [ADVAPI32.@]
1166 */
1167 BOOL WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
1168 {
1169 return set_ntstatus( RtlCreateAcl(acl, size, rev));
1170 }
1171
1172 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
1173 {
1174 TRACE("(%p)\n", hNamedPipe);
1175
1176 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL, NULL,
1177 FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
1178 }
1179
1180 /******************************************************************************
1181 * AddAccessAllowedAce [ADVAPI32.@]
1182 */
1183 BOOL WINAPI AddAccessAllowedAce(
1184 IN OUT PACL pAcl,
1185 IN DWORD dwAceRevision,
1186 IN DWORD AccessMask,
1187 IN PSID pSid)
1188 {
1189 return set_ntstatus(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
1190 }
1191
1192 /******************************************************************************
1193 * AddAccessAllowedAceEx [ADVAPI32.@]
1194 */
1195 BOOL WINAPI AddAccessAllowedAceEx(
1196 IN OUT PACL pAcl,
1197 IN DWORD dwAceRevision,
1198 IN DWORD AceFlags,
1199 IN DWORD AccessMask,
1200 IN PSID pSid)
1201 {
1202 return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1203 }
1204
1205 /******************************************************************************
1206 * AddAccessDeniedAce [ADVAPI32.@]
1207 */
1208 BOOL WINAPI AddAccessDeniedAce(
1209 IN OUT PACL pAcl,
1210 IN DWORD dwAceRevision,
1211 IN DWORD AccessMask,
1212 IN PSID pSid)
1213 {
1214 return set_ntstatus(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
1215 }
1216
1217 /******************************************************************************
1218 * AddAccessDeniedAceEx [ADVAPI32.@]
1219 */
1220 BOOL WINAPI AddAccessDeniedAceEx(
1221 IN OUT PACL pAcl,
1222 IN DWORD dwAceRevision,
1223 IN DWORD AceFlags,
1224 IN DWORD AccessMask,
1225 IN PSID pSid)
1226 {
1227 return set_ntstatus(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1228 }
1229
1230 /******************************************************************************
1231 * AddAce [ADVAPI32.@]
1232 */
1233 BOOL WINAPI AddAce(
1234 IN OUT PACL pAcl,
1235 IN DWORD dwAceRevision,
1236 IN DWORD dwStartingAceIndex,
1237 LPVOID pAceList,
1238 DWORD nAceListLength)
1239 {
1240 return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
1241 }
1242
1243 /******************************************************************************
1244 * DeleteAce [ADVAPI32.@]
1245 */
1246 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
1247 {
1248 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1249 }
1250
1251 /******************************************************************************
1252 * FindFirstFreeAce [ADVAPI32.@]
1253 */
1254 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
1255 {
1256 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
1257 }
1258
1259 /******************************************************************************
1260 * GetAce [ADVAPI32.@]
1261 */
1262 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1263 {
1264 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1265 }
1266
1267 /******************************************************************************
1268 * GetAclInformation [ADVAPI32.@]
1269 */
1270 BOOL WINAPI GetAclInformation(
1271 PACL pAcl,
1272 LPVOID pAclInformation,
1273 DWORD nAclInformationLength,
1274 ACL_INFORMATION_CLASS dwAclInformationClass)
1275 {
1276 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1277 nAclInformationLength, dwAclInformationClass));
1278 }
1279
1280 /******************************************************************************
1281 * IsValidAcl [ADVAPI32.@]
1282 */
1283 BOOL WINAPI IsValidAcl(IN PACL pAcl)
1284 {
1285 return RtlValidAcl(pAcl);
1286 }
1287
1288 /* ##############################
1289 ###### MISC FUNCTIONS ######
1290 ##############################
1291 */
1292
1293 /******************************************************************************
1294 * AllocateLocallyUniqueId [ADVAPI32.@]
1295 *
1296 * PARAMS
1297 * lpLuid []
1298 */
1299 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid )
1300 {
1301 return set_ntstatus(NtAllocateLocallyUniqueId(lpLuid));
1302 }
1303
1304 static const WCHAR SE_CREATE_TOKEN_NAME_W[] =
1305 { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1306 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] =
1307 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1308 static const WCHAR SE_LOCK_MEMORY_NAME_W[] =
1309 { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 };
1310 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] =
1311 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
1312 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] =
1313 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
1314 static const WCHAR SE_TCB_NAME_W[] =
1315 { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 };
1316 static const WCHAR SE_SECURITY_NAME_W[] =
1317 { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1318 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] =
1319 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
1320 static const WCHAR SE_LOAD_DRIVER_NAME_W[] =
1321 { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 };
1322 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] =
1323 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1324 static const WCHAR SE_SYSTEMTIME_NAME_W[] =
1325 { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 };
1326 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] =
1327 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
1328 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] =
1329 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1330 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] =
1331 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1332 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] =
1333 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1334 static const WCHAR SE_BACKUP_NAME_W[] =
1335 { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 };
1336 static const WCHAR SE_RESTORE_NAME_W[] =
1337 { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 };
1338 static const WCHAR SE_SHUTDOWN_NAME_W[] =
1339 { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1340 static const WCHAR SE_DEBUG_NAME_W[] =
1341 { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 };
1342 static const WCHAR SE_AUDIT_NAME_W[] =
1343 { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 };
1344 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] =
1345 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1346 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] =
1347 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
1348 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] =
1349 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1350 static const WCHAR SE_UNDOCK_NAME_W[] =
1351 { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 };
1352 static const WCHAR SE_SYNC_AGENT_NAME_W[] =
1353 { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1354 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] =
1355 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
1356 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] =
1357 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
1358 static const WCHAR SE_IMPERSONATE_NAME_W[] =
1359 { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 };
1360 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
1361 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
1362
1363 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
1364 {
1365 NULL,
1366 NULL,
1367 SE_CREATE_TOKEN_NAME_W,
1368 SE_ASSIGNPRIMARYTOKEN_NAME_W,
1369 SE_LOCK_MEMORY_NAME_W,
1370 SE_INCREASE_QUOTA_NAME_W,
1371 SE_MACHINE_ACCOUNT_NAME_W,
1372 SE_TCB_NAME_W,
1373 SE_SECURITY_NAME_W,
1374 SE_TAKE_OWNERSHIP_NAME_W,
1375 SE_LOAD_DRIVER_NAME_W,
1376 SE_SYSTEM_PROFILE_NAME_W,
1377 SE_SYSTEMTIME_NAME_W,
1378 SE_PROF_SINGLE_PROCESS_NAME_W,
1379 SE_INC_BASE_PRIORITY_NAME_W,
1380 SE_CREATE_PAGEFILE_NAME_W,
1381 SE_CREATE_PERMANENT_NAME_W,
1382 SE_BACKUP_NAME_W,
1383 SE_RESTORE_NAME_W,
1384 SE_SHUTDOWN_NAME_W,
1385 SE_DEBUG_NAME_W,
1386 SE_AUDIT_NAME_W,
1387 SE_SYSTEM_ENVIRONMENT_NAME_W,
1388 SE_CHANGE_NOTIFY_NAME_W,
1389 SE_REMOTE_SHUTDOWN_NAME_W,
1390 SE_UNDOCK_NAME_W,
1391 SE_SYNC_AGENT_NAME_W,
1392 SE_ENABLE_DELEGATION_NAME_W,
1393 SE_MANAGE_VOLUME_NAME_W,
1394 SE_IMPERSONATE_NAME_W,
1395 SE_CREATE_GLOBAL_NAME_W,
1396 };
1397
1398 /******************************************************************************
1399 * LookupPrivilegeValueW [ADVAPI32.@]
1400 *
1401 * See LookupPrivilegeValueA.
1402 */
1403 BOOL WINAPI
1404 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
1405 {
1406 UINT i;
1407
1408 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
1409
1410 if (!ADVAPI_IsLocalComputer(lpSystemName))
1411 {
1412 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1413 return FALSE;
1414 }
1415 if (!lpName)
1416 {
1417 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1418 return FALSE;
1419 }
1420 for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<SE_MAX_WELL_KNOWN_PRIVILEGE; i++ )
1421 {
1422 if( !WellKnownPrivNames[i] )
1423 continue;
1424 if( strcmpiW( WellKnownPrivNames[i], lpName) )
1425 continue;
1426 lpLuid->LowPart = i;
1427 lpLuid->HighPart = 0;
1428 TRACE( "%s -> %08lx-%08lx\n",debugstr_w( lpSystemName ),
1429 lpLuid->HighPart, lpLuid->LowPart );
1430 return TRUE;
1431 }
1432 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1433 return FALSE;
1434 }
1435
1436 /******************************************************************************
1437 * LookupPrivilegeValueA [ADVAPI32.@]
1438 *
1439 * Retrieves LUID used on a system to represent the privilege name.
1440 *
1441 * PARAMS
1442 * lpSystemName [I] Name of the system
1443 * lpName [I] Name of the privilege
1444 * lpLuid [O] Destination for the resulting LUID
1445 *
1446 * RETURNS
1447 * Success: TRUE. lpLuid contains the requested LUID.
1448 * Failure: FALSE.
1449 */
1450 BOOL WINAPI
1451 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
1452 {
1453 UNICODE_STRING lpSystemNameW;
1454 UNICODE_STRING lpNameW;
1455 BOOL ret;
1456
1457 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1458 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
1459 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
1460 RtlFreeUnicodeString(&lpNameW);
1461 RtlFreeUnicodeString(&lpSystemNameW);
1462 return ret;
1463 }
1464
1465 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName,
1466 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1467 {
1468 FIXME("%s %s %s %p %p - stub\n", debugstr_a(lpSystemName), debugstr_a(lpName),
1469 debugstr_a(lpDisplayName), cchDisplayName, lpLanguageId);
1470
1471 return FALSE;
1472 }
1473
1474 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName,
1475 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1476 {
1477 FIXME("%s %s %s %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpName),
1478 debugstr_w(lpDisplayName), cchDisplayName, lpLanguageId);
1479
1480 return FALSE;
1481 }
1482
1483 /******************************************************************************
1484 * LookupPrivilegeNameA [ADVAPI32.@]
1485 *
1486 * See LookupPrivilegeNameW.
