search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Release 20050930.
[wine/gsoc-2012-control.git] / dlls / advapi32 / security.c
blob605266dea53e85223d1c1cb84965ea230ec87d73
1 /*
2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 *
19 */
20
21 #include <stdarg.h>
22 #include <string.h>
23
24 #include "windef.h"
25 #include "winbase.h"
26 #include "winerror.h"
27 #include "rpcnterr.h"
28 #include "winreg.h"
29 #include "winternl.h"
30 #include "winioctl.h"
31 #include "ntstatus.h"
32 #include "ntsecapi.h"
33 #include "accctrl.h"
34 #include "sddl.h"
35 #include "winsvc.h"
36 #include "aclapi.h"
37
38 #include "wine/debug.h"
39 #include "wine/unicode.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
42
43 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
44 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
45 PACL pAcl, LPDWORD cBytes);
46 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
47 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
48 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
49 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
50 LPCWSTR StringSecurityDescriptor,
51 SECURITY_DESCRIPTOR* SecurityDescriptor,
52 LPDWORD cBytes);
53 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
54
55 typedef struct _ACEFLAG
56 {
57 LPCWSTR wstr;
58 DWORD value;
59 } ACEFLAG, *LPACEFLAG;
60
61 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
62
63 /*
64 * ACE access rights
65 */
66 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
67 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
68 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
69 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
70 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
71 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
72 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
73 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
74
75 /*
76 * ACE types
77 */
78 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
79 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
80 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
81 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
82 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
83 static const WCHAR SDDL_ALARM[] = {'A','L',0};
84 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
85 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
86
87 /*
88 * ACE flags
89 */
90 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
91 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
92 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
93 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
94 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
95 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
96 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
97
98 /* set last error code from NT status and get the proper boolean return value */
99 /* used for functions that are a simple wrapper around the corresponding ntdll API */
100 static inline BOOL set_ntstatus( NTSTATUS status )
101 {
102 if (status) SetLastError( RtlNtStatusToDosError( status ));
103 return !status;
104 }
105
106 #define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD))
107
108 static void GetWorldAccessACL(PACL pACL)
109 {
110 PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1);
111
112 pACL->AclRevision = ACL_REVISION;
113 pACL->Sbz1 = 0;
114 pACL->AclSize = WINE_SIZE_OF_WORLD_ACCESS_ACL;
115 pACL->AceCount = 1;
116 pACL->Sbz2 = 0;
117
118 pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
119 pACE->Header.AceFlags = CONTAINER_INHERIT_ACE;
120 pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD);
121 pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */
122 memcpy(&pACE->SidStart, &sidWorld, sizeof(sidWorld));
123 }
124
125 /************************************************************
126 * ADVAPI_IsLocalComputer
127 *
128 * Checks whether the server name indicates local machine.
129 */
130 static BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
131 {
132 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
133 BOOL Result;
134 LPWSTR buf;
135
136 if (!ServerName || !ServerName[0])
137 return TRUE;
138
139 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
140 Result = GetComputerNameW(buf, &dwSize);
141 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
142 ServerName += 2;
143 Result = Result && !lstrcmpW(ServerName, buf);
144 HeapFree(GetProcessHeap(), 0, buf);
145
146 return Result;
147 }
148
149 /* ##############################
150 ###### TOKEN FUNCTIONS ######
151 ##############################
152 */
153
154 /******************************************************************************
155 * OpenProcessToken [ADVAPI32.@]
156 * Opens the access token associated with a process handle.
157 *
158 * PARAMS
159 * ProcessHandle [I] Handle to process
160 * DesiredAccess [I] Desired access to process
161 * TokenHandle [O] Pointer to handle of open access token
162 *
163 * RETURNS
164 * Success: TRUE. TokenHandle contains the access token.
165 * Failure: FALSE.
166 *
167 * NOTES
168 * See NtOpenProcessToken.
169 */
170 BOOL WINAPI
171 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
172 HANDLE *TokenHandle )
173 {
174 return set_ntstatus(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
175 }
176
177 /******************************************************************************
178 * OpenThreadToken [ADVAPI32.@]
179 *
180 * Opens the access token associated with a thread handle.
181 *
182 * PARAMS
183 * ThreadHandle [I] Handle to process
184 * DesiredAccess [I] Desired access to the thread
185 * OpenAsSelf [I] ???
186 * TokenHandle [O] Destination for the token handle
187 *
188 * RETURNS
189 * Success: TRUE. TokenHandle contains the access token.
190 * Failure: FALSE.
191 *
192 * NOTES
193 * See NtOpenThreadToken.
194 */
195 BOOL WINAPI
196 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
197 BOOL OpenAsSelf, HANDLE *TokenHandle)
198 {
199 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
200 }
201
202 BOOL WINAPI
203 AdjustTokenGroups( HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState,
204 DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength )
205 {
206 return set_ntstatus( NtAdjustGroupsToken(TokenHandle, ResetToDefault, NewState, BufferLength,
207 PreviousState, ReturnLength));
208 }
209
210 /******************************************************************************
211 * AdjustTokenPrivileges [ADVAPI32.@]
212 *
213 * Adjust the privileges of an open token handle.
214 *
215 * PARAMS
216 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
217 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
218 * NewState [I] Desired new privileges of the token
219 * BufferLength [I] Length of NewState
220 * PreviousState [O] Destination for the previous state
221 * ReturnLength [I/O] Size of PreviousState
222 *
223 *
224 * RETURNS
225 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
226 * Failure: FALSE.
227 *
228 * NOTES
229 * See NtAdjustPrivilegesToken.
230 */
231 BOOL WINAPI
232 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
233 LPVOID NewState, DWORD BufferLength,
234 LPVOID PreviousState, LPDWORD ReturnLength )
235 {
236 NTSTATUS status;
237
238 TRACE("\n");
239
240 status = NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges,
241 NewState, BufferLength, PreviousState,
242 ReturnLength);
243 SetLastError( RtlNtStatusToDosError( status ));
244 if ((status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED))
245 return TRUE;
246 else
247 return FALSE;
248 }
249
250 /******************************************************************************
251 * CheckTokenMembership [ADVAPI32.@]
252 *
253 * Determine if an access token is a member of a SID.
254 *
255 * PARAMS
256 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
257 * SidToCheck [I] SID that possibly contains the token
258 * IsMember [O] Destination for result.
259 *
260 * RETURNS
261 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
262 * Failure: FALSE.
263 */
264 BOOL WINAPI
265 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
266 PBOOL IsMember )
267 {
268 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
269
270 *IsMember = TRUE;
271 return(TRUE);
272 }
273
274 /******************************************************************************
275 * GetTokenInformation [ADVAPI32.@]
276 *
277 * PARAMS
278 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
279 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
280 * tokeninfo [O] Destination for token information
281 * tokeninfolength [I] Length of tokeninfo
282 * retlen [O] Destination for returned token information length
283 *
284 * RETURNS
285 * Success: TRUE. tokeninfo contains retlen bytes of token information
286 * Failure: FALSE.
287 *
288 * NOTES
289 * See NtQueryInformationToken.
290 */
291 BOOL WINAPI
292 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
293 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
294 {
295 TRACE("(%p, %s, %p, %ld, %p): \n",
296 token,
297 (tokeninfoclass == TokenUser) ? "TokenUser" :
298 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
299 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
300 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
301 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
302 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
303 (tokeninfoclass == TokenSource) ? "TokenSource" :
304 (tokeninfoclass == TokenType) ? "TokenType" :
305 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
306 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
307 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
308 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
309 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
310 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
311 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
312 "Unknown",
313 tokeninfo, tokeninfolength, retlen);
314 return set_ntstatus( NtQueryInformationToken( token, tokeninfoclass, tokeninfo,
315 tokeninfolength, retlen));
316 }
317
318 /******************************************************************************
319 * SetTokenInformation [ADVAPI32.@]
320 *
321 * Set information for an access token.
322 *
323 * PARAMS
324 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
325 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
326 * tokeninfo [I] Token information to set
327 * tokeninfolength [I] Length of tokeninfo
328 *
329 * RETURNS
330 * Success: TRUE. The information for the token is set to tokeninfo.
331 * Failure: FALSE.
332 */
333 BOOL WINAPI
334 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
335 LPVOID tokeninfo, DWORD tokeninfolength )
336 {
337 TRACE("(%p, %s, %p, %ld): stub\n",
338 token,
339 (tokeninfoclass == TokenUser) ? "TokenUser" :
340 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
341 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
342 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
343 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
344 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
345 (tokeninfoclass == TokenSource) ? "TokenSource" :
346 (tokeninfoclass == TokenType) ? "TokenType" :
347 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
348 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
349 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
350 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
351 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
352 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
353 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
354 "Unknown",
355 tokeninfo, tokeninfolength);
356
357 return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
358 }
359
360 /*************************************************************************
361 * SetThreadToken [ADVAPI32.@]
362 *
363 * Assigns an 'impersonation token' to a thread so it can assume the
364 * security privileges of another thread or process. Can also remove
365 * a previously assigned token.
366 *
367 * PARAMS
368 * thread [O] Handle to thread to set the token for
369 * token [I] Token to set
370 *
371 * RETURNS
372 * Success: TRUE. The threads access token is set to token
373 * Failure: FALSE.
374 *
375 * NOTES
376 * Only supported on NT or higher. On Win9X this function does nothing.
377 * See SetTokenInformation.
