ReactOS  0.4.11-dev-195-gef016bf
security.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * WINE COPYRIGHT:
4  * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
5  * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
6  * Copyright 2006 Robert Reif
7  * Copyright 2006 Hervé Poussineau
8  *
9  * PROJECT: ReactOS system libraries
10  * FILE: dll/win32/advapi32/wine/security.c
11  */
12 
13 #include <advapi32.h>
14 
15 #include <sddl.h>
16 
17 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
18 
19 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
20 
21 typedef struct _ACEFLAG
22 {
23  LPCWSTR wstr;
24  DWORD value;
25 } ACEFLAG, *LPACEFLAG;
26 
27 typedef struct _MAX_SID
28 {
29  /* same fields as struct _SID */
30  BYTE Revision;
31  BYTE SubAuthorityCount;
32  SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
33  DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
34 } MAX_SID;
35 
36 typedef struct WELLKNOWNSID
37 {
38  WCHAR wstr[2];
39  WELL_KNOWN_SID_TYPE Type;
40  MAX_SID Sid;
41 } WELLKNOWNSID;
42 
43 static const WELLKNOWNSID WellKnownSids[] =
44 {
45  { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
46  { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
47  { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
48  { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
49  { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
50  { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
51  { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
52  { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
53  { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
54  { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
55  { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
56  { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
57  { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
58  { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
59  { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
60  { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
61  { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
62  { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
63  { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
64  { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
65  { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
66  { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
67  { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
68  { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
69  { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
70  { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
71  { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
72  { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
73  { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
74  { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
75  { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
76  { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
77  { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
78  { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
79  { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
80  { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
81  { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
82  { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
83  { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
84  { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
85  { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
86  { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
87  { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
88  { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
89  { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
90  { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
91  { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
92  { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
93  { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
94  { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
95  { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
96  { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
97 };
98 
99 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
100 typedef struct WELLKNOWNRID
101 {
102  WCHAR wstr[2];
103  WELL_KNOWN_SID_TYPE Type;
104  DWORD Rid;
105 } WELLKNOWNRID;
106 
107 static const WELLKNOWNRID WellKnownRids[] = {
108  { {'L','A'}, WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
109  { {'L','G'}, WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
110  { {0,0}, WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
111  { {'D','A'}, WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
112  { {'D','U'}, WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
113  { {'D','G'}, WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
114  { {'D','C'}, WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
115  { {'D','D'}, WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
116  { {'C','A'}, WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
117  { {'S','A'}, WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
118  { {'E','A'}, WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
119  { {'P','A'}, WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
120  { {'R','S'}, WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
121 };
122 
123 #ifndef __REACTOS__
124 static const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
125 #endif
126 
127 static const WCHAR SDDL_NO_READ_UP[] = {'N','R',0};
128 static const WCHAR SDDL_NO_WRITE_UP[] = {'N','W',0};
129 static const WCHAR SDDL_NO_EXECUTE_UP[] = {'N','X',0};
130 
131 /*
132  * ACE types
133  */
134 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
135 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
136 #ifndef __REACTOS__
137 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
138 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
139 #endif
140 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
141 static const WCHAR SDDL_ALARM[] = {'A','L',0};
142 static const WCHAR SDDL_MANDATORY_LABEL[] = {'M','L',0};
143 #ifndef __REACTOS__
144 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
145 static const WCHAR SDDL_OBJECT_ALARM[] = {'O','L',0};
146 #endif
147 
148 /*
149  * SDDL ADS Rights
150  */
151 #define ADS_RIGHT_DS_CREATE_CHILD 0x0001
152 #define ADS_RIGHT_DS_DELETE_CHILD 0x0002
153 #define ADS_RIGHT_ACTRL_DS_LIST 0x0004
154 #define ADS_RIGHT_DS_SELF 0x0008
155 #define ADS_RIGHT_DS_READ_PROP 0x0010
156 #define ADS_RIGHT_DS_WRITE_PROP 0x0020
157 #define ADS_RIGHT_DS_DELETE_TREE 0x0040
158 #define ADS_RIGHT_DS_LIST_OBJECT 0x0080
159 #define ADS_RIGHT_DS_CONTROL_ACCESS 0x0100
160 
161 /*
162  * ACE flags
163  */
164 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
165 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
166 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
167 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
168 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
169 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
170 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
171 
172 static const char * debugstr_sid(PSID sid)
173 {
174  int auth = 0;
175  SID * psid = (SID *)sid;
176 
177  if (psid == NULL)
178  return "(null)";
179 
180  auth = psid->IdentifierAuthority.Value[5] +
181  (psid->IdentifierAuthority.Value[4] << 8) +
182  (psid->IdentifierAuthority.Value[3] << 16) +
183  (psid->IdentifierAuthority.Value[2] << 24);
184 
185  switch (psid->SubAuthorityCount) {
186  case 0:
187  return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
188  case 1:
189  return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
190  psid->SubAuthority[0]);
191  case 2:
192  return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
193  psid->SubAuthority[0], psid->SubAuthority[1]);
194  case 3:
195  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
196  psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
197  case 4:
198  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
199  psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
200  psid->SubAuthority[3]);
201  case 5:
202  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
203  psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
204  psid->SubAuthority[3], psid->SubAuthority[4]);
205  case 6:
206  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
207  psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
208  psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
209  case 7:
210  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
211  psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
212  psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
213  psid->SubAuthority[6]);
214  case 8:
215  return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
216  psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
217  psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
218  psid->SubAuthority[6], psid->SubAuthority[7]);
219  }
220  return "(too-big)";
221 }
222 
223 /* set last error code from NT status and get the proper boolean return value */
224 /* used for functions that are a simple wrapper around the corresponding ntdll API */
225 static __inline BOOL set_ntstatus( NTSTATUS status )
226 {
227  if (!NT_SUCCESS(status)) SetLastError( RtlNtStatusToDosError( status ));
228  return NT_SUCCESS(status);
229 }
230 
231 static LPWSTR SERV_dup( LPCSTR str )
232 {
233  UINT len;
234  LPWSTR wstr;
235 
236  if( !str )
237  return NULL;
238  len = MultiByteToWideChar( CP_ACP, 0, str, -1, NULL, 0 );
239  wstr = heap_alloc( len*sizeof (WCHAR) );
240  MultiByteToWideChar( CP_ACP, 0, str, -1, wstr, len );
241  return wstr;
242 }
243 
244 /************************************************************
245  * ADVAPI_IsLocalComputer
246  *
247  * Checks whether the server name indicates local machine.
248  */
249 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
250 {
251  DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
252  BOOL Result;
253  LPWSTR buf;
254 
255  if (!ServerName || !ServerName[0])
256  return TRUE;
257 
258  buf = heap_alloc(dwSize * sizeof(WCHAR));
259  Result = GetComputerNameW(buf, &dwSize);
260  if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
261  ServerName += 2;
262  Result = Result && !lstrcmpW(ServerName, buf);
263  heap_free(buf);
264 
265  return Result;
266 }
267 
268 /************************************************************
269  * ADVAPI_GetComputerSid
270  */
271 BOOL ADVAPI_GetComputerSid(PSID sid)
272 {
273  static const struct /* same fields as struct SID */
274  {
275  BYTE Revision;
276  BYTE SubAuthorityCount;
277  SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
278  DWORD SubAuthority[4];
279  } computer_sid =
280  { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } };
281 
282  memcpy( sid, &computer_sid, sizeof(computer_sid) );
283  return TRUE;
284 }
285 
286 /* Exported functions */
287 
288 /*
289  * @implemented
290  */
291 BOOL WINAPI
292 OpenProcessToken(HANDLE ProcessHandle,
293  DWORD DesiredAccess,
294  PHANDLE TokenHandle)
295 {
296  NTSTATUS Status;
297 
298  TRACE("%p, %x, %p.\n", ProcessHandle, DesiredAccess, TokenHandle);
299 
300  Status = NtOpenProcessToken(ProcessHandle,
301  DesiredAccess,
302  TokenHandle);
303  if (!NT_SUCCESS(Status))
304  {
305  ERR("NtOpenProcessToken failed! Status %08x.\n", Status);
306  SetLastError(RtlNtStatusToDosError(Status));
307  return FALSE;
308  }
309 
310  TRACE("Returning token %p.\n", *TokenHandle);
311 
312  return TRUE;
313 }
314 
315 /******************************************************************************
316  * OpenThreadToken [ADVAPI32.@]
317  *
318  * Opens the access token associated with a thread handle.
319  *
320  * PARAMS
321  * ThreadHandle [I] Handle to process
322  * DesiredAccess [I] Desired access to the thread
323  * OpenAsSelf [I] ???
324  * TokenHandle [O] Destination for the token handle
325  *
326  * RETURNS
327  * Success: TRUE. TokenHandle contains the access token.
328  * Failure: FALSE.
329  *
330  * NOTES
331  * See NtOpenThreadToken.
332  */
333 BOOL WINAPI
334 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
335  BOOL OpenAsSelf, HANDLE *TokenHandle)
336 {
337  return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
338 }
339 
340 /*
341  * @implemented
342  */
343 BOOL WINAPI
344 AdjustTokenGroups(HANDLE TokenHandle,
345  BOOL ResetToDefault,
346  PTOKEN_GROUPS NewState,
347  DWORD BufferLength,
348  PTOKEN_GROUPS PreviousState,
349  PDWORD ReturnLength)
350 {
351  NTSTATUS Status;
352 
353  Status = NtAdjustGroupsToken(TokenHandle,
354  ResetToDefault,
355  NewState,
356  BufferLength,
357  PreviousState,
358  (PULONG)ReturnLength);
359  if (!NT_SUCCESS(Status))
360  {
361  SetLastError(RtlNtStatusToDosError(Status));
362  return FALSE;
363  }
364 
365  return TRUE;
366 }
367 
368 /*
369  * @implemented
370  */
371 BOOL WINAPI
372 AdjustTokenPrivileges(HANDLE TokenHandle,
373  BOOL DisableAllPrivileges,
374  PTOKEN_PRIVILEGES NewState,
375  DWORD BufferLength,
376  PTOKEN_PRIVILEGES PreviousState,
377  PDWORD ReturnLength)
378 {
379  NTSTATUS Status;
380 
381  Status = NtAdjustPrivilegesToken(TokenHandle,
382  DisableAllPrivileges,
383  NewState,
384  BufferLength,
385  PreviousState,
386  (PULONG)ReturnLength);
387  if (STATUS_NOT_ALL_ASSIGNED == Status)
388  {
389  SetLastError(ERROR_NOT_ALL_ASSIGNED);
390  return TRUE;
391  }
392 
393  if (!NT_SUCCESS(Status))
394  {
395  SetLastError(RtlNtStatusToDosError(Status));
396  return FALSE;
397  }
398 
399  /* AdjustTokenPrivileges is documented to do this */
400  SetLastError(ERROR_SUCCESS);
401 
402  return TRUE;
403 }
404 
405 /*
406  * @implemented
407  */
408 BOOL WINAPI
409 GetTokenInformation(HANDLE TokenHandle,
410  TOKEN_INFORMATION_CLASS TokenInformationClass,
411  LPVOID TokenInformation,
412  DWORD TokenInformationLength,
413  PDWORD ReturnLength)
414 {
415  NTSTATUS Status;
416 
417  Status = NtQueryInformationToken(TokenHandle,
418  TokenInformationClass,
419  TokenInformation,
420  TokenInformationLength,
421  (PULONG)ReturnLength);
422  if (!NT_SUCCESS(Status))
423  {
424  SetLastError(RtlNtStatusToDosError(Status));
425  return FALSE;
426  }
427 
428  return TRUE;
429 }
430 
431 /*
432  * @implemented
433  */
434 BOOL WINAPI
435 SetTokenInformation(HANDLE TokenHandle,
436  TOKEN_INFORMATION_CLASS TokenInformationClass,
437  LPVOID TokenInformation,
438  DWORD TokenInformationLength)
439 {
440  NTSTATUS Status;
441 
442  Status = NtSetInformationToken(TokenHandle,
443  TokenInformationClass,
444  TokenInformation,
445  TokenInformationLength);
446  if (!NT_SUCCESS(Status))
447  {
448  SetLastError(RtlNtStatusToDosError(Status));
449  return FALSE;
450  }
451 
452  return TRUE;
453 }
454 
455 /*
456  * @implemented
457  */
458 BOOL WINAPI
459 SetThreadToken(IN PHANDLE ThreadHandle OPTIONAL,
460  IN HANDLE TokenHandle)
461 {
462  NTSTATUS Status;
463  HANDLE hThread;
464 
465  hThread = (ThreadHandle != NULL) ? *ThreadHandle : NtCurrentThread();
466 
467  Status = NtSetInformationThread(hThread,
468  ThreadImpersonationToken,
469  &TokenHandle,
470  sizeof(HANDLE));
471  if (!NT_SUCCESS(Status))
472  {
473  SetLastError(RtlNtStatusToDosError(Status));
474  return FALSE;
475  }
476 
477  return TRUE;
478 }
479 
480 /*************************************************************************
481  * CreateRestrictedToken [ADVAPI32.@]
482  *
483  * Create a new more restricted token from an existing token.
484  *
485  * PARAMS
486  * baseToken [I] Token to base the new restricted token on
487  * flags [I] Options
488  * nDisableSids [I] Length of disableSids array
489  * disableSids [I] Array of SIDs to disable in the new token
490  * nDeletePrivs [I] Length of deletePrivs array
491  * deletePrivs [I] Array of privileges to delete in the new token
492  * nRestrictSids [I] Length of restrictSids array
493  * restrictSids [I] Array of SIDs to restrict in the new token
494  * newToken [O] Address where the new token is stored
495  *
496  * RETURNS
497  * Success: TRUE
498  * Failure: FALSE
499  */
500 BOOL WINAPI CreateRestrictedToken(
501  HANDLE baseToken,
502  DWORD flags,
503  DWORD nDisableSids,
504  PSID_AND_ATTRIBUTES disableSids,
505  DWORD nDeletePrivs,
506  PLUID_AND_ATTRIBUTES deletePrivs,
507  DWORD nRestrictSids,
508  PSID_AND_ATTRIBUTES restrictSids,
509  PHANDLE newToken)
510 {
511  TOKEN_TYPE type;
512  SECURITY_IMPERSONATION_LEVEL level = SecurityAnonymous;
513  DWORD size;
514 
515  FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n",
516  baseToken, flags, nDisableSids, disableSids,
517  nDeletePrivs, deletePrivs,
518  nRestrictSids, restrictSids,
519  newToken);
520 
521  size = sizeof(type);
522  if (!GetTokenInformation( baseToken, TokenType, &type, size, &size )) return FALSE;
523  if (type == TokenImpersonation)
524  {
525  size = sizeof(level);
526  if (!GetTokenInformation( baseToken, TokenImpersonationLevel, &level, size, &size ))
527  return FALSE;
528  }
529  return DuplicateTokenEx( baseToken, MAXIMUM_ALLOWED, NULL, level, type, newToken );
530 }
531 
532 /******************************************************************************
533  * AllocateAndInitializeSid [ADVAPI32.@]
534  *
535  * PARAMS
536  * pIdentifierAuthority []
537  * nSubAuthorityCount []
538  * nSubAuthority0 []
539  * nSubAuthority1 []
540  * nSubAuthority2 []
541  * nSubAuthority3 []
542  * nSubAuthority4 []
543  * nSubAuthority5 []
544  * nSubAuthority6 []
545  * nSubAuthority7 []
546  * pSid []
547  */
548 BOOL WINAPI
549 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
550  BYTE nSubAuthorityCount,
551  DWORD nSubAuthority0, DWORD nSubAuthority1,
552  DWORD nSubAuthority2, DWORD nSubAuthority3,
553  DWORD nSubAuthority4, DWORD nSubAuthority5,
554  DWORD nSubAuthority6, DWORD nSubAuthority7,
555  PSID *pSid )
556 {
557  return set_ntstatus( RtlAllocateAndInitializeSid(
558  pIdentifierAuthority, nSubAuthorityCount,
559  nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
560  nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
561  pSid ));
562 }
563 
564 /*
565  * @implemented
566  *
567  * RETURNS
568  * Docs says this function does NOT return a value
569  * even thou it's defined to return a PVOID...