1487 */
1488 BOOL WINAPI
1489 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName,
1490 LPDWORD cchName)
1491 {
1492 UNICODE_STRING lpSystemNameW;
1493 BOOL ret;
1494 DWORD wLen = 0;
1495
1496 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1497
1498 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1499 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1500 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1501 {
1502 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1503
1504 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1505 &wLen);
1506 if (ret)
1507 {
1508 /* Windows crashes if cchName is NULL, so will I */
1509 int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1510 *cchName, NULL, NULL);
1511
1512 if (len == 0)
1513 {
1514 /* WideCharToMultiByte failed */
1515 ret = FALSE;
1516 }
1517 else if (len > *cchName)
1518 {
1519 *cchName = len;
1520 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1521 ret = FALSE;
1522 }
1523 else
1524 {
1525 /* WideCharToMultiByte succeeded, output length needs to be
1526 * length not including NULL terminator
1527 */
1528 *cchName = len - 1;
1529 }
1530 }
1531 HeapFree(GetProcessHeap(), 0, lpNameW);
1532 }
1533 RtlFreeUnicodeString(&lpSystemNameW);
1534 return ret;
1535 }
1536
1537 /******************************************************************************
1538 * LookupPrivilegeNameW [ADVAPI32.@]
1539 *
1540 * Retrieves the privilege name referred to by the LUID lpLuid.
1541 *
1542 * PARAMS
1543 * lpSystemName [I] Name of the system
1544 * lpLuid [I] Privilege value
1545 * lpName [O] Name of the privilege
1546 * cchName [I/O] Number of characters in lpName.
1547 *
1548 * RETURNS
1549 * Success: TRUE. lpName contains the name of the privilege whose value is
1550 * *lpLuid.
1551 * Failure: FALSE.
1552 *
1553 * REMARKS
1554 * Only well-known privilege names (those defined in winnt.h) can be retrieved
1555 * using this function.
1556 * If the length of lpName is too small, on return *cchName will contain the
1557 * number of WCHARs needed to contain the privilege, including the NULL
1558 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
1559 * On success, *cchName will contain the number of characters stored in
1560 * lpName, NOT including the NULL terminator.
1561 */
1562 BOOL WINAPI
1563 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
1564 LPDWORD cchName)
1565 {
1566 size_t privNameLen;
1567
1568 TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
1569
1570 if (!ADVAPI_IsLocalComputer(lpSystemName))
1571 {
1572 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1573 return FALSE;
1574 }
1575 if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
1576 lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
1577 {
1578 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1579 return FALSE;
1580 }
1581 privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
1582 /* Windows crashes if cchName is NULL, so will I */
1583 if (*cchName <= privNameLen)
1584 {
1585 *cchName = privNameLen + 1;
1586 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1587 return FALSE;
1588 }
1589 else
1590 {
1591 strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
1592 *cchName = privNameLen;
1593 return TRUE;
1594 }
1595 }
1596
1597 /******************************************************************************
1598 * GetFileSecurityA [ADVAPI32.@]
1599 *
1600 * Obtains Specified information about the security of a file or directory.
1601 *
1602 * PARAMS
1603 * lpFileName [I] Name of the file to get info for
1604 * RequestedInformation [I] SE_ flags from "winnt.h"
1605 * pSecurityDescriptor [O] Destination for security information
1606 * nLength [I] Length of pSecurityDescriptor
1607 * lpnLengthNeeded [O] Destination for length of returned security information
1608 *
1609 * RETURNS
1610 * Success: TRUE. pSecurityDescriptor contains the requested information.
1611 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1612 *
1613 * NOTES
1614 * The information returned is constrained by the callers access rights and
1615 * privileges.
1616 */
1617 BOOL WINAPI
1618 GetFileSecurityA( LPCSTR lpFileName,
1619 SECURITY_INFORMATION RequestedInformation,
1620 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1621 DWORD nLength, LPDWORD lpnLengthNeeded )
1622 {
1623 DWORD len;
1624 BOOL r;
1625 LPWSTR name = NULL;
1626
1627 if( lpFileName )
1628 {
1629 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1630 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1631 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1632 }
1633
1634 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor,
1635 nLength, lpnLengthNeeded );
1636 HeapFree( GetProcessHeap(), 0, name );
1637
1638 return r;
1639 }
1640
1641 /******************************************************************************
1642 * GetFileSecurityW [ADVAPI32.@]
1643 *
1644 * See GetFileSecurityA.
1645 */
1646 BOOL WINAPI
1647 GetFileSecurityW( LPCWSTR lpFileName,
1648 SECURITY_INFORMATION RequestedInformation,
1649 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1650 DWORD nLength, LPDWORD lpnLengthNeeded )
1651 {
1652 DWORD nNeeded;
1653 LPBYTE pBuffer;
1654 DWORD iLocNow;
1655 SECURITY_DESCRIPTOR_RELATIVE *pSDRelative;
1656
1657 if(INVALID_FILE_ATTRIBUTES == GetFileAttributesW(lpFileName))
1658 return FALSE;
1659
1660 FIXME("(%s) : returns fake SECURITY_DESCRIPTOR\n", debugstr_w(lpFileName) );
1661
1662 nNeeded = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1663 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
1664 nNeeded += sizeof(sidWorld);
1665 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
1666 nNeeded += sizeof(sidWorld);
1667 if (RequestedInformation & DACL_SECURITY_INFORMATION)
1668 nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1669 if (RequestedInformation & SACL_SECURITY_INFORMATION)
1670 nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1671
1672 *lpnLengthNeeded = nNeeded;
1673
1674 if (nNeeded > nLength)
1675 return TRUE;
1676
1677 if (!InitializeSecurityDescriptor(pSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
1678 return FALSE;
1679
1680 pSDRelative = (PISECURITY_DESCRIPTOR_RELATIVE) pSecurityDescriptor;
1681 pSDRelative->Control |= SE_SELF_RELATIVE;
1682 pBuffer = (LPBYTE) pSDRelative;
1683 iLocNow = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1684
1685 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
1686 {
1687 memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
1688 pSDRelative->Owner = iLocNow;
1689 iLocNow += sizeof(sidWorld);
1690 }
1691 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
1692 {
1693 memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
1694 pSDRelative->Group = iLocNow;
1695 iLocNow += sizeof(sidWorld);
1696 }
1697 if (RequestedInformation & DACL_SECURITY_INFORMATION)
1698 {
1699 GetWorldAccessACL((PACL) (pBuffer + iLocNow));
1700 pSDRelative->Dacl = iLocNow;
1701 iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1702 }
1703 if (RequestedInformation & SACL_SECURITY_INFORMATION)
1704 {
1705 GetWorldAccessACL((PACL) (pBuffer + iLocNow));
1706 pSDRelative->Sacl = iLocNow;
1707 /* iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL; */
1708 }
1709 return TRUE;
1710 }
1711
1712
1713 /******************************************************************************
1714 * LookupAccountSidA [ADVAPI32.@]
1715 */
1716 BOOL WINAPI
1717 LookupAccountSidA(
1718 IN LPCSTR system,
1719 IN PSID sid,
1720 OUT LPSTR account,
1721 IN OUT LPDWORD accountSize,
1722 OUT LPSTR domain,
1723 IN OUT LPDWORD domainSize,
1724 OUT PSID_NAME_USE name_use )
1725 {
1726 DWORD len;
1727 BOOL r;
1728 LPWSTR systemW = NULL;
1729 LPWSTR accountW = NULL;
1730 LPWSTR domainW = NULL;
1731 DWORD accountSizeW = *accountSize * sizeof(WCHAR);
1732 DWORD domainSizeW = *domainSize * sizeof(WCHAR);
1733
1734 TRACE("(%s,sid=%s,%p,%p(%lu),%p,%p(%lu),%p)\n",
1735 debugstr_a(system),debugstr_sid(sid),
1736 account,accountSize,accountSize?*accountSize:0,
1737 domain,domainSize,domainSize?*domainSize:0,
1738 name_use);
1739
1740 if (system) {
1741 len = MultiByteToWideChar( CP_ACP, 0, system, -1, NULL, 0 );
1742 systemW = HeapAlloc( GetProcessHeap(), 0, (len+1)*sizeof(WCHAR) );
1743 MultiByteToWideChar( CP_ACP, 0, system, -1, systemW, len );
1744 }
1745 accountW = HeapAlloc( GetProcessHeap(), 0, accountSizeW );
1746 domainW = HeapAlloc( GetProcessHeap(), 0, domainSizeW );
1747
1748 r = LookupAccountSidW(systemW, sid, accountW, &accountSizeW, domainW, &domainSizeW, name_use );
1749
1750 if (r) {
1751 len = WideCharToMultiByte( CP_ACP, 0, accountW, -1, NULL, 0, NULL, NULL );
1752 WideCharToMultiByte( CP_ACP, 0, accountW, -1, account, len, NULL, NULL );
1753 *accountSize = len;
1754
1755 len = WideCharToMultiByte( CP_ACP, 0, domainW, -1, NULL, 0, NULL, NULL );
1756 WideCharToMultiByte( CP_ACP, 0, domainW, -1, domain, len, NULL, NULL );
1757 *domainSize = len;
1758 }
1759
1760 HeapFree( GetProcessHeap(), 0, systemW );
1761 HeapFree( GetProcessHeap(), 0, accountW );
1762 HeapFree( GetProcessHeap(), 0, domainW );
1763
1764 return r;
1765 }
1766
1767 /******************************************************************************
1768 * LookupAccountSidW [ADVAPI32.@]
1769 *
1770 * PARAMS
1771 * system []
1772 * sid []
1773 * account []
1774 * accountSize []
1775 * domain []
1776 * domainSize []
1777 * name_use []
1778 */
1779
1780 BOOL WINAPI
1781 LookupAccountSidW(
1782 IN LPCWSTR system,
1783 IN PSID sid,
1784 OUT LPWSTR account,
1785 IN OUT LPDWORD accountSize,
1786 OUT LPWSTR domain,
1787 IN OUT LPDWORD domainSize,
1788 OUT PSID_NAME_USE name_use )
1789 {
1790 int i, j;
1791 const WCHAR * ac = Administrator; /* FIXME */
1792 const WCHAR * dm = DOMAIN; /* FIXME */
1793 SID_NAME_USE use = SidTypeUser; /* FIXME */
1794
1795 TRACE("(%s,sid=%s,%p,%p(%lu),%p,%p(%lu),%p)\n",
1796 debugstr_w(system),debugstr_sid(sid),
1797 account,accountSize,accountSize?*accountSize:0,
1798 domain,domainSize,domainSize?*domainSize:0,
1799 name_use);
1800
1801 if (!ADVAPI_IsLocalComputer(system)) {
1802 FIXME("Only local computer supported!\n");
1803 SetLastError(ERROR_NONE_MAPPED);
1804 return FALSE;
1805 }
1806
1807 for (i = 0; i <= 60; i++) {
1808 if (IsWellKnownSid(sid, i)) {
1809 for (j = 0; j < (sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0])); j++) {
1810 if (ACCOUNT_SIDS[j].type == i) {
1811 ac = ACCOUNT_SIDS[j].account;
1812 dm = ACCOUNT_SIDS[j].domain;
1813 use = ACCOUNT_SIDS[j].name_use;
1814 }
1815 }
1816 break;
1817 }
1818 }
1819
1820 *accountSize = strlenW(ac)+1;
1821 if (account && (*accountSize > strlenW(ac)))
1822 strcpyW(account, ac);
1823
1824 *domainSize = strlenW(dm)+1;
1825 if (domain && (*domainSize > strlenW(dm)))
1826 strcpyW(domain,dm);
1827
1828 *name_use = use;
1829 return TRUE;
1830 }
1831
1832 /******************************************************************************
1833 * SetFileSecurityA [ADVAPI32.@]
1834 *
1835 * See SetFileSecurityW.