378 */
379 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
380 {
381 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
382 ThreadImpersonationToken, &token, sizeof token ));
383 }
384
385 /* ##############################
386 ###### SID FUNCTIONS ######
387 ##############################
388 */
389
390 /******************************************************************************
391 * AllocateAndInitializeSid [ADVAPI32.@]
392 *
393 * PARAMS
394 * pIdentifierAuthority []
395 * nSubAuthorityCount []
396 * nSubAuthority0 []
397 * nSubAuthority1 []
398 * nSubAuthority2 []
399 * nSubAuthority3 []
400 * nSubAuthority4 []
401 * nSubAuthority5 []
402 * nSubAuthority6 []
403 * nSubAuthority7 []
404 * pSid []
405 */
406 BOOL WINAPI
407 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
408 BYTE nSubAuthorityCount,
409 DWORD nSubAuthority0, DWORD nSubAuthority1,
410 DWORD nSubAuthority2, DWORD nSubAuthority3,
411 DWORD nSubAuthority4, DWORD nSubAuthority5,
412 DWORD nSubAuthority6, DWORD nSubAuthority7,
413 PSID *pSid )
414 {
415 return set_ntstatus( RtlAllocateAndInitializeSid(
416 pIdentifierAuthority, nSubAuthorityCount,
417 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
418 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
419 pSid ));
420 }
421
422 /******************************************************************************
423 * FreeSid [ADVAPI32.@]
424 *
425 * PARAMS
426 * pSid []
427 */
428 PVOID WINAPI
429 FreeSid( PSID pSid )
430 {
431 RtlFreeSid(pSid);
432 return NULL; /* is documented like this */
433 }
434
435 /******************************************************************************
436 * CopySid [ADVAPI32.@]
437 *
438 * PARAMS
439 * nDestinationSidLength []
440 * pDestinationSid []
441 * pSourceSid []
442 */
443 BOOL WINAPI
444 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
445 {
446 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
447 }
448
449 BOOL WINAPI
450 IsTokenRestricted( HANDLE TokenHandle )
451 {
452 TOKEN_GROUPS *groups;
453 DWORD size;
454 NTSTATUS status;
455 BOOL restricted;
456
457 TRACE("(%p)\n", TokenHandle);
458
459 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, NULL, 0, &size);
460 if (status != STATUS_BUFFER_TOO_SMALL)
461 return FALSE;
462
463 groups = HeapAlloc(GetProcessHeap(), 0, size);
464 if (!groups)
465 {
466 SetLastError(ERROR_OUTOFMEMORY);
467 return FALSE;
468 }
469
470 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, groups, size, &size);
471 if (status != STATUS_SUCCESS)
472 {
473 HeapFree(GetProcessHeap(), 0, groups);
474 return set_ntstatus(status);
475 }
476
477 if (groups->GroupCount)
478 restricted = TRUE;
479 else
480 restricted = FALSE;
481
482 HeapFree(GetProcessHeap(), 0, groups);
483
484 return restricted;
485 }
486
487 /******************************************************************************
488 * IsValidSid [ADVAPI32.@]
489 *
490 * PARAMS
491 * pSid []
492 */
493 BOOL WINAPI
494 IsValidSid( PSID pSid )
495 {
496 return RtlValidSid( pSid );
497 }
498
499 /******************************************************************************
500 * EqualSid [ADVAPI32.@]
501 *
502 * PARAMS
503 * pSid1 []
504 * pSid2 []
505 */
506 BOOL WINAPI
507 EqualSid( PSID pSid1, PSID pSid2 )
508 {
509 return RtlEqualSid( pSid1, pSid2 );
510 }
511
512 /******************************************************************************
513 * EqualPrefixSid [ADVAPI32.@]
514 */
515 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
516 {
517 return RtlEqualPrefixSid(pSid1, pSid2);
518 }
519
520 /******************************************************************************
521 * GetSidLengthRequired [ADVAPI32.@]
522 *
523 * PARAMS
524 * nSubAuthorityCount []
525 */
526 DWORD WINAPI
527 GetSidLengthRequired( BYTE nSubAuthorityCount )
528 {
529 return RtlLengthRequiredSid(nSubAuthorityCount);
530 }
531
532 /******************************************************************************
533 * InitializeSid [ADVAPI32.@]
534 *
535 * PARAMS
536 * pIdentifierAuthority []
537 */
538 BOOL WINAPI
539 InitializeSid (
540 PSID pSid,
541 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
542 BYTE nSubAuthorityCount)
543 {
544 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
545 }
546
547 DWORD WINAPI
548 GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights )
549 {
550 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
551
552 return 1;
553 }
554
555 DWORD WINAPI
556 GetEffectiveRightsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pAccessRights )
557 {
558 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
559
560 return 1;
561 }
562
563 /******************************************************************************
564 * GetSidIdentifierAuthority [ADVAPI32.@]
565 *
566 * PARAMS
567 * pSid []
568 */
569 PSID_IDENTIFIER_AUTHORITY WINAPI
570 GetSidIdentifierAuthority( PSID pSid )
571 {
572 return RtlIdentifierAuthoritySid(pSid);
573 }
574
575 /******************************************************************************
576 * GetSidSubAuthority [ADVAPI32.@]
577 *
578 * PARAMS
579 * pSid []
580 * nSubAuthority []
581 */
582 PDWORD WINAPI
583 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
584 {
585 return RtlSubAuthoritySid(pSid, nSubAuthority);
586 }
587
588 /******************************************************************************
589 * GetSidSubAuthorityCount [ADVAPI32.@]
590 *
591 * PARAMS
592 * pSid []
593 */
594 PUCHAR WINAPI
595 GetSidSubAuthorityCount (PSID pSid)
596 {
597 return RtlSubAuthorityCountSid(pSid);
598 }
599
600 /******************************************************************************
601 * GetLengthSid [ADVAPI32.@]
602 *
603 * PARAMS
604 * pSid []
605 */
606 DWORD WINAPI
607 GetLengthSid (PSID pSid)
608 {
609 return RtlLengthSid(pSid);
610 }
611
612 /* ##############################################
613 ###### SECURITY DESCRIPTOR FUNCTIONS ######
614 ##############################################
615 */
616
617 /******************************************************************************
618 * BuildSecurityDescriptorA [ADVAPI32.@]
619 *
620 * Builds a SD from
621 *
622 * PARAMS
623 * pOwner [I]
624 * pGroup [I]
625 * cCountOfAccessEntries [I]
626 * pListOfAccessEntries [I]
627 * cCountOfAuditEntries [I]
628 * pListofAuditEntries [I]
629 * pOldSD [I]
630 * lpdwBufferLength [I/O]
631 * pNewSD [O]
632 */
633 DWORD WINAPI BuildSecurityDescriptorA(
634 IN PTRUSTEE_A pOwner,
635 IN PTRUSTEE_A pGroup,
636 IN DWORD cCountOfAccessEntries,
637 IN PEXPLICIT_ACCESS_A pListOfAccessEntries,
638 IN DWORD cCountOfAuditEntries,
639 IN PEXPLICIT_ACCESS_A pListofAuditEntries,
640 IN PSECURITY_DESCRIPTOR pOldSD,
641 IN OUT PDWORD lpdwBufferLength,
642 OUT PSECURITY_DESCRIPTOR pNewSD)
643 {
644 FIXME("(%p,%p,%ld,%p,%ld,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
645 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
646 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
647
648 return ERROR_CALL_NOT_IMPLEMENTED;
649 }
650
651 /******************************************************************************
652 * BuildSecurityDescriptorW [ADVAPI32.@]
653 *
654 * See BuildSecurityDescriptorA.
655 */
656 DWORD WINAPI BuildSecurityDescriptorW(
657 IN PTRUSTEE_W pOwner,
658 IN PTRUSTEE_W pGroup,
659 IN DWORD cCountOfAccessEntries,
660 IN PEXPLICIT_ACCESS_W pListOfAccessEntries,
661 IN DWORD cCountOfAuditEntries,
662 IN PEXPLICIT_ACCESS_W pListofAuditEntries,
663 IN PSECURITY_DESCRIPTOR pOldSD,
664 IN OUT PDWORD lpdwBufferLength,
665 OUT PSECURITY_DESCRIPTOR pNewSD)
666 {
667 FIXME("(%p,%p,%ld,%p,%ld,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
668 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
669 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
670
671 return ERROR_CALL_NOT_IMPLEMENTED;
672 }
673
674 /******************************************************************************
675 * InitializeSecurityDescriptor [ADVAPI32.@]
676 *
677 * PARAMS
678 * pDescr []
679 * revision []
680 */
681 BOOL WINAPI
682 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision )
683 {
684 return set_ntstatus( RtlCreateSecurityDescriptor(pDescr, revision ));
685 }
686
687
688 /******************************************************************************
689 * MakeAbsoluteSD [ADVAPI32.@]
690 */
691 BOOL WINAPI MakeAbsoluteSD (
692 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
693 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
694 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
695 OUT PACL pDacl,
696 OUT LPDWORD lpdwDaclSize,
697 OUT PACL pSacl,
698 OUT LPDWORD lpdwSaclSize,
699 OUT PSID pOwner,
700 OUT LPDWORD lpdwOwnerSize,
701 OUT PSID pPrimaryGroup,
702 OUT LPDWORD lpdwPrimaryGroupSize)
703 {
704 return set_ntstatus( RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
705 pAbsoluteSecurityDescriptor,
706 lpdwAbsoluteSecurityDescriptorSize,
707 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize,
708 pOwner, lpdwOwnerSize,
709 pPrimaryGroup, lpdwPrimaryGroupSize));
710 }
711
712 /******************************************************************************
713 * GetKernelObjectSecurity [ADVAPI32.@]
714 */
715 BOOL WINAPI GetKernelObjectSecurity(
716 HANDLE Handle,
717 SECURITY_INFORMATION RequestedInformation,
718 PSECURITY_DESCRIPTOR pSecurityDescriptor,
719 DWORD nLength,
720 LPDWORD lpnLengthNeeded )
721 {
722 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", Handle, RequestedInformation,
723 pSecurityDescriptor, nLength, lpnLengthNeeded);
724
725 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
726 nLength, lpnLengthNeeded ));
727 }
728
729 /******************************************************************************
730 * GetPrivateObjectSecurity [ADVAPI32.@]
731 */
732 BOOL WINAPI GetPrivateObjectSecurity(
733 PSECURITY_DESCRIPTOR ObjectDescriptor,
734 SECURITY_INFORMATION SecurityInformation,
735 PSECURITY_DESCRIPTOR ResultantDescriptor,
736 DWORD DescriptorLength,
737 PDWORD ReturnLength )
738 {
739 TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", ObjectDescriptor, SecurityInformation,
740 ResultantDescriptor, DescriptorLength, ReturnLength);
741
742 return set_ntstatus( NtQuerySecurityObject(ObjectDescriptor, SecurityInformation,
743 ResultantDescriptor, DescriptorLength, ReturnLength ));
744 }
745
746 /******************************************************************************
747 * GetSecurityDescriptorLength [ADVAPI32.@]
748 */
749 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr)
750 {
751 return RtlLengthSecurityDescriptor(pDescr);
752 }
753
754 /******************************************************************************
755 * GetSecurityDescriptorOwner [ADVAPI32.@]
756 *
757 * PARAMS
758 * pOwner []
759 * lpbOwnerDefaulted []
760 */
761 BOOL WINAPI
762 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner,
763 LPBOOL lpbOwnerDefaulted )
764 {
765 BOOLEAN defaulted;
766 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( pDescr, pOwner, &defaulted ));
767 *lpbOwnerDefaulted = defaulted;
768 return ret;
769 }
770
771 /******************************************************************************
772 * SetSecurityDescriptorOwner [ADVAPI32.@]
773 *
774 * PARAMS
775 */
776 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
777 PSID pOwner, BOOL bOwnerDefaulted)
778 {
779 return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
780 }
781 /******************************************************************************
782 * GetSecurityDescriptorGroup [ADVAPI32.@]
783 */
784 BOOL WINAPI GetSecurityDescriptorGroup(
785 PSECURITY_DESCRIPTOR SecurityDescriptor,
786 PSID *Group,
787 LPBOOL GroupDefaulted)
788 {
789 BOOLEAN defaulted;
790 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted ));
791 *GroupDefaulted = defaulted;
792 return ret;
793 }
794 /******************************************************************************
795 * SetSecurityDescriptorGroup [ADVAPI32.@]
796 */
797 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
798 PSID Group, BOOL GroupDefaulted)
799 {
800 return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
801 }
802
803 /******************************************************************************
804 * IsValidSecurityDescriptor [ADVAPI32.@]
805 *
806 * PARAMS
807 * lpsecdesc []
808 */
809 BOOL WINAPI
810 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
811 {
812 return set_ntstatus( RtlValidSecurityDescriptor(SecurityDescriptor));
813 }
814
815 /******************************************************************************
816 * GetSecurityDescriptorDacl [ADVAPI32.@]
817 */
818 BOOL WINAPI GetSecurityDescriptorDacl(
819 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
820 OUT LPBOOL lpbDaclPresent,
821 OUT PACL *pDacl,
822 OUT LPBOOL lpbDaclDefaulted)
823 {
824 BOOLEAN present, defaulted;
825 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted));
826 *lpbDaclPresent = present;
827 *lpbDaclDefaulted = defaulted;
828 return ret;
829 }
830
831 /******************************************************************************
832 * SetSecurityDescriptorDacl [ADVAPI32.@]
833 */
834 BOOL WINAPI
835 SetSecurityDescriptorDacl (
836 PSECURITY_DESCRIPTOR lpsd,
837 BOOL daclpresent,
838 PACL dacl,
839 BOOL dacldefaulted )
840 {
841 return set_ntstatus( RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ) );
842 }
843 /******************************************************************************
844 * GetSecurityDescriptorSacl [ADVAPI32.@]
845 */
846 BOOL WINAPI GetSecurityDescriptorSacl(
847 IN PSECURITY_DESCRIPTOR lpsd,
848 OUT LPBOOL lpbSaclPresent,
849 OUT PACL *pSacl,
850 OUT LPBOOL lpbSaclDefaulted)
851 {
852 BOOLEAN present, defaulted;
853 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor(lpsd, &present, pSacl, &defaulted) );
854 *lpbSaclPresent = present;
855 *lpbSaclDefaulted = defaulted;
856 return ret;
857 }
858
859 /**************************************************************************
860 * SetSecurityDescriptorSacl [ADVAPI32.@]
861 */
862 BOOL WINAPI SetSecurityDescriptorSacl (
863 PSECURITY_DESCRIPTOR lpsd,
864 BOOL saclpresent,
865 PACL lpsacl,
866 BOOL sacldefaulted)
867 {
868 return set_ntstatus (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
869 }
870 /******************************************************************************
871 * MakeSelfRelativeSD [ADVAPI32.@]
872 *
873 * PARAMS
