search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add AppDefaults app selection to control panel
[wine/gsoc-2012-control.git] / dlls / advapi32 / security.c
blob9df27dbd5fb3e585d4af3a76713c410f6496ad6a
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 * Copyright 2006 Robert Reif
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 *
20 */
21
22 #include <stdarg.h>
23 #include <string.h>
24
25 #include "ntstatus.h"
26 #define WIN32_NO_STATUS
27 #include "windef.h"
28 #include "winbase.h"
29 #include "winerror.h"
30 #include "winreg.h"
31 #include "winsafer.h"
32 #include "winternl.h"
33 #include "winioctl.h"
34 #include "ntsecapi.h"
35 #include "accctrl.h"
36 #include "sddl.h"
37 #include "winsvc.h"
38 #include "aclapi.h"
39 #include "objbase.h"
40 #include "iads.h"
41 #include "advapi32_misc.h"
42 #include "lmcons.h"
43
44 #include "wine/debug.h"
45 #include "wine/unicode.h"
46
47 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
48
49 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
50 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
51 PACL pAcl, LPDWORD cBytes);
52 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
53 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
54 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
55 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
56 LPCWSTR StringSecurityDescriptor,
57 SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
58 LPDWORD cBytes);
59 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
60
61 typedef struct _ACEFLAG
62 {
63 LPCWSTR wstr;
64 DWORD value;
65 } ACEFLAG, *LPACEFLAG;
66
67 typedef struct _MAX_SID
68 {
69 /* same fields as struct _SID */
70 BYTE Revision;
71 BYTE SubAuthorityCount;
72 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
73 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
74 } MAX_SID;
75
76 typedef struct WELLKNOWNSID
77 {
78 WCHAR wstr[2];
79 WELL_KNOWN_SID_TYPE Type;
80 MAX_SID Sid;
81 } WELLKNOWNSID;
82
83 static const WELLKNOWNSID WellKnownSids[] =
84 {
85 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
86 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
87 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
88 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
89 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
90 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
91 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
92 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
93 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
94 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
95 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
96 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
97 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
98 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
99 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
100 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
101 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
102 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
103 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
104 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
105 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
106 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
107 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
108 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
109 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
110 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
111 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
112 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
113 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
114 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
115 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
116 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
117 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
118 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
119 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
120 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
121 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
122 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
123 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
124 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
125 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
126 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
127 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
128 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
129 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
130 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
131 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
132 { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
133 { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
134 { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
135 { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
136 { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
137 };
138
139 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
140 typedef struct WELLKNOWNRID
141 {
142 WELL_KNOWN_SID_TYPE Type;
143 DWORD Rid;
144 } WELLKNOWNRID;
145
146 static const WELLKNOWNRID WellKnownRids[] = {
147 { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
148 { WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
149 { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
150 { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
151 { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
152 { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
153 { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
154 { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
155 { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
156 { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
157 { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
158 { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
159 { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
160 };
161
162
163 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
164
165 typedef struct _AccountSid {
166 WELL_KNOWN_SID_TYPE type;
167 LPCWSTR account;
168 LPCWSTR domain;
169 SID_NAME_USE name_use;
170 LPCWSTR alias;
171 } AccountSid;
172
173 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
174 static const WCHAR Administrator[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0 };
175 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 };
176 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 };
177 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 };
178 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 };
179 static const WCHAR BATCH[] = { 'B','A','T','C','H',0 };
180 static const WCHAR Blank[] = { 0 };
181 static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 };
182 static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 };
183 static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 };
184 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
185 static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 };
186 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
187 static const WCHAR CURRENT_USER[] = { 'C','U','R','R','E','N','T','_','U','S','E','R',0 };
188 static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 };
189 static const WCHAR Digest_Authentication[] = { 'D','i','g','e','s','t',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
190 static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0};
191 static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','i','n','s',0 };
192 static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
193 static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
194 static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 };
195 static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 };
196 static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
197 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
198 static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 };
199 static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 };
200 static const WCHAR Guest[] = { 'G','u','e','s','t',0 };
201 static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 };
202 static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 };
203 static const WCHAR LOCAL[] = { 'L','O','C','A','L',0 };
204 static const WCHAR LOCAL_SERVICE[] = { 'L','O','C','A','L',' ','S','E','R','V','I','C','E',0 };
205 static const WCHAR LOCAL_SERVICE2[] = { 'L','O','C','A','L','S','E','R','V','I','C','E',0 };
206 static const WCHAR NETWORK[] = { 'N','E','T','W','O','R','K',0 };
207 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 };
208 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 };
209 static const WCHAR NETWORK_SERVICE2[] = { 'N','E','T','W','O','R','K','S','E','R','V','I','C','E',0 };
210 static const WCHAR NT_AUTHORITY[] = { 'N','T',' ','A','U','T','H','O','R','I','T','Y',0 };
211 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
212 static const WCHAR NTML_Authentication[] = { 'N','T','M','L',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
213 static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 };
214 static const WCHAR Other_Organization[] = { 'O','t','h','e','r',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
215 static const WCHAR Performance_Log_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','L','o','g',' ','U','s','e','r','s',0 };
216 static const WCHAR Performance_Monitor_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','M','o','n','i','t','o','r',' ','U','s','e','r','s',0 };
217 static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 };
218 static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','0','0','0',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 };
219 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
220 static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 };
221 static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 };
222 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
223 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
224 static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 };
225 static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 };
226 static const WCHAR SChannel_Authentication[] = { 'S','C','h','a','n','n','e','l',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
227 static const WCHAR Schema_Admins[] = { 'S','c','h','e','m','a',' ','A','d','m','i','n','s',0 };
228 static const WCHAR SELF[] = { 'S','E','L','F',0 };
229 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
230 static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 };
231 static const WCHAR SYSTEM[] = { 'S','Y','S','T','E','M',0 };
232 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 };
233 static const WCHAR This_Organization[] = { 'T','h','i','s',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
234 static const WCHAR Users[] = { 'U','s','e','r','s',0 };
235
236 static const AccountSid ACCOUNT_SIDS[] = {
237 { WinNullSid, NULL_SID, Blank, SidTypeWellKnownGroup },
238 { WinWorldSid, Everyone, Blank, SidTypeWellKnownGroup },
239 { WinLocalSid, LOCAL, Blank, SidTypeWellKnownGroup },
240 { WinCreatorOwnerSid, CREATOR_OWNER, Blank, SidTypeWellKnownGroup },
241 { WinCreatorGroupSid, CREATOR_GROUP, Blank, SidTypeWellKnownGroup },
242 { WinCreatorOwnerServerSid, CREATOR_OWNER_SERVER, Blank, SidTypeWellKnownGroup },
243 { WinCreatorGroupServerSid, CREATOR_GROUP_SERVER, Blank, SidTypeWellKnownGroup },
244 { WinNtAuthoritySid, NT_Pseudo_Domain, NT_Pseudo_Domain, SidTypeDomain },
245 { WinDialupSid, DIALUP, NT_AUTHORITY, SidTypeWellKnownGroup },
246 { WinNetworkSid, NETWORK, NT_AUTHORITY, SidTypeWellKnownGroup },
247 { WinBatchSid, BATCH, NT_AUTHORITY, SidTypeWellKnownGroup },
248 { WinInteractiveSid, INTERACTIVE, NT_AUTHORITY, SidTypeWellKnownGroup },
249 { WinServiceSid, SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
250 { WinAnonymousSid, ANONYMOUS_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
251 { WinProxySid, PROXY, NT_AUTHORITY, SidTypeWellKnownGroup },
252 { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup },
253 { WinSelfSid, SELF, NT_AUTHORITY, SidTypeWellKnownGroup },
254 { WinAuthenticatedUserSid, Authenticated_Users, NT_AUTHORITY, SidTypeWellKnownGroup },
255 { WinRestrictedCodeSid, RESTRICTED, NT_AUTHORITY, SidTypeWellKnownGroup },
256 { WinTerminalServerSid, TERMINAL_SERVER_USER, NT_AUTHORITY, SidTypeWellKnownGroup },
257 { WinRemoteLogonIdSid, REMOTE_INTERACTIVE_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
258 { WinLocalSystemSid, SYSTEM, NT_AUTHORITY, SidTypeWellKnownGroup },
259 { WinLocalServiceSid, LOCAL_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup, LOCAL_SERVICE2 },
260 { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup , NETWORK_SERVICE2},
261 { WinBuiltinDomainSid, BUILTIN, BUILTIN, SidTypeDomain },
262 { WinBuiltinAdministratorsSid, Administrators, BUILTIN, SidTypeAlias },
263 { WinBuiltinUsersSid, Users, BUILTIN, SidTypeAlias },
264 { WinBuiltinGuestsSid, Guests, BUILTIN, SidTypeAlias },
265 { WinBuiltinPowerUsersSid, Power_Users, BUILTIN, SidTypeAlias },
266 { WinBuiltinAccountOperatorsSid, Account_Operators, BUILTIN, SidTypeAlias },
267 { WinBuiltinSystemOperatorsSid, Server_Operators, BUILTIN, SidTypeAlias },
268 { WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias },
269 { WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias },
270 { WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias },
271 { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias },
272 { WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias },
273 { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
274 { WinNTLMAuthenticationSid, NTML_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
275 { WinDigestAuthenticationSid, Digest_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
276 { WinSChannelAuthenticationSid, SChannel_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
277 { WinThisOrganizationSid, This_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
278 { WinOtherOrganizationSid, Other_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
279 { WinBuiltinPerfMonitoringUsersSid, Performance_Monitor_Users, BUILTIN, SidTypeAlias },
280 { WinBuiltinPerfLoggingUsersSid, Performance_Log_Users, BUILTIN, SidTypeAlias },
281 };
282 /*
283 * ACE access rights
284 */
285 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
286 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
287 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
288 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
289
290 static const WCHAR SDDL_READ_PROPERTY[] = {'R','P',0};
291 static const WCHAR SDDL_WRITE_PROPERTY[] = {'W','P',0};
292 static const WCHAR SDDL_CREATE_CHILD[] = {'C','C',0};
293 static const WCHAR SDDL_DELETE_CHILD[] = {'D','C',0};
294 static const WCHAR SDDL_LIST_CHILDREN[] = {'L','C',0};
295 static const WCHAR SDDL_SELF_WRITE[] = {'S','W',0};
296 static const WCHAR SDDL_LIST_OBJECT[] = {'L','O',0};
297 static const WCHAR SDDL_DELETE_TREE[] = {'D','T',0};
298 static const WCHAR SDDL_CONTROL_ACCESS[] = {'C','R',0};
299
300 static const WCHAR SDDL_FILE_ALL[] = {'F','A',0};
301 static const WCHAR SDDL_FILE_READ[] = {'F','R',0};
302 static const WCHAR SDDL_FILE_WRITE[] = {'F','W',0};
303 static const WCHAR SDDL_FILE_EXECUTE[] = {'F','X',0};
304
305 static const WCHAR SDDL_KEY_ALL[] = {'K','A',0};
306 static const WCHAR SDDL_KEY_READ[] = {'K','R',0};
307 static const WCHAR SDDL_KEY_WRITE[] = {'K','W',0};
308 static const WCHAR SDDL_KEY_EXECUTE[] = {'K','X',0};
309
310 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
311 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
312 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
313 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
314
315 /*
316 * ACL flags
317 */
318 static const WCHAR SDDL_PROTECTED[] = {'P',0};
319 static const WCHAR SDDL_AUTO_INHERIT_REQ[] = {'A','R',0};
320 static const WCHAR SDDL_AUTO_INHERITED[] = {'A','I',0};
321
322 /*
323 * ACE types
324 */
325 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
326 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
327 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
328 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
329 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
330 static const WCHAR SDDL_ALARM[] = {'A','L',0};
331 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
332 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
333
334 /*
335 * ACE flags
336 */
337 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
338 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
339 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
340 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
341 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
342 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
343 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
344
345 const char * debugstr_sid(PSID sid)
346 {
347 int auth = 0;
348 SID * psid = sid;
349
350 if (psid == NULL)
351 return "(null)";
352
353 auth = psid->IdentifierAuthority.Value[5] +
354 (psid->IdentifierAuthority.Value[4] << 8) +
355 (psid->IdentifierAuthority.Value[3] << 16) +
356 (psid->IdentifierAuthority.Value[2] << 24);
357
358 switch (psid->SubAuthorityCount) {
359 case 0:
360 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
361 case 1:
362 return wine_dbg_sprintf("S-%d-%d-%u", psid->Revision, auth,
363 psid->SubAuthority[0]);
364 case 2:
365 return wine_dbg_sprintf("S-%d-%d-%u-%u", psid->Revision, auth,
366 psid->SubAuthority[0], psid->SubAuthority[1]);
367 case 3:
368 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u", psid->Revision, auth,
369 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
370 case 4:
371 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u", psid->Revision, auth,
372 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
373 psid->SubAuthority[3]);
374 case 5:
375 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u", psid->Revision, auth,
376 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
377 psid->SubAuthority[3], psid->SubAuthority[4]);
378 case 6:
379 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
380 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
381 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
382 case 7:
383 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
384 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
385 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
386 psid->SubAuthority[6]);
387 case 8:
388 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth,
389 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
390 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
391 psid->SubAuthority[6], psid->SubAuthority[7]);
392 }
393 return "(too-big)";
394 }
395
396 /* set last error code from NT status and get the proper boolean return value */
397 /* used for functions that are a simple wrapper around the corresponding ntdll API */
398 static inline BOOL set_ntstatus( NTSTATUS status )
399 {
400 if (status) SetLastError( RtlNtStatusToDosError( status ));
401 return !status;
402 }
403
404 #define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD))
405
406 static void GetWorldAccessACL(PACL pACL)
407 {
408 PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1);
409
410 pACL->AclRevision = ACL_REVISION;
411 pACL->Sbz1 = 0;
412 pACL->AclSize = WINE_SIZE_OF_WORLD_ACCESS_ACL;
413 pACL->AceCount = 1;
414 pACL->Sbz2 = 0;
415
416 pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
417 pACE->Header.AceFlags = CONTAINER_INHERIT_ACE;
418 pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD);
419 pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */
420 memcpy(&pACE->SidStart, &sidWorld, sizeof(sidWorld));
421 }
422
423 /************************************************************
424 * ADVAPI_IsLocalComputer
425 *
426 * Checks whether the server name indicates local machine.
427 */
428 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
429 {
430 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
431 BOOL Result;
432 LPWSTR buf;
433
434 if (!ServerName || !ServerName[0])
435 return TRUE;
436
437 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
438 Result = GetComputerNameW(buf, &dwSize);
439 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
440 ServerName += 2;
441 Result = Result && !lstrcmpW(ServerName, buf);
442 HeapFree(GetProcessHeap(), 0, buf);
443
444 return Result;
445 }
446
447 /************************************************************
448 * ADVAPI_GetComputerSid
449 */
450 BOOL ADVAPI_GetComputerSid(PSID sid)
451 {
452 static const struct /* same fields as struct SID */
453 {
454 BYTE Revision;
455 BYTE SubAuthorityCount;
456 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
457 DWORD SubAuthority[4];
458 } computer_sid =
459 { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } };
460
461 memcpy( sid, &computer_sid, sizeof(computer_sid) );
462 return TRUE;
463 }
464
465 /* ##############################
466 ###### TOKEN FUNCTIONS ######
467 ##############################
468 */
469
470 /******************************************************************************
471 * OpenProcessToken [ADVAPI32.@]
472 * Opens the access token associated with a process handle.
473 *
474 * PARAMS
475 * ProcessHandle [I] Handle to process
476 * DesiredAccess [I] Desired access to process
477 * TokenHandle [O] Pointer to handle of open access token
478 *
479 * RETURNS
480 * Success: TRUE. TokenHandle contains the access token.
481 * Failure: FALSE.
482 *
483 * NOTES
484 * See NtOpenProcessToken.
485 */
486 BOOL WINAPI
487 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
488 HANDLE *TokenHandle )
489 {
490 return set_ntstatus(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
491 }
492
493 /******************************************************************************
494 * OpenThreadToken [ADVAPI32.@]
495 *
496 * Opens the access token associated with a thread handle.
497 *
498 * PARAMS
499 * ThreadHandle [I] Handle to process
500 * DesiredAccess [I] Desired access to the thread
501 * OpenAsSelf [I] ???
502 * TokenHandle [O] Destination for the token handle
503 *
504 * RETURNS
505 * Success: TRUE. TokenHandle contains the access token.
506 * Failure: FALSE.
507 *
508 * NOTES
509 * See NtOpenThreadToken.
510 */
511 BOOL WINAPI
512 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
513 BOOL OpenAsSelf, HANDLE *TokenHandle)
514 {
515 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
516 }
517
518 BOOL WINAPI
519 AdjustTokenGroups( HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState,
520 DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength )
521 {
522 return set_ntstatus( NtAdjustGroupsToken(TokenHandle, ResetToDefault, NewState, BufferLength,
523 PreviousState, ReturnLength));
524 }
525
526 /******************************************************************************
527 * AdjustTokenPrivileges [ADVAPI32.@]
528 *
529 * Adjust the privileges of an open token handle.
530 *
531 * PARAMS
532 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
533 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
534 * NewState [I] Desired new privileges of the token
535 * BufferLength [I] Length of NewState
536 * PreviousState [O] Destination for the previous state
537 * ReturnLength [I/O] Size of PreviousState
538 *
539 *
540 * RETURNS
541 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
542 * Failure: FALSE.
543 *
544 * NOTES
545 * See NtAdjustPrivilegesToken.
546 */
547 BOOL WINAPI
548 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
549 PTOKEN_PRIVILEGES NewState, DWORD BufferLength,
550 PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength )
551 {
552 NTSTATUS status;
553
554 TRACE("\n");
555
556 status = NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges,
557 NewState, BufferLength, PreviousState,
558 ReturnLength);
559 SetLastError( RtlNtStatusToDosError( status ));
560 if ((status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED))
561 return TRUE;
562 else
563 return FALSE;
564 }
565
566 /******************************************************************************
567 * CheckTokenMembership [ADVAPI32.@]
568 *
569 * Determine if an access token is a member of a SID.
570 *
571 * PARAMS
572 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
573 * SidToCheck [I] SID that possibly contains the token
574 * IsMember [O] Destination for result.
575 *
576 * RETURNS
577 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
578 * Failure: FALSE.
579 */
580 BOOL WINAPI
581 CheckTokenMembership( HANDLE token, PSID sid_to_check,
582 PBOOL is_member )
583 {
584 PTOKEN_GROUPS token_groups = NULL;
585 HANDLE thread_token = NULL;
586 DWORD size, i;
587 BOOL ret;
588
589 TRACE("(%p %s %p)\n", token, debugstr_sid(sid_to_check), is_member);
590
591 *is_member = FALSE;
592
593 if (!token)
594 {
595 if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thread_token))
596 {
597 HANDLE process_token;
598 ret = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &process_token);
599 if (!ret)
600 goto exit;
601 ret = DuplicateTokenEx(process_token, TOKEN_QUERY,
602 NULL, SecurityImpersonation, TokenImpersonation,
603 &thread_token);
604 CloseHandle(process_token);
605 if (!ret)
606 goto exit;
607 }
608 token = thread_token;
609 }
610 else
611 {
612 TOKEN_TYPE type;
613
614 ret = GetTokenInformation(token, TokenType, &type, sizeof(TOKEN_TYPE), &size);
615 if (!ret) goto exit;
616
617 if (type == TokenPrimary)
618 {
619 SetLastError(ERROR_NO_IMPERSONATION_TOKEN);
620 return FALSE;
621 }
622 }
623
624 ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size);
625 if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
626 goto exit;
627
628 token_groups = HeapAlloc(GetProcessHeap(), 0, size);
629 if (!token_groups)
630 {
631 ret = FALSE;
632 goto exit;
633 }
634
635 ret = GetTokenInformation(token, TokenGroups, token_groups, size, &size);
636 if (!ret)
637 goto exit;
638
639 for (i = 0; i < token_groups->GroupCount; i++)
640 {
641 TRACE("Groups[%d]: {0x%x, %s}\n", i,
642 token_groups->Groups[i].Attributes,
643 debugstr_sid(token_groups->Groups[i].Sid));
644 if ((token_groups->Groups[i].Attributes & SE_GROUP_ENABLED) &&
645 EqualSid(sid_to_check, token_groups->Groups[i].Sid))
646 {
647 *is_member = TRUE;
648 TRACE("sid enabled and found in token\n");
649 break;
650 }
651 }
652
653 exit:
654 HeapFree(GetProcessHeap(), 0, token_groups);
655 if (thread_token != NULL) CloseHandle(thread_token);
656
657 return ret;
658 }
659
660 /******************************************************************************
661 * GetTokenInformation [ADVAPI32.@]
662 *
663 * Get a type of information about an access token.
664 *
665 * PARAMS
666 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
667 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
668 * tokeninfo [O] Destination for token information
669 * tokeninfolength [I] Length of tokeninfo
670 * retlen [O] Destination for returned token information length
671 *
672 * RETURNS
673 * Success: TRUE. tokeninfo contains retlen bytes of token information
674 * Failure: FALSE.
675 *
676 * NOTES
677 * See NtQueryInformationToken.
678 */
679 BOOL WINAPI
680 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
681 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
682 {
683 TRACE("(%p, %s, %p, %d, %p):\n",
684 token,
685 (tokeninfoclass == TokenUser) ? "TokenUser" :
686 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
687 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
688 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
689 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
690 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
691 (tokeninfoclass == TokenSource) ? "TokenSource" :
692 (tokeninfoclass == TokenType) ? "TokenType" :
693 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
694 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
695 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
696 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
697 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
698 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
699 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
700 "Unknown",
701 tokeninfo, tokeninfolength, retlen);
702 return set_ntstatus( NtQueryInformationToken( token, tokeninfoclass, tokeninfo,
703 tokeninfolength, retlen));
704 }
705
706 /******************************************************************************
707 * SetTokenInformation [ADVAPI32.@]
708 *
709 * Set information for an access token.
710 *
711 * PARAMS
712 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
713 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
714 * tokeninfo [I] Token information to set
715 * tokeninfolength [I] Length of tokeninfo
716 *
717 * RETURNS
718 * Success: TRUE. The information for the token is set to tokeninfo.
719 * Failure: FALSE.
720 */
721 BOOL WINAPI
722 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
723 LPVOID tokeninfo, DWORD tokeninfolength )
724 {
725 TRACE("(%p, %s, %p, %d): stub\n",
726 token,
727 (tokeninfoclass == TokenUser) ? "TokenUser" :
728 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
729 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
730 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
731 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
732 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
733 (tokeninfoclass == TokenSource) ? "TokenSource" :
734 (tokeninfoclass == TokenType) ? "TokenType" :
735 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
736 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
737 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
738 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
739 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
740 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
741 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
742 "Unknown",
743 tokeninfo, tokeninfolength);
744
745 return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
746 }
747
748 /*************************************************************************
749 * SetThreadToken [ADVAPI32.@]
750 *
751 * Assigns an 'impersonation token' to a thread so it can assume the
752 * security privileges of another thread or process. Can also remove
753 * a previously assigned token.