1836 */
1837 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
1838 SECURITY_INFORMATION RequestedInformation,
1839 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1840 {
1841 DWORD len;
1842 BOOL r;
1843 LPWSTR name = NULL;
1844
1845 if( lpFileName )
1846 {
1847 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1848 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1849 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1850 }
1851
1852 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor );
1853 HeapFree( GetProcessHeap(), 0, name );
1854
1855 return r;
1856 }
1857
1858 /******************************************************************************
1859 * SetFileSecurityW [ADVAPI32.@]
1860 *
1861 * Sets the security of a file or directory.
1862 *
1863 * PARAMS
1864 * lpFileName []
1865 * RequestedInformation []
1866 * pSecurityDescriptor []
1867 *
1868 * RETURNS
1869 * Success: TRUE.
1870 * Failure: FALSE.
1871 */
1872 BOOL WINAPI
1873 SetFileSecurityW( LPCWSTR lpFileName,
1874 SECURITY_INFORMATION RequestedInformation,
1875 PSECURITY_DESCRIPTOR pSecurityDescriptor )
1876 {
1877 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1878 return TRUE;
1879 }
1880
1881 /******************************************************************************
1882 * QueryWindows31FilesMigration [ADVAPI32.@]
1883 *
1884 * PARAMS
1885 * x1 []
1886 */
1887 BOOL WINAPI
1888 QueryWindows31FilesMigration( DWORD x1 )
1889 {
1890 FIXME("(%ld):stub\n",x1);
1891 return TRUE;
1892 }
1893
1894 /******************************************************************************
1895 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1896 *
1897 * PARAMS
1898 * x1 []
1899 * x2 []
1900 * x3 []
1901 * x4 []
1902 */
1903 BOOL WINAPI
1904 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1905 DWORD x4 )
1906 {
1907 FIXME("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1,x2,x3,x4);
1908 return TRUE;
1909 }
1910
1911 /******************************************************************************
1912 * NotifyBootConfigStatus [ADVAPI32.@]
1913 *
1914 * PARAMS
1915 * x1 []
1916 */
1917 BOOL WINAPI
1918 NotifyBootConfigStatus( BOOL x1 )
1919 {
1920 FIXME("(0x%08d):stub\n",x1);
1921 return 1;
1922 }
1923
1924 /******************************************************************************
1925 * RevertToSelf [ADVAPI32.@]
1926 *
1927 * Ends the impersonation of a user.
1928 *
1929 * PARAMS
1930 * void []
1931 *
1932 * RETURNS
1933 * Success: TRUE.
1934 * Failure: FALSE.
1935 */
1936 BOOL WINAPI
1937 RevertToSelf( void )
1938 {
1939 HANDLE Token = NULL;
1940 return set_ntstatus( NtSetInformationThread( GetCurrentThread(),
1941 ThreadImpersonationToken, &Token, sizeof(Token) ) );
1942 }
1943
1944 /******************************************************************************
1945 * ImpersonateSelf [ADVAPI32.@]
1946 *
1947 * Makes an impersonation token that represents the process user and assigns
1948 * to the current thread.
1949 *
1950 * PARAMS
1951 * ImpersonationLevel [I] Level at which to impersonate.
1952 *
1953 * RETURNS
1954 * Success: TRUE.
1955 * Failure: FALSE.
1956 */
1957 BOOL WINAPI
1958 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1959 {
1960 return set_ntstatus( RtlImpersonateSelf( ImpersonationLevel ) );
1961 }
1962
1963 /******************************************************************************
1964 * ImpersonateLoggedOnUser [ADVAPI32.@]
1965 */
1966 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
1967 {
1968 DWORD size;
1969 NTSTATUS Status;
1970 HANDLE ImpersonationToken;
1971 TOKEN_TYPE Type;
1972
1973 FIXME( "(%p)\n", hToken );
1974
1975 if (!GetTokenInformation( hToken, TokenType, &Type,
1976 sizeof(TOKEN_TYPE), &size ))
1977 return FALSE;
1978
1979 if (Type == TokenPrimary)
1980 {
1981 OBJECT_ATTRIBUTES ObjectAttributes;
1982
1983 InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL );
1984
1985 Status = NtDuplicateToken( hToken,
1986 TOKEN_IMPERSONATE | TOKEN_QUERY,
1987 &ObjectAttributes,
1988 SecurityImpersonation,
1989 TokenImpersonation,
1990 &ImpersonationToken );
1991 if (Status != STATUS_SUCCESS)
1992 {
1993 ERR( "NtDuplicateToken failed with error 0x%08lx\n", Status );
1994 SetLastError( RtlNtStatusToDosError( Status ) );
1995 return FALSE;
1996 }
1997 }
1998 else
1999 ImpersonationToken = hToken;
2000
2001 Status = NtSetInformationThread( GetCurrentThread(),
2002 ThreadImpersonationToken,
2003 &ImpersonationToken,
2004 sizeof(ImpersonationToken) );
2005
2006 if (Type == TokenPrimary)
2007 NtClose( ImpersonationToken );
2008
2009 if (Status != STATUS_SUCCESS)
2010 {
2011 ERR( "NtSetInformationThread failed with error 0x%08lx\n", Status );
2012 SetLastError( RtlNtStatusToDosError( Status ) );
2013 return FALSE;
2014 }
2015
2016 return TRUE;
2017 }
2018
2019 /******************************************************************************
2020 * AccessCheck [ADVAPI32.@]
2021 */
2022 BOOL WINAPI
2023 AccessCheck(
2024 PSECURITY_DESCRIPTOR SecurityDescriptor,
2025 HANDLE ClientToken,
2026 DWORD DesiredAccess,
2027 PGENERIC_MAPPING GenericMapping,
2028 PPRIVILEGE_SET PrivilegeSet,
2029 LPDWORD PrivilegeSetLength,
2030 LPDWORD GrantedAccess,
2031 LPBOOL AccessStatus)
2032 {
2033 NTSTATUS access_status;
2034 BOOL ret = set_ntstatus( NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
2035 GenericMapping, PrivilegeSet, PrivilegeSetLength,
2036 GrantedAccess, &access_status) );
2037 if (ret) *AccessStatus = set_ntstatus( access_status );
2038 return ret;
2039 }
2040
2041
2042 /******************************************************************************
2043 * AccessCheckByType [ADVAPI32.@]
2044 */
2045 BOOL WINAPI AccessCheckByType(
2046 PSECURITY_DESCRIPTOR pSecurityDescriptor,
2047 PSID PrincipalSelfSid,
2048 HANDLE ClientToken,
2049 DWORD DesiredAccess,
2050 POBJECT_TYPE_LIST ObjectTypeList,
2051 DWORD ObjectTypeListLength,
2052 PGENERIC_MAPPING GenericMapping,
2053 PPRIVILEGE_SET PrivilegeSet,
2054 LPDWORD PrivilegeSetLength,
2055 LPDWORD GrantedAccess,
2056 LPBOOL AccessStatus)
2057 {
2058 FIXME("stub\n");
2059
2060 *AccessStatus = TRUE;
2061
2062 return !*AccessStatus;
2063 }
2064
2065 /******************************************************************************
2066 * MapGenericMask [ADVAPI32.@]
2067 *
2068 * Maps generic access rights into specific access rights according to the
2069 * supplied mapping.
2070 *
2071 * PARAMS
2072 * AccessMask [I/O] Access rights.
2073 * GenericMapping [I] The mapping between generic and specific rights.
2074 *
2075 * RETURNS
2076 * Nothing.