874 * lpabssecdesc []
875 * lpselfsecdesc []
876 * lpbuflen []
877 */
878 BOOL WINAPI
879 MakeSelfRelativeSD(
880 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
881 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
882 IN OUT LPDWORD lpdwBufferLength)
883 {
884 return set_ntstatus( RtlMakeSelfRelativeSD( pAbsoluteSecurityDescriptor,
885 pSelfRelativeSecurityDescriptor, lpdwBufferLength));
886 }
887
888 /******************************************************************************
889 * GetSecurityDescriptorControl [ADVAPI32.@]
890 */
891
892 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
893 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
894 {
895 return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
896 }
897
898 /* ##############################
899 ###### ACL FUNCTIONS ######
900 ##############################
901 */
902
903 /*************************************************************************
904 * InitializeAcl [ADVAPI32.@]
905 */
906 BOOL WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
907 {
908 return set_ntstatus( RtlCreateAcl(acl, size, rev));
909 }
910
911 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
912 {
913 TRACE("(%p)\n", hNamedPipe);
914
915 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL, NULL,
916 FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
917 }
918
919 /******************************************************************************
920 * AddAccessAllowedAce [ADVAPI32.@]
921 */
922 BOOL WINAPI AddAccessAllowedAce(
923 IN OUT PACL pAcl,
924 IN DWORD dwAceRevision,
925 IN DWORD AccessMask,
926 IN PSID pSid)
927 {
928 return set_ntstatus(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
929 }
930
931 /******************************************************************************
932 * AddAccessAllowedAceEx [ADVAPI32.@]
933 */
934 BOOL WINAPI AddAccessAllowedAceEx(
935 IN OUT PACL pAcl,
936 IN DWORD dwAceRevision,
937 IN DWORD AceFlags,
938 IN DWORD AccessMask,
939 IN PSID pSid)
940 {
941 return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
942 }
943
944 /******************************************************************************
945 * AddAccessDeniedAce [ADVAPI32.@]
946 */
947 BOOL WINAPI AddAccessDeniedAce(
948 IN OUT PACL pAcl,
949 IN DWORD dwAceRevision,
950 IN DWORD AccessMask,
951 IN PSID pSid)
952 {
953 return set_ntstatus(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
954 }
955
956 /******************************************************************************
957 * AddAccessDeniedAceEx [ADVAPI32.@]
958 */
959 BOOL WINAPI AddAccessDeniedAceEx(
960 IN OUT PACL pAcl,
961 IN DWORD dwAceRevision,
962 IN DWORD AceFlags,
963 IN DWORD AccessMask,
964 IN PSID pSid)
965 {
966 return set_ntstatus(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
967 }
968
969 /******************************************************************************
970 * AddAce [ADVAPI32.@]
971 */
972 BOOL WINAPI AddAce(
973 IN OUT PACL pAcl,
974 IN DWORD dwAceRevision,
975 IN DWORD dwStartingAceIndex,
976 LPVOID pAceList,
977 DWORD nAceListLength)
978 {
979 return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
980 }
981
982 /******************************************************************************
983 * DeleteAce [ADVAPI32.@]
984 */
985 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
986 {
987 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
988 }
989
990 /******************************************************************************
991 * FindFirstFreeAce [ADVAPI32.@]
992 */
993 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
994 {
995 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
996 }
997
998 /******************************************************************************
999 * GetAce [ADVAPI32.@]
1000 */
1001 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1002 {
1003 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1004 }
1005
1006 /******************************************************************************
1007 * GetAclInformation [ADVAPI32.@]
1008 */
1009 BOOL WINAPI GetAclInformation(
1010 PACL pAcl,
1011 LPVOID pAclInformation,
1012 DWORD nAclInformationLength,
1013 ACL_INFORMATION_CLASS dwAclInformationClass)
1014 {
1015 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1016 nAclInformationLength, dwAclInformationClass));
1017 }
1018
1019 /******************************************************************************
1020 * IsValidAcl [ADVAPI32.@]
1021 */
1022 BOOL WINAPI IsValidAcl(IN PACL pAcl)
1023 {
1024 return RtlValidAcl(pAcl);
1025 }
1026
1027 /* ##############################
1028 ###### MISC FUNCTIONS ######
1029 ##############################
1030 */
1031
1032 /******************************************************************************
1033 * AllocateLocallyUniqueId [ADVAPI32.@]
1034 *
1035 * PARAMS
1036 * lpLuid []
1037 */
1038 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid )
1039 {
1040 return set_ntstatus(NtAllocateLocallyUniqueId(lpLuid));
1041 }
1042
1043 static const WCHAR SE_CREATE_TOKEN_NAME_W[] =
1044 { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1045 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] =
1046 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1047 static const WCHAR SE_LOCK_MEMORY_NAME_W[] =
1048 { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 };
1049 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] =
1050 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
1051 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] =
1052 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
1053 static const WCHAR SE_TCB_NAME_W[] =
1054 { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 };
1055 static const WCHAR SE_SECURITY_NAME_W[] =
1056 { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1057 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] =
1058 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
1059 static const WCHAR SE_LOAD_DRIVER_NAME_W[] =
1060 { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 };
1061 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] =
1062 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1063 static const WCHAR SE_SYSTEMTIME_NAME_W[] =
1064 { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 };
1065 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] =
1066 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
1067 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] =
1068 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1069 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] =
1070 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1071 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] =
1072 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1073 static const WCHAR SE_BACKUP_NAME_W[] =
1074 { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 };
1075 static const WCHAR SE_RESTORE_NAME_W[] =
1076 { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 };
1077 static const WCHAR SE_SHUTDOWN_NAME_W[] =
1078 { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1079 static const WCHAR SE_DEBUG_NAME_W[] =
1080 { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 };
1081 static const WCHAR SE_AUDIT_NAME_W[] =
1082 { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 };
1083 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] =
1084 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1085 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] =
1086 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
1087 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] =
1088 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1089 static const WCHAR SE_UNDOCK_NAME_W[] =
1090 { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 };
1091 static const WCHAR SE_SYNC_AGENT_NAME_W[] =
1092 { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1093 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] =
1094 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
1095 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] =
1096 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
1097 static const WCHAR SE_IMPERSONATE_NAME_W[] =
1098 { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 };
1099 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
1100 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
1101
1102 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
1103 {
1104 NULL,
1105 NULL,
1106 SE_CREATE_TOKEN_NAME_W,
1107 SE_ASSIGNPRIMARYTOKEN_NAME_W,
1108 SE_LOCK_MEMORY_NAME_W,
1109 SE_INCREASE_QUOTA_NAME_W,
1110 SE_MACHINE_ACCOUNT_NAME_W,
1111 SE_TCB_NAME_W,
1112 SE_SECURITY_NAME_W,
1113 SE_TAKE_OWNERSHIP_NAME_W,
1114 SE_LOAD_DRIVER_NAME_W,
1115 SE_SYSTEM_PROFILE_NAME_W,
1116 SE_SYSTEMTIME_NAME_W,
1117 SE_PROF_SINGLE_PROCESS_NAME_W,
1118 SE_INC_BASE_PRIORITY_NAME_W,
1119 SE_CREATE_PAGEFILE_NAME_W,
1120 SE_CREATE_PERMANENT_NAME_W,
1121 SE_BACKUP_NAME_W,
1122 SE_RESTORE_NAME_W,
1123 SE_SHUTDOWN_NAME_W,
1124 SE_DEBUG_NAME_W,
1125 SE_AUDIT_NAME_W,
1126 SE_SYSTEM_ENVIRONMENT_NAME_W,
1127 SE_CHANGE_NOTIFY_NAME_W,
1128 SE_REMOTE_SHUTDOWN_NAME_W,
1129 SE_UNDOCK_NAME_W,
1130 SE_SYNC_AGENT_NAME_W,
1131 SE_ENABLE_DELEGATION_NAME_W,
1132 SE_MANAGE_VOLUME_NAME_W,
1133 SE_IMPERSONATE_NAME_W,
1134 SE_CREATE_GLOBAL_NAME_W,
1135 };
1136
1137 /******************************************************************************
1138 * LookupPrivilegeValueW [ADVAPI32.@]
1139 *
1140 * See LookupPrivilegeValueA.
1141 */
1142 BOOL WINAPI
1143 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
1144 {
1145 UINT i;
1146
1147 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
1148
1149 if (!ADVAPI_IsLocalComputer(lpSystemName))
1150 {
1151 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1152 return FALSE;
1153 }
1154 if (!lpName)
1155 {
1156 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1157 return FALSE;
1158 }
1159 for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<SE_MAX_WELL_KNOWN_PRIVILEGE; i++ )
1160 {
1161 if( !WellKnownPrivNames[i] )
1162 continue;
1163 if( strcmpiW( WellKnownPrivNames[i], lpName) )
1164 continue;
1165 lpLuid->LowPart = i;
1166 lpLuid->HighPart = 0;
1167 TRACE( "%s -> %08lx-%08lx\n",debugstr_w( lpSystemName ),
1168 lpLuid->HighPart, lpLuid->LowPart );
1169 return TRUE;
1170 }
1171 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1172 return FALSE;
1173 }
1174
1175 /******************************************************************************
1176 * LookupPrivilegeValueA [ADVAPI32.@]
1177 *
1178 * Retrieves LUID used on a system to represent the privilege name.
1179 *
1180 * PARAMS
1181 * lpSystemName [I] Name of the system
1182 * lpName [I] Name of the privilege
1183 * lpLuid [O] Destination for the resulting LUID
1184 *
1185 * RETURNS
1186 * Success: TRUE. lpLuid contains the requested LUID.
1187 * Failure: FALSE.
1188 */
1189 BOOL WINAPI
1190 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
1191 {
1192 UNICODE_STRING lpSystemNameW;
1193 UNICODE_STRING lpNameW;
1194 BOOL ret;
1195
1196 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1197 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
1198 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
1199 RtlFreeUnicodeString(&lpNameW);
1200 RtlFreeUnicodeString(&lpSystemNameW);
1201 return ret;
1202 }
1203
1204 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName,
1205 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1206 {
1207 FIXME("%s %s %s %p %p - stub\n", debugstr_a(lpSystemName), debugstr_a(lpName),
1208 debugstr_a(lpDisplayName), cchDisplayName, lpLanguageId);
1209
1210 return FALSE;
1211 }
1212
1213 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName,
1214 LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1215 {
1216 FIXME("%s %s %s %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpName),
1217 debugstr_w(lpDisplayName), cchDisplayName, lpLanguageId);
1218
1219 return FALSE;
1220 }
1221
1222 /******************************************************************************
1223 * LookupPrivilegeNameA [ADVAPI32.@]
1224 *
1225 * See LookupPrivilegeNameW
1226 */
1227 BOOL WINAPI
1228 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName,
1229 LPDWORD cchName)
1230 {
1231 UNICODE_STRING lpSystemNameW;
1232 BOOL ret;
1233 DWORD wLen = 0;
1234
1235 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1236
1237 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1238 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1239 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1240 {
1241 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1242
1243 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1244 &wLen);
1245 if (ret)
1246 {
1247 /* Windows crashes if cchName is NULL, so will I */
1248 int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1249 *cchName, NULL, NULL);
1250
1251 if (len == 0)
1252 {
1253 /* WideCharToMultiByte failed */
1254 ret = FALSE;
1255 }
1256 else if (len > *cchName)
1257 {
1258 *cchName = len;
1259 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1260 ret = FALSE;
1261 }
1262 else
1263 {
1264 /* WideCharToMultiByte succeeded, output length needs to be
1265 * length not including NULL terminator
1266 */
1267 *cchName = len - 1;
1268 }
1269 }
1270 HeapFree(GetProcessHeap(), 0, lpNameW);
1271 }
1272 RtlFreeUnicodeString(&lpSystemNameW);
1273 return ret;
1274 }
1275
1276 /******************************************************************************
1277 * LookupPrivilegeNameW [ADVAPI32.@]
1278 *
1279 * Retrieves the privilege name referred to by the LUID lpLuid.
1280 *
1281 * PARAMS
1282 * lpSystemName [I] Name of the system
1283 * lpLuid [I] Privilege value
1284 * lpName [O] Name of the privilege
1285 * cchName [I/O] Number of characters in lpName.
1286 *
1287 * RETURNS
1288 * Success: TRUE. lpName contains the name of the privilege whose value is
1289 * *lpLuid.
1290 * Failure: FALSE.
1291 *
1292 * REMARKS
1293 * Only well-known privilege names (those defined in winnt.h) can be retrieved
1294 * using this function.
1295 * If the length of lpName is too small, on return *cchName will contain the
1296 * number of WCHARs needed to contain the privilege, including the NULL
1297 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
1298 * On success, *cchName will contain the number of characters stored in
1299 * lpName, NOT including the NULL terminator.