570  */
571 PVOID
572 WINAPI
573 FreeSid(PSID pSid)
574 {
575  return RtlFreeSid(pSid);
576 }
577 
578 /******************************************************************************
579  * CopySid [ADVAPI32.@]
580  *
581  * PARAMS
582  * nDestinationSidLength []
583  * pDestinationSid []
584  * pSourceSid []
585  */
586 BOOL WINAPI
587 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
588 {
589  return set_ntstatus(RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid));
590 }
591 
592 /*
593  * @unimplemented
594  */
595 BOOL
596 WINAPI
597 CreateWellKnownSid(IN WELL_KNOWN_SID_TYPE WellKnownSidType,
598  IN PSID DomainSid OPTIONAL,
599  OUT PSID pSid,
600  IN OUT DWORD* cbSid)
601 {
602  unsigned int i;
603  TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
604 
605  if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
606  {
607  SetLastError(ERROR_INVALID_PARAMETER);
608  return FALSE;
609  }
610 
611  for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
612  if (WellKnownSids[i].Type == WellKnownSidType) {
613  DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
614 
615  if (*cbSid < length)
616  {
617  *cbSid = length;
618  SetLastError(ERROR_INSUFFICIENT_BUFFER);
619  return FALSE;
620  }
621  if (!pSid)
622  {
623  SetLastError(ERROR_INVALID_PARAMETER);
624  return FALSE;
625  }
626  CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
627  *cbSid = length;
628  return TRUE;
629  }
630  }
631 
632  if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
633  {
634  SetLastError(ERROR_INVALID_PARAMETER);
635  return FALSE;
636  }
637 
638  for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
639  if (WellKnownRids[i].Type == WellKnownSidType) {
640  UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
641  DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
642  DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
643 
644  if (*cbSid < output_sid_length)
645  {
646  *cbSid = output_sid_length;
647  SetLastError(ERROR_INSUFFICIENT_BUFFER);
648  return FALSE;
649  }
650  if (!pSid)
651  {
652  SetLastError(ERROR_INVALID_PARAMETER);
653  return FALSE;
654  }
655  CopyMemory(pSid, DomainSid, domain_sid_length);
656  (*GetSidSubAuthorityCount(pSid))++;
657  (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
658  *cbSid = output_sid_length;
659  return TRUE;
660  }
661 
662  SetLastError(ERROR_INVALID_PARAMETER);
663  return FALSE;
664 }
665 
666 /*
667  * @unimplemented
668  */
669 BOOL
670 WINAPI
671 IsWellKnownSid(IN PSID pSid,
672  IN WELL_KNOWN_SID_TYPE WellKnownSidType)
673 {
674  unsigned int i;
675  TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
676 
677  for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
678  {
679  if (WellKnownSids[i].Type == WellKnownSidType)
680  {
681  if (EqualSid(pSid, (PSID)(&WellKnownSids[i].Sid.Revision)))
682  return TRUE;
683  }
684  }
685 
686  return FALSE;
687 }
688 
689 /*
690  * @implemented
691  */
692 BOOL
693 WINAPI
694 IsValidSid(PSID pSid)
695 {
696  return (BOOL)RtlValidSid(pSid);
697 }
698 
699 /*
700  * @implemented
701  */
702 BOOL
703 WINAPI
704 EqualSid(PSID pSid1,
705  PSID pSid2)
706 {
707  SetLastError(ERROR_SUCCESS);
708  return RtlEqualSid (pSid1, pSid2);
709 }
710 
711 /*
712  * @implemented
713  */
714 BOOL
715 WINAPI
716 EqualPrefixSid(PSID pSid1,
717  PSID pSid2)
718 {
719  return RtlEqualPrefixSid (pSid1, pSid2);
720 }
721 
722 /*
723  * @implemented
724  */
725 DWORD
726 WINAPI
727 GetSidLengthRequired(UCHAR nSubAuthorityCount)
728 {
729  return (DWORD)RtlLengthRequiredSid(nSubAuthorityCount);
730 }
731 
732 /*
733  * @implemented
734  */
735 BOOL
736 WINAPI
737 InitializeSid(PSID Sid,
738  PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
739  BYTE nSubAuthorityCount)
740 {
741  NTSTATUS Status;
742 
743  Status = RtlInitializeSid(Sid,
744  pIdentifierAuthority,
745  nSubAuthorityCount);
746  if (!NT_SUCCESS(Status))
747  {
748  SetLastError(RtlNtStatusToDosError(Status));
749  return FALSE;
750  }
751 
752  return TRUE;
753 }
754 
755 /*
756  * @implemented
757  */
758 PSID_IDENTIFIER_AUTHORITY
759 WINAPI
760 GetSidIdentifierAuthority(PSID pSid)
761 {
762  SetLastError(ERROR_SUCCESS);
763  return RtlIdentifierAuthoritySid(pSid);
764 }
765 
766 /*
767  * @implemented
768  */
769 PDWORD
770 WINAPI
771 GetSidSubAuthority(PSID pSid,
772  DWORD nSubAuthority)
773 {
774  SetLastError(ERROR_SUCCESS);
775  return (PDWORD)RtlSubAuthoritySid(pSid, nSubAuthority);
776 }
777 
778 /*
779  * @implemented
780  */
781 PUCHAR
782 WINAPI
783 GetSidSubAuthorityCount(PSID pSid)
784 {
785  SetLastError(ERROR_SUCCESS);
786  return RtlSubAuthorityCountSid(pSid);
787 }
788 
789 /*
790  * @implemented
791  */
792 DWORD
793 WINAPI
794 GetLengthSid(PSID pSid)
795 {
796  return (DWORD)RtlLengthSid(pSid);
797 }
798 
799 /*
800  * @implemented
801  */
802 BOOL
803 WINAPI
804 InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor,
805  DWORD dwRevision)
806 {
807  NTSTATUS Status;
808 
809  Status = RtlCreateSecurityDescriptor(pSecurityDescriptor,
810  dwRevision);
811  if (!NT_SUCCESS(Status))
812  {
813  SetLastError(RtlNtStatusToDosError(Status));
814  return FALSE;
815  }
816 
817  return TRUE;
818 }
819 
820 /*
821  * @implemented
822  */
823 BOOL
824 WINAPI
825 MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
826  PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
827  LPDWORD lpdwAbsoluteSecurityDescriptorSize,
828  PACL pDacl,
829  LPDWORD lpdwDaclSize,
830  PACL pSacl,
831  LPDWORD lpdwSaclSize,
832  PSID pOwner,
833  LPDWORD lpdwOwnerSize,
834  PSID pPrimaryGroup,
835  LPDWORD lpdwPrimaryGroupSize)
836 {
837  NTSTATUS Status;
838 
839  Status = RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
840  pAbsoluteSecurityDescriptor,
841  lpdwAbsoluteSecurityDescriptorSize,
842  pDacl,
843  lpdwDaclSize,
844  pSacl,
845  lpdwSaclSize,
846  pOwner,
847  lpdwOwnerSize,
848  pPrimaryGroup,
849  lpdwPrimaryGroupSize);
850  if (!NT_SUCCESS(Status))
851  {
852  SetLastError(RtlNtStatusToDosError(Status));
853  return FALSE;
854  }
855 
856  return TRUE;
857 }
858 
859 /******************************************************************************
860  * GetKernelObjectSecurity [ADVAPI32.@]
861  */
862 BOOL WINAPI GetKernelObjectSecurity(
863  HANDLE Handle,
864  SECURITY_INFORMATION RequestedInformation,
865  PSECURITY_DESCRIPTOR pSecurityDescriptor,
866  DWORD nLength,
867  LPDWORD lpnLengthNeeded )
868 {
869  TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
870  pSecurityDescriptor, nLength, lpnLengthNeeded);
871 
872  return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
873  nLength, lpnLengthNeeded ));
874 }
875 
876 /*
877  * @implemented
878  */
879 BOOL
880 WINAPI
881 InitializeAcl(PACL pAcl,
882  DWORD nAclLength,
883  DWORD dwAclRevision)
884 {
885  NTSTATUS Status;
886 
887  Status = RtlCreateAcl(pAcl,
888  nAclLength,
889  dwAclRevision);
890  if (!NT_SUCCESS(Status))
891  {
892  SetLastError(RtlNtStatusToDosError(Status));
893  return FALSE;
894  }
895 
896  return TRUE;
897 }
898 
899 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
900 {
901  IO_STATUS_BLOCK io_block;
902 
903  TRACE("(%p)\n", hNamedPipe);
904 
905  return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
906  &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
907 }
908 
909 /*
910  * @implemented
911  */
912 BOOL
913 WINAPI
914 AddAccessAllowedAce(PACL pAcl,
915  DWORD dwAceRevision,
916  DWORD AccessMask,
917  PSID pSid)
918 {
919  NTSTATUS Status;
920 
921  Status = RtlAddAccessAllowedAce(pAcl,
922  dwAceRevision,
923  AccessMask,
924  pSid);
925  if (!NT_SUCCESS(Status))
926  {
927  SetLastError(RtlNtStatusToDosError(Status));
928  return FALSE;
929  }
930 
931  return TRUE;
932 }
933 
934 /*
935  * @implemented
936  */
937 BOOL WINAPI
938 AddAccessAllowedAceEx(PACL pAcl,
939  DWORD dwAceRevision,
940  DWORD AceFlags,
941  DWORD AccessMask,
942  PSID pSid)
943 {
944  NTSTATUS Status;
945 
946  Status = RtlAddAccessAllowedAceEx(pAcl,
947  dwAceRevision,
948  AceFlags,
949  AccessMask,
950  pSid);
951  if (!NT_SUCCESS(Status))
952  {
953  SetLastError(RtlNtStatusToDosError(Status));
954  return FALSE;
955  }
956 
957  return TRUE;
958 }
959 
960 /*
961  * @implemented
962  */
963 BOOL
964 WINAPI
965 AddAccessDeniedAce(PACL pAcl,
966  DWORD dwAceRevision,
967  DWORD AccessMask,
968  PSID pSid)
969 {
970  NTSTATUS Status;
971 
972  Status = RtlAddAccessDeniedAce(pAcl,
973  dwAceRevision,
974  AccessMask,
975  pSid);
976  if (!NT_SUCCESS(Status))
977  {
978  SetLastError(RtlNtStatusToDosError(Status));
979  return FALSE;
980  }
981 
982  return TRUE;
983 }
984 
985 /*
986  * @implemented
987  */
988 BOOL WINAPI
989 AddAccessDeniedAceEx(PACL pAcl,
990  DWORD dwAceRevision,
991  DWORD AceFlags,
992  DWORD AccessMask,
993  PSID pSid)
994 {
995  NTSTATUS Status;
996 
997  Status = RtlAddAccessDeniedAceEx(pAcl,
998  dwAceRevision,
999  AceFlags,
1000  AccessMask,
1001  pSid);
1002  if (!NT_SUCCESS(Status))
1003  {
1004  SetLastError(RtlNtStatusToDosError(Status));
1005  return FALSE;
1006  }
1007 
1008  return TRUE;
1009 }
1010 
1011 /*
1012  * @implemented
1013  */
1014 BOOL
1015 WINAPI
1016 AddAce(PACL pAcl,
1017  DWORD dwAceRevision,
1018  DWORD dwStartingAceIndex,
1019  LPVOID pAceList,
1020  DWORD nAceListLength)
1021 {
1022  NTSTATUS Status;
1023 
1024  Status = RtlAddAce(pAcl,
1025  dwAceRevision,
1026  dwStartingAceIndex,
1027  pAceList,
1028  nAceListLength);
1029  if (!NT_SUCCESS(Status))
1030  {
1031  SetLastError(RtlNtStatusToDosError(Status));
1032  return FALSE;
1033  }
1034 
1035  return TRUE;
1036 }
1037 
1038 /******************************************************************************
1039  * DeleteAce [ADVAPI32.@]
1040  */
1041 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
1042 {
1043  return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1044 }
1045 
1046 /*
1047  * @implemented
1048  */
1049 BOOL
1050 WINAPI
1051 FindFirstFreeAce(PACL pAcl,
1052  LPVOID *pAce)
1053 {
1054  return RtlFirstFreeAce(pAcl,
1055  (PACE*)pAce);
1056 }
1057 
1058 /******************************************************************************
1059  * GetAce [ADVAPI32.@]
1060  */
1061 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1062 {
1063  return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1064 }
1065 
1066 /******************************************************************************
1067  * GetAclInformation [ADVAPI32.@]
1068  */
1069 BOOL WINAPI GetAclInformation(
1070  PACL pAcl,
1071  LPVOID pAclInformation,
1072  DWORD nAclInformationLength,
1073  ACL_INFORMATION_CLASS dwAclInformationClass)
1074 {
1075  return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1076  nAclInformationLength, dwAclInformationClass));
1077 }
1078 
1079 /*
1080  * @implemented
1081  */
1082 BOOL
1083 WINAPI
1084 IsValidAcl(PACL pAcl)
1085 {
1086  return RtlValidAcl (pAcl);
1087 }
1088 
1089 /*
1090  * @implemented
1091  */
1092 BOOL WINAPI
1093 AllocateLocallyUniqueId(PLUID Luid)
1094 {
1095  NTSTATUS Status;
1096 
1097  Status = NtAllocateLocallyUniqueId (Luid);
1098  if (!NT_SUCCESS (Status))
1099  {
1100  SetLastError(RtlNtStatusToDosError(Status));
1101  return FALSE;
1102  }
1103 
1104  return TRUE;
1105 }
1106 
1107 /**********************************************************************
1108  * LookupPrivilegeDisplayNameA EXPORTED
1109  *
1110  * @unimplemented
1111  */
1112 BOOL
1113 WINAPI
1114 LookupPrivilegeDisplayNameA(LPCSTR lpSystemName,
1115  LPCSTR lpName,
1116  LPSTR lpDisplayName,
1117  LPDWORD cchDisplayName,
1118  LPDWORD lpLanguageId)
1119 {
1120  UNICODE_STRING lpSystemNameW;
1121  UNICODE_STRING lpNameW;
1122  BOOL ret;
1123  DWORD wLen = 0;
1124 
1125  TRACE("%s %s %p %p %p\n", debugstr_a(lpSystemName), debugstr_a(lpName), lpName, cchDisplayName, lpLanguageId);
1126 
1127  RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1128  RtlCreateUnicodeStringFromAsciiz(&lpNameW, lpName);
1129  ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, NULL, &wLen, lpLanguageId);
1130  if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1131  {
1132  LPWSTR lpDisplayNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1133 
1134  ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, lpDisplayNameW,
1135  &wLen, lpLanguageId);
1136  if (ret)
1137  {
1138  unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpDisplayNameW, -1, lpDisplayName,
1139  *cchDisplayName, NULL, NULL);
1140 
1141  if (len == 0)
1142  {
1143  /* WideCharToMultiByte failed */
1144  ret = FALSE;
1145  }
1146  else if (len > *cchDisplayName)
1147  {
1148  *cchDisplayName = len;
1149  SetLastError(ERROR_INSUFFICIENT_BUFFER);
1150  ret = FALSE;
1151  }
1152  else
1153  {
1154  /* WideCharToMultiByte succeeded, output length needs to be
1155  * length not including NULL terminator
1156  */
1157  *cchDisplayName = len - 1;
1158  }
1159  }
1160  HeapFree(GetProcessHeap(), 0, lpDisplayNameW);
1161  }
1162  RtlFreeUnicodeString(&lpSystemNameW);
1163  RtlFreeUnicodeString(&lpNameW);
1164  return ret;
1165 }
1166 
1167 /**********************************************************************
1168  * LookupPrivilegeNameA EXPORTED
1169  *
1170  * @implemented
1171  */
1172 BOOL
1173 WINAPI
1174 LookupPrivilegeNameA(LPCSTR lpSystemName,
1175  PLUID lpLuid,
1176  LPSTR lpName,
1177  LPDWORD cchName)
1178 {
1179  UNICODE_STRING lpSystemNameW;
1180  BOOL ret;
1181  DWORD wLen = 0;
1182 
1183  TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1184 
1185  RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1186  ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1187  if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1188  {
1189  LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1190 
1191  ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1192  &wLen);
1193  if (ret)
1194  {
1195  /* Windows crashes if cchName is NULL, so will I */
1196  unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1197  *cchName, NULL, NULL);
1198 
1199  if (len == 0)
1200  {
1201  /* WideCharToMultiByte failed */
1202  ret = FALSE;
1203  }
1204  else if (len > *cchName)
1205  {
1206  *cchName = len;
1207  SetLastError(ERROR_INSUFFICIENT_BUFFER);
1208  ret = FALSE;
1209  }
1210  else
1211  {
1212  /* WideCharToMultiByte succeeded, output length needs to be
1213  * length not including NULL terminator
1214  */
1215  *cchName = len - 1;
1216  }
1217  }
1218  HeapFree(GetProcessHeap(), 0, lpNameW);
1219  }
1220  RtlFreeUnicodeString(&lpSystemNameW);
1221  return ret;
1222 }
1223 
1224 /******************************************************************************
1225  * GetFileSecurityA [ADVAPI32.@]
1226  *
1227  * Obtains Specified information about the security of a file or directory.
1228  *
1229  * PARAMS
1230  * lpFileName [I] Name of the file to get info for
1231  * RequestedInformation [I] SE_ flags from "winnt.h"
1232  * pSecurityDescriptor [O] Destination for security information
1233  * nLength [I] Length of pSecurityDescriptor
1234  * lpnLengthNeeded [O] Destination for length of returned security information
1235  *
1236  * RETURNS
1237  * Success: TRUE. pSecurityDescriptor contains the requested information.
1238  * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1239  *
1240  * NOTES
1241  * The information returned is constrained by the callers access rights and
1242  * privileges.