754 *
755 * PARAMS
756 * thread [O] Handle to thread to set the token for
757 * token [I] Token to set
758 *
759 * RETURNS
760 * Success: TRUE. The threads access token is set to token
761 * Failure: FALSE.
762 *
763 * NOTES
764 * Only supported on NT or higher. On Win9X this function does nothing.
765 * See SetTokenInformation.
766 */
767 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
768 {
769 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
770 ThreadImpersonationToken, &token, sizeof token ));
771 }
772
773 /*************************************************************************
774 * CreateRestrictedToken [ADVAPI32.@]
775 *
776 * Create a new more restricted token from an existing token.
777 *
778 * PARAMS
779 * baseToken [I] Token to base the new restricted token on
780 * flags [I] Options
781 * nDisableSids [I] Length of disableSids array
782 * disableSids [I] Array of SIDs to disable in the new token
783 * nDeletePrivs [I] Length of deletePrivs array
784 * deletePrivs [I] Array of privileges to delete in the new token
785 * nRestrictSids [I] Length of restrictSids array
786 * restrictSids [I] Array of SIDs to restrict in the new token
787 * newToken [O] Address where the new token is stored
788 *
789 * RETURNS
790 * Success: TRUE
791 * Failure: FALSE
792 */
793 BOOL WINAPI CreateRestrictedToken(
794 HANDLE baseToken,
795 DWORD flags,
796 DWORD nDisableSids,
797 PSID_AND_ATTRIBUTES disableSids,
798 DWORD nDeletePrivs,
799 PLUID_AND_ATTRIBUTES deletePrivs,
800 DWORD nRestrictSids,
801 PSID_AND_ATTRIBUTES restrictSids,
802 PHANDLE newToken)
803 {
804 FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n",
805 baseToken, flags, nDisableSids, disableSids,
806 nDeletePrivs, deletePrivs,
807 nRestrictSids, restrictSids,
808 newToken);
809 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
810 return FALSE;
811 }
812
813 /* ##############################
814 ###### SID FUNCTIONS ######
815 ##############################
816 */
817
818 /******************************************************************************
819 * AllocateAndInitializeSid [ADVAPI32.@]
820 *
821 * PARAMS
822 * pIdentifierAuthority []
823 * nSubAuthorityCount []
824 * nSubAuthority0 []
825 * nSubAuthority1 []
826 * nSubAuthority2 []
827 * nSubAuthority3 []
828 * nSubAuthority4 []
829 * nSubAuthority5 []
830 * nSubAuthority6 []
831 * nSubAuthority7 []
832 * pSid []
833 */
834 BOOL WINAPI
835 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
836 BYTE nSubAuthorityCount,
837 DWORD nSubAuthority0, DWORD nSubAuthority1,
838 DWORD nSubAuthority2, DWORD nSubAuthority3,
839 DWORD nSubAuthority4, DWORD nSubAuthority5,
840 DWORD nSubAuthority6, DWORD nSubAuthority7,
841 PSID *pSid )
842 {
843 return set_ntstatus( RtlAllocateAndInitializeSid(
844 pIdentifierAuthority, nSubAuthorityCount,
845 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
846 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
847 pSid ));
848 }
849
850 /******************************************************************************
851 * FreeSid [ADVAPI32.@]
852 *
853 * PARAMS
854 * pSid []
855 */
856 PVOID WINAPI
857 FreeSid( PSID pSid )
858 {
859 RtlFreeSid(pSid);
860 return NULL; /* is documented like this */
861 }
862
863 /******************************************************************************
864 * CopySid [ADVAPI32.@]
865 *
866 * PARAMS
867 * nDestinationSidLength []
868 * pDestinationSid []
869 * pSourceSid []
870 */
871 BOOL WINAPI
872 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
873 {
874 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
875 }
876
877 /******************************************************************************
878 * CreateWellKnownSid [ADVAPI32.@]
879 */
880 BOOL WINAPI
881 CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
882 PSID DomainSid,
883 PSID pSid,
884 DWORD* cbSid)
885 {
886 unsigned int i;
887 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
888
889 if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
890 {
891 SetLastError(ERROR_INVALID_PARAMETER);
892 return FALSE;
893 }
894
895 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
896 if (WellKnownSids[i].Type == WellKnownSidType) {
897 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
898
899 if (*cbSid < length)
900 {
901 *cbSid = length;
902 SetLastError(ERROR_INSUFFICIENT_BUFFER);
903 return FALSE;
904 }
905 if (!pSid)
906 {
907 SetLastError(ERROR_INVALID_PARAMETER);
908 return FALSE;
909 }
910 CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
911 *cbSid = length;
912 return TRUE;
913 }
914 }
915
916 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
917 {
918 SetLastError(ERROR_INVALID_PARAMETER);
919 return FALSE;
920 }
921
922 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
923 if (WellKnownRids[i].Type == WellKnownSidType) {
924 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
925 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
926 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
927
928 if (*cbSid < output_sid_length)
929 {
930 *cbSid = output_sid_length;
931 SetLastError(ERROR_INSUFFICIENT_BUFFER);
932 return FALSE;
933 }
934 if (!pSid)
935 {
936 SetLastError(ERROR_INVALID_PARAMETER);
937 return FALSE;
938 }
939 CopyMemory(pSid, DomainSid, domain_sid_length);
940 (*GetSidSubAuthorityCount(pSid))++;
941 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
942 *cbSid = output_sid_length;
943 return TRUE;
944 }
945
946 SetLastError(ERROR_INVALID_PARAMETER);
947 return FALSE;
948 }
949
950 /******************************************************************************
951 * IsWellKnownSid [ADVAPI32.@]
952 */
953 BOOL WINAPI
954 IsWellKnownSid( PSID pSid, WELL_KNOWN_SID_TYPE WellKnownSidType )
955 {
956 unsigned int i;
957 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
958
959 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
960 if (WellKnownSids[i].Type == WellKnownSidType)
961 if (EqualSid(pSid, (PSID)&(WellKnownSids[i].Sid.Revision)))
962 return TRUE;
963
964 return FALSE;
965 }
966
967 BOOL WINAPI
968 IsTokenRestricted( HANDLE TokenHandle )
969 {
970 TOKEN_GROUPS *groups;
971 DWORD size;
972 NTSTATUS status;
973 BOOL restricted;
974
975 TRACE("(%p)\n", TokenHandle);
976
977 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, NULL, 0, &size);
978 if (status != STATUS_BUFFER_TOO_SMALL)
979 return FALSE;
980
981 groups = HeapAlloc(GetProcessHeap(), 0, size);
982 if (!groups)
983 {
984 SetLastError(ERROR_OUTOFMEMORY);
985 return FALSE;
986 }
987
988 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, groups, size, &size);
989 if (status != STATUS_SUCCESS)
990 {
991 HeapFree(GetProcessHeap(), 0, groups);
992 return set_ntstatus(status);
993 }
994
995 if (groups->GroupCount)
996 restricted = TRUE;
997 else
998 restricted = FALSE;
999
1000 HeapFree(GetProcessHeap(), 0, groups);
1001
1002 return restricted;
1003 }
1004
1005 /******************************************************************************
1006 * IsValidSid [ADVAPI32.@]
1007 *
1008 * PARAMS
1009 * pSid []
1010 */
1011 BOOL WINAPI
1012 IsValidSid( PSID pSid )
1013 {
1014 return RtlValidSid( pSid );
1015 }
1016
1017 /******************************************************************************
1018 * EqualSid [ADVAPI32.@]
1019 *
1020 * PARAMS
1021 * pSid1 []
1022 * pSid2 []
1023 */
1024 BOOL WINAPI
1025 EqualSid( PSID pSid1, PSID pSid2 )
1026 {
1027 BOOL ret = RtlEqualSid( pSid1, pSid2 );
1028 SetLastError(ERROR_SUCCESS);
1029 return ret;
1030 }
1031
1032 /******************************************************************************
1033 * EqualPrefixSid [ADVAPI32.@]
1034 */
1035 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
1036 {
1037 return RtlEqualPrefixSid(pSid1, pSid2);
1038 }
1039
1040 /******************************************************************************
1041 * GetSidLengthRequired [ADVAPI32.@]
1042 *
1043 * PARAMS
1044 * nSubAuthorityCount []
1045 */
1046 DWORD WINAPI
1047 GetSidLengthRequired( BYTE nSubAuthorityCount )
1048 {
1049 return RtlLengthRequiredSid(nSubAuthorityCount);
1050 }
1051
1052 /******************************************************************************
1053 * InitializeSid [ADVAPI32.@]
1054 *
1055 * PARAMS
1056 * pIdentifierAuthority []
1057 */
1058 BOOL WINAPI
1059 InitializeSid (
1060 PSID pSid,
1061 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
1062 BYTE nSubAuthorityCount)
1063 {
1064 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
1065 }
1066
1067 DWORD WINAPI
1068 GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights )
1069 {
1070 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
1071
1072 *pAccessRights = STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL;
1073 return 0;
1074 }
1075
1076 DWORD WINAPI
1077 GetEffectiveRightsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pAccessRights )
1078 {
1079 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
1080
1081 return 1;
1082 }
1083
1084 /******************************************************************************
1085 * GetSidIdentifierAuthority [ADVAPI32.@]
1086 *
1087 * PARAMS
1088 * pSid []
1089 */
1090 PSID_IDENTIFIER_AUTHORITY WINAPI
1091 GetSidIdentifierAuthority( PSID pSid )
1092 {
1093 return RtlIdentifierAuthoritySid(pSid);
1094 }
1095
1096 /******************************************************************************
1097 * GetSidSubAuthority [ADVAPI32.@]
1098 *
1099 * PARAMS
1100 * pSid []
1101 * nSubAuthority []
1102 */
1103 PDWORD WINAPI
1104 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
1105 {
1106 SetLastError(ERROR_SUCCESS);
1107 return RtlSubAuthoritySid(pSid, nSubAuthority);
1108 }
1109
1110 /******************************************************************************
1111 * GetSidSubAuthorityCount [ADVAPI32.@]
1112 *
1113 * PARAMS
1114 * pSid []
1115 */
1116 PUCHAR WINAPI
1117 GetSidSubAuthorityCount (PSID pSid)
1118 {
1119 SetLastError(ERROR_SUCCESS);
1120 return RtlSubAuthorityCountSid(pSid);
1121 }
1122
1123 /******************************************************************************
1124 * GetLengthSid [ADVAPI32.@]
1125 *
1126 * PARAMS
1127 * pSid []
1128 */
1129 DWORD WINAPI
1130 GetLengthSid (PSID pSid)
1131 {
1132 return RtlLengthSid(pSid);
1133 }
1134
1135 /* ##############################################
1136 ###### SECURITY DESCRIPTOR FUNCTIONS ######
1137 ##############################################
1138 */
1139
1140 /******************************************************************************
1141 * BuildSecurityDescriptorA [ADVAPI32.@]
1142 *
1143 * Builds a SD from
1144 *
1145 * PARAMS
1146 * pOwner [I]
1147 * pGroup [I]
1148 * cCountOfAccessEntries [I]
1149 * pListOfAccessEntries [I]
1150 * cCountOfAuditEntries [I]
1151 * pListofAuditEntries [I]
1152 * pOldSD [I]
1153 * lpdwBufferLength [I/O]
1154 * pNewSD [O]
1155 *
1156 * RETURNS
1157 * Success: ERROR_SUCCESS
1158 * Failure: nonzero error code from Winerror.h
1159 */
1160 DWORD WINAPI BuildSecurityDescriptorA(
1161 IN PTRUSTEEA pOwner,
1162 IN PTRUSTEEA pGroup,
1163 IN ULONG cCountOfAccessEntries,
1164 IN PEXPLICIT_ACCESSA pListOfAccessEntries,
1165 IN ULONG cCountOfAuditEntries,
1166 IN PEXPLICIT_ACCESSA pListofAuditEntries,
1167 IN PSECURITY_DESCRIPTOR pOldSD,
1168 IN OUT PULONG lpdwBufferLength,
1169 OUT PSECURITY_DESCRIPTOR* pNewSD)
1170 {
1171 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
1172 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
1173 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
1174
1175 return ERROR_CALL_NOT_IMPLEMENTED;
1176 }
1177
1178 /******************************************************************************
1179 * BuildSecurityDescriptorW [ADVAPI32.@]
1180 *
1181 * See BuildSecurityDescriptorA.
1182 */
1183 DWORD WINAPI BuildSecurityDescriptorW(
1184 IN PTRUSTEEW pOwner,
1185 IN PTRUSTEEW pGroup,
1186 IN ULONG cCountOfAccessEntries,
1187 IN PEXPLICIT_ACCESSW pListOfAccessEntries,
1188 IN ULONG cCountOfAuditEntries,
1189 IN PEXPLICIT_ACCESSW pListofAuditEntries,
1190 IN PSECURITY_DESCRIPTOR pOldSD,
1191 IN OUT PULONG lpdwBufferLength,
1192 OUT PSECURITY_DESCRIPTOR* pNewSD)
1193 {
1194 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
1195 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
1196 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
1197
1198 return ERROR_CALL_NOT_IMPLEMENTED;
1199 }
1200
1201 /******************************************************************************
1202 * InitializeSecurityDescriptor [ADVAPI32.@]
1203 *
1204 * PARAMS
1205 * pDescr []
1206 * revision []
1207 */
1208 BOOL WINAPI
1209 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision )
1210 {
1211 return set_ntstatus( RtlCreateSecurityDescriptor(pDescr, revision ));
1212 }
1213
1214
1215 /******************************************************************************
1216 * MakeAbsoluteSD [ADVAPI32.@]
1217 */
1218 BOOL WINAPI MakeAbsoluteSD (
1219 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1220 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1221 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
1222 OUT PACL pDacl,
1223 OUT LPDWORD lpdwDaclSize,
1224 OUT PACL pSacl,
1225 OUT LPDWORD lpdwSaclSize,
1226 OUT PSID pOwner,
1227 OUT LPDWORD lpdwOwnerSize,
1228 OUT PSID pPrimaryGroup,
1229 OUT LPDWORD lpdwPrimaryGroupSize)
1230 {
1231 return set_ntstatus( RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
1232 pAbsoluteSecurityDescriptor,
1233 lpdwAbsoluteSecurityDescriptorSize,
1234 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize,
1235 pOwner, lpdwOwnerSize,
1236 pPrimaryGroup, lpdwPrimaryGroupSize));
1237 }
1238
1239 /******************************************************************************
1240 * GetKernelObjectSecurity [ADVAPI32.@]
1241 */
1242 BOOL WINAPI GetKernelObjectSecurity(
1243 HANDLE Handle,
1244 SECURITY_INFORMATION RequestedInformation,
1245 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1246 DWORD nLength,
1247 LPDWORD lpnLengthNeeded )
1248 {
1249 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
1250 pSecurityDescriptor, nLength, lpnLengthNeeded);
1251
1252 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
1253 nLength, lpnLengthNeeded ));
1254 }
1255
1256 /******************************************************************************
1257 * GetPrivateObjectSecurity [ADVAPI32.@]
1258 */
1259 BOOL WINAPI GetPrivateObjectSecurity(
1260 PSECURITY_DESCRIPTOR ObjectDescriptor,
1261 SECURITY_INFORMATION SecurityInformation,
1262 PSECURITY_DESCRIPTOR ResultantDescriptor,
1263 DWORD DescriptorLength,
1264 PDWORD ReturnLength )
1265 {
1266 SECURITY_DESCRIPTOR desc;
1267 BOOL defaulted, present;
1268 PACL pacl;
1269 PSID psid;
1270
1271 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", ObjectDescriptor, SecurityInformation,
1272 ResultantDescriptor, DescriptorLength, ReturnLength);
1273
1274 if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION))
1275 return FALSE;
1276
1277 if (SecurityInformation & OWNER_SECURITY_INFORMATION)
1278 {
1279 if (!GetSecurityDescriptorOwner(ObjectDescriptor, &psid, &defaulted))
1280 return FALSE;
1281 SetSecurityDescriptorOwner(&desc, psid, defaulted);
1282 }
1283
1284 if (SecurityInformation & GROUP_SECURITY_INFORMATION)
1285 {
1286 if (!GetSecurityDescriptorGroup(ObjectDescriptor, &psid, &defaulted))
1287 return FALSE;
1288 SetSecurityDescriptorGroup(&desc, psid, defaulted);
1289 }
1290
1291 if (SecurityInformation & DACL_SECURITY_INFORMATION)
1292 {
1293 if (!GetSecurityDescriptorDacl(ObjectDescriptor, &present, &pacl, &defaulted))
1294 return FALSE;
1295 SetSecurityDescriptorDacl(&desc, present, pacl, defaulted);
1296 }
1297
1298 if (SecurityInformation & SACL_SECURITY_INFORMATION)
1299 {
1300 if (!GetSecurityDescriptorSacl(ObjectDescriptor, &present, &pacl, &defaulted))
1301 return FALSE;
1302 SetSecurityDescriptorSacl(&desc, present, pacl, defaulted);
1303 }
1304
1305 *ReturnLength = DescriptorLength;
1306 return MakeSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength);
1307 }
1308
1309 /******************************************************************************
1310 * GetSecurityDescriptorLength [ADVAPI32.@]
1311 */
1312 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr)
1313 {
1314 return RtlLengthSecurityDescriptor(pDescr);
1315 }
1316
1317 /******************************************************************************
1318 * GetSecurityDescriptorOwner [ADVAPI32.@]
1319 *
1320 * PARAMS
1321 * pOwner []
1322 * lpbOwnerDefaulted []
1323 */
1324 BOOL WINAPI
1325 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner,
1326 LPBOOL lpbOwnerDefaulted )
1327 {
1328 BOOLEAN defaulted;
1329 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( pDescr, pOwner, &defaulted ));
1330 *lpbOwnerDefaulted = defaulted;
1331 return ret;
1332 }
1333
1334 /******************************************************************************
1335 * SetSecurityDescriptorOwner [ADVAPI32.@]
1336 *
1337 * PARAMS
1338 */
1339 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1340 PSID pOwner, BOOL bOwnerDefaulted)
1341 {
1342 return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
1343 }
1344 /******************************************************************************
1345 * GetSecurityDescriptorGroup [ADVAPI32.@]
1346 */
1347 BOOL WINAPI GetSecurityDescriptorGroup(
1348 PSECURITY_DESCRIPTOR SecurityDescriptor,
1349 PSID *Group,
1350 LPBOOL GroupDefaulted)
1351 {
1352 BOOLEAN defaulted;
1353 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted ));
1354 *GroupDefaulted = defaulted;
1355 return ret;
1356 }
1357 /******************************************************************************
1358 * SetSecurityDescriptorGroup [ADVAPI32.@]
1359 */
1360 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
1361 PSID Group, BOOL GroupDefaulted)
1362 {
1363 return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
1364 }
1365
1366 /******************************************************************************
1367 * IsValidSecurityDescriptor [ADVAPI32.@]
1368 *
1369 * PARAMS
1370 * lpsecdesc []
1371 */
1372 BOOL WINAPI
1373 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
1374 {
1375 return set_ntstatus( RtlValidSecurityDescriptor(SecurityDescriptor));
1376 }
1377
1378 /******************************************************************************
1379 * GetSecurityDescriptorDacl [ADVAPI32.@]
1380 */
1381 BOOL WINAPI GetSecurityDescriptorDacl(
1382 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
1383 OUT LPBOOL lpbDaclPresent,
1384 OUT PACL *pDacl,
1385 OUT LPBOOL lpbDaclDefaulted)
1386 {
1387 BOOLEAN present, defaulted;
1388 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted));
1389 *lpbDaclPresent = present;
1390 *lpbDaclDefaulted = defaulted;
1391 return ret;
1392 }
1393
1394 /******************************************************************************
1395 * SetSecurityDescriptorDacl [ADVAPI32.@]
1396 */
1397 BOOL WINAPI
1398 SetSecurityDescriptorDacl (
1399 PSECURITY_DESCRIPTOR lpsd,
1400 BOOL daclpresent,
1401 PACL dacl,
1402 BOOL dacldefaulted )
1403 {
1404 return set_ntstatus( RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ) );
1405 }
1406 /******************************************************************************
1407 * GetSecurityDescriptorSacl [ADVAPI32.@]
1408 */
1409 BOOL WINAPI GetSecurityDescriptorSacl(
1410 IN PSECURITY_DESCRIPTOR lpsd,
1411 OUT LPBOOL lpbSaclPresent,
1412 OUT PACL *pSacl,
1413 OUT LPBOOL lpbSaclDefaulted)
1414 {
1415 BOOLEAN present, defaulted;
1416 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor(lpsd, &present, pSacl, &defaulted) );
1417 *lpbSaclPresent = present;
1418 *lpbSaclDefaulted = defaulted;
1419 return ret;
1420 }
1421
1422 /**************************************************************************
1423 * SetSecurityDescriptorSacl [ADVAPI32.@]
1424 */
1425 BOOL WINAPI SetSecurityDescriptorSacl (
1426 PSECURITY_DESCRIPTOR lpsd,
1427 BOOL saclpresent,
1428 PACL lpsacl,
1429 BOOL sacldefaulted)
1430 {
1431 return set_ntstatus (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
1432 }
1433 /******************************************************************************
1434 * MakeSelfRelativeSD [ADVAPI32.@]
1435 *
1436 * PARAMS
1437 * lpabssecdesc []
1438 * lpselfsecdesc []
1439 * lpbuflen []
1440 */
1441 BOOL WINAPI
1442 MakeSelfRelativeSD(
1443 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
1444 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
1445 IN OUT LPDWORD lpdwBufferLength)
1446 {
1447 return set_ntstatus( RtlMakeSelfRelativeSD( pAbsoluteSecurityDescriptor,
1448 pSelfRelativeSecurityDescriptor, lpdwBufferLength));
1449 }
1450
1451 /******************************************************************************
1452 * GetSecurityDescriptorControl [ADVAPI32.@]
1453 */
1454
1455 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1456 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
1457 {
1458 return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
1459 }
1460
1461 /******************************************************************************
1462 * SetSecurityDescriptorControl [ADVAPI32.@]
1463 */
1464 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor,
1465 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
1466 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet )
1467 {
1468 return set_ntstatus( RtlSetControlSecurityDescriptor(
1469 pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet ) );
1470 }
1471
1472 /* ##############################
1473 ###### ACL FUNCTIONS ######
1474 ##############################
1475 */
1476
1477 /*************************************************************************
1478 * InitializeAcl [ADVAPI32.@]
1479 */
1480 BOOL WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
1481 {
1482 return set_ntstatus( RtlCreateAcl(acl, size, rev));
1483 }
1484
1485 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
1486 {
1487 IO_STATUS_BLOCK io_block;
1488
1489 TRACE("(%p)\n", hNamedPipe);
1490
1491 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
1492 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
1493 }
1494
1495 /******************************************************************************
1496 * AddAccessAllowedAce [ADVAPI32.@]
1497 */
1498 BOOL WINAPI AddAccessAllowedAce(
1499 IN OUT PACL pAcl,
1500 IN DWORD dwAceRevision,
1501 IN DWORD AccessMask,
1502 IN PSID pSid)
1503 {
1504 return set_ntstatus(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
1505 }
1506
1507 /******************************************************************************
1508 * AddAccessAllowedAceEx [ADVAPI32.@]
1509 */
1510 BOOL WINAPI AddAccessAllowedAceEx(
1511 IN OUT PACL pAcl,
1512 IN DWORD dwAceRevision,
1513 IN DWORD AceFlags,
1514 IN DWORD AccessMask,
1515 IN PSID pSid)
1516 {
1517 return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1518 }
1519
1520 /******************************************************************************
1521 * AddAccessDeniedAce [ADVAPI32.@]
1522 */
1523 BOOL WINAPI AddAccessDeniedAce(
1524 IN OUT PACL pAcl,
1525 IN DWORD dwAceRevision,
1526 IN DWORD AccessMask,
1527 IN PSID pSid)
1528 {
1529 return set_ntstatus(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
1530 }
1531
1532 /******************************************************************************
1533 * AddAccessDeniedAceEx [ADVAPI32.@]
1534 */
1535 BOOL WINAPI AddAccessDeniedAceEx(
1536 IN OUT PACL pAcl,
1537 IN DWORD dwAceRevision,
1538 IN DWORD AceFlags,
1539 IN DWORD AccessMask,
1540 IN PSID pSid)
1541 {
1542 return set_ntstatus(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
1543 }
1544
1545 /******************************************************************************
1546 * AddAce [ADVAPI32.@]
1547 */
1548 BOOL WINAPI AddAce(
1549 IN OUT PACL pAcl,
1550 IN DWORD dwAceRevision,
1551 IN DWORD dwStartingAceIndex,
1552 LPVOID pAceList,
1553 DWORD nAceListLength)
1554 {
1555 return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
1556 }
1557
1558 /******************************************************************************
1559 * DeleteAce [ADVAPI32.@]
1560 */
1561 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
1562 {
1563 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1564 }
1565
1566 /******************************************************************************
1567 * FindFirstFreeAce [ADVAPI32.@]
1568 */
1569 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
1570 {
1571 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
1572 }
1573
1574 /******************************************************************************
1575 * GetAce [ADVAPI32.@]
1576 */
1577 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1578 {
1579 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1580 }
1581
1582 /******************************************************************************
1583 * GetAclInformation [ADVAPI32.@]
1584 */
1585 BOOL WINAPI GetAclInformation(
1586 PACL pAcl,
1587 LPVOID pAclInformation,
1588 DWORD nAclInformationLength,
1589 ACL_INFORMATION_CLASS dwAclInformationClass)
1590 {
1591 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1592 nAclInformationLength, dwAclInformationClass));
1593 }
1594
1595 /******************************************************************************
1596 * IsValidAcl [ADVAPI32.@]
1597 */
1598 BOOL WINAPI IsValidAcl(IN PACL pAcl)
1599 {
1600 return RtlValidAcl(pAcl);
1601 }
1602
1603 /* ##############################
1604 ###### MISC FUNCTIONS ######
1605 ##############################
1606 */
1607
1608 /******************************************************************************
1609 * AllocateLocallyUniqueId [ADVAPI32.@]
1610 *
1611 * PARAMS
1612 * lpLuid []
1613 */
1614 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid )
1615 {
1616 return set_ntstatus(NtAllocateLocallyUniqueId(lpLuid));
1617 }
1618
1619 static const WCHAR SE_CREATE_TOKEN_NAME_W[] =
1620 { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1621 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] =
1622 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1623 static const WCHAR SE_LOCK_MEMORY_NAME_W[] =
1624 { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 };
1625 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] =
1626 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
1627 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] =
1628 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
1629 static const WCHAR SE_TCB_NAME_W[] =
1630 { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 };
1631 static const WCHAR SE_SECURITY_NAME_W[] =
1632 { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1633 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] =
1634 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
1635 static const WCHAR SE_LOAD_DRIVER_NAME_W[] =
1636 { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 };
1637 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] =
1638 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1639 static const WCHAR SE_SYSTEMTIME_NAME_W[] =
1640 { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 };
1641 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] =
1642 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
1643 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] =
1644 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1645 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] =
1646 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1647 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] =
1648 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1649 static const WCHAR SE_BACKUP_NAME_W[] =
1650 { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 };
1651 static const WCHAR SE_RESTORE_NAME_W[] =
1652 { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 };
1653 static const WCHAR SE_SHUTDOWN_NAME_W[] =
1654 { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1655 static const WCHAR SE_DEBUG_NAME_W[] =
1656 { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 };
1657 static const WCHAR SE_AUDIT_NAME_W[] =
1658 { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 };
1659 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] =
1660 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1661 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] =
1662 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
1663 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] =
1664 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1665 static const WCHAR SE_UNDOCK_NAME_W[] =
1666 { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 };
1667 static const WCHAR SE_SYNC_AGENT_NAME_W[] =
1668 { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1669 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] =
1670 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
1671 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] =
1672 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
1673 static const WCHAR SE_IMPERSONATE_NAME_W[] =
1674 { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 };
1675 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
1676 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
1677
1678 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
1679 {
1680 NULL,
1681 NULL,
1682 SE_CREATE_TOKEN_NAME_W,
1683 SE_ASSIGNPRIMARYTOKEN_NAME_W,
1684 SE_LOCK_MEMORY_NAME_W,
1685 SE_INCREASE_QUOTA_NAME_W,
1686 SE_MACHINE_ACCOUNT_NAME_W,
1687 SE_TCB_NAME_W,
1688 SE_SECURITY_NAME_W,
1689 SE_TAKE_OWNERSHIP_NAME_W,
1690 SE_LOAD_DRIVER_NAME_W,
1691 SE_SYSTEM_PROFILE_NAME_W,
1692 SE_SYSTEMTIME_NAME_W,
1693 SE_PROF_SINGLE_PROCESS_NAME_W,
1694 SE_INC_BASE_PRIORITY_NAME_W,
1695 SE_CREATE_PAGEFILE_NAME_W,
1696 SE_CREATE_PERMANENT_NAME_W,
1697 SE_BACKUP_NAME_W,
1698 SE_RESTORE_NAME_W,
1699 SE_SHUTDOWN_NAME_W,
1700 SE_DEBUG_NAME_W,
1701 SE_AUDIT_NAME_W,
1702 SE_SYSTEM_ENVIRONMENT_NAME_W,
1703 SE_CHANGE_NOTIFY_NAME_W,
1704 SE_REMOTE_SHUTDOWN_NAME_W,
1705 SE_UNDOCK_NAME_W,
1706 SE_SYNC_AGENT_NAME_W,
1707 SE_ENABLE_DELEGATION_NAME_W,
1708 SE_MANAGE_VOLUME_NAME_W,
1709 SE_IMPERSONATE_NAME_W,
1710 SE_CREATE_GLOBAL_NAME_W,
1711 };
1712
1713 /******************************************************************************
1714 * LookupPrivilegeValueW [ADVAPI32.@]
1715 *
1716 * See LookupPrivilegeValueA.