1300 */
1301 BOOL WINAPI
1302 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
1303 LPDWORD cchName)
1304 {
1305 size_t privNameLen;
1306
1307 TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
1308
1309 if (!ADVAPI_IsLocalComputer(lpSystemName))
1310 {
1311 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1312 return FALSE;
1313 }
1314 if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
1315 lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
1316 {
1317 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1318 return FALSE;
1319 }
1320 privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
1321 /* Windows crashes if cchName is NULL, so will I */
1322 if (*cchName <= privNameLen)
1323 {
1324 *cchName = privNameLen + 1;
1325 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1326 return FALSE;
1327 }
1328 else
1329 {
1330 strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
1331 *cchName = privNameLen;
1332 return TRUE;
1333 }
1334 }
1335
1336 /******************************************************************************
1337 * GetFileSecurityA [ADVAPI32.@]
1338 *
1339 * Obtains Specified information about the security of a file or directory.
1340 *
1341 * PARAMS
1342 * lpFileName [I] Name of the file to get info for
1343 * RequestedInformation [I] SE_ flags from "winnt.h"
1344 * pSecurityDescriptor [O] Destination for security information
1345 * nLength [I] Length of pSecurityDescriptor
1346 * lpnLengthNeeded [O] Destination for length of returned security information
1347 *
1348 * RETURNS
1349 * Success: TRUE. pSecurityDescriptor contains the requested information.
1350 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1351 *
1352 * NOTES
1353 * The information returned is constrained by the callers access rights and
1354 * privileges.
1355 */
1356 BOOL WINAPI
1357 GetFileSecurityA( LPCSTR lpFileName,
1358 SECURITY_INFORMATION RequestedInformation,
1359 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1360 DWORD nLength, LPDWORD lpnLengthNeeded )
1361 {
1362 DWORD len;
1363 BOOL r;
1364 LPWSTR name = NULL;
1365
1366 if( lpFileName )
1367 {
1368 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1369 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1370 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1371 }
1372
1373 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor,
1374 nLength, lpnLengthNeeded );
1375 HeapFree( GetProcessHeap(), 0, name );
1376
1377 return r;
1378 }
1379
1380 /******************************************************************************
1381 * GetFileSecurityW [ADVAPI32.@]
1382 *
1383 * See GetFileSecurityA.
1384 */
1385 BOOL WINAPI
1386 GetFileSecurityW( LPCWSTR lpFileName,
1387 SECURITY_INFORMATION RequestedInformation,
1388 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1389 DWORD nLength, LPDWORD lpnLengthNeeded )
1390 {
1391 DWORD nNeeded;
1392 LPBYTE pBuffer;
1393 DWORD iLocNow;
1394 SECURITY_DESCRIPTOR_RELATIVE *pSDRelative;
1395
1396 if(INVALID_FILE_ATTRIBUTES == GetFileAttributesW(lpFileName))
1397 return FALSE;
1398
1399 FIXME("(%s) : returns fake SECURITY_DESCRIPTOR\n", debugstr_w(lpFileName) );
1400
1401 nNeeded = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1402 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
1403 nNeeded += sizeof(sidWorld);
1404 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
1405 nNeeded += sizeof(sidWorld);
1406 if (RequestedInformation & DACL_SECURITY_INFORMATION)
1407 nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1408 if (RequestedInformation & SACL_SECURITY_INFORMATION)
1409 nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1410
1411 *lpnLengthNeeded = nNeeded;
1412
1413 if (nNeeded > nLength)
1414 return TRUE;
1415
1416 if (!InitializeSecurityDescriptor(pSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
1417 return FALSE;
1418
1419 pSDRelative = (PISECURITY_DESCRIPTOR_RELATIVE) pSecurityDescriptor;
1420 pSDRelative->Control |= SE_SELF_RELATIVE;
1421 pBuffer = (LPBYTE) pSDRelative;
1422 iLocNow = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1423
1424 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
1425 {
1426 memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
1427 pSDRelative->Owner = iLocNow;
1428 iLocNow += sizeof(sidWorld);
1429 }
1430 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
1431 {
1432 memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
1433 pSDRelative->Group = iLocNow;
1434 iLocNow += sizeof(sidWorld);
1435 }
1436 if (RequestedInformation & DACL_SECURITY_INFORMATION)
1437 {
1438 GetWorldAccessACL((PACL) (pBuffer + iLocNow));
1439 pSDRelative->Dacl = iLocNow;
1440 iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1441 }
1442 if (RequestedInformation & SACL_SECURITY_INFORMATION)
1443 {
1444 GetWorldAccessACL((PACL) (pBuffer + iLocNow));
1445 pSDRelative->Sacl = iLocNow;
1446 /* iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL; */
1447 }
1448 return TRUE;
1449 }
1450
1451
1452 /******************************************************************************
1453 * LookupAccountSidA [ADVAPI32.@]
1454 */
1455 BOOL WINAPI
1456 LookupAccountSidA(
1457 IN LPCSTR system,
1458 IN PSID sid,
1459 OUT LPSTR account,
1460 IN OUT LPDWORD accountSize,
1461 OUT LPSTR domain,
1462 IN OUT LPDWORD domainSize,
1463 OUT PSID_NAME_USE name_use )
1464 {
1465 static const char ac[] = "Administrator";
1466 static const char dm[] = "DOMAIN";
1467 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1468 debugstr_a(system),sid,
1469 account,accountSize,accountSize?*accountSize:0,
1470 domain,domainSize,domainSize?*domainSize:0,
1471 name_use);
1472
1473 if (accountSize) *accountSize = strlen(ac)+1;
1474 if (account && (*accountSize > strlen(ac)))
1475 strcpy(account, ac);
1476
1477 if (domainSize) *domainSize = strlen(dm)+1;
1478 if (domain && (*domainSize > strlen(dm)))
1479 strcpy(domain,dm);
1480
1481 if (name_use) *name_use = SidTypeUser;
1482 return TRUE;
1483 }
1484
1485 /******************************************************************************
1486 * LookupAccountSidW [ADVAPI32.@]
1487 *
1488 * PARAMS
1489 * system []
1490 * sid []
1491 * account []
1492 * accountSize []
1493 * domain []
1494 * domainSize []
1495 * name_use []
1496 */
1497 BOOL WINAPI
1498 LookupAccountSidW(
1499 IN LPCWSTR system,
1500 IN PSID sid,
1501 OUT LPWSTR account,
1502 IN OUT LPDWORD accountSize,
1503 OUT LPWSTR domain,
1504 IN OUT LPDWORD domainSize,
1505 OUT PSID_NAME_USE name_use )
1506 {
1507 static const WCHAR ac[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0};
1508 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
1509 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1510 debugstr_w(system),sid,
1511 account,accountSize,accountSize?*accountSize:0,
1512 domain,domainSize,domainSize?*domainSize:0,
1513 name_use);
1514
1515 if (accountSize) *accountSize = strlenW(ac)+1;
1516 if (account && (*accountSize > strlenW(ac)))
1517 strcpyW(account, ac);
1518
1519 if (domainSize) *domainSize = strlenW(dm)+1;
1520 if (domain && (*domainSize > strlenW(dm)))
1521 strcpyW(domain,dm);
1522
1523 if (name_use) *name_use = SidTypeUser;
1524 return TRUE;
1525 }
1526
1527 /******************************************************************************
1528 * SetFileSecurityA [ADVAPI32.@]
1529 * Sets the security of a file or directory
1530 */
1531 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
1532 SECURITY_INFORMATION RequestedInformation,
1533 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1534 {
1535 DWORD len;
1536 BOOL r;
1537 LPWSTR name = NULL;
1538
1539 if( lpFileName )
1540 {
1541 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1542 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1543 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1544 }
1545
1546 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor );
1547 HeapFree( GetProcessHeap(), 0, name );
1548
1549 return r;
1550 }
1551
1552 /******************************************************************************
1553 * SetFileSecurityW [ADVAPI32.@]
1554 * Sets the security of a file or directory
1555 *
1556 * PARAMS
1557 * lpFileName []
1558 * RequestedInformation []
1559 * pSecurityDescriptor []
1560 */
1561 BOOL WINAPI
1562 SetFileSecurityW( LPCWSTR lpFileName,
1563 SECURITY_INFORMATION RequestedInformation,
1564 PSECURITY_DESCRIPTOR pSecurityDescriptor )
1565 {
1566 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1567 return TRUE;
1568 }
1569
1570 /******************************************************************************
1571 * QueryWindows31FilesMigration [ADVAPI32.@]
1572 *
1573 * PARAMS
1574 * x1 []
1575 */
1576 BOOL WINAPI
1577 QueryWindows31FilesMigration( DWORD x1 )
1578 {
1579 FIXME("(%ld):stub\n",x1);
1580 return TRUE;
1581 }
1582
1583 /******************************************************************************
1584 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1585 *
1586 * PARAMS
1587 * x1 []
1588 * x2 []
1589 * x3 []
1590 * x4 []
1591 */
1592 BOOL WINAPI
1593 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1594 DWORD x4 )
1595 {
1596 FIXME("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1,x2,x3,x4);
1597 return TRUE;
1598 }
1599
1600 /******************************************************************************
1601 * NotifyBootConfigStatus [ADVAPI32.@]
1602 *
1603 * PARAMS
1604 * x1 []
1605 */
1606 BOOL WINAPI
1607 NotifyBootConfigStatus( DWORD x1 )
1608 {
1609 FIXME("(0x%08lx):stub\n",x1);
1610 return 1;
1611 }
1612
1613 /******************************************************************************
1614 * RevertToSelf [ADVAPI32.@]
1615 *
1616 * Ends the impersonation of a user.
1617 *
1618 * PARAMS
1619 * void []
1620 *
1621 * RETURNS
1622 * Success: TRUE.
1623 * Failure: FALSE.
1624 */
1625 BOOL WINAPI
1626 RevertToSelf( void )
1627 {
1628 HANDLE Token = NULL;
1629 return set_ntstatus( NtSetInformationThread( GetCurrentThread(),
1630 ThreadImpersonationToken, &Token, sizeof(Token) ) );
1631 }
1632
1633 /******************************************************************************
1634 * ImpersonateSelf [ADVAPI32.@]
1635 *
1636 * Makes an impersonation token that represents the process user and assigns
1637 * to the current thread.
1638 *
1639 * PARAMS
1640 * ImpersonationLevel [I] Level at which to impersonate.
1641 *
1642 * RETURNS
1643 * Success: TRUE.
1644 * Failure: FALSE.
1645 */
1646 BOOL WINAPI
1647 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1648 {
1649 return set_ntstatus( RtlImpersonateSelf( ImpersonationLevel ) );
1650 }
1651
1652 /******************************************************************************
1653 * ImpersonateLoggedOnUser [ADVAPI32.@]
1654 */
1655 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
1656 {
1657 FIXME("(%p):stub returning FALSE\n", hToken);
1658 return FALSE;
1659 }
1660
1661 /******************************************************************************
1662 * AccessCheck [ADVAPI32.@]
1663 */
1664 BOOL WINAPI
1665 AccessCheck(
1666 PSECURITY_DESCRIPTOR SecurityDescriptor,
1667 HANDLE ClientToken,
1668 DWORD DesiredAccess,
1669 PGENERIC_MAPPING GenericMapping,
1670 PPRIVILEGE_SET PrivilegeSet,
1671 LPDWORD PrivilegeSetLength,
1672 LPDWORD GrantedAccess,
1673 LPBOOL AccessStatus)
1674 {
1675 NTSTATUS access_status;
1676 BOOL ret = set_ntstatus( NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
1677 GenericMapping, PrivilegeSet, PrivilegeSetLength,
1678 GrantedAccess, &access_status) );
1679 if (ret) *AccessStatus = set_ntstatus( access_status );
1680 return ret;
1681 }
1682
1683
1684 /******************************************************************************
1685 * AccessCheckByType [ADVAPI32.@]
1686 */
1687 BOOL WINAPI AccessCheckByType(
1688 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1689 PSID PrincipalSelfSid,
1690 HANDLE ClientToken,
1691 DWORD DesiredAccess,
1692 POBJECT_TYPE_LIST ObjectTypeList,
1693 DWORD ObjectTypeListLength,
1694 PGENERIC_MAPPING GenericMapping,
1695 PPRIVILEGE_SET PrivilegeSet,
1696 LPDWORD PrivilegeSetLength,
1697 LPDWORD GrantedAccess,
1698 LPBOOL AccessStatus)
1699 {
1700 FIXME("stub\n");
1701
1702 *AccessStatus = TRUE;
1703
1704 return !*AccessStatus;
1705 }
1706
1707 /******************************************************************************
1708 * MapGenericMask [ADVAPI32.@]
1709 *
1710 * Maps generic access rights into specific access rights according to the
1711 * supplied mapping.