2077 */
2078 VOID WINAPI MapGenericMask( PDWORD AccessMask, PGENERIC_MAPPING GenericMapping )
2079 {
2080 RtlMapGenericMask( AccessMask, GenericMapping );
2081 }
2082
2083 /*************************************************************************
2084 * SetKernelObjectSecurity [ADVAPI32.@]
2085 */
2086 BOOL WINAPI SetKernelObjectSecurity (
2087 IN HANDLE Handle,
2088 IN SECURITY_INFORMATION SecurityInformation,
2089 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
2090 {
2091 return set_ntstatus (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
2092 }
2093
2094
2095 /******************************************************************************
2096 * AddAuditAccessAce [ADVAPI32.@]
2097 */
2098 BOOL WINAPI AddAuditAccessAce(
2099 IN OUT PACL pAcl,
2100 IN DWORD dwAceRevision,
2101 IN DWORD dwAccessMask,
2102 IN PSID pSid,
2103 IN BOOL bAuditSuccess,
2104 IN BOOL bAuditFailure)
2105 {
2106 return set_ntstatus( RtlAddAuditAccessAce(pAcl, dwAceRevision, dwAccessMask, pSid,
2107 bAuditSuccess, bAuditFailure) );
2108 }
2109
2110 /******************************************************************************
2111 * LookupAccountNameA [ADVAPI32.@]
2112 */
2113 BOOL WINAPI
2114 LookupAccountNameA(
2115 IN LPCSTR system,
2116 IN LPCSTR account,
2117 OUT PSID sid,
2118 OUT LPDWORD cbSid,
2119 LPSTR ReferencedDomainName,
2120 IN OUT LPDWORD cbReferencedDomainName,
2121 OUT PSID_NAME_USE name_use )
2122 {
2123 BOOL ret;
2124 UNICODE_STRING lpSystemW;
2125 UNICODE_STRING lpAccountW;
2126 LPWSTR lpReferencedDomainNameW = NULL;
2127
2128 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, system);
2129 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, account);
2130
2131 if (ReferencedDomainName)
2132 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(), 0, *cbReferencedDomainName * sizeof(WCHAR));
2133
2134 ret = LookupAccountNameW(lpSystemW.Buffer, lpAccountW.Buffer, sid, cbSid, lpReferencedDomainNameW,
2135 cbReferencedDomainName, name_use);
2136
2137 if (ret && lpReferencedDomainNameW)
2138 {
2139 WideCharToMultiByte(CP_ACP, 0, lpReferencedDomainNameW, *cbReferencedDomainName,
2140 ReferencedDomainName, *cbReferencedDomainName, NULL, NULL);
2141 }
2142
2143 RtlFreeUnicodeString(&lpSystemW);
2144 RtlFreeUnicodeString(&lpAccountW);
2145 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
2146
2147 return ret;
2148 }
2149
2150 /******************************************************************************
2151 * LookupAccountNameW [ADVAPI32.@]
2152 */
2153 BOOL WINAPI LookupAccountNameW( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid,
2154 LPDWORD cbSid, LPWSTR ReferencedDomainName,
2155 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
2156 {
2157 /* Default implementation: Always return a default SID */
2158 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
2159 BOOL ret;
2160 PSID pSid;
2161 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
2162
2163 FIXME("%s %s %p %p %p %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpAccountName),
2164 Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse);
2165
2166 ret = AllocateAndInitializeSid(&identifierAuthority,
2167 2,
2168 SECURITY_BUILTIN_DOMAIN_RID,
2169 DOMAIN_ALIAS_RID_ADMINS,
2170 0, 0, 0, 0, 0, 0,
2171 &pSid);
2172
2173 if (!ret)
2174 return FALSE;
2175
2176 if (!RtlValidSid(pSid))
2177 {
2178 FreeSid(pSid);
2179 return FALSE;
2180 }
2181
2182 if (Sid != NULL && (*cbSid >= GetLengthSid(pSid)))
2183 CopySid(*cbSid, Sid, pSid);
2184 if (*cbSid < GetLengthSid(pSid))
2185 {
2186 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2187 ret = FALSE;
2188 }
2189 *cbSid = GetLengthSid(pSid);
2190
2191 if (ReferencedDomainName != NULL && (*cchReferencedDomainName > strlenW(dm)))
2192 strcpyW(ReferencedDomainName, dm);
2193
2194 if (*cchReferencedDomainName <= strlenW(dm))
2195 {
2196 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2197 ret = FALSE;
2198 }
2199
2200 *cchReferencedDomainName = strlenW(dm)+1;
2201
2202 FreeSid(pSid);
2203
2204 return ret;
2205 }
2206
2207 /******************************************************************************
2208 * PrivilegeCheck [ADVAPI32.@]
2209 */
2210 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
2211 {
2212 BOOL ret;
2213 BOOLEAN Result;
2214
2215 TRACE("%p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
2216
2217 ret = set_ntstatus (NtPrivilegeCheck (ClientToken, RequiredPrivileges, &Result));
2218 if (ret)
2219 *pfResult = Result;
2220 return ret;
2221 }
2222
2223 /******************************************************************************
2224 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
2225 */
2226 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
2227 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
2228 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
2229 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
2230 {
2231 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
2232 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
2233 SecurityDescriptor, DesiredAccess, GenericMapping,
2234 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
2235 return TRUE;
2236 }
2237
2238 /******************************************************************************
2239 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
2240 */
2241 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
2242 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
2243 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
2244 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
2245 {
2246 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
2247 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
2248 SecurityDescriptor, DesiredAccess, GenericMapping,
2249 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
2250 return TRUE;
2251 }
2252
2253 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2254 {
2255 FIXME("stub (%s,%p,%x)\n", debugstr_a(SubsystemName), HandleId, GenerateOnClose);
2256
2257 return TRUE;
2258 }
2259
2260 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2261 {
2262 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
2263
2264 return TRUE;
2265 }
2266
2267 BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2268 {
2269 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
2270
2271 return TRUE;
2272 }
2273
2274 BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName,
2275 LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
2276 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
2277 LPBOOL GenerateOnClose)
2278 {
2279 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_a(SubsystemName),
2280 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), pSecurityDescriptor,
2281 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
2282 GenerateOnClose);
2283
2284 return TRUE;
2285 }
2286
2287 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName,
2288 LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
2289 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
2290 LPBOOL GenerateOnClose)
2291 {
2292 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_w(SubsystemName),
2293 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), pSecurityDescriptor,
2294 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
2295 GenerateOnClose);
2296
2297 return TRUE;
2298 }
2299
2300 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
2301 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2302 {
2303 FIXME("stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_a(SubsystemName), HandleId, ClientToken,
2304 DesiredAccess, Privileges, AccessGranted);
2305
2306 return TRUE;
2307 }
2308
2309 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
2310 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2311 {
2312 FIXME("stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_w(SubsystemName), HandleId, ClientToken,
2313 DesiredAccess, Privileges, AccessGranted);
2314
2315 return TRUE;
2316 }
2317
2318 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken,
2319 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2320 {
2321 FIXME("stub (%s,%s,%p,%p,%x)\n", debugstr_a(SubsystemName), debugstr_a(ServiceName),
2322 ClientToken, Privileges, AccessGranted);
2323
2324 return TRUE;
2325 }
2326
2327 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken,
2328 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
2329 {
2330 FIXME("stub %s,%s,%p,%p,%x)\n", debugstr_w(SubsystemName), debugstr_w(ServiceName),
2331 ClientToken, Privileges, AccessGranted);
2332
2333 return TRUE;
2334 }
2335
2336 /******************************************************************************
2337 * GetSecurityInfo [ADVAPI32.@]
2338 */
2339 DWORD WINAPI GetSecurityInfo(
2340 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
2341 SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner,
2342 PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl,
2343 PSECURITY_DESCRIPTOR *ppSecurityDescriptor
2344 )
2345 {
2346 FIXME("stub!\n");
2347 return ERROR_BAD_PROVIDER;
2348 }
2349
2350 /******************************************************************************
2351 * GetSecurityInfoExW [ADVAPI32.@]
2352 */
2353 DWORD WINAPI GetSecurityInfoExW(
2354 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
2355 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
2356 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
2357 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
2358 )
2359 {
2360 FIXME("stub!\n");
2361 return ERROR_BAD_PROVIDER;
2362 }
2363
2364 /******************************************************************************
2365 * BuildExplicitAccessWithNameA [ADVAPI32.@]
2366 */
2367 VOID WINAPI BuildExplicitAccessWithNameA( PEXPLICIT_ACCESSA pExplicitAccess,
2368 LPSTR pTrusteeName, DWORD AccessPermissions,
2369 ACCESS_MODE AccessMode, DWORD Inheritance )
2370 {
2371 TRACE("%p %s 0x%08lx 0x%08x 0x%08lx\n", pExplicitAccess, debugstr_a(pTrusteeName),
2372 AccessPermissions, AccessMode, Inheritance);
2373
2374 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2375 pExplicitAccess->grfAccessMode = AccessMode;
2376 pExplicitAccess->grfInheritance = Inheritance;
2377
2378 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2379 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2380 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2381 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2382 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2383 }
2384
2385 /******************************************************************************
2386 * BuildExplicitAccessWithNameW [ADVAPI32.@]
2387 */
2388 VOID WINAPI BuildExplicitAccessWithNameW( PEXPLICIT_ACCESSW pExplicitAccess,
2389 LPWSTR pTrusteeName, DWORD AccessPermissions,
2390 ACCESS_MODE AccessMode, DWORD Inheritance )
2391 {
2392 TRACE("%p %s 0x%08lx 0x%08x 0x%08lx\n", pExplicitAccess, debugstr_w(pTrusteeName),
2393 AccessPermissions, AccessMode, Inheritance);
2394
2395 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2396 pExplicitAccess->grfAccessMode = AccessMode;
2397 pExplicitAccess->grfInheritance = Inheritance;
2398
2399 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2400 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2401 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2402 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2403 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2404 }
2405
2406 /******************************************************************************
2407 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
2408 */
2409 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
2410 SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
2411 LPSTR InheritedObjectTypeName, LPSTR Name )
2412 {
2413 DWORD ObjectsPresent = 0;
2414
2415 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2416 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
2417
2418 /* Fill the OBJECTS_AND_NAME structure */
2419 pObjName->ObjectType = ObjectType;
2420 if (ObjectTypeName != NULL)
2421 {
2422 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2423 }
