ReactOS 0.4.15-dev-6661-gcc6e444
security.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * WINE COPYRIGHT:
4 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
5 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
6 * Copyright 2006 Robert Reif
7 * Copyright 2006 Hervé Poussineau
8 *
9 * PROJECT: ReactOS system libraries
10 * FILE: dll/win32/advapi32/wine/security.c
11 */
12
13#include <advapi32.h>
14
15#include <sddl.h>
16
17WINE_DEFAULT_DEBUG_CHANNEL(advapi);
18
19static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
20#ifdef __REACTOS__
21VOID WINAPI QuerySecurityAccessMask(SECURITY_INFORMATION,LPDWORD);
22VOID WINAPI SetSecurityAccessMask(SECURITY_INFORMATION,LPDWORD);
23#endif
24
25typedef struct _ACEFLAG
26{
27 LPCWSTR wstr;
28 DWORD value;
29} ACEFLAG, *LPACEFLAG;
30
31typedef struct _MAX_SID
32{
33 /* same fields as struct _SID */
34 BYTE Revision;
35 BYTE SubAuthorityCount;
36 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
37 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
38} MAX_SID;
39
40typedef struct WELLKNOWNSID
41{
42 WCHAR wstr[2];
43 WELL_KNOWN_SID_TYPE Type;
44 MAX_SID Sid;
45} WELLKNOWNSID;
46
47static const WELLKNOWNSID WellKnownSids[] =
48{
49 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
50 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
51 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
52 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
53 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
54 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
55 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
56 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
57 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
58 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
59 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
60 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
61 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
62 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
63 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
64 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
65 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
66 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
67 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
68 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
69 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
70 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
71 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
72 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
73 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
74 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
75 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
76 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
77 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
78 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
79 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
80 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
81 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
82 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
83 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
84 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
85 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
86 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
87 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
88 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
89 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
90 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
91 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
92 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
93 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
94 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
95 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
96 { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
97 { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
98 { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
99 { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
100 { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
101};
102
103/* these SIDs must be constructed as relative to some domain - only the RID is well-known */
104typedef struct WELLKNOWNRID
105{
106 WCHAR wstr[2];
107 WELL_KNOWN_SID_TYPE Type;
108 DWORD Rid;
109} WELLKNOWNRID;
110
111static const WELLKNOWNRID WellKnownRids[] = {
112 { {'L','A'}, WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
113 { {'L','G'}, WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
114 { {0,0}, WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
115 { {'D','A'}, WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
116 { {'D','U'}, WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
117 { {'D','G'}, WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
118 { {'D','C'}, WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
119 { {'D','D'}, WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
120 { {'C','A'}, WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
121 { {'S','A'}, WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
122 { {'E','A'}, WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
123 { {'P','A'}, WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
124 { {'R','S'}, WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
125};
126
127#ifndef __REACTOS__
128static const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
129#endif
130
131static const WCHAR SDDL_NO_READ_UP[] = {'N','R',0};
132static const WCHAR SDDL_NO_WRITE_UP[] = {'N','W',0};
133static const WCHAR SDDL_NO_EXECUTE_UP[] = {'N','X',0};
134
135/*
136 * ACE types
137 */
138static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
139static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
140#ifndef __REACTOS__
141static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
142static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
143#endif
144static const WCHAR SDDL_AUDIT[] = {'A','U',0};
145static const WCHAR SDDL_ALARM[] = {'A','L',0};
146static const WCHAR SDDL_MANDATORY_LABEL[] = {'M','L',0};
147#ifndef __REACTOS__
148static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
149static const WCHAR SDDL_OBJECT_ALARM[] = {'O','L',0};
150#endif
151
152/*
153 * SDDL ADS Rights
154 */
155#define ADS_RIGHT_DS_CREATE_CHILD 0x0001
156#define ADS_RIGHT_DS_DELETE_CHILD 0x0002
157#define ADS_RIGHT_ACTRL_DS_LIST 0x0004
158#define ADS_RIGHT_DS_SELF 0x0008
159#define ADS_RIGHT_DS_READ_PROP 0x0010
160#define ADS_RIGHT_DS_WRITE_PROP 0x0020
161#define ADS_RIGHT_DS_DELETE_TREE 0x0040
162#define ADS_RIGHT_DS_LIST_OBJECT 0x0080
163#define ADS_RIGHT_DS_CONTROL_ACCESS 0x0100
164
165/*
166 * ACE flags
167 */
168static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
169static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
170static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
171static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
172static const WCHAR SDDL_INHERITED[] = {'I','D',0};
173static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
174static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
175
176static const char * debugstr_sid(PSID sid)
177{
178 int auth = 0;
179 SID * psid = (SID *)sid;
180
181 if (psid == NULL)
182 return "(null)";
183
184 auth = psid->IdentifierAuthority.Value[5] +
185 (psid->IdentifierAuthority.Value[4] << 8) +
186 (psid->IdentifierAuthority.Value[3] << 16) +
187 (psid->IdentifierAuthority.Value[2] << 24);
188
189 switch (psid->SubAuthorityCount) {
190 case 0:
191 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
192 case 1:
193 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
194 psid->SubAuthority[0]);
195 case 2:
196 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
197 psid->SubAuthority[0], psid->SubAuthority[1]);
198 case 3:
199 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
200 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
201 case 4:
202 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
203 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
204 psid->SubAuthority[3]);
205 case 5:
206 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
207 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
208 psid->SubAuthority[3], psid->SubAuthority[4]);
209 case 6:
210 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
211 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
212 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
213 case 7:
214 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
215 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
216 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
217 psid->SubAuthority[6]);
218 case 8:
219 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
220 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
221 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
222 psid->SubAuthority[6], psid->SubAuthority[7]);
223 }
224 return "(too-big)";
225}
226
227/* set last error code from NT status and get the proper boolean return value */
228/* used for functions that are a simple wrapper around the corresponding ntdll API */
229static __inline BOOL set_ntstatus( NTSTATUS status )
230{
231 if (!NT_SUCCESS(status)) SetLastError( RtlNtStatusToDosError( status ));
232 return NT_SUCCESS(status);
233}
234
235static LPWSTR SERV_dup( LPCSTR str )
236{
237 UINT len;
238 LPWSTR wstr;
239
240 if( !str )
241 return NULL;
242 len = MultiByteToWideChar( CP_ACP, 0, str, -1, NULL, 0 );
243 wstr = heap_alloc( len*sizeof (WCHAR) );
244 MultiByteToWideChar( CP_ACP, 0, str, -1, wstr, len );
245 return wstr;
246}
247
248/************************************************************
249 * ADVAPI_IsLocalComputer
250 *
251 * Checks whether the server name indicates local machine.
252 */
253BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
254{
255 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
256 BOOL Result;
257 LPWSTR buf;
258
259 if (!ServerName || !ServerName[0])
260 return TRUE;
261
262 buf = heap_alloc(dwSize * sizeof(WCHAR));
263 Result = GetComputerNameW(buf, &dwSize);
264 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
265 ServerName += 2;
266 Result = Result && !lstrcmpW(ServerName, buf);
267 heap_free(buf);
268
269 return Result;
270}
271
272/************************************************************
273 * ADVAPI_GetComputerSid
274 */
275BOOL ADVAPI_GetComputerSid(PSID sid)
276{
277 static const struct /* same fields as struct SID */
278 {
279 BYTE Revision;
280 BYTE SubAuthorityCount;
281 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
282 DWORD SubAuthority[4];
283 } computer_sid =
284 { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } };
285
286 memcpy( sid, &computer_sid, sizeof(computer_sid) );
287 return TRUE;
288}
289
290/* Exported functions */
291
292/*
293 * @implemented
294 */
295BOOL WINAPI
296OpenProcessToken(HANDLE ProcessHandle,
297 DWORD DesiredAccess,
298 PHANDLE TokenHandle)
299{
300 NTSTATUS Status;
301
302 TRACE("%p, %x, %p.\n", ProcessHandle, DesiredAccess, TokenHandle);
303
304 Status = NtOpenProcessToken(ProcessHandle,
305 DesiredAccess,
306 TokenHandle);
307 if (!NT_SUCCESS(Status))
308 {
309 ERR("NtOpenProcessToken failed! Status %08x.\n", Status);
310 SetLastError(RtlNtStatusToDosError(Status));
311 return FALSE;
312 }
313
314 TRACE("Returning token %p.\n", *TokenHandle);
315
316 return TRUE;
317}
318
319/******************************************************************************
320 * OpenThreadToken [ADVAPI32.@]
321 *
322 * Opens the access token associated with a thread handle.
323 *
324 * PARAMS
325 * ThreadHandle [I] Handle to process
326 * DesiredAccess [I] Desired access to the thread
327 * OpenAsSelf [I] ???
328 * TokenHandle [O] Destination for the token handle
329 *
330 * RETURNS
331 * Success: TRUE. TokenHandle contains the access token.
332 * Failure: FALSE.
333 *
334 * NOTES
335 * See NtOpenThreadToken.
336 */
337BOOL WINAPI
338OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
339 BOOL OpenAsSelf, HANDLE *TokenHandle)
340{
341 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
342}
343
344/*
345 * @implemented
346 */
347BOOL WINAPI
348AdjustTokenGroups(HANDLE TokenHandle,
349 BOOL ResetToDefault,
350 PTOKEN_GROUPS NewState,
351 DWORD BufferLength,
352 PTOKEN_GROUPS PreviousState,
353 PDWORD ReturnLength)
354{
355 NTSTATUS Status;
356
357 Status = NtAdjustGroupsToken(TokenHandle,
358 ResetToDefault,
359 NewState,
360 BufferLength,
361 PreviousState,
362 (PULONG)ReturnLength);
363 if (!NT_SUCCESS(Status))
364 {
365 SetLastError(RtlNtStatusToDosError(Status));
366 return FALSE;
367 }
368
369 return TRUE;
370}
371
372/*
373 * @implemented
374 */
375BOOL WINAPI
376AdjustTokenPrivileges(HANDLE TokenHandle,
377 BOOL DisableAllPrivileges,
378 PTOKEN_PRIVILEGES NewState,
379 DWORD BufferLength,
380 PTOKEN_PRIVILEGES PreviousState,
381 PDWORD ReturnLength)
382{
383 NTSTATUS Status;
384
385 Status = NtAdjustPrivilegesToken(TokenHandle,
386 DisableAllPrivileges,
387 NewState,
388 BufferLength,
389 PreviousState,
390 (PULONG)ReturnLength);
391 if (STATUS_NOT_ALL_ASSIGNED == Status)
392 {
393 SetLastError(ERROR_NOT_ALL_ASSIGNED);
394 return TRUE;
395 }
396
397 if (!NT_SUCCESS(Status))
398 {
399 SetLastError(RtlNtStatusToDosError(Status));
400 return FALSE;
401 }
402
403 /* AdjustTokenPrivileges is documented to do this */
404 SetLastError(ERROR_SUCCESS);
405
406 return TRUE;
407}
408
409/*
410 * @implemented
411 */
412BOOL WINAPI
413GetTokenInformation(HANDLE TokenHandle,
414 TOKEN_INFORMATION_CLASS TokenInformationClass,
415 LPVOID TokenInformation,
416 DWORD TokenInformationLength,
417 PDWORD ReturnLength)
418{
419 NTSTATUS Status;
420
421 Status = NtQueryInformationToken(TokenHandle,
422 TokenInformationClass,
423 TokenInformation,
424 TokenInformationLength,
425 (PULONG)ReturnLength);
426 if (!NT_SUCCESS(Status))
427 {
428 SetLastError(RtlNtStatusToDosError(Status));
429 return FALSE;
430 }
431
432 return TRUE;
433}
434
435/*
436 * @implemented
437 */
438BOOL WINAPI
439SetTokenInformation(HANDLE TokenHandle,
440 TOKEN_INFORMATION_CLASS TokenInformationClass,
441 LPVOID TokenInformation,
442 DWORD TokenInformationLength)
443{
444 NTSTATUS Status;
445
446 Status = NtSetInformationToken(TokenHandle,
447 TokenInformationClass,
448 TokenInformation,
449 TokenInformationLength);
450 if (!NT_SUCCESS(Status))
451 {
452 SetLastError(RtlNtStatusToDosError(Status));
453 return FALSE;
454 }
455
456 return TRUE;
457}
458
459/*
460 * @implemented
461 */
462BOOL WINAPI
463SetThreadToken(IN PHANDLE ThreadHandle OPTIONAL,
464 IN HANDLE TokenHandle)
465{
466 NTSTATUS Status;
467 HANDLE hThread;
468
469 hThread = (ThreadHandle != NULL) ? *ThreadHandle : NtCurrentThread();
470
471 Status = NtSetInformationThread(hThread,
472 ThreadImpersonationToken,
473 &TokenHandle,
474 sizeof(HANDLE));
475 if (!NT_SUCCESS(Status))
476 {
477 SetLastError(RtlNtStatusToDosError(Status));
478 return FALSE;
479 }
480
481 return TRUE;
482}
483
535BOOL WINAPI CreateRestrictedToken(
536 _In_ HANDLE ExistingTokenHandle,
537 _In_ DWORD Flags,
538 _In_ DWORD DisableSidCount,
539 _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable,
540 _In_ DWORD DeletePrivilegeCount,
541 _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete,
542 _In_ DWORD RestrictedSidCount,
543 _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict,
544 _Outptr_ PHANDLE NewTokenHandle)
545{
546 NTSTATUS Status;
547 BOOL Success;
548 ULONG Index;
549 PTOKEN_GROUPS DisableSids = NULL;
550 PTOKEN_GROUPS RestrictedSids = NULL;
551 PTOKEN_PRIVILEGES DeletePrivileges = NULL;
552
553 /*
554 * Capture the elements we're being given from
555 * the caller and allocate the groups and/or
556 * privileges that have to be filtered in
557 * the token.