1712 *
1713 * PARAMS
1714 * AccessMask [I/O] Access rights.
1715 * GenericMapping [I] The mapping between generic and specific rights.
1716 *
1717 * RETURNS
1718 * Nothing.
1719 */
1720 VOID WINAPI MapGenericMask( PDWORD AccessMask, PGENERIC_MAPPING GenericMapping )
1721 {
1722 RtlMapGenericMask( AccessMask, GenericMapping );
1723 }
1724
1725 /*************************************************************************
1726 * SetKernelObjectSecurity [ADVAPI32.@]
1727 */
1728 BOOL WINAPI SetKernelObjectSecurity (
1729 IN HANDLE Handle,
1730 IN SECURITY_INFORMATION SecurityInformation,
1731 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
1732 {
1733 return set_ntstatus (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
1734 }
1735
1736
1737 /******************************************************************************
1738 * AddAuditAccessAce [ADVAPI32.@]
1739 */
1740 BOOL WINAPI AddAuditAccessAce(
1741 IN OUT PACL pAcl,
1742 IN DWORD dwAceRevision,
1743 IN DWORD dwAccessMask,
1744 IN PSID pSid,
1745 IN BOOL bAuditSuccess,
1746 IN BOOL bAuditFailure)
1747 {
1748 return set_ntstatus( RtlAddAuditAccessAce(pAcl, dwAceRevision, dwAccessMask, pSid,
1749 bAuditSuccess, bAuditFailure) );
1750 }
1751
1752 /******************************************************************************
1753 * LookupAccountNameA [ADVAPI32.@]
1754 */
1755 BOOL WINAPI
1756 LookupAccountNameA(
1757 IN LPCSTR system,
1758 IN LPCSTR account,
1759 OUT PSID sid,
1760 OUT LPDWORD cbSid,
1761 LPSTR ReferencedDomainName,
1762 IN OUT LPDWORD cbReferencedDomainName,
1763 OUT PSID_NAME_USE name_use )
1764 {
1765 /* Default implementation: Always return a default SID */
1766 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
1767 BOOL ret;
1768 PSID pSid;
1769 static const char dm[] = "DOMAIN";
1770
1771 FIXME("(%s,%s,%p,%p,%p,%p,%p), stub.\n",system,account,sid,cbSid,ReferencedDomainName,cbReferencedDomainName,name_use);
1772
1773 ret = AllocateAndInitializeSid(&identifierAuthority,
1774 2,
1775 SECURITY_BUILTIN_DOMAIN_RID,
1776 DOMAIN_ALIAS_RID_ADMINS,
1777 0, 0, 0, 0, 0, 0,
1778 &pSid);
1779
1780 if (!ret)
1781 return FALSE;
1782 if(!RtlValidSid(pSid))
1783 {
1784 FreeSid(pSid);
1785 return FALSE;
1786 }
1787
1788 if (sid != NULL && (*cbSid >= GetLengthSid(pSid)))
1789 CopySid(*cbSid, sid, pSid);
1790 if (*cbSid < GetLengthSid(pSid))
1791 {
1792 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1793 ret = FALSE;
1794 }
1795 *cbSid = GetLengthSid(pSid);
1796
1797 if (ReferencedDomainName != NULL && (*cbReferencedDomainName > strlen(dm)))
1798 strcpy(ReferencedDomainName, dm);
1799 if (*cbReferencedDomainName <= strlen(dm))
1800 {
1801 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1802 ret = FALSE;
1803 }
1804 *cbReferencedDomainName = strlen(dm)+1;
1805
1806 FreeSid(pSid);
1807
1808 return ret;
1809 }
1810
1811 /******************************************************************************
1812 * LookupAccountNameW [ADVAPI32.@]
1813 */
1814 BOOL WINAPI LookupAccountNameW( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid,
1815 LPDWORD cbSid, LPWSTR ReferencedDomainName,
1816 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
1817 {
1818 FIXME("%s %s %p %p %p %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpAccountName),
1819 Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse);
1820
1821 return FALSE;
1822 }
1823
1824 /******************************************************************************
1825 * PrivilegeCheck [ADVAPI32.@]
1826 */
1827 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
1828 {
1829 BOOL ret;
1830 BOOLEAN Result;
1831
1832 TRACE("%p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
1833
1834 ret = set_ntstatus (NtPrivilegeCheck (ClientToken, RequiredPrivileges, &Result));
1835 if (ret)
1836 *pfResult = Result;
1837 return ret;
1838 }
1839
1840 /******************************************************************************
1841 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
1842 */
1843 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
1844 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1845 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1846 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1847 {
1848 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
1849 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
1850 SecurityDescriptor, DesiredAccess, GenericMapping,
1851 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1852 return TRUE;
1853 }
1854
1855 /******************************************************************************
1856 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
1857 */
1858 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
1859 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1860 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1861 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1862 {
1863 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
1864 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
1865 SecurityDescriptor, DesiredAccess, GenericMapping,
1866 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1867 return TRUE;
1868 }
1869
1870 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
1871 {
1872 FIXME("stub (%s,%p,%x)\n", debugstr_a(SubsystemName), HandleId, GenerateOnClose);
1873
1874 return TRUE;
1875 }
1876
1877 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
1878 {
1879 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
1880
1881 return TRUE;
1882 }
1883
1884 BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName,
1885 LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
1886 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
1887 LPBOOL GenerateOnClose)
1888 {
1889 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_a(SubsystemName),
1890 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), pSecurityDescriptor,
1891 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
1892 GenerateOnClose);
1893
1894 return TRUE;
1895 }
1896
1897 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName,
1898 LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
1899 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
1900 LPBOOL GenerateOnClose)
1901 {
1902 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_w(SubsystemName),
1903 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), pSecurityDescriptor,
1904 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
1905 GenerateOnClose);
1906
1907 return TRUE;
1908 }
1909
1910 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
1911 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1912 {
1913 FIXME("stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_a(SubsystemName), HandleId, ClientToken,
1914 DesiredAccess, Privileges, AccessGranted);
1915
1916 return TRUE;
1917 }
1918
1919 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
1920 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1921 {
1922 FIXME("stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_w(SubsystemName), HandleId, ClientToken,
1923 DesiredAccess, Privileges, AccessGranted);
1924
1925 return TRUE;
1926 }
1927
1928 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken,
1929 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1930 {
1931 FIXME("stub (%s,%s,%p,%p,%x)\n", debugstr_a(SubsystemName), debugstr_a(ServiceName),
1932 ClientToken, Privileges, AccessGranted);
1933
1934 return TRUE;
1935 }
1936
1937 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken,
1938 PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1939 {
1940 FIXME("stub %s,%s,%p,%p,%x)\n", debugstr_w(SubsystemName), debugstr_w(ServiceName),
1941 ClientToken, Privileges, AccessGranted);
1942
1943 return TRUE;
1944 }
1945
1946 /******************************************************************************
1947 * GetSecurityInfo [ADVAPI32.@]
1948 */
1949 DWORD WINAPI GetSecurityInfo(
1950 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1951 SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner,
1952 PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl,
1953 PSECURITY_DESCRIPTOR *ppSecurityDescriptor
1954 )
1955 {
1956 FIXME("stub!\n");
1957 return ERROR_BAD_PROVIDER;
1958 }
1959
1960 /******************************************************************************
1961 * GetSecurityInfoExW [ADVAPI32.@]
1962 */
1963 DWORD WINAPI GetSecurityInfoExW(
1964 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1965 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
1966 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
1967 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
1968 )
1969 {
1970 FIXME("stub!\n");
1971 return ERROR_BAD_PROVIDER;
1972 }
1973
1974 /******************************************************************************
1975 * BuildExplicitAccessWithNameA [ADVAPI32.@]
1976 */
1977 VOID WINAPI BuildExplicitAccessWithNameA( PEXPLICIT_ACCESSA pExplicitAccess,
1978 LPSTR pTrusteeName, DWORD AccessPermissions,
1979 ACCESS_MODE AccessMode, DWORD Inheritance )
1980 {
1981 TRACE("%p %s 0x%08lx 0x%08x 0x%08lx\n", pExplicitAccess, debugstr_a(pTrusteeName),
1982 AccessPermissions, AccessMode, Inheritance);
1983
1984 pExplicitAccess->grfAccessPermissions = AccessPermissions;
1985 pExplicitAccess->grfAccessMode = AccessMode;
1986 pExplicitAccess->grfInheritance = Inheritance;
1987
1988 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
1989 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1990 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
1991 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
1992 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
1993 }
1994
1995 /******************************************************************************
1996 * BuildExplicitAccessWithNameW [ADVAPI32.@]
1997 */
1998 VOID WINAPI BuildExplicitAccessWithNameW( PEXPLICIT_ACCESSW pExplicitAccess,
1999 LPWSTR pTrusteeName, DWORD AccessPermissions,
2000 ACCESS_MODE AccessMode, DWORD Inheritance )
2001 {
2002 TRACE("%p %s 0x%08lx 0x%08x 0x%08lx\n", pExplicitAccess, debugstr_w(pTrusteeName),
2003 AccessPermissions, AccessMode, Inheritance);
2004
2005 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2006 pExplicitAccess->grfAccessMode = AccessMode;
2007 pExplicitAccess->grfInheritance = Inheritance;
2008
2009 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2010 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2011 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2012 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2013 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2014 }
2015
2016 /******************************************************************************
2017 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
2018 */
2019 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
2020 SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
2021 LPSTR InheritedObjectTypeName, LPSTR Name )
2022 {
2023 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2024 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
2025
2026 pTrustee->pMultipleTrustee = NULL;
2027 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2028 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2029 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2030 pTrustee->ptstrName = Name;
2031 }
2032
2033 /******************************************************************************
2034 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
2035 */
2036 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
2037 SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
2038 LPWSTR InheritedObjectTypeName, LPWSTR Name )
2039 {
2040 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2041 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
2042
2043 pTrustee->pMultipleTrustee = NULL;
2044 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2045 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2046 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2047 pTrustee->ptstrName = Name;
2048 }
2049
2050 VOID WINAPI BuildTrusteeWithObjectsAndSidA( PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid,
2051 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2052 {
2053 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2054
2055 pTrustee->pMultipleTrustee = NULL;
2056 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2057 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2058 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2059 pTrustee->ptstrName = (LPSTR) pSid;
2060 }
2061
2062 VOID WINAPI BuildTrusteeWithObjectsAndSidW( PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid,