1717 */
1718 BOOL WINAPI
1719 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
1720 {
1721 UINT i;
1722
1723 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
1724
1725 if (!ADVAPI_IsLocalComputer(lpSystemName))
1726 {
1727 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1728 return FALSE;
1729 }
1730 if (!lpName)
1731 {
1732 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1733 return FALSE;
1734 }
1735 for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<=SE_MAX_WELL_KNOWN_PRIVILEGE; i++ )
1736 {
1737 if( !WellKnownPrivNames[i] )
1738 continue;
1739 if( strcmpiW( WellKnownPrivNames[i], lpName) )
1740 continue;
1741 lpLuid->LowPart = i;
1742 lpLuid->HighPart = 0;
1743 TRACE( "%s -> %08x-%08x\n",debugstr_w( lpSystemName ),
1744 lpLuid->HighPart, lpLuid->LowPart );
1745 return TRUE;
1746 }
1747 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1748 return FALSE;
1749 }
1750
1751 /******************************************************************************
1752 * LookupPrivilegeValueA [ADVAPI32.@]
1753 *
1754 * Retrieves LUID used on a system to represent the privilege name.
1755 *
1756 * PARAMS
1757 * lpSystemName [I] Name of the system
1758 * lpName [I] Name of the privilege
1759 * lpLuid [O] Destination for the resulting LUID
1760 *
1761 * RETURNS
1762 * Success: TRUE. lpLuid contains the requested LUID.
1763 * Failure: FALSE.
1764 */
1765 BOOL WINAPI
1766 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
1767 {
1768 UNICODE_STRING lpSystemNameW;
1769 UNICODE_STRING lpNameW;
1770 BOOL ret;
1771
1772 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1773 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
1774 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
1775 RtlFreeUnicodeString(&lpNameW);
1776 RtlFreeUnicodeString(&lpSystemNameW);
1777 return ret;
1778 }
1779
1780 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName,
1781 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1782 {
1783 FIXME("%s %s %s %p %p - stub\n", debugstr_a(lpSystemName), debugstr_a(lpName),
1784 debugstr_a(lpDisplayName), cchDisplayName, lpLanguageId);
1785
1786 return FALSE;
1787 }
1788
1789 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName,
1790 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1791 {
1792 FIXME("%s %s %s %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpName),
1793 debugstr_w(lpDisplayName), cchDisplayName, lpLanguageId);
1794
1795 return FALSE;
1796 }
1797
1798 /******************************************************************************
1799 * LookupPrivilegeNameA [ADVAPI32.@]
1800 *
1801 * See LookupPrivilegeNameW.
1802 */
1803 BOOL WINAPI
1804 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName,
1805 LPDWORD cchName)
1806 {
1807 UNICODE_STRING lpSystemNameW;
1808 BOOL ret;
1809 DWORD wLen = 0;
1810
1811 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1812
1813 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1814 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1815 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1816 {
1817 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1818
1819 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1820 &wLen);
1821 if (ret)
1822 {
1823 /* Windows crashes if cchName is NULL, so will I */
1824 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1825 *cchName, NULL, NULL);
1826
1827 if (len == 0)
1828 {
1829 /* WideCharToMultiByte failed */
1830 ret = FALSE;
1831 }
1832 else if (len > *cchName)
1833 {
1834 *cchName = len;
1835 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1836 ret = FALSE;
1837 }
1838 else
1839 {
1840 /* WideCharToMultiByte succeeded, output length needs to be
1841 * length not including NULL terminator
1842 */
1843 *cchName = len - 1;
1844 }
1845 }
1846 HeapFree(GetProcessHeap(), 0, lpNameW);
1847 }
1848 RtlFreeUnicodeString(&lpSystemNameW);
1849 return ret;
1850 }
1851
1852 /******************************************************************************
1853 * LookupPrivilegeNameW [ADVAPI32.@]
1854 *
1855 * Retrieves the privilege name referred to by the LUID lpLuid.
1856 *
1857 * PARAMS
1858 * lpSystemName [I] Name of the system
1859 * lpLuid [I] Privilege value
1860 * lpName [O] Name of the privilege
1861 * cchName [I/O] Number of characters in lpName.
1862 *
1863 * RETURNS
1864 * Success: TRUE. lpName contains the name of the privilege whose value is
1865 * *lpLuid.
1866 * Failure: FALSE.
1867 *
1868 * REMARKS
1869 * Only well-known privilege names (those defined in winnt.h) can be retrieved
1870 * using this function.
1871 * If the length of lpName is too small, on return *cchName will contain the
1872 * number of WCHARs needed to contain the privilege, including the NULL
1873 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
1874 * On success, *cchName will contain the number of characters stored in
1875 * lpName, NOT including the NULL terminator.
1876 */
1877 BOOL WINAPI
1878 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
1879 LPDWORD cchName)
1880 {
1881 size_t privNameLen;
1882
1883 TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
1884
1885 if (!ADVAPI_IsLocalComputer(lpSystemName))
1886 {
1887 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1888 return FALSE;
1889 }
1890 if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
1891 lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
1892 {
1893 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1894 return FALSE;
1895 }
1896 privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
1897 /* Windows crashes if cchName is NULL, so will I */
1898 if (*cchName <= privNameLen)
1899 {
1900 *cchName = privNameLen + 1;
1901 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1902 return FALSE;
1903 }
1904 else
1905 {
1906 strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
1907 *cchName = privNameLen;
1908 return TRUE;
1909 }
1910 }
1911
1912 /******************************************************************************
1913 * GetFileSecurityA [ADVAPI32.@]
1914 *
1915 * Obtains Specified information about the security of a file or directory.
1916 *
1917 * PARAMS
1918 * lpFileName [I] Name of the file to get info for
1919 * RequestedInformation [I] SE_ flags from "winnt.h"
1920 * pSecurityDescriptor [O] Destination for security information
1921 * nLength [I] Length of pSecurityDescriptor
1922 * lpnLengthNeeded [O] Destination for length of returned security information
1923 *
1924 * RETURNS
1925 * Success: TRUE. pSecurityDescriptor contains the requested information.
1926 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1927 *
1928 * NOTES
1929 * The information returned is constrained by the callers access rights and
1930 * privileges.
1931 */
1932 BOOL WINAPI
1933 GetFileSecurityA( LPCSTR lpFileName,
1934 SECURITY_INFORMATION RequestedInformation,
1935 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1936 DWORD nLength, LPDWORD lpnLengthNeeded )
1937 {
1938 DWORD len;
1939 BOOL r;
1940 LPWSTR name = NULL;
1941
1942 if( lpFileName )
1943 {
1944 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1945 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1946 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1947 }
1948
1949 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor,
1950 nLength, lpnLengthNeeded );
1951 HeapFree( GetProcessHeap(), 0, name );
1952
1953 return r;
1954 }
1955
1956 /******************************************************************************
1957 * GetFileSecurityW [ADVAPI32.@]
1958 *
1959 * See GetFileSecurityA.
1960 */
1961 BOOL WINAPI
1962 GetFileSecurityW( LPCWSTR lpFileName,
1963 SECURITY_INFORMATION RequestedInformation,
1964 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1965 DWORD nLength, LPDWORD lpnLengthNeeded )
1966 {
1967 HANDLE hfile;
1968 NTSTATUS status;
1969 DWORD access = 0;
1970
1971 TRACE("(%s,%d,%p,%d,%p)\n", debugstr_w(lpFileName),
1972 RequestedInformation, pSecurityDescriptor,
1973 nLength, lpnLengthNeeded);
1974
1975 if (RequestedInformation & (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|
1976 DACL_SECURITY_INFORMATION))
1977 access |= READ_CONTROL;
1978 if (RequestedInformation & SACL_SECURITY_INFORMATION)
1979 access |= ACCESS_SYSTEM_SECURITY;
1980
1981 hfile = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
1982 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0 );
1983 if ( hfile == INVALID_HANDLE_VALUE )
1984 return FALSE;
1985
1986 status = NtQuerySecurityObject( hfile, RequestedInformation, pSecurityDescriptor,
1987 nLength, lpnLengthNeeded );
1988 CloseHandle( hfile );
1989 return set_ntstatus( status );
1990 }
1991
1992
1993 /******************************************************************************
1994 * LookupAccountSidA [ADVAPI32.@]
1995 */
1996 BOOL WINAPI
1997 LookupAccountSidA(
1998 IN LPCSTR system,
1999 IN PSID sid,
2000 OUT LPSTR account,
2001 IN OUT LPDWORD accountSize,
2002 OUT LPSTR domain,
2003 IN OUT LPDWORD domainSize,
2004 OUT PSID_NAME_USE name_use )
2005 {
2006 DWORD len;
2007 BOOL r;
2008 LPWSTR systemW = NULL;
2009 LPWSTR accountW = NULL;
2010 LPWSTR domainW = NULL;
2011 DWORD accountSizeW = *accountSize;
2012 DWORD domainSizeW = *domainSize;
2013
2014 if (system) {
2015 len = MultiByteToWideChar( CP_ACP, 0, system, -1, NULL, 0 );
2016 systemW = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) );
2017 MultiByteToWideChar( CP_ACP, 0, system, -1, systemW, len );
2018 }
2019 if (account)
2020 accountW = HeapAlloc( GetProcessHeap(), 0, accountSizeW * sizeof(WCHAR) );
2021 if (domain)
2022 domainW = HeapAlloc( GetProcessHeap(), 0, domainSizeW * sizeof(WCHAR) );
2023
2024 r = LookupAccountSidW( systemW, sid, accountW, &accountSizeW, domainW, &domainSizeW, name_use );
2025
2026 if (r) {
2027 if (accountW && *accountSize) {
2028 len = WideCharToMultiByte( CP_ACP, 0, accountW, -1, NULL, 0, NULL, NULL );
2029 WideCharToMultiByte( CP_ACP, 0, accountW, -1, account, len, NULL, NULL );
2030 *accountSize = len;
2031 } else
2032 *accountSize = accountSizeW + 1;
2033
2034 if (domainW && *domainSize) {
2035 len = WideCharToMultiByte( CP_ACP, 0, domainW, -1, NULL, 0, NULL, NULL );
2036 WideCharToMultiByte( CP_ACP, 0, domainW, -1, domain, len, NULL, NULL );
2037 *domainSize = len;
2038 } else
2039 *domainSize = domainSizeW + 1;
2040 }
2041 else
2042 {
2043 *accountSize = accountSizeW + 1;
2044 *domainSize = domainSizeW + 1;
2045 }
2046
2047 HeapFree( GetProcessHeap(), 0, systemW );
2048 HeapFree( GetProcessHeap(), 0, accountW );
2049 HeapFree( GetProcessHeap(), 0, domainW );
2050
2051 return r;
2052 }
2053
2054 /******************************************************************************
2055 * LookupAccountSidW [ADVAPI32.@]
2056 *
2057 * PARAMS
2058 * system []
2059 * sid []
2060 * account []
2061 * accountSize []
2062 * domain []
2063 * domainSize []
2064 * name_use []
2065 */
2066
2067 BOOL WINAPI
2068 LookupAccountSidW(
2069 IN LPCWSTR system,
2070 IN PSID sid,
2071 OUT LPWSTR account,
2072 IN OUT LPDWORD accountSize,
2073 OUT LPWSTR domain,
2074 IN OUT LPDWORD domainSize,
2075 OUT PSID_NAME_USE name_use )
2076 {
2077 unsigned int i, j;
2078 const WCHAR * ac = NULL;
2079 const WCHAR * dm = NULL;
2080 SID_NAME_USE use = 0;
2081 LPWSTR computer_name = NULL;
2082 LPWSTR account_name = NULL;
2083
2084 TRACE("(%s,sid=%s,%p,%p(%u),%p,%p(%u),%p)\n",
2085 debugstr_w(system),debugstr_sid(sid),
2086 account,accountSize,accountSize?*accountSize:0,
2087 domain,domainSize,domainSize?*domainSize:0,
2088 name_use);
2089
2090 if (!ADVAPI_IsLocalComputer(system)) {
2091 FIXME("Only local computer supported!\n");
2092 SetLastError(RPC_S_SERVER_UNAVAILABLE);
2093 return FALSE;
2094 }
2095
2096 /* check the well known SIDs first */
2097 for (i = 0; i <= 60; i++) {
2098 if (IsWellKnownSid(sid, i)) {
2099 for (j = 0; j < (sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0])); j++) {
2100 if (ACCOUNT_SIDS[j].type == i) {
2101 ac = ACCOUNT_SIDS[j].account;
2102 dm = ACCOUNT_SIDS[j].domain;
2103 use = ACCOUNT_SIDS[j].name_use;
2104 }
2105 }
2106 break;
2107 }
2108 }
2109
2110 if (dm == NULL) {
2111 MAX_SID local;
2112
2113 /* check for the local computer next */
2114 if (ADVAPI_GetComputerSid(&local)) {
2115 DWORD size = MAX_COMPUTERNAME_LENGTH + 1;
2116 BOOL result;
2117
2118 computer_name = HeapAlloc(GetProcessHeap(), 0, size * sizeof(WCHAR));
2119 result = GetComputerNameW(computer_name, &size);
2120
2121 if (result) {
2122 if (EqualSid(sid, &local)) {
2123 dm = computer_name;
2124 ac = Blank;
2125 use = 3;
2126 } else {
2127 local.SubAuthorityCount++;
2128
2129 if (EqualPrefixSid(sid, &local)) {
2130 dm = computer_name;
2131 use = 1;
2132 switch (((MAX_SID *)sid)->SubAuthority[4]) {
2133 case DOMAIN_USER_RID_ADMIN:
2134 ac = Administrator;
2135 break;
2136 case DOMAIN_USER_RID_GUEST:
2137 ac = Guest;
2138 break;
2139 case DOMAIN_GROUP_RID_ADMINS:
2140 ac = Domain_Admins;
2141 break;
2142 case DOMAIN_GROUP_RID_USERS:
2143 ac = Domain_Users;
2144 break;
2145 case DOMAIN_GROUP_RID_GUESTS:
2146 ac = Domain_Guests;
2147 break;
2148 case DOMAIN_GROUP_RID_COMPUTERS:
2149 ac = Domain_Computers;
2150 break;
2151 case DOMAIN_GROUP_RID_CONTROLLERS:
2152 ac = Domain_Controllers;
2153 break;
2154 case DOMAIN_GROUP_RID_CERT_ADMINS:
2155 ac = Cert_Publishers;
2156 break;
2157 case DOMAIN_GROUP_RID_SCHEMA_ADMINS:
2158 ac = Schema_Admins;
2159 break;
2160 case DOMAIN_GROUP_RID_ENTERPRISE_ADMINS:
2161 ac = Enterprise_Admins;
2162 break;
2163 case DOMAIN_GROUP_RID_POLICY_ADMINS:
2164 ac = Group_Policy_Creator_Owners;
2165 break;
2166 case DOMAIN_ALIAS_RID_RAS_SERVERS:
2167 ac = RAS_and_IAS_Servers;
2168 break;
2169 case 1000: /* first user account */
2170 size = UNLEN + 1;
2171 account_name = HeapAlloc(
2172 GetProcessHeap(), 0, size * sizeof(WCHAR));
2173 if (GetUserNameW(account_name, &size))
2174 ac = account_name;
2175 else
2176 dm = NULL;
2177
2178 break;
2179 default:
2180 dm = NULL;
2181 break;
2182 }
2183 }
2184 }
2185 }
2186 }
2187 }
2188
2189 if (dm) {
2190 DWORD ac_len = lstrlenW(ac);
2191 DWORD dm_len = lstrlenW(dm);
2192 BOOL status = TRUE;
2193
2194 if (*accountSize > ac_len) {
2195 if (account)
2196 lstrcpyW(account, ac);
2197 }
2198 if (*domainSize > dm_len) {
2199 if (domain)
2200 lstrcpyW(domain, dm);
2201 }
2202 if ((*accountSize && *accountSize < ac_len) ||
2203 (!account && !*accountSize && ac_len) ||
2204 (*domainSize && *domainSize < dm_len) ||
2205 (!domain && !*domainSize && dm_len))
2206 {
2207 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2208 status = FALSE;
2209 }
2210 if (*domainSize)
2211 *domainSize = dm_len;
2212 else
2213 *domainSize = dm_len + 1;
2214 if (*accountSize)
2215 *accountSize = ac_len;
2216 else
2217 *accountSize = ac_len + 1;
2218
2219 HeapFree(GetProcessHeap(), 0, account_name);
2220 HeapFree(GetProcessHeap(), 0, computer_name);
2221 if (status) *name_use = use;
2222 return status;
2223 }
2224
2225 HeapFree(GetProcessHeap(), 0, account_name);
2226 HeapFree(GetProcessHeap(), 0, computer_name);
2227 SetLastError(ERROR_NONE_MAPPED);
2228 return FALSE;
2229 }
2230
2231 /******************************************************************************
2232 * SetFileSecurityA [ADVAPI32.@]
2233 *
2234 * See SetFileSecurityW.