558 */
559 if (SidsToDisable != NULL)
560 {
561 DisableSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, DisableSidCount * sizeof(TOKEN_GROUPS));
562 if (DisableSids == NULL)
563 {
564 /* We failed, bail out */
565 SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
566 return FALSE;
567 }
568
569 /* Copy the counter and loop the elements to copy the rest */
570 DisableSids->GroupCount = DisableSidCount;
571 for (Index = 0; Index < DisableSidCount; Index++)
572 {
573 DisableSids->Groups[Index].Sid = SidsToDisable[Index].Sid;
574 DisableSids->Groups[Index].Attributes = SidsToDisable[Index].Attributes;
575 }
576 }
577
578 if (PrivilegesToDelete != NULL)
579 {
580 DeletePrivileges = (PTOKEN_PRIVILEGES)LocalAlloc(LMEM_FIXED, DeletePrivilegeCount * sizeof(TOKEN_PRIVILEGES));
581 if (DeletePrivileges == NULL)
582 {
583 /* We failed, bail out */
584 SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
585 Success = FALSE;
586 goto Cleanup;
587 }
588
589 /* Copy the counter and loop the elements to copy the rest */
590 DeletePrivileges->PrivilegeCount = DeletePrivilegeCount;
591 for (Index = 0; Index < DeletePrivilegeCount; Index++)
592 {
593 DeletePrivileges->Privileges[Index].Luid = PrivilegesToDelete[Index].Luid;
594 DeletePrivileges->Privileges[Index].Attributes = PrivilegesToDelete[Index].Attributes;
595 }
596 }
597
598 if (SidsToRestrict != NULL)
599 {
600 RestrictedSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, RestrictedSidCount * sizeof(TOKEN_GROUPS));
601 if (RestrictedSids == NULL)
602 {
603 /* We failed, bail out */
604 SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
605 Success = FALSE;
606 goto Cleanup;
607 }
608
609 /* Copy the counter and loop the elements to copy the rest */
610 RestrictedSids->GroupCount = RestrictedSidCount;
611 for (Index = 0; Index < RestrictedSidCount; Index++)
612 {
613 RestrictedSids->Groups[Index].Sid = SidsToRestrict[Index].Sid;
614 RestrictedSids->Groups[Index].Attributes = SidsToRestrict[Index].Attributes;
615 }
616 }
617
618 /*
619 * Call the NT API to request a token filtering
620 * operation for us.
621 */
622 Status = NtFilterToken(ExistingTokenHandle,
623 Flags,
624 DisableSids,
625 DeletePrivileges,
626 RestrictedSids,
627 NewTokenHandle);
628 if (!NT_SUCCESS(Status))
629 {
630 /* We failed to do the job, bail out */
631 SetLastError(RtlNtStatusToDosError(Status));
632 Success = FALSE;
633 goto Cleanup;
634 }
635
636 /* If we reach here then we've successfully filtered the token */
637 Success = TRUE;
638
639Cleanup:
640 /* Free whatever we allocated before */
641 if (DisableSids != NULL)
642 {
643 LocalFree(DisableSids);
644 }
645
646 if (DeletePrivileges != NULL)
647 {
648 LocalFree(DeletePrivileges);
649 }
650
651 if (RestrictedSids != NULL)
652 {
653 LocalFree(RestrictedSids);
654 }
655
656 return Success;
657}
658
659/******************************************************************************
660 * AllocateAndInitializeSid [ADVAPI32.@]
661 *
662 * PARAMS
663 * pIdentifierAuthority []
664 * nSubAuthorityCount []
665 * nSubAuthority0 []
666 * nSubAuthority1 []
667 * nSubAuthority2 []
668 * nSubAuthority3 []
669 * nSubAuthority4 []
670 * nSubAuthority5 []
671 * nSubAuthority6 []
672 * nSubAuthority7 []
673 * pSid []
674 */
675BOOL WINAPI
676AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
677 BYTE nSubAuthorityCount,
678 DWORD nSubAuthority0, DWORD nSubAuthority1,
679 DWORD nSubAuthority2, DWORD nSubAuthority3,
680 DWORD nSubAuthority4, DWORD nSubAuthority5,
681 DWORD nSubAuthority6, DWORD nSubAuthority7,
682 PSID *pSid )
683{
684 return set_ntstatus( RtlAllocateAndInitializeSid(
685 pIdentifierAuthority, nSubAuthorityCount,
686 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
687 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
688 pSid ));
689}
690
691/*
692 * @implemented
693 *
694 * RETURNS
695 * Docs says this function does NOT return a value
696 * even thou it's defined to return a PVOID...
697 */
698PVOID
699WINAPI
700FreeSid(PSID pSid)
701{
702 return RtlFreeSid(pSid);
703}
704
705/******************************************************************************
706 * CopySid [ADVAPI32.@]
707 *
708 * PARAMS
709 * nDestinationSidLength []
710 * pDestinationSid []
711 * pSourceSid []
712 */
713BOOL WINAPI
714CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
715{
716 return set_ntstatus(RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid));
717}
718
719/*
720 * @unimplemented
721 */
722BOOL
723WINAPI
724CreateWellKnownSid(IN WELL_KNOWN_SID_TYPE WellKnownSidType,
725 IN PSID DomainSid OPTIONAL,
726 OUT PSID pSid,
727 IN OUT DWORD* cbSid)
728{
729 unsigned int i;
730 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
731
732 if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
733 {
734 SetLastError(ERROR_INVALID_PARAMETER);
735 return FALSE;
736 }
737
738 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
739 if (WellKnownSids[i].Type == WellKnownSidType) {
740 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
741
742 if (*cbSid < length)
743 {
744 *cbSid = length;
745 SetLastError(ERROR_INSUFFICIENT_BUFFER);
746 return FALSE;
747 }
748 if (!pSid)
749 {
750 SetLastError(ERROR_INVALID_PARAMETER);
751 return FALSE;
752 }
753 CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
754 *cbSid = length;
755 return TRUE;
756 }
757 }
758
759 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
760 {
761 SetLastError(ERROR_INVALID_PARAMETER);
762 return FALSE;
763 }
764
765 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
766 if (WellKnownRids[i].Type == WellKnownSidType) {
767 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
768 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
769 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
770
771 if (*cbSid < output_sid_length)
772 {
773 *cbSid = output_sid_length;
774 SetLastError(ERROR_INSUFFICIENT_BUFFER);
775 return FALSE;
776 }
777 if (!pSid)
778 {
779 SetLastError(ERROR_INVALID_PARAMETER);
780 return FALSE;
781 }
782 CopyMemory(pSid, DomainSid, domain_sid_length);
783 (*GetSidSubAuthorityCount(pSid))++;
784 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
785 *cbSid = output_sid_length;
786 return TRUE;
787 }
788
789 SetLastError(ERROR_INVALID_PARAMETER);
790 return FALSE;
791}
792
793/*
794 * @unimplemented
795 */
796BOOL
797WINAPI
798IsWellKnownSid(IN PSID pSid,
799 IN WELL_KNOWN_SID_TYPE WellKnownSidType)
800{
801 unsigned int i;
802 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
803
804 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
805 {
806 if (WellKnownSids[i].Type == WellKnownSidType)
807 {
808 if (EqualSid(pSid, (PSID)(&WellKnownSids[i].Sid.Revision)))
809 return TRUE;
810 }
811 }
812
813 return FALSE;
814}
815
816/*
817 * @implemented
818 */
819BOOL
820WINAPI
821IsValidSid(PSID pSid)
822{
823 return (BOOL)RtlValidSid(pSid);
824}
825
826/*
827 * @implemented
828 */
829BOOL
830WINAPI
831EqualSid(PSID pSid1,
832 PSID pSid2)
833{
834 SetLastError(ERROR_SUCCESS);
835 return RtlEqualSid (pSid1, pSid2);
836}
837
838/*
839 * @implemented
840 */
841BOOL
842WINAPI
843EqualPrefixSid(PSID pSid1,
844 PSID pSid2)
845{
846 return RtlEqualPrefixSid (pSid1, pSid2);
847}
848
849/*
850 * @implemented
851 */
852DWORD
853WINAPI
854GetSidLengthRequired(UCHAR nSubAuthorityCount)
855{
856 return (DWORD)RtlLengthRequiredSid(nSubAuthorityCount);
857}
858
859/*
860 * @implemented
861 */
862BOOL
863WINAPI
864InitializeSid(PSID Sid,
865 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
866 BYTE nSubAuthorityCount)
867{
868 NTSTATUS Status;
869
870 Status = RtlInitializeSid(Sid,
871 pIdentifierAuthority,
872 nSubAuthorityCount);
873 if (!NT_SUCCESS(Status))
874 {
875 SetLastError(RtlNtStatusToDosError(Status));
876 return FALSE;
877 }
878
879 return TRUE;
880}
881
882/*
883 * @implemented
884 */
885PSID_IDENTIFIER_AUTHORITY
886WINAPI
887GetSidIdentifierAuthority(PSID pSid)
888{
889 SetLastError(ERROR_SUCCESS);
890 return RtlIdentifierAuthoritySid(pSid);
891}
892
893/*
894 * @implemented
895 */
896PDWORD
897WINAPI
898GetSidSubAuthority(PSID pSid,
899 DWORD nSubAuthority)
900{
901 SetLastError(ERROR_SUCCESS);
902 return (PDWORD)RtlSubAuthoritySid(pSid, nSubAuthority);
903}
904
905/*
906 * @implemented
907 */
908PUCHAR
909WINAPI
910GetSidSubAuthorityCount(PSID pSid)
911{
912 SetLastError(ERROR_SUCCESS);
913 return RtlSubAuthorityCountSid(pSid);
914}
915
916/*
917 * @implemented
918 */
919DWORD
920WINAPI
921GetLengthSid(PSID pSid)
922{
923 return (DWORD)RtlLengthSid(pSid);
924}
925
926/*
927 * @implemented
928 */
929BOOL
930WINAPI
931InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor,
932 DWORD dwRevision)
933{
934 NTSTATUS Status;
935
936 Status = RtlCreateSecurityDescriptor(pSecurityDescriptor,
937 dwRevision);
938 if (!NT_SUCCESS(Status))
939 {
940 SetLastError(RtlNtStatusToDosError(Status));
941 return FALSE;
942 }
943
944 return TRUE;
945}
946
947/*
948 * @implemented
949 */
950BOOL
951WINAPI
952MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
953 PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
954 LPDWORD lpdwAbsoluteSecurityDescriptorSize,
955 PACL pDacl,
956 LPDWORD lpdwDaclSize,
957 PACL pSacl,
958 LPDWORD lpdwSaclSize,
959 PSID pOwner,
960 LPDWORD lpdwOwnerSize,
961 PSID pPrimaryGroup,
962 LPDWORD lpdwPrimaryGroupSize)
963{
964 NTSTATUS Status;
965
966 Status = RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
967 pAbsoluteSecurityDescriptor,
968 lpdwAbsoluteSecurityDescriptorSize,
969 pDacl,
970 lpdwDaclSize,
971 pSacl,
972 lpdwSaclSize,
973 pOwner,
974 lpdwOwnerSize,
975 pPrimaryGroup,
976 lpdwPrimaryGroupSize);
977 if (!NT_SUCCESS(Status))
978 {
979 SetLastError(RtlNtStatusToDosError(Status));
980 return FALSE;
981 }
982
983 return TRUE;
984}
985
986/******************************************************************************
987 * GetKernelObjectSecurity [ADVAPI32.@]
988 */
989BOOL WINAPI GetKernelObjectSecurity(
990 HANDLE Handle,
991 SECURITY_INFORMATION RequestedInformation,
992 PSECURITY_DESCRIPTOR pSecurityDescriptor,
993 DWORD nLength,
994 LPDWORD lpnLengthNeeded )
995{
996 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
997 pSecurityDescriptor, nLength, lpnLengthNeeded);
998
999 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
1000 nLength, lpnLengthNeeded ));
1001}
1002
1003/*
1004 * @implemented
1005 */
1006BOOL
1007WINAPI
1008InitializeAcl(PACL pAcl,
1009 DWORD nAclLength,
1010 DWORD dwAclRevision)
1011{
1012 NTSTATUS Status;
1013
1014 Status = RtlCreateAcl(pAcl,
1015 nAclLength,
1016 dwAclRevision);
1017 if (!NT_SUCCESS(Status))
1018 {
1019 SetLastError(RtlNtStatusToDosError(Status));
1020 return FALSE;
1021 }
1022
1023 return TRUE;
1024}
1025
1026BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
1027{
1028 IO_STATUS_BLOCK io_block;
1029
1030 TRACE("(%p)\n", hNamedPipe);
1031
1032 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
1033 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
1034}
1035
1036/*
1037 * @implemented
1038 */
1039BOOL
1040WINAPI
1041AddAccessAllowedAce(PACL pAcl,
1042 DWORD dwAceRevision,
1043 DWORD AccessMask,
1044 PSID pSid)
1045{
1046 NTSTATUS Status;
1047
1048 Status = RtlAddAccessAllowedAce(pAcl,
1049 dwAceRevision,
1050 AccessMask,
1051 pSid);
1052 if (!NT_SUCCESS(Status))
1053 {
1054 SetLastError(RtlNtStatusToDosError(Status));
1055 return FALSE;
1056 }
1057
1058 return TRUE;
1059}
1060
1061/*
1062 * @implemented
1063 */
1064BOOL WINAPI
1065AddAccessAllowedAceEx(PACL pAcl,
1066 DWORD dwAceRevision,
1067 DWORD AceFlags,
1068 DWORD AccessMask,
1069 PSID pSid)
1070{
1071 NTSTATUS Status;
1072
1073 Status = RtlAddAccessAllowedAceEx(pAcl,
1074 dwAceRevision,
1075 AceFlags,
1076 AccessMask,
1077 pSid);
1078 if (!NT_SUCCESS(Status))
1079 {
1080 SetLastError(RtlNtStatusToDosError(Status));
1081 return FALSE;
1082 }
1083
1084 return TRUE;
1085}
1086
1087/*
1088 * @implemented
1089 */
1090BOOL
1091WINAPI
1092AddAccessDeniedAce(PACL pAcl,
1093 DWORD dwAceRevision,
1094 DWORD AccessMask,
1095 PSID pSid)
1096{
1097 NTSTATUS Status;
1098
1099 Status = RtlAddAccessDeniedAce(pAcl,
1100 dwAceRevision,
1101 AccessMask,
1102 pSid);
1103 if (!NT_SUCCESS(Status))
1104 {
1105 SetLastError(RtlNtStatusToDosError(Status));
1106 return FALSE;
1107 }
1108
1109 return TRUE;
1110}
1111
1112/*
1113 * @implemented
1114 */
1115BOOL WINAPI
1116AddAccessDeniedAceEx(PACL pAcl,
1117 DWORD dwAceRevision,
1118 DWORD AceFlags,
1119 DWORD AccessMask,
1120 PSID pSid)
1121{
1122 NTSTATUS Status;
1123
1124 Status = RtlAddAccessDeniedAceEx(pAcl,
1125 dwAceRevision,
1126 AceFlags,
1127 AccessMask,
1128 pSid);
1129 if (!NT_SUCCESS(Status))
1130 {
1131 SetLastError(RtlNtStatusToDosError(Status));
1132 return FALSE;
1133 }
1134
1135 return TRUE;
1136}
1137
1138/*
1139 * @implemented
1140 */
1141BOOL
1142WINAPI
1143AddAce(PACL pAcl,
1144 DWORD dwAceRevision,
1145 DWORD dwStartingAceIndex,
1146 LPVOID pAceList,
1147 DWORD nAceListLength)
1148{
1149 NTSTATUS Status;
1150