2424
2425 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2426 if (InheritedObjectTypeName != NULL)
2427 {
2428 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2429 }
2430
2431 pObjName->ObjectsPresent = ObjectsPresent;
2432 pObjName->ptstrName = Name;
2433
2434 /* Fill the TRUSTEE structure */
2435 pTrustee->pMultipleTrustee = NULL;
2436 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2437 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2438 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2439 pTrustee->ptstrName = (LPSTR)pObjName;
2440 }
2441
2442 /******************************************************************************
2443 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
2444 */
2445 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
2446 SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
2447 LPWSTR InheritedObjectTypeName, LPWSTR Name )
2448 {
2449 DWORD ObjectsPresent = 0;
2450
2451 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2452 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
2453
2454 /* Fill the OBJECTS_AND_NAME structure */
2455 pObjName->ObjectType = ObjectType;
2456 if (ObjectTypeName != NULL)
2457 {
2458 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2459 }
2460
2461 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2462 if (InheritedObjectTypeName != NULL)
2463 {
2464 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2465 }
2466
2467 pObjName->ObjectsPresent = ObjectsPresent;
2468 pObjName->ptstrName = Name;
2469
2470 /* Fill the TRUSTEE structure */
2471 pTrustee->pMultipleTrustee = NULL;
2472 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2473 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2474 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2475 pTrustee->ptstrName = (LPWSTR)pObjName;
2476 }
2477
2478 /******************************************************************************
2479 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
2480 */
2481 VOID WINAPI BuildTrusteeWithObjectsAndSidA( PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid,
2482 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2483 {
2484 DWORD ObjectsPresent = 0;
2485
2486 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2487
2488 /* Fill the OBJECTS_AND_SID structure */
2489 if (pObjectGuid != NULL)
2490 {
2491 pObjSid->ObjectTypeGuid = *pObjectGuid;
2492 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2493 }
2494 else
2495 {
2496 ZeroMemory(&pObjSid->ObjectTypeGuid,
2497 sizeof(GUID));
2498 }
2499
2500 if (pInheritedObjectGuid != NULL)
2501 {
2502 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2503 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2504 }
2505 else
2506 {
2507 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2508 sizeof(GUID));
2509 }
2510
2511 pObjSid->ObjectsPresent = ObjectsPresent;
2512 pObjSid->pSid = pSid;
2513
2514 /* Fill the TRUSTEE structure */
2515 pTrustee->pMultipleTrustee = NULL;
2516 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2517 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2518 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2519 pTrustee->ptstrName = (LPSTR) pObjSid;
2520 }
2521
2522 /******************************************************************************
2523 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
2524 */
2525 VOID WINAPI BuildTrusteeWithObjectsAndSidW( PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid,
2526 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2527 {
2528 DWORD ObjectsPresent = 0;
2529
2530 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2531
2532 /* Fill the OBJECTS_AND_SID structure */
2533 if (pObjectGuid != NULL)
2534 {
2535 pObjSid->ObjectTypeGuid = *pObjectGuid;
2536 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2537 }
2538 else
2539 {
2540 ZeroMemory(&pObjSid->ObjectTypeGuid,
2541 sizeof(GUID));
2542 }
2543
2544 if (pInheritedObjectGuid != NULL)
2545 {
2546 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2547 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2548 }
2549 else
2550 {
2551 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2552 sizeof(GUID));
2553 }
2554
2555 pObjSid->ObjectsPresent = ObjectsPresent;
2556 pObjSid->pSid = pSid;
2557
2558 /* Fill the TRUSTEE structure */
2559 pTrustee->pMultipleTrustee = NULL;
2560 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2561 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2562 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2563 pTrustee->ptstrName = (LPWSTR) pObjSid;
2564 }
2565
2566 /******************************************************************************
2567 * BuildTrusteeWithSidA [ADVAPI32.@]
2568 */
2569 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
2570 {
2571 TRACE("%p %p\n", pTrustee, pSid);
2572
2573 pTrustee->pMultipleTrustee = NULL;
2574 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2575 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2576 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2577 pTrustee->ptstrName = (LPSTR) pSid;
2578 }
2579
2580 /******************************************************************************
2581 * BuildTrusteeWithSidW [ADVAPI32.@]
2582 */
2583 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
2584 {
2585 TRACE("%p %p\n", pTrustee, pSid);
2586
2587 pTrustee->pMultipleTrustee = NULL;
2588 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2589 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2590 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2591 pTrustee->ptstrName = (LPWSTR) pSid;
2592 }
2593
2594 /******************************************************************************
2595 * BuildTrusteeWithNameA [ADVAPI32.@]
2596 */
2597 VOID WINAPI BuildTrusteeWithNameA(PTRUSTEEA pTrustee, LPSTR name)
2598 {
2599 TRACE("%p %s\n", pTrustee, debugstr_a(name) );
2600
2601 pTrustee->pMultipleTrustee = NULL;
2602 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2603 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2604 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2605 pTrustee->ptstrName = name;
2606 }
2607
2608 /******************************************************************************
2609 * BuildTrusteeWithNameW [ADVAPI32.@]
2610 */
2611 VOID WINAPI BuildTrusteeWithNameW(PTRUSTEEW pTrustee, LPWSTR name)
2612 {
2613 TRACE("%p %s\n", pTrustee, debugstr_w(name) );
2614
2615 pTrustee->pMultipleTrustee = NULL;
2616 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2617 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2618 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2619 pTrustee->ptstrName = name;
2620 }
2621
2622 /******************************************************************************
2623 * GetTrusteeFormA [ADVAPI32.@]
2624 */
2625 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
2626 {
2627 TRACE("(%p)\n", pTrustee);
2628
2629 if (!pTrustee)
2630 return TRUSTEE_BAD_FORM;
2631
2632 return pTrustee->TrusteeForm;
2633 }
2634
2635 /******************************************************************************
2636 * GetTrusteeFormW [ADVAPI32.@]
2637 */
2638 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
2639 {
2640 TRACE("(%p)\n", pTrustee);
2641
2642 if (!pTrustee)
2643 return TRUSTEE_BAD_FORM;
2644
2645 return pTrustee->TrusteeForm;
2646 }
2647
2648 /******************************************************************************
2649 * GetTrusteeNameA [ADVAPI32.@]
2650 */
2651 LPSTR WINAPI GetTrusteeNameA(PTRUSTEEA pTrustee)
2652 {
2653 TRACE("(%p)\n", pTrustee);
2654
2655 if (!pTrustee)
2656 return NULL;
2657
2658 return pTrustee->ptstrName;
2659 }
2660
2661 /******************************************************************************
2662 * GetTrusteeNameW [ADVAPI32.@]
2663 */
2664 LPWSTR WINAPI GetTrusteeNameW(PTRUSTEEW pTrustee)
2665 {
2666 TRACE("(%p)\n", pTrustee);
2667
2668 if (!pTrustee)
2669 return NULL;
2670
2671 return pTrustee->ptstrName;
2672 }
2673
2674 /******************************************************************************
2675 * GetTrusteeTypeA [ADVAPI32.@]
2676 */
2677 TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEEA pTrustee)
2678 {
2679 TRACE("(%p)\n", pTrustee);
2680
2681 if (!pTrustee)
2682 return TRUSTEE_IS_UNKNOWN;
2683
2684 return pTrustee->TrusteeType;
2685 }
2686
2687 /******************************************************************************
2688 * GetTrusteeTypeW [ADVAPI32.@]
2689 */
2690 TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEEW pTrustee)
2691 {
2692 TRACE("(%p)\n", pTrustee);
2693
2694 if (!pTrustee)
2695 return TRUSTEE_IS_UNKNOWN;
2696
2697 return pTrustee->TrusteeType;
2698 }
2699
2700 BOOL WINAPI SetAclInformation( PACL pAcl, LPVOID pAclInformation,
2701 DWORD nAclInformationLength,
2702 ACL_INFORMATION_CLASS dwAclInformationClass )
2703 {
2704 FIXME("%p %p 0x%08lx 0x%08x - stub\n", pAcl, pAclInformation,
2705 nAclInformationLength, dwAclInformationClass);
2706
2707 return TRUE;
2708 }
2709
2710 /******************************************************************************
2711 * SetEntriesInAclA [ADVAPI32.@]
2712 */
2713 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
2714 PACL OldAcl, PACL* NewAcl )
2715 {
2716 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
2717 return ERROR_CALL_NOT_IMPLEMENTED;
2718 }
2719
2720 /******************************************************************************
2721 * SetEntriesInAclW [ADVAPI32.@]
2722 */
2723 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
2724 PACL OldAcl, PACL* NewAcl )
2725 {
2726 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
2727 return ERROR_CALL_NOT_IMPLEMENTED;
2728 }
2729
2730 /******************************************************************************
2731 * SetNamedSecurityInfoA [ADVAPI32.@]
2732 */
2733 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
2734 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2735 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
2736 {
2737 DWORD len;
2738 LPWSTR wstr = NULL;
2739 DWORD r;
2740
2741 TRACE("%s %d %ld %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
2742 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
2743
2744 if( pObjectName )
2745 {
2746 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
2747 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
2748 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
2749 }
2750
2751 r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner,
2752 psidGroup, pDacl, pSacl );
2753
2754 HeapFree( GetProcessHeap(), 0, wstr );
2755
2756 return r;
2757 }
2758
2759 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION SecurityInformation,
2760 PSECURITY_DESCRIPTOR ModificationDescriptor,
2761 PSECURITY_DESCRIPTOR* ObjectsSecurityDescriptor,
2762 PGENERIC_MAPPING GenericMapping,
2763 HANDLE Token )
2764 {
2765 FIXME("0x%08lx %p %p %p %p - stub\n", SecurityInformation, ModificationDescriptor,
2766 ObjectsSecurityDescriptor, GenericMapping, Token);
2767
2768 return TRUE;
2769 }
2770
2771 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor,
2772 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
2773 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet )
2774 {
2775 FIXME("%p 0x%08x 0x%08x - stub\n", pSecurityDescriptor, ControlBitsOfInterest,
2776 ControlBitsToSet);
2777
2778 return TRUE;
2779 }
2780
2781 BOOL WINAPI AreAllAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
2782 {
2783 return RtlAreAllAccessesGranted( GrantedAccess, DesiredAccess );
2784 }
2785
2786 /******************************************************************************
2787 * AreAnyAccessesGranted [ADVAPI32.@]
2788 *
2789 * Determines whether or not any of a set of specified access permissions have
2790 * been granted or not.
2791 *
2792 * PARAMS
2793 * GrantedAccess [I] The permissions that have been granted.
2794 * DesiredAccess [I] The permissions that you want to have.
2795 *
2796 * RETURNS
2797 * Nonzero if any of the permissions have been granted, zero if none of the
2798 * permissions have been granted.