2235 */
2236 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
2237 SECURITY_INFORMATION RequestedInformation,
2238 PSECURITY_DESCRIPTOR pSecurityDescriptor)
2239 {
2240 DWORD len;
2241 BOOL r;
2242 LPWSTR name = NULL;
2243
2244 if( lpFileName )
2245 {
2246 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
2247 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
2248 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
2249 }
2250
2251 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor );
2252 HeapFree( GetProcessHeap(), 0, name );
2253
2254 return r;
2255 }
2256
2257 /******************************************************************************
2258 * SetFileSecurityW [ADVAPI32.@]
2259 *
2260 * Sets the security of a file or directory.
2261 *
2262 * PARAMS
2263 * lpFileName []
2264 * RequestedInformation []
2265 * pSecurityDescriptor []
2266 *
2267 * RETURNS
2268 * Success: TRUE.
2269 * Failure: FALSE.
2270 */
2271 BOOL WINAPI
2272 SetFileSecurityW( LPCWSTR lpFileName,
2273 SECURITY_INFORMATION RequestedInformation,
2274 PSECURITY_DESCRIPTOR pSecurityDescriptor )
2275 {
2276 HANDLE file;
2277 DWORD access = 0;
2278 NTSTATUS status;
2279
2280 TRACE("(%s, 0x%x, %p)\n", debugstr_w(lpFileName), RequestedInformation,
2281 pSecurityDescriptor );
2282
2283 if (RequestedInformation & OWNER_SECURITY_INFORMATION ||
2284 RequestedInformation & GROUP_SECURITY_INFORMATION)
2285 access |= WRITE_OWNER;
2286 if (RequestedInformation & SACL_SECURITY_INFORMATION)
2287 access |= ACCESS_SYSTEM_SECURITY;
2288 if (RequestedInformation & DACL_SECURITY_INFORMATION)
2289 access |= WRITE_DAC;
2290
2291 file = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
2292 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL );
2293 if (file == INVALID_HANDLE_VALUE)
2294 return FALSE;
2295
2296 status = NtSetSecurityObject( file, RequestedInformation, pSecurityDescriptor );
2297 CloseHandle( file );
2298 return set_ntstatus( status );
2299 }
2300
2301 /******************************************************************************
2302 * QueryWindows31FilesMigration [ADVAPI32.@]
2303 *
2304 * PARAMS
2305 * x1 []
2306 */
2307 BOOL WINAPI
2308 QueryWindows31FilesMigration( DWORD x1 )
2309 {
2310 FIXME("(%d):stub\n",x1);
2311 return TRUE;
2312 }
2313
2314 /******************************************************************************
2315 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
2316 *
2317 * PARAMS
2318 * x1 []
2319 * x2 []
2320 * x3 []
2321 * x4 []
2322 */
2323 BOOL WINAPI
2324 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
2325 DWORD x4 )
2326 {
2327 FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
2328 return TRUE;
2329 }
2330
2331 /******************************************************************************
2332 * NotifyBootConfigStatus [ADVAPI32.@]
2333 *
2334 * PARAMS
2335 * x1 []
2336 */
2337 BOOL WINAPI
2338 NotifyBootConfigStatus( BOOL x1 )
2339 {
2340 FIXME("(0x%08d):stub\n",x1);
2341 return 1;
2342 }
2343
2344 /******************************************************************************
2345 * RevertToSelf [ADVAPI32.@]
2346 *
2347 * Ends the impersonation of a user.
2348 *
2349 * PARAMS
2350 * void []
2351 *
2352 * RETURNS
2353 * Success: TRUE.
2354 * Failure: FALSE.
2355 */
2356 BOOL WINAPI
2357 RevertToSelf( void )
2358 {
2359 HANDLE Token = NULL;
2360 return set_ntstatus( NtSetInformationThread( GetCurrentThread(),
2361 ThreadImpersonationToken, &Token, sizeof(Token) ) );
2362 }
2363
2364 /******************************************************************************
2365 * ImpersonateSelf [ADVAPI32.@]
2366 *
2367 * Makes an impersonation token that represents the process user and assigns
2368 * to the current thread.
2369 *
2370 * PARAMS
2371 * ImpersonationLevel [I] Level at which to impersonate.
2372 *
2373 * RETURNS
2374 * Success: TRUE.
2375 * Failure: FALSE.
2376 */
2377 BOOL WINAPI
2378 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
2379 {
2380 return set_ntstatus( RtlImpersonateSelf( ImpersonationLevel ) );
2381 }
2382
2383 /******************************************************************************
2384 * ImpersonateLoggedOnUser [ADVAPI32.@]
2385 */
2386 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
2387 {
2388 DWORD size;
2389 NTSTATUS Status;
2390 HANDLE ImpersonationToken;
2391 TOKEN_TYPE Type;
2392 static BOOL warn = TRUE;
2393
2394 if (warn)
2395 {
2396 FIXME( "(%p)\n", hToken );
2397 warn = FALSE;
2398 }
2399 if (!GetTokenInformation( hToken, TokenType, &Type,
2400 sizeof(TOKEN_TYPE), &size ))
2401 return FALSE;
2402
2403 if (Type == TokenPrimary)
2404 {
2405 OBJECT_ATTRIBUTES ObjectAttributes;
2406
2407 InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL );
2408
2409 Status = NtDuplicateToken( hToken,
2410 TOKEN_IMPERSONATE | TOKEN_QUERY,
2411 &ObjectAttributes,
2412 SecurityImpersonation,
2413 TokenImpersonation,
2414 &ImpersonationToken );
2415 if (Status != STATUS_SUCCESS)
2416 {
2417 ERR( "NtDuplicateToken failed with error 0x%08x\n", Status );
2418 SetLastError( RtlNtStatusToDosError( Status ) );
2419 return FALSE;
2420 }
2421 }
2422 else
2423 ImpersonationToken = hToken;
2424
2425 Status = NtSetInformationThread( GetCurrentThread(),
2426 ThreadImpersonationToken,
2427 &ImpersonationToken,
2428 sizeof(ImpersonationToken) );
2429
2430 if (Type == TokenPrimary)
2431 NtClose( ImpersonationToken );
2432
2433 if (Status != STATUS_SUCCESS)
2434 {
2435 ERR( "NtSetInformationThread failed with error 0x%08x\n", Status );
2436 SetLastError( RtlNtStatusToDosError( Status ) );
2437 return FALSE;
2438 }
2439
2440 return TRUE;
2441 }
2442
2443 /******************************************************************************
2444 * AccessCheck [ADVAPI32.@]
2445 */
2446 BOOL WINAPI
2447 AccessCheck(
2448 PSECURITY_DESCRIPTOR SecurityDescriptor,
2449 HANDLE ClientToken,
2450 DWORD DesiredAccess,
2451 PGENERIC_MAPPING GenericMapping,
2452 PPRIVILEGE_SET PrivilegeSet,
2453 LPDWORD PrivilegeSetLength,
2454 LPDWORD GrantedAccess,
2455 LPBOOL AccessStatus)
2456 {
2457 NTSTATUS access_status;
2458 BOOL ret = set_ntstatus( NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
2459 GenericMapping, PrivilegeSet, PrivilegeSetLength,
2460 GrantedAccess, &access_status) );
2461 if (ret) *AccessStatus = set_ntstatus( access_status );
2462 return ret;
2463 }
2464
2465
2466 /******************************************************************************
2467 * AccessCheckByType [ADVAPI32.@]
2468 */
2469 BOOL WINAPI AccessCheckByType(
2470 PSECURITY_DESCRIPTOR pSecurityDescriptor,
2471 PSID PrincipalSelfSid,
2472 HANDLE ClientToken,
2473 DWORD DesiredAccess,
2474 POBJECT_TYPE_LIST ObjectTypeList,
2475 DWORD ObjectTypeListLength,
2476 PGENERIC_MAPPING GenericMapping,
2477 PPRIVILEGE_SET PrivilegeSet,
2478 LPDWORD PrivilegeSetLength,
2479 LPDWORD GrantedAccess,
2480 LPBOOL AccessStatus)
2481 {
2482 FIXME("stub\n");
2483
2484 *AccessStatus = TRUE;
2485
2486 return !*AccessStatus;
2487 }
2488
2489 /******************************************************************************
2490 * MapGenericMask [ADVAPI32.@]
2491 *
2492 * Maps generic access rights into specific access rights according to the
2493 * supplied mapping.
2494 *
2495 * PARAMS
2496 * AccessMask [I/O] Access rights.
2497 * GenericMapping [I] The mapping between generic and specific rights.
2498 *
2499 * RETURNS
2500 * Nothing.
2501 */
2502 VOID WINAPI MapGenericMask( PDWORD AccessMask, PGENERIC_MAPPING GenericMapping )
2503 {
2504 RtlMapGenericMask( AccessMask, GenericMapping );
2505 }
2506
2507 /*************************************************************************
2508 * SetKernelObjectSecurity [ADVAPI32.@]
2509 */
2510 BOOL WINAPI SetKernelObjectSecurity (
2511 IN HANDLE Handle,
2512 IN SECURITY_INFORMATION SecurityInformation,
2513 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
2514 {
2515 return set_ntstatus (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
2516 }
2517
2518
2519 /******************************************************************************
2520 * AddAuditAccessAce [ADVAPI32.@]
2521 */
2522 BOOL WINAPI AddAuditAccessAce(
2523 IN OUT PACL pAcl,
2524 IN DWORD dwAceRevision,
2525 IN DWORD dwAccessMask,
2526 IN PSID pSid,
2527 IN BOOL bAuditSuccess,
2528 IN BOOL bAuditFailure)
2529 {
2530 return set_ntstatus( RtlAddAuditAccessAce(pAcl, dwAceRevision, dwAccessMask, pSid,
2531 bAuditSuccess, bAuditFailure) );
2532 }
2533
2534 /******************************************************************************
2535 * AddAuditAccessAce [ADVAPI32.@]
2536 */
2537 BOOL WINAPI AddAuditAccessAceEx(
2538 IN OUT PACL pAcl,
2539 IN DWORD dwAceRevision,
2540 IN DWORD dwAceFlags,
2541 IN DWORD dwAccessMask,
2542 IN PSID pSid,
2543 IN BOOL bAuditSuccess,
2544 IN BOOL bAuditFailure)
2545 {
2546 return set_ntstatus( RtlAddAuditAccessAceEx(pAcl, dwAceRevision, dwAceFlags, dwAccessMask, pSid,
2547 bAuditSuccess, bAuditFailure) );
2548 }
2549
2550 /******************************************************************************
2551 * LookupAccountNameA [ADVAPI32.@]
2552 */
2553 BOOL WINAPI
2554 LookupAccountNameA(
2555 IN LPCSTR system,
2556 IN LPCSTR account,
2557 OUT PSID sid,
2558 OUT LPDWORD cbSid,
2559 LPSTR ReferencedDomainName,
2560 IN OUT LPDWORD cbReferencedDomainName,
2561 OUT PSID_NAME_USE name_use )
2562 {
2563 BOOL ret;
2564 UNICODE_STRING lpSystemW;
2565 UNICODE_STRING lpAccountW;
2566 LPWSTR lpReferencedDomainNameW = NULL;
2567
2568 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, system);
2569 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, account);
2570
2571 if (ReferencedDomainName)
2572 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(), 0, *cbReferencedDomainName * sizeof(WCHAR));
2573
2574 ret = LookupAccountNameW(lpSystemW.Buffer, lpAccountW.Buffer, sid, cbSid, lpReferencedDomainNameW,
2575 cbReferencedDomainName, name_use);
2576
2577 if (ret && lpReferencedDomainNameW)
2578 {
2579 WideCharToMultiByte(CP_ACP, 0, lpReferencedDomainNameW, -1,
2580 ReferencedDomainName, *cbReferencedDomainName+1, NULL, NULL);
2581 }
2582
2583 RtlFreeUnicodeString(&lpSystemW);
2584 RtlFreeUnicodeString(&lpAccountW);
2585 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
2586
2587 return ret;
2588 }
2589
2590 /******************************************************************************
2591 * lookup_user_account_name
2592 */
2593 static BOOL lookup_user_account_name(PSID Sid, PDWORD cbSid, LPWSTR ReferencedDomainName,
2594 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
2595 {
2596 char buffer[sizeof(TOKEN_USER) + sizeof(SID) + sizeof(DWORD)*SID_MAX_SUB_AUTHORITIES];
2597 DWORD len = sizeof(buffer);
2598 HANDLE token;
2599 BOOL ret;
2600 PSID pSid;
2601 WCHAR domainName[MAX_COMPUTERNAME_LENGTH + 1];
2602 DWORD nameLen;
2603
2604 if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &token))
2605 {
2606 if (GetLastError() != ERROR_NO_TOKEN) return FALSE;
2607 if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token)) return FALSE;
2608 }
2609
2610 ret = GetTokenInformation(token, TokenUser, buffer, len, &len);
2611 CloseHandle( token );
2612
2613 if (!ret) return FALSE;
2614
2615 pSid = ((TOKEN_USER *)buffer)->User.Sid;
2616
2617 if (Sid != NULL && (*cbSid >= GetLengthSid(pSid)))
2618 CopySid(*cbSid, Sid, pSid);
2619 if (*cbSid < GetLengthSid(pSid))
2620 {
2621 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2622 ret = FALSE;
2623 }
2624 *cbSid = GetLengthSid(pSid);
2625
2626 nameLen = MAX_COMPUTERNAME_LENGTH + 1;
2627 if (!GetComputerNameW(domainName, &nameLen))
2628 {
2629 domainName[0] = 0;
2630 nameLen = 0;
2631 }
2632 if (*cchReferencedDomainName <= nameLen || !ret)
2633 {
2634 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2635 nameLen += 1;
2636 ret = FALSE;
2637 }
2638 else if (ReferencedDomainName)
2639 strcpyW(ReferencedDomainName, domainName);
2640
2641 *cchReferencedDomainName = nameLen;
2642
2643 if (ret)
2644 *peUse = SidTypeUser;
2645
2646 return ret;
2647 }
2648
2649 /******************************************************************************
2650 * lookup_computer_account_name
2651 */
2652 static BOOL lookup_computer_account_name(PSID Sid, PDWORD cbSid, LPWSTR ReferencedDomainName,
2653 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
2654 {
2655 MAX_SID local;
2656 BOOL ret;
2657 WCHAR domainName[MAX_COMPUTERNAME_LENGTH + 1];
2658 DWORD nameLen;
2659
2660 if ((ret = ADVAPI_GetComputerSid(&local)))
2661 {
2662 if (Sid != NULL && (*cbSid >= GetLengthSid(&local)))
2663 CopySid(*cbSid, Sid, &local);
2664 if (*cbSid < GetLengthSid(&local))
2665 {
2666 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2667 ret = FALSE;
2668 }
2669 *cbSid = GetLengthSid(&local);
2670 }
2671
2672 nameLen = MAX_COMPUTERNAME_LENGTH + 1;
2673 if (!GetComputerNameW(domainName, &nameLen))
2674 {
2675 domainName[0] = 0;
2676 nameLen = 0;
2677 }
2678 if (*cchReferencedDomainName <= nameLen || !ret)
2679 {
2680 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2681 nameLen += 1;
2682 ret = FALSE;
2683 }
2684 else if (ReferencedDomainName)
2685 strcpyW(ReferencedDomainName, domainName);
2686
2687 *cchReferencedDomainName = nameLen;
2688
2689 if (ret)
2690 *peUse = SidTypeDomain;
2691
2692 return ret;
2693 }
2694
2695 static void split_domain_account( const LSA_UNICODE_STRING *str, LSA_UNICODE_STRING *account,
2696 LSA_UNICODE_STRING *domain )
2697 {
2698 WCHAR *p = str->Buffer + str->Length / sizeof(WCHAR) - 1;
2699
2700 while (p > str->Buffer && *p != '\\') p--;
2701
2702 if (*p == '\\')
2703 {
2704 domain->Buffer = str->Buffer;
2705 domain->Length = (p - str->Buffer) * sizeof(WCHAR);
2706
2707 account->Buffer = p + 1;
2708 account->Length = str->Length - ((p - str->Buffer + 1) * sizeof(WCHAR));
2709 }
2710 else
2711 {
2712 domain->Buffer = NULL;
2713 domain->Length = 0;
2714
2715 account->Buffer = str->Buffer;
2716 account->Length = str->Length;
2717 }
2718 }
2719
2720 static BOOL match_domain( ULONG idx, const LSA_UNICODE_STRING *domain )
2721 {
2722 ULONG len = strlenW( ACCOUNT_SIDS[idx].domain );
2723
2724 if (len == domain->Length / sizeof(WCHAR) && !strncmpiW( domain->Buffer, ACCOUNT_SIDS[idx].domain, len ))
2725 return TRUE;
2726
2727 return FALSE;
2728 }
2729
2730 static BOOL match_account( ULONG idx, const LSA_UNICODE_STRING *account )
2731 {
2732 ULONG len = strlenW( ACCOUNT_SIDS[idx].account );
2733
2734 if (len == account->Length / sizeof(WCHAR) && !strncmpiW( account->Buffer, ACCOUNT_SIDS[idx].account, len ))
2735 return TRUE;
2736
2737 if (ACCOUNT_SIDS[idx].alias)
2738 {
2739 len = strlenW( ACCOUNT_SIDS[idx].alias );
2740 if (len == account->Length / sizeof(WCHAR) && !strncmpiW( account->Buffer, ACCOUNT_SIDS[idx].alias, len ))
2741 return TRUE;
2742 }
2743 return FALSE;
2744 }
2745
2746 /*
2747 * Helper function for LookupAccountNameW
2748 */
2749 BOOL lookup_local_wellknown_name( const LSA_UNICODE_STRING *account_and_domain,
2750 PSID Sid, LPDWORD cbSid,
2751 LPWSTR ReferencedDomainName,
2752 LPDWORD cchReferencedDomainName,
2753 PSID_NAME_USE peUse, BOOL *handled )
2754 {
2755 PSID pSid;
2756 LSA_UNICODE_STRING account, domain;
2757 BOOL ret = TRUE;
2758 ULONG i;
2759
2760 *handled = FALSE;
2761 split_domain_account( account_and_domain, &account, &domain );
2762
2763 for (i = 0; i < sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0]); i++)
2764 {
2765 /* check domain first */
2766 if (domain.Buffer && !match_domain( i, &domain )) continue;
2767
2768 if (match_account( i, &account ))
2769 {
2770 DWORD len, sidLen = SECURITY_MAX_SID_SIZE;
2771
2772 if (!(pSid = HeapAlloc( GetProcessHeap(), 0, sidLen ))) return FALSE;
2773
2774 if ((ret = CreateWellKnownSid( ACCOUNT_SIDS[i].type, NULL, pSid, &sidLen )))
2775 {
2776 if (*cbSid < sidLen)
2777 {
2778 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2779 ret = FALSE;
2780 }
2781 else if (Sid)
2782 {
2783 CopySid(*cbSid, Sid, pSid);
2784 }
2785 *cbSid = sidLen;
2786 }
2787
2788 len = strlenW( ACCOUNT_SIDS[i].domain );
2789 if (*cchReferencedDomainName <= len || !ret)
2790 {
2791 SetLastError(ERROR_INSUFFICIENT_BUFFER);
2792 len++;
2793 ret = FALSE;
2794 }
2795 else if (ReferencedDomainName)
2796 {
2797 strcpyW( ReferencedDomainName, ACCOUNT_SIDS[i].domain );
2798 }
2799
2800 *cchReferencedDomainName = len;
2801 if (ret)
2802 *peUse = ACCOUNT_SIDS[i].name_use;
2803
2804 HeapFree(GetProcessHeap(), 0, pSid);
2805 *handled = TRUE;
2806 return ret;
2807 }
2808 }
2809 return ret;
2810 }
2811
2812 BOOL lookup_local_user_name( const LSA_UNICODE_STRING *account_and_domain,
2813 PSID Sid, LPDWORD cbSid,
2814 LPWSTR ReferencedDomainName,
2815 LPDWORD cchReferencedDomainName,
2816 PSID_NAME_USE peUse, BOOL *handled )
2817 {
2818 DWORD nameLen;
2819 LPWSTR userName = NULL;
2820 LSA_UNICODE_STRING account, domain;
2821 BOOL ret = TRUE;
2822
2823 *handled = FALSE;
2824 split_domain_account( account_and_domain, &account, &domain );
2825
2826 /* Let the current Unix user id masquerade as first Windows user account */
2827
2828 nameLen = UNLEN + 1;
2829 if (!(userName = HeapAlloc( GetProcessHeap(), 0, nameLen * sizeof(WCHAR) ))) return FALSE;
2830
2831 if (domain.Buffer)
2832 {
2833 /* check to make sure this account is on this computer */
2834 if (GetComputerNameW( userName, &nameLen ) &&
2835 (domain.Length / sizeof(WCHAR) != nameLen || strncmpW( domain.Buffer, userName, nameLen )))
2836 {
2837 SetLastError(ERROR_NONE_MAPPED);
2838 ret = FALSE;
2839 }
2840 nameLen = UNLEN + 1;
2841 }
2842
2843 if (GetUserNameW( userName, &nameLen ) &&
2844 account.Length / sizeof(WCHAR) == nameLen - 1 && !strncmpW( account.Buffer, userName, nameLen - 1 ))
2845 {
2846 ret = lookup_user_account_name( Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse );
2847 *handled = TRUE;
2848 }
2849 else
2850 {
2851 nameLen = UNLEN + 1;
2852 if (GetComputerNameW( userName, &nameLen ) &&
2853 account.Length / sizeof(WCHAR) == nameLen && !strncmpW( account.Buffer, userName , nameLen ))
2854 {
2855 ret = lookup_computer_account_name( Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse );
2856 *handled = TRUE;
2857 }
2858 }
2859
2860 HeapFree(GetProcessHeap(), 0, userName);
2861 return ret;
2862 }
2863
2864 /******************************************************************************
2865 * LookupAccountNameW [ADVAPI32.@]
2866 */
2867 BOOL WINAPI LookupAccountNameW( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid,
2868 LPDWORD cbSid, LPWSTR ReferencedDomainName,
2869 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
2870 {
2871 BOOL ret, handled;
2872 LSA_UNICODE_STRING account;
2873
2874 TRACE("%s %s %p %p %p %p %p\n", debugstr_w(lpSystemName), debugstr_w(lpAccountName),
2875 Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse);
2876
2877 if (!ADVAPI_IsLocalComputer( lpSystemName ))
2878 {
2879 FIXME("remote computer not supported\n");
2880 SetLastError( RPC_S_SERVER_UNAVAILABLE );
2881 return FALSE;
2882 }
2883
2884 if (!lpAccountName || !strcmpW( lpAccountName, Blank ))
2885 {
2886 lpAccountName = BUILTIN;
2887 }
2888
2889 RtlInitUnicodeString( &account, lpAccountName );
2890
2891 /* Check well known SIDs first */
2892 ret = lookup_local_wellknown_name( &account, Sid, cbSid, ReferencedDomainName,
2893 cchReferencedDomainName, peUse, &handled );
2894 if (handled)
2895 return ret;
2896
2897 /* Check user names */
2898 ret = lookup_local_user_name( &account, Sid, cbSid, ReferencedDomainName,
2899 cchReferencedDomainName, peUse, &handled);
2900 if (handled)
2901 return ret;
2902
2903 SetLastError( ERROR_NONE_MAPPED );
2904 return FALSE;
2905 }
2906
2907 /******************************************************************************
2908 * PrivilegeCheck [ADVAPI32.@]
2909 */
2910 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
2911 {
2912 BOOL ret;
2913 BOOLEAN Result;
2914
2915 TRACE("%p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
2916
2917 ret = set_ntstatus (NtPrivilegeCheck (ClientToken, RequiredPrivileges, &Result));
2918 if (ret)
2919 *pfResult = Result;
2920 return ret;
2921 }
2922
2923 /******************************************************************************
2924 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
2925 */
2926 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
2927 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
2928 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
2929 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
2930 {
2931 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
2932 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
2933 SecurityDescriptor, DesiredAccess, GenericMapping,
2934 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
2935 return TRUE;
2936 }
2937
2938 /******************************************************************************
2939 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
2940 */
2941 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
2942 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
2943 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
2944 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
2945 {
2946 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
2947 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
2948 SecurityDescriptor, DesiredAccess, GenericMapping,
2949 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
2950 return TRUE;
2951 }
2952
2953 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2954 {
2955 FIXME("stub (%s,%p,%x)\n", debugstr_a(SubsystemName), HandleId, GenerateOnClose);
2956
2957 return TRUE;
2958 }
2959
2960 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2961 {
2962 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
2963
2964 return TRUE;
2965 }
2966
2967 BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
2968 {
2969 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
2970
2971 return TRUE;
2972 }
2973
2974 BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName,
2975 LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
2976 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
2977 LPBOOL GenerateOnClose)
2978 {
2979 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_a(SubsystemName),
2980 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), pSecurityDescriptor,
2981 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
2982 GenerateOnClose);
2983
2984 return TRUE;
2985 }
2986
2987 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName,
2988 LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
2989 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
2990 LPBOOL GenerateOnClose)
2991 {
2992 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_w(SubsystemName),
2993 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), pSecurityDescriptor,
2994 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
2995 GenerateOnClose);
2996
2997 return TRUE;
2998 }
2999
3000 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
3001 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
3002 {
3003 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_a(SubsystemName), HandleId, ClientToken,
3004 DesiredAccess, Privileges, AccessGranted);
3005
3006 return TRUE;
3007 }
3008
3009 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
3010 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
3011 {
3012 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_w(SubsystemName), HandleId, ClientToken,
3013 DesiredAccess, Privileges, AccessGranted);
3014
3015 return TRUE;
3016 }
3017
3018 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken,
3019 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
3020 {
3021 FIXME("stub (%s,%s,%p,%p,%x)\n", debugstr_a(SubsystemName), debugstr_a(ServiceName),
3022 ClientToken, Privileges, AccessGranted);
3023
3024 return TRUE;
3025 }
3026
3027 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken,
3028 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
3029 {
3030 FIXME("stub %s,%s,%p,%p,%x)\n", debugstr_w(SubsystemName), debugstr_w(ServiceName),
3031 ClientToken, Privileges, AccessGranted);
3032
3033 return TRUE;
3034 }
3035
3036 /******************************************************************************
3037 * GetSecurityInfo [ADVAPI32.@]
3038 *
3039 * Retrieves a copy of the security descriptor associated with an object.