1151 Status = RtlAddAce(pAcl,
1152 dwAceRevision,
1153 dwStartingAceIndex,
1154 pAceList,
1155 nAceListLength);
1156 if (!NT_SUCCESS(Status))
1157 {
1158 SetLastError(RtlNtStatusToDosError(Status));
1159 return FALSE;
1160 }
1161
1162 return TRUE;
1163}
1164
1165/******************************************************************************
1166 * DeleteAce [ADVAPI32.@]
1167 */
1168BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
1169{
1170 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1171}
1172
1173/*
1174 * @implemented
1175 */
1176BOOL
1177WINAPI
1178FindFirstFreeAce(PACL pAcl,
1179 LPVOID *pAce)
1180{
1181 return RtlFirstFreeAce(pAcl,
1182 (PACE*)pAce);
1183}
1184
1185/******************************************************************************
1186 * GetAce [ADVAPI32.@]
1187 */
1188BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1189{
1190 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1191}
1192
1193/******************************************************************************
1194 * GetAclInformation [ADVAPI32.@]
1195 */
1196BOOL WINAPI GetAclInformation(
1197 PACL pAcl,
1198 LPVOID pAclInformation,
1199 DWORD nAclInformationLength,
1200 ACL_INFORMATION_CLASS dwAclInformationClass)
1201{
1202 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1203 nAclInformationLength, dwAclInformationClass));
1204}
1205
1206/*
1207 * @implemented
1208 */
1209BOOL
1210WINAPI
1211IsValidAcl(PACL pAcl)
1212{
1213 return RtlValidAcl (pAcl);
1214}
1215
1216/*
1217 * @implemented
1218 */
1219BOOL WINAPI
1220AllocateLocallyUniqueId(PLUID Luid)
1221{
1222 NTSTATUS Status;
1223
1224 Status = NtAllocateLocallyUniqueId (Luid);
1225 if (!NT_SUCCESS (Status))
1226 {
1227 SetLastError(RtlNtStatusToDosError(Status));
1228 return FALSE;
1229 }
1230
1231 return TRUE;
1232}
1233
1234/**********************************************************************
1235 * LookupPrivilegeDisplayNameA EXPORTED
1236 *
1237 * @unimplemented
1238 */
1239BOOL
1240WINAPI
1241LookupPrivilegeDisplayNameA(LPCSTR lpSystemName,
1242 LPCSTR lpName,
1243 LPSTR lpDisplayName,
1244 LPDWORD cchDisplayName,
1245 LPDWORD lpLanguageId)
1246{
1247 UNICODE_STRING lpSystemNameW;
1248 UNICODE_STRING lpNameW;
1249 BOOL ret;
1250 DWORD wLen = 0;
1251
1252 TRACE("%s %s %p %p %p\n", debugstr_a(lpSystemName), debugstr_a(lpName), lpName, cchDisplayName, lpLanguageId);
1253
1254 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1255 RtlCreateUnicodeStringFromAsciiz(&lpNameW, lpName);
1256 ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, NULL, &wLen, lpLanguageId);
1257 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1258 {
1259 LPWSTR lpDisplayNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1260
1261 ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, lpDisplayNameW,
1262 &wLen, lpLanguageId);
1263 if (ret)
1264 {
1265 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpDisplayNameW, -1, lpDisplayName,
1266 *cchDisplayName, NULL, NULL);
1267
1268 if (len == 0)
1269 {
1270 /* WideCharToMultiByte failed */
1271 ret = FALSE;
1272 }
1273 else if (len > *cchDisplayName)
1274 {
1275 *cchDisplayName = len;
1276 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1277 ret = FALSE;
1278 }
1279 else
1280 {
1281 /* WideCharToMultiByte succeeded, output length needs to be
1282 * length not including NULL terminator
1283 */
1284 *cchDisplayName = len - 1;
1285 }
1286 }
1287 HeapFree(GetProcessHeap(), 0, lpDisplayNameW);
1288 }
1289 RtlFreeUnicodeString(&lpSystemNameW);
1290 RtlFreeUnicodeString(&lpNameW);
1291 return ret;
1292}
1293
1294/**********************************************************************
1295 * LookupPrivilegeNameA EXPORTED
1296 *
1297 * @implemented
1298 */
1299BOOL
1300WINAPI
1301LookupPrivilegeNameA(LPCSTR lpSystemName,
1302 PLUID lpLuid,
1303 LPSTR lpName,
1304 LPDWORD cchName)
1305{
1306 UNICODE_STRING lpSystemNameW;
1307 BOOL ret;
1308 DWORD wLen = 0;
1309
1310 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1311
1312 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1313 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1314 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1315 {
1316 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1317
1318 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1319 &wLen);
1320 if (ret)
1321 {
1322 /* Windows crashes if cchName is NULL, so will I */
1323 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1324 *cchName, NULL, NULL);
1325
1326 if (len == 0)
1327 {
1328 /* WideCharToMultiByte failed */
1329 ret = FALSE;
1330 }
1331 else if (len > *cchName)
1332 {
1333 *cchName = len;
1334 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1335 ret = FALSE;
1336 }
1337 else
1338 {
1339 /* WideCharToMultiByte succeeded, output length needs to be
1340 * length not including NULL terminator
1341 */
1342 *cchName = len - 1;
1343 }
1344 }
1345 HeapFree(GetProcessHeap(), 0, lpNameW);
1346 }
1347 RtlFreeUnicodeString(&lpSystemNameW);
1348 return ret;
1349}
1350
1351/******************************************************************************
1352 * GetFileSecurityA [ADVAPI32.@]
1353 *
1354 * Obtains Specified information about the security of a file or directory.
1355 *
1356 * PARAMS
1357 * lpFileName [I] Name of the file to get info for
1358 * RequestedInformation [I] SE_ flags from "winnt.h"
1359 * pSecurityDescriptor [O] Destination for security information
1360 * nLength [I] Length of pSecurityDescriptor
1361 * lpnLengthNeeded [O] Destination for length of returned security information
1362 *
1363 * RETURNS
1364 * Success: TRUE. pSecurityDescriptor contains the requested information.
1365 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1366 *
1367 * NOTES
1368 * The information returned is constrained by the callers access rights and
1369 * privileges.
1370 *
1371 * @implemented
1372 */
1373BOOL
1374WINAPI
1375GetFileSecurityA(LPCSTR lpFileName,
1376 SECURITY_INFORMATION RequestedInformation,
1377 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1378 DWORD nLength,
1379 LPDWORD lpnLengthNeeded)
1380{
1381 UNICODE_STRING FileName;
1382 BOOL bResult;
1383
1384 if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
1385 {
1386 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1387 return FALSE;
1388 }
1389
1390 bResult = GetFileSecurityW(FileName.Buffer,
1391 RequestedInformation,
1392 pSecurityDescriptor,
1393 nLength,
1394 lpnLengthNeeded);
1395
1396 RtlFreeUnicodeString(&FileName);
1397
1398 return bResult;
1399}
1400
1401/*
1402 * @implemented
1403 */
1404BOOL
1405WINAPI
1406GetFileSecurityW(LPCWSTR lpFileName,
1407 SECURITY_INFORMATION RequestedInformation,
1408 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1409 DWORD nLength,
1410 LPDWORD lpnLengthNeeded)
1411{
1412 OBJECT_ATTRIBUTES ObjectAttributes;
1413 IO_STATUS_BLOCK StatusBlock;
1414 UNICODE_STRING FileName;
1415 ULONG AccessMask = 0;
1416 HANDLE FileHandle;
1417 NTSTATUS Status;
1418
1419 TRACE("GetFileSecurityW() called\n");
1420
1421 QuerySecurityAccessMask(RequestedInformation, &AccessMask);
1422
1423 if (!RtlDosPathNameToNtPathName_U(lpFileName,
1424 &FileName,
1425 NULL,
1426 NULL))
1427 {
1428 ERR("Invalid path\n");
1429 SetLastError(ERROR_INVALID_NAME);
1430 return FALSE;
1431 }
1432
1433 InitializeObjectAttributes(&ObjectAttributes,
1434 &FileName,
1435 OBJ_CASE_INSENSITIVE,
1436 NULL,
1437 NULL);
1438
1439 Status = NtOpenFile(&FileHandle,
1440 AccessMask,
1441 &ObjectAttributes,
1442 &StatusBlock,
1443 FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
1444 0);
1445
1446 RtlFreeHeap(RtlGetProcessHeap(),
1447 0,
1448 FileName.Buffer);
1449
1450 if (!NT_SUCCESS(Status))
1451 {
1452 ERR("NtOpenFile() failed (Status %lx)\n", Status);
1453 SetLastError(RtlNtStatusToDosError(Status));
1454 return FALSE;
1455 }
1456
1457 Status = NtQuerySecurityObject(FileHandle,
1458 RequestedInformation,
1459 pSecurityDescriptor,
1460 nLength,
1461 lpnLengthNeeded);
1462 NtClose(FileHandle);
1463 if (!NT_SUCCESS(Status))
1464 {
1465 ERR("NtQuerySecurityObject() failed (Status %lx)\n", Status);
1466 SetLastError(RtlNtStatusToDosError(Status));
1467 return FALSE;
1468 }
1469
1470 return TRUE;
1471}
1472
1473/******************************************************************************
1474 * SetFileSecurityA [ADVAPI32.@]
1475 * Sets the security of a file or directory
1476 *
1477 * @implemented
1478 */
1479BOOL
1480WINAPI
1481SetFileSecurityA(LPCSTR lpFileName,
1482 SECURITY_INFORMATION SecurityInformation,
1483 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1484{
1485 UNICODE_STRING FileName;
1486 BOOL bResult;
1487
1488 if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
1489 {
1490 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1491 return FALSE;
1492 }
1493
1494 bResult = SetFileSecurityW(FileName.Buffer,
1495 SecurityInformation,
1496 pSecurityDescriptor);
1497
1498 RtlFreeUnicodeString(&FileName);
1499
1500 return bResult;
1501}
1502
1503/******************************************************************************
1504 * SetFileSecurityW [ADVAPI32.@]
1505 * Sets the security of a file or directory
1506 *
1507 * @implemented
1508 */
1509BOOL
1510WINAPI
1511SetFileSecurityW(LPCWSTR lpFileName,
1512 SECURITY_INFORMATION SecurityInformation,
1513 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1514{
1515 OBJECT_ATTRIBUTES ObjectAttributes;
1516 IO_STATUS_BLOCK StatusBlock;
1517 UNICODE_STRING FileName;
1518 ULONG AccessMask = 0;
1519 HANDLE FileHandle;
1520 NTSTATUS Status;
1521
1522 TRACE("SetFileSecurityW() called\n");
1523
1524 SetSecurityAccessMask(SecurityInformation, &AccessMask);
1525
1526 if (!RtlDosPathNameToNtPathName_U(lpFileName,
1527 &FileName,
1528 NULL,
1529 NULL))
1530 {
1531 ERR("Invalid path\n");
1532 SetLastError(ERROR_INVALID_NAME);
1533 return FALSE;
1534 }
1535
1536 InitializeObjectAttributes(&ObjectAttributes,
1537 &FileName,
1538 OBJ_CASE_INSENSITIVE,
1539 NULL,
1540 NULL);
1541
1542 Status = NtOpenFile(&FileHandle,
1543 AccessMask,
1544 &ObjectAttributes,
1545 &StatusBlock,
1546 FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
1547 0);
1548
1549 RtlFreeHeap(RtlGetProcessHeap(),
1550 0,
1551 FileName.Buffer);
1552
1553 if (!NT_SUCCESS(Status))
1554 {
1555 ERR("NtOpenFile() failed (Status %lx)\n", Status);
1556 SetLastError(RtlNtStatusToDosError(Status));
1557 return FALSE;
1558 }
1559
1560 Status = NtSetSecurityObject(FileHandle,
1561 SecurityInformation,
1562 pSecurityDescriptor);
1563 NtClose(FileHandle);
1564
1565 if (!NT_SUCCESS(Status))
1566 {
1567 ERR("NtSetSecurityObject() failed (Status %lx)\n", Status);
1568 SetLastError(RtlNtStatusToDosError(Status));
1569 return FALSE;
1570 }
1571
1572 return TRUE;
1573}
1574
1575/******************************************************************************
1576 * QueryWindows31FilesMigration [ADVAPI32.@]
1577 *
1578 * PARAMS
1579 * x1 []
1580 */
1581BOOL WINAPI
1582QueryWindows31FilesMigration( DWORD x1 )
1583{
1584 FIXME("(%d):stub\n",x1);
1585 return TRUE;
1586}
1587
1588/******************************************************************************
1589 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1590 *
1591 * PARAMS
1592 * x1 []
1593 * x2 []
1594 * x3 []
1595 * x4 []
1596 */
1597BOOL WINAPI
1598SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1599 DWORD x4 )
1600{
1601 FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
1602 return TRUE;
1603}
1604
1605/*
1606 * @implemented
1607 */
1608BOOL
1609WINAPI
1610RevertToSelf(VOID)
1611{
1612 NTSTATUS Status;
1613 HANDLE Token = NULL;
1614
1615 Status = NtSetInformationThread(NtCurrentThread(),
1616 ThreadImpersonationToken,
1617 &Token,
1618 sizeof(HANDLE));
1619 if (!NT_SUCCESS(Status))
1620 {
1621 SetLastError(RtlNtStatusToDosError(Status));
1622 return FALSE;
1623 }
1624
1625 return TRUE;
1626}
1627
1628/*
1629 * @implemented
1630 */
1631BOOL
1632WINAPI
1633ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1634{
1635 NTSTATUS Status;
1636
1637 Status = RtlImpersonateSelf(ImpersonationLevel);
1638 if (!NT_SUCCESS(Status))
1639 {
1640 SetLastError(RtlNtStatusToDosError(Status));
1641 return FALSE;
1642 }
1643
1644 return TRUE;
1645}
1646
1647/*
1648 * @implemented
1649 */
1650BOOL
1651WINAPI
1652AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
1653 IN HANDLE ClientToken,
1654 IN DWORD DesiredAccess,
1655 IN PGENERIC_MAPPING GenericMapping,
1656 OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL,
1657 IN OUT LPDWORD PrivilegeSetLength,
1658 OUT LPDWORD GrantedAccess,
1659 OUT LPBOOL AccessStatus)
1660{
1661 NTSTATUS Status;
1662 NTSTATUS NtAccessStatus;
1663
1664 /* Do the access check */
1665 Status = NtAccessCheck(pSecurityDescriptor,
1666 ClientToken,
1667 DesiredAccess,
1668 GenericMapping,
1669 PrivilegeSet,
1670 (PULONG)PrivilegeSetLength,
1671 (PACCESS_MASK)GrantedAccess,
1672 &NtAccessStatus);
1673
1674 /* See if the access check operation succeeded */
1675 if (!NT_SUCCESS(Status))
1676 {
1677 /* Check failed */