2799 */
2800
2801 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
2802 {
2803 return RtlAreAnyAccessesGranted( GrantedAccess, DesiredAccess );
2804 }
2805
2806 /******************************************************************************
2807 * SetNamedSecurityInfoW [ADVAPI32.@]
2808 */
2809 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
2810 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2811 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
2812 {
2813 FIXME("%s %d %ld %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
2814 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
2815 return ERROR_SUCCESS;
2816 }
2817
2818 /******************************************************************************
2819 * GetExplicitEntriesFromAclA [ADVAPI32.@]
2820 */
2821 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
2822 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
2823 {
2824 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
2825 return ERROR_CALL_NOT_IMPLEMENTED;
2826 }
2827
2828 /******************************************************************************
2829 * GetExplicitEntriesFromAclW [ADVAPI32.@]
2830 */
2831 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
2832 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
2833 {
2834 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
2835 return ERROR_CALL_NOT_IMPLEMENTED;
2836 }
2837
2838
2839 /******************************************************************************
2840 * ParseAclStringFlags
2841 */
2842 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
2843 {
2844 DWORD flags = 0;
2845 LPCWSTR szAcl = *StringAcl;
2846
2847 while (*szAcl != '(')
2848 {
2849 if (*szAcl == 'P')
2850 {
2851 flags |= SE_DACL_PROTECTED;
2852 }
2853 else if (*szAcl == 'A')
2854 {
2855 szAcl++;
2856 if (*szAcl == 'R')
2857 flags |= SE_DACL_AUTO_INHERIT_REQ;
2858 else if (*szAcl == 'I')
2859 flags |= SE_DACL_AUTO_INHERITED;
2860 }
2861 szAcl++;
2862 }
2863
2864 *StringAcl = szAcl;
2865 return flags;
2866 }
2867
2868 /******************************************************************************
2869 * ParseAceStringType
2870 */
2871 static const ACEFLAG AceType[] =
2872 {
2873 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
2874 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
2875 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
2876 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
2877 /*
2878 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
2879 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
2880 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
2881 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
2882 */
2883 { NULL, 0 },
2884 };
2885
2886 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
2887 {
2888 UINT len = 0;
2889 LPCWSTR szAcl = *StringAcl;
2890 const ACEFLAG *lpaf = AceType;
2891
2892 while (lpaf->wstr &&
2893 (len = strlenW(lpaf->wstr)) &&
2894 strncmpW(lpaf->wstr, szAcl, len))
2895 lpaf++;
2896
2897 if (!lpaf->wstr)
2898 return 0;
2899
2900 *StringAcl += len;
2901 return lpaf->value;
2902 }
2903
2904
2905 /******************************************************************************
2906 * ParseAceStringFlags
2907 */
2908 static const ACEFLAG AceFlags[] =
2909 {
2910 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
2911 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
2912 { SDDL_INHERITED, INHERITED_ACE },
2913 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
2914 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
2915 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
2916 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
2917 { NULL, 0 },
2918 };
2919
2920 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
2921 {
2922 UINT len = 0;
2923 BYTE flags = 0;
2924 LPCWSTR szAcl = *StringAcl;
2925
2926 while (*szAcl != ';')
2927 {
2928 const ACEFLAG *lpaf = AceFlags;
2929
2930 while (lpaf->wstr &&
2931 (len = strlenW(lpaf->wstr)) &&
2932 strncmpW(lpaf->wstr, szAcl, len))
2933 lpaf++;
2934
2935 if (!lpaf->wstr)
2936 return 0;
2937
2938 flags |= lpaf->value;
2939 szAcl += len;
2940 }
2941
2942 *StringAcl = szAcl;
2943 return flags;
2944 }
2945
2946
2947 /******************************************************************************
2948 * ParseAceStringRights
2949 */
2950 static const ACEFLAG AceRights[] =
2951 {
2952 { SDDL_GENERIC_ALL, GENERIC_ALL },
2953 { SDDL_GENERIC_READ, GENERIC_READ },
2954 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
2955 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
2956 { SDDL_READ_CONTROL, READ_CONTROL },
2957 { SDDL_STANDARD_DELETE, DELETE },
2958 { SDDL_WRITE_DAC, WRITE_DAC },
2959 { SDDL_WRITE_OWNER, WRITE_OWNER },
2960 { NULL, 0 },
2961 };
2962
2963 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
2964 {
2965 UINT len = 0;
2966 DWORD rights = 0;
2967 LPCWSTR szAcl = *StringAcl;
2968
2969 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2970 {
2971 LPCWSTR p = szAcl;
2972
2973 while (*p && *p != ';')
2974 p++;
2975
2976 if (p - szAcl <= 8)
2977 {
2978 rights = strtoulW(szAcl, NULL, 16);
2979 *StringAcl = p;
2980 }
2981 else
2982 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2983 }
2984 else
2985 {
2986 while (*szAcl != ';')
2987 {
2988 const ACEFLAG *lpaf = AceRights;
2989
2990 while (lpaf->wstr &&
2991 (len = strlenW(lpaf->wstr)) &&
2992 strncmpW(lpaf->wstr, szAcl, len))
2993 {
2994 lpaf++;
2995 }
2996
2997 if (!lpaf->wstr)
2998 return 0;
2999
3000 rights |= lpaf->value;
3001 szAcl += len;
3002 }
3003 }
3004
3005 *StringAcl = szAcl;
3006 return rights;
3007 }
3008
3009
3010 /******************************************************************************
3011 * ParseStringAclToAcl
3012 *
3013 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
3014 */
3015 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
3016 PACL pAcl, LPDWORD cBytes)
3017 {
3018 DWORD val;
3019 DWORD sidlen;
3020 DWORD length = sizeof(ACL);
3021 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
3022
3023 TRACE("%s\n", debugstr_w(StringAcl));
3024
3025 if (!StringAcl)
3026 return FALSE;
3027
3028 if (pAcl) /* pAce is only useful if we're setting values */
3029 pAce = (PACCESS_ALLOWED_ACE) ((LPBYTE)pAcl + sizeof(PACL));
3030
3031 /* Parse ACL flags */
3032 *lpdwFlags = ParseAclStringFlags(&StringAcl);
3033
3034 /* Parse ACE */
3035 while (*StringAcl == '(')
3036 {
3037 StringAcl++;
3038
3039 /* Parse ACE type */
3040 val = ParseAceStringType(&StringAcl);
3041 if (pAce)
3042 pAce->Header.AceType = (BYTE) val;
3043 if (*StringAcl != ';')
3044 goto lerr;
3045 StringAcl++;
3046
3047 /* Parse ACE flags */
3048 val = ParseAceStringFlags(&StringAcl);
3049 if (pAce)
3050 pAce->Header.AceFlags = (BYTE) val;
3051 if (*StringAcl != ';')
3052 goto lerr;
3053 StringAcl++;
3054
3055 /* Parse ACE rights */
3056 val = ParseAceStringRights(&StringAcl);
3057 if (pAce)
3058 pAce->Mask = val;
3059 if (*StringAcl != ';')
3060 goto lerr;
3061 StringAcl++;
3062
3063 /* Parse ACE object guid */
3064 if (*StringAcl != ';')
3065 {
3066 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
3067 goto lerr;
3068 }
3069 StringAcl++;
3070
3071 /* Parse ACE inherit object guid */
3072 if (*StringAcl != ';')
3073 {
3074 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
3075 goto lerr;
3076 }
3077 StringAcl++;
3078
3079 /* Parse ACE account sid */
3080 if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
3081 {
3082 while (*StringAcl && *StringAcl != ')')
3083 StringAcl++;
3084 }
3085
3086 if (*StringAcl != ')')
3087 goto lerr;
3088 StringAcl++;
3089
3090 length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
3091 }
3092
3093 *cBytes = length;
3094 return TRUE;
3095
3096 lerr:
3097 WARN("Invalid ACE string format\n");
3098 return FALSE;
3099 }
3100
3101
3102 /******************************************************************************
3103 * ParseStringSecurityDescriptorToSecurityDescriptor
3104 */
3105 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
3106 LPCWSTR StringSecurityDescriptor,
3107 SECURITY_DESCRIPTOR* SecurityDescriptor,
3108 LPDWORD cBytes)
3109 {
3110 BOOL bret = FALSE;
3111 WCHAR toktype;
3112 WCHAR tok[MAX_PATH];
3113 LPCWSTR lptoken;
3114 LPBYTE lpNext = NULL;
3115 DWORD len;
3116
3117 *cBytes = 0;
3118
3119 if (SecurityDescriptor)
3120 lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
3121
3122 while (*StringSecurityDescriptor)
3123 {
3124 toktype = *StringSecurityDescriptor;
3125
3126 /* Expect char identifier followed by ':' */
3127 StringSecurityDescriptor++;
3128 if (*StringSecurityDescriptor != ':')
3129 {
3130 SetLastError(ERROR_INVALID_PARAMETER);
3131 goto lend;
3132 }
3133 StringSecurityDescriptor++;
3134
3135 /* Extract token */
3136 lptoken = StringSecurityDescriptor;
3137 while (*lptoken && *lptoken != ':')
3138 lptoken++;
3139
3140 if (*lptoken)
3141 lptoken--;
3142
3143 len = lptoken - StringSecurityDescriptor;
3144 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
3145 tok[len] = 0;
3146
3147 switch (toktype)
3148 {
3149 case 'O':
3150 {
3151 DWORD bytes;
3152
3153 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
3154 goto lend;
3155
3156 if (SecurityDescriptor)
3157 {
3158 SecurityDescriptor->Owner = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
3159 lpNext += bytes; /* Advance to next token */
3160 }
3161
3162 *cBytes += bytes;
3163
3164 break;
3165 }
3166
3167 case 'G':
3168 {
3169 DWORD bytes;
3170
3171 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
3172 goto lend;
3173
3174 if (SecurityDescriptor)
3175 {
3176 SecurityDescriptor->Group = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
3177 lpNext += bytes; /* Advance to next token */
3178 }
3179
3180 *cBytes += bytes;
3181
3182 break;
3183 }
3184
3185 case 'D':
3186 {
3187 DWORD flags;
3188 DWORD bytes;
3189
3190 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
3191 goto lend;
3192
3193 if (SecurityDescriptor)
3194 {
3195 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
3196 SecurityDescriptor->Dacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
3197 lpNext += bytes; /* Advance to next token */
3198 }
3199
3200 *cBytes += bytes;
3201
3202 break;
3203 }
3204
3205 case 'S':
3206 {
3207 DWORD flags;
3208 DWORD bytes;
3209
3210 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
3211 goto lend;
3212
3213 if (SecurityDescriptor)
3214 {
3215 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