1243  *
1244  * @implemented
1245  */
1246 BOOL
1247 WINAPI
1248 GetFileSecurityA(LPCSTR lpFileName,
1249  SECURITY_INFORMATION RequestedInformation,
1250  PSECURITY_DESCRIPTOR pSecurityDescriptor,
1251  DWORD nLength,
1252  LPDWORD lpnLengthNeeded)
1253 {
1254  UNICODE_STRING FileName;
1255  BOOL bResult;
1256 
1257  if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
1258  {
1259  SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1260  return FALSE;
1261  }
1262 
1263  bResult = GetFileSecurityW(FileName.Buffer,
1264  RequestedInformation,
1265  pSecurityDescriptor,
1266  nLength,
1267  lpnLengthNeeded);
1268 
1269  RtlFreeUnicodeString(&FileName);
1270 
1271  return bResult;
1272 }
1273 
1274 /*
1275  * @implemented
1276  */
1277 BOOL
1278 WINAPI
1279 GetFileSecurityW(LPCWSTR lpFileName,
1280  SECURITY_INFORMATION RequestedInformation,
1281  PSECURITY_DESCRIPTOR pSecurityDescriptor,
1282  DWORD nLength,
1283  LPDWORD lpnLengthNeeded)
1284 {
1285  OBJECT_ATTRIBUTES ObjectAttributes;
1286  IO_STATUS_BLOCK StatusBlock;
1287  UNICODE_STRING FileName;
1288  ULONG AccessMask = 0;
1289  HANDLE FileHandle;
1290  NTSTATUS Status;
1291 
1292  TRACE("GetFileSecurityW() called\n");
1293 
1294  QuerySecurityAccessMask(RequestedInformation, &AccessMask);
1295 
1296  if (!RtlDosPathNameToNtPathName_U(lpFileName,
1297  &FileName,
1298  NULL,
1299  NULL))
1300  {
1301  ERR("Invalid path\n");
1302  SetLastError(ERROR_INVALID_NAME);
1303  return FALSE;
1304  }
1305 
1306  InitializeObjectAttributes(&ObjectAttributes,
1307  &FileName,
1308  OBJ_CASE_INSENSITIVE,
1309  NULL,
1310  NULL);
1311 
1312  Status = NtOpenFile(&FileHandle,
1313  AccessMask,
1314  &ObjectAttributes,
1315  &StatusBlock,
1316  FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
1317  0);
1318 
1319  RtlFreeHeap(RtlGetProcessHeap(),
1320  0,
1321  FileName.Buffer);
1322 
1323  if (!NT_SUCCESS(Status))
1324  {
1325  ERR("NtOpenFile() failed (Status %lx)\n", Status);
1326  SetLastError(RtlNtStatusToDosError(Status));
1327  return FALSE;
1328  }
1329 
1330  Status = NtQuerySecurityObject(FileHandle,
1331  RequestedInformation,
1332  pSecurityDescriptor,
1333  nLength,
1334  lpnLengthNeeded);
1335  NtClose(FileHandle);
1336  if (!NT_SUCCESS(Status))
1337  {
1338  ERR("NtQuerySecurityObject() failed (Status %lx)\n", Status);
1339  SetLastError(RtlNtStatusToDosError(Status));
1340  return FALSE;
1341  }
1342 
1343  return TRUE;
1344 }
1345 
1346 /******************************************************************************
1347  * SetFileSecurityA [ADVAPI32.@]
1348  * Sets the security of a file or directory
1349  *
1350  * @implemented
1351  */
1352 BOOL
1353 WINAPI
1354 SetFileSecurityA(LPCSTR lpFileName,
1355  SECURITY_INFORMATION SecurityInformation,
1356  PSECURITY_DESCRIPTOR pSecurityDescriptor)
1357 {
1358  UNICODE_STRING FileName;
1359  BOOL bResult;
1360 
1361  if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
1362  {
1363  SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1364  return FALSE;
1365  }
1366 
1367  bResult = SetFileSecurityW(FileName.Buffer,
1368  SecurityInformation,
1369  pSecurityDescriptor);
1370 
1371  RtlFreeUnicodeString(&FileName);
1372 
1373  return bResult;
1374 }
1375 
1376 /******************************************************************************
1377  * SetFileSecurityW [ADVAPI32.@]
1378  * Sets the security of a file or directory
1379  *
1380  * @implemented
1381  */
1382 BOOL
1383 WINAPI
1384 SetFileSecurityW(LPCWSTR lpFileName,
1385  SECURITY_INFORMATION SecurityInformation,
1386  PSECURITY_DESCRIPTOR pSecurityDescriptor)
1387 {
1388  OBJECT_ATTRIBUTES ObjectAttributes;
1389  IO_STATUS_BLOCK StatusBlock;
1390  UNICODE_STRING FileName;
1391  ULONG AccessMask = 0;
1392  HANDLE FileHandle;
1393  NTSTATUS Status;
1394 
1395  TRACE("SetFileSecurityW() called\n");
1396 
1397  SetSecurityAccessMask(SecurityInformation, &AccessMask);
1398 
1399  if (!RtlDosPathNameToNtPathName_U(lpFileName,
1400  &FileName,
1401  NULL,
1402  NULL))
1403  {
1404  ERR("Invalid path\n");
1405  SetLastError(ERROR_INVALID_NAME);
1406  return FALSE;
1407  }
1408 
1409  InitializeObjectAttributes(&ObjectAttributes,
1410  &FileName,
1411  OBJ_CASE_INSENSITIVE,
1412  NULL,
1413  NULL);
1414 
1415  Status = NtOpenFile(&FileHandle,
1416  AccessMask,
1417  &ObjectAttributes,
1418  &StatusBlock,
1419  FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
1420  0);
1421 
1422  RtlFreeHeap(RtlGetProcessHeap(),
1423  0,
1424  FileName.Buffer);
1425 
1426  if (!NT_SUCCESS(Status))
1427  {
1428  ERR("NtOpenFile() failed (Status %lx)\n", Status);
1429  SetLastError(RtlNtStatusToDosError(Status));
1430  return FALSE;
1431  }
1432 
1433  Status = NtSetSecurityObject(FileHandle,
1434  SecurityInformation,
1435  pSecurityDescriptor);
1436  NtClose(FileHandle);
1437 
1438  if (!NT_SUCCESS(Status))
1439  {
1440  ERR("NtSetSecurityObject() failed (Status %lx)\n", Status);
1441  SetLastError(RtlNtStatusToDosError(Status));
1442  return FALSE;
1443  }
1444 
1445  return TRUE;
1446 }
1447 
1448 /******************************************************************************
1449  * QueryWindows31FilesMigration [ADVAPI32.@]
1450  *
1451  * PARAMS
1452  * x1 []
1453  */
1454 BOOL WINAPI
1455 QueryWindows31FilesMigration( DWORD x1 )
1456 {
1457  FIXME("(%d):stub\n",x1);
1458  return TRUE;
1459 }
1460 
1461 /******************************************************************************
1462  * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1463  *
1464  * PARAMS
1465  * x1 []
1466  * x2 []
1467  * x3 []
1468  * x4 []
1469  */
1470 BOOL WINAPI
1471 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1472  DWORD x4 )
1473 {
1474  FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
1475  return TRUE;
1476 }
1477 
1478 /*
1479  * @implemented
1480  */
1481 BOOL
1482 WINAPI
1483 RevertToSelf(VOID)
1484 {
1485  NTSTATUS Status;
1486  HANDLE Token = NULL;
1487 
1488  Status = NtSetInformationThread(NtCurrentThread(),
1489  ThreadImpersonationToken,
1490  &Token,
1491  sizeof(HANDLE));
1492  if (!NT_SUCCESS(Status))
1493  {
1494  SetLastError(RtlNtStatusToDosError(Status));
1495  return FALSE;
1496  }
1497 
1498  return TRUE;
1499 }
1500 
1501 /*
1502  * @implemented
1503  */
1504 BOOL
1505 WINAPI
1506 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1507 {
1508  NTSTATUS Status;
1509 
1510  Status = RtlImpersonateSelf(ImpersonationLevel);
1511  if (!NT_SUCCESS(Status))
1512  {
1513  SetLastError(RtlNtStatusToDosError(Status));
1514  return FALSE;
1515  }
1516 
1517  return TRUE;
1518 }
1519 
1520 /*
1521  * @implemented
1522  */
1523 BOOL
1524 WINAPI
1525 AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
1526  IN HANDLE ClientToken,
1527  IN DWORD DesiredAccess,
1528  IN PGENERIC_MAPPING GenericMapping,
1529  OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL,
1530  IN OUT LPDWORD PrivilegeSetLength,
1531  OUT LPDWORD GrantedAccess,
1532  OUT LPBOOL AccessStatus)
1533 {
1534  NTSTATUS Status;
1535  NTSTATUS NtAccessStatus;
1536 
1537  /* Do the access check */
1538  Status = NtAccessCheck(pSecurityDescriptor,
1539  ClientToken,
1540  DesiredAccess,
1541  GenericMapping,
1542  PrivilegeSet,
1543  (PULONG)PrivilegeSetLength,
1544  (PACCESS_MASK)GrantedAccess,
1545  &NtAccessStatus);
1546 
1547  /* See if the access check operation succeeded */
1548  if (!NT_SUCCESS(Status))
1549  {
1550  /* Check failed */
1551  SetLastError(RtlNtStatusToDosError(Status));
1552  return FALSE;
1553  }
1554 
1555  /* Now check the access status */
1556  if (!NT_SUCCESS(NtAccessStatus))
1557  {
1558  /* Access denied */
1559  SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1560  *AccessStatus = FALSE;
1561  }
1562  else
1563  {
1564  /* Access granted */
1565  *AccessStatus = TRUE;
1566  }
1567 
1568  /* Check succeeded */
1569  return TRUE;
1570 }
1571 
1572 /*
1573  * @unimplemented
1574  */
1575 BOOL WINAPI AccessCheckByType(
1576  PSECURITY_DESCRIPTOR pSecurityDescriptor,
1577  PSID PrincipalSelfSid,
1578  HANDLE ClientToken,
1579  DWORD DesiredAccess,
1580  POBJECT_TYPE_LIST ObjectTypeList,
1581  DWORD ObjectTypeListLength,
1582  PGENERIC_MAPPING GenericMapping,
1583  PPRIVILEGE_SET PrivilegeSet,
1584  LPDWORD PrivilegeSetLength,
1585  LPDWORD GrantedAccess,
1586  LPBOOL AccessStatus)
1587 {
1588  FIXME("stub\n");
1589 
1590  *AccessStatus = TRUE;
1591 
1592  return !*AccessStatus;
1593 }
1594 
1595 /*
1596  * @implemented
1597  */
1598 BOOL
1599 WINAPI
1600 SetKernelObjectSecurity(HANDLE Handle,
1601  SECURITY_INFORMATION SecurityInformation,
1602  PSECURITY_DESCRIPTOR SecurityDescriptor)
1603 {
1604  NTSTATUS Status;
1605 
1606  Status = NtSetSecurityObject(Handle,
1607  SecurityInformation,
1608  SecurityDescriptor);
1609  if (!NT_SUCCESS(Status))
1610  {
1611  SetLastError(RtlNtStatusToDosError(Status));
1612  return FALSE;
1613  }
1614 
1615  return TRUE;
1616 }
1617 
1618 /*
1619  * @implemented
1620  */
1621 BOOL
1622 WINAPI
1623 AddAuditAccessAce(PACL pAcl,
1624  DWORD dwAceRevision,
1625  DWORD dwAccessMask,
1626  PSID pSid,
1627  BOOL bAuditSuccess,
1628  BOOL bAuditFailure)
1629 {
1630  NTSTATUS Status;
1631 
1632  Status = RtlAddAuditAccessAce(pAcl,
1633  dwAceRevision,
1634  dwAccessMask,
1635  pSid,
1636  bAuditSuccess,
1637  bAuditFailure);
1638  if (!NT_SUCCESS(Status))
1639  {
1640  SetLastError(RtlNtStatusToDosError(Status));
1641  return FALSE;
1642  }
1643 
1644  return TRUE;
1645 }
1646 
1647 /*
1648  * @implemented
1649  */
1650 BOOL WINAPI
1651 AddAuditAccessAceEx(PACL pAcl,
1652  DWORD dwAceRevision,
1653  DWORD AceFlags,
1654  DWORD dwAccessMask,
1655  PSID pSid,
1656  BOOL bAuditSuccess,
1657  BOOL bAuditFailure)
1658 {
1659  NTSTATUS Status;
1660 
1661  Status = RtlAddAuditAccessAceEx(pAcl,
1662  dwAceRevision,
1663  AceFlags,
1664  dwAccessMask,
1665  pSid,
1666  bAuditSuccess,
1667  bAuditFailure);
1668  if (!NT_SUCCESS(Status))
1669  {
1670  SetLastError(RtlNtStatusToDosError(Status));
1671  return FALSE;
1672  }
1673 
1674  return TRUE;
1675 }
1676 
1677 /******************************************************************************
1678  * LookupAccountNameA [ADVAPI32.@]
1679  *
1680  * @implemented
1681  */
1682 BOOL
1683 WINAPI
1684 LookupAccountNameA(LPCSTR SystemName,
1685  LPCSTR AccountName,
1686  PSID Sid,
1687  LPDWORD SidLength,
1688  LPSTR ReferencedDomainName,
1689  LPDWORD hReferencedDomainNameLength,
1690  PSID_NAME_USE SidNameUse)
1691 {
1692  BOOL ret;
1693  UNICODE_STRING lpSystemW;
1694  UNICODE_STRING lpAccountW;
1695  LPWSTR lpReferencedDomainNameW = NULL;
1696 
1697  RtlCreateUnicodeStringFromAsciiz(&lpSystemW, SystemName);
1698  RtlCreateUnicodeStringFromAsciiz(&lpAccountW, AccountName);
1699 
1700  if (ReferencedDomainName)
1701  lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(),
1702  0,
1703  *hReferencedDomainNameLength * sizeof(WCHAR));
1704 
1705  ret = LookupAccountNameW(lpSystemW.Buffer,
1706  lpAccountW.Buffer,
1707  Sid,
1708  SidLength,
1709  lpReferencedDomainNameW,
1710  hReferencedDomainNameLength,
1711  SidNameUse);
1712 
1713  if (ret && lpReferencedDomainNameW)
1714  {
1715  WideCharToMultiByte(CP_ACP,
1716  0,
1717  lpReferencedDomainNameW,
1718  *hReferencedDomainNameLength + 1,
1719  ReferencedDomainName,
1720  *hReferencedDomainNameLength + 1,
1721  NULL,
1722  NULL);
1723  }
1724 
1725  RtlFreeUnicodeString(&lpSystemW);
1726  RtlFreeUnicodeString(&lpAccountW);
1727  HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
1728 
1729  return ret;
1730 }
1731 
1732 /**********************************************************************
1733  * PrivilegeCheck EXPORTED
1734  *
1735  * @implemented
1736  */
1737 BOOL WINAPI
1738 PrivilegeCheck(HANDLE ClientToken,
1739  PPRIVILEGE_SET RequiredPrivileges,
1740  LPBOOL pfResult)
1741 {
1742  BOOLEAN Result;
1743  NTSTATUS Status;
1744 
1745  Status = NtPrivilegeCheck(ClientToken,
1746  RequiredPrivileges,
1747  &Result);
1748  if (!NT_SUCCESS(Status))
1749  {
1750  SetLastError(RtlNtStatusToDosError(Status));
1751  return FALSE;
1752  }
1753 
1754  *pfResult = (BOOL)Result;
1755 
1756  return TRUE;
1757 }
1758 
1759 /******************************************************************************
1760  * GetSecurityInfoExW EXPORTED
1761  */
1762 DWORD
1763 WINAPI
1764 GetSecurityInfoExA(HANDLE hObject,
1765  SE_OBJECT_TYPE ObjectType,
1766  SECURITY_INFORMATION SecurityInfo,
1767  LPCSTR lpProvider,
1768  LPCSTR lpProperty,
1769  PACTRL_ACCESSA *ppAccessList,
1770  PACTRL_AUDITA *ppAuditList,
1771  LPSTR *lppOwner,
1772  LPSTR *lppGroup)
1773 {
1774  FIXME("%s() not implemented!\n", __FUNCTION__);
1775  return ERROR_BAD_PROVIDER;
1776 }
1777 
1778 
1779 /******************************************************************************
1780  * GetSecurityInfoExW EXPORTED
1781  */
1782 DWORD
1783 WINAPI
1784 GetSecurityInfoExW(HANDLE hObject,
1785  SE_OBJECT_TYPE ObjectType,
1786  SECURITY_INFORMATION SecurityInfo,
1787  LPCWSTR lpProvider,
1788  LPCWSTR lpProperty,
1789  PACTRL_ACCESSW *ppAccessList,
1790  PACTRL_AUDITW *ppAuditList,
1791  LPWSTR *lppOwner,
1792  LPWSTR *lppGroup)
1793 {
1794  FIXME("%s() not implemented!\n", __FUNCTION__);
1795  return ERROR_BAD_PROVIDER;
1796 }
1797 
1798 /******************************************************************************
1799  * BuildExplicitAccessWithNameA [ADVAPI32.@]
1800  */
1801 VOID WINAPI
1802 BuildExplicitAccessWithNameA(PEXPLICIT_ACCESSA pExplicitAccess,
1803  LPSTR pTrusteeName,
1804  DWORD AccessPermissions,
1805  ACCESS_MODE AccessMode,
1806  DWORD Inheritance)
1807 {
1808  pExplicitAccess->grfAccessPermissions = AccessPermissions;
1809  pExplicitAccess->grfAccessMode = AccessMode;
1810  pExplicitAccess->grfInheritance = Inheritance;
1811 
1812  pExplicitAccess->Trustee.pMultipleTrustee = NULL;
1813  pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1814  pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
1815  pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
1816  pExplicitAccess->Trustee.ptstrName = pTrusteeName;
1817 }
1818 
1819 
1820 /******************************************************************************
1821  * BuildExplicitAccessWithNameW [ADVAPI32.@]
1822  */
1823 VOID WINAPI
1824 BuildExplicitAccessWithNameW(PEXPLICIT_ACCESSW pExplicitAccess,
1825  LPWSTR pTrusteeName,
1826  DWORD AccessPermissions,
1827  ACCESS_MODE AccessMode,
1828  DWORD Inheritance)
1829 {
1830  pExplicitAccess->grfAccessPermissions = AccessPermissions;
1831  pExplicitAccess->grfAccessMode = AccessMode;
1832  pExplicitAccess->grfInheritance = Inheritance;
1833 
1834  pExplicitAccess->Trustee.pMultipleTrustee = NULL;
1835  pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1836  pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
1837  pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
1838  pExplicitAccess->Trustee.ptstrName = pTrusteeName;
1839 }
1840 
1841 /******************************************************************************
1842  * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
1843  */
1844 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
1845  SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
1846  LPSTR InheritedObjectTypeName, LPSTR Name )
1847 {
1848  DWORD ObjectsPresent = 0;
1849 
1850  TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
1851  ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
1852 
1853  /* Fill the OBJECTS_AND_NAME structure */
1854  pObjName->ObjectType = ObjectType;
1855  if (ObjectTypeName != NULL)
1856  {
1857  ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1858  }
1859 
1860  pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
1861  if (InheritedObjectTypeName != NULL)
1862  {
1863  ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1864  }
1865 
1866  pObjName->ObjectsPresent = ObjectsPresent;
1867  pObjName->ptstrName = Name;
1868 
1869  /* Fill the TRUSTEE structure */
1870  pTrustee->pMultipleTrustee = NULL;
1871  pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1872  pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
1873  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1874  pTrustee->ptstrName = (LPSTR)pObjName;
1875 }
1876 
1877 /******************************************************************************
1878  * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
1879  */
1880 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
1881  SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
1882  LPWSTR InheritedObjectTypeName, LPWSTR Name )
1883 {
1884  DWORD ObjectsPresent = 0;
1885 
1886  TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
1887  ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
1888 
1889  /* Fill the OBJECTS_AND_NAME structure */
1890  pObjName->ObjectType = ObjectType;
1891  if (ObjectTypeName != NULL)
1892  {
1893  ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1894  }
1895 
1896  pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
1897  if (InheritedObjectTypeName != NULL)
1898  {
1899  ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1900  }
1901 
1902  pObjName->ObjectsPresent = ObjectsPresent;
1903  pObjName->ptstrName = Name;
1904 
1905  /* Fill the TRUSTEE structure */
1906  pTrustee->pMultipleTrustee = NULL;
1907  pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1908  pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
1909  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1910  pTrustee->ptstrName = (LPWSTR)pObjName;
1911 }
1912 
1913 /******************************************************************************
1914  * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
1915  */
1916 VOID WINAPI
1917 BuildTrusteeWithObjectsAndSidA(PTRUSTEEA pTrustee,
1918  POBJECTS_AND_SID pObjSid,
1919  GUID *pObjectGuid,
1920  GUID *pInheritedObjectGuid,
1921  PSID pSid)
1922 {
1923  DWORD ObjectsPresent = 0;
1924 
1925  TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
1926 
1927  /* Fill the OBJECTS_AND_SID structure */
1928  if (pObjectGuid != NULL)
1929  {
1930  pObjSid->ObjectTypeGuid = *pObjectGuid;
1931  ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1932  }
1933  else
1934  {
1935  ZeroMemory(&pObjSid->ObjectTypeGuid,
1936  sizeof(GUID));
1937  }
1938 
1939  if (pInheritedObjectGuid != NULL)
1940  {
1941  pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
1942  ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1943  }
1944  else
1945  {
1946  ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
1947  sizeof(GUID));
1948  }
1949 
1950  pObjSid->ObjectsPresent = ObjectsPresent;
1951  pObjSid->pSid = pSid;
1952 
1953  /* Fill the TRUSTEE structure */
1954  pTrustee->pMultipleTrustee = NULL;
1955  pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1956  pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
1957  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1958  pTrustee->ptstrName = (LPSTR) pObjSid;
1959 }
1960 
1961 
1962 /******************************************************************************
1963  * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
1964  */
1965 VOID WINAPI
1966 BuildTrusteeWithObjectsAndSidW(PTRUSTEEW pTrustee,