1678 SetLastError(RtlNtStatusToDosError(Status));
1679 return FALSE;
1680 }
1681
1682 /* Now check the access status */
1683 if (!NT_SUCCESS(NtAccessStatus))
1684 {
1685 /* Access denied */
1686 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1687 *AccessStatus = FALSE;
1688 }
1689 else
1690 {
1691 /* Access granted */
1692 *AccessStatus = TRUE;
1693 }
1694
1695 /* Check succeeded */
1696 return TRUE;
1697}
1698
1767BOOL
1768WINAPI
1769AccessCheckByType(
1770 _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor,
1771 _In_opt_ PSID PrincipalSelfSid,
1772 _In_ HANDLE ClientToken,
1773 _In_ DWORD DesiredAccess,
1774 _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
1775 _In_ DWORD ObjectTypeListLength,
1776 _In_ PGENERIC_MAPPING GenericMapping,
1777 _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
1778 _Inout_ LPDWORD PrivilegeSetLength,
1779 _Out_ LPDWORD GrantedAccess,
1780 _Out_ LPBOOL AccessStatus)
1781{
1782 NTSTATUS Status;
1783 NTSTATUS NtAccessStatus;
1784
1785 Status = NtAccessCheckByType(pSecurityDescriptor,
1786 PrincipalSelfSid,
1787 ClientToken,
1788 DesiredAccess,
1789 ObjectTypeList,
1790 ObjectTypeListLength,
1791 GenericMapping,
1792 PrivilegeSet,
1793 PrivilegeSetLength,
1794 (PACCESS_MASK)GrantedAccess,
1795 &NtAccessStatus);
1796 if (!NT_SUCCESS(Status))
1797 {
1798 SetLastError(RtlNtStatusToDosError(Status));
1799 return FALSE;
1800 }
1801
1802 if (!NT_SUCCESS(NtAccessStatus))
1803 {
1804 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1805 *AccessStatus = FALSE;
1806 }
1807 else
1808 {
1809 *AccessStatus = TRUE;
1810 }
1811
1812 return TRUE;
1813}
1814
1881BOOL
1882WINAPI
1883AccessCheckByTypeResultList(
1884 _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor,
1885 _In_opt_ PSID PrincipalSelfSid,
1886 _In_ HANDLE ClientToken,
1887 _In_ DWORD DesiredAccess,
1888 _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
1889 _In_ DWORD ObjectTypeListLength,
1890 _In_ PGENERIC_MAPPING GenericMapping,
1891 _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
1892 _Inout_ LPDWORD PrivilegeSetLength,
1893 _Out_writes_(ObjectTypeListLength) LPDWORD GrantedAccess,
1894 _Out_writes_(ObjectTypeListLength) LPBOOL AccessStatus)
1895{
1896 NTSTATUS Status;
1897 DWORD ResultListIndex;
1898 PNTSTATUS NtAccessStatus = NULL;
1899
1900 Status = NtAccessCheckByTypeResultList(pSecurityDescriptor,
1901 PrincipalSelfSid,
1902 ClientToken,
1903 DesiredAccess,
1904 ObjectTypeList,
1905 ObjectTypeListLength,
1906 GenericMapping,
1907 PrivilegeSet,
1908 PrivilegeSetLength,
1909 (PACCESS_MASK)GrantedAccess,
1910 NtAccessStatus);
1911 if (!NT_SUCCESS(Status))
1912 {
1913 SetLastError(RtlNtStatusToDosError(Status));
1914 return FALSE;
1915 }
1916
1917 for (ResultListIndex = 0; ResultListIndex < ObjectTypeListLength; ResultListIndex++)
1918 {
1919 AccessStatus[ResultListIndex] = RtlNtStatusToDosError(NtAccessStatus[ResultListIndex]);
1920 }
1921
1922 return TRUE;
1923}
1924
1925/*
1926 * @implemented
1927 */
1928BOOL
1929WINAPI
1930SetKernelObjectSecurity(HANDLE Handle,
1931 SECURITY_INFORMATION SecurityInformation,
1932 PSECURITY_DESCRIPTOR SecurityDescriptor)
1933{
1934 NTSTATUS Status;
1935
1936 Status = NtSetSecurityObject(Handle,
1937 SecurityInformation,
1938 SecurityDescriptor);
1939 if (!NT_SUCCESS(Status))
1940 {
1941 SetLastError(RtlNtStatusToDosError(Status));
1942 return FALSE;
1943 }
1944
1945 return TRUE;
1946}
1947
1948/*
1949 * @implemented
1950 */
1951BOOL
1952WINAPI
1953AddAuditAccessAce(PACL pAcl,
1954 DWORD dwAceRevision,
1955 DWORD dwAccessMask,
1956 PSID pSid,
1957 BOOL bAuditSuccess,
1958 BOOL bAuditFailure)
1959{
1960 NTSTATUS Status;
1961
1962 Status = RtlAddAuditAccessAce(pAcl,
1963 dwAceRevision,
1964 dwAccessMask,
1965 pSid,
1966 bAuditSuccess,
1967 bAuditFailure);
1968 if (!NT_SUCCESS(Status))
1969 {
1970 SetLastError(RtlNtStatusToDosError(Status));
1971 return FALSE;
1972 }
1973
1974 return TRUE;
1975}
1976
1977/*
1978 * @implemented
1979 */
1980BOOL WINAPI
1981AddAuditAccessAceEx(PACL pAcl,
1982 DWORD dwAceRevision,
1983 DWORD AceFlags,
1984 DWORD dwAccessMask,
1985 PSID pSid,
1986 BOOL bAuditSuccess,
1987 BOOL bAuditFailure)
1988{
1989 NTSTATUS Status;
1990
1991 Status = RtlAddAuditAccessAceEx(pAcl,
1992 dwAceRevision,
1993 AceFlags,
1994 dwAccessMask,
1995 pSid,
1996 bAuditSuccess,
1997 bAuditFailure);
1998 if (!NT_SUCCESS(Status))
1999 {
2000 SetLastError(RtlNtStatusToDosError(Status));
2001 return FALSE;
2002 }
2003
2004 return TRUE;
2005}
2006
2007/******************************************************************************
2008 * LookupAccountNameA [ADVAPI32.@]
2009 *
2010 * @implemented
2011 */
2012BOOL
2013WINAPI
2014LookupAccountNameA(LPCSTR SystemName,
2015 LPCSTR AccountName,
2016 PSID Sid,
2017 LPDWORD SidLength,
2018 LPSTR ReferencedDomainName,
2019 LPDWORD hReferencedDomainNameLength,
2020 PSID_NAME_USE SidNameUse)
2021{
2022 BOOL ret;
2023 UNICODE_STRING lpSystemW;
2024 UNICODE_STRING lpAccountW;
2025 LPWSTR lpReferencedDomainNameW = NULL;
2026
2027 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, SystemName);
2028 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, AccountName);
2029
2030 if (ReferencedDomainName)
2031 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(),
2032 0,
2033 *hReferencedDomainNameLength * sizeof(WCHAR));
2034
2035 ret = LookupAccountNameW(lpSystemW.Buffer,
2036 lpAccountW.Buffer,
2037 Sid,
2038 SidLength,
2039 lpReferencedDomainNameW,
2040 hReferencedDomainNameLength,
2041 SidNameUse);
2042
2043 if (ret && lpReferencedDomainNameW)
2044 {
2045 WideCharToMultiByte(CP_ACP,
2046 0,
2047 lpReferencedDomainNameW,
2048 *hReferencedDomainNameLength + 1,
2049 ReferencedDomainName,
2050 *hReferencedDomainNameLength + 1,
2051 NULL,
2052 NULL);
2053 }
2054
2055 RtlFreeUnicodeString(&lpSystemW);
2056 RtlFreeUnicodeString(&lpAccountW);
2057 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
2058
2059 return ret;
2060}
2061
2062/**********************************************************************
2063 * PrivilegeCheck EXPORTED
2064 *
2065 * @implemented
2066 */
2067BOOL WINAPI
2068PrivilegeCheck(HANDLE ClientToken,
2069 PPRIVILEGE_SET RequiredPrivileges,
2070 LPBOOL pfResult)
2071{
2072 BOOLEAN Result;
2073 NTSTATUS Status;
2074
2075 Status = NtPrivilegeCheck(ClientToken,
2076 RequiredPrivileges,
2077 &Result);
2078 if (!NT_SUCCESS(Status))
2079 {
2080 SetLastError(RtlNtStatusToDosError(Status));
2081 return FALSE;
2082 }
2083
2084 *pfResult = (BOOL)Result;
2085
2086 return TRUE;
2087}
2088
2089/******************************************************************************
2090 * GetSecurityInfoExW EXPORTED
2091 */
2092DWORD
2093WINAPI
2094GetSecurityInfoExA(HANDLE hObject,
2095 SE_OBJECT_TYPE ObjectType,
2096 SECURITY_INFORMATION SecurityInfo,
2097 LPCSTR lpProvider,
2098 LPCSTR lpProperty,
2099 PACTRL_ACCESSA *ppAccessList,
2100 PACTRL_AUDITA *ppAuditList,
2101 LPSTR *lppOwner,
2102 LPSTR *lppGroup)
2103{
2104 FIXME("%s() not implemented!\n", __FUNCTION__);
2105 return ERROR_BAD_PROVIDER;
2106}
2107
2108
2109/******************************************************************************
2110 * GetSecurityInfoExW EXPORTED
2111 */
2112DWORD
2113WINAPI
2114GetSecurityInfoExW(HANDLE hObject,
2115 SE_OBJECT_TYPE ObjectType,
2116 SECURITY_INFORMATION SecurityInfo,
2117 LPCWSTR lpProvider,
2118 LPCWSTR lpProperty,
2119 PACTRL_ACCESSW *ppAccessList,
2120 PACTRL_AUDITW *ppAuditList,
2121 LPWSTR *lppOwner,
2122 LPWSTR *lppGroup)
2123{
2124 FIXME("%s() not implemented!\n", __FUNCTION__);
2125 return ERROR_BAD_PROVIDER;
2126}
2127
2128/******************************************************************************
2129 * BuildExplicitAccessWithNameA [ADVAPI32.@]
2130 */
2131VOID WINAPI
2132BuildExplicitAccessWithNameA(PEXPLICIT_ACCESSA pExplicitAccess,
2133 LPSTR pTrusteeName,
2134 DWORD AccessPermissions,
2135 ACCESS_MODE AccessMode,
2136 DWORD Inheritance)
2137{
2138 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2139 pExplicitAccess->grfAccessMode = AccessMode;
2140 pExplicitAccess->grfInheritance = Inheritance;
2141
2142 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2143 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2144 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2145 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2146 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2147}
2148
2149
2150/******************************************************************************
2151 * BuildExplicitAccessWithNameW [ADVAPI32.@]
2152 */
2153VOID WINAPI
2154BuildExplicitAccessWithNameW(PEXPLICIT_ACCESSW pExplicitAccess,
2155 LPWSTR pTrusteeName,
2156 DWORD AccessPermissions,
2157 ACCESS_MODE AccessMode,
2158 DWORD Inheritance)
2159{
2160 pExplicitAccess->grfAccessPermissions = AccessPermissions;
2161 pExplicitAccess->grfAccessMode = AccessMode;
2162 pExplicitAccess->grfInheritance = Inheritance;
2163
2164 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2165 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2166 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2167 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2168 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2169}
2170
2171/******************************************************************************
2172 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
2173 */
2174VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
2175 SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
2176 LPSTR InheritedObjectTypeName, LPSTR Name )
2177{
2178 DWORD ObjectsPresent = 0;
2179
2180 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2181 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
2182
2183 /* Fill the OBJECTS_AND_NAME structure */
2184 pObjName->ObjectType = ObjectType;
2185 if (ObjectTypeName != NULL)
2186 {
2187 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2188 }
2189
2190 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2191 if (InheritedObjectTypeName != NULL)
2192 {
2193 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2194 }
2195
2196 pObjName->ObjectsPresent = ObjectsPresent;
2197 pObjName->ptstrName = Name;
2198
2199 /* Fill the TRUSTEE structure */
2200 pTrustee->pMultipleTrustee = NULL;
2201 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2202 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2203 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2204 pTrustee->ptstrName = (LPSTR)pObjName;
2205}
2206
2207/******************************************************************************
2208 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
2209 */
2210VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
2211 SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
2212 LPWSTR InheritedObjectTypeName, LPWSTR Name )
2213{
2214 DWORD ObjectsPresent = 0;
2215
2216 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2217 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
2218
2219 /* Fill the OBJECTS_AND_NAME structure */
2220 pObjName->ObjectType = ObjectType;
2221 if (ObjectTypeName != NULL)
2222 {
2223 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2224 }
2225
2226 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
2227 if (InheritedObjectTypeName != NULL)
2228 {
2229 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2230 }
2231
2232 pObjName->ObjectsPresent = ObjectsPresent;
2233 pObjName->ptstrName = Name;
2234
2235 /* Fill the TRUSTEE structure */
2236 pTrustee->pMultipleTrustee = NULL;
2237 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2238 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2239 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2240 pTrustee->ptstrName = (LPWSTR)pObjName;
2241}
2242
2243/******************************************************************************
2244 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
2245 */
2246VOID WINAPI
2247BuildTrusteeWithObjectsAndSidA(PTRUSTEEA pTrustee,
2248 POBJECTS_AND_SID pObjSid,
2249 GUID *pObjectGuid,
2250 GUID *pInheritedObjectGuid,
2251 PSID pSid)
2252{
2253 DWORD ObjectsPresent = 0;
2254
2255 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2256
2257 /* Fill the OBJECTS_AND_SID structure */
2258 if (pObjectGuid != NULL)
2259 {
2260 pObjSid->ObjectTypeGuid = *pObjectGuid;
2261 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2262 }
2263 else
2264 {
2265 ZeroMemory(&pObjSid->ObjectTypeGuid,
2266 sizeof(GUID));
2267 }
2268
2269 if (pInheritedObjectGuid != NULL)
2270 {
2271 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2272 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2273 }
2274 else
2275 {
2276 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2277 sizeof(GUID));
2278 }
2279
2280 pObjSid->ObjectsPresent = ObjectsPresent;
2281 pObjSid->pSid = pSid;
2282
2283 /* Fill the TRUSTEE structure */
2284 pTrustee->pMultipleTrustee = NULL;
2285 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2286 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2287 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2288 pTrustee->ptstrName = (LPSTR) pObjSid;