3216 SecurityDescriptor->Sacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
3217 lpNext += bytes; /* Advance to next token */
3218 }
3219
3220 *cBytes += bytes;
3221
3222 break;
3223 }
3224
3225 default:
3226 FIXME("Unknown token\n");
3227 SetLastError(ERROR_INVALID_PARAMETER);
3228 goto lend;
3229 }
3230
3231 StringSecurityDescriptor = lptoken;
3232 }
3233
3234 bret = TRUE;
3235
3236 lend:
3237 return bret;
3238 }
3239
3240 /******************************************************************************
3241 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
3242 */
3243 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(
3244 LPCSTR StringSecurityDescriptor,
3245 DWORD StringSDRevision,
3246 PSECURITY_DESCRIPTOR* SecurityDescriptor,
3247 PULONG SecurityDescriptorSize)
3248 {
3249 UINT len;
3250 BOOL ret = FALSE;
3251 LPWSTR StringSecurityDescriptorW;
3252
3253 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
3254 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
3255
3256 if (StringSecurityDescriptorW)
3257 {
3258 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
3259
3260 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
3261 StringSDRevision, SecurityDescriptor,
3262 SecurityDescriptorSize);
3263 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
3264 }
3265
3266 return ret;
3267 }
3268
3269 /******************************************************************************
3270 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
3271 */
3272 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
3273 LPCWSTR StringSecurityDescriptor,
3274 DWORD StringSDRevision,
3275 PSECURITY_DESCRIPTOR* SecurityDescriptor,
3276 PULONG SecurityDescriptorSize)
3277 {
3278 DWORD cBytes;
3279 SECURITY_DESCRIPTOR* psd;
3280 BOOL bret = FALSE;
3281
3282 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
3283
3284 if (GetVersion() & 0x80000000)
3285 {
3286 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3287 goto lend;
3288 }
3289 else if (StringSDRevision != SID_REVISION)
3290 {
3291 SetLastError(ERROR_UNKNOWN_REVISION);
3292 goto lend;
3293 }
3294
3295 /* Compute security descriptor length */
3296 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3297 NULL, &cBytes))
3298 goto lend;
3299
3300 psd = *SecurityDescriptor = (SECURITY_DESCRIPTOR*) LocalAlloc(
3301 GMEM_ZEROINIT, cBytes);
3302
3303 psd->Revision = SID_REVISION;
3304 psd->Control |= SE_SELF_RELATIVE;
3305
3306 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3307 psd, &cBytes))
3308 {
3309 LocalFree(psd);
3310 goto lend;
3311 }
3312
3313 if (SecurityDescriptorSize)
3314 *SecurityDescriptorSize = cBytes;
3315
3316 bret = TRUE;
3317
3318 lend:
3319 TRACE(" ret=%d\n", bret);
3320 return bret;
3321 }
3322
3323 /******************************************************************************
3324 * ConvertStringSidToSidW [ADVAPI32.@]
3325 */
3326 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
3327 {
3328 BOOL bret = FALSE;
3329 DWORD cBytes;
3330
3331 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
3332 if (GetVersion() & 0x80000000)
3333 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3334 else if (!StringSid || !Sid)
3335 SetLastError(ERROR_INVALID_PARAMETER);
3336 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
3337 {
3338 PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
3339
3340 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
3341 if (!bret)
3342 LocalFree(*Sid);
3343 }
3344 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3345 return bret;
3346 }
3347
3348 /******************************************************************************
3349 * ConvertStringSidToSidA [ADVAPI32.@]
3350 */
3351 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
3352 {
3353 BOOL bret = FALSE;
3354
3355 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
3356 if (GetVersion() & 0x80000000)
3357 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3358 else if (!StringSid || !Sid)
3359 SetLastError(ERROR_INVALID_PARAMETER);
3360 else
3361 {
3362 UINT len = MultiByteToWideChar(CP_ACP, 0, StringSid, -1, NULL, 0);
3363 LPWSTR wStringSid = HeapAlloc(GetProcessHeap(), 0,
3364 len * sizeof(WCHAR));
3365
3366 MultiByteToWideChar(CP_ACP, 0, StringSid, -1, wStringSid, len);
3367 bret = ConvertStringSidToSidW(wStringSid, Sid);
3368 HeapFree(GetProcessHeap(), 0, wStringSid);
3369 }
3370 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3371 return bret;
3372 }
3373
3374 /******************************************************************************
3375 * ConvertSidToStringSidW [ADVAPI32.@]
3376 *
3377 * format of SID string is:
3378 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
3379 * where
3380 * <rev> is the revision of the SID encoded as decimal
3381 * <auth> is the identifier authority encoded as hex
3382 * <subauthN> is the subauthority id encoded as decimal
3383 */
3384 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr )
3385 {
3386 DWORD sz, i;
3387 LPWSTR str;
3388 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
3389 WCHAR subauthfmt[] = { '-','%','u',0 };
3390 SID* pisid=pSid;
3391
3392 TRACE("%p %p\n", pSid, pstr );
3393
3394 if( !IsValidSid( pSid ) )
3395 return FALSE;
3396
3397 if (pisid->Revision != SDDL_REVISION)
3398 return FALSE;
3399 if (pisid->IdentifierAuthority.Value[0] ||
3400 pisid->IdentifierAuthority.Value[1])
3401 {
3402 FIXME("not matching MS' bugs\n");
3403 return FALSE;
3404 }
3405
3406 sz = 14 + pisid->SubAuthorityCount * 11;
3407 str = LocalAlloc( 0, sz*sizeof(WCHAR) );
3408 sprintfW( str, fmt, pisid->Revision, MAKELONG(
3409 MAKEWORD( pisid->IdentifierAuthority.Value[5],
3410 pisid->IdentifierAuthority.Value[4] ),
3411 MAKEWORD( pisid->IdentifierAuthority.Value[3],
3412 pisid->IdentifierAuthority.Value[2] ) ) );
3413 for( i=0; i<pisid->SubAuthorityCount; i++ )
3414 sprintfW( str + strlenW(str), subauthfmt, pisid->SubAuthority[i] );
3415 *pstr = str;
3416
3417 return TRUE;
3418 }
3419
3420 /******************************************************************************
3421 * ConvertSidToStringSidA [ADVAPI32.@]
3422 */
3423 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr)
3424 {
3425 LPWSTR wstr = NULL;
3426 LPSTR str;
3427 UINT len;
3428
3429 TRACE("%p %p\n", pSid, pstr );
3430
3431 if( !ConvertSidToStringSidW( pSid, &wstr ) )
3432 return FALSE;
3433
3434 len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL );
3435 str = LocalAlloc( 0, len );
3436 WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL );
3437 LocalFree( wstr );
3438
3439 *pstr = str;
3440
3441 return TRUE;
3442 }
3443
3444 BOOL WINAPI CreatePrivateObjectSecurity(
3445 PSECURITY_DESCRIPTOR ParentDescriptor,
3446 PSECURITY_DESCRIPTOR CreatorDescriptor,
3447 PSECURITY_DESCRIPTOR* NewDescriptor,
3448 BOOL IsDirectoryObject,
3449 HANDLE Token,
3450 PGENERIC_MAPPING GenericMapping )
3451 {
3452 FIXME("%p %p %p %d %p %p - stub\n", ParentDescriptor, CreatorDescriptor,
3453 NewDescriptor, IsDirectoryObject, Token, GenericMapping);
3454
3455 return FALSE;
3456 }
3457
3458 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR* ObjectDescriptor )
3459 {
3460 FIXME("%p - stub\n", ObjectDescriptor);
3461
3462 return TRUE;
3463 }
3464
3465 BOOL WINAPI CreateProcessAsUserA(
3466 HANDLE hToken,
3467 LPCSTR lpApplicationName,
3468 LPSTR lpCommandLine,
3469 LPSECURITY_ATTRIBUTES lpProcessAttributes,
3470 LPSECURITY_ATTRIBUTES lpThreadAttributes,
3471 BOOL bInheritHandles,
3472 DWORD dwCreationFlags,
3473 LPVOID lpEnvironment,
3474 LPCSTR lpCurrentDirectory,
3475 LPSTARTUPINFOA lpStartupInfo,
3476 LPPROCESS_INFORMATION lpProcessInformation )
3477 {
3478 FIXME("%p %s %s %p %p %d 0x%08lx %p %s %p %p - stub\n", hToken, debugstr_a(lpApplicationName),
3479 debugstr_a(lpCommandLine), lpProcessAttributes, lpThreadAttributes, bInheritHandles,
3480 dwCreationFlags, lpEnvironment, debugstr_a(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
3481
3482 return FALSE;
3483 }
3484
3485 BOOL WINAPI CreateProcessAsUserW(
3486 HANDLE hToken,
3487 LPCWSTR lpApplicationName,
3488 LPWSTR lpCommandLine,
3489 LPSECURITY_ATTRIBUTES lpProcessAttributes,
3490 LPSECURITY_ATTRIBUTES lpThreadAttributes,
3491 BOOL bInheritHandles,
3492 DWORD dwCreationFlags,
3493 LPVOID lpEnvironment,
3494 LPCWSTR lpCurrentDirectory,
3495 LPSTARTUPINFOW lpStartupInfo,
3496 LPPROCESS_INFORMATION lpProcessInformation )
3497 {
3498 FIXME("%p %s %s %p %p %d 0x%08lx %p %s %p %p - semi- stub\n", hToken,
3499 debugstr_w(lpApplicationName), debugstr_w(lpCommandLine), lpProcessAttributes,
3500 lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
3501 debugstr_w(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
3502
3503 /* We should create the process with a suspended main thread */
3504 if (!CreateProcessW (lpApplicationName,
3505 lpCommandLine,
3506 lpProcessAttributes,
3507 lpThreadAttributes,
3508 bInheritHandles,
3509 dwCreationFlags, /* CREATE_SUSPENDED */
3510 lpEnvironment,
3511 lpCurrentDirectory,
3512 lpStartupInfo,
3513 lpProcessInformation))
3514 {
3515 return FALSE;
3516 }
3517
3518 return TRUE;
3519 }
3520
3521 BOOL WINAPI DuplicateTokenEx(
3522 HANDLE ExistingTokenHandle, DWORD dwDesiredAccess,
3523 LPSECURITY_ATTRIBUTES lpTokenAttributes,
3524 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3525 TOKEN_TYPE TokenType,
3526 PHANDLE DuplicateTokenHandle )
3527 {
3528 OBJECT_ATTRIBUTES ObjectAttributes;
3529
3530 TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3531 ImpersonationLevel, TokenType, DuplicateTokenHandle);
3532
3533 InitializeObjectAttributes(
3534 &ObjectAttributes,
3535 NULL,
3536 (lpTokenAttributes && lpTokenAttributes->bInheritHandle) ? OBJ_INHERIT : 0,
3537 NULL,
3538 lpTokenAttributes ? lpTokenAttributes->lpSecurityDescriptor : NULL );
3539
3540 return set_ntstatus( NtDuplicateToken( ExistingTokenHandle,
3541 dwDesiredAccess,
3542 &ObjectAttributes,
3543 ImpersonationLevel,
3544 TokenType,
3545 DuplicateTokenHandle ) );
3546 }
3547
3548 BOOL WINAPI DuplicateToken(
3549 HANDLE ExistingTokenHandle,
3550 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3551 PHANDLE DuplicateTokenHandle )
3552 {
3553 return DuplicateTokenEx( ExistingTokenHandle, TOKEN_IMPERSONATE | TOKEN_QUERY,
3554 NULL, ImpersonationLevel, TokenImpersonation,
3555 DuplicateTokenHandle );
3556 }
3557
3558 BOOL WINAPI EnumDependentServicesA(
3559 SC_HANDLE hService,
3560 DWORD dwServiceState,
3561 LPENUM_SERVICE_STATUSA lpServices,