3040 *
3041 * PARAMS
3042 * hObject [I] A handle for the object.
3043 * ObjectType [I] The type of object.
3044 * SecurityInfo [I] A bitmask indicating what info to retrieve.
3045 * ppsidOwner [O] If non-null, receives a pointer to the owner SID.
3046 * ppsidGroup [O] If non-null, receives a pointer to the group SID.
3047 * ppDacl [O] If non-null, receives a pointer to the DACL.
3048 * ppSacl [O] If non-null, receives a pointer to the SACL.
3049 * ppSecurityDescriptor [O] Receives a pointer to the security descriptor,
3050 * which must be freed with LocalFree.
3051 *
3052 * RETURNS
3053 * ERROR_SUCCESS if all's well, and a WIN32 error code otherwise.
3054 */
3055 DWORD WINAPI GetSecurityInfo(
3056 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
3057 SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner,
3058 PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl,
3059 PSECURITY_DESCRIPTOR *ppSecurityDescriptor
3060 )
3061 {
3062 PSECURITY_DESCRIPTOR sd;
3063 NTSTATUS status;
3064 ULONG n1, n2;
3065 BOOL present, defaulted;
3066
3067 status = NtQuerySecurityObject(hObject, SecurityInfo, NULL, 0, &n1);
3068 if (status != STATUS_BUFFER_TOO_SMALL && status != STATUS_SUCCESS)
3069 return RtlNtStatusToDosError(status);
3070
3071 sd = LocalAlloc(0, n1);
3072 if (!sd)
3073 return ERROR_NOT_ENOUGH_MEMORY;
3074
3075 status = NtQuerySecurityObject(hObject, SecurityInfo, sd, n1, &n2);
3076 if (status != STATUS_SUCCESS)
3077 {
3078 LocalFree(sd);
3079 return RtlNtStatusToDosError(status);
3080 }
3081
3082 if (ppsidOwner)
3083 {
3084 *ppsidOwner = NULL;
3085 GetSecurityDescriptorOwner(sd, ppsidOwner, &defaulted);
3086 }
3087 if (ppsidGroup)
3088 {
3089 *ppsidGroup = NULL;
3090 GetSecurityDescriptorGroup(sd, ppsidGroup, &defaulted);
3091 }
3092 if (ppDacl)
3093 {
3094 *ppDacl = NULL;
3095 GetSecurityDescriptorDacl(sd, &present, ppDacl, &defaulted);
3096 }
3097 if (ppSacl)
3098 {
3099 *ppSacl = NULL;
3100 GetSecurityDescriptorSacl(sd, &present, ppSacl, &defaulted);
3101 }
3102 if (ppSecurityDescriptor)
3103 *ppSecurityDescriptor = sd;
3104
3105 /* The security descriptor (sd) cannot be freed if ppSecurityDescriptor is
3106 * NULL, because native happily returns the SIDs and ACLs that are requested
3107 * in this case.
3108 */
3109
3110 return ERROR_SUCCESS;
3111 }
3112
3113 /******************************************************************************
3114 * GetSecurityInfoExA [ADVAPI32.@]
3115 */
3116 DWORD WINAPI GetSecurityInfoExA(
3117 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
3118 SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider,
3119 LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList,
3120 PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup
3121 )
3122 {
3123 FIXME("stub!\n");
3124 return ERROR_BAD_PROVIDER;
3125 }
3126
3127 /******************************************************************************
3128 * GetSecurityInfoExW [ADVAPI32.@]
3129 */
3130 DWORD WINAPI GetSecurityInfoExW(
3131 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
3132 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
3133 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
3134 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
3135 )
3136 {
3137 FIXME("stub!\n");
3138 return ERROR_BAD_PROVIDER;
3139 }
3140
3141 /******************************************************************************
3142 * BuildExplicitAccessWithNameA [ADVAPI32.@]
3143 */
3144 VOID WINAPI BuildExplicitAccessWithNameA( PEXPLICIT_ACCESSA pExplicitAccess,
3145 LPSTR pTrusteeName, DWORD AccessPermissions,
3146 ACCESS_MODE AccessMode, DWORD Inheritance )
3147 {
3148 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_a(pTrusteeName),
3149 AccessPermissions, AccessMode, Inheritance);
3150
3151 pExplicitAccess->grfAccessPermissions = AccessPermissions;
3152 pExplicitAccess->grfAccessMode = AccessMode;
3153 pExplicitAccess->grfInheritance = Inheritance;
3154
3155 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
3156 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3157 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
3158 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
3159 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
3160 }
3161
3162 /******************************************************************************
3163 * BuildExplicitAccessWithNameW [ADVAPI32.@]
3164 */
3165 VOID WINAPI BuildExplicitAccessWithNameW( PEXPLICIT_ACCESSW pExplicitAccess,
3166 LPWSTR pTrusteeName, DWORD AccessPermissions,
3167 ACCESS_MODE AccessMode, DWORD Inheritance )
3168 {
3169 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_w(pTrusteeName),
3170 AccessPermissions, AccessMode, Inheritance);
3171
3172 pExplicitAccess->grfAccessPermissions = AccessPermissions;
3173 pExplicitAccess->grfAccessMode = AccessMode;
3174 pExplicitAccess->grfInheritance = Inheritance;
3175
3176 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
3177 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3178 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
3179 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
3180 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
3181 }
3182
3183 /******************************************************************************
3184 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
3185 */
3186 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
3187 SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
3188 LPSTR InheritedObjectTypeName, LPSTR Name )
3189 {
3190 DWORD ObjectsPresent = 0;
3191
3192 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
3193 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
3194
3195 /* Fill the OBJECTS_AND_NAME structure */
3196 pObjName->ObjectType = ObjectType;
3197 if (ObjectTypeName != NULL)
3198 {
3199 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
3200 }
3201
3202 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
3203 if (InheritedObjectTypeName != NULL)
3204 {
3205 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
3206 }
3207
3208 pObjName->ObjectsPresent = ObjectsPresent;
3209 pObjName->ptstrName = Name;
3210
3211 /* Fill the TRUSTEE structure */
3212 pTrustee->pMultipleTrustee = NULL;
3213 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3214 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
3215 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3216 pTrustee->ptstrName = (LPSTR)pObjName;
3217 }
3218
3219 /******************************************************************************
3220 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
3221 */
3222 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
3223 SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
3224 LPWSTR InheritedObjectTypeName, LPWSTR Name )
3225 {
3226 DWORD ObjectsPresent = 0;
3227
3228 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
3229 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
3230
3231 /* Fill the OBJECTS_AND_NAME structure */
3232 pObjName->ObjectType = ObjectType;
3233 if (ObjectTypeName != NULL)
3234 {
3235 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
3236 }
3237
3238 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
3239 if (InheritedObjectTypeName != NULL)
3240 {
3241 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
3242 }
3243
3244 pObjName->ObjectsPresent = ObjectsPresent;
3245 pObjName->ptstrName = Name;
3246
3247 /* Fill the TRUSTEE structure */
3248 pTrustee->pMultipleTrustee = NULL;
3249 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3250 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
3251 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3252 pTrustee->ptstrName = (LPWSTR)pObjName;
3253 }
3254
3255 /******************************************************************************
3256 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
3257 */
3258 VOID WINAPI BuildTrusteeWithObjectsAndSidA( PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid,
3259 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
3260 {
3261 DWORD ObjectsPresent = 0;
3262
3263 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
3264
3265 /* Fill the OBJECTS_AND_SID structure */
3266 if (pObjectGuid != NULL)
3267 {
3268 pObjSid->ObjectTypeGuid = *pObjectGuid;
3269 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
3270 }
3271 else
3272 {
3273 ZeroMemory(&pObjSid->ObjectTypeGuid,
3274 sizeof(GUID));
3275 }
3276
3277 if (pInheritedObjectGuid != NULL)
3278 {
3279 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
3280 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
3281 }
3282 else
3283 {
3284 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
3285 sizeof(GUID));
3286 }
3287
3288 pObjSid->ObjectsPresent = ObjectsPresent;
3289 pObjSid->pSid = pSid;
3290
3291 /* Fill the TRUSTEE structure */
3292 pTrustee->pMultipleTrustee = NULL;
3293 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3294 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
3295 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3296 pTrustee->ptstrName = (LPSTR) pObjSid;
3297 }
3298
3299 /******************************************************************************
3300 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
3301 */
3302 VOID WINAPI BuildTrusteeWithObjectsAndSidW( PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid,
3303 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
3304 {
3305 DWORD ObjectsPresent = 0;
3306
3307 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
3308
3309 /* Fill the OBJECTS_AND_SID structure */
3310 if (pObjectGuid != NULL)
3311 {
3312 pObjSid->ObjectTypeGuid = *pObjectGuid;
3313 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
3314 }
3315 else
3316 {
3317 ZeroMemory(&pObjSid->ObjectTypeGuid,
3318 sizeof(GUID));
3319 }
3320
3321 if (pInheritedObjectGuid != NULL)
3322 {
3323 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
3324 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
3325 }
3326 else
3327 {
3328 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
3329 sizeof(GUID));
3330 }
3331
3332 pObjSid->ObjectsPresent = ObjectsPresent;
3333 pObjSid->pSid = pSid;
3334
3335 /* Fill the TRUSTEE structure */
3336 pTrustee->pMultipleTrustee = NULL;
3337 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3338 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
3339 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3340 pTrustee->ptstrName = (LPWSTR) pObjSid;
3341 }
3342
3343 /******************************************************************************
3344 * BuildTrusteeWithSidA [ADVAPI32.@]
3345 */
3346 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
3347 {
3348 TRACE("%p %p\n", pTrustee, pSid);
3349
3350 pTrustee->pMultipleTrustee = NULL;
3351 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3352 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
3353 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3354 pTrustee->ptstrName = pSid;
3355 }
3356
3357 /******************************************************************************
3358 * BuildTrusteeWithSidW [ADVAPI32.@]
3359 */
3360 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
3361 {
3362 TRACE("%p %p\n", pTrustee, pSid);
3363
3364 pTrustee->pMultipleTrustee = NULL;
3365 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3366 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
3367 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3368 pTrustee->ptstrName = pSid;
3369 }
3370
3371 /******************************************************************************
3372 * BuildTrusteeWithNameA [ADVAPI32.@]
3373 */
3374 VOID WINAPI BuildTrusteeWithNameA(PTRUSTEEA pTrustee, LPSTR name)
3375 {
3376 TRACE("%p %s\n", pTrustee, debugstr_a(name) );
3377
3378 pTrustee->pMultipleTrustee = NULL;
3379 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3380 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
3381 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3382 pTrustee->ptstrName = name;
3383 }
3384
3385 /******************************************************************************
3386 * BuildTrusteeWithNameW [ADVAPI32.@]
3387 */
3388 VOID WINAPI BuildTrusteeWithNameW(PTRUSTEEW pTrustee, LPWSTR name)
3389 {
3390 TRACE("%p %s\n", pTrustee, debugstr_w(name) );
3391
3392 pTrustee->pMultipleTrustee = NULL;
3393 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
3394 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
3395 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
3396 pTrustee->ptstrName = name;
3397 }
3398
3399 /******************************************************************************
3400 * GetTrusteeFormA [ADVAPI32.@]
3401 */
3402 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
3403 {
3404 TRACE("(%p)\n", pTrustee);
3405
3406 if (!pTrustee)
3407 return TRUSTEE_BAD_FORM;
3408
3409 return pTrustee->TrusteeForm;
3410 }
3411
3412 /******************************************************************************
3413 * GetTrusteeFormW [ADVAPI32.@]
3414 */
3415 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
3416 {
3417 TRACE("(%p)\n", pTrustee);
3418
3419 if (!pTrustee)
3420 return TRUSTEE_BAD_FORM;
3421
3422 return pTrustee->TrusteeForm;
3423 }
3424
3425 /******************************************************************************
3426 * GetTrusteeNameA [ADVAPI32.@]
3427 */
3428 LPSTR WINAPI GetTrusteeNameA(PTRUSTEEA pTrustee)
3429 {
3430 TRACE("(%p)\n", pTrustee);
3431
3432 if (!pTrustee)
3433 return NULL;
3434
3435 return pTrustee->ptstrName;
3436 }
3437
3438 /******************************************************************************
3439 * GetTrusteeNameW [ADVAPI32.@]
3440 */
3441 LPWSTR WINAPI GetTrusteeNameW(PTRUSTEEW pTrustee)
3442 {
3443 TRACE("(%p)\n", pTrustee);
3444
3445 if (!pTrustee)
3446 return NULL;
3447
3448 return pTrustee->ptstrName;
3449 }
3450
3451 /******************************************************************************
3452 * GetTrusteeTypeA [ADVAPI32.@]
3453 */
3454 TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEEA pTrustee)
3455 {
3456 TRACE("(%p)\n", pTrustee);
3457
3458 if (!pTrustee)
3459 return TRUSTEE_IS_UNKNOWN;
3460
3461 return pTrustee->TrusteeType;
3462 }
3463
3464 /******************************************************************************
3465 * GetTrusteeTypeW [ADVAPI32.@]
3466 */
3467 TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEEW pTrustee)
3468 {
3469 TRACE("(%p)\n", pTrustee);
3470
3471 if (!pTrustee)
3472 return TRUSTEE_IS_UNKNOWN;
3473
3474 return pTrustee->TrusteeType;
3475 }
3476
3477 BOOL WINAPI SetAclInformation( PACL pAcl, LPVOID pAclInformation,
3478 DWORD nAclInformationLength,
3479 ACL_INFORMATION_CLASS dwAclInformationClass )
3480 {
3481 FIXME("%p %p 0x%08x 0x%08x - stub\n", pAcl, pAclInformation,
3482 nAclInformationLength, dwAclInformationClass);
3483
3484 return TRUE;
3485 }
3486
3487 static DWORD trustee_name_A_to_W(TRUSTEE_FORM form, char *trustee_nameA, WCHAR **ptrustee_nameW)
3488 {
3489 DWORD len;
3490
3491 switch (form)
3492 {
3493 case TRUSTEE_IS_NAME:
3494 {
3495 WCHAR *wstr = NULL;
3496
3497 if (trustee_nameA)
3498 {
3499 len = MultiByteToWideChar( CP_ACP, 0, trustee_nameA, -1, NULL, 0 );
3500 if (!(wstr = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) )))
3501 return ERROR_NOT_ENOUGH_MEMORY;
3502
3503 MultiByteToWideChar( CP_ACP, 0, trustee_nameA, -1, wstr, len );
3504 }
3505
3506 *ptrustee_nameW = wstr;
3507 return ERROR_SUCCESS;
3508 }
3509 case TRUSTEE_IS_OBJECTS_AND_NAME:
3510 {
3511 OBJECTS_AND_NAME_A *objA = (OBJECTS_AND_NAME_A *)trustee_nameA;
3512 OBJECTS_AND_NAME_W *objW = NULL;
3513
3514 if (objA)
3515 {
3516 if (!(objW = HeapAlloc( GetProcessHeap(), 0, sizeof(OBJECTS_AND_NAME_W) )))
3517 return ERROR_NOT_ENOUGH_MEMORY;
3518
3519 objW->ObjectsPresent = objA->ObjectsPresent;
3520 objW->ObjectType = objA->ObjectType;
3521 objW->ObjectTypeName = NULL;
3522 objW->InheritedObjectTypeName = NULL;
3523 objW->ptstrName = NULL;
3524
3525 if (objA->ObjectTypeName)
3526 {
3527 len = MultiByteToWideChar( CP_ACP, 0, objA->ObjectTypeName, -1, NULL, 0 );
3528 if (!(objW->ObjectTypeName = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) )))
3529 goto error;
3530 MultiByteToWideChar( CP_ACP, 0, objA->ObjectTypeName, -1, objW->ObjectTypeName, len );
3531 }
3532
3533 if (objA->InheritedObjectTypeName)
3534 {
3535 len = MultiByteToWideChar( CP_ACP, 0, objA->InheritedObjectTypeName, -1, NULL, 0 );
3536 if (!(objW->InheritedObjectTypeName = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) )))
3537 goto error;
3538 MultiByteToWideChar( CP_ACP, 0, objA->InheritedObjectTypeName, -1, objW->InheritedObjectTypeName, len );
3539 }
3540
3541 if (objA->ptstrName)
3542 {
3543 len = MultiByteToWideChar( CP_ACP, 0, objA->ptstrName, -1, NULL, 0 );
3544 if (!(objW->ptstrName = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) )))
3545 goto error;
3546 MultiByteToWideChar( CP_ACP, 0, objA->ptstrName, -1, objW->ptstrName, len );
3547 }
3548 }
3549
3550 *ptrustee_nameW = (WCHAR *)objW;
3551 return ERROR_SUCCESS;
3552 error:
3553 HeapFree( GetProcessHeap(), 0, objW->InheritedObjectTypeName );
3554 HeapFree( GetProcessHeap(), 0, objW->ObjectTypeName );
3555 HeapFree( GetProcessHeap(), 0, objW );
3556 return ERROR_NOT_ENOUGH_MEMORY;
3557 }
3558 /* These forms do not require conversion. */
3559 case TRUSTEE_IS_SID:
3560 case TRUSTEE_IS_OBJECTS_AND_SID:
3561 *ptrustee_nameW = (WCHAR *)trustee_nameA;
3562 return ERROR_SUCCESS;
3563 default:
3564 return ERROR_INVALID_PARAMETER;
3565 }
3566 }
3567
3568 static void free_trustee_name(TRUSTEE_FORM form, WCHAR *trustee_nameW)
3569 {
3570 switch (form)
3571 {
3572 case TRUSTEE_IS_NAME:
3573 HeapFree( GetProcessHeap(), 0, trustee_nameW );
3574 break;
3575 case TRUSTEE_IS_OBJECTS_AND_NAME:
3576 {
3577 OBJECTS_AND_NAME_W *objW = (OBJECTS_AND_NAME_W *)trustee_nameW;
3578
3579 if (objW)
3580 {
3581 HeapFree( GetProcessHeap(), 0, objW->ptstrName );
3582 HeapFree( GetProcessHeap(), 0, objW->InheritedObjectTypeName );
3583 HeapFree( GetProcessHeap(), 0, objW->ObjectTypeName );
3584 HeapFree( GetProcessHeap(), 0, objW );
3585 }
3586
3587 break;
3588 }
3589 /* Other forms did not require allocation, so no freeing is necessary. */
3590 default:
3591 break;
3592 }
3593 }
3594
3595 /******************************************************************************
3596 * SetEntriesInAclA [ADVAPI32.@]
3597 */
3598 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
3599 PACL OldAcl, PACL* NewAcl )
3600 {
3601 DWORD err = ERROR_SUCCESS;
3602 EXPLICIT_ACCESSW *pEntriesW;
3603 UINT alloc_index, free_index;
3604
3605 TRACE("%d %p %p %p\n", count, pEntries, OldAcl, NewAcl);
3606
3607 if (NewAcl)
3608 *NewAcl = NULL;
3609
3610 if (!count && !OldAcl)
3611 return ERROR_SUCCESS;
3612
3613 pEntriesW = HeapAlloc( GetProcessHeap(), 0, count * sizeof(EXPLICIT_ACCESSW) );
3614 if (!pEntriesW)
3615 return ERROR_NOT_ENOUGH_MEMORY;
3616
3617 for (alloc_index = 0; alloc_index < count; ++alloc_index)
3618 {
3619 pEntriesW[alloc_index].grfAccessPermissions = pEntries[alloc_index].grfAccessPermissions;
3620 pEntriesW[alloc_index].grfAccessMode = pEntries[alloc_index].grfAccessMode;
3621 pEntriesW[alloc_index].grfInheritance = pEntries[alloc_index].grfInheritance;
3622 pEntriesW[alloc_index].Trustee.pMultipleTrustee = NULL; /* currently not supported */
3623 pEntriesW[alloc_index].Trustee.MultipleTrusteeOperation = pEntries[alloc_index].Trustee.MultipleTrusteeOperation;
3624 pEntriesW[alloc_index].Trustee.TrusteeForm = pEntries[alloc_index].Trustee.TrusteeForm;
3625 pEntriesW[alloc_index].Trustee.TrusteeType = pEntries[alloc_index].Trustee.TrusteeType;
3626
3627 err = trustee_name_A_to_W( pEntries[alloc_index].Trustee.TrusteeForm,
3628 pEntries[alloc_index].Trustee.ptstrName,
3629 &pEntriesW[alloc_index].Trustee.ptstrName );
3630 if (err != ERROR_SUCCESS)
3631 {
3632 if (err == ERROR_INVALID_PARAMETER)
3633 WARN("bad trustee form %d for trustee %d\n",
3634 pEntries[alloc_index].Trustee.TrusteeForm, alloc_index);
3635
3636 goto cleanup;
3637 }
3638 }
3639
3640 err = SetEntriesInAclW( count, pEntriesW, OldAcl, NewAcl );
3641
3642 cleanup:
3643 /* Free any previously allocated trustee name buffers, taking into account
3644 * a possible out-of-memory condition while building the EXPLICIT_ACCESSW
3645 * list. */
3646 for (free_index = 0; free_index < alloc_index; ++free_index)