2289}
2290
2291
2292/******************************************************************************
2293 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
2294 */
2295VOID WINAPI
2296BuildTrusteeWithObjectsAndSidW(PTRUSTEEW pTrustee,
2297 POBJECTS_AND_SID pObjSid,
2298 GUID *pObjectGuid,
2299 GUID *pInheritedObjectGuid,
2300 PSID pSid)
2301{
2302 DWORD ObjectsPresent = 0;
2303
2304 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2305
2306 /* Fill the OBJECTS_AND_SID structure */
2307 if (pObjectGuid != NULL)
2308 {
2309 pObjSid->ObjectTypeGuid = *pObjectGuid;
2310 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2311 }
2312 else
2313 {
2314 ZeroMemory(&pObjSid->ObjectTypeGuid,
2315 sizeof(GUID));
2316 }
2317
2318 if (pInheritedObjectGuid != NULL)
2319 {
2320 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
2321 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2322 }
2323 else
2324 {
2325 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
2326 sizeof(GUID));
2327 }
2328
2329 pObjSid->ObjectsPresent = ObjectsPresent;
2330 pObjSid->pSid = pSid;
2331
2332 /* Fill the TRUSTEE structure */
2333 pTrustee->pMultipleTrustee = NULL;
2334 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2335 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2336 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2337 pTrustee->ptstrName = (LPWSTR) pObjSid;
2338}
2339
2340/******************************************************************************
2341 * BuildTrusteeWithSidA [ADVAPI32.@]
2342 */
2343VOID WINAPI
2344BuildTrusteeWithSidA(PTRUSTEE_A pTrustee,
2345 PSID pSid)
2346{
2347 TRACE("%p %p\n", pTrustee, pSid);
2348
2349 pTrustee->pMultipleTrustee = NULL;
2350 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2351 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2352 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2353 pTrustee->ptstrName = (LPSTR) pSid;
2354}
2355
2356
2357/******************************************************************************
2358 * BuildTrusteeWithSidW [ADVAPI32.@]
2359 */
2360VOID WINAPI
2361BuildTrusteeWithSidW(PTRUSTEE_W pTrustee,
2362 PSID pSid)
2363{
2364 TRACE("%p %p\n", pTrustee, pSid);
2365
2366 pTrustee->pMultipleTrustee = NULL;
2367 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2368 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2369 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2370 pTrustee->ptstrName = (LPWSTR) pSid;
2371}
2372
2373/******************************************************************************
2374 * BuildTrusteeWithNameA [ADVAPI32.@]
2375 */
2376VOID WINAPI
2377BuildTrusteeWithNameA(PTRUSTEE_A pTrustee,
2378 LPSTR name)
2379{
2380 TRACE("%p %s\n", pTrustee, name);
2381
2382 pTrustee->pMultipleTrustee = NULL;
2383 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2384 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2385 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2386 pTrustee->ptstrName = name;
2387}
2388
2389/******************************************************************************
2390 * BuildTrusteeWithNameW [ADVAPI32.@]
2391 */
2392VOID WINAPI
2393BuildTrusteeWithNameW(PTRUSTEE_W pTrustee,
2394 LPWSTR name)
2395{
2396 TRACE("%p %s\n", pTrustee, name);
2397
2398 pTrustee->pMultipleTrustee = NULL;
2399 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2400 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2401 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2402 pTrustee->ptstrName = name;
2403}
2404
2405/******************************************************************************
2406 * GetTrusteeFormA [ADVAPI32.@]
2407 */
2408TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
2409{
2410 TRACE("(%p)\n", pTrustee);
2411
2412 if (!pTrustee)
2413 return TRUSTEE_BAD_FORM;
2414
2415 return pTrustee->TrusteeForm;
2416}
2417
2418/******************************************************************************
2419 * GetTrusteeFormW [ADVAPI32.@]
2420 */
2421TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
2422{
2423 TRACE("(%p)\n", pTrustee);
2424
2425 if (!pTrustee)
2426 return TRUSTEE_BAD_FORM;
2427
2428 return pTrustee->TrusteeForm;
2429}
2430
2431/******************************************************************************
2432 * GetTrusteeNameA [ADVAPI32.@]
2433 */
2434LPSTR WINAPI
2435GetTrusteeNameA(PTRUSTEE_A pTrustee)
2436{
2437 return pTrustee->ptstrName;
2438}
2439
2440
2441/******************************************************************************
2442 * GetTrusteeNameW [ADVAPI32.@]
2443 */
2444LPWSTR WINAPI
2445GetTrusteeNameW(PTRUSTEE_W pTrustee)
2446{
2447 return pTrustee->ptstrName;
2448}
2449
2450/******************************************************************************
2451 * GetTrusteeTypeA [ADVAPI32.@]
2452 */
2453TRUSTEE_TYPE WINAPI
2454GetTrusteeTypeA(PTRUSTEE_A pTrustee)
2455{
2456 return pTrustee->TrusteeType;
2457}
2458
2459/******************************************************************************
2460 * GetTrusteeTypeW [ADVAPI32.@]
2461 */
2462TRUSTEE_TYPE WINAPI
2463GetTrusteeTypeW(PTRUSTEE_W pTrustee)
2464{
2465 return pTrustee->TrusteeType;
2466}
2467
2468/*
2469 * @implemented
2470 */
2471BOOL
2472WINAPI
2473SetAclInformation(PACL pAcl,
2474 LPVOID pAclInformation,
2475 DWORD nAclInformationLength,
2476 ACL_INFORMATION_CLASS dwAclInformationClass)
2477{
2478 NTSTATUS Status;
2479
2480 Status = RtlSetInformationAcl(pAcl,
2481 pAclInformation,
2482 nAclInformationLength,
2483 dwAclInformationClass);
2484 if (!NT_SUCCESS(Status))
2485 {
2486 SetLastError(RtlNtStatusToDosError(Status));
2487 return FALSE;
2488 }
2489
2490 return TRUE;
2491}
2492
2493/**********************************************************************
2494 * SetNamedSecurityInfoA EXPORTED
2495 *
2496 * @implemented
2497 */
2498DWORD
2499WINAPI
2500SetNamedSecurityInfoA(LPSTR pObjectName,
2501 SE_OBJECT_TYPE ObjectType,
2502 SECURITY_INFORMATION SecurityInfo,
2503 PSID psidOwner,
2504 PSID psidGroup,
2505 PACL pDacl,
2506 PACL pSacl)
2507{
2508 UNICODE_STRING ObjectName;
2509 DWORD Ret;
2510
2511 if (!RtlCreateUnicodeStringFromAsciiz(&ObjectName, pObjectName))
2512 {
2513 return ERROR_NOT_ENOUGH_MEMORY;
2514 }
2515
2516 Ret = SetNamedSecurityInfoW(ObjectName.Buffer,
2517 ObjectType,
2518 SecurityInfo,
2519 psidOwner,
2520 psidGroup,
2521 pDacl,
2522 pSacl);
2523
2524 RtlFreeUnicodeString(&ObjectName);
2525
2526 return Ret;
2527}
2528
2529/*
2530 * @implemented
2531 */
2532BOOL
2533WINAPI
2534AreAllAccessesGranted(DWORD GrantedAccess,
2535 DWORD DesiredAccess)
2536{
2537 return (BOOL)RtlAreAllAccessesGranted(GrantedAccess,
2538 DesiredAccess);
2539}
2540
2541/*
2542 * @implemented
2543 */
2544BOOL
2545WINAPI
2546AreAnyAccessesGranted(DWORD GrantedAccess,
2547 DWORD DesiredAccess)
2548{
2549 return (BOOL)RtlAreAnyAccessesGranted(GrantedAccess,
2550 DesiredAccess);
2551}
2552
2553/******************************************************************************
2554 * ParseAclStringFlags
2555 */
2556static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
2557{
2558 DWORD flags = 0;
2559 LPCWSTR szAcl = *StringAcl;
2560
2561 while (*szAcl && *szAcl != '(')
2562 {
2563 if (*szAcl == 'P')
2564 {
2565 flags |= SE_DACL_PROTECTED;
2566 }
2567 else if (*szAcl == 'A')
2568 {
2569 szAcl++;
2570 if (*szAcl == 'R')
2571 flags |= SE_DACL_AUTO_INHERIT_REQ;
2572 else if (*szAcl == 'I')
2573 flags |= SE_DACL_AUTO_INHERITED;
2574 }
2575 szAcl++;
2576 }
2577
2578 *StringAcl = szAcl;
2579 return flags;
2580}
2581
2582/******************************************************************************
2583 * ParseAceStringType
2584 */
2585static const ACEFLAG AceType[] =
2586{
2587 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
2588 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
2589 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
2590 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
2591 { SDDL_MANDATORY_LABEL,SYSTEM_MANDATORY_LABEL_ACE_TYPE },
2592 /*
2593 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
2594 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
2595 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
2596 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
2597 */
2598 { NULL, 0 },
2599};
2600
2601static BYTE ParseAceStringType(LPCWSTR* StringAcl)
2602{
2603 UINT len = 0;
2604 LPCWSTR szAcl = *StringAcl;
2605 const ACEFLAG *lpaf = AceType;
2606
2607 while (*szAcl == ' ')
2608 szAcl++;
2609
2610 while (lpaf->wstr &&
2611 (len = strlenW(lpaf->wstr)) &&
2612 strncmpW(lpaf->wstr, szAcl, len))
2613 lpaf++;
2614
2615 if (!lpaf->wstr)
2616 return 0;
2617
2618 *StringAcl = szAcl + len;
2619 return lpaf->value;
2620}
2621
2622
2623/******************************************************************************
2624 * ParseAceStringFlags
2625 */
2626static const ACEFLAG AceFlags[] =
2627{
2628 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
2629 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
2630 { SDDL_INHERITED, INHERITED_ACE },
2631 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
2632 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
2633 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
2634 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
2635 { NULL, 0 },
2636};
2637
2638static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
2639{
2640 UINT len = 0;
2641 BYTE flags = 0;
2642 LPCWSTR szAcl = *StringAcl;
2643
2644 while (*szAcl == ' ')
2645 szAcl++;
2646
2647 while (*szAcl != ';')
2648 {
2649 const ACEFLAG *lpaf = AceFlags;
2650
2651 while (lpaf->wstr &&
2652 (len = strlenW(lpaf->wstr)) &&
2653 strncmpW(lpaf->wstr, szAcl, len))
2654 lpaf++;
2655
2656 if (!lpaf->wstr)
2657 return 0;
2658
2659 flags |= lpaf->value;
2660 szAcl += len;
2661 }
2662
2663 *StringAcl = szAcl;
2664 return flags;
2665}
2666
2667
2668/******************************************************************************
2669 * ParseAceStringRights
2670 */
2671static const ACEFLAG AceRights[] =
2672{
2673 { SDDL_GENERIC_ALL, GENERIC_ALL },
2674 { SDDL_GENERIC_READ, GENERIC_READ },
2675 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
2676 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
2677
2678 { SDDL_READ_CONTROL, READ_CONTROL },
2679 { SDDL_STANDARD_DELETE, DELETE },
2680 { SDDL_WRITE_DAC, WRITE_DAC },
2681 { SDDL_WRITE_OWNER, WRITE_OWNER },
2682
2683 { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP},
2684 { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP},
2685 { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD},
2686 { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD},
2687 { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST},
2688 { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF},
2689 { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT},
2690 { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE},
2691 { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS},
2692
2693 { SDDL_FILE_ALL, FILE_ALL_ACCESS },
2694 { SDDL_FILE_READ, FILE_GENERIC_READ },
2695 { SDDL_FILE_WRITE, FILE_GENERIC_WRITE },
2696 { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE },
2697
2698 { SDDL_KEY_ALL, KEY_ALL_ACCESS },
2699 { SDDL_KEY_READ, KEY_READ },
2700 { SDDL_KEY_WRITE, KEY_WRITE },
2701 { SDDL_KEY_EXECUTE, KEY_EXECUTE },
2702
2703 { SDDL_NO_READ_UP, SYSTEM_MANDATORY_LABEL_NO_READ_UP },
2704 { SDDL_NO_WRITE_UP, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP },
2705 { SDDL_NO_EXECUTE_UP, SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP },
2706 { NULL, 0 },
2707};
2708
2709static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
2710{
2711 UINT len = 0;
2712 DWORD rights = 0;
2713 LPCWSTR szAcl = *StringAcl;
2714
2715 while (*szAcl == ' ')
2716 szAcl++;
2717
2718 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2719 {
2720 LPCWSTR p = szAcl;
2721
2722 while (*p && *p != ';')
2723 p++;
2724
2725 if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
2726 {
2727 rights = strtoulW(szAcl, NULL, 16);
2728 szAcl = p;
2729 }
2730 else
2731 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2732 }
2733 else
2734 {
2735 while (*szAcl != ';')
2736 {
2737 const ACEFLAG *lpaf = AceRights;
2738
2739 while (lpaf->wstr &&
2740 (len = strlenW(lpaf->wstr)) &&
2741 strncmpW(lpaf->wstr, szAcl, len))
2742 {
2743 lpaf++;
2744 }
2745
2746 if (!lpaf->wstr)
2747 return 0;
2748
2749 rights |= lpaf->value;
2750 szAcl += len;
2751 }
2752 }
2753
2754 *StringAcl = szAcl;
2755 return rights;
2756}
2757
2758
2759/******************************************************************************
2760 * ParseStringAclToAcl
2761 *
2762 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
2763 */
2764static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
2765 PACL pAcl, LPDWORD cBytes)
2766{
2767 DWORD val;
2768 DWORD sidlen;
2769 DWORD length = sizeof(ACL);
2770 DWORD acesize = 0;
2771 DWORD acecount = 0;