1967  POBJECTS_AND_SID pObjSid,
1968  GUID *pObjectGuid,
1969  GUID *pInheritedObjectGuid,
1970  PSID pSid)
1971 {
1972  DWORD ObjectsPresent = 0;
1973 
1974  TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
1975 
1976  /* Fill the OBJECTS_AND_SID structure */
1977  if (pObjectGuid != NULL)
1978  {
1979  pObjSid->ObjectTypeGuid = *pObjectGuid;
1980  ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1981  }
1982  else
1983  {
1984  ZeroMemory(&pObjSid->ObjectTypeGuid,
1985  sizeof(GUID));
1986  }
1987 
1988  if (pInheritedObjectGuid != NULL)
1989  {
1990  pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
1991  ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1992  }
1993  else
1994  {
1995  ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
1996  sizeof(GUID));
1997  }
1998 
1999  pObjSid->ObjectsPresent = ObjectsPresent;
2000  pObjSid->pSid = pSid;
2001 
2002  /* Fill the TRUSTEE structure */
2003  pTrustee->pMultipleTrustee = NULL;
2004  pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2005  pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2006  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2007  pTrustee->ptstrName = (LPWSTR) pObjSid;
2008 }
2009 
2010 /******************************************************************************
2011  * BuildTrusteeWithSidA [ADVAPI32.@]
2012  */
2013 VOID WINAPI
2014 BuildTrusteeWithSidA(PTRUSTEE_A pTrustee,
2015  PSID pSid)
2016 {
2017  TRACE("%p %p\n", pTrustee, pSid);
2018 
2019  pTrustee->pMultipleTrustee = NULL;
2020  pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2021  pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2022  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2023  pTrustee->ptstrName = (LPSTR) pSid;
2024 }
2025 
2026 
2027 /******************************************************************************
2028  * BuildTrusteeWithSidW [ADVAPI32.@]
2029  */
2030 VOID WINAPI
2031 BuildTrusteeWithSidW(PTRUSTEE_W pTrustee,
2032  PSID pSid)
2033 {
2034  TRACE("%p %p\n", pTrustee, pSid);
2035 
2036  pTrustee->pMultipleTrustee = NULL;
2037  pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2038  pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2039  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2040  pTrustee->ptstrName = (LPWSTR) pSid;
2041 }
2042 
2043 /******************************************************************************
2044  * BuildTrusteeWithNameA [ADVAPI32.@]
2045  */
2046 VOID WINAPI
2047 BuildTrusteeWithNameA(PTRUSTEE_A pTrustee,
2048  LPSTR name)
2049 {
2050  TRACE("%p %s\n", pTrustee, name);
2051 
2052  pTrustee->pMultipleTrustee = NULL;
2053  pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2054  pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2055  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2056  pTrustee->ptstrName = name;
2057 }
2058 
2059 /******************************************************************************
2060  * BuildTrusteeWithNameW [ADVAPI32.@]
2061  */
2062 VOID WINAPI
2063 BuildTrusteeWithNameW(PTRUSTEE_W pTrustee,
2064  LPWSTR name)
2065 {
2066  TRACE("%p %s\n", pTrustee, name);
2067 
2068  pTrustee->pMultipleTrustee = NULL;
2069  pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2070  pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2071  pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2072  pTrustee->ptstrName = name;
2073 }
2074 
2075 /******************************************************************************
2076  * GetTrusteeFormA [ADVAPI32.@]
2077  */
2078 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
2079 {
2080  TRACE("(%p)\n", pTrustee);
2081 
2082  if (!pTrustee)
2083  return TRUSTEE_BAD_FORM;
2084 
2085  return pTrustee->TrusteeForm;
2086 }
2087 
2088 /******************************************************************************
2089  * GetTrusteeFormW [ADVAPI32.@]
2090  */
2091 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
2092 {
2093  TRACE("(%p)\n", pTrustee);
2094 
2095  if (!pTrustee)
2096  return TRUSTEE_BAD_FORM;
2097 
2098  return pTrustee->TrusteeForm;
2099 }
2100 
2101 /******************************************************************************
2102  * GetTrusteeNameA [ADVAPI32.@]
2103  */
2104 LPSTR WINAPI
2105 GetTrusteeNameA(PTRUSTEE_A pTrustee)
2106 {
2107  return pTrustee->ptstrName;
2108 }
2109 
2110 
2111 /******************************************************************************
2112  * GetTrusteeNameW [ADVAPI32.@]
2113  */
2114 LPWSTR WINAPI
2115 GetTrusteeNameW(PTRUSTEE_W pTrustee)
2116 {
2117  return pTrustee->ptstrName;
2118 }
2119 
2120 /******************************************************************************
2121  * GetTrusteeTypeA [ADVAPI32.@]
2122  */
2123 TRUSTEE_TYPE WINAPI
2124 GetTrusteeTypeA(PTRUSTEE_A pTrustee)
2125 {
2126  return pTrustee->TrusteeType;
2127 }
2128 
2129 /******************************************************************************
2130  * GetTrusteeTypeW [ADVAPI32.@]
2131  */
2132 TRUSTEE_TYPE WINAPI
2133 GetTrusteeTypeW(PTRUSTEE_W pTrustee)
2134 {
2135  return pTrustee->TrusteeType;
2136 }
2137 
2138 /*
2139  * @implemented
2140  */
2141 BOOL
2142 WINAPI
2143 SetAclInformation(PACL pAcl,
2144  LPVOID pAclInformation,
2145  DWORD nAclInformationLength,
2146  ACL_INFORMATION_CLASS dwAclInformationClass)
2147 {
2148  NTSTATUS Status;
2149 
2150  Status = RtlSetInformationAcl(pAcl,
2151  pAclInformation,
2152  nAclInformationLength,
2153  dwAclInformationClass);
2154  if (!NT_SUCCESS(Status))
2155  {
2156  SetLastError(RtlNtStatusToDosError(Status));
2157  return FALSE;
2158  }
2159 
2160  return TRUE;
2161 }
2162 
2163 /**********************************************************************
2164  * SetNamedSecurityInfoA EXPORTED
2165  *
2166  * @implemented
2167  */
2168 DWORD
2169 WINAPI
2170 SetNamedSecurityInfoA(LPSTR pObjectName,
2171  SE_OBJECT_TYPE ObjectType,
2172  SECURITY_INFORMATION SecurityInfo,
2173  PSID psidOwner,
2174  PSID psidGroup,
2175  PACL pDacl,
2176  PACL pSacl)
2177 {
2178  UNICODE_STRING ObjectName;
2179  DWORD Ret;
2180 
2181  if (!RtlCreateUnicodeStringFromAsciiz(&ObjectName, pObjectName))
2182  {
2183  return ERROR_NOT_ENOUGH_MEMORY;
2184  }
2185 
2186  Ret = SetNamedSecurityInfoW(ObjectName.Buffer,
2187  ObjectType,
2188  SecurityInfo,
2189  psidOwner,
2190  psidGroup,
2191  pDacl,
2192  pSacl);
2193 
2194  RtlFreeUnicodeString(&ObjectName);
2195 
2196  return Ret;
2197 }
2198 
2199 /*
2200  * @implemented
2201  */
2202 BOOL
2203 WINAPI
2204 AreAllAccessesGranted(DWORD GrantedAccess,
2205  DWORD DesiredAccess)
2206 {
2207  return (BOOL)RtlAreAllAccessesGranted(GrantedAccess,
2208  DesiredAccess);
2209 }
2210 
2211 /*
2212  * @implemented
2213  */
2214 BOOL
2215 WINAPI
2216 AreAnyAccessesGranted(DWORD GrantedAccess,
2217  DWORD DesiredAccess)
2218 {
2219  return (BOOL)RtlAreAnyAccessesGranted(GrantedAccess,
2220  DesiredAccess);
2221 }
2222 
2223 /******************************************************************************
2224  * ParseAclStringFlags
2225  */
2226 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
2227 {
2228  DWORD flags = 0;
2229  LPCWSTR szAcl = *StringAcl;
2230 
2231  while (*szAcl && *szAcl != '(')
2232  {
2233  if (*szAcl == 'P')
2234  {
2235  flags |= SE_DACL_PROTECTED;
2236  }
2237  else if (*szAcl == 'A')
2238  {
2239  szAcl++;
2240  if (*szAcl == 'R')
2241  flags |= SE_DACL_AUTO_INHERIT_REQ;
2242  else if (*szAcl == 'I')
2243  flags |= SE_DACL_AUTO_INHERITED;
2244  }
2245  szAcl++;
2246  }
2247 
2248  *StringAcl = szAcl;
2249  return flags;
2250 }
2251 
2252 /******************************************************************************
2253  * ParseAceStringType
2254  */
2255 static const ACEFLAG AceType[] =
2256 {
2257  { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
2258  { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
2259  { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
2260  { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
2261  { SDDL_MANDATORY_LABEL,SYSTEM_MANDATORY_LABEL_ACE_TYPE },
2262  /*
2263  { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
2264  { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
2265  { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
2266  { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
2267  */
2268  { NULL, 0 },
2269 };
2270 
2271 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
2272 {
2273  UINT len = 0;
2274  LPCWSTR szAcl = *StringAcl;
2275  const ACEFLAG *lpaf = AceType;
2276 
2277  while (*szAcl == ' ')
2278  szAcl++;
2279 
2280  while (lpaf->wstr &&
2281  (len = strlenW(lpaf->wstr)) &&
2282  strncmpW(lpaf->wstr, szAcl, len))
2283  lpaf++;
2284 
2285  if (!lpaf->wstr)
2286  return 0;
2287 
2288  *StringAcl = szAcl + len;
2289  return lpaf->value;
2290 }
2291 
2292 
2293 /******************************************************************************
2294  * ParseAceStringFlags
2295  */
2296 static const ACEFLAG AceFlags[] =
2297 {
2298  { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
2299  { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
2300  { SDDL_INHERITED, INHERITED_ACE },
2301  { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
2302  { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
2303  { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
2304  { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
2305  { NULL, 0 },
2306 };
2307 
2308 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
2309 {
2310  UINT len = 0;
2311  BYTE flags = 0;
2312  LPCWSTR szAcl = *StringAcl;
2313 
2314  while (*szAcl == ' ')
2315  szAcl++;
2316 
2317  while (*szAcl != ';')
2318  {
2319  const ACEFLAG *lpaf = AceFlags;
2320 
2321  while (lpaf->wstr &&
2322  (len = strlenW(lpaf->wstr)) &&
2323  strncmpW(lpaf->wstr, szAcl, len))
2324  lpaf++;
2325 
2326  if (!lpaf->wstr)
2327  return 0;
2328 
2329  flags |= lpaf->value;
2330  szAcl += len;
2331  }
2332 
2333  *StringAcl = szAcl;
2334  return flags;
2335 }
2336 
2337 
2338 /******************************************************************************
2339  * ParseAceStringRights
2340  */
2341 static const ACEFLAG AceRights[] =
2342 {
2343  { SDDL_GENERIC_ALL, GENERIC_ALL },
2344  { SDDL_GENERIC_READ, GENERIC_READ },
2345  { SDDL_GENERIC_WRITE, GENERIC_WRITE },
2346  { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
2347 
2348  { SDDL_READ_CONTROL, READ_CONTROL },
2349  { SDDL_STANDARD_DELETE, DELETE },
2350  { SDDL_WRITE_DAC, WRITE_DAC },
2351  { SDDL_WRITE_OWNER, WRITE_OWNER },
2352 
2353  { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP},
2354  { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP},
2355  { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD},
2356  { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD},
2357  { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST},
2358  { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF},
2359  { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT},
2360  { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE},
2361  { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS},
2362 
2363  { SDDL_FILE_ALL, FILE_ALL_ACCESS },
2364  { SDDL_FILE_READ, FILE_GENERIC_READ },
2365  { SDDL_FILE_WRITE, FILE_GENERIC_WRITE },
2366  { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE },
2367 
2368  { SDDL_KEY_ALL, KEY_ALL_ACCESS },
2369  { SDDL_KEY_READ, KEY_READ },
2370  { SDDL_KEY_WRITE, KEY_WRITE },
2371  { SDDL_KEY_EXECUTE, KEY_EXECUTE },
2372 
2373  { SDDL_NO_READ_UP, SYSTEM_MANDATORY_LABEL_NO_READ_UP },
2374  { SDDL_NO_WRITE_UP, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP },
2375  { SDDL_NO_EXECUTE_UP, SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP },
2376  { NULL, 0 },
2377 };
2378 
2379 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
2380 {
2381  UINT len = 0;
2382  DWORD rights = 0;
2383  LPCWSTR szAcl = *StringAcl;
2384 
2385  while (*szAcl == ' ')
2386  szAcl++;
2387 
2388  if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2389  {
2390  LPCWSTR p = szAcl;
2391 
2392  while (*p && *p != ';')
2393  p++;
2394 
2395  if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
2396  {
2397  rights = strtoulW(szAcl, NULL, 16);
2398  szAcl = p;
2399  }
2400  else
2401  WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2402  }
2403  else
2404  {
2405  while (*szAcl != ';')
2406  {
2407  const ACEFLAG *lpaf = AceRights;
2408 
2409  while (lpaf->wstr &&
2410  (len = strlenW(lpaf->wstr)) &&
2411  strncmpW(lpaf->wstr, szAcl, len))
2412  {
2413  lpaf++;
2414  }
2415 
2416  if (!lpaf->wstr)
2417  return 0;
2418 
2419  rights |= lpaf->value;
2420  szAcl += len;
2421  }
2422  }
2423 
2424  *StringAcl = szAcl;
2425  return rights;
2426 }
2427 
2428 
2429 /******************************************************************************
2430  * ParseStringAclToAcl
2431  *
2432  * dacl_flags(string_ace1)(string_ace2)... (string_acen)
2433  */
2434 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
2435  PACL pAcl, LPDWORD cBytes)
2436 {
2437  DWORD val;
2438  DWORD sidlen;
2439  DWORD length = sizeof(ACL);
2440  DWORD acesize = 0;
2441  DWORD acecount = 0;
2442  PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
2443  DWORD error = ERROR_INVALID_ACL;
2444 
2445  TRACE("%s\n", debugstr_w(StringAcl));
2446 
2447  if (!StringAcl)
2448  return FALSE;
2449 
2450  if (pAcl) /* pAce is only useful if we're setting values */
2451  pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);
2452 
2453  /* Parse ACL flags */
2454  *lpdwFlags = ParseAclStringFlags(&StringAcl);
2455 
2456  /* Parse ACE */
2457  while (*StringAcl == '(')
2458  {
2459  StringAcl++;
2460 
2461  /* Parse ACE type */
2462  val = ParseAceStringType(&StringAcl);
2463  if (pAce)
2464  pAce->Header.AceType = (BYTE) val;
2465  if (*StringAcl != ';')
2466  {
2467  error = RPC_S_INVALID_STRING_UUID;
2468  goto lerr;
2469  }
2470  StringAcl++;
2471 
2472  /* Parse ACE flags */
2473  val = ParseAceStringFlags(&StringAcl);
2474  if (pAce)
2475  pAce->Header.AceFlags = (BYTE) val;
2476  if (*StringAcl != ';')
2477  goto lerr;
2478  StringAcl++;
2479 
2480  /* Parse ACE rights */
2481  val = ParseAceStringRights(&StringAcl);
2482  if (pAce)
2483  pAce->Mask = val;
2484  if (*StringAcl != ';')
2485  goto lerr;
2486  StringAcl++;
2487 
2488  /* Parse ACE object guid */
2489  while (*StringAcl == ' ')
2490  StringAcl++;
2491  if (*StringAcl != ';')
2492  {
2493  FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2494  goto lerr;
2495  }
2496  StringAcl++;
2497 
2498  /* Parse ACE inherit object guid */
2499  while (*StringAcl == ' ')
2500  StringAcl++;
2501  if (*StringAcl != ';')
2502  {
2503  FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2504  goto lerr;
2505  }
2506  StringAcl++;
2507 
2508  /* Parse ACE account sid */
2509  if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen))
2510  {
2511  while (*StringAcl && *StringAcl != ')')
2512  StringAcl++;
2513  }
2514 
2515  if (*StringAcl != ')')
2516  goto lerr;
2517  StringAcl++;
2518 
2519  acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
2520  length += acesize;
2521  if (pAce)
2522  {
2523  pAce->Header.AceSize = acesize;
2524  pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize);
2525  }
2526  acecount++;
2527  }
2528 
2529  *cBytes = length;
2530 
2531  if (length > 0xffff)
2532  {
2533  ERR("ACL too large\n");
2534  goto lerr;
2535  }
2536 
2537  if (pAcl)
2538  {
2539  pAcl->AclRevision = ACL_REVISION;
2540  pAcl->Sbz1 = 0;
2541  pAcl->AclSize = length;
2542  pAcl->AceCount = acecount;
2543  pAcl->Sbz2 = 0;
2544  }
2545  return TRUE;
2546 
2547 lerr:
2548  SetLastError(error);
2549  WARN("Invalid ACE string format\n");
2550  return FALSE;
2551 }
2552 
2553 /******************************************************************************
2554  * ParseStringSecurityDescriptorToSecurityDescriptor
2555  */
2556 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
2557  LPCWSTR StringSecurityDescriptor,
2558  SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
2559  LPDWORD cBytes)
2560 {
2561  BOOL bret = FALSE;
2562  WCHAR toktype;
2563  WCHAR *tok;
2564  LPCWSTR lptoken;
2565  LPBYTE lpNext = NULL;
2566  DWORD len;
2567 
2568  *cBytes = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
2569 
2570  tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
2571 
2572  if (SecurityDescriptor)
2573  lpNext = (LPBYTE)(SecurityDescriptor + 1);
2574 
2575  while (*StringSecurityDescriptor == ' ')
2576  StringSecurityDescriptor++;
2577 
2578  while (*StringSecurityDescriptor)
2579  {
2580  toktype = *StringSecurityDescriptor;
2581 
2582  /* Expect char identifier followed by ':' */
2583  StringSecurityDescriptor++;
2584  if (*StringSecurityDescriptor != ':')
2585  {
2586  SetLastError(ERROR_INVALID_PARAMETER);
2587  goto lend;
2588  }
2589  StringSecurityDescriptor++;
2590 
2591  /* Extract token */
2592  lptoken = StringSecurityDescriptor;
2593  while (*lptoken && *lptoken != ':')
2594  lptoken++;
2595 
2596  if (*lptoken)
2597  lptoken--;
2598 
2599  len = lptoken - StringSecurityDescriptor;
2600  memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
2601  tok[len] = 0;
2602 
2603  switch (toktype)
2604  {
2605  case 'O':
2606  {
2607  DWORD bytes;
2608 
2609  if (!ParseStringSidToSid(tok, lpNext, &bytes))
2610  goto lend;
2611 
2612  if (SecurityDescriptor)
2613  {
2614  SecurityDescriptor->Owner = lpNext - (LPBYTE)SecurityDescriptor;
2615  lpNext += bytes; /* Advance to next token */
2616  }
2617 
2618  *cBytes += bytes;
2619 
2620  break;
2621  }
2622 
2623  case 'G':
2624  {
2625  DWORD bytes;
2626 
2627  if (!ParseStringSidToSid(tok, lpNext, &bytes))
2628  goto lend;
2629 
2630  if (SecurityDescriptor)
2631  {
2632  SecurityDescriptor->Group = lpNext - (LPBYTE)SecurityDescriptor;
2633  lpNext += bytes; /* Advance to next token */
2634  }
2635 
2636  *cBytes += bytes;
2637 
2638  break;
2639  }
2640 
2641  case 'D':
2642  {
2643  DWORD flags;
2644  DWORD bytes;
2645 
2646  if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2647  goto lend;
2648 
2649  if (SecurityDescriptor)
2650  {
2651  SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
2652  SecurityDescriptor->Dacl = lpNext - (LPBYTE)SecurityDescriptor;
2653  lpNext += bytes; /* Advance to next token */
2654  }
2655 
2656  *cBytes += bytes;
2657 
2658  break;
2659  }
2660 
2661  case 'S':
2662  {
2663  DWORD flags;
2664  DWORD bytes;
2665 
2666  if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2667  goto lend;
2668 
2669  if (SecurityDescriptor)
2670  {
2671  SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
2672  SecurityDescriptor->Sacl = lpNext - (LPBYTE)SecurityDescriptor;
2673  lpNext += bytes; /* Advance to next token */
2674  }
2675 
2676  *cBytes += bytes;
2677 
2678  break;
2679  }
2680 
2681  default:
2682  FIXME("Unknown token\n");
2683  SetLastError(ERROR_INVALID_PARAMETER);
2684  goto lend;
2685  }
2686 
2687  StringSecurityDescriptor = lptoken;
2688  }
2689 
2690  bret = TRUE;
2691 
2692 lend:
2693  heap_free(tok);
2694  return bret;
2695 }
2696 
2697 /* Winehq cvs 20050916 */
2698 /******************************************************************************