3647 free_trustee_name( pEntriesW[free_index].Trustee.TrusteeForm, pEntriesW[free_index].Trustee.ptstrName );
3648
3649 HeapFree( GetProcessHeap(), 0, pEntriesW );
3650 return err;
3651 }
3652
3653 /******************************************************************************
3654 * SetEntriesInAclW [ADVAPI32.@]
3655 */
3656 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
3657 PACL OldAcl, PACL* NewAcl )
3658 {
3659 ULONG i;
3660 PSID *ppsid;
3661 DWORD ret = ERROR_SUCCESS;
3662 DWORD acl_size = sizeof(ACL);
3663 NTSTATUS status;
3664
3665 TRACE("%d %p %p %p\n", count, pEntries, OldAcl, NewAcl);
3666
3667 if (NewAcl)
3668 *NewAcl = NULL;
3669
3670 if (!count && !OldAcl)
3671 return ERROR_SUCCESS;
3672
3673 /* allocate array of maximum sized sids allowed */
3674 ppsid = HeapAlloc(GetProcessHeap(), 0, count * (sizeof(SID *) + FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES])));
3675 if (!ppsid)
3676 return ERROR_OUTOFMEMORY;
3677
3678 for (i = 0; i < count; i++)
3679 {
3680 ppsid[i] = (char *)&ppsid[count] + i * FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]);
3681
3682 TRACE("[%d]:\n\tgrfAccessPermissions = 0x%x\n\tgrfAccessMode = %d\n\tgrfInheritance = 0x%x\n\t"
3683 "Trustee.pMultipleTrustee = %p\n\tMultipleTrusteeOperation = %d\n\tTrusteeForm = %d\n\t"
3684 "Trustee.TrusteeType = %d\n\tptstrName = %p\n", i,
3685 pEntries[i].grfAccessPermissions, pEntries[i].grfAccessMode, pEntries[i].grfInheritance,
3686 pEntries[i].Trustee.pMultipleTrustee, pEntries[i].Trustee.MultipleTrusteeOperation,
3687 pEntries[i].Trustee.TrusteeForm, pEntries[i].Trustee.TrusteeType,
3688 pEntries[i].Trustee.ptstrName);
3689
3690 if (pEntries[i].Trustee.MultipleTrusteeOperation == TRUSTEE_IS_IMPERSONATE)
3691 {
3692 WARN("bad multiple trustee operation %d for trustee %d\n", pEntries[i].Trustee.MultipleTrusteeOperation, i);
3693 ret = ERROR_INVALID_PARAMETER;
3694 goto exit;
3695 }
3696
3697 switch (pEntries[i].Trustee.TrusteeForm)
3698 {
3699 case TRUSTEE_IS_SID:
3700 if (!CopySid(FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]),
3701 ppsid[i], pEntries[i].Trustee.ptstrName))
3702 {
3703 WARN("bad sid %p for trustee %d\n", pEntries[i].Trustee.ptstrName, i);
3704 ret = ERROR_INVALID_PARAMETER;
3705 goto exit;
3706 }
3707 break;
3708 case TRUSTEE_IS_NAME:
3709 {
3710 DWORD sid_size = FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]);
3711 DWORD domain_size = MAX_COMPUTERNAME_LENGTH + 1;
3712 SID_NAME_USE use;
3713 if (!strcmpW( pEntries[i].Trustee.ptstrName, CURRENT_USER ))
3714 {
3715 if (!lookup_user_account_name( ppsid[i], &sid_size, NULL, &domain_size, &use ))
3716 {
3717 ret = GetLastError();
3718 goto exit;
3719 }
3720 }
3721 else if (!LookupAccountNameW(NULL, pEntries[i].Trustee.ptstrName, ppsid[i], &sid_size, NULL, &domain_size, &use))
3722 {
3723 WARN("bad user name %s for trustee %d\n", debugstr_w(pEntries[i].Trustee.ptstrName), i);
3724 ret = ERROR_INVALID_PARAMETER;
3725 goto exit;
3726 }
3727 break;
3728 }
3729 case TRUSTEE_IS_OBJECTS_AND_SID:
3730 FIXME("TRUSTEE_IS_OBJECTS_AND_SID unimplemented\n");
3731 break;
3732 case TRUSTEE_IS_OBJECTS_AND_NAME:
3733 FIXME("TRUSTEE_IS_OBJECTS_AND_NAME unimplemented\n");
3734 break;
3735 default:
3736 WARN("bad trustee form %d for trustee %d\n", pEntries[i].Trustee.TrusteeForm, i);
3737 ret = ERROR_INVALID_PARAMETER;
3738 goto exit;
3739 }
3740
3741 /* Note: we overestimate the ACL size here as a tradeoff between
3742 * instructions (simplicity) and memory */
3743 switch (pEntries[i].grfAccessMode)
3744 {
3745 case GRANT_ACCESS:
3746 case SET_ACCESS:
3747 acl_size += FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(ppsid[i]);
3748 break;
3749 case DENY_ACCESS:
3750 acl_size += FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) + GetLengthSid(ppsid[i]);
3751 break;
3752 case SET_AUDIT_SUCCESS:
3753 case SET_AUDIT_FAILURE:
3754 acl_size += FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart) + GetLengthSid(ppsid[i]);
3755 break;
3756 case REVOKE_ACCESS:
3757 break;
3758 default:
3759 WARN("bad access mode %d for trustee %d\n", pEntries[i].grfAccessMode, i);
3760 ret = ERROR_INVALID_PARAMETER;
3761 goto exit;
3762 }
3763 }
3764
3765 if (OldAcl)
3766 {
3767 ACL_SIZE_INFORMATION size_info;
3768
3769 status = RtlQueryInformationAcl(OldAcl, &size_info, sizeof(size_info), AclSizeInformation);
3770 if (status != STATUS_SUCCESS)
3771 {
3772 ret = RtlNtStatusToDosError(status);
3773 goto exit;
3774 }
3775 acl_size += size_info.AclBytesInUse - sizeof(ACL);
3776 }
3777
3778 *NewAcl = LocalAlloc(0, acl_size);
3779 if (!*NewAcl)
3780 {
3781 ret = ERROR_OUTOFMEMORY;
3782 goto exit;
3783 }
3784
3785 status = RtlCreateAcl( *NewAcl, acl_size, ACL_REVISION );
3786 if (status != STATUS_SUCCESS)
3787 {
3788 ret = RtlNtStatusToDosError(status);
3789 goto exit;
3790 }
3791
3792 for (i = 0; i < count; i++)
3793 {
3794 switch (pEntries[i].grfAccessMode)
3795 {
3796 case GRANT_ACCESS:
3797 status = RtlAddAccessAllowedAceEx(*NewAcl, ACL_REVISION,
3798 pEntries[i].grfInheritance,
3799 pEntries[i].grfAccessPermissions,
3800 ppsid[i]);
3801 break;
3802 case SET_ACCESS:
3803 {
3804 ULONG j;
3805 BOOL add = TRUE;
3806 if (OldAcl)
3807 {
3808 for (j = 0; ; j++)
3809 {
3810 const ACE_HEADER *existing_ace_header;
3811 status = RtlGetAce(OldAcl, j, (LPVOID *)&existing_ace_header);
3812 if (status != STATUS_SUCCESS)
3813 break;
3814 if (pEntries[i].grfAccessMode == SET_ACCESS &&
3815 existing_ace_header->AceType == ACCESS_ALLOWED_ACE_TYPE &&
3816 EqualSid(ppsid[i], &((ACCESS_ALLOWED_ACE *)existing_ace_header)->SidStart))
3817 {
3818 add = FALSE;
3819 break;
3820 }
3821 }
3822 }
3823 if (add)
3824 status = RtlAddAccessAllowedAceEx(*NewAcl, ACL_REVISION,
3825 pEntries[i].grfInheritance,
3826 pEntries[i].grfAccessPermissions,
3827 ppsid[i]);
3828 break;
3829 }
3830 case DENY_ACCESS:
3831 status = RtlAddAccessDeniedAceEx(*NewAcl, ACL_REVISION,
3832 pEntries[i].grfInheritance,
3833 pEntries[i].grfAccessPermissions,
3834 ppsid[i]);
3835 break;
3836 case SET_AUDIT_SUCCESS:
3837 status = RtlAddAuditAccessAceEx(*NewAcl, ACL_REVISION,
3838 pEntries[i].grfInheritance,
3839 pEntries[i].grfAccessPermissions,
3840 ppsid[i], TRUE, FALSE);
3841 break;
3842 case SET_AUDIT_FAILURE:
3843 status = RtlAddAuditAccessAceEx(*NewAcl, ACL_REVISION,
3844 pEntries[i].grfInheritance,
3845 pEntries[i].grfAccessPermissions,
3846 ppsid[i], FALSE, TRUE);
3847 break;
3848 default:
3849 FIXME("unhandled access mode %d\n", pEntries[i].grfAccessMode);
3850 }
3851 }
3852
3853 if (OldAcl)
3854 {
3855 for (i = 0; ; i++)
3856 {
3857 BOOL add = TRUE;
3858 ULONG j;
3859 const ACE_HEADER *old_ace_header;
3860 status = RtlGetAce(OldAcl, i, (LPVOID *)&old_ace_header);
3861 if (status != STATUS_SUCCESS) break;
3862 for (j = 0; j < count; j++)
3863 {
3864 if (pEntries[j].grfAccessMode == SET_ACCESS &&
3865 old_ace_header->AceType == ACCESS_ALLOWED_ACE_TYPE &&
3866 EqualSid(ppsid[j], &((ACCESS_ALLOWED_ACE *)old_ace_header)->SidStart))
3867 {
3868 status = RtlAddAccessAllowedAceEx(*NewAcl, ACL_REVISION, pEntries[j].grfInheritance, pEntries[j].grfAccessPermissions, ppsid[j]);
3869 add = FALSE;
3870 break;
3871 }
3872 else if (pEntries[j].grfAccessMode == REVOKE_ACCESS)
3873 {
3874 switch (old_ace_header->AceType)
3875 {
3876 case ACCESS_ALLOWED_ACE_TYPE:
3877 if (EqualSid(ppsid[j], &((ACCESS_ALLOWED_ACE *)old_ace_header)->SidStart))
3878 add = FALSE;
3879 break;
3880 case ACCESS_DENIED_ACE_TYPE:
3881 if (EqualSid(ppsid[j], &((ACCESS_DENIED_ACE *)old_ace_header)->SidStart))
3882 add = FALSE;
3883 break;
3884 case SYSTEM_AUDIT_ACE_TYPE:
3885 if (EqualSid(ppsid[j], &((SYSTEM_AUDIT_ACE *)old_ace_header)->SidStart))
3886 add = FALSE;
3887 break;
3888 case SYSTEM_ALARM_ACE_TYPE:
3889 if (EqualSid(ppsid[j], &((SYSTEM_ALARM_ACE *)old_ace_header)->SidStart))
3890 add = FALSE;
3891 break;
3892 default:
3893 FIXME("unhandled ace type %d\n", old_ace_header->AceType);
3894 }
3895
3896 if (!add)
3897 break;
3898 }
3899 }
3900 if (add)
3901 status = RtlAddAce(*NewAcl, ACL_REVISION, 1, (PACE_HEADER)old_ace_header, old_ace_header->AceSize);
3902 if (status != STATUS_SUCCESS)
3903 {
3904 WARN("RtlAddAce failed with error 0x%08x\n", status);
3905 ret = RtlNtStatusToDosError(status);
3906 break;
3907 }
3908 }
3909 }
3910
3911 exit:
3912 HeapFree(GetProcessHeap(), 0, ppsid);
3913 return ret;
3914 }
3915
3916 /******************************************************************************
3917 * SetNamedSecurityInfoA [ADVAPI32.@]
3918 */
3919 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
3920 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3921 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
3922 {
3923 DWORD len;
3924 LPWSTR wstr = NULL;
3925 DWORD r;
3926
3927 TRACE("%s %d %d %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
3928 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
3929
3930 if( pObjectName )
3931 {
3932 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3933 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3934 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3935 }
3936
3937 r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner,
3938 psidGroup, pDacl, pSacl );
3939
3940 HeapFree( GetProcessHeap(), 0, wstr );
3941
3942 return r;
3943 }
3944
3945 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION SecurityInformation,
3946 PSECURITY_DESCRIPTOR ModificationDescriptor,
3947 PSECURITY_DESCRIPTOR* ObjectsSecurityDescriptor,
3948 PGENERIC_MAPPING GenericMapping,
3949 HANDLE Token )
3950 {
3951 FIXME("0x%08x %p %p %p %p - stub\n", SecurityInformation, ModificationDescriptor,
3952 ObjectsSecurityDescriptor, GenericMapping, Token);
3953
3954 return TRUE;
3955 }
3956
3957 BOOL WINAPI AreAllAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
3958 {
3959 return RtlAreAllAccessesGranted( GrantedAccess, DesiredAccess );
3960 }
3961
3962 /******************************************************************************
3963 * AreAnyAccessesGranted [ADVAPI32.@]
3964 *
3965 * Determines whether or not any of a set of specified access permissions have
3966 * been granted or not.
3967 *
3968 * PARAMS
3969 * GrantedAccess [I] The permissions that have been granted.
3970 * DesiredAccess [I] The permissions that you want to have.
3971 *
3972 * RETURNS
3973 * Nonzero if any of the permissions have been granted, zero if none of the
3974 * permissions have been granted.
3975 */
3976
3977 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
3978 {
3979 return RtlAreAnyAccessesGranted( GrantedAccess, DesiredAccess );
3980 }
3981
3982 /******************************************************************************
3983 * SetNamedSecurityInfoW [ADVAPI32.@]
3984 */
3985 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
3986 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3987 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
3988 {
3989 FIXME("%s %d %d %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
3990 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
3991 return ERROR_SUCCESS;
3992 }
3993
3994 /******************************************************************************
3995 * GetExplicitEntriesFromAclA [ADVAPI32.@]
3996 */
3997 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
3998 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
3999 {
4000 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
4001 return ERROR_CALL_NOT_IMPLEMENTED;
4002 }
4003
4004 /******************************************************************************
4005 * GetExplicitEntriesFromAclW [ADVAPI32.@]
4006 */
4007 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
4008 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
4009 {
4010 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
4011 return ERROR_CALL_NOT_IMPLEMENTED;
4012 }
4013
4014 /******************************************************************************
4015 * GetAuditedPermissionsFromAclA [ADVAPI32.@]
4016 */
4017 DWORD WINAPI GetAuditedPermissionsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pSuccessfulAuditedRights,
4018 PACCESS_MASK pFailedAuditRights)
4019 {
4020 FIXME("%p %p %p %p\n",pacl, pTrustee, pSuccessfulAuditedRights, pFailedAuditRights);
4021 return ERROR_CALL_NOT_IMPLEMENTED;
4022
4023 }
4024
4025 /******************************************************************************
4026 * GetAuditedPermissionsFromAclW [ADVAPI32.@]
4027 */
4028 DWORD WINAPI GetAuditedPermissionsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pSuccessfulAuditedRights,
4029 PACCESS_MASK pFailedAuditRights)
4030 {
4031 FIXME("%p %p %p %p\n",pacl, pTrustee, pSuccessfulAuditedRights, pFailedAuditRights);
4032 return ERROR_CALL_NOT_IMPLEMENTED;
4033
4034 }
4035
4036 /******************************************************************************
4037 * ParseAclStringFlags
4038 */
4039 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
4040 {
4041 DWORD flags = 0;
4042 LPCWSTR szAcl = *StringAcl;
4043
4044 while (*szAcl != '(')
4045 {
4046 if (*szAcl == 'P')
4047 {
4048 flags |= SE_DACL_PROTECTED;
4049 }
4050 else if (*szAcl == 'A')
4051 {
4052 szAcl++;
4053 if (*szAcl == 'R')
4054 flags |= SE_DACL_AUTO_INHERIT_REQ;
4055 else if (*szAcl == 'I')
4056 flags |= SE_DACL_AUTO_INHERITED;
4057 }
4058 szAcl++;
4059 }
4060
4061 *StringAcl = szAcl;
4062 return flags;
4063 }
4064
4065 /******************************************************************************
4066 * ParseAceStringType
4067 */
4068 static const ACEFLAG AceType[] =
4069 {
4070 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
4071 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
4072 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
4073 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
4074 /*
4075 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
4076 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
4077 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
4078 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
4079 */
4080 { NULL, 0 },
4081 };
4082
4083 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
4084 {
4085 UINT len = 0;
4086 LPCWSTR szAcl = *StringAcl;
4087 const ACEFLAG *lpaf = AceType;
4088
4089 while (*szAcl == ' ')
4090 szAcl++;
4091
4092 while (lpaf->wstr &&
4093 (len = strlenW(lpaf->wstr)) &&
4094 strncmpW(lpaf->wstr, szAcl, len))
4095 lpaf++;
4096
4097 if (!lpaf->wstr)
4098 return 0;
4099
4100 *StringAcl = szAcl + len;
4101 return lpaf->value;
4102 }
4103
4104
4105 /******************************************************************************
4106 * ParseAceStringFlags
4107 */
4108 static const ACEFLAG AceFlags[] =
4109 {
4110 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
4111 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
4112 { SDDL_INHERITED, INHERITED_ACE },
4113 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
4114 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
4115 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
4116 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
4117 { NULL, 0 },
4118 };
4119
4120 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
4121 {
4122 UINT len = 0;
4123 BYTE flags = 0;
4124 LPCWSTR szAcl = *StringAcl;
4125
4126 while (*szAcl == ' ')
4127 szAcl++;
4128
4129 while (*szAcl != ';')
4130 {
4131 const ACEFLAG *lpaf = AceFlags;
4132
4133 while (lpaf->wstr &&
4134 (len = strlenW(lpaf->wstr)) &&
4135 strncmpW(lpaf->wstr, szAcl, len))
4136 lpaf++;
4137
4138 if (!lpaf->wstr)
4139 return 0;
4140
4141 flags |= lpaf->value;
4142 szAcl += len;
4143 }
4144
4145 *StringAcl = szAcl;
4146 return flags;
4147 }
4148
4149
4150 /******************************************************************************
4151 * ParseAceStringRights
4152 */
4153 static const ACEFLAG AceRights[] =
4154 {
4155 { SDDL_GENERIC_ALL, GENERIC_ALL },
4156 { SDDL_GENERIC_READ, GENERIC_READ },
4157 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
4158 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
4159
4160 { SDDL_READ_CONTROL, READ_CONTROL },
4161 { SDDL_STANDARD_DELETE, DELETE },
4162 { SDDL_WRITE_DAC, WRITE_DAC },
4163 { SDDL_WRITE_OWNER, WRITE_OWNER },
4164
4165 { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP},
4166 { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP},
4167 { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD},
4168 { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD},
4169 { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST},
4170 { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF},
4171 { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT},
4172 { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE},
4173 { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS},
4174
4175 { SDDL_FILE_ALL, FILE_ALL_ACCESS },
4176 { SDDL_FILE_READ, FILE_GENERIC_READ },
4177 { SDDL_FILE_WRITE, FILE_GENERIC_WRITE },
4178 { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE },
4179
4180 { SDDL_KEY_ALL, KEY_ALL_ACCESS },
4181 { SDDL_KEY_READ, KEY_READ },
4182 { SDDL_KEY_WRITE, KEY_WRITE },
4183 { SDDL_KEY_EXECUTE, KEY_EXECUTE },
4184 { NULL, 0 },
4185 };
4186
4187 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
4188 {
4189 UINT len = 0;
4190 DWORD rights = 0;
4191 LPCWSTR szAcl = *StringAcl;
4192
4193 while (*szAcl == ' ')
4194 szAcl++;
4195
4196 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
4197 {
4198 LPCWSTR p = szAcl;
4199
4200 while (*p && *p != ';')
4201 p++;
4202
4203 if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
4204 {
4205 rights = strtoulW(szAcl, NULL, 16);
4206 szAcl = p;
4207 }
4208 else
4209 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
4210 }
4211 else
4212 {
4213 while (*szAcl != ';')
4214 {
4215 const ACEFLAG *lpaf = AceRights;
4216
4217 while (lpaf->wstr &&
4218 (len = strlenW(lpaf->wstr)) &&
4219 strncmpW(lpaf->wstr, szAcl, len))
4220 {
4221 lpaf++;
4222 }
4223
4224 if (!lpaf->wstr)
4225 return 0;
4226
4227 rights |= lpaf->value;
4228 szAcl += len;
4229 }
4230 }
4231
4232 *StringAcl = szAcl;
4233 return rights;
4234 }
4235
4236
4237 /******************************************************************************
4238 * ParseStringAclToAcl
4239 *
4240 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
4241 */
4242 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
4243 PACL pAcl, LPDWORD cBytes)
4244 {
4245 DWORD val;
4246 DWORD sidlen;
4247 DWORD length = sizeof(ACL);
4248 DWORD acesize = 0;
4249 DWORD acecount = 0;
4250 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
4251 DWORD error = ERROR_INVALID_ACL;
4252
4253 TRACE("%s\n", debugstr_w(StringAcl));
4254
4255 if (!StringAcl)
4256 return FALSE;
4257
4258 if (pAcl) /* pAce is only useful if we're setting values */
4259 pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);
4260
4261 /* Parse ACL flags */
4262 *lpdwFlags = ParseAclStringFlags(&StringAcl);
4263
4264 /* Parse ACE */
4265 while (*StringAcl == '(')
4266 {
4267 StringAcl++;
4268
4269 /* Parse ACE type */
4270 val = ParseAceStringType(&StringAcl);
4271 if (pAce)
4272 pAce->Header.AceType = (BYTE) val;
4273 if (*StringAcl != ';')
4274 {
4275 error = RPC_S_INVALID_STRING_UUID;
4276 goto lerr;
4277 }
4278 StringAcl++;
4279
4280 /* Parse ACE flags */
4281 val = ParseAceStringFlags(&StringAcl);
4282 if (pAce)
4283 pAce->Header.AceFlags = (BYTE) val;
4284 if (*StringAcl != ';')
4285 goto lerr;
4286 StringAcl++;
4287
4288 /* Parse ACE rights */
4289 val = ParseAceStringRights(&StringAcl);
4290 if (pAce)
4291 pAce->Mask = val;
4292 if (*StringAcl != ';')
4293 goto lerr;
4294 StringAcl++;
4295
4296 /* Parse ACE object guid */
4297 while (*StringAcl == ' ')
4298 StringAcl++;
4299 if (*StringAcl != ';')
4300 {
4301 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
4302 goto lerr;
4303 }
4304 StringAcl++;
4305
4306 /* Parse ACE inherit object guid */
4307 while (*StringAcl == ' ')
4308 StringAcl++;
4309 if (*StringAcl != ';')
4310 {
4311 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
4312 goto lerr;
4313 }
4314 StringAcl++;
4315
4316 /* Parse ACE account sid */
4317 if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen))
4318 {
4319 while (*StringAcl && *StringAcl != ')')
4320 StringAcl++;
4321 }
4322
4323 if (*StringAcl != ')')
4324 goto lerr;
4325 StringAcl++;
4326
4327 acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
4328 length += acesize;
4329 if (pAce)
4330 {
4331 pAce->Header.AceSize = acesize;