2063 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2064 {
2065 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2066
2067 pTrustee->pMultipleTrustee = NULL;
2068 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2069 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2070 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2071 pTrustee->ptstrName = (LPWSTR) pSid;
2072 }
2073
2074 /******************************************************************************
2075 * BuildTrusteeWithSidA [ADVAPI32.@]
2076 */
2077 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
2078 {
2079 TRACE("%p %p\n", pTrustee, pSid);
2080
2081 pTrustee->pMultipleTrustee = NULL;
2082 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2083 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2084 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2085 pTrustee->ptstrName = (LPSTR) pSid;
2086 }
2087
2088 /******************************************************************************
2089 * BuildTrusteeWithSidW [ADVAPI32.@]
2090 */
2091 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
2092 {
2093 TRACE("%p %p\n", pTrustee, pSid);
2094
2095 pTrustee->pMultipleTrustee = NULL;
2096 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2097 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2098 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2099 pTrustee->ptstrName = (LPWSTR) pSid;
2100 }
2101
2102 /******************************************************************************
2103 * BuildTrusteeWithNameA [ADVAPI32.@]
2104 */
2105 VOID WINAPI BuildTrusteeWithNameA(PTRUSTEEA pTrustee, LPSTR name)
2106 {
2107 TRACE("%p %s\n", pTrustee, debugstr_a(name) );
2108
2109 pTrustee->pMultipleTrustee = NULL;
2110 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2111 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2112 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2113 pTrustee->ptstrName = name;
2114 }
2115
2116 /******************************************************************************
2117 * BuildTrusteeWithNameW [ADVAPI32.@]
2118 */
2119 VOID WINAPI BuildTrusteeWithNameW(PTRUSTEEW pTrustee, LPWSTR name)
2120 {
2121 TRACE("%p %s\n", pTrustee, debugstr_w(name) );
2122
2123 pTrustee->pMultipleTrustee = NULL;
2124 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2125 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2126 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2127 pTrustee->ptstrName = name;
2128 }
2129
2130 /******************************************************************************
2131 * GetTrusteeFormA [ADVAPI32.@]
2132 */
2133 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
2134 {
2135 TRACE("(%p)\n", pTrustee);
2136
2137 if (!pTrustee)
2138 return TRUSTEE_BAD_FORM;
2139
2140 return pTrustee->TrusteeForm;
2141 }
2142
2143 /******************************************************************************
2144 * GetTrusteeFormW [ADVAPI32.@]
2145 */
2146 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
2147 {
2148 TRACE("(%p)\n", pTrustee);
2149
2150 if (!pTrustee)
2151 return TRUSTEE_BAD_FORM;
2152
2153 return pTrustee->TrusteeForm;
2154 }
2155
2156 /******************************************************************************
2157 * GetTrusteeNameA [ADVAPI32.@]
2158 */
2159 LPSTR WINAPI GetTrusteeNameA(PTRUSTEEA pTrustee)
2160 {
2161 TRACE("(%p)\n", pTrustee);
2162
2163 if (!pTrustee)
2164 return NULL;
2165
2166 return pTrustee->ptstrName;
2167 }
2168
2169 /******************************************************************************
2170 * GetTrusteeNameW [ADVAPI32.@]
2171 */
2172 LPWSTR WINAPI GetTrusteeNameW(PTRUSTEEW pTrustee)
2173 {
2174 TRACE("(%p)\n", pTrustee);
2175
2176 if (!pTrustee)
2177 return NULL;
2178
2179 return pTrustee->ptstrName;
2180 }
2181
2182 /******************************************************************************
2183 * GetTrusteeTypeA [ADVAPI32.@]
2184 */
2185 TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEEA pTrustee)
2186 {
2187 TRACE("(%p)\n", pTrustee);
2188
2189 if (!pTrustee)
2190 return TRUSTEE_IS_UNKNOWN;
2191
2192 return pTrustee->TrusteeType;
2193 }
2194
2195 /******************************************************************************
2196 * GetTrusteeTypeW [ADVAPI32.@]
2197 */
2198 TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEEW pTrustee)
2199 {
2200 TRACE("(%p)\n", pTrustee);
2201
2202 if (!pTrustee)
2203 return TRUSTEE_IS_UNKNOWN;
2204
2205 return pTrustee->TrusteeType;
2206 }
2207
2208 BOOL WINAPI SetAclInformation( PACL pAcl, LPVOID pAclInformation,
2209 DWORD nAclInformationLength,
2210 ACL_INFORMATION_CLASS dwAclInformationClass )
2211 {
2212 FIXME("%p %p 0x%08lx 0x%08x - stub\n", pAcl, pAclInformation,
2213 nAclInformationLength, dwAclInformationClass);
2214
2215 return TRUE;
2216 }
2217
2218 /******************************************************************************
2219 * SetEntriesInAclA [ADVAPI32.@]
2220 */
2221 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
2222 PACL OldAcl, PACL* NewAcl )
2223 {
2224 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
2225 return ERROR_CALL_NOT_IMPLEMENTED;
2226 }
2227
2228 /******************************************************************************
2229 * SetEntriesInAclW [ADVAPI32.@]
2230 */
2231 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
2232 PACL OldAcl, PACL* NewAcl )
2233 {
2234 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
2235 return ERROR_CALL_NOT_IMPLEMENTED;
2236 }
2237
2238 /******************************************************************************
2239 * SetNamedSecurityInfoA [ADVAPI32.@]
2240 */
2241 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
2242 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2243 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
2244 {
2245 DWORD len;
2246 LPWSTR wstr = NULL;
2247 DWORD r;
2248
2249 TRACE("%s %d %ld %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
2250 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
2251
2252 if( pObjectName )
2253 {
2254 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
2255 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
2256 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
2257 }
2258
2259 r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner,
2260 psidGroup, pDacl, pSacl );
2261
2262 HeapFree( GetProcessHeap(), 0, wstr );
2263
2264 return r;
2265 }
2266
2267 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION SecurityInformation,
2268 PSECURITY_DESCRIPTOR ModificationDescriptor,
2269 PSECURITY_DESCRIPTOR* ObjectsSecurityDescriptor,
2270 PGENERIC_MAPPING GenericMapping,
2271 HANDLE Token )
2272 {
2273 FIXME("0x%08lx %p %p %p %p - stub\n", SecurityInformation, ModificationDescriptor,
2274 ObjectsSecurityDescriptor, GenericMapping, Token);
2275
2276 return TRUE;
2277 }
2278
2279 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor,
2280 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
2281 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet )
2282 {
2283 FIXME("%p 0x%08x 0x%08x - stub\n", pSecurityDescriptor, ControlBitsOfInterest,
2284 ControlBitsToSet);
2285
2286 return TRUE;
2287 }
2288
2289 BOOL WINAPI AreAllAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
2290 {
2291 return RtlAreAllAccessesGranted( GrantedAccess, DesiredAccess );
2292 }
2293
2294 /******************************************************************************
2295 * AreAnyAccessesGranted [ADVAPI32.@]
2296 *
2297 * Determines whether or not any of a set of specified access permissions have
2298 * been granted or not.
2299 *
2300 * PARAMS
2301 * GrantedAccess [I] The permissions that have been granted.
2302 * DesiredAccess [I] The permissions that you want to have.
2303 *
2304 * RETURNS
2305 * Nonzero if any of the permissions have been granted, zero if none of the
2306 * permissions have been granted.
2307 */
2308
2309 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
2310 {
2311 return RtlAreAnyAccessesGranted( GrantedAccess, DesiredAccess );
2312 }
2313
2314 /******************************************************************************
2315 * SetNamedSecurityInfoW [ADVAPI32.@]
2316 */
2317 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
2318 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2319 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
2320 {
2321 FIXME("%s %d %ld %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
2322 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
2323 return ERROR_SUCCESS;
2324 }
2325
2326 /******************************************************************************
2327 * GetExplicitEntriesFromAclA [ADVAPI32.@]
2328 */
2329 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
2330 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
2331 {
2332 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
2333 return ERROR_CALL_NOT_IMPLEMENTED;
2334 }
2335
2336 /******************************************************************************
2337 * GetExplicitEntriesFromAclW [ADVAPI32.@]
2338 */
2339 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
2340 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
2341 {
2342 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
2343 return ERROR_CALL_NOT_IMPLEMENTED;
2344 }
2345
2346
2347 /******************************************************************************
2348 * ParseAclStringFlags
2349 */
2350 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
2351 {
2352 DWORD flags = 0;
2353 LPCWSTR szAcl = *StringAcl;
2354
2355 while (*szAcl != '(')
2356 {
2357 if (*szAcl == 'P')
2358 {
2359 flags |= SE_DACL_PROTECTED;
2360 }
2361 else if (*szAcl == 'A')
2362 {
2363 szAcl++;
2364 if (*szAcl == 'R')
2365 flags |= SE_DACL_AUTO_INHERIT_REQ;
2366 else if (*szAcl == 'I')
2367 flags |= SE_DACL_AUTO_INHERITED;
2368 }
2369 szAcl++;
2370 }
2371
2372 *StringAcl = szAcl;
2373 return flags;
2374 }
2375
2376 /******************************************************************************
2377 * ParseAceStringType
2378 */
2379 ACEFLAG AceType[] =
2380 {
2381 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
2382 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
2383 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
2384 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
2385 /*
2386 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
2387 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
2388 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
2389 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
2390 */
2391 { NULL, 0 },
2392 };
2393
2394 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
2395 {
2396 UINT len = 0;
2397 LPCWSTR szAcl = *StringAcl;
2398 LPACEFLAG lpaf = AceType;
2399
2400 while (lpaf->wstr &&
2401 (len = strlenW(lpaf->wstr)) &&
2402 strncmpW(lpaf->wstr, szAcl, len))
2403 lpaf++;
2404
2405 if (!lpaf->wstr)
2406 return 0;
2407
2408 *StringAcl += len;
2409 return lpaf->value;
2410 }
2411
2412
2413 /******************************************************************************
2414 * ParseAceStringFlags
2415 */
2416 ACEFLAG AceFlags[] =
2417 {
2418 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
2419 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
2420 { SDDL_INHERITED, INHERITED_ACE },
2421 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
2422 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
2423 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
2424 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
2425 { NULL, 0 },
2426 };
2427
2428 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
2429 {
2430 UINT len = 0;
2431 BYTE flags = 0;
2432 LPCWSTR szAcl = *StringAcl;
2433
2434 while (*szAcl != ';')
2435 {
2436 LPACEFLAG lpaf = AceFlags;
2437
2438 while (lpaf->wstr &&
2439 (len = strlenW(lpaf->wstr)) &&
2440 strncmpW(lpaf->wstr, szAcl, len))
2441 lpaf++;
2442
2443 if (!lpaf->wstr)
2444 return 0;
2445
2446 flags |= lpaf->value;
2447 szAcl += len;
2448 }
2449
2450 *StringAcl = szAcl;
2451 return flags;
2452 }
2453
2454
2455 /******************************************************************************
2456 * ParseAceStringRights
2457 */
2458 ACEFLAG AceRights[] =
2459 {
2460 { SDDL_GENERIC_ALL, GENERIC_ALL },
2461 { SDDL_GENERIC_READ, GENERIC_READ },
2462 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
2463 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
2464 { SDDL_READ_CONTROL, READ_CONTROL },
2465 { SDDL_STANDARD_DELETE, DELETE },
2466 { SDDL_WRITE_DAC, WRITE_DAC },