2699  * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
2700  * @implemented
2701  */
2702 BOOL
2703 WINAPI
2704 ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor,
2705  DWORD StringSDRevision,
2706  PSECURITY_DESCRIPTOR* SecurityDescriptor,
2707  PULONG SecurityDescriptorSize)
2708 {
2709  UINT len;
2710  BOOL ret = FALSE;
2711  LPWSTR StringSecurityDescriptorW;
2712 
2713  len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
2714  StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
2715 
2716  if (StringSecurityDescriptorW)
2717  {
2718  MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
2719 
2720  ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
2721  StringSDRevision, SecurityDescriptor,
2722  SecurityDescriptorSize);
2723  HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
2724  }
2725 
2726  return ret;
2727 }
2728 
2729 /******************************************************************************
2730  * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2731  * @implemented
2732  */
2733 BOOL WINAPI
2734 ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor,
2735  DWORD StringSDRevision,
2736  PSECURITY_DESCRIPTOR* SecurityDescriptor,
2737  PULONG SecurityDescriptorSize)
2738 {
2739  DWORD cBytes;
2740  SECURITY_DESCRIPTOR* psd;
2741  BOOL bret = FALSE;
2742 
2743  TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2744 
2745  if (GetVersion() & 0x80000000)
2746  {
2747  SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2748  goto lend;
2749  }
2750  else if (!StringSecurityDescriptor || !SecurityDescriptor)
2751  {
2752  SetLastError(ERROR_INVALID_PARAMETER);
2753  goto lend;
2754  }
2755  else if (StringSDRevision != SID_REVISION)
2756  {
2757  SetLastError(ERROR_UNKNOWN_REVISION);
2758  goto lend;
2759  }
2760 
2761  /* Compute security descriptor length */
2762  if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2763  NULL, &cBytes))
2764  goto lend;
2765 
2766  psd = *SecurityDescriptor = LocalAlloc(GMEM_ZEROINIT, cBytes);
2767  if (!psd) goto lend;
2768 
2769  psd->Revision = SID_REVISION;
2770  psd->Control |= SE_SELF_RELATIVE;
2771 
2772  if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2773  (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
2774  {
2775  LocalFree(psd);
2776  goto lend;
2777  }
2778 
2779  if (SecurityDescriptorSize)
2780  *SecurityDescriptorSize = cBytes;
2781 
2782  bret = TRUE;
2783 
2784 lend:
2785  TRACE(" ret=%d\n", bret);
2786  return bret;
2787 }
2788 
2789 static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
2790 {
2791  if (cch == -1)
2792  cch = strlenW(string);
2793 
2794  if (plen)
2795  *plen += cch;
2796 
2797  if (pwptr)
2798  {
2799  memcpy(*pwptr, string, sizeof(WCHAR)*cch);
2800  *pwptr += cch;
2801  }
2802 }
2803 
2804 static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
2805 {
2806  DWORD i;
2807  WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
2808  WCHAR subauthfmt[] = { '-','%','u',0 };
2809  WCHAR buf[26];
2810  SID *pisid = psid;
2811 
2812  if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
2813  {
2814  SetLastError(ERROR_INVALID_SID);
2815  return FALSE;
2816  }
2817 
2818  if (pisid->IdentifierAuthority.Value[0] ||
2819  pisid->IdentifierAuthority.Value[1])
2820  {
2821  FIXME("not matching MS' bugs\n");
2822  SetLastError(ERROR_INVALID_SID);
2823  return FALSE;
2824  }
2825 
2826  sprintfW( buf, fmt, pisid->Revision,
2827  MAKELONG(
2828  MAKEWORD( pisid->IdentifierAuthority.Value[5],
2829  pisid->IdentifierAuthority.Value[4] ),
2830  MAKEWORD( pisid->IdentifierAuthority.Value[3],
2831  pisid->IdentifierAuthority.Value[2] )
2832  ) );
2833  DumpString(buf, -1, pwptr, plen);
2834 
2835  for( i=0; i<pisid->SubAuthorityCount; i++ )
2836  {
2837  sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
2838  DumpString(buf, -1, pwptr, plen);
2839  }
2840  return TRUE;
2841 }
2842 
2843 static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
2844 {
2845  size_t i;
2846  for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
2847  {
2848  if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
2849  {
2850  DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
2851  return TRUE;
2852  }
2853  }
2854 
2855  return DumpSidNumeric(psid, pwptr, plen);
2856 }
2857 
2858 static const LPCWSTR AceRightBitNames[32] = {
2859  SDDL_CREATE_CHILD, /* 0 */
2860  SDDL_DELETE_CHILD,
2861  SDDL_LIST_CHILDREN,
2862  SDDL_SELF_WRITE,
2863  SDDL_READ_PROPERTY, /* 4 */
2864  SDDL_WRITE_PROPERTY,
2865  SDDL_DELETE_TREE,
2866  SDDL_LIST_OBJECT,
2867  SDDL_CONTROL_ACCESS, /* 8 */
2868  NULL,
2869  NULL,
2870  NULL,
2871  NULL, /* 12 */
2872  NULL,
2873  NULL,
2874  NULL,
2875  SDDL_STANDARD_DELETE, /* 16 */
2876  SDDL_READ_CONTROL,
2877  SDDL_WRITE_DAC,
2878  SDDL_WRITE_OWNER,
2879  NULL, /* 20 */
2880  NULL,
2881  NULL,
2882  NULL,
2883  NULL, /* 24 */
2884  NULL,
2885  NULL,
2886  NULL,
2887  SDDL_GENERIC_ALL, /* 28 */
2888  SDDL_GENERIC_EXECUTE,
2889  SDDL_GENERIC_WRITE,
2890  SDDL_GENERIC_READ
2891 };
2892 
2893 static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
2894 {
2895  static const WCHAR fmtW[] = {'0','x','%','x',0};
2896  WCHAR buf[15];
2897  size_t i;
2898 
2899  if (mask == 0)
2900  return;
2901 
2902  /* first check if the right have name */
2903  for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
2904  {
2905  if (AceRights[i].wstr == NULL)
2906  break;
2907  if (mask == AceRights[i].value)
2908  {
2909  DumpString(AceRights[i].wstr, -1, pwptr, plen);
2910  return;
2911  }
2912  }
2913 
2914  /* then check if it can be built from bit names */
2915  for (i = 0; i < 32; i++)
2916  {
2917  if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
2918  {
2919  /* can't be built from bit names */
2920  sprintfW(buf, fmtW, mask);
2921  DumpString(buf, -1, pwptr, plen);
2922  return;
2923  }
2924  }
2925 
2926  /* build from bit names */
2927  for (i = 0; i < 32; i++)
2928  if (mask & (1 << i))
2929  DumpString(AceRightBitNames[i], -1, pwptr, plen);
2930 }
2931 
2932 static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
2933 {
2934  ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
2935  static const WCHAR openbr = '(';
2936  static const WCHAR closebr = ')';
2937  static const WCHAR semicolon = ';';
2938 
2939  if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
2940  {
2941  SetLastError(ERROR_INVALID_ACL);
2942  return FALSE;
2943  }
2944 
2945  piace = pace;
2946  DumpString(&openbr, 1, pwptr, plen);
2947  switch (piace->Header.AceType)
2948  {
2949  case ACCESS_ALLOWED_ACE_TYPE:
2950  DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
2951  break;
2952  case ACCESS_DENIED_ACE_TYPE:
2953  DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
2954  break;
2955  case SYSTEM_AUDIT_ACE_TYPE:
2956  DumpString(SDDL_AUDIT, -1, pwptr, plen);
2957  break;
2958  case SYSTEM_ALARM_ACE_TYPE:
2959  DumpString(SDDL_ALARM, -1, pwptr, plen);
2960  break;
2961  }
2962  DumpString(&semicolon, 1, pwptr, plen);
2963 
2964  if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
2965  DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
2966  if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
2967  DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
2968  if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE)
2969  DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
2970  if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
2971  DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
2972  if (piace->Header.AceFlags & INHERITED_ACE)
2973  DumpString(SDDL_INHERITED, -1, pwptr, plen);
2974  if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
2975  DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
2976  if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
2977  DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
2978  DumpString(&semicolon, 1, pwptr, plen);
2979  DumpRights(piace->Mask, pwptr, plen);
2980  DumpString(&semicolon, 1, pwptr, plen);
2981  /* objects not supported */
2982  DumpString(&semicolon, 1, pwptr, plen);
2983  /* objects not supported */
2984  DumpString(&semicolon, 1, pwptr, plen);
2985  if (!DumpSid((PSID)&piace->SidStart, pwptr, plen))
2986  return FALSE;
2987  DumpString(&closebr, 1, pwptr, plen);
2988  return TRUE;
2989 }
2990 
2991 static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
2992 {
2993  WORD count;
2994  int i;
2995 
2996  if (protected)
2997  DumpString(SDDL_PROTECTED, -1, pwptr, plen);
2998  if (autoInheritReq)
2999  DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
3000  if (autoInherited)
3001  DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
3002 
3003  if (pacl == NULL)
3004  return TRUE;
3005 
3006  if (!IsValidAcl(pacl))
3007  return FALSE;
3008 
3009  count = pacl->AceCount;
3010  for (i = 0; i < count; i++)
3011  {
3012  LPVOID ace;
3013  if (!GetAce(pacl, i, &ace))
3014  return FALSE;
3015  if (!DumpAce(ace, pwptr, plen))
3016  return FALSE;
3017  }
3018 
3019  return TRUE;
3020 }
3021 
3022 static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3023 {
3024  static const WCHAR prefix[] = {'O',':',0};
3025  BOOL bDefaulted;
3026  PSID psid;
3027 
3028  if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
3029  return FALSE;
3030 
3031  if (psid == NULL)
3032  return TRUE;
3033 
3034  DumpString(prefix, -1, pwptr, plen);
3035  if (!DumpSid(psid, pwptr, plen))
3036  return FALSE;
3037  return TRUE;
3038 }
3039 
3040 static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3041 {
3042  static const WCHAR prefix[] = {'G',':',0};
3043  BOOL bDefaulted;
3044  PSID psid;
3045 
3046  if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
3047  return FALSE;
3048 
3049  if (psid == NULL)
3050  return TRUE;
3051 
3052  DumpString(prefix, -1, pwptr, plen);
3053  if (!DumpSid(psid, pwptr, plen))
3054  return FALSE;
3055  return TRUE;
3056 }
3057 
3058 static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3059 {
3060  static const WCHAR dacl[] = {'D',':',0};
3061  SECURITY_DESCRIPTOR_CONTROL control;
3062  BOOL present, defaulted;
3063  DWORD revision;
3064  PACL pacl;
3065 
3066  if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
3067  return FALSE;
3068 
3069  if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3070  return FALSE;
3071 
3072  if (!present)
3073  return TRUE;
3074 
3075  DumpString(dacl, 2, pwptr, plen);
3076  if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
3077  return FALSE;
3078  return TRUE;
3079 }
3080 
3081 static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3082 {
3083  static const WCHAR sacl[] = {'S',':',0};
3084  SECURITY_DESCRIPTOR_CONTROL control;
3085  BOOL present, defaulted;
3086  DWORD revision;
3087  PACL pacl;
3088 
3089  if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
3090  return FALSE;
3091 
3092  if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3093  return FALSE;
3094 
3095  if (!present)
3096  return TRUE;
3097 
3098  DumpString(sacl, 2, pwptr, plen);
3099  if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
3100  return FALSE;
3101  return TRUE;
3102 }
3103 
3104 /******************************************************************************
3105  * ConvertSecurityDescriptorToStringSecurityDescriptorW [ADVAPI32.@]
3106  */
3107 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
3108 {
3109  ULONG len;
3110  WCHAR *wptr, *wstr;
3111 
3112  if (SDRevision != SDDL_REVISION_1)
3113  {
3114  ERR("Program requested unknown SDDL revision %d\n", SDRevision);
3115  SetLastError(ERROR_UNKNOWN_REVISION);
3116  return FALSE;
3117  }
3118 
3119  len = 0;
3120  if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3121  if (!DumpOwner(SecurityDescriptor, NULL, &len))
3122  return FALSE;
3123  if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3124  if (!DumpGroup(SecurityDescriptor, NULL, &len))
3125  return FALSE;
3126  if (RequestedInformation & DACL_SECURITY_INFORMATION)
3127  if (!DumpDacl(SecurityDescriptor, NULL, &len))
3128  return FALSE;
3129  if (RequestedInformation & SACL_SECURITY_INFORMATION)
3130  if (!DumpSacl(SecurityDescriptor, NULL, &len))
3131  return FALSE;
3132 
3133  wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
3134 #ifdef __REACTOS__
3135  if (wstr == NULL)
3136  return FALSE;
3137 #endif
3138 
3139  if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3140  if (!DumpOwner(SecurityDescriptor, &wptr, NULL)) {
3141  LocalFree (wstr);
3142  return FALSE;
3143  }
3144  if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3145  if (!DumpGroup(SecurityDescriptor, &wptr, NULL)) {
3146  LocalFree (wstr);
3147  return FALSE;
3148  }
3149  if (RequestedInformation & DACL_SECURITY_INFORMATION)
3150  if (!DumpDacl(SecurityDescriptor, &wptr, NULL)) {
3151  LocalFree (wstr);
3152  return FALSE;
3153  }
3154  if (RequestedInformation & SACL_SECURITY_INFORMATION)
3155  if (!DumpSacl(SecurityDescriptor, &wptr, NULL)) {
3156  LocalFree (wstr);
3157  return FALSE;
3158  }
3159  *wptr = 0;
3160 
3161  TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
3162  *OutputString = wstr;
3163  if (OutputLen)
3164  *OutputLen = strlenW(*OutputString)+1;
3165  return TRUE;
3166 }
3167 
3168 /******************************************************************************
3169  * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
3170  */
3171 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
3172 {
3173  LPWSTR wstr;
3174  ULONG len;
3175  if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
3176  {
3177  int lenA;
3178 
3179  lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
3180  *OutputString = heap_alloc(lenA);
3181 #ifdef __REACTOS__
3182  if (*OutputString == NULL)
3183  {
3184  LocalFree(wstr);
3185  *OutputLen = 0;
3186  return FALSE;
3187  }
3188 #endif
3189  WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
3190  LocalFree(wstr);
3191 
3192  if (OutputLen != NULL)
3193  *OutputLen = lenA;
3194  return TRUE;
3195  }
3196  else
3197  {
3198  *OutputString = NULL;
3199  if (OutputLen)
3200  *OutputLen = 0;
3201  return FALSE;
3202  }
3203 }
3204 
3205 /******************************************************************************
3206  * ConvertStringSidToSidW [ADVAPI32.@]
3207  */
3208 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
3209 {
3210  BOOL bret = FALSE;
3211  DWORD cBytes;
3212 
3213  TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
3214  if (GetVersion() & 0x80000000)
3215  SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3216  else if (!StringSid || !Sid)
3217  SetLastError(ERROR_INVALID_PARAMETER);
3218  else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
3219  {
3220  PSID pSid = *Sid = LocalAlloc(0, cBytes);
3221 
3222  bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
3223  if (!bret)
3224  LocalFree(*Sid);
3225  }
3226  return bret;
3227 }
3228 
3229 /******************************************************************************
3230  * ConvertStringSidToSidA [ADVAPI32.@]
3231  */
3232 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
3233 {
3234  BOOL bret = FALSE;
3235 
3236  TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
3237  if (GetVersion() & 0x80000000)
3238  SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3239  else if (!StringSid || !Sid)
3240  SetLastError(ERROR_INVALID_PARAMETER);
3241  else
3242  {
3243  WCHAR *wStringSid = SERV_dup(StringSid);
3244  bret = ConvertStringSidToSidW(wStringSid, Sid);
3245  heap_free(wStringSid);
3246  }
3247  return bret;
3248 }
3249 
3250 /*
3251  * @implemented
3252  */
3253 BOOL
3254 WINAPI
3255 ConvertSidToStringSidW(PSID Sid,
3256  LPWSTR *StringSid)
3257 {
3258  NTSTATUS Status;
3259  UNICODE_STRING UnicodeString;
3260  WCHAR FixedBuffer[64];
3261 
3262  if (!RtlValidSid(Sid))
3263  {
3264  SetLastError(ERROR_INVALID_SID);
3265  return FALSE;
3266  }
3267 
3268  UnicodeString.Length = 0;
3269  UnicodeString.MaximumLength = sizeof(FixedBuffer);
3270  UnicodeString.Buffer = FixedBuffer;
3271  Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, FALSE);
3272  if (STATUS_BUFFER_TOO_SMALL == Status)
3273  {
3274  Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, TRUE);
3275  }
3276 
3277  if (!NT_SUCCESS(Status))
3278  {
3279  SetLastError(RtlNtStatusToDosError(Status));
3280  return FALSE;
3281  }
3282 
3283  *StringSid = LocalAlloc(LMEM_FIXED, UnicodeString.Length + sizeof(WCHAR));
3284  if (NULL == *StringSid)
3285  {
3286  if (UnicodeString.Buffer != FixedBuffer)
3287  {
3288  RtlFreeUnicodeString(&UnicodeString);
3289  }
3290  SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3291  return FALSE;
3292  }
3293 
3294  MoveMemory(*StringSid, UnicodeString.Buffer, UnicodeString.Length);
3295  ZeroMemory((PCHAR) *StringSid + UnicodeString.Length, sizeof(WCHAR));
3296  if (UnicodeString.Buffer != FixedBuffer)
3297  {
3298  RtlFreeUnicodeString(&UnicodeString);
3299  }
3300 
3301  return TRUE;
3302 }
3303 
3304 /*
3305  * @implemented
3306  */
3307 BOOL
3308 WINAPI
3309 ConvertSidToStringSidA(PSID Sid,
3310  LPSTR *StringSid)
3311 {
3312  LPWSTR StringSidW;
3313  int Len;
3314 
3315  if (!ConvertSidToStringSidW(Sid, &StringSidW))
3316  {
3317  return FALSE;
3318  }
3319 
3320  Len = WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, NULL, 0, NULL, NULL);
3321  if (Len <= 0)
3322  {
3323  LocalFree(StringSidW);
3324  SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3325  return FALSE;
3326  }
3327 
3328  *StringSid = LocalAlloc(LMEM_FIXED, Len);
3329  if (NULL == *StringSid)
3330  {
3331  LocalFree(StringSidW);
3332  SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3333  return FALSE;
3334  }
3335 
3336  if (!WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, *StringSid, Len, NULL, NULL))
3337  {
3338  LocalFree(StringSid);
3339  LocalFree(StringSidW);
3340  return FALSE;
3341  }
3342 
3343  LocalFree(StringSidW);
3344 
3345  return TRUE;
3346 }
3347 
3348 /*
3349  * @unimplemented
3350  */
3351 BOOL WINAPI
3352 CreateProcessWithLogonW(LPCWSTR lpUsername,
3353  LPCWSTR lpDomain,
3354  LPCWSTR lpPassword,
3355  DWORD dwLogonFlags,
3356  LPCWSTR lpApplicationName,
3357  LPWSTR lpCommandLine,
3358  DWORD dwCreationFlags,
3359  LPVOID lpEnvironment,
3360  LPCWSTR lpCurrentDirectory,
3361  LPSTARTUPINFOW lpStartupInfo,
3362  LPPROCESS_INFORMATION lpProcessInformation)
3363 {
3364  FIXME("%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p stub\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
3365  debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
3366  debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
3367  lpStartupInfo, lpProcessInformation);
3368 
3369  return FALSE;
3370 }
3371 
3372 BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line,
3373  DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info,
3374  PROCESS_INFORMATION *process_information )
3375 {
3376  FIXME("%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n", token,
3377  logon_flags, debugstr_w(application_name), debugstr_w(command_line),
3378  creation_flags, environment, debugstr_w(current_directory),
3379  startup_info, process_information);