3562 DWORD cbBufSize,
3563 LPDWORD pcbBytesNeeded,
3564 LPDWORD lpServicesReturned )
3565 {
3566 FIXME("%p 0x%08lx %p 0x%08lx %p %p - stub\n", hService, dwServiceState,
3567 lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
3568
3569 return FALSE;
3570 }
3571
3572 BOOL WINAPI EnumDependentServicesW(
3573 SC_HANDLE hService,
3574 DWORD dwServiceState,
3575 LPENUM_SERVICE_STATUSW lpServices,
3576 DWORD cbBufSize,
3577 LPDWORD pcbBytesNeeded,
3578 LPDWORD lpServicesReturned )
3579 {
3580 FIXME("%p 0x%08lx %p 0x%08lx %p %p - stub\n", hService, dwServiceState,
3581 lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
3582
3583 return FALSE;
3584 }
3585
3586 /******************************************************************************
3587 * ComputeStringSidSize
3588 */
3589 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
3590 {
3591 DWORD size = sizeof(SID);
3592
3593 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
3594 {
3595 int ctok = 0;
3596 while (*StringSid)
3597 {
3598 if (*StringSid == '-')
3599 ctok++;
3600 StringSid++;
3601 }
3602
3603 if (ctok > 3)
3604 size += (ctok - 3) * sizeof(DWORD);
3605 }
3606 else /* String constant format - Only available in winxp and above */
3607 {
3608 int i;
3609
3610 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3611 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3612 size += (WellKnownSids[i].Sid.SubAuthorityCount - 1) * sizeof(DWORD);
3613 }
3614
3615 return size;
3616 }
3617
3618 /******************************************************************************
3619 * ParseStringSidToSid
3620 */
3621 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
3622 {
3623 BOOL bret = FALSE;
3624 SID* pisid=pSid;
3625
3626 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
3627 if (!StringSid)
3628 {
3629 SetLastError(ERROR_INVALID_PARAMETER);
3630 TRACE("StringSid is NULL, returning FALSE\n");
3631 return FALSE;
3632 }
3633
3634 *cBytes = ComputeStringSidSize(StringSid);
3635 if (!pisid) /* Simply compute the size */
3636 {
3637 TRACE("only size requested, returning TRUE\n");
3638 return TRUE;
3639 }
3640
3641 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
3642 {
3643 DWORD i = 0, identAuth;
3644 DWORD csubauth = ((*cBytes - sizeof(SID)) / sizeof(DWORD)) + 1;
3645
3646 StringSid += 2; /* Advance to Revision */
3647 pisid->Revision = atoiW(StringSid);
3648
3649 if (pisid->Revision != SDDL_REVISION)
3650 {
3651 TRACE("Revision %d is unknown\n", pisid->Revision);
3652 goto lend; /* ERROR_INVALID_SID */
3653 }
3654 if (csubauth == 0)
3655 {
3656 TRACE("SubAuthorityCount is 0\n");
3657 goto lend; /* ERROR_INVALID_SID */
3658 }
3659
3660 pisid->SubAuthorityCount = csubauth;
3661
3662 /* Advance to identifier authority */
3663 while (*StringSid && *StringSid != '-')
3664 StringSid++;
3665 if (*StringSid == '-')
3666 StringSid++;
3667
3668 /* MS' implementation can't handle values greater than 2^32 - 1, so
3669 * we don't either; assume most significant bytes are always 0
3670 */
3671 pisid->IdentifierAuthority.Value[0] = 0;
3672 pisid->IdentifierAuthority.Value[1] = 0;
3673 identAuth = atoiW(StringSid);
3674 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
3675 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
3676 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
3677 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
3678
3679 /* Advance to first sub authority */
3680 while (*StringSid && *StringSid != '-')
3681 StringSid++;
3682 if (*StringSid == '-')
3683 StringSid++;
3684
3685 while (*StringSid)
3686 {
3687 while (*StringSid && *StringSid != '-')
3688 StringSid++;
3689 if (*StringSid == '-')
3690 StringSid++;
3691
3692 pisid->SubAuthority[i++] = atoiW(StringSid);
3693 }
3694
3695 if (i != pisid->SubAuthorityCount)
3696 goto lend; /* ERROR_INVALID_SID */
3697
3698 bret = TRUE;
3699 }
3700 else /* String constant format - Only available in winxp and above */
3701 {
3702 int i;
3703 pisid->Revision = SDDL_REVISION;
3704
3705 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3706 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3707 {
3708 DWORD j;
3709 pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount;
3710 pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority;
3711 for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
3712 pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j];
3713 bret = TRUE;
3714 }
3715
3716 if (!bret)
3717 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
3718 }
3719
3720 lend:
3721 if (!bret)
3722 SetLastError(ERROR_INVALID_SID);
3723
3724 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3725 return bret;
3726 }
3727
3728 /******************************************************************************
3729 * GetNamedSecurityInfoA [ADVAPI32.@]
3730 */
3731 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
3732 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3733 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
3734 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
3735 {
3736 DWORD len;
3737 LPWSTR wstr = NULL;
3738 DWORD r;
3739
3740 TRACE("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
3741 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
3742
3743 if( pObjectName )
3744 {
3745 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3746 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3747 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3748 }
3749
3750 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
3751 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
3752
3753 HeapFree( GetProcessHeap(), 0, wstr );
3754
3755 return r;
3756 }
3757
3758 /******************************************************************************
3759 * GetNamedSecurityInfoW [ADVAPI32.@]
3760 */
3761 DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type,
3762 SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl,
3763 PACL* sacl, PSECURITY_DESCRIPTOR* descriptor )
3764 {
3765 DWORD needed, offset;
3766 SECURITY_DESCRIPTOR_RELATIVE *relative;
3767 BYTE *buffer;
3768
3769 TRACE( "%s %d %ld %p %p %p %p %p\n", debugstr_w(name), type, info, owner,
3770 group, dacl, sacl, descriptor );
3771
3772 if (!name || !descriptor) return ERROR_INVALID_PARAMETER;
3773
3774 needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
3775 if (info & OWNER_SECURITY_INFORMATION)
3776 needed += sizeof(sidWorld);
3777 if (info & GROUP_SECURITY_INFORMATION)
3778 needed += sizeof(sidWorld);
3779 if (info & DACL_SECURITY_INFORMATION)
3780 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3781 if (info & SACL_SECURITY_INFORMATION)
3782 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3783
3784 /* must be freed by caller */
3785 *descriptor = HeapAlloc( GetProcessHeap(), 0, needed );
3786 if (!*descriptor) return ERROR_NOT_ENOUGH_MEMORY;
3787
3788 if (!InitializeSecurityDescriptor( *descriptor, SECURITY_DESCRIPTOR_REVISION ))
3789 {
3790 HeapFree( GetProcessHeap(), 0, *descriptor );
3791 return ERROR_INVALID_SECURITY_DESCR;
3792 }
3793
3794 relative = (SECURITY_DESCRIPTOR_RELATIVE *)*descriptor;
3795 relative->Control |= SE_SELF_RELATIVE;
3796 buffer = (BYTE *)relative;
3797 offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
3798
3799 if (owner && (info & OWNER_SECURITY_INFORMATION))
3800 {
3801 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
3802 relative->Owner = offset;
3803 *owner = buffer + offset;
3804 offset += sizeof(sidWorld);
3805 }
3806 if (group && (info & GROUP_SECURITY_INFORMATION))
3807 {
3808 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
3809 relative->Group = offset;
3810 *group = buffer + offset;
3811 offset += sizeof(sidWorld);
3812 }
3813 if (dacl && (info & DACL_SECURITY_INFORMATION))
3814 {
3815 GetWorldAccessACL( (PACL)(buffer + offset) );
3816 relative->Dacl = offset;
3817 *dacl = (PACL)(buffer + offset);
3818 offset += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3819 }
3820 if (sacl && (info & SACL_SECURITY_INFORMATION))
3821 {
3822 GetWorldAccessACL( (PACL)(buffer + offset) );
3823 relative->Sacl = offset;
3824 *sacl = (PACL)(buffer + offset);
3825 }
3826 return ERROR_SUCCESS;
3827 }
3828
3829 /******************************************************************************
3830 * DecryptFileW [ADVAPI32.@]
3831 */
3832 BOOL WINAPI DecryptFileW(LPCWSTR lpFileName, DWORD dwReserved)
3833 {
3834 FIXME("%s %08lx\n", debugstr_w(lpFileName), dwReserved);
3835 return TRUE;
3836 }
3837
3838 /******************************************************************************
3839 * DecryptFileA [ADVAPI32.@]
3840 */
3841 BOOL WINAPI DecryptFileA(LPCSTR lpFileName, DWORD dwReserved)
3842 {
3843 FIXME("%s %08lx\n", debugstr_a(lpFileName), dwReserved);
3844 return TRUE;
3845 }
3846
3847 /******************************************************************************
3848 * EncryptFileW [ADVAPI32.@]
3849 */
3850 BOOL WINAPI EncryptFileW(LPCWSTR lpFileName)
3851 {
3852 FIXME("%s\n", debugstr_w(lpFileName));
3853 return TRUE;
3854 }
3855
3856 /******************************************************************************
3857 * EncryptFileA [ADVAPI32.@]
3858 */
3859 BOOL WINAPI EncryptFileA(LPCSTR lpFileName)
3860 {
3861 FIXME("%s\n", debugstr_a(lpFileName));
3862 return TRUE;
3863 }
3864
3865 /******************************************************************************
3866 * FileEncryptionStatusW [ADVAPI32.@]
3867 */
3868 BOOL WINAPI FileEncryptionStatusW(LPCWSTR lpFileName, LPDWORD lpStatus)
3869 {
3870 FIXME("(%s %p): stub\n", debugstr_w(lpFileName), lpStatus);
3871 if (!lpStatus)
3872 return FALSE;
3873 *lpStatus = FILE_SYSTEM_NOT_SUPPORT;
3874 return TRUE;
3875 }
3876
3877 /******************************************************************************
3878 * FileEncryptionStatusA [ADVAPI32.@]
3879 */
3880 BOOL WINAPI FileEncryptionStatusA(LPCSTR lpFileName, LPDWORD lpStatus)
3881 {
3882 FIXME("(%s %p): stub\n", debugstr_a(lpFileName), lpStatus);
3883 if (!lpStatus)
3884 return FALSE;
3885 *lpStatus = FILE_SYSTEM_NOT_SUPPORT;
3886 return TRUE;
3887 }
3888
3889 /******************************************************************************
3890 * SetSecurityInfo [ADVAPI32.@]
3891 */
3892 DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
3893 SECURITY_INFORMATION SecurityInfo, PSID psidOwner,
3894 PSID psidGroup, PACL pDacl, PACL pSacl) {
3895 FIXME("stub\n");
3896 return ERROR_SUCCESS;
3897 }
Work in progress by Kai Blin