4332 pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize);
4333 }
4334 acecount++;
4335 }
4336
4337 *cBytes = length;
4338
4339 if (length > 0xffff)
4340 {
4341 ERR("ACL too large\n");
4342 goto lerr;
4343 }
4344
4345 if (pAcl)
4346 {
4347 pAcl->AclRevision = ACL_REVISION;
4348 pAcl->Sbz1 = 0;
4349 pAcl->AclSize = length;
4350 pAcl->AceCount = acecount++;
4351 pAcl->Sbz2 = 0;
4352 }
4353 return TRUE;
4354
4355 lerr:
4356 SetLastError(error);
4357 WARN("Invalid ACE string format\n");
4358 return FALSE;
4359 }
4360
4361
4362 /******************************************************************************
4363 * ParseStringSecurityDescriptorToSecurityDescriptor
4364 */
4365 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
4366 LPCWSTR StringSecurityDescriptor,
4367 SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
4368 LPDWORD cBytes)
4369 {
4370 BOOL bret = FALSE;
4371 WCHAR toktype;
4372 WCHAR tok[MAX_PATH];
4373 LPCWSTR lptoken;
4374 LPBYTE lpNext = NULL;
4375 DWORD len;
4376
4377 *cBytes = sizeof(SECURITY_DESCRIPTOR);
4378
4379 if (SecurityDescriptor)
4380 lpNext = (LPBYTE)(SecurityDescriptor + 1);
4381
4382 while (*StringSecurityDescriptor == ' ')
4383 StringSecurityDescriptor++;
4384
4385 while (*StringSecurityDescriptor)
4386 {
4387 toktype = *StringSecurityDescriptor;
4388
4389 /* Expect char identifier followed by ':' */
4390 StringSecurityDescriptor++;
4391 if (*StringSecurityDescriptor != ':')
4392 {
4393 SetLastError(ERROR_INVALID_PARAMETER);
4394 goto lend;
4395 }
4396 StringSecurityDescriptor++;
4397
4398 /* Extract token */
4399 lptoken = StringSecurityDescriptor;
4400 while (*lptoken && *lptoken != ':')
4401 lptoken++;
4402
4403 if (*lptoken)
4404 lptoken--;
4405
4406 len = lptoken - StringSecurityDescriptor;
4407 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
4408 tok[len] = 0;
4409
4410 switch (toktype)
4411 {
4412 case 'O':
4413 {
4414 DWORD bytes;
4415
4416 if (!ParseStringSidToSid(tok, lpNext, &bytes))
4417 goto lend;
4418
4419 if (SecurityDescriptor)
4420 {
4421 SecurityDescriptor->Owner = lpNext - (LPBYTE)SecurityDescriptor;
4422 lpNext += bytes; /* Advance to next token */
4423 }
4424
4425 *cBytes += bytes;
4426
4427 break;
4428 }
4429
4430 case 'G':
4431 {
4432 DWORD bytes;
4433
4434 if (!ParseStringSidToSid(tok, lpNext, &bytes))
4435 goto lend;
4436
4437 if (SecurityDescriptor)
4438 {
4439 SecurityDescriptor->Group = lpNext - (LPBYTE)SecurityDescriptor;
4440 lpNext += bytes; /* Advance to next token */
4441 }
4442
4443 *cBytes += bytes;
4444
4445 break;
4446 }
4447
4448 case 'D':
4449 {
4450 DWORD flags;
4451 DWORD bytes;
4452
4453 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
4454 goto lend;
4455
4456 if (SecurityDescriptor)
4457 {
4458 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
4459 SecurityDescriptor->Dacl = lpNext - (LPBYTE)SecurityDescriptor;
4460 lpNext += bytes; /* Advance to next token */
4461 }
4462
4463 *cBytes += bytes;
4464
4465 break;
4466 }
4467
4468 case 'S':
4469 {
4470 DWORD flags;
4471 DWORD bytes;
4472
4473 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
4474 goto lend;
4475
4476 if (SecurityDescriptor)
4477 {
4478 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
4479 SecurityDescriptor->Sacl = lpNext - (LPBYTE)SecurityDescriptor;
4480 lpNext += bytes; /* Advance to next token */
4481 }
4482
4483 *cBytes += bytes;
4484
4485 break;
4486 }
4487
4488 default:
4489 FIXME("Unknown token\n");
4490 SetLastError(ERROR_INVALID_PARAMETER);
4491 goto lend;
4492 }
4493
4494 StringSecurityDescriptor = lptoken;
4495 }
4496
4497 bret = TRUE;
4498
4499 lend:
4500 return bret;
4501 }
4502
4503 /******************************************************************************
4504 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
4505 */
4506 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(
4507 LPCSTR StringSecurityDescriptor,
4508 DWORD StringSDRevision,
4509 PSECURITY_DESCRIPTOR* SecurityDescriptor,
4510 PULONG SecurityDescriptorSize)
4511 {
4512 UINT len;
4513 BOOL ret = FALSE;
4514 LPWSTR StringSecurityDescriptorW;
4515
4516 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
4517 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
4518
4519 if (StringSecurityDescriptorW)
4520 {
4521 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
4522
4523 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
4524 StringSDRevision, SecurityDescriptor,
4525 SecurityDescriptorSize);
4526 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
4527 }
4528
4529 return ret;
4530 }
4531
4532 /******************************************************************************
4533 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
4534 */
4535 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
4536 LPCWSTR StringSecurityDescriptor,
4537 DWORD StringSDRevision,
4538 PSECURITY_DESCRIPTOR* SecurityDescriptor,
4539 PULONG SecurityDescriptorSize)
4540 {
4541 DWORD cBytes;
4542 SECURITY_DESCRIPTOR* psd;
4543 BOOL bret = FALSE;
4544
4545 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
4546
4547 if (GetVersion() & 0x80000000)
4548 {
4549 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
4550 goto lend;
4551 }
4552 else if (!StringSecurityDescriptor || !SecurityDescriptor)
4553 {
4554 SetLastError(ERROR_INVALID_PARAMETER);
4555 goto lend;
4556 }
4557 else if (StringSDRevision != SID_REVISION)
4558 {
4559 SetLastError(ERROR_UNKNOWN_REVISION);
4560 goto lend;
4561 }
4562
4563 /* Compute security descriptor length */
4564 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
4565 NULL, &cBytes))
4566 goto lend;
4567
4568 psd = *SecurityDescriptor = LocalAlloc(GMEM_ZEROINIT, cBytes);
4569 if (!psd) goto lend;
4570
4571 psd->Revision = SID_REVISION;
4572 psd->Control |= SE_SELF_RELATIVE;
4573
4574 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
4575 (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
4576 {
4577 LocalFree(psd);
4578 goto lend;
4579 }
4580
4581 if (SecurityDescriptorSize)
4582 *SecurityDescriptorSize = cBytes;
4583
4584 bret = TRUE;
4585
4586 lend:
4587 TRACE(" ret=%d\n", bret);
4588 return bret;
4589 }
4590
4591 static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
4592 {
4593 if (cch == -1)
4594 cch = strlenW(string);
4595
4596 if (plen)
4597 *plen += cch;
4598
4599 if (pwptr)
4600 {
4601 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
4602 *pwptr += cch;
4603 }
4604 }
4605
4606 static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
4607 {
4608 DWORD i;
4609 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
4610 WCHAR subauthfmt[] = { '-','%','u',0 };
4611 WCHAR buf[26];
4612 SID *pisid = psid;
4613
4614 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
4615 {
4616 SetLastError(ERROR_INVALID_SID);
4617 return FALSE;
4618 }
4619
4620 if (pisid->IdentifierAuthority.Value[0] ||
4621 pisid->IdentifierAuthority.Value[1])
4622 {
4623 FIXME("not matching MS' bugs\n");
4624 SetLastError(ERROR_INVALID_SID);
4625 return FALSE;
4626 }
4627
4628 sprintfW( buf, fmt, pisid->Revision,
4629 MAKELONG(
4630 MAKEWORD( pisid->IdentifierAuthority.Value[5],
4631 pisid->IdentifierAuthority.Value[4] ),
4632 MAKEWORD( pisid->IdentifierAuthority.Value[3],
4633 pisid->IdentifierAuthority.Value[2] )
4634 ) );
4635 DumpString(buf, -1, pwptr, plen);
4636
4637 for( i=0; i<pisid->SubAuthorityCount; i++ )
4638 {
4639 sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
4640 DumpString(buf, -1, pwptr, plen);
4641 }
4642 return TRUE;
4643 }
4644
4645 static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
4646 {
4647 size_t i;
4648 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
4649 {
4650 if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
4651 {
4652 DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
4653 return TRUE;
4654 }
4655 }
4656
4657 return DumpSidNumeric(psid, pwptr, plen);
4658 }
4659
4660 static const LPCWSTR AceRightBitNames[32] = {
4661 SDDL_CREATE_CHILD, /* 0 */
4662 SDDL_DELETE_CHILD,
4663 SDDL_LIST_CHILDREN,
4664 SDDL_SELF_WRITE,
4665 SDDL_READ_PROPERTY, /* 4 */
4666 SDDL_WRITE_PROPERTY,
4667 SDDL_DELETE_TREE,
4668 SDDL_LIST_OBJECT,
4669 SDDL_CONTROL_ACCESS, /* 8 */
4670 NULL,
4671 NULL,
4672 NULL,
4673 NULL, /* 12 */
4674 NULL,
4675 NULL,
4676 NULL,
4677 SDDL_STANDARD_DELETE, /* 16 */
4678 SDDL_READ_CONTROL,
4679 SDDL_WRITE_DAC,
4680 SDDL_WRITE_OWNER,
4681 NULL, /* 20 */
4682 NULL,
4683 NULL,
4684 NULL,
4685 NULL, /* 24 */
4686 NULL,
4687 NULL,
4688 NULL,
4689 SDDL_GENERIC_ALL, /* 28 */
4690 SDDL_GENERIC_EXECUTE,
4691 SDDL_GENERIC_WRITE,
4692 SDDL_GENERIC_READ
4693 };
4694
4695 static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
4696 {
4697 static const WCHAR fmtW[] = {'0','x','%','x',0};
4698 WCHAR buf[15];
4699 size_t i;
4700
4701 if (mask == 0)
4702 return;
4703
4704 /* first check if the right have name */
4705 for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
4706 {
4707 if (AceRights[i].wstr == NULL)
4708 break;
4709 if (mask == AceRights[i].value)
4710 {
4711 DumpString(AceRights[i].wstr, -1, pwptr, plen);
4712 return;
4713 }
4714 }
4715
4716 /* then check if it can be built from bit names */
4717 for (i = 0; i < 32; i++)
4718 {
4719 if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
4720 {
4721 /* can't be built from bit names */
4722 sprintfW(buf, fmtW, mask);
4723 DumpString(buf, -1, pwptr, plen);
4724 return;
4725 }
4726 }
4727
4728 /* build from bit names */
4729 for (i = 0; i < 32; i++)
4730 if (mask & (1 << i))
4731 DumpString(AceRightBitNames[i], -1, pwptr, plen);
4732 }
4733
4734 static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
4735 {
4736 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
4737 static const WCHAR openbr = '(';
4738 static const WCHAR closebr = ')';
4739 static const WCHAR semicolon = ';';
4740
4741 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
4742 {
4743 SetLastError(ERROR_INVALID_ACL);
4744 return FALSE;
4745 }
4746
4747 piace = pace;
4748 DumpString(&openbr, 1, pwptr, plen);
4749 switch (piace->Header.AceType)
4750 {
4751 case ACCESS_ALLOWED_ACE_TYPE:
4752 DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
4753 break;
4754 case ACCESS_DENIED_ACE_TYPE:
4755 DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
4756 break;
4757 case SYSTEM_AUDIT_ACE_TYPE:
4758 DumpString(SDDL_AUDIT, -1, pwptr, plen);
4759 break;
4760 case SYSTEM_ALARM_ACE_TYPE:
4761 DumpString(SDDL_ALARM, -1, pwptr, plen);
4762 break;
4763 }
4764 DumpString(&semicolon, 1, pwptr, plen);
4765
4766 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
4767 DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
4768 if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
4769 DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
4770 if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE)
4771 DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
4772 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
4773 DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
4774 if (piace->Header.AceFlags & INHERITED_ACE)
4775 DumpString(SDDL_INHERITED, -1, pwptr, plen);
4776 if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
4777 DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
4778 if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
4779 DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
4780 DumpString(&semicolon, 1, pwptr, plen);
4781 DumpRights(piace->Mask, pwptr, plen);
4782 DumpString(&semicolon, 1, pwptr, plen);
4783 /* objects not supported */
4784 DumpString(&semicolon, 1, pwptr, plen);
4785 /* objects not supported */
4786 DumpString(&semicolon, 1, pwptr, plen);
4787 if (!DumpSid(&piace->SidStart, pwptr, plen))
4788 return FALSE;
4789 DumpString(&closebr, 1, pwptr, plen);
4790 return TRUE;
4791 }
4792
4793 static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
4794 {
4795 WORD count;
4796 int i;
4797
4798 if (protected)
4799 DumpString(SDDL_PROTECTED, -1, pwptr, plen);
4800 if (autoInheritReq)
4801 DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
4802 if (autoInherited)
4803 DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
4804
4805 if (pacl == NULL)
4806 return TRUE;
4807
4808 if (!IsValidAcl(pacl))
4809 return FALSE;
4810
4811 count = pacl->AceCount;
4812 for (i = 0; i < count; i++)
4813 {
4814 LPVOID ace;
4815 if (!GetAce(pacl, i, &ace))
4816 return FALSE;
4817 if (!DumpAce(ace, pwptr, plen))
4818 return FALSE;
4819 }
4820
4821 return TRUE;
4822 }
4823
4824 static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
4825 {
4826 static const WCHAR prefix[] = {'O',':',0};
4827 BOOL bDefaulted;
4828 PSID psid;
4829
4830 if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
4831 return FALSE;
4832
4833 if (psid == NULL)
4834 return TRUE;
4835
4836 DumpString(prefix, -1, pwptr, plen);
4837 if (!DumpSid(psid, pwptr, plen))
4838 return FALSE;
4839 return TRUE;
4840 }
4841
4842 static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
4843 {
4844 static const WCHAR prefix[] = {'G',':',0};
4845 BOOL bDefaulted;
4846 PSID psid;
4847
4848 if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
4849 return FALSE;
4850
4851 if (psid == NULL)
4852 return TRUE;
4853
4854 DumpString(prefix, -1, pwptr, plen);
4855 if (!DumpSid(psid, pwptr, plen))
4856 return FALSE;
4857 return TRUE;
4858 }
4859
4860 static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
4861 {
4862 static const WCHAR dacl[] = {'D',':',0};
4863 SECURITY_DESCRIPTOR_CONTROL control;
4864 BOOL present, defaulted;
4865 DWORD revision;
4866 PACL pacl;
4867
4868 if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
4869 return FALSE;
4870
4871 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
4872 return FALSE;
4873
4874 if (!present)
4875 return TRUE;
4876
4877 DumpString(dacl, 2, pwptr, plen);
4878 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
4879 return FALSE;
4880 return TRUE;
4881 }
4882
4883 static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
4884 {
4885 static const WCHAR sacl[] = {'S',':',0};
4886 SECURITY_DESCRIPTOR_CONTROL control;
4887 BOOL present, defaulted;
4888 DWORD revision;
4889 PACL pacl;
4890
4891 if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
4892 return FALSE;
4893
4894 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
4895 return FALSE;
4896
4897 if (!present)
4898 return TRUE;
4899
4900 DumpString(sacl, 2, pwptr, plen);
4901 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
4902 return FALSE;
4903 return TRUE;
4904 }
4905
4906 /******************************************************************************
4907 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
4908 */
4909 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
4910 {
4911 ULONG len;
4912 WCHAR *wptr, *wstr;
4913
4914 if (SDRevision != SDDL_REVISION_1)
4915 {
4916 ERR("Pogram requested unknown SDDL revision %d\n", SDRevision);
4917 SetLastError(ERROR_UNKNOWN_REVISION);
4918 return FALSE;
4919 }
4920
4921 len = 0;
4922 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
4923 if (!DumpOwner(SecurityDescriptor, NULL, &len))
4924 return FALSE;
4925 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
4926 if (!DumpGroup(SecurityDescriptor, NULL, &len))
4927 return FALSE;
4928 if (RequestedInformation & DACL_SECURITY_INFORMATION)
4929 if (!DumpDacl(SecurityDescriptor, NULL, &len))
4930 return FALSE;
4931 if (RequestedInformation & SACL_SECURITY_INFORMATION)
4932 if (!DumpSacl(SecurityDescriptor, NULL, &len))
4933 return FALSE;
4934
4935 wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
4936 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
4937 if (!DumpOwner(SecurityDescriptor, &wptr, NULL))
4938 return FALSE;
4939 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
4940 if (!DumpGroup(SecurityDescriptor, &wptr, NULL))
4941 return FALSE;
4942 if (RequestedInformation & DACL_SECURITY_INFORMATION)
4943 if (!DumpDacl(SecurityDescriptor, &wptr, NULL))
4944 return FALSE;
4945 if (RequestedInformation & SACL_SECURITY_INFORMATION)
4946 if (!DumpSacl(SecurityDescriptor, &wptr, NULL))
4947 return FALSE;
4948 *wptr = 0;
4949
4950 TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
4951 *OutputString = wstr;
4952 if (OutputLen)
4953 *OutputLen = strlenW(*OutputString)+1;
4954 return TRUE;
4955 }
4956
4957 /******************************************************************************
4958 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
4959 */
4960 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
4961 {
4962 LPWSTR wstr;
4963 ULONG len;
4964 if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
4965 {
4966 int lenA;
4967
4968 lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
4969 *OutputString = HeapAlloc(GetProcessHeap(), 0, lenA);
4970 WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
4971 LocalFree(wstr);
4972
4973 if (OutputLen != NULL)
4974 *OutputLen = lenA;
4975 return TRUE;
4976 }
4977 else
4978 {
4979 *OutputString = NULL;
4980 if (OutputLen)
4981 *OutputLen = 0;
4982 return FALSE;
4983 }
4984 }
4985
4986 /******************************************************************************
4987 * ConvertStringSidToSidW [ADVAPI32.@]
4988 */
4989 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
4990 {
4991 BOOL bret = FALSE;
4992 DWORD cBytes;
4993
4994 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
4995 if (GetVersion() & 0x80000000)
4996 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
4997 else if (!StringSid || !Sid)
4998 SetLastError(ERROR_INVALID_PARAMETER);
4999 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
5000 {
5001 PSID pSid = *Sid = LocalAlloc(0, cBytes);
5002
5003 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
5004 if (!bret)
5005 LocalFree(*Sid);
5006 }
5007 return bret;
5008 }
5009
5010 /******************************************************************************
5011 * ConvertStringSidToSidA [ADVAPI32.@]
5012 */
5013 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
5014 {
5015 BOOL bret = FALSE;
5016
5017 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
5018 if (GetVersion() & 0x80000000)
5019 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5020 else if (!StringSid || !Sid)
5021 SetLastError(ERROR_INVALID_PARAMETER);
5022 else
5023 {
5024 UINT len = MultiByteToWideChar(CP_ACP, 0, StringSid, -1, NULL, 0);
5025 LPWSTR wStringSid = HeapAlloc(GetProcessHeap(), 0,
5026 len * sizeof(WCHAR));
5027
5028 MultiByteToWideChar(CP_ACP, 0, StringSid, -1, wStringSid, len);
5029 bret = ConvertStringSidToSidW(wStringSid, Sid);
5030 HeapFree(GetProcessHeap(), 0, wStringSid);
5031 }
5032 return bret;
5033 }
5034
5035 /******************************************************************************
5036 * ConvertSidToStringSidW [ADVAPI32.@]
5037 *
5038 * format of SID string is:
5039 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
5040 * where
5041 * <rev> is the revision of the SID encoded as decimal
5042 * <auth> is the identifier authority encoded as hex
5043 * <subauthN> is the subauthority id encoded as decimal
5044 */
5045 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr )
5046 {
5047 DWORD len = 0;
5048 LPWSTR wstr, wptr;
5049
5050 TRACE("%p %p\n", pSid, pstr );
5051
5052 len = 0;
5053 if (!DumpSidNumeric(pSid, NULL, &len))
5054 return FALSE;
5055 wstr = wptr = LocalAlloc(0, (len+1) * sizeof(WCHAR));
5056 DumpSidNumeric(pSid, &wptr, NULL);
5057 *wptr = 0;
5058
5059 *pstr = wstr;
5060 return TRUE;
5061 }
5062
5063 /******************************************************************************
5064 * ConvertSidToStringSidA [ADVAPI32.@]
5065 */
5066 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr)
5067 {
5068 LPWSTR wstr = NULL;
5069 LPSTR str;
5070 UINT len;
5071
5072 TRACE("%p %p\n", pSid, pstr );
5073
5074 if( !ConvertSidToStringSidW( pSid, &wstr ) )
5075 return FALSE;
5076
5077 len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL );
5078 str = LocalAlloc( 0, len );
5079 WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL );
5080 LocalFree( wstr );
5081
5082 *pstr = str;
5083
5084 return TRUE;
5085 }
5086
5087 BOOL WINAPI ConvertToAutoInheritPrivateObjectSecurity(
5088 PSECURITY_DESCRIPTOR pdesc,
5089 PSECURITY_DESCRIPTOR cdesc,
5090 PSECURITY_DESCRIPTOR* ndesc,
5091 GUID* objtype,
5092 BOOL isdir,
5093 PGENERIC_MAPPING genmap )
5094 {
5095 FIXME("%p %p %p %p %d %p - stub\n", pdesc, cdesc, ndesc, objtype, isdir, genmap);
5096
5097 return FALSE;
5098 }