3380 
3381  /* FIXME: check if handles should be inherited */
3382  return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
3383  current_directory, startup_info, process_information );
3384 }
3385 
3386 /*
3387  * @implemented
3388  */
3389 BOOL WINAPI
3390 DuplicateTokenEx(IN HANDLE ExistingTokenHandle,
3391  IN DWORD dwDesiredAccess,
3392  IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL,
3393  IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3394  IN TOKEN_TYPE TokenType,
3395  OUT PHANDLE DuplicateTokenHandle)
3396 {
3397  OBJECT_ATTRIBUTES ObjectAttributes;
3398  NTSTATUS Status;
3399  SECURITY_QUALITY_OF_SERVICE Sqos;
3400 
3401  TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3402  ImpersonationLevel, TokenType, DuplicateTokenHandle);
3403 
3404  Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
3405  Sqos.ImpersonationLevel = ImpersonationLevel;
3406  Sqos.ContextTrackingMode = 0;
3407  Sqos.EffectiveOnly = FALSE;
3408 
3409  if (lpTokenAttributes != NULL)
3410  {
3411  InitializeObjectAttributes(&ObjectAttributes,
3412  NULL,
3413  lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0,
3414  NULL,
3415  lpTokenAttributes->lpSecurityDescriptor);
3416  }
3417  else
3418  {
3419  InitializeObjectAttributes(&ObjectAttributes,
3420  NULL,
3421  0,
3422  NULL,
3423  NULL);
3424  }
3425 
3426  ObjectAttributes.SecurityQualityOfService = &Sqos;
3427 
3428  Status = NtDuplicateToken(ExistingTokenHandle,
3429  dwDesiredAccess,
3430  &ObjectAttributes,
3431  FALSE,
3432  TokenType,
3433  DuplicateTokenHandle);
3434  if (!NT_SUCCESS(Status))
3435  {
3436  ERR("NtDuplicateToken failed: Status %08x\n", Status);
3437  SetLastError(RtlNtStatusToDosError(Status));
3438  return FALSE;
3439  }
3440 
3441  TRACE("Returning token %p.\n", *DuplicateTokenHandle);
3442 
3443  return TRUE;
3444 }
3445 
3446 /*
3447  * @implemented
3448  */
3449 BOOL WINAPI
3450 DuplicateToken(IN HANDLE ExistingTokenHandle,
3451  IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3452  OUT PHANDLE DuplicateTokenHandle)
3453 {
3454  return DuplicateTokenEx(ExistingTokenHandle,
3455  TOKEN_IMPERSONATE | TOKEN_QUERY,
3456  NULL,
3457  ImpersonationLevel,
3458  TokenImpersonation,
3459  DuplicateTokenHandle);
3460 }
3461 
3462 /******************************************************************************
3463  * ComputeStringSidSize
3464  */
3465 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
3466 {
3467  if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
3468  {
3469  int ctok = 0;
3470  while (*StringSid)
3471  {
3472  if (*StringSid == '-')
3473  ctok++;
3474  StringSid++;
3475  }
3476 
3477  if (ctok >= 3)
3478  return GetSidLengthRequired(ctok - 2);
3479  }
3480  else /* String constant format - Only available in winxp and above */
3481  {
3482  unsigned int i;
3483 
3484  for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3485  if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3486  return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
3487 
3488  for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3489  if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3490  {
3491  MAX_SID local;
3492  ADVAPI_GetComputerSid(&local);
3493  return GetSidLengthRequired(*GetSidSubAuthorityCount(&local) + 1);
3494  }
3495 
3496  }
3497 
3498  return GetSidLengthRequired(0);
3499 }
3500 
3501 /******************************************************************************
3502  * ParseStringSidToSid
3503  */
3504 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
3505 {
3506  BOOL bret = FALSE;
3507  SID* pisid=pSid;
3508 
3509  TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
3510  if (!StringSid)
3511  {
3512  SetLastError(ERROR_INVALID_PARAMETER);
3513  TRACE("StringSid is NULL, returning FALSE\n");
3514  return FALSE;
3515  }
3516 
3517  while (*StringSid == ' ')
3518  StringSid++;
3519 
3520  if (!*StringSid)
3521  goto lend; /* ERROR_INVALID_SID */
3522 
3523  *cBytes = ComputeStringSidSize(StringSid);
3524  if (!pisid) /* Simply compute the size */
3525  {
3526  TRACE("only size requested, returning TRUE with %d\n", *cBytes);
3527  return TRUE;
3528  }
3529 
3530  if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
3531  {
3532  DWORD i = 0, identAuth;
3533  DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD));
3534 
3535  StringSid += 2; /* Advance to Revision */
3536  pisid->Revision = atoiW(StringSid);
3537 
3538  if (pisid->Revision != SDDL_REVISION)
3539  {
3540  TRACE("Revision %d is unknown\n", pisid->Revision);
3541  goto lend; /* ERROR_INVALID_SID */
3542  }
3543  if (csubauth == 0)
3544  {
3545  TRACE("SubAuthorityCount is 0\n");
3546  goto lend; /* ERROR_INVALID_SID */
3547  }
3548 
3549  pisid->SubAuthorityCount = csubauth;
3550 
3551  /* Advance to identifier authority */
3552  while (*StringSid && *StringSid != '-')
3553  StringSid++;
3554  if (*StringSid == '-')
3555  StringSid++;
3556 
3557  /* MS' implementation can't handle values greater than 2^32 - 1, so
3558  * we don't either; assume most significant bytes are always 0
3559  */
3560  pisid->IdentifierAuthority.Value[0] = 0;
3561  pisid->IdentifierAuthority.Value[1] = 0;
3562  identAuth = atoiW(StringSid);
3563  pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
3564  pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
3565  pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
3566  pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
3567 
3568  /* Advance to first sub authority */
3569  while (*StringSid && *StringSid != '-')
3570  StringSid++;
3571  if (*StringSid == '-')
3572  StringSid++;
3573 
3574  while (*StringSid)
3575  {
3576  pisid->SubAuthority[i++] = atoiW(StringSid);
3577 
3578  while (*StringSid && *StringSid != '-')
3579  StringSid++;
3580  if (*StringSid == '-')
3581  StringSid++;
3582  }
3583 
3584  if (i != pisid->SubAuthorityCount)
3585  goto lend; /* ERROR_INVALID_SID */
3586 
3587  bret = TRUE;
3588  }
3589  else /* String constant format - Only available in winxp and above */
3590  {
3591  unsigned int i;
3592  pisid->Revision = SDDL_REVISION;
3593 
3594  for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3595  if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3596  {
3597  DWORD j;
3598  pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount;
3599  pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority;
3600  for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
3601  pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j];
3602  bret = TRUE;
3603  }
3604 
3605  for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3606  if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3607  {
3608  ADVAPI_GetComputerSid(pisid);
3609  pisid->SubAuthority[pisid->SubAuthorityCount] = WellKnownRids[i].Rid;
3610  pisid->SubAuthorityCount++;
3611  bret = TRUE;
3612  }
3613 
3614  if (!bret)
3615  FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
3616  }
3617 
3618 lend:
3619  if (!bret)
3620  SetLastError(ERROR_INVALID_SID);
3621 
3622  TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3623  return bret;
3624 }
3625 
3626 /**********************************************************************
3627  * GetNamedSecurityInfoA EXPORTED
3628  *
3629  * @implemented
3630  */
3631 DWORD
3632 WINAPI
3633 GetNamedSecurityInfoA(LPSTR pObjectName,
3634  SE_OBJECT_TYPE ObjectType,
3635  SECURITY_INFORMATION SecurityInfo,
3636  PSID *ppsidOwner,
3637  PSID *ppsidGroup,
3638  PACL *ppDacl,
3639  PACL *ppSacl,
3640  PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
3641 {
3642  DWORD len;
3643  LPWSTR wstr = NULL;
3644  DWORD r;
3645 
3646  TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
3647  ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
3648 
3649  if( pObjectName )
3650  {
3651  len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3652  wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3653  MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3654  }
3655 
3656  r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
3657  ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
3658 
3659  HeapFree( GetProcessHeap(), 0, wstr );
3660 
3661  return r;
3662 }
3663 
3664 /******************************************************************************
3665  * GetWindowsAccountDomainSid [ADVAPI32.@]
3666  */
3667 BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
3668 {
3669  SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
3670  DWORD required_size;
3671  int i;
3672 
3673  FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
3674 
3675  if (!sid || !IsValidSid( sid ))
3676  {
3677  SetLastError( ERROR_INVALID_SID );
3678  return FALSE;
3679  }
3680 
3681  if (!size)
3682  {
3683  SetLastError( ERROR_INVALID_PARAMETER );
3684  return FALSE;
3685  }
3686 
3687  if (*GetSidSubAuthorityCount( sid ) < 4)
3688  {
3689  SetLastError( ERROR_INVALID_SID );
3690  return FALSE;
3691  }
3692 
3693  required_size = GetSidLengthRequired( 4 );
3694  if (*size < required_size || !domain_sid)
3695  {
3696  *size = required_size;
3697  SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER :
3698  ERROR_INVALID_PARAMETER );
3699  return FALSE;
3700  }
3701 
3702  InitializeSid( domain_sid, &domain_ident, 4 );
3703  for (i = 0; i < 4; i++)
3704  *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
3705 
3706  *size = required_size;
3707  return TRUE;
3708 }
3709 
3710 /*
3711  * @unimplemented
3712  */
3713 BOOL
3714 WINAPI
3715 EqualDomainSid(IN PSID pSid1,
3716  IN PSID pSid2,
3717  OUT BOOL* pfEqual)
3718 {
3719  UNIMPLEMENTED;
3720  return FALSE;
3721 }
3722 
3723 /* EOF */
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
PVOID
DWORD *typedef PVOID
Definition: winlogon.h:61
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
PCHAR
signed char * PCHAR
Definition: retypes.h:7
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:91
FILE_GENERIC_READ
#define FILE_GENERIC_READ
Definition: nt_native.h:653
SECURITY_BATCH_RID
#define SECURITY_BATCH_RID
Definition: setypes.h:530
MAXIMUM_ALLOWED
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
GetTrusteeNameW
LPWSTR WINAPI GetTrusteeNameW(PTRUSTEE_W pTrustee)
Definition: security.c:2115
GetNamedSecurityInfoW
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1147
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
SDDL_OBJECT_INHERIT
static const WCHAR SDDL_OBJECT_INHERIT[]
Definition: security.c:165
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_SID_IDENTIFIER_AUTHORITY::Value
BYTE Value[6]
Definition: ms-dtyp.idl:195
_OBJECTS_AND_SID::ObjectTypeGuid
GUID ObjectTypeGuid
Definition: accctrl.h:349
ObjectType
ObjectType
Definition: metafile.c:80
SDDL_GENERIC_WRITE
#define SDDL_GENERIC_WRITE
Definition: sddl.h:66
ReturnLength
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
STATUS_NOT_ALL_ASSIGNED
#define STATUS_NOT_ALL_ASSIGNED
Definition: ntstatus.h:85
SDDL_WRITE_PROPERTY
#define SDDL_WRITE_PROPERTY
Definition: sddl.h:52
_TRUSTEE_A::TrusteeType
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:207
level
GLint level
Definition: gl.h:1546
IN
#define IN
Definition: typedefs.h:38
SE_SACL_PRESENT
#define SE_SACL_PRESENT
Definition: setypes.h:769
ParseStringSecurityDescriptorToSecurityDescriptor
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
Definition: security.c:2556
ERROR_BAD_PROVIDER
#define ERROR_BAD_PROVIDER
Definition: winerror.h:707
SECURITY_AUTHENTICATED_USER_RID
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
ImpersonateNamedPipeClient
BOOL WINAPI ImpersonateNamedPipeClient(HANDLE hNamedPipe)
Definition: security.c:899
SDDL_GENERIC_EXECUTE
#define SDDL_GENERIC_EXECUTE
Definition: sddl.h:67
GENERIC_ALL
#define GENERIC_ALL
Definition: nt_native.h:92
SECURITY_LOCAL_SYSTEM_RID
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
ACE_OBJECT_TYPE_PRESENT
#define ACE_OBJECT_TYPE_PRESENT
Definition: winnt_old.h:106
j
GLenum GLclampf GLint GLenum GLuint GLenum GLenum GLsizei GLenum const GLvoid GLfloat GLfloat GLfloat GLfloat GLclampd GLint GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean GLboolean GLboolean GLboolean GLint GLenum GLsizei const GLvoid GLenum GLint GLenum GLint GLint GLsizei GLint GLenum GLint GLint GLint GLint GLsizei GLenum GLsizei const GLuint GLboolean GLenum GLenum GLint GLsizei GLenum GLsizei GLenum const GLvoid GLboolean const GLboolean GLenum const GLdouble const GLfloat const GLdouble const GLfloat GLenum GLint GLint GLint GLint GLint GLint j
Definition: glfuncs.h:98
WORD
unsigned short WORD
Definition: ntddk_ex.h:93
value
Definition: get.c:139
_ACE_HEADER::AceFlags
UCHAR AceFlags
Definition: ms-dtyp.idl:211
DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS
#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS
Definition: setypes.h:644
TRUE
#define TRUE
Definition: types.h:120
lpLanguageId
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR _Inout_ LPDWORD _Out_ LPDWORD lpLanguageId
Definition: winbase.h:2730
_SECURITY_DESCRIPTOR_RELATIVE::Sacl
$ULONG Sacl
Definition: setypes.h:788
lpLuid
_In_ PLUID lpLuid
Definition: winbase.h:2749
DOMAIN_ALIAS_RID_GUESTS
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:626
DOMAIN_GROUP_RID_GUESTS
#define DOMAIN_GROUP_RID_GUESTS
Definition: setypes.h:613
_TRUSTEE_W::TrusteeForm
TRUSTEE_FORM TrusteeForm
Definition: accctrl.h:215
_ACCESS_ALLOWED_ACE::SidStart
DWORD SidStart
Definition: ms-dtyp.idl:218
_OBJECTS_AND_SID::pSid
SID * pSid
Definition: accctrl.h:351
_TRUSTEE_A
Definition: accctrl.h:202
NtPrivilegeCheck
NTSTATUS NTAPI NtPrivilegeCheck(IN HANDLE ClientToken, IN PPRIVILEGE_SET RequiredPrivileges, OUT PBOOLEAN Result)
Definition: priv.c:600
SECURITY_THIS_ORGANIZATION_RID
#define SECURITY_THIS_ORGANIZATION_RID
Definition: setypes.h:544
_STARTUPINFOW
Definition: winbase.h:816
SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP
Definition: setypes.h:756
UnicodeString
*BytesInUnicodeString PWCH UnicodeString
Definition: rtlfuncs.h:1980
SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:780
strlenW
WINE_UNICODE_INLINE unsigned int strlenW(const WCHAR *str)
Definition: unicode.h:212
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:782
_SECURITY_DESCRIPTOR_RELATIVE::Group
$ULONG Group
Definition: setypes.h:787
SDDL_INHERITED
static const WCHAR SDDL_INHERITED[]
Definition: security.c:168
Type
Type
Definition: Type.h:6
DeleteAce
BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
Definition: security.c:1041
_EXPLICIT_ACCESS_A::grfAccessMode
ACCESS_MODE grfAccessMode
Definition: accctrl.h:333
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
ACL_INFORMATION_CLASS
enum _ACL_INFORMATION_CLASS ACL_INFORMATION_CLASS
SECURITY_TERMINAL_SERVER_RID
#define SECURITY_TERMINAL_SERVER_RID
Definition: setypes.h:542
WideCharToMultiByte
#define WideCharToMultiByte
Definition: compat.h:101
_TOKEN_GROUPS
Definition: setypes.h:959
_SID
Definition: ms-dtyp.idl:198
FILE_ALL_ACCESS
#define FILE_ALL_ACCESS
Definition: nt_native.h:651
GetSecurityDescriptorDacl
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
SetNamedSecurityInfoW
DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1197
DumpOwner
static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3022
InheritedObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR InheritedObjectTypeName
Definition: security.c:77
InitializeAcl
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:881
_TRUSTEE_A::MultipleTrusteeOperation
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:205
ACEFLAG
struct _ACEFLAG ACEFLAG
_MAX_SID
Definition: security.c:27
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
ConvertSecurityDescriptorToStringSecurityDescriptorA
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
Definition: security.c:3171
FSCTL_PIPE_IMPERSONATE
#define FSCTL_PIPE_IMPERSONATE
Definition: winioctl.h:85
QuerySecurityAccessMask
VOID WINAPI QuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
Definition: sec.c:377
DOMAIN_GROUP_RID_SCHEMA_ADMINS
#define DOMAIN_GROUP_RID_SCHEMA_ADMINS
Definition: setypes.h:617
PSID_IDENTIFIER_AUTHORITY
* PSID_IDENTIFIER_AUTHORITY
Definition: setypes.h:436
MAKEWORD
#define MAKEWORD(a, b)
Definition: typedefs.h:247
_ACEFLAG
Definition: security.c:21
SetAclInformation
BOOL WINAPI SetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:2143
buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
SDDL_DELETE_CHILD
#define SDDL_DELETE_CHILD
Definition: sddl.h:54
SDDL_CONTAINER_INHERIT
static const WCHAR SDDL_CONTAINER_INHERIT[]
Definition: security.c:164
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:320
KEY_READ
#define KEY_READ
Definition: nt_native.h:1023
_TOKEN_PRIVILEGES
Definition: setypes.h:968
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
WellKnownSids
static const WELLKNOWNSID WellKnownSids[]
Definition: security.c:43
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
_ACL::AclSize
USHORT AclSize
Definition: ms-dtyp.idl:296
SDDL_AUTO_INHERITED
#define SDDL_AUTO_INHERITED
Definition: sddl.h:46
RevertToSelf
BOOL WINAPI RevertToSelf(VOID)
Definition: security.c:1483
_ACL
Definition: ms-dtyp.idl:293
ADS_RIGHT_DS_CREATE_CHILD
#define ADS_RIGHT_DS_CREATE_CHILD
Definition: security.c:151
MakeAbsoluteSD
BOOL WINAPI MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
Definition: security.c:825
r
GLdouble GLdouble GLdouble r
Definition: gl.h:2055
DOMAIN_ALIAS_RID_ACCOUNT_OPS
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:629
SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:709
CP_ACP
#define CP_ACP
Definition: compat.h:99
_SECURITY_DESCRIPTOR_RELATIVE::Dacl
$ULONG Dacl
Definition: setypes.h:789
_SID::SubAuthority
DWORD SubAuthority[*]
Definition: ms-dtyp.idl:202
DumpSid
static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2843
InitializeSecurityDescriptor
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:804
EqualSid
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:704
lstrcmpW
int WINAPI lstrcmpW(LPCWSTR lpString1, LPCWSTR lpString2)
Definition: lstring.c:170
ADS_RIGHT_DS_DELETE_CHILD
#define ADS_RIGHT_DS_DELETE_CHILD
Definition: security.c:152
LPSTR
static LPSTR(WINAPI *pGetTrusteeNameA)(PTRUSTEEA pTrustee)
AddAccessAllowedAceEx
BOOL WINAPI AddAccessAllowedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:938
_MAX_SID::SubAuthorityCount
BYTE SubAuthorityCount
Definition: security.c:31
RtlFreeSid
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
LookupAccountNameA
BOOL WINAPI LookupAccountNameA(LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
Definition: security.c:1684
SECURITY_DIALUP_RID
#define SECURITY_DIALUP_RID
Definition: setypes.h:528
PUCHAR
unsigned char * PUCHAR
Definition: retypes.h:3
_OBJECTS_AND_NAME_A::ObjectsPresent
DWORD ObjectsPresent
Definition: accctrl.h:356
SID_REVISION
#define SID_REVISION
Definition: setypes.h:453
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:52
SetNamedSecurityInfoA
DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: security.c:2170
x1
_In_ CLIPOBJ _In_ BRUSHOBJ _In_ LONG x1
Definition: winddi.h:3706
GetNamedSecurityInfoA
DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: security.c:3633
WARN
#define WARN(fmt,...)