2772 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
2773 DWORD error = ERROR_INVALID_ACL;
2774
2775 TRACE("%s\n", debugstr_w(StringAcl));
2776
2777 if (!StringAcl)
2778 return FALSE;
2779
2780 if (pAcl) /* pAce is only useful if we're setting values */
2781 pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);
2782
2783 /* Parse ACL flags */
2784 *lpdwFlags = ParseAclStringFlags(&StringAcl);
2785
2786 /* Parse ACE */
2787 while (*StringAcl == '(')
2788 {
2789 StringAcl++;
2790
2791 /* Parse ACE type */
2792 val = ParseAceStringType(&StringAcl);
2793 if (pAce)
2794 pAce->Header.AceType = (BYTE) val;
2795 if (*StringAcl != ';')
2796 {
2797 error = RPC_S_INVALID_STRING_UUID;
2798 goto lerr;
2799 }
2800 StringAcl++;
2801
2802 /* Parse ACE flags */
2803 val = ParseAceStringFlags(&StringAcl);
2804 if (pAce)
2805 pAce->Header.AceFlags = (BYTE) val;
2806 if (*StringAcl != ';')
2807 goto lerr;
2808 StringAcl++;
2809
2810 /* Parse ACE rights */
2811 val = ParseAceStringRights(&StringAcl);
2812 if (pAce)
2813 pAce->Mask = val;
2814 if (*StringAcl != ';')
2815 goto lerr;
2816 StringAcl++;
2817
2818 /* Parse ACE object guid */
2819 while (*StringAcl == ' ')
2820 StringAcl++;
2821 if (*StringAcl != ';')
2822 {
2823 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2824 goto lerr;
2825 }
2826 StringAcl++;
2827
2828 /* Parse ACE inherit object guid */
2829 while (*StringAcl == ' ')
2830 StringAcl++;
2831 if (*StringAcl != ';')
2832 {
2833 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2834 goto lerr;
2835 }
2836 StringAcl++;
2837
2838 /* Parse ACE account sid */
2839 if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen))
2840 {
2841 while (*StringAcl && *StringAcl != ')')
2842 StringAcl++;
2843 }
2844
2845 if (*StringAcl != ')')
2846 goto lerr;
2847 StringAcl++;
2848
2849 acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
2850 length += acesize;
2851 if (pAce)
2852 {
2853 pAce->Header.AceSize = acesize;
2854 pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize);
2855 }
2856 acecount++;
2857 }
2858
2859 *cBytes = length;
2860
2861 if (length > 0xffff)
2862 {
2863 ERR("ACL too large\n");
2864 goto lerr;
2865 }
2866
2867 if (pAcl)
2868 {
2869 pAcl->AclRevision = ACL_REVISION;
2870 pAcl->Sbz1 = 0;
2871 pAcl->AclSize = length;
2872 pAcl->AceCount = acecount;
2873 pAcl->Sbz2 = 0;
2874 }
2875 return TRUE;
2876
2877lerr:
2878 SetLastError(error);
2879 WARN("Invalid ACE string format\n");
2880 return FALSE;
2881}
2882
2883/******************************************************************************
2884 * ParseStringSecurityDescriptorToSecurityDescriptor
2885 */
2886static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
2887 LPCWSTR StringSecurityDescriptor,
2888 SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
2889 LPDWORD cBytes)
2890{
2891 BOOL bret = FALSE;
2892 WCHAR toktype;
2893 WCHAR *tok;
2894 LPCWSTR lptoken;
2895 LPBYTE lpNext = NULL;
2896 DWORD len;
2897
2898 *cBytes = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
2899
2900 tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
2901
2902 if (SecurityDescriptor)
2903 lpNext = (LPBYTE)(SecurityDescriptor + 1);
2904
2905 while (*StringSecurityDescriptor == ' ')
2906 StringSecurityDescriptor++;
2907
2908 while (*StringSecurityDescriptor)
2909 {
2910 toktype = *StringSecurityDescriptor;
2911
2912 /* Expect char identifier followed by ':' */
2913 StringSecurityDescriptor++;
2914 if (*StringSecurityDescriptor != ':')
2915 {
2916 SetLastError(ERROR_INVALID_PARAMETER);
2917 goto lend;
2918 }
2919 StringSecurityDescriptor++;
2920
2921 /* Extract token */
2922 lptoken = StringSecurityDescriptor;
2923 while (*lptoken && *lptoken != ':')
2924 lptoken++;
2925
2926 if (*lptoken)
2927 lptoken--;
2928
2929 len = lptoken - StringSecurityDescriptor;
2930 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
2931 tok[len] = 0;
2932
2933 switch (toktype)
2934 {
2935 case 'O':
2936 {
2937 DWORD bytes;
2938
2939 if (!ParseStringSidToSid(tok, lpNext, &bytes))
2940 goto lend;
2941
2942 if (SecurityDescriptor)
2943 {
2944 SecurityDescriptor->Owner = lpNext - (LPBYTE)SecurityDescriptor;
2945 lpNext += bytes; /* Advance to next token */
2946 }
2947
2948 *cBytes += bytes;
2949
2950 break;
2951 }
2952
2953 case 'G':
2954 {
2955 DWORD bytes;
2956
2957 if (!ParseStringSidToSid(tok, lpNext, &bytes))
2958 goto lend;
2959
2960 if (SecurityDescriptor)
2961 {
2962 SecurityDescriptor->Group = lpNext - (LPBYTE)SecurityDescriptor;
2963 lpNext += bytes; /* Advance to next token */
2964 }
2965
2966 *cBytes += bytes;
2967
2968 break;
2969 }
2970
2971 case 'D':
2972 {
2973 DWORD flags;
2974 DWORD bytes;
2975
2976 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2977 goto lend;
2978
2979 if (SecurityDescriptor)
2980 {
2981 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
2982 SecurityDescriptor->Dacl = lpNext - (LPBYTE)SecurityDescriptor;
2983 lpNext += bytes; /* Advance to next token */
2984 }
2985
2986 *cBytes += bytes;
2987
2988 break;
2989 }
2990
2991 case 'S':
2992 {
2993 DWORD flags;
2994 DWORD bytes;
2995
2996 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2997 goto lend;
2998
2999 if (SecurityDescriptor)
3000 {
3001 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
3002 SecurityDescriptor->Sacl = lpNext - (LPBYTE)SecurityDescriptor;
3003 lpNext += bytes; /* Advance to next token */
3004 }
3005
3006 *cBytes += bytes;
3007
3008 break;
3009 }
3010
3011 default:
3012 FIXME("Unknown token\n");
3013 SetLastError(ERROR_INVALID_PARAMETER);
3014 goto lend;
3015 }
3016
3017 StringSecurityDescriptor = lptoken;
3018 }
3019
3020 bret = TRUE;
3021
3022lend:
3023 heap_free(tok);
3024 return bret;
3025}
3026
3027/* Winehq cvs 20050916 */
3028/******************************************************************************
3029 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
3030 * @implemented
3031 */
3032BOOL
3033WINAPI
3034ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor,
3035 DWORD StringSDRevision,
3036 PSECURITY_DESCRIPTOR* SecurityDescriptor,
3037 PULONG SecurityDescriptorSize)
3038{
3039 UINT len;
3040 BOOL ret = FALSE;
3041 LPWSTR StringSecurityDescriptorW;
3042
3043 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
3044 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
3045
3046 if (StringSecurityDescriptorW)
3047 {
3048 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
3049
3050 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
3051 StringSDRevision, SecurityDescriptor,
3052 SecurityDescriptorSize);
3053 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
3054 }
3055
3056 return ret;
3057}
3058
3059/******************************************************************************
3060 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
3061 * @implemented
3062 */
3063BOOL WINAPI
3064ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor,
3065 DWORD StringSDRevision,
3066 PSECURITY_DESCRIPTOR* SecurityDescriptor,
3067 PULONG SecurityDescriptorSize)
3068{
3069 DWORD cBytes;
3070 SECURITY_DESCRIPTOR* psd;
3071 BOOL bret = FALSE;
3072
3073 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
3074
3075 if (GetVersion() & 0x80000000)
3076 {
3077 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3078 goto lend;
3079 }
3080 else if (!StringSecurityDescriptor || !SecurityDescriptor)
3081 {
3082 SetLastError(ERROR_INVALID_PARAMETER);
3083 goto lend;
3084 }
3085 else if (StringSDRevision != SID_REVISION)
3086 {
3087 SetLastError(ERROR_UNKNOWN_REVISION);
3088 goto lend;
3089 }
3090
3091 /* Compute security descriptor length */
3092 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3093 NULL, &cBytes))
3094 goto lend;
3095
3096 psd = *SecurityDescriptor = LocalAlloc(GMEM_ZEROINIT, cBytes);
3097 if (!psd) goto lend;
3098
3099 psd->Revision = SID_REVISION;
3100 psd->Control |= SE_SELF_RELATIVE;
3101
3102 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
3103 (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
3104 {
3105 LocalFree(psd);
3106 goto lend;
3107 }
3108
3109 if (SecurityDescriptorSize)
3110 *SecurityDescriptorSize = cBytes;
3111
3112 bret = TRUE;
3113
3114lend:
3115 TRACE(" ret=%d\n", bret);
3116 return bret;
3117}
3118
3119static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
3120{
3121 if (cch == -1)
3122 cch = strlenW(string);
3123
3124 if (plen)
3125 *plen += cch;
3126
3127 if (pwptr)
3128 {
3129 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
3130 *pwptr += cch;
3131 }
3132}
3133
3134static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
3135{
3136 DWORD i;
3137 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
3138 WCHAR subauthfmt[] = { '-','%','u',0 };
3139 WCHAR buf[26];
3140 SID *pisid = psid;
3141
3142 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
3143 {
3144 SetLastError(ERROR_INVALID_SID);
3145 return FALSE;
3146 }
3147
3148 if (pisid->IdentifierAuthority.Value[0] ||
3149 pisid->IdentifierAuthority.Value[1])
3150 {
3151 FIXME("not matching MS' bugs\n");
3152 SetLastError(ERROR_INVALID_SID);
3153 return FALSE;
3154 }
3155
3156 sprintfW( buf, fmt, pisid->Revision,
3157 MAKELONG(
3158 MAKEWORD( pisid->IdentifierAuthority.Value[5],
3159 pisid->IdentifierAuthority.Value[4] ),
3160 MAKEWORD( pisid->IdentifierAuthority.Value[3],
3161 pisid->IdentifierAuthority.Value[2] )
3162 ) );
3163 DumpString(buf, -1, pwptr, plen);
3164
3165 for( i=0; i<pisid->SubAuthorityCount; i++ )
3166 {
3167 sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
3168 DumpString(buf, -1, pwptr, plen);
3169 }
3170 return TRUE;
3171}
3172
3173static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
3174{
3175 size_t i;
3176 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
3177 {
3178 if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
3179 {
3180 DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
3181 return TRUE;
3182 }
3183 }
3184
3185 return DumpSidNumeric(psid, pwptr, plen);
3186}
3187
3188static const LPCWSTR AceRightBitNames[32] = {
3189 SDDL_CREATE_CHILD, /* 0 */
3190 SDDL_DELETE_CHILD,
3191 SDDL_LIST_CHILDREN,
3192 SDDL_SELF_WRITE,
3193 SDDL_READ_PROPERTY, /* 4 */
3194 SDDL_WRITE_PROPERTY,
3195 SDDL_DELETE_TREE,
3196 SDDL_LIST_OBJECT,
3197 SDDL_CONTROL_ACCESS, /* 8 */
3198 NULL,
3199 NULL,
3200 NULL,
3201 NULL, /* 12 */
3202 NULL,
3203 NULL,
3204 NULL,
3205 SDDL_STANDARD_DELETE, /* 16 */
3206 SDDL_READ_CONTROL,
3207 SDDL_WRITE_DAC,
3208 SDDL_WRITE_OWNER,
3209 NULL, /* 20 */
3210 NULL,
3211 NULL,
3212 NULL,
3213 NULL, /* 24 */
3214 NULL,
3215 NULL,
3216 NULL,
3217 SDDL_GENERIC_ALL, /* 28 */
3218 SDDL_GENERIC_EXECUTE,
3219 SDDL_GENERIC_WRITE,
3220 SDDL_GENERIC_READ
3221};
3222
3223static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
3224{
3225 static const WCHAR fmtW[] = {'0','x','%','x',0};
3226 WCHAR buf[15];
3227 size_t i;
3228
3229 if (mask == 0)
3230 return;
3231
3232 /* first check if the right have name */
3233 for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
3234 {
3235 if (AceRights[i].wstr == NULL)
3236 break;
3237 if (mask == AceRights[i].value)
3238 {
3239 DumpString(AceRights[i].wstr, -1, pwptr, plen);
3240 return;
3241 }
3242 }
3243
3244 /* then check if it can be built from bit names */
3245 for (i = 0; i < 32; i++)
3246 {
3247 if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
3248 {
3249 /* can't be built from bit names */
3250 sprintfW(buf, fmtW, mask);
3251 DumpString(buf, -1, pwptr, plen);
3252 return;
3253 }
3254 }
3255
3256 /* build from bit names */
3257 for (i = 0; i < 32; i++)
3258 if (mask & (1 << i))
3259 DumpString(AceRightBitNames[i], -1, pwptr, plen);
3260}
3261
3262static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
3263{
3264 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
3265 static const WCHAR openbr = '(';
3266 static const WCHAR closebr = ')';
3267 static const WCHAR semicolon = ';';
3268
3269 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
3270 {
3271 SetLastError(ERROR_INVALID_ACL);
3272 return FALSE;
3273 }
3274
3275 piace = pace;
3276 DumpString(&openbr, 1, pwptr, plen);
3277 switch (piace->Header.AceType)
3278 {
3279 case ACCESS_ALLOWED_ACE_TYPE:
3280 DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
3281 break;
3282 case ACCESS_DENIED_ACE_TYPE:
3283 DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
3284 break;
3285 case SYSTEM_AUDIT_ACE_TYPE:
3286 DumpString(SDDL_AUDIT, -1, pwptr, plen);
3287 break;
3288 case SYSTEM_ALARM_ACE_TYPE:
3289 DumpString(SDDL_ALARM, -1, pwptr, plen);
3290 break;
3291 }
3292 DumpString(&semicolon, 1, pwptr, plen);
3293
3294 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
3295 DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
3296 if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
3297 DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
3298 if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE)
3299 DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
3300 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