2467 { SDDL_WRITE_OWNER, WRITE_OWNER },
2468 { NULL, 0 },
2469 };
2470
2471 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
2472 {
2473 UINT len = 0;
2474 DWORD rights = 0;
2475 LPCWSTR szAcl = *StringAcl;
2476
2477 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2478 {
2479 LPCWSTR p = szAcl;
2480
2481 while (*p && *p != ';')
2482 p++;
2483
2484 if (p - szAcl <= 8)
2485 {
2486 rights = strtoulW(szAcl, NULL, 16);
2487 *StringAcl = p;
2488 }
2489 else
2490 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2491 }
2492 else
2493 {
2494 while (*szAcl != ';')
2495 {
2496 LPACEFLAG lpaf = AceRights;
2497
2498 while (lpaf->wstr &&
2499 (len = strlenW(lpaf->wstr)) &&
2500 strncmpW(lpaf->wstr, szAcl, len))
2501 {
2502 lpaf++;
2503 }
2504
2505 if (!lpaf->wstr)
2506 return 0;
2507
2508 rights |= lpaf->value;
2509 szAcl += len;
2510 }
2511 }
2512
2513 *StringAcl = szAcl;
2514 return rights;
2515 }
2516
2517
2518 /******************************************************************************
2519 * ParseStringAclToAcl
2520 *
2521 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
2522 */
2523 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
2524 PACL pAcl, LPDWORD cBytes)
2525 {
2526 DWORD val;
2527 DWORD sidlen;
2528 DWORD length = sizeof(ACL);
2529 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
2530
2531 TRACE("%s\n", debugstr_w(StringAcl));
2532
2533 if (!StringAcl)
2534 return FALSE;
2535
2536 if (pAcl) /* pAce is only useful if we're setting values */
2537 pAce = (PACCESS_ALLOWED_ACE) ((LPBYTE)pAcl + sizeof(PACL));
2538
2539 /* Parse ACL flags */
2540 *lpdwFlags = ParseAclStringFlags(&StringAcl);
2541
2542 /* Parse ACE */
2543 while (*StringAcl == '(')
2544 {
2545 StringAcl++;
2546
2547 /* Parse ACE type */
2548 val = ParseAceStringType(&StringAcl);
2549 if (pAce)
2550 pAce->Header.AceType = (BYTE) val;
2551 if (*StringAcl != ';')
2552 goto lerr;
2553 StringAcl++;
2554
2555 /* Parse ACE flags */
2556 val = ParseAceStringFlags(&StringAcl);
2557 if (pAce)
2558 pAce->Header.AceFlags = (BYTE) val;
2559 if (*StringAcl != ';')
2560 goto lerr;
2561 StringAcl++;
2562
2563 /* Parse ACE rights */
2564 val = ParseAceStringRights(&StringAcl);
2565 if (pAce)
2566 pAce->Mask = val;
2567 if (*StringAcl != ';')
2568 goto lerr;
2569 StringAcl++;
2570
2571 /* Parse ACE object guid */
2572 if (*StringAcl != ';')
2573 {
2574 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2575 goto lerr;
2576 }
2577 StringAcl++;
2578
2579 /* Parse ACE inherit object guid */
2580 if (*StringAcl != ';')
2581 {
2582 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2583 goto lerr;
2584 }
2585 StringAcl++;
2586
2587 /* Parse ACE account sid */
2588 if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
2589 {
2590 while (*StringAcl && *StringAcl != ')')
2591 StringAcl++;
2592 }
2593
2594 if (*StringAcl != ')')
2595 goto lerr;
2596 StringAcl++;
2597
2598 length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
2599 }
2600
2601 *cBytes = length;
2602 return TRUE;
2603
2604 lerr:
2605 WARN("Invalid ACE string format\n");
2606 return FALSE;
2607 }
2608
2609
2610 /******************************************************************************
2611 * ParseStringSecurityDescriptorToSecurityDescriptor
2612 */
2613 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
2614 LPCWSTR StringSecurityDescriptor,
2615 SECURITY_DESCRIPTOR* SecurityDescriptor,
2616 LPDWORD cBytes)
2617 {
2618 BOOL bret = FALSE;
2619 WCHAR toktype;
2620 WCHAR tok[MAX_PATH];
2621 LPCWSTR lptoken;
2622 LPBYTE lpNext = NULL;
2623 DWORD len;
2624
2625 *cBytes = 0;
2626
2627 if (SecurityDescriptor)
2628 lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
2629
2630 while (*StringSecurityDescriptor)
2631 {
2632 toktype = *StringSecurityDescriptor;
2633
2634 /* Expect char identifier followed by ':' */
2635 StringSecurityDescriptor++;
2636 if (*StringSecurityDescriptor != ':')
2637 {
2638 SetLastError(ERROR_INVALID_PARAMETER);
2639 goto lend;
2640 }
2641 StringSecurityDescriptor++;
2642
2643 /* Extract token */
2644 lptoken = StringSecurityDescriptor;
2645 while (*lptoken && *lptoken != ':')
2646 lptoken++;
2647
2648 if (*lptoken)
2649 lptoken--;
2650
2651 len = lptoken - StringSecurityDescriptor;
2652 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
2653 tok[len] = 0;
2654
2655 switch (toktype)
2656 {
2657 case 'O':
2658 {
2659 DWORD bytes;
2660
2661 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
2662 goto lend;
2663
2664 if (SecurityDescriptor)
2665 {
2666 SecurityDescriptor->Owner = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
2667 lpNext += bytes; /* Advance to next token */
2668 }
2669
2670 *cBytes += bytes;
2671
2672 break;
2673 }
2674
2675 case 'G':
2676 {
2677 DWORD bytes;
2678
2679 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
2680 goto lend;
2681
2682 if (SecurityDescriptor)
2683 {
2684 SecurityDescriptor->Group = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
2685 lpNext += bytes; /* Advance to next token */
2686 }
2687
2688 *cBytes += bytes;
2689
2690 break;
2691 }
2692
2693 case 'D':
2694 {
2695 DWORD flags;
2696 DWORD bytes;
2697
2698 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2699 goto lend;
2700
2701 if (SecurityDescriptor)
2702 {
2703 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
2704 SecurityDescriptor->Dacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
2705 lpNext += bytes; /* Advance to next token */
2706 }
2707
2708 *cBytes += bytes;
2709
2710 break;
2711 }
2712
2713 case 'S':
2714 {
2715 DWORD flags;
2716 DWORD bytes;
2717
2718 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2719 goto lend;
2720
2721 if (SecurityDescriptor)
2722 {
2723 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
2724 SecurityDescriptor->Sacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
2725 lpNext += bytes; /* Advance to next token */
2726 }
2727
2728 *cBytes += bytes;
2729
2730 break;
2731 }
2732
2733 default:
2734 FIXME("Unknown token\n");
2735 SetLastError(ERROR_INVALID_PARAMETER);
2736 goto lend;
2737 }
2738
2739 StringSecurityDescriptor = lptoken;
2740 }
2741
2742 bret = TRUE;
2743
2744 lend:
2745 return bret;
2746 }
2747
2748 /******************************************************************************
2749 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
2750 */
2751 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(
2752 LPCSTR StringSecurityDescriptor,
2753 DWORD StringSDRevision,
2754 PSECURITY_DESCRIPTOR* SecurityDescriptor,
2755 PULONG SecurityDescriptorSize)
2756 {
2757 UINT len;
2758 BOOL ret = FALSE;
2759 LPWSTR StringSecurityDescriptorW;
2760
2761 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
2762 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
2763
2764 if (StringSecurityDescriptorW)
2765 {
2766 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
2767
2768 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
2769 StringSDRevision, SecurityDescriptor,
2770 SecurityDescriptorSize);
2771 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
2772 }
2773
2774 return ret;
2775 }
2776
2777 /******************************************************************************
2778 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2779 */
2780 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
2781 LPCWSTR StringSecurityDescriptor,
2782 DWORD StringSDRevision,
2783 PSECURITY_DESCRIPTOR* SecurityDescriptor,
2784 PULONG SecurityDescriptorSize)
2785 {
2786 DWORD cBytes;
2787 SECURITY_DESCRIPTOR* psd;
2788 BOOL bret = FALSE;
2789
2790 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2791
2792 if (GetVersion() & 0x80000000)
2793 {
2794 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2795 goto lend;
2796 }
2797 else if (StringSDRevision != SID_REVISION)
2798 {
2799 SetLastError(ERROR_UNKNOWN_REVISION);
2800 goto lend;
2801 }
2802
2803 /* Compute security descriptor length */
2804 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2805 NULL, &cBytes))
2806 goto lend;
2807
2808 psd = *SecurityDescriptor = (SECURITY_DESCRIPTOR*) LocalAlloc(
2809 GMEM_ZEROINIT, cBytes);
2810
2811 psd->Revision = SID_REVISION;
2812 psd->Control |= SE_SELF_RELATIVE;
2813
2814 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2815 psd, &cBytes))
2816 {
2817 LocalFree(psd);
2818 goto lend;
2819 }
2820
2821 if (SecurityDescriptorSize)
2822 *SecurityDescriptorSize = cBytes;
2823
2824 bret = TRUE;
2825
2826 lend:
2827 TRACE(" ret=%d\n", bret);
2828 return bret;
2829 }
2830
2831 /******************************************************************************
2832 * ConvertStringSidToSidW [ADVAPI32.@]
2833 */
2834 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
2835 {
2836 BOOL bret = FALSE;
2837 DWORD cBytes;
2838
2839 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
2840 if (GetVersion() & 0x80000000)
2841 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2842 else if (!StringSid || !Sid)
2843 SetLastError(ERROR_INVALID_PARAMETER);
2844 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
2845 {
2846 PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
2847
2848 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
2849 if (!bret)
2850 LocalFree(*Sid);
2851 }
2852 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2853 return bret;
2854 }
2855
2856 /******************************************************************************
2857 * ConvertStringSidToSidA [ADVAPI32.@]
2858 */
2859 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
2860 {
2861 BOOL bret = FALSE;
2862
2863 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
2864 if (GetVersion() & 0x80000000)
2865 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2866 else if (!StringSid || !Sid)
2867 SetLastError(ERROR_INVALID_PARAMETER);
2868 else
2869 {
2870 UINT len = MultiByteToWideChar(CP_ACP, 0, StringSid, -1, NULL, 0);
2871 LPWSTR wStringSid = HeapAlloc(GetProcessHeap(), 0,
2872 len * sizeof(WCHAR));
2873
2874 MultiByteToWideChar(CP_ACP, 0, StringSid, -1, wStringSid, len);
2875 bret = ConvertStringSidToSidW(wStringSid, Sid);
2876 HeapFree(GetProcessHeap(), 0, wStringSid);
2877 }
2878 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2879 return bret;
2880 }
2881
2882 /******************************************************************************
2883 * ConvertSidToStringSidW [ADVAPI32.@]
2884 *
2885 * format of SID string is:
2886 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
2887 * where
2888 * <rev> is the revision of the SID encoded as decimal
2889 * <auth> is the identifier authority encoded as hex
2890 * <subauthN> is the subauthority id encoded as decimal
2891 */
2892 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr )
2893 {
2894 DWORD sz, i;
2895 LPWSTR str;
2896 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
2897 WCHAR subauthfmt[] = { '-','%','u',0 };
2898 SID* pisid=pSid;
2899
2900 TRACE("%p %p\n", pSid, pstr );
2901
2902 if( !IsValidSid( pSid ) )
2903 return FALSE;
2904
2905 if (pisid->Revision != SDDL_REVISION)
2906 return FALSE;
2907 if (pisid->IdentifierAuthority.Value[0] ||
2908 pisid->IdentifierAuthority.Value[1])
2909 {
2910 FIXME("not matching MS' bugs\n");
2911 return FALSE;
2912 }
2913
2914 sz = 14 + pisid->SubAuthorityCount * 11;
2915 str = LocalAlloc( 0, sz*sizeof(WCHAR) );
2916 sprintfW( str, fmt, pisid->Revision, MAKELONG(
2917 MAKEWORD( pisid->IdentifierAuthority.Value[5],
2918 pisid->IdentifierAuthority.Value[4] ),
2919 MAKEWORD( pisid->IdentifierAuthority.Value[3],
2920 pisid->IdentifierAuthority.Value[2] ) ) );
2921 for( i=0; i<pisid->SubAuthorityCount; i++ )
2922 sprintfW( str + strlenW(str), subauthfmt, pisid->SubAuthority[i] );
2923 *pstr = str;
2924
2925 return TRUE;
2926 }
2927
2928 /******************************************************************************
2929 * ConvertSidToStringSidA [ADVAPI32.@]
2930 */
2931 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr)
2932 {
2933 LPWSTR wstr = NULL;
2934 LPSTR str;
2935 UINT len;
2936
2937 TRACE("%p %p\n", pSid, pstr );
2938
2939 if( !ConvertSidToStringSidW( pSid, &wstr ) )
2940 return FALSE;
2941
2942 len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL );
2943 str = LocalAlloc( 0, len );
2944 WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL );
2945 LocalFree( wstr );
2946
2947 *pstr = str;
2948
2949 return TRUE;
2950 }
2951
2952 BOOL WINAPI CreatePrivateObjectSecurity(
2953 PSECURITY_DESCRIPTOR ParentDescriptor,
2954 PSECURITY_DESCRIPTOR CreatorDescriptor,
2955 PSECURITY_DESCRIPTOR* NewDescriptor,
2956 BOOL IsDirectoryObject,
2957 HANDLE Token,
2958 PGENERIC_MAPPING GenericMapping )