Definition: debug.h:111
SetFileSecurityA
BOOL WINAPI SetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: security.c:1354
ERROR_INVALID_SID
#define ERROR_INVALID_SID
Definition: winerror.h:819
ACCESS_MODE
enum _ACCESS_MODE ACCESS_MODE
ConvertStringSidToSidW
BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID *Sid)
Definition: security.c:3208
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:603
BuildTrusteeWithNameW
VOID WINAPI BuildTrusteeWithNameW(PTRUSTEE_W pTrustee, LPWSTR name)
Definition: security.c:2063
PrivilegeCheck
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
Definition: security.c:1738
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
AddAccessAllowedAce
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:914
SECURITY_NETWORK_RID
#define SECURITY_NETWORK_RID
Definition: setypes.h:529
LookupPrivilegeNameW
BOOL WINAPI LookupPrivilegeNameW(LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, LPDWORD cchName)
Definition: misc.c:832
ADS_RIGHT_DS_CONTROL_ACCESS
#define ADS_RIGHT_DS_CONTROL_ACCESS
Definition: security.c:159
LPPROCESS_INFORMATION
SIZE_T LPPROCESS_INFORMATION
Definition: cordebug.idl:86
SDDL_WRITE_DAC
#define SDDL_WRITE_DAC
Definition: sddl.h:61
nLength
_In_ DWORD nLength
Definition: wincon.h:461
NtCurrentThread
#define NtCurrentThread()
lpName
_In_ LPCSTR lpName
Definition: winbase.h:2729
_TRUSTEE_A::pMultipleTrustee
struct _TRUSTEE_A * pMultipleTrustee
Definition: accctrl.h:204
SECURITY_MANDATORY_MEDIUM_RID
#define SECURITY_MANDATORY_MEDIUM_RID
Definition: setypes.h:657
GetTrusteeTypeA
TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEE_A pTrustee)
Definition: security.c:2124
_EXPLICIT_ACCESS_A::Trustee
TRUSTEE_A Trustee
Definition: accctrl.h:335
BuildExplicitAccessWithNameA
VOID WINAPI BuildExplicitAccessWithNameA(PEXPLICIT_ACCESSA pExplicitAccess, LPSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
Definition: security.c:1802
_PRIVILEGE_SET
Definition: setypes.h:85
DOMAIN_ALIAS_RID_DCOM_USERS
#define DOMAIN_ALIAS_RID_DCOM_USERS
Definition: setypes.h:645
ConvertSecurityDescriptorToStringSecurityDescriptorW
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
Definition: security.c:3107
_OBJECTS_AND_NAME_W
Definition: accctrl.h:363
LPCWSTR
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
WELLKNOWNRID::wstr
WCHAR wstr[2]
Definition: security.c:102
type
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
sid
FT_UInt sid
Definition: cffcmap.c:139
GetLastError
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
ZeroMemory
#define ZeroMemory
Definition: winbase.h:1635
ACCESS_ALLOWED_ACE
struct _ACCESS_ALLOWED_ACE ACCESS_ALLOWED_ACE
RtlSubAuthoritySid
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
LPACEFLAG
struct _ACEFLAG * LPACEFLAG
_TRUSTEE_W::TrusteeType
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:216
LPSTARTUPINFOW
SIZE_T LPSTARTUPINFOW
Definition: cordebug.idl:85
DumpSacl
static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3081
CreateProcessWithLogonW
BOOL WINAPI CreateProcessWithLogonW(LPCWSTR lpUsername, LPCWSTR lpDomain, LPCWSTR lpPassword, DWORD dwLogonFlags, LPCWSTR lpApplicationName, LPWSTR lpCommandLine, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
Definition: security.c:3352
ParseAceStringRights
static DWORD ParseAceStringRights(LPCWSTR *StringAcl)
Definition: security.c:2379
NtFsControlFile
NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, ULONG FsControlCode, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength)
BuildTrusteeWithSidA
VOID WINAPI BuildTrusteeWithSidA(PTRUSTEE_A pTrustee, PSID pSid)
Definition: security.c:2014
IsValidAcl
BOOL WINAPI IsValidAcl(PACL pAcl)
Definition: security.c:1084
SetThreadToken
BOOL WINAPI SetThreadToken(IN PHANDLE ThreadHandle OPTIONAL, IN HANDLE TokenHandle)
Definition: security.c:459
GetSidLengthRequired
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:727
GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
RtlGetAce
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)
DOMAIN_ALIAS_RID_POWER_USERS
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:627
SECURITY_INTERACTIVE_RID
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:531
TOKEN_IMPERSONATE
#define TOKEN_IMPERSONATE
Definition: setypes.h:873
RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NtOpenProcessToken
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:328
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
SECURITY_NULL_SID_AUTHORITY
#define SECURITY_NULL_SID_AUTHORITY
Definition: setypes.h:496
_OBJECTS_AND_NAME_W::ObjectType
SE_OBJECT_TYPE ObjectType
Definition: accctrl.h:366
WRITE_OWNER
#define WRITE_OWNER
Definition: nt_native.h:60
FILE_SHARE_WRITE
#define FILE_SHARE_WRITE
Definition: nt_native.h:681
GetSidSubAuthority
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:771
DumpSidNumeric
static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2804
GetTrusteeFormW
TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
Definition: security.c:2091
GetComputerNameW
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:339
NO_PROPAGATE_INHERIT_ACE
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:716
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
WELLKNOWNSID
struct WELLKNOWNSID WELLKNOWNSID
SE_DACL_PRESENT
#define SE_DACL_PRESENT
Definition: setypes.h:767
MoveMemory
#define MoveMemory
Definition: winbase.h:1632
LPSTR
char * LPSTR
Definition: xmlstorage.h:182
NtAllocateLocallyUniqueId
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:257
ConvertSidToStringSidW
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3255
TRUSTEE_TYPE
enum _TRUSTEE_TYPE TRUSTEE_TYPE
RtlAllocateAndInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
_ACCESS_ALLOWED_ACE::Header
ACE_HEADER Header
Definition: ms-dtyp.idl:216
lstrlenW
#define lstrlenW
Definition: compat.h:407
_ACL::AceCount
USHORT AceCount
Definition: ms-dtyp.idl:297
Revision
_In_ ULONG Revision
Definition: rtlfuncs.h:1104
GetTrusteeTypeW
TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEE_W pTrustee)
Definition: security.c:2133
RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
DWORD
DWORD DWORD
Definition: winlogon.h:84
SDDL_KEY_EXECUTE
#define SDDL_KEY_EXECUTE
Definition: sddl.h:75
GetSecurityDescriptorGroup
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76
SE_DACL_AUTO_INHERITED
#define SE_DACL_AUTO_INHERITED
Definition: setypes.h:775
GetVersion
DWORD WINAPI GetVersion(VOID)
Definition: version.c:22
ParseAclStringFlags
static DWORD ParseAclStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2226
heap_alloc
static void * heap_alloc(size_t len)
Definition: appwiz.h:65
FILE_SHARE_READ
#define FILE_SHARE_READ
Definition: compat.h:125
BOOL
static BOOL
Definition: security.c:72
hObject
HANDLE hObject
Definition: wglext.h:924
SECURITY_PACKAGE_SCHANNEL_RID
#define SECURITY_PACKAGE_SCHANNEL_RID
Definition: setypes.h:560
_SECURITY_DESCRIPTOR::Control
USHORT Control
Definition: ms-dtyp.idl:304
SDDL_OBJECT_ACCESS_DENIED
static const WCHAR SDDL_OBJECT_ACCESS_DENIED[]
Definition: security.c:138
strncmpW
WINE_UNICODE_INLINE int strncmpW(const WCHAR *str1, const WCHAR *str2, int n)
Definition: unicode.h:235
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:52
_SECURITY_QUALITY_OF_SERVICE::ContextTrackingMode
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
_SECURITY_DESCRIPTOR::Revision
UCHAR Revision
Definition: ms-dtyp.idl:302
_OBJECTS_AND_NAME_W::ptstrName
LPWSTR ptstrName
Definition: accctrl.h:369
Name
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR LPSTR Name
Definition: security.c:77
BuildTrusteeWithNameA
VOID WINAPI BuildTrusteeWithNameA(PTRUSTEE_A pTrustee, LPSTR name)
Definition: security.c:2047
SDDL_NO_PROPAGATE
static const WCHAR SDDL_NO_PROPAGATE[]
Definition: security.c:166
_TRUSTEE_A::ptstrName
LPSTR ptstrName
Definition: accctrl.h:208
NtAdjustPrivilegesToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength,*ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
Definition: token.c:3177
RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
debugstr_sid
static const char * debugstr_sid(PSID sid)
Definition: security.c:172
wine_dbg_sprintf
const char * wine_dbg_sprintf(const char *format,...)
Definition: compat.c:271
RtlAreAnyAccessesGranted
NTSYSAPI BOOLEAN NTAPI RtlAreAnyAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)
BuildTrusteeWithObjectsAndNameA
VOID WINAPI BuildTrusteeWithObjectsAndNameA(PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName, SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName, LPSTR InheritedObjectTypeName, LPSTR Name)
Definition: security.c:1844
sidWorld
static const SID sidWorld
Definition: security.c:124
name
GLuint const GLchar * name
Definition: glext.h:6031
SDDL_OBJECT_ACCESS_ALLOWED
static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[]
Definition: security.c:137
SDDL_ACCESS_ALLOWED
static const WCHAR SDDL_ACCESS_ALLOWED[]
Definition: security.c:134
SDDL_KEY_ALL
#define SDDL_KEY_ALL
Definition: sddl.h:72
GetSecurityDescriptorOwner
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103
_MAX_SID::Revision
BYTE Revision
Definition: security.c:30
cchName
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2706
ParseStringAclToAcl
static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags, PACL pAcl, LPDWORD cBytes)
Definition: security.c:2434
SUCCESSFUL_ACCESS_ACE_FLAG
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:721
SDDL_DELETE_TREE
#define SDDL_DELETE_TREE
Definition: sddl.h:58
DOMAIN_GROUP_RID_COMPUTERS
#define DOMAIN_GROUP_RID_COMPUTERS
Definition: setypes.h:614
SDDL_LIST_OBJECT
#define SDDL_LIST_OBJECT
Definition: sddl.h:57
SECURITY_PRINCIPAL_SELF_RID
#define SECURITY_PRINCIPAL_SELF_RID
Definition: setypes.h:539
RtlInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
_ACE_HEADER::AceSize
USHORT AceSize
Definition: ms-dtyp.idl:212
_OBJECTS_AND_NAME_W::InheritedObjectTypeName
LPWSTR InheritedObjectTypeName
Definition: accctrl.h:368
RtlSelfRelativeToAbsoluteSD
NTSYSAPI NTSTATUS WINAPI RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PDWORD, PACL, PDWORD, PACL, PDWORD, PSID, PDWORD, PSID, PDWORD)
i
GLenum GLclampf GLint i
Definition: glfuncs.h:14
DOMAIN_GROUP_RID_ADMINS
#define DOMAIN_GROUP_RID_ADMINS
Definition: setypes.h:611
FAILED_ACCESS_ACE_FLAG
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:722
mask
GLenum GLint GLuint mask
Definition: glext.h:6028
bytes
static unsigned char bytes[4]
Definition: adnsresfilter.c:74
SDDL_KEY_WRITE
#define SDDL_KEY_WRITE
Definition: sddl.h:74
SDDL_AUDIT_FAILURE
static const WCHAR SDDL_AUDIT_FAILURE[]
Definition: security.c:170
ParseAceStringFlags
static BYTE ParseAceStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2308
FALSE
#define FALSE
Definition: types.h:117
ADVAPI_GetComputerSid
BOOL ADVAPI_GetComputerSid(PSID sid)
Definition: security.c:271
_LUID
Definition: devicetopology.idl:136
SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
BufferLength
_In_ ULONG BufferLength
Definition: usbdlib.h:225
GetSecurityDescriptorControl
BOOL WINAPI GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
Definition: sec.c:21
_OBJECTS_AND_SID
Definition: accctrl.h:346
SECURITY_LOCAL_SID_AUTHORITY
#define SECURITY_LOCAL_SID_AUTHORITY
Definition: setypes.h:502
SDDL_NO_EXECUTE_UP
static const WCHAR SDDL_NO_EXECUTE_UP[]
Definition: security.c:129
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
SECURITY_DESCRIPTOR_CONTROL
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
FreeSid
PVOID WINAPI FreeSid(PSID pSid)
Definition: security.c:573
DOMAIN_USER_RID_ADMIN
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:603
SECURITY_IMPERSONATION_LEVEL
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
GENERIC_WRITE
#define GENERIC_WRITE
Definition: nt_native.h:90
debugstr_w
#define debugstr_w
Definition: kernel32.h:32
WELLKNOWNRID::Type
WELL_KNOWN_SID_TYPE Type
Definition: security.c:103
SECURITY_MANDATORY_LABEL_AUTHORITY
#define SECURITY_MANDATORY_LABEL_AUTHORITY
Definition: setypes.h:654
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
FIXME
#define FIXME(fmt,...)
Definition: debug.h:110
RtlValidAcl
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
wine_dbgstr_w
char * wine_dbgstr_w(const wchar_t *wstr)
Definition: CString.cpp:62
SDDL_WRITE_OWNER
#define SDDL_WRITE_OWNER
Definition: sddl.h:62
RtlAddAccessAllowedAceEx
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)
SetTokenInformation
BOOL WINAPI SetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
Definition: security.c:435
ADS_RIGHT_DS_DELETE_TREE
#define ADS_RIGHT_DS_DELETE_TREE
Definition: security.c:157
NtAdjustGroupsToken
NTSTATUS NTAPI NtAdjustGroupsToken(IN HANDLE TokenHandle, IN BOOLEAN ResetToDefault, IN PTOKEN_GROUPS NewState, IN ULONG BufferLength, OUT PTOKEN_GROUPS PreviousState OPTIONAL, OUT PULONG ReturnLength)
Definition: token.c:3041
str
const WCHAR * str
Definition: rpc_transport.c:2433
SECURITY_PACKAGE_BASE_RID
#define SECURITY_PACKAGE_BASE_RID
Definition: setypes.h:557
MAKELONG
#define MAKELONG(a, b)
Definition: typedefs.h:248
ACE_INHERITED_OBJECT_TYPE_PRESENT
#define ACE_INHERITED_OBJECT_TYPE_PRESENT
Definition: winnt_old.h:107
cch
static DWORD DWORD void LPSTR DWORD cch
Definition: str.c:201
ADS_RIGHT_DS_SELF
#define ADS_RIGHT_DS_SELF
Definition: security.c:154
SID_MAX_SUB_AUTHORITIES
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:454
ACL
struct _ACL ACL
NULL
smooth NULL
Definition: ftsmooth.c:416
_OBJECTS_AND_NAME_A::ObjectType
SE_OBJECT_TYPE ObjectType
Definition: accctrl.h:357
SDDL_FILE_EXECUTE
#define SDDL_FILE_EXECUTE
Definition: sddl.h:71
cbSid
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD cbSid
Definition: winbase.h:2682
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
SDDL_FILE_ALL
#define SDDL_FILE_ALL
Definition: sddl.h:68
AddAuditAccessAceEx
BOOL WINAPI AddAuditAccessAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
Definition: security.c:1651
DOMAIN_GROUP_RID_POLICY_ADMINS
#define DOMAIN_GROUP_RID_POLICY_ADMINS
Definition: setypes.h:619
SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
ADVAPI_IsLocalComputer
BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
Definition: security.c:249
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
BuildTrusteeWithObjectsAndSidW
VOID WINAPI BuildTrusteeWithObjectsAndSidW(PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
Definition: security.c:1966
RtlCreateUnicodeStringFromAsciiz
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
pObjName
static POBJECTS_AND_NAME_A pObjName
Definition: security.c:77
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
AccessCheckByType
BOOL WINAPI AccessCheckByType(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID PrincipalSelfSid, HANDLE ClientToken, DWORD DesiredAccess, POBJECT_TYPE_LIST ObjectTypeList, DWORD ObjectTypeListLength, PGENERIC_MAPPING GenericMapping, PPRIVILEGE_SET PrivilegeSet, LPDWORD PrivilegeSetLength, LPDWORD GrantedAccess, LPBOOL AccessStatus)
Definition: security.c:1575
_EXPLICIT_ACCESS_W
Definition: accctrl.h:338
NtSetInformationThread
NTSTATUS NTAPI NtSetInformationThread(IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength)
Definition: query.c:1967
LPCSTR
const char * LPCSTR
Definition: xmlstorage.h:183
BuildTrusteeWithObjectsAndSidA
VOID WINAPI BuildTrusteeWithObjectsAndSidA(PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
Definition: security.c:1917
GetSecurityInfoExW
DWORD WINAPI GetSecurityInfoExW(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup)
Definition: security.c:1784
AreAnyAccessesGranted
BOOL WINAPI AreAnyAccessesGranted(DWORD GrantedAccess, DWORD DesiredAccess)
Definition: security.c:2216
SECURITY_LOCAL_SERVICE_RID
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:547
AddAccessDeniedAceEx
BOOL WINAPI AddAccessDeniedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:989
RtlValidSid
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
_TRUSTEE_W
Definition: accctrl.h:211
SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
WELLKNOWNRID
struct WELLKNOWNRID WELLKNOWNRID
_ACE_HEADER
Definition: ms-dtyp.idl:209
GetSecurityInfoExA
DWORD WINAPI GetSecurityInfoExA(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup)
Definition: security.c:1764
CreateProcessW
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
Definition: proc.c:4650
val
GLuint GLfloat * val
Definition: glext.h:7180
FILE_GENERIC_EXECUTE
#define FILE_GENERIC_EXECUTE
Definition: nt_native.h:668
AceRights
static const ACEFLAG AceRights[]
Definition: security.c:2341
LMEM_FIXED
#define LMEM_FIXED
Definition: winbase.h:349
KEY_WRITE
#define KEY_WRITE
Definition: nt_native.h:1031
CONTAINER_INHERIT_ACE
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:715
Handle
_In_ HANDLE Handle
Definition: extypes.h:390
NtOpenFile
NTSYSAPI NTSTATUS NTAPI NtOpenFile(OUT PHANDLE phFile, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG ShareMode, IN ULONG OpenMode)
Definition: file.c:3508
token
int token
Definition: lex.c:71
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
DOMAIN_USER_RID_GUEST
#define DOMAIN_USER_RID_GUEST
Definition: setypes.h:604
NtQuerySecurityObject
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803
ConvertStringSidToSidA
BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID *Sid)
Definition: security.c:3232
PSID_NAME_USE
enum _SID_NAME_USE * PSID_NAME_USE
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
DOMAIN_USER_RID_KRBTGT
#define DOMAIN_USER_RID_KRBTGT
Definition: setypes.h:605
SECURITY_CREATOR_GROUP_SERVER_RID
#define SECURITY_CREATOR_GROUP_SERVER_RID
Definition: setypes.h:520
SDDL_CREATE_CHILD
#define SDDL_CREATE_CHILD
Definition: sddl.h:53
SECURITY_ENTERPRISE_CONTROLLERS_RID
#define SECURITY_ENTERPRISE_CONTROLLERS_RID
Definition: setypes.h:537
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
WINE_DEFAULT_DEBUG_CHANNEL
WINE_DEFAULT_DEBUG_CHANNEL(inetcpl)
size
GLsizeiptr size
Definition: glext.h:5919
AddAccessDeniedAce
BOOL WINAPI AddAccessDeniedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:965
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:395
HeapAlloc
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
WELLKNOWNSID::wstr
WCHAR wstr[2]
Definition: security.c:38
SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
CreateRestrictedToken
BOOL WINAPI CreateRestrictedToken(HANDLE baseToken, DWORD flags, DWORD nDisableSids, PSID_AND_ATTRIBUTES disableSids, DWORD nDeletePrivs, PLUID_AND_ATTRIBUTES deletePrivs, DWORD nRestrictSids, PSID_AND_ATTRIBUTES restrictSids, PHANDLE newToken)