3301 DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
3302 if (piace->Header.AceFlags & INHERITED_ACE)
3303 DumpString(SDDL_INHERITED, -1, pwptr, plen);
3304 if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
3305 DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
3306 if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
3307 DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
3308 DumpString(&semicolon, 1, pwptr, plen);
3309 DumpRights(piace->Mask, pwptr, plen);
3310 DumpString(&semicolon, 1, pwptr, plen);
3311 /* objects not supported */
3312 DumpString(&semicolon, 1, pwptr, plen);
3313 /* objects not supported */
3314 DumpString(&semicolon, 1, pwptr, plen);
3315 if (!DumpSid((PSID)&piace->SidStart, pwptr, plen))
3316 return FALSE;
3317 DumpString(&closebr, 1, pwptr, plen);
3318 return TRUE;
3319}
3320
3321static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
3322{
3323 WORD count;
3324 int i;
3325
3326 if (protected)
3327 DumpString(SDDL_PROTECTED, -1, pwptr, plen);
3328 if (autoInheritReq)
3329 DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
3330 if (autoInherited)
3331 DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
3332
3333 if (pacl == NULL)
3334 return TRUE;
3335
3336 if (!IsValidAcl(pacl))
3337 return FALSE;
3338
3339 count = pacl->AceCount;
3340 for (i = 0; i < count; i++)
3341 {
3342 LPVOID ace;
3343 if (!GetAce(pacl, i, &ace))
3344 return FALSE;
3345 if (!DumpAce(ace, pwptr, plen))
3346 return FALSE;
3347 }
3348
3349 return TRUE;
3350}
3351
3352static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3353{
3354 static const WCHAR prefix[] = {'O',':',0};
3355 BOOL bDefaulted;
3356 PSID psid;
3357
3358 if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
3359 return FALSE;
3360
3361 if (psid == NULL)
3362 return TRUE;
3363
3364 DumpString(prefix, -1, pwptr, plen);
3365 if (!DumpSid(psid, pwptr, plen))
3366 return FALSE;
3367 return TRUE;
3368}
3369
3370static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3371{
3372 static const WCHAR prefix[] = {'G',':',0};
3373 BOOL bDefaulted;
3374 PSID psid;
3375
3376 if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
3377 return FALSE;
3378
3379 if (psid == NULL)
3380 return TRUE;
3381
3382 DumpString(prefix, -1, pwptr, plen);
3383 if (!DumpSid(psid, pwptr, plen))
3384 return FALSE;
3385 return TRUE;
3386}
3387
3388static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3389{
3390 static const WCHAR dacl[] = {'D',':',0};
3391 SECURITY_DESCRIPTOR_CONTROL control;
3392 BOOL present, defaulted;
3393 DWORD revision;
3394 PACL pacl;
3395
3396 if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
3397 return FALSE;
3398
3399 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3400 return FALSE;
3401
3402 if (!present)
3403 return TRUE;
3404
3405 DumpString(dacl, 2, pwptr, plen);
3406 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
3407 return FALSE;
3408 return TRUE;
3409}
3410
3411static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3412{
3413 static const WCHAR sacl[] = {'S',':',0};
3414 SECURITY_DESCRIPTOR_CONTROL control;
3415 BOOL present, defaulted;
3416 DWORD revision;
3417 PACL pacl;
3418
3419 if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
3420 return FALSE;
3421
3422 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3423 return FALSE;
3424
3425 if (!present)
3426 return TRUE;
3427
3428 DumpString(sacl, 2, pwptr, plen);
3429 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
3430 return FALSE;
3431 return TRUE;
3432}
3433
3434/******************************************************************************
3435 * ConvertSecurityDescriptorToStringSecurityDescriptorW [ADVAPI32.@]
3436 */
3437BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
3438{
3439 ULONG len;
3440 WCHAR *wptr, *wstr;
3441
3442 if (SDRevision != SDDL_REVISION_1)
3443 {
3444 ERR("Program requested unknown SDDL revision %d\n", SDRevision);
3445 SetLastError(ERROR_UNKNOWN_REVISION);
3446 return FALSE;
3447 }
3448
3449 len = 0;
3450 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3451 if (!DumpOwner(SecurityDescriptor, NULL, &len))
3452 return FALSE;
3453 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3454 if (!DumpGroup(SecurityDescriptor, NULL, &len))
3455 return FALSE;
3456 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3457 if (!DumpDacl(SecurityDescriptor, NULL, &len))
3458 return FALSE;
3459 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3460 if (!DumpSacl(SecurityDescriptor, NULL, &len))
3461 return FALSE;
3462
3463 wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
3464#ifdef __REACTOS__
3465 if (wstr == NULL)
3466 return FALSE;
3467#endif
3468
3469 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3470 if (!DumpOwner(SecurityDescriptor, &wptr, NULL)) {
3471 LocalFree (wstr);
3472 return FALSE;
3473 }
3474 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3475 if (!DumpGroup(SecurityDescriptor, &wptr, NULL)) {
3476 LocalFree (wstr);
3477 return FALSE;
3478 }
3479 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3480 if (!DumpDacl(SecurityDescriptor, &wptr, NULL)) {
3481 LocalFree (wstr);
3482 return FALSE;
3483 }
3484 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3485 if (!DumpSacl(SecurityDescriptor, &wptr, NULL)) {
3486 LocalFree (wstr);
3487 return FALSE;
3488 }
3489 *wptr = 0;
3490
3491 TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
3492 *OutputString = wstr;
3493 if (OutputLen)
3494 *OutputLen = strlenW(*OutputString)+1;
3495 return TRUE;
3496}
3497
3498/******************************************************************************
3499 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
3500 */
3501BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
3502{
3503 LPWSTR wstr;
3504 ULONG len;
3505 if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
3506 {
3507 int lenA;
3508
3509 lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
3510 *OutputString = heap_alloc(lenA);
3511#ifdef __REACTOS__
3512 if (*OutputString == NULL)
3513 {
3514 LocalFree(wstr);
3515 *OutputLen = 0;
3516 return FALSE;
3517 }
3518#endif
3519 WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
3520 LocalFree(wstr);
3521
3522 if (OutputLen != NULL)
3523 *OutputLen = lenA;
3524 return TRUE;
3525 }
3526 else
3527 {
3528 *OutputString = NULL;
3529 if (OutputLen)
3530 *OutputLen = 0;
3531 return FALSE;
3532 }
3533}
3534
3535/******************************************************************************
3536 * ConvertStringSidToSidW [ADVAPI32.@]
3537 */
3538BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
3539{
3540 BOOL bret = FALSE;
3541 DWORD cBytes;
3542
3543 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
3544 if (GetVersion() & 0x80000000)
3545 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3546 else if (!StringSid || !Sid)
3547 SetLastError(ERROR_INVALID_PARAMETER);
3548 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
3549 {
3550 PSID pSid = *Sid = LocalAlloc(0, cBytes);
3551
3552 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
3553 if (!bret)
3554 LocalFree(*Sid);
3555 }
3556 return bret;
3557}
3558
3559/******************************************************************************
3560 * ConvertStringSidToSidA [ADVAPI32.@]
3561 */
3562BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
3563{
3564 BOOL bret = FALSE;
3565
3566 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
3567 if (GetVersion() & 0x80000000)
3568 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3569 else if (!StringSid || !Sid)
3570 SetLastError(ERROR_INVALID_PARAMETER);
3571 else
3572 {
3573 WCHAR *wStringSid = SERV_dup(StringSid);
3574 bret = ConvertStringSidToSidW(wStringSid, Sid);
3575 heap_free(wStringSid);
3576 }
3577 return bret;
3578}
3579
3580/*
3581 * @implemented
3582 */
3583BOOL
3584WINAPI
3585ConvertSidToStringSidW(PSID Sid,
3586 LPWSTR *StringSid)
3587{
3588 NTSTATUS Status;
3589 UNICODE_STRING UnicodeString;
3590 WCHAR FixedBuffer[64];
3591
3592 if (!RtlValidSid(Sid))
3593 {
3594 SetLastError(ERROR_INVALID_SID);
3595 return FALSE;
3596 }
3597
3598 UnicodeString.Length = 0;
3599 UnicodeString.MaximumLength = sizeof(FixedBuffer);
3600 UnicodeString.Buffer = FixedBuffer;
3601 Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, FALSE);
3602 if (STATUS_BUFFER_TOO_SMALL == Status)
3603 {
3604 Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, TRUE);
3605 }
3606
3607 if (!NT_SUCCESS(Status))
3608 {
3609 SetLastError(RtlNtStatusToDosError(Status));
3610 return FALSE;
3611 }
3612
3613 *StringSid = LocalAlloc(LMEM_FIXED, UnicodeString.Length + sizeof(WCHAR));
3614 if (NULL == *StringSid)
3615 {
3616 if (UnicodeString.Buffer != FixedBuffer)
3617 {
3618 RtlFreeUnicodeString(&UnicodeString);
3619 }
3620 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3621 return FALSE;
3622 }
3623
3624 MoveMemory(*StringSid, UnicodeString.Buffer, UnicodeString.Length);
3625 ZeroMemory((PCHAR) *StringSid + UnicodeString.Length, sizeof(WCHAR));
3626 if (UnicodeString.Buffer != FixedBuffer)
3627 {
3628 RtlFreeUnicodeString(&UnicodeString);
3629 }
3630
3631 return TRUE;
3632}
3633
3634/*
3635 * @implemented
3636 */
3637BOOL
3638WINAPI
3639ConvertSidToStringSidA(PSID Sid,
3640 LPSTR *StringSid)
3641{
3642 LPWSTR StringSidW;
3643 int Len;
3644
3645 if (!ConvertSidToStringSidW(Sid, &StringSidW))
3646 {
3647 return FALSE;
3648 }
3649
3650 Len = WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, NULL, 0, NULL, NULL);
3651 if (Len <= 0)
3652 {
3653 LocalFree(StringSidW);
3654 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3655 return FALSE;
3656 }
3657
3658 *StringSid = LocalAlloc(LMEM_FIXED, Len);
3659 if (NULL == *StringSid)
3660 {
3661 LocalFree(StringSidW);
3662 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3663 return FALSE;
3664 }
3665
3666 if (!WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, *StringSid, Len, NULL, NULL))
3667 {
3668 LocalFree(StringSid);
3669 LocalFree(StringSidW);
3670 return FALSE;
3671 }
3672
3673 LocalFree(StringSidW);
3674
3675 return TRUE;
3676}
3677
3678
3679static
3680DWORD
3681GetUnicodeEnvironmentSize(
3682 PVOID pEnvironment)
3683{
3684 INT Length, TotalLength = 0;
3685 PWCHAR Ptr;
3686
3687 if (pEnvironment == NULL)
3688 return 0;
3689
3690 Ptr = (PWCHAR)pEnvironment;
3691 while (*Ptr != UNICODE_NULL)
3692 {
3693 Length = wcslen(Ptr) + 1;
3694 TotalLength += Length;
3695 Ptr = Ptr + Length;
3696 }
3697
3698 return (TotalLength + 1) * sizeof(WCHAR);
3699}
3700
3701
3702static
3703DWORD
3704GetAnsiEnvironmentSize(
3705 PVOID pEnvironment)
3706{
3707 INT Length, TotalLength = 0;
3708 PCHAR Ptr;
3709
3710 if (pEnvironment == NULL)
3711 return 0;
3712
3713 Ptr = (PCHAR)pEnvironment;
3714 while (*Ptr != ANSI_NULL)
3715 {
3716 Length = strlen(Ptr) + 1;
3717 TotalLength += Length;
3718 Ptr = Ptr + Length;
3719 }
3720
3721 return TotalLength + 1;
3722}
3723
3724
3725/*
3726 * @unimplemented
3727 */
3728BOOL
3729WINAPI
3730CreateProcessWithLogonW(
3731 _In_ LPCWSTR lpUsername,
3732 _In_opt_ LPCWSTR lpDomain,
3733 _In_ LPCWSTR lpPassword,
3734 _In_ DWORD dwLogonFlags,
3735 _In_opt_ LPCWSTR lpApplicationName,
3736 _Inout_opt_ LPWSTR lpCommandLine,
3737 _In_ DWORD dwCreationFlags,
3738 _In_opt_ LPVOID lpEnvironment,
3739 _In_opt_ LPCWSTR lpCurrentDirectory,
3740 _In_ LPSTARTUPINFOW lpStartupInfo,
3741 _Out_ LPPROCESS_INFORMATION lpProcessInformation)
3742{
3743 LPWSTR pszStringBinding = NULL;
3744 handle_t hBinding = NULL;
3745 SECL_REQUEST Request;
3746 SECL_RESPONSE Response;
3747 RPC_STATUS Status;
3748
3749 TRACE("CreateProcessWithLogonW(%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p)\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
3750 debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
3751 debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
3752 lpStartupInfo, lpProcessInformation);
3753
3754 Status = RpcStringBindingComposeW(NULL,
3755 L"ncacn_np",
3756 NULL,
3757 L"\\pipe\\seclogon",
3758 NULL,
3759 &pszStringBinding);
3760 if (Status != RPC_S_OK)
3761 {
3762 WARN("RpcStringBindingCompose returned 0x%x\n", Status);
3763 SetLastError(Status);
3764 return FALSE;
3765 }
3766
3767 /* Set the binding handle that will be used to bind to the server. */
3768 Status = RpcBindingFromStringBindingW(pszStringBinding,
3769 &hBinding);
3770 if (Status != RPC_S_OK)
3771 {
3772 WARN("RpcBindingFromStringBinding returned 0x%x\n", Status);
3773 }
3774
3775 Status = RpcStringFreeW(&pszStringBinding);
3776 if (Status != RPC_S_OK)
3777 {
3778 WARN("RpcStringFree returned 0x%x\n", Status);
3779 }
3780
3781 Request.Username = (LPWSTR)lpUsername;
3782 Request.Domain = (LPWSTR)lpDomain;
3783 Request.Password = (LPWSTR)lpPassword;
3784 Request.ApplicationName = (LPWSTR)lpApplicationName;
3785 Request.CommandLine = (LPWSTR)lpCommandLine;
3786 Request.CurrentDirectory = (LPWSTR)lpCurrentDirectory;
3787
3788 if (dwCreationFlags & CREATE_UNICODE_ENVIRONMENT)
3789 Request.dwEnvironmentSize = GetUnicodeEnvironmentSize(lpEnvironment);