2959 {
2960 FIXME("%p %p %p %d %p %p - stub\n", ParentDescriptor, CreatorDescriptor,
2961 NewDescriptor, IsDirectoryObject, Token, GenericMapping);
2962
2963 return FALSE;
2964 }
2965
2966 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR* ObjectDescriptor )
2967 {
2968 FIXME("%p - stub\n", ObjectDescriptor);
2969
2970 return TRUE;
2971 }
2972
2973 BOOL WINAPI CreateProcessAsUserA(
2974 HANDLE hToken,
2975 LPCSTR lpApplicationName,
2976 LPSTR lpCommandLine,
2977 LPSECURITY_ATTRIBUTES lpProcessAttributes,
2978 LPSECURITY_ATTRIBUTES lpThreadAttributes,
2979 BOOL bInheritHandles,
2980 DWORD dwCreationFlags,
2981 LPVOID lpEnvironment,
2982 LPCSTR lpCurrentDirectory,
2983 LPSTARTUPINFOA lpStartupInfo,
2984 LPPROCESS_INFORMATION lpProcessInformation )
2985 {
2986 FIXME("%p %s %s %p %p %d 0x%08lx %p %s %p %p - stub\n", hToken, debugstr_a(lpApplicationName),
2987 debugstr_a(lpCommandLine), lpProcessAttributes, lpThreadAttributes, bInheritHandles,
2988 dwCreationFlags, lpEnvironment, debugstr_a(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
2989
2990 return FALSE;
2991 }
2992
2993 BOOL WINAPI CreateProcessAsUserW(
2994 HANDLE hToken,
2995 LPCWSTR lpApplicationName,
2996 LPWSTR lpCommandLine,
2997 LPSECURITY_ATTRIBUTES lpProcessAttributes,
2998 LPSECURITY_ATTRIBUTES lpThreadAttributes,
2999 BOOL bInheritHandles,
3000 DWORD dwCreationFlags,
3001 LPVOID lpEnvironment,
3002 LPCWSTR lpCurrentDirectory,
3003 LPSTARTUPINFOW lpStartupInfo,
3004 LPPROCESS_INFORMATION lpProcessInformation )
3005 {
3006 FIXME("%p %s %s %p %p %d 0x%08lx %p %s %p %p - semi- stub\n", hToken,
3007 debugstr_w(lpApplicationName), debugstr_w(lpCommandLine), lpProcessAttributes,
3008 lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
3009 debugstr_w(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
3010
3011 /* We should create the process with a suspended main thread */
3012 if (!CreateProcessW (lpApplicationName,
3013 lpCommandLine,
3014 lpProcessAttributes,
3015 lpThreadAttributes,
3016 bInheritHandles,
3017 dwCreationFlags, /* CREATE_SUSPENDED */
3018 lpEnvironment,
3019 lpCurrentDirectory,
3020 lpStartupInfo,
3021 lpProcessInformation))
3022 {
3023 return FALSE;
3024 }
3025
3026 return TRUE;
3027 }
3028
3029 /******************************************************************************
3030 * ComputeStringSidSize
3031 */
3032 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
3033 {
3034 int ctok = 0;
3035 DWORD size = sizeof(SID);
3036
3037 while (*StringSid)
3038 {
3039 if (*StringSid == '-')
3040 ctok++;
3041 StringSid++;
3042 }
3043
3044 if (ctok > 3)
3045 size += (ctok - 3) * sizeof(DWORD);
3046
3047 return size;
3048 }
3049
3050 BOOL WINAPI DuplicateTokenEx(
3051 HANDLE ExistingTokenHandle, DWORD dwDesiredAccess,
3052 LPSECURITY_ATTRIBUTES lpTokenAttributes,
3053 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3054 TOKEN_TYPE TokenType,
3055 PHANDLE DuplicateTokenHandle )
3056 {
3057 OBJECT_ATTRIBUTES ObjectAttributes;
3058
3059 TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3060 ImpersonationLevel, TokenType, DuplicateTokenHandle);
3061
3062 InitializeObjectAttributes(
3063 &ObjectAttributes,
3064 NULL,
3065 (lpTokenAttributes && lpTokenAttributes->bInheritHandle) ? OBJ_INHERIT : 0,
3066 NULL,
3067 lpTokenAttributes ? lpTokenAttributes->lpSecurityDescriptor : NULL );
3068
3069 return set_ntstatus( NtDuplicateToken( ExistingTokenHandle,
3070 dwDesiredAccess,
3071 &ObjectAttributes,
3072 ImpersonationLevel,
3073 TokenType,
3074 DuplicateTokenHandle ) );
3075 }
3076
3077 BOOL WINAPI DuplicateToken(
3078 HANDLE ExistingTokenHandle,
3079 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3080 PHANDLE DuplicateTokenHandle )
3081 {
3082 return DuplicateTokenEx( ExistingTokenHandle, TOKEN_IMPERSONATE | TOKEN_QUERY,
3083 NULL, ImpersonationLevel, TokenImpersonation,
3084 DuplicateTokenHandle );
3085 }
3086
3087 BOOL WINAPI EnumDependentServicesA(
3088 SC_HANDLE hService,
3089 DWORD dwServiceState,
3090 LPENUM_SERVICE_STATUSA lpServices,
3091 DWORD cbBufSize,
3092 LPDWORD pcbBytesNeeded,
3093 LPDWORD lpServicesReturned )
3094 {
3095 FIXME("%p 0x%08lx %p 0x%08lx %p %p - stub\n", hService, dwServiceState,
3096 lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
3097
3098 return FALSE;
3099 }
3100
3101 BOOL WINAPI EnumDependentServicesW(
3102 SC_HANDLE hService,
3103 DWORD dwServiceState,
3104 LPENUM_SERVICE_STATUSW lpServices,
3105 DWORD cbBufSize,
3106 LPDWORD pcbBytesNeeded,
3107 LPDWORD lpServicesReturned )
3108 {
3109 FIXME("%p 0x%08lx %p 0x%08lx %p %p - stub\n", hService, dwServiceState,
3110 lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
3111
3112 return FALSE;
3113 }
3114
3115 /******************************************************************************
3116 * ParseStringSidToSid
3117 */
3118 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
3119 {
3120 BOOL bret = FALSE;
3121 SID* pisid=pSid;
3122
3123 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
3124 if (!StringSid)
3125 {
3126 SetLastError(ERROR_INVALID_PARAMETER);
3127 TRACE("StringSid is NULL, returning FALSE\n");
3128 return FALSE;
3129 }
3130
3131 *cBytes = ComputeStringSidSize(StringSid);
3132 if (!pisid) /* Simply compute the size */
3133 {
3134 TRACE("only size requested, returning TRUE\n");
3135 return TRUE;
3136 }
3137
3138 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
3139 {
3140 DWORD i = 0, identAuth;
3141 DWORD csubauth = ((*cBytes - sizeof(SID)) / sizeof(DWORD)) + 1;
3142
3143 StringSid += 2; /* Advance to Revision */
3144 pisid->Revision = atoiW(StringSid);
3145
3146 if (pisid->Revision != SDDL_REVISION)
3147 {
3148 TRACE("Revision %d is unknown\n", pisid->Revision);
3149 goto lend; /* ERROR_INVALID_SID */
3150 }
3151 if (csubauth == 0)
3152 {
3153 TRACE("SubAuthorityCount is 0\n");
3154 goto lend; /* ERROR_INVALID_SID */
3155 }
3156
3157 pisid->SubAuthorityCount = csubauth;
3158
3159 /* Advance to identifier authority */
3160 while (*StringSid && *StringSid != '-')
3161 StringSid++;
3162 if (*StringSid == '-')
3163 StringSid++;
3164
3165 /* MS' implementation can't handle values greater than 2^32 - 1, so
3166 * we don't either; assume most significant bytes are always 0
3167 */
3168 pisid->IdentifierAuthority.Value[0] = 0;
3169 pisid->IdentifierAuthority.Value[1] = 0;
3170 identAuth = atoiW(StringSid);
3171 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
3172 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
3173 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
3174 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
3175
3176 /* Advance to first sub authority */
3177 while (*StringSid && *StringSid != '-')
3178 StringSid++;
3179 if (*StringSid == '-')
3180 StringSid++;
3181
3182 while (*StringSid)
3183 {
3184 while (*StringSid && *StringSid != '-')
3185 StringSid++;
3186
3187 pisid->SubAuthority[i++] = atoiW(StringSid);
3188 }
3189
3190 if (i != pisid->SubAuthorityCount)
3191 goto lend; /* ERROR_INVALID_SID */
3192
3193 bret = TRUE;
3194 }
3195 else /* String constant format - Only available in winxp and above */
3196 {
3197 pisid->Revision = SDDL_REVISION;
3198 pisid->SubAuthorityCount = 1;
3199
3200 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
3201
3202 /* TODO: Lookup string of well-known SIDs in table */
3203 pisid->IdentifierAuthority.Value[5] = 0;
3204 pisid->SubAuthority[0] = 0;
3205
3206 bret = TRUE;
3207 }
3208
3209 lend:
3210 if (!bret)
3211 SetLastError(ERROR_INVALID_SID);
3212
3213 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3214 return bret;
3215 }
3216
3217 /******************************************************************************
3218 * GetNamedSecurityInfoA [ADVAPI32.@]
3219 */
3220 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
3221 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3222 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
3223 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
3224 {
3225 DWORD len;
3226 LPWSTR wstr = NULL;
3227 DWORD r;
3228
3229 TRACE("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
3230 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
3231
3232 if( pObjectName )
3233 {
3234 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3235 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3236 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3237 }
3238
3239 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
3240 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
3241
3242 HeapFree( GetProcessHeap(), 0, wstr );
3243
3244 return r;
3245 }
3246
3247 /******************************************************************************
3248 * GetNamedSecurityInfoW [ADVAPI32.@]
3249 */
3250 DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type,
3251 SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl,
3252 PACL* sacl, PSECURITY_DESCRIPTOR* descriptor )
3253 {
3254 DWORD needed, offset;
3255 SECURITY_DESCRIPTOR_RELATIVE *relative;
3256 BYTE *buffer;
3257
3258 TRACE( "%s %d %ld %p %p %p %p %p\n", debugstr_w(name), type, info, owner,
3259 group, dacl, sacl, descriptor );
3260
3261 if (!name || !descriptor) return ERROR_INVALID_PARAMETER;
3262
3263 needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
3264 if (info & OWNER_SECURITY_INFORMATION)
3265 needed += sizeof(sidWorld);
3266 if (info & GROUP_SECURITY_INFORMATION)
3267 needed += sizeof(sidWorld);
3268 if (info & DACL_SECURITY_INFORMATION)
3269 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3270 if (info & SACL_SECURITY_INFORMATION)
3271 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3272
3273 /* must be freed by caller */
3274 *descriptor = HeapAlloc( GetProcessHeap(), 0, needed );
3275 if (!*descriptor) return ERROR_NOT_ENOUGH_MEMORY;
3276
3277 if (!InitializeSecurityDescriptor( *descriptor, SECURITY_DESCRIPTOR_REVISION ))
3278 {
3279 HeapFree( GetProcessHeap(), 0, *descriptor );
3280 return ERROR_INVALID_SECURITY_DESCR;
3281 }
3282
3283 relative = (SECURITY_DESCRIPTOR_RELATIVE *)*descriptor;
3284 relative->Control |= SE_SELF_RELATIVE;
3285 buffer = (BYTE *)relative;
3286 offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
3287
3288 if (owner && (info & OWNER_SECURITY_INFORMATION))
3289 {
3290 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
3291 relative->Owner = offset;
3292 *owner = buffer + offset;
3293 offset += sizeof(sidWorld);
3294 }
3295 if (group && (info & GROUP_SECURITY_INFORMATION))
3296 {
3297 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
3298 relative->Group = offset;
3299 *group = buffer + offset;
3300 offset += sizeof(sidWorld);
3301 }
3302 if (dacl && (info & DACL_SECURITY_INFORMATION))
3303 {
3304 GetWorldAccessACL( (PACL)(buffer + offset) );
3305 relative->Dacl = offset;
3306 *dacl = (PACL)(buffer + offset);
3307 offset += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3308 }
3309 if (sacl && (info & SACL_SECURITY_INFORMATION))
3310 {
3311 GetWorldAccessACL( (PACL)(buffer + offset) );
3312 relative->Sacl = offset;
3313 *sacl = (PACL)(buffer + offset);
3314 }
3315 return ERROR_SUCCESS;
3316 }
3317
3318 /******************************************************************************
3319 * DecryptFileW [ADVAPI32.@]
3320 */
3321 BOOL WINAPI DecryptFileW(LPCWSTR lpFileName, DWORD dwReserved)
3322 {
3323 FIXME("%s %08lx\n", debugstr_w(lpFileName), dwReserved);
3324 return TRUE;
3325 }
3326
3327 /******************************************************************************
3328 * DecryptFileA [ADVAPI32.@]
3329 */
3330 BOOL WINAPI DecryptFileA(LPCSTR lpFileName, DWORD dwReserved)
3331 {
3332 FIXME("%s %08lx\n", debugstr_a(lpFileName), dwReserved);
3333 return TRUE;
3334 }
3335
3336 /******************************************************************************
3337 * EncryptFileW [ADVAPI32.@]
3338 */
3339 BOOL WINAPI EncryptFileW(LPCWSTR lpFileName)
3340 {
3341 FIXME("%s\n", debugstr_w(lpFileName));
3342 return TRUE;
3343 }
3344
3345 /******************************************************************************
3346 * EncryptFileA [ADVAPI32.@]
3347 */
3348 BOOL WINAPI EncryptFileA(LPCSTR lpFileName)
3349 {
3350 FIXME("%s\n", debugstr_a(lpFileName));
3351 return TRUE;
3352 }
3353
3354 /******************************************************************************
3355 * SetSecurityInfo [ADVAPI32.@]
3356 */
3357 DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
3358 SECURITY_INFORMATION SecurityInfo, PSID psidOwner,
3359 PSID psidGroup, PACL pDacl, PACL pSacl) {
3360 FIXME("stub\n");
3361 return ERROR_SUCCESS;
3362 }
GSOC 2012 project to enhance the control panel