Definition: security.c:500
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:874
pObjSid
static POBJECTS_AND_SID pObjSid
Definition: security.c:83
SE_SACL_AUTO_INHERIT_REQ
#define SE_SACL_AUTO_INHERIT_REQ
Definition: setypes.h:774
_GENERIC_MAPPING
Definition: nt_native.h:564
_OBJECT_TYPE_LIST
Definition: setypes.h:802
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
RtlIdentifierAuthoritySid
NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid)
DOMAIN_ALIAS_RID_BACKUP_OPS
#define DOMAIN_ALIAS_RID_BACKUP_OPS
Definition: setypes.h:632
debugstr_a
#define debugstr_a
Definition: kernel32.h:31
SECURITY_WORLD_SID_AUTHORITY
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
DuplicateToken
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3450
GetLengthSid
DWORD WINAPI GetLengthSid(PSID pSid)
Definition: security.c:794
length
GLenum GLuint GLenum GLsizei length
Definition: glext.h:5579
dacl
Definition: security.c:35
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
RtlSubAuthorityCountSid
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104
AccessCheck
BOOL WINAPI AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT LPDWORD PrivilegeSetLength, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus)
Definition: security.c:1525
SetFileSecurityW
BOOL WINAPI SetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: security.c:1384
OBJ_INHERIT
#define OBJ_INHERIT
Definition: winternl.h:225
_EXPLICIT_ACCESS_W::grfInheritance
DWORD grfInheritance
Definition: accctrl.h:342
pInheritedObjectGuid
static POBJECTS_AND_SID GUID GUID * pInheritedObjectGuid
Definition: security.c:83
ImpersonationLevel
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
SDDL_FILE_READ
#define SDDL_FILE_READ
Definition: sddl.h:69
AccessMask
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
CopyMemory
#define CopyMemory
Definition: winbase.h:1633
SE_DACL_PROTECTED
#define SE_DACL_PROTECTED
Definition: setypes.h:777
DOMAIN_ALIAS_RID_SYSTEM_OPS
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
Definition: setypes.h:630
ConvertStringSecurityDescriptorToSecurityDescriptorA
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:2704
SDDL_AUDIT
static const WCHAR SDDL_AUDIT[]
Definition: security.c:140
_EXPLICIT_ACCESS_W::grfAccessMode
ACCESS_MODE grfAccessMode
Definition: accctrl.h:341
SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
SECURITY_LOCAL_RID
#define SECURITY_LOCAL_RID
Definition: setypes.h:514
BuildTrusteeWithSidW
VOID WINAPI BuildTrusteeWithSidW(PTRUSTEE_W pTrustee, PSID pSid)
Definition: security.c:2031
_TRUSTEE_W::pMultipleTrustee
struct _TRUSTEE_W * pMultipleTrustee
Definition: accctrl.h:213
_EXPLICIT_ACCESS_W::Trustee
TRUSTEE_W Trustee
Definition: accctrl.h:343
ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
WRITE_DAC
#define WRITE_DAC
Definition: nt_native.h:59
DumpRights
static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2893
NtSetSecurityObject
NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
Len
#define Len
Definition: deflate.h:82
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
count
GLuint GLuint GLsizei count
Definition: gl.h:1545
SDDL_STANDARD_DELETE
#define SDDL_STANDARD_DELETE
Definition: sddl.h:63
ReferencedDomainName
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR ReferencedDomainName
Definition: winbase.h:2684
ADS_RIGHT_DS_READ_PROP
#define ADS_RIGHT_DS_READ_PROP
Definition: security.c:155
SetLastError
#define SetLastError(x)
Definition: compat.h:409
InitializeSid
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:737
DuplicateTokenEx
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3390
DumpDacl
static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3058
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
TOKEN_INFORMATION_CLASS
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
_OBJECTS_AND_NAME_A::ptstrName
LPSTR ptstrName
Definition: accctrl.h:360
SECURITY_WORLD_RID
#define SECURITY_WORLD_RID
Definition: setypes.h:513
SECURITY_PROXY_RID
#define SECURITY_PROXY_RID
Definition: setypes.h:536
ACCESS_DENIED_ACE_TYPE
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:686
SECURITY_ANONYMOUS_LOGON_RID
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
RtlConvertSidToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3393
flags
GLbitfield flags
Definition: glext.h:7161
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
RPC_S_INVALID_STRING_UUID
#define RPC_S_INVALID_STRING_UUID
Definition: winerror.h:1016
RtlAddAce
NTSYSAPI NTSTATUS NTAPI RtlAddAce(_Inout_ PACL Acl, _In_ ULONG AceRevision, _In_ ULONG StartingAceIndex, _In_reads_bytes_(AceListLength) PVOID AceList, _In_ ULONG AceListLength)
READ_CONTROL
#define READ_CONTROL
Definition: nt_native.h:58
SECURITY_CREATOR_OWNER_RID
#define SECURITY_CREATOR_OWNER_RID
Definition: setypes.h:517
SECURITY_OTHER_ORGANIZATION_RID
#define SECURITY_OTHER_ORGANIZATION_RID
Definition: setypes.h:591
SECURITY_NULL_RID
#define SECURITY_NULL_RID
Definition: setypes.h:512
Name
_In_ PUNICODE_STRING Name
Definition: mrx.h:218
RtlFirstFreeAce
NTSYSAPI BOOLEAN NTAPI RtlFirstFreeAce(PACL Acl, PACE *Ace)
_PROCESS_INFORMATION
Definition: winbase.h:837
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181
DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
Definition: setypes.h:618
ObjectType
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE ObjectType
Definition: security.c:77
ret
int ret
Definition: wcstombs-tests.c:31
_ACE_HEADER::AceType
UCHAR AceType
Definition: ms-dtyp.idl:210
ConvertSidToStringSidA
BOOL WINAPI ConvertSidToStringSidA(PSID Sid, LPSTR *StringSid)
Definition: security.c:3309
SE_SACL_PROTECTED
#define SE_SACL_PROTECTED
Definition: setypes.h:778
prefix
const XML_Char * prefix
Definition: expat.h:380
FILE_SHARE_DELETE
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
_OBJECTS_AND_NAME_W::ObjectsPresent
DWORD ObjectsPresent
Definition: accctrl.h:365
_TRUSTEE_W::MultipleTrusteeOperation
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:214
_SECURITY_DESCRIPTOR_RELATIVE::Owner
$ULONG Owner
Definition: setypes.h:786
DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS
#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS
Definition: setypes.h:643
WELLKNOWNSID::Type
WELL_KNOWN_SID_TYPE Type
Definition: security.c:39
GetKernelObjectSecurity
BOOL WINAPI GetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:862
SDDL_INHERIT_ONLY
static const WCHAR SDDL_INHERIT_ONLY[]
Definition: security.c:167
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:414
_TRUSTEE_W::ptstrName
LPWSTR ptstrName
Definition: accctrl.h:217
SynchronizeWindows31FilesAndWindowsNTRegistry
BOOL WINAPI SynchronizeWindows31FilesAndWindowsNTRegistry(DWORD x1, DWORD x2, DWORD x3, DWORD x4)
Definition: security.c:1471
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
DOMAIN_ALIAS_RID_MONITORING_USERS
#define DOMAIN_ALIAS_RID_MONITORING_USERS
Definition: setypes.h:641
_ACL::Sbz2
USHORT Sbz2
Definition: ms-dtyp.idl:298
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
_EXPLICIT_ACCESS_A::grfInheritance
DWORD grfInheritance
Definition: accctrl.h:334
GetSidSubAuthorityCount
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:783
len
GLenum GLsizei len
Definition: glext.h:6722
GENERIC_READ
#define GENERIC_READ
Definition: compat.h:124
SECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
WELLKNOWNSID::Sid
MAX_SID Sid
Definition: security.c:40
SubAuthorityCount
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
Definition: rtlfuncs.h:1487
_MAX_SID::IdentifierAuthority
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: security.c:32
SECURITY_MANDATORY_SYSTEM_RID
#define SECURITY_MANDATORY_SYSTEM_RID
Definition: setypes.h:659
LookupPrivilegeDisplayNameA
BOOL WINAPI LookupPrivilegeDisplayNameA(LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
Definition: security.c:1114
SECURITY_NETWORK_SERVICE_RID
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:548
WINAPI
#define WINAPI
Definition: msvc.h:20
debugstr_wn
#define debugstr_wn
Definition: kernel32.h:33
ComputeStringSidSize
static DWORD ComputeStringSidSize(LPCWSTR StringSid)
Definition: security.c:3465
TOKEN_TYPE
enum _TOKEN_TYPE TOKEN_TYPE
RtlImpersonateSelf
NTSYSAPI NTSTATUS NTAPI RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: priv.c:45
BYTE
unsigned char BYTE
Definition: ntddk_ex.h:96
SDDL_ALARM
static const WCHAR SDDL_ALARM[]
Definition: security.c:141
AdjustTokenPrivileges
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:372
Status
Status
Definition: gdiplustypes.h:24
FILE_GENERIC_WRITE
#define FILE_GENERIC_WRITE
Definition: nt_native.h:660
_ACL::Sbz1
UCHAR Sbz1
Definition: ms-dtyp.idl:295
SDDL_NO_WRITE_UP
static const WCHAR SDDL_NO_WRITE_UP[]
Definition: security.c:128
SDDL_MANDATORY_LABEL
static const WCHAR SDDL_MANDATORY_LABEL[]
Definition: security.c:142
MAX_SID
struct _MAX_SID MAX_SID
SetKernelObjectSecurity
BOOL WINAPI SetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: security.c:1600
local
#define local
Definition: zutil.h:30
ADS_RIGHT_DS_LIST_OBJECT
#define ADS_RIGHT_DS_LIST_OBJECT
Definition: security.c:158
_SECURITY_QUALITY_OF_SERVICE::Length
DWORD Length
Definition: lsa.idl:64
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
pObjectGuid
static POBJECTS_AND_SID GUID * pObjectGuid
Definition: security.c:83
_SECURITY_ATTRIBUTES
Definition: compat.h:179
ERR
#define ERR(fmt,...)
Definition: debug.h:109
SECURITY_MANDATORY_HIGH_RID
#define SECURITY_MANDATORY_HIGH_RID
Definition: setypes.h:658
DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS
#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS
Definition: setypes.h:639
GetFileSecurityW
BOOL WINAPI GetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:1279
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870
MAX_COMPUTERNAME_LENGTH
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:240
SERV_dup
static LPWSTR SERV_dup(LPCSTR str)
Definition: security.c:231
FileHandle
static HANDLE FileHandle
Definition: cabinet.c:48
SECURITY_PACKAGE_NTLM_RID
#define SECURITY_PACKAGE_NTLM_RID
Definition: setypes.h:559
AceType
static const ACEFLAG AceType[]
Definition: security.c:2255
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
SDDL_AUTO_INHERIT_REQ
#define SDDL_AUTO_INHERIT_REQ
Definition: sddl.h:45
_UNICODE_STRING
Definition: env_spec_w32.h:368
PreviousState
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID _In_ BOOLEAN _In_opt_ LONG _Out_opt_ PBOOLEAN PreviousState
Definition: zwfuncs.h:428
RtlEqualPrefixSid
NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid(PSID Sid1, PSID Sid2)
SYSTEM_ALARM_ACE_TYPE
#define SYSTEM_ALARM_ACE_TYPE
Definition: setypes.h:688
FileName
struct _FileName FileName
Definition: fatprocs.h:884
RtlQueryInformationAcl
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationAcl(PACL, LPVOID, DWORD, ACL_INFORMATION_CLASS)
set_ntstatus
static __inline BOOL set_ntstatus(NTSTATUS status)
Definition: security.c:225
SDDL_NO_READ_UP
static const WCHAR SDDL_NO_READ_UP[]
Definition: security.c:127
_ACTRL_ALISTW
Definition: accctrl.h:272
GetFileSecurityA
BOOL WINAPI GetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:1248
_ACL::AclRevision
UCHAR AclRevision
Definition: ms-dtyp.idl:294
HANDLE
DWORD *typedef HANDLE
Definition: winlogon.h:61
SECURITY_CREATOR_GROUP_RID
#define SECURITY_CREATOR_GROUP_RID
Definition: setypes.h:518
RtlSetInformationAcl
NTSTATUS NTAPI RtlSetInformationAcl(IN PACL Acl, IN PVOID Information, IN ULONG InformationLength, IN ACL_INFORMATION_CLASS InformationClass)
Definition: acl.c:785
OpenThreadToken
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
Definition: security.c:334
LPBOOL
BOOL * LPBOOL
Definition: windef.h:162
_EXPLICIT_ACCESS_A
Definition: accctrl.h:330
BuildExplicitAccessWithNameW
VOID WINAPI BuildExplicitAccessWithNameW(PEXPLICIT_ACCESSW pExplicitAccess, LPWSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
Definition: security.c:1824
AreAllAccessesGranted
BOOL WINAPI AreAllAccessesGranted(DWORD GrantedAccess, DWORD DesiredAccess)
Definition: security.c:2204
RtlAddAuditAccessAce
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
LookupPrivilegeDisplayNameW
BOOL WINAPI LookupPrivilegeDisplayNameW(LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
Definition: misc.c:901
SDDL_FILE_WRITE
#define SDDL_FILE_WRITE
Definition: sddl.h:70
PACCESS_ALLOWED_ACE
struct _ACCESS_ALLOWED_ACE * PACCESS_ALLOWED_ACE
SYSTEM_MANDATORY_LABEL_NO_READ_UP
#define SYSTEM_MANDATORY_LABEL_NO_READ_UP
Definition: setypes.h:755
ERROR_UNKNOWN_REVISION
#define ERROR_UNKNOWN_REVISION
Definition: winerror.h:787
SECURITY_MANDATORY_LOW_RID
#define SECURITY_MANDATORY_LOW_RID
Definition: setypes.h:656
DumpAce
static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2932
_OBJECTS_AND_NAME_A
Definition: accctrl.h:354
NtAccessCheck
NTSTATUS NTAPI NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:529
SECURITY_REMOTE_LOGON_RID
#define SECURITY_REMOTE_LOGON_RID
Definition: setypes.h:543
EqualPrefixSid
BOOL WINAPI EqualPrefixSid(PSID pSid1, PSID pSid2)
Definition: security.c:716
ADS_RIGHT_ACTRL_DS_LIST
#define ADS_RIGHT_ACTRL_DS_LIST
Definition: security.c:153
SDDL_KEY_READ
#define SDDL_KEY_READ
Definition: sddl.h:73
WELL_KNOWN_SID_TYPE
WELL_KNOWN_SID_TYPE
Definition: setypes.h:427
_ACCESS_ALLOWED_ACE::Mask
ACCESS_MASK Mask
Definition: ms-dtyp.idl:217
DOMAIN_ALIAS_RID_USERS
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
_SECURITY_DESCRIPTOR_RELATIVE::Control
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
GetAce
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
Definition: security.c:1061
_MAX_SID::SubAuthority
DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES]
Definition: security.c:33
AceRightBitNames
static const LPCWSTR AceRightBitNames[32]
Definition: security.c:2858
SE_SACL_AUTO_INHERITED
#define SE_SACL_AUTO_INHERITED
Definition: setypes.h:776
SDDL_GENERIC_READ
#define SDDL_GENERIC_READ
Definition: sddl.h:65
LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
KEY_ALL_ACCESS
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
_EXPLICIT_ACCESS_W::grfAccessPermissions
DWORD grfAccessPermissions
Definition: accctrl.h:340
EqualDomainSid
BOOL WINAPI EqualDomainSid(IN PSID pSid1, IN PSID pSid2, OUT BOOL *pfEqual)
Definition: security.c:3715
AllocateLocallyUniqueId
BOOL WINAPI AllocateLocallyUniqueId(PLUID Luid)
Definition: security.c:1093
DesiredAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
SDDL_GENERIC_ALL
#define SDDL_GENERIC_ALL
Definition: sddl.h:64
dwAceRevision
_In_ ULONG dwAceRevision
Definition: rtlfuncs.h:1115
sprintfW
#define sprintfW
Definition: unicode.h:58
INHERITED_ACE
#define INHERITED_ACE
Definition: ph.h:47
FindFirstFreeAce
BOOL WINAPI FindFirstFreeAce(PACL pAcl, LPVOID *pAce)
Definition: security.c:1051
LookupPrivilegeNameA
BOOL WINAPI LookupPrivilegeNameA(LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
Definition: security.c:1174
SECURITY_QUALITY_OF_SERVICE
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
GetSecurityDescriptorSacl
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
KEY_EXECUTE
#define KEY_EXECUTE
Definition: nt_native.h:1037
DOMAIN_ALIAS_RID_REPLICATOR
#define DOMAIN_ALIAS_RID_REPLICATOR
Definition: setypes.h:634
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
_SID::SubAuthorityCount
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
DOMAIN_GROUP_RID_USERS
#define DOMAIN_GROUP_RID_USERS
Definition: setypes.h:612
OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
PULONG
unsigned int * PULONG
Definition: retypes.h:1
SECURITY_PACKAGE_DIGEST_RID
#define SECURITY_PACKAGE_DIGEST_RID
Definition: setypes.h:561
SDDL_READ_PROPERTY
#define SDDL_READ_PROPERTY
Definition: sddl.h:51
RtlDeleteAce
NTSYSAPI NTSTATUS NTAPI RtlDeleteAce(PACL Acl, ULONG AceIndex)
SECURITY_RESTRICTED_CODE_RID
#define SECURITY_RESTRICTED_CODE_RID
Definition: setypes.h:541
UINT
unsigned int UINT
Definition: ndis.h:50
OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:292
_EXPLICIT_ACCESS_A::grfAccessPermissions
DWORD grfAccessPermissions
Definition: accctrl.h:332
DumpString
static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2789
pSid
static PSID pSid
Definition: security.c:74
RtlAreAllAccessesGranted
NTSYSAPI BOOLEAN NTAPI RtlAreAllAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)
GetTrusteeFormA
TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
Definition: security.c:2078
AddAce
BOOL WINAPI AddAce(PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
Definition: security.c:1016
BuildTrusteeWithObjectsAndNameW
VOID WINAPI BuildTrusteeWithObjectsAndNameW(PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName, SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName, LPWSTR InheritedObjectTypeName, LPWSTR Name)
Definition: security.c:1880
hThread
HANDLE hThread
Definition: wizard.c:27
PDWORD
DWORD * PDWORD
Definition: pedump.c:68
MultiByteToWideChar
#define MultiByteToWideChar
Definition: compat.h:100
_OBJECTS_AND_SID::InheritedObjectTypeGuid
GUID InheritedObjectTypeGuid
Definition: accctrl.h:350
x2
_In_ CLIPOBJ _In_ BRUSHOBJ _In_ LONG _In_ LONG _In_ LONG x2
Definition: winddi.h:3706
ADS_RIGHT_DS_WRITE_PROP
#define ADS_RIGHT_DS_WRITE_PROP
Definition: security.c:156
ERROR_NOT_ALL_ASSIGNED
#define ERROR_NOT_ALL_ASSIGNED
Definition: winerror.h:782
SECURITY_CREATOR_OWNER_SERVER_RID
#define SECURITY_CREATOR_OWNER_SERVER_RID
Definition: setypes.h:519
NtSetInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Definition: token.c:2372
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39
SDDL_SELF_WRITE
#define SDDL_SELF_WRITE
Definition: sddl.h:56
DOMAIN_ALIAS_RID_PRINT_OPS
#define DOMAIN_ALIAS_RID_PRINT_OPS
Definition: setypes.h:631
NtOpenThreadToken
NTSTATUS NTAPI NtOpenThreadToken(IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle)
Definition: token.c:3816
_SECURITY_QUALITY_OF_SERVICE::EffectiveOnly
BOOLEAN EffectiveOnly
Definition: lsa.idl:67
RtlAddAccessDeniedAceEx
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)
_OBJECT_ATTRIBUTES::SecurityQualityOfService
PVOID SecurityQualityOfService
Definition: umtypes.h:188
SDDL_REVISION
#define SDDL_REVISION
Definition: sddl.h:31
name
Definition: name.c:36
SDDL_OBJECT_AUDIT
static const WCHAR SDDL_OBJECT_AUDIT[]
Definition: security.c:144
SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
Definition: setypes.h:754
OUT
#define OUT
Definition: typedefs.h:39
_OBJECTS_AND_SID::ObjectsPresent
DWORD ObjectsPresent
Definition: accctrl.h:348