3790 else
3791 Request.dwEnvironmentSize = GetAnsiEnvironmentSize(lpEnvironment);
3792 Request.Environment = lpEnvironment;
3793
3794 TRACE("Request.dwEnvironmentSize %lu\n", Request.dwEnvironmentSize);
3795 TRACE("Request.Environment %p\n", Request.Environment);
3796
3797 Request.dwLogonFlags = dwLogonFlags;
3798 Request.dwCreationFlags = dwCreationFlags;
3799
3800 Request.dwProcessId = GetCurrentProcessId();
3801 TRACE("Request.dwProcessId %lu\n", Request.dwProcessId);
3802
3803 Response.hProcess = 0;
3804 Response.hThread = 0;
3805 Response.dwProcessId = 0;
3806 Response.dwThreadId = 0;
3807 Response.dwError = ERROR_SUCCESS;
3808
3809 RpcTryExcept
3810 {
3811 SeclCreateProcessWithLogonW(hBinding, &Request, &Response);
3812 }
3813 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
3814 {
3815 WARN("Exception: %lx\n", RpcExceptionCode());
3816 }
3817 RpcEndExcept;
3818
3819 if (hBinding)
3820 {
3821 Status = RpcBindingFree(&hBinding);
3822 if (Status != RPC_S_OK)
3823 {
3824 WARN("RpcBindingFree returned 0x%x\n", Status);
3825 }
3826
3827 hBinding = NULL;
3828 }
3829
3830 TRACE("Response.hProcess %p\n", Response.hProcess);
3831 TRACE("Response.hThread %p\n", Response.hThread);
3832 TRACE("Response.dwProcessId %lu\n", Response.dwProcessId);
3833 TRACE("Response.dwThreadId %lu\n", Response.dwThreadId);
3834 TRACE("Response.dwError %lu\n", Response.dwError);
3835 if (Response.dwError != ERROR_SUCCESS)
3836 SetLastError(Response.dwError);
3837
3838 TRACE("CreateProcessWithLogonW() done\n");
3839
3840 return (Response.dwError == ERROR_SUCCESS);
3841}
3842
3843BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line,
3844 DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info,
3845 PROCESS_INFORMATION *process_information )
3846{
3847 FIXME("%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n", token,
3848 logon_flags, debugstr_w(application_name), debugstr_w(command_line),
3849 creation_flags, environment, debugstr_w(current_directory),
3850 startup_info, process_information);
3851
3852 /* FIXME: check if handles should be inherited */
3853 return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
3854 current_directory, startup_info, process_information );
3855}
3856
3857/*
3858 * @implemented
3859 */
3860BOOL WINAPI
3861DuplicateTokenEx(IN HANDLE ExistingTokenHandle,
3862 IN DWORD dwDesiredAccess,
3863 IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL,
3864 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3865 IN TOKEN_TYPE TokenType,
3866 OUT PHANDLE DuplicateTokenHandle)
3867{
3868 OBJECT_ATTRIBUTES ObjectAttributes;
3869 NTSTATUS Status;
3870 SECURITY_QUALITY_OF_SERVICE Sqos;
3871
3872 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3873 ImpersonationLevel, TokenType, DuplicateTokenHandle);
3874
3875 Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
3876 Sqos.ImpersonationLevel = ImpersonationLevel;
3877 Sqos.ContextTrackingMode = 0;
3878 Sqos.EffectiveOnly = FALSE;
3879
3880 if (lpTokenAttributes != NULL)
3881 {
3882 InitializeObjectAttributes(&ObjectAttributes,
3883 NULL,
3884 lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0,
3885 NULL,
3886 lpTokenAttributes->lpSecurityDescriptor);
3887 }
3888 else
3889 {
3890 InitializeObjectAttributes(&ObjectAttributes,
3891 NULL,
3892 0,
3893 NULL,
3894 NULL);
3895 }
3896
3897 ObjectAttributes.SecurityQualityOfService = &Sqos;
3898
3899 Status = NtDuplicateToken(ExistingTokenHandle,
3900 dwDesiredAccess,
3901 &ObjectAttributes,
3902 FALSE,
3903 TokenType,
3904 DuplicateTokenHandle);
3905 if (!NT_SUCCESS(Status))
3906 {
3907 ERR("NtDuplicateToken failed: Status %08x\n", Status);
3908 SetLastError(RtlNtStatusToDosError(Status));
3909 return FALSE;
3910 }
3911
3912 TRACE("Returning token %p.\n", *DuplicateTokenHandle);
3913
3914 return TRUE;
3915}
3916
3917/*
3918 * @implemented
3919 */
3920BOOL WINAPI
3921DuplicateToken(IN HANDLE ExistingTokenHandle,
3922 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3923 OUT PHANDLE DuplicateTokenHandle)
3924{
3925 return DuplicateTokenEx(ExistingTokenHandle,
3926 TOKEN_IMPERSONATE | TOKEN_QUERY,
3927 NULL,
3928 ImpersonationLevel,
3929 TokenImpersonation,
3930 DuplicateTokenHandle);
3931}
3932
3933/******************************************************************************
3934 * ComputeStringSidSize
3935 */
3936static DWORD ComputeStringSidSize(LPCWSTR StringSid)
3937{
3938 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
3939 {
3940 int ctok = 0;
3941 while (*StringSid)
3942 {
3943 if (*StringSid == '-')
3944 ctok++;
3945 StringSid++;
3946 }
3947
3948 if (ctok >= 3)
3949 return GetSidLengthRequired(ctok - 2);
3950 }
3951 else /* String constant format - Only available in winxp and above */
3952 {
3953 unsigned int i;
3954
3955 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3956 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3957 return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
3958
3959 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3960 if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3961 {
3962 MAX_SID local;
3963 ADVAPI_GetComputerSid(&local);
3964 return GetSidLengthRequired(*GetSidSubAuthorityCount(&local) + 1);
3965 }
3966
3967 }
3968
3969 return GetSidLengthRequired(0);
3970}
3971
3972/******************************************************************************
3973 * ParseStringSidToSid
3974 */
3975static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
3976{
3977 BOOL bret = FALSE;
3978 SID* pisid=pSid;
3979
3980 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
3981 if (!StringSid)
3982 {
3983 SetLastError(ERROR_INVALID_PARAMETER);
3984 TRACE("StringSid is NULL, returning FALSE\n");
3985 return FALSE;
3986 }
3987
3988 while (*StringSid == ' ')
3989 StringSid++;
3990
3991 if (!*StringSid)
3992 goto lend; /* ERROR_INVALID_SID */
3993
3994 *cBytes = ComputeStringSidSize(StringSid);
3995 if (!pisid) /* Simply compute the size */
3996 {
3997 TRACE("only size requested, returning TRUE with %d\n", *cBytes);
3998 return TRUE;
3999 }
4000
4001 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
4002 {
4003 DWORD i = 0, identAuth;
4004 DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD));
4005
4006 StringSid += 2; /* Advance to Revision */
4007 pisid->Revision = atoiW(StringSid);
4008
4009 if (pisid->Revision != SDDL_REVISION)
4010 {
4011 TRACE("Revision %d is unknown\n", pisid->Revision);
4012 goto lend; /* ERROR_INVALID_SID */
4013 }
4014 if (csubauth == 0)
4015 {
4016 TRACE("SubAuthorityCount is 0\n");
4017 goto lend; /* ERROR_INVALID_SID */
4018 }
4019
4020 pisid->SubAuthorityCount = csubauth;
4021
4022 /* Advance to identifier authority */
4023 while (*StringSid && *StringSid != '-')
4024 StringSid++;
4025 if (*StringSid == '-')
4026 StringSid++;
4027
4028 /* MS' implementation can't handle values greater than 2^32 - 1, so
4029 * we don't either; assume most significant bytes are always 0
4030 */
4031 pisid->IdentifierAuthority.Value[0] = 0;
4032 pisid->IdentifierAuthority.Value[1] = 0;
4033 identAuth = atoiW(StringSid);
4034 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
4035 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
4036 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
4037 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
4038
4039 /* Advance to first sub authority */
4040 while (*StringSid && *StringSid != '-')
4041 StringSid++;
4042 if (*StringSid == '-')
4043 StringSid++;
4044
4045 while (*StringSid)
4046 {
4047 pisid->SubAuthority[i++] = atoiW(StringSid);
4048
4049 while (*StringSid && *StringSid != '-')
4050 StringSid++;
4051 if (*StringSid == '-')
4052 StringSid++;
4053 }
4054
4055 if (i != pisid->SubAuthorityCount)
4056 goto lend; /* ERROR_INVALID_SID */
4057
4058 bret = TRUE;
4059 }
4060 else /* String constant format - Only available in winxp and above */
4061 {
4062 unsigned int i;
4063 pisid->Revision = SDDL_REVISION;
4064
4065 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
4066 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
4067 {
4068 DWORD j;
4069 pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount;
4070 pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority;
4071 for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
4072 pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j];
4073 bret = TRUE;
4074 }
4075
4076 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
4077 if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
4078 {
4079 ADVAPI_GetComputerSid(pisid);
4080 pisid->SubAuthority[pisid->SubAuthorityCount] = WellKnownRids[i].Rid;
4081 pisid->SubAuthorityCount++;
4082 bret = TRUE;
4083 }
4084
4085 if (!bret)
4086 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
4087 }
4088
4089lend:
4090 if (!bret)
4091 SetLastError(ERROR_INVALID_SID);
4092
4093 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
4094 return bret;
4095}
4096
4097/**********************************************************************
4098 * GetNamedSecurityInfoA EXPORTED
4099 *
4100 * @implemented
4101 */
4102DWORD
4103WINAPI
4104GetNamedSecurityInfoA(LPSTR pObjectName,
4105 SE_OBJECT_TYPE ObjectType,
4106 SECURITY_INFORMATION SecurityInfo,
4107 PSID *ppsidOwner,
4108 PSID *ppsidGroup,
4109 PACL *ppDacl,
4110 PACL *ppSacl,
4111 PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
4112{
4113 DWORD len;
4114 LPWSTR wstr = NULL;
4115 DWORD r;
4116
4117 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
4118 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
4119
4120 if( pObjectName )
4121 {
4122 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
4123 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
4124 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
4125 }
4126
4127 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
4128 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
4129
4130 HeapFree( GetProcessHeap(), 0, wstr );
4131
4132 return r;
4133}
4134
4135/******************************************************************************
4136 * GetWindowsAccountDomainSid [ADVAPI32.@]
4137 */
4138BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
4139{
4140 SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
4141 DWORD required_size;
4142 int i;
4143
4144 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
4145
4146 if (!sid || !IsValidSid( sid ))
4147 {
4148 SetLastError( ERROR_INVALID_SID );
4149 return FALSE;
4150 }
4151
4152 if (!size)
4153 {
4154 SetLastError( ERROR_INVALID_PARAMETER );
4155 return FALSE;
4156 }
4157
4158 if (*GetSidSubAuthorityCount( sid ) < 4)
4159 {
4160 SetLastError( ERROR_INVALID_SID );
4161 return FALSE;
4162 }
4163
4164 required_size = GetSidLengthRequired( 4 );
4165 if (*size < required_size || !domain_sid)
4166 {
4167 *size = required_size;
4168 SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER :
4169 ERROR_INVALID_PARAMETER );
4170 return FALSE;
4171 }
4172
4173 InitializeSid( domain_sid, &domain_ident, 4 );
4174 for (i = 0; i < 4; i++)
4175 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
4176
4177 *size = required_size;
4178 return TRUE;
4179}
4180
4181/*
4182 * @unimplemented
4183 */
4184BOOL
4185WINAPI
4186EqualDomainSid(IN PSID pSid1,
4187 IN PSID pSid2,
4188 OUT BOOL* pfEqual)
4189{
4190 UNIMPLEMENTED;
4191 return FALSE;
4192}
4193
4194/* EOF */
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
Type
Type
Definition: Type.h:7
ACCESS_MODE
enum _ACCESS_MODE ACCESS_MODE
TRUSTEE_FORM
enum _TRUSTEE_FORM TRUSTEE_FORM
TRUSTEE_TYPE
enum _TRUSTEE_TYPE TRUSTEE_TYPE
TRUSTEE_IS_SID
@ TRUSTEE_IS_SID
Definition: accctrl.h:189
TRUSTEE_IS_OBJECTS_AND_SID
@ TRUSTEE_IS_OBJECTS_AND_SID
Definition: accctrl.h:192
TRUSTEE_BAD_FORM
@ TRUSTEE_BAD_FORM
Definition: accctrl.h:191
TRUSTEE_IS_NAME
@ TRUSTEE_IS_NAME
Definition: accctrl.h:190
TRUSTEE_IS_OBJECTS_AND_NAME
@ TRUSTEE_IS_OBJECTS_AND_NAME
Definition: accctrl.h:193
TRUSTEE_IS_UNKNOWN
@ TRUSTEE_IS_UNKNOWN
Definition: accctrl.h:176
SE_OBJECT_TYPE
enum _SE_OBJECT_TYPE SE_OBJECT_TYPE
Definition: security.c:104
NO_MULTIPLE_TRUSTEE
@ NO_MULTIPLE_TRUSTEE
Definition: accctrl.h:198
NtAccessCheck
NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on an object.
Definition: accesschk.c:2186
NtAccessCheckByType
NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2226
NtAccessCheckByTypeResultList
NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2269
strlen
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
bytes
static unsigned char bytes[4]
Definition: adnsresfilter.c:74
Name
struct NameRec_ * Name
Definition: cdprocs.h:460
heap_alloc
static void * heap_alloc(size_t len)
Definition: appwiz.h:66
heap_free
static BOOL heap_free(void *mem)
Definition: appwiz.h:76
TOKEN_TYPE
TOKEN_TYPE
Definition: asmpp.cpp:29
WINE_DEFAULT_DEBUG_CHANNEL
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
Definition: precomp.h:23
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SeclCreateProcessWithLogonW
VOID __stdcall SeclCreateProcessWithLogonW(_In_ handle_t hBinding, _In