5099
5100 BOOL WINAPI CreatePrivateObjectSecurity(
5101 PSECURITY_DESCRIPTOR ParentDescriptor,
5102 PSECURITY_DESCRIPTOR CreatorDescriptor,
5103 PSECURITY_DESCRIPTOR* NewDescriptor,
5104 BOOL IsDirectoryObject,
5105 HANDLE Token,
5106 PGENERIC_MAPPING GenericMapping )
5107 {
5108 SECURITY_DESCRIPTOR_RELATIVE *relative;
5109 DWORD needed, offset;
5110 BYTE *buffer;
5111
5112 FIXME("%p %p %p %d %p %p - returns fake SECURITY_DESCRIPTOR\n", ParentDescriptor,
5113 CreatorDescriptor, NewDescriptor, IsDirectoryObject, Token, GenericMapping);
5114
5115 needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
5116 needed += sizeof(sidWorld);
5117 needed += sizeof(sidWorld);
5118 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
5119 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
5120
5121 if (!(buffer = HeapAlloc( GetProcessHeap(), 0, needed ))) return FALSE;
5122 relative = (SECURITY_DESCRIPTOR_RELATIVE *)buffer;
5123 if (!InitializeSecurityDescriptor( relative, SECURITY_DESCRIPTOR_REVISION ))
5124 {
5125 HeapFree( GetProcessHeap(), 0, buffer );
5126 return FALSE;
5127 }
5128 relative->Control |= SE_SELF_RELATIVE;
5129 offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
5130
5131 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
5132 relative->Owner = offset;
5133 offset += sizeof(sidWorld);
5134
5135 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
5136 relative->Group = offset;
5137 offset += sizeof(sidWorld);
5138
5139 GetWorldAccessACL( (ACL *)(buffer + offset) );
5140 relative->Dacl = offset;
5141 offset += WINE_SIZE_OF_WORLD_ACCESS_ACL;
5142
5143 GetWorldAccessACL( (ACL *)(buffer + offset) );
5144 relative->Sacl = offset;
5145
5146 *NewDescriptor = relative;
5147 return TRUE;
5148 }
5149
5150 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR* ObjectDescriptor )
5151 {
5152 FIXME("%p - stub\n", ObjectDescriptor);
5153
5154 HeapFree( GetProcessHeap(), 0, *ObjectDescriptor );
5155 return TRUE;
5156 }
5157
5158 BOOL WINAPI CreateProcessAsUserA(
5159 HANDLE hToken,
5160 LPCSTR lpApplicationName,
5161 LPSTR lpCommandLine,
5162 LPSECURITY_ATTRIBUTES lpProcessAttributes,
5163 LPSECURITY_ATTRIBUTES lpThreadAttributes,
5164 BOOL bInheritHandles,
5165 DWORD dwCreationFlags,
5166 LPVOID lpEnvironment,
5167 LPCSTR lpCurrentDirectory,
5168 LPSTARTUPINFOA lpStartupInfo,
5169 LPPROCESS_INFORMATION lpProcessInformation )
5170 {
5171 FIXME("%p %s %s %p %p %d 0x%08x %p %s %p %p - stub\n", hToken, debugstr_a(lpApplicationName),
5172 debugstr_a(lpCommandLine), lpProcessAttributes, lpThreadAttributes, bInheritHandles,
5173 dwCreationFlags, lpEnvironment, debugstr_a(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
5174
5175 return FALSE;
5176 }
5177
5178 BOOL WINAPI CreateProcessAsUserW(
5179 HANDLE hToken,
5180 LPCWSTR lpApplicationName,
5181 LPWSTR lpCommandLine,
5182 LPSECURITY_ATTRIBUTES lpProcessAttributes,
5183 LPSECURITY_ATTRIBUTES lpThreadAttributes,
5184 BOOL bInheritHandles,
5185 DWORD dwCreationFlags,
5186 LPVOID lpEnvironment,
5187 LPCWSTR lpCurrentDirectory,
5188 LPSTARTUPINFOW lpStartupInfo,
5189 LPPROCESS_INFORMATION lpProcessInformation )
5190 {
5191 FIXME("%p %s %s %p %p %d 0x%08x %p %s %p %p - semi- stub\n", hToken,
5192 debugstr_w(lpApplicationName), debugstr_w(lpCommandLine), lpProcessAttributes,
5193 lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
5194 debugstr_w(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
5195
5196 /* We should create the process with a suspended main thread */
5197 if (!CreateProcessW (lpApplicationName,
5198 lpCommandLine,
5199 lpProcessAttributes,
5200 lpThreadAttributes,
5201 bInheritHandles,
5202 dwCreationFlags, /* CREATE_SUSPENDED */
5203 lpEnvironment,
5204 lpCurrentDirectory,
5205 lpStartupInfo,
5206 lpProcessInformation))
5207 {
5208 return FALSE;
5209 }
5210
5211 return TRUE;
5212 }
5213
5214 /******************************************************************************
5215 * CreateProcessWithLogonW
5216 */
5217 BOOL WINAPI CreateProcessWithLogonW( LPCWSTR lpUsername, LPCWSTR lpDomain, LPCWSTR lpPassword, DWORD dwLogonFlags,
5218 LPCWSTR lpApplicationName, LPWSTR lpCommandLine, DWORD dwCreationFlags, LPVOID lpEnvironment,
5219 LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation )
5220 {
5221 FIXME("%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p stub\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
5222 debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
5223 debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
5224 lpStartupInfo, lpProcessInformation);
5225
5226 return FALSE;
5227 }
5228
5229 /******************************************************************************
5230 * DuplicateTokenEx [ADVAPI32.@]
5231 */
5232 BOOL WINAPI DuplicateTokenEx(
5233 HANDLE ExistingTokenHandle, DWORD dwDesiredAccess,
5234 LPSECURITY_ATTRIBUTES lpTokenAttributes,
5235 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
5236 TOKEN_TYPE TokenType,
5237 PHANDLE DuplicateTokenHandle )
5238 {
5239 OBJECT_ATTRIBUTES ObjectAttributes;
5240
5241 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
5242 ImpersonationLevel, TokenType, DuplicateTokenHandle);
5243
5244 InitializeObjectAttributes(
5245 &ObjectAttributes,
5246 NULL,
5247 (lpTokenAttributes && lpTokenAttributes->bInheritHandle) ? OBJ_INHERIT : 0,
5248 NULL,
5249 lpTokenAttributes ? lpTokenAttributes->lpSecurityDescriptor : NULL );
5250
5251 return set_ntstatus( NtDuplicateToken( ExistingTokenHandle,
5252 dwDesiredAccess,
5253 &ObjectAttributes,
5254 ImpersonationLevel,
5255 TokenType,
5256 DuplicateTokenHandle ) );
5257 }
5258
5259 BOOL WINAPI DuplicateToken(
5260 HANDLE ExistingTokenHandle,
5261 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
5262 PHANDLE DuplicateTokenHandle )
5263 {
5264 return DuplicateTokenEx( ExistingTokenHandle, TOKEN_IMPERSONATE | TOKEN_QUERY,
5265 NULL, ImpersonationLevel, TokenImpersonation,
5266 DuplicateTokenHandle );
5267 }
5268
5269 /******************************************************************************
5270 * ComputeStringSidSize
5271 */
5272 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
5273 {
5274 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
5275 {
5276 int ctok = 0;
5277 while (*StringSid)
5278 {
5279 if (*StringSid == '-')
5280 ctok++;
5281 StringSid++;
5282 }
5283
5284 if (ctok >= 3)
5285 return GetSidLengthRequired(ctok - 2);
5286 }
5287 else /* String constant format - Only available in winxp and above */
5288 {
5289 unsigned int i;
5290
5291 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
5292 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
5293 return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
5294 }
5295
5296 return GetSidLengthRequired(0);
5297 }
5298
5299 /******************************************************************************
5300 * ParseStringSidToSid
5301 */
5302 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
5303 {
5304 BOOL bret = FALSE;
5305 SID* pisid=pSid;
5306
5307 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
5308 if (!StringSid)
5309 {
5310 SetLastError(ERROR_INVALID_PARAMETER);
5311 TRACE("StringSid is NULL, returning FALSE\n");
5312 return FALSE;
5313 }
5314
5315 while (*StringSid == ' ')
5316 StringSid++;
5317
5318 *cBytes = ComputeStringSidSize(StringSid);
5319 if (!pisid) /* Simply compute the size */
5320 {
5321 TRACE("only size requested, returning TRUE\n");
5322 return TRUE;
5323 }
5324
5325 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
5326 {
5327 DWORD i = 0, identAuth;
5328 DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD));
5329
5330 StringSid += 2; /* Advance to Revision */
5331 pisid->Revision = atoiW(StringSid);
5332
5333 if (pisid->Revision != SDDL_REVISION)
5334 {
5335 TRACE("Revision %d is unknown\n", pisid->Revision);
5336 goto lend; /* ERROR_INVALID_SID */
5337 }
5338 if (csubauth == 0)
5339 {
5340 TRACE("SubAuthorityCount is 0\n");
5341 goto lend; /* ERROR_INVALID_SID */
5342 }
5343
5344 pisid->SubAuthorityCount = csubauth;
5345
5346 /* Advance to identifier authority */
5347 while (*StringSid && *StringSid != '-')
5348 StringSid++;
5349 if (*StringSid == '-')
5350 StringSid++;
5351
5352 /* MS' implementation can't handle values greater than 2^32 - 1, so
5353 * we don't either; assume most significant bytes are always 0
5354 */
5355 pisid->IdentifierAuthority.Value[0] = 0;
5356 pisid->IdentifierAuthority.Value[1] = 0;
5357 identAuth = atoiW(StringSid);
5358 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
5359 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
5360 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
5361 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
5362
5363 /* Advance to first sub authority */
5364 while (*StringSid && *StringSid != '-')
5365 StringSid++;
5366 if (*StringSid == '-')
5367 StringSid++;
5368
5369 while (*StringSid)
5370 {
5371 pisid->SubAuthority[i++] = atoiW(StringSid);
5372
5373 while (*StringSid && *StringSid != '-')
5374 StringSid++;
5375 if (*StringSid == '-')
5376 StringSid++;
5377 }
5378
5379 if (i != pisid->SubAuthorityCount)
5380 goto lend; /* ERROR_INVALID_SID */
5381
5382 bret = TRUE;
5383 }
5384 else /* String constant format - Only available in winxp and above */
5385 {
5386 unsigned int i;
5387 pisid->Revision = SDDL_REVISION;
5388
5389 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
5390 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
5391 {
5392 DWORD j;
5393 pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount;
5394 pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority;
5395 for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
5396 pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j];
5397 bret = TRUE;
5398 }
5399
5400 if (!bret)
5401 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
5402 }
5403
5404 lend:
5405 if (!bret)
5406 SetLastError(ERROR_INVALID_SID);
5407
5408 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
5409 return bret;
5410 }
5411
5412 /******************************************************************************
5413 * GetNamedSecurityInfoA [ADVAPI32.@]
5414 */
5415 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
5416 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
5417 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
5418 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
5419 {
5420 DWORD len;
5421 LPWSTR wstr = NULL;
5422 DWORD r;
5423
5424 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
5425 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
5426
5427 if( pObjectName )
5428 {
5429 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
5430 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
5431 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
5432 }
5433
5434 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
5435 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
5436
5437 HeapFree( GetProcessHeap(), 0, wstr );
5438
5439 return r;
5440 }
5441
5442 /******************************************************************************
5443 * GetNamedSecurityInfoW [ADVAPI32.@]
5444 */
5445 DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type,
5446 SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl,
5447 PACL* sacl, PSECURITY_DESCRIPTOR* descriptor )
5448 {
5449 DWORD needed, offset;
5450 SECURITY_DESCRIPTOR_RELATIVE *relative = NULL;
5451 BYTE *buffer;
5452
5453 TRACE( "%s %d %d %p %p %p %p %p\n", debugstr_w(name), type, info, owner,
5454 group, dacl, sacl, descriptor );
5455
5456 /* A NULL descriptor is allowed if any one of the other pointers is not NULL */
5457 if (!name || !(owner||group||dacl||sacl||descriptor) ) return ERROR_INVALID_PARAMETER;
5458
5459 /* If no descriptor, we have to check that there's a pointer for the requested information */
5460 if( !descriptor && (
5461 ((info & OWNER_SECURITY_INFORMATION) && !owner)
5462 || ((info & GROUP_SECURITY_INFORMATION) && !group)
5463 || ((info & DACL_SECURITY_INFORMATION) && !dacl)
5464 || ((info & SACL_SECURITY_INFORMATION) && !sacl) ))
5465 return ERROR_INVALID_PARAMETER;
5466
5467 needed = !descriptor ? 0 : sizeof(SECURITY_DESCRIPTOR_RELATIVE);
5468 if (info & OWNER_SECURITY_INFORMATION)
5469 needed += sizeof(sidWorld);
5470 if (info & GROUP_SECURITY_INFORMATION)
5471 needed += sizeof(sidWorld);
5472 if (info & DACL_SECURITY_INFORMATION)
5473 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
5474 if (info & SACL_SECURITY_INFORMATION)
5475 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
5476
5477 if(descriptor)
5478 {
5479 /* must be freed by caller */
5480 *descriptor = HeapAlloc( GetProcessHeap(), 0, needed );
5481 if (!*descriptor) return ERROR_NOT_ENOUGH_MEMORY;
5482
5483 if (!InitializeSecurityDescriptor( *descriptor, SECURITY_DESCRIPTOR_REVISION ))
5484 {
5485 HeapFree( GetProcessHeap(), 0, *descriptor );
5486 return ERROR_INVALID_SECURITY_DESCR;
5487 }
5488
5489 relative = *descriptor;
5490 relative->Control |= SE_SELF_RELATIVE;
5491
5492 buffer = (BYTE *)relative;
5493 offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
5494 }
5495 else
5496 {
5497 buffer = HeapAlloc( GetProcessHeap(), 0, needed );
5498 if (!buffer) return ERROR_NOT_ENOUGH_MEMORY;
5499 offset = 0;
5500 }
5501
5502 if (info & OWNER_SECURITY_INFORMATION)
5503 {
5504 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
5505 if(relative)
5506 relative->Owner = offset;
5507 if (owner)
5508 *owner = buffer + offset;
5509 offset += sizeof(sidWorld);
5510 }
5511 if (info & GROUP_SECURITY_INFORMATION)
5512 {
5513 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
5514 if(relative)
5515 relative->Group = offset;
5516 if (group)
5517 *group = buffer + offset;
5518 offset += sizeof(sidWorld);
5519 }
5520 if (info & DACL_SECURITY_INFORMATION)
5521 {
5522 GetWorldAccessACL( (PACL)(buffer + offset) );
5523 if(relative)
5524 {
5525 relative->Control |= SE_DACL_PRESENT;
5526 relative->Dacl = offset;
5527 }
5528 if (dacl)
5529 *dacl = (PACL)(buffer + offset);
5530 offset += WINE_SIZE_OF_WORLD_ACCESS_ACL;
5531 }
5532 if (info & SACL_SECURITY_INFORMATION)
5533 {
5534 GetWorldAccessACL( (PACL)(buffer + offset) );
5535 if(relative)
5536 {
5537 relative->Control |= SE_SACL_PRESENT;
5538 relative->Sacl = offset;
5539 }
5540 if (sacl)
5541 *sacl = (PACL)(buffer + offset);
5542 }
5543
5544 return ERROR_SUCCESS;
5545 }
5546
5547 /******************************************************************************
5548 * GetNamedSecurityInfoExW [ADVAPI32.@]
5549 */
5550 DWORD WINAPI GetNamedSecurityInfoExW( LPCWSTR object, SE_OBJECT_TYPE type,
5551 SECURITY_INFORMATION info, LPCWSTR provider, LPCWSTR property,
5552 PACTRL_ACCESSW* access_list, PACTRL_AUDITW* audit_list, LPWSTR* owner, LPWSTR* group )
5553 {
5554 FIXME("(%s, %d, %d, %s, %s, %p, %p, %p, %p) stub\n", debugstr_w(object), type, info,
5555 debugstr_w(provider), debugstr_w(property), access_list, audit_list, owner, group);
5556 return ERROR_CALL_NOT_IMPLEMENTED;
5557 }
5558
5559 /******************************************************************************
5560 * GetNamedSecurityInfoExA [ADVAPI32.@]
5561 */
5562 DWORD WINAPI GetNamedSecurityInfoExA( LPCSTR object, SE_OBJECT_TYPE type,
5563 SECURITY_INFORMATION info, LPCSTR provider, LPCSTR property,
5564 PACTRL_ACCESSA* access_list, PACTRL_AUDITA* audit_list, LPSTR* owner, LPSTR* group )
5565 {
5566 FIXME("(%s, %d, %d, %s, %s, %p, %p, %p, %p) stub\n", debugstr_a(object), type, info,
5567 debugstr_a(provider), debugstr_a(property), access_list, audit_list, owner, group);
5568 return ERROR_CALL_NOT_IMPLEMENTED;
5569 }
5570
5571 /******************************************************************************
5572 * DecryptFileW [ADVAPI32.@]
5573 */
5574 BOOL WINAPI DecryptFileW(LPCWSTR lpFileName, DWORD dwReserved)
5575 {
5576 FIXME("%s %08x\n", debugstr_w(lpFileName), dwReserved);
5577 return TRUE;
5578 }
5579
5580 /******************************************************************************
5581 * DecryptFileA [ADVAPI32.@]
5582 */
5583 BOOL WINAPI DecryptFileA(LPCSTR lpFileName, DWORD dwReserved)
5584 {
5585 FIXME("%s %08x\n", debugstr_a(lpFileName), dwReserved);
5586 return TRUE;
5587 }
5588
5589 /******************************************************************************
5590 * EncryptFileW [ADVAPI32.@]
5591 */
5592 BOOL WINAPI EncryptFileW(LPCWSTR lpFileName)
5593 {
5594 FIXME("%s\n", debugstr_w(lpFileName));
5595 return TRUE;
5596 }
5597
5598 /******************************************************************************
5599 * EncryptFileA [ADVAPI32.@]
5600 */
5601 BOOL WINAPI EncryptFileA(LPCSTR lpFileName)
5602 {
5603 FIXME("%s\n", debugstr_a(lpFileName));
5604 return TRUE;
5605 }
5606
5607 /******************************************************************************
5608 * FileEncryptionStatusW [ADVAPI32.@]
5609 */
5610 BOOL WINAPI FileEncryptionStatusW(LPCWSTR lpFileName, LPDWORD lpStatus)
5611 {
5612 FIXME("(%s %p): stub\n", debugstr_w(lpFileName), lpStatus);
5613 if (!lpStatus)
5614 return FALSE;
5615 *lpStatus = FILE_SYSTEM_NOT_SUPPORT;
5616 return TRUE;
5617 }
5618
5619 /******************************************************************************
5620 * FileEncryptionStatusA [ADVAPI32.@]
5621 */
5622 BOOL WINAPI FileEncryptionStatusA(LPCSTR lpFileName, LPDWORD lpStatus)
5623 {
5624 FIXME("(%s %p): stub\n", debugstr_a(lpFileName), lpStatus);
5625 if (!lpStatus)
5626 return FALSE;
5627 *lpStatus = FILE_SYSTEM_NOT_SUPPORT;
5628 return TRUE;
5629 }
5630
5631 /******************************************************************************
5632 * SetSecurityInfo [ADVAPI32.@]
5633 */
5634 DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
5635 SECURITY_INFORMATION SecurityInfo, PSID psidOwner,
5636 PSID psidGroup, PACL pDacl, PACL pSacl) {
5637 FIXME("stub\n");
5638 return ERROR_SUCCESS;
5639 }
5640
5641 /******************************************************************************
5642 * SaferCreateLevel [ADVAPI32.@]
5643 */
5644 BOOL WINAPI SaferCreateLevel(DWORD ScopeId, DWORD LevelId, DWORD OpenFlags,
5645 SAFER_LEVEL_HANDLE* LevelHandle, LPVOID lpReserved)
5646 {
5647 FIXME("(%u, %x, %u, %p, %p) stub\n", ScopeId, LevelId, OpenFlags, LevelHandle, lpReserved);
5648
5649 *LevelHandle = (SAFER_LEVEL_HANDLE)0xdeadbeef;
5650 return TRUE;
5651 }
5652
5653 /******************************************************************************
5654 * SaferComputeTokenFromLevel [ADVAPI32.@]
5655 */
5656 BOOL WINAPI SaferComputeTokenFromLevel(SAFER_LEVEL_HANDLE handle, HANDLE token, PHANDLE access_token,
5657 DWORD flags, LPVOID reserved)
5658 {
5659 FIXME("(%p, %p, %p, %x, %p) stub\n", handle, token, access_token, flags, reserved);
5660
5661 *access_token = (HANDLE)0xdeadbeef;
5662 return TRUE;
5663 }
5664
5665 /******************************************************************************
5666 * SaferCloseLevel [ADVAPI32.@]
5667 */
5668 BOOL WINAPI SaferCloseLevel(SAFER_LEVEL_HANDLE handle)
5669 {
5670 FIXME("(%p) stub\n", handle);
5671 return TRUE;
5672 }
5673
5674 DWORD WINAPI TreeResetNamedSecurityInfoW( LPWSTR pObjectName,
5675 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
5676 PSID pOwner, PSID pGroup, PACL pDacl, PACL pSacl,
5677 BOOL KeepExplicit, FN_PROGRESS fnProgress,
5678 PROG_INVOKE_SETTING ProgressInvokeSetting, PVOID Args)
5679 {
5680 FIXME("(%s, %i, %i, %p, %p, %p, %p, %i, %p, %i, %p Stub\n",
5681 debugstr_w(pObjectName), ObjectType, SecurityInfo, pOwner, pGroup,
5682 pDacl, pSacl, KeepExplicit, fnProgress, ProgressInvokeSetting, Args);
5683
5684 return ERROR_SUCCESS;
5685 }
5686
5687 /******************************************************************************
5688 * SaferGetPolicyInformation [ADVAPI32.@]
5689 */
5690 BOOL WINAPI SaferGetPolicyInformation(DWORD scope, SAFER_POLICY_INFO_CLASS class, DWORD size,
5691 PVOID buffer, PDWORD required, LPVOID lpReserved)
5692 {
5693 FIXME("(%u %u %u %p %p %p) stub\n", scope, class, size, buffer, required, lpReserved);
5694 return FALSE;
5695 }
5696
5697 /******************************************************************************
5698 * SaferSetLevelInformation [ADVAPI32.@]
5699 */
5700 BOOL WINAPI SaferSetLevelInformation(SAFER_LEVEL_HANDLE handle, SAFER_OBJECT_INFO_CLASS infotype,
5701 LPVOID buffer, DWORD size)
5702 {
5703 FIXME("(%p %u %p %u) stub\n", handle, infotype, buffer, size);
5704 return FALSE;
5705 }
GSOC 2012 project to enhance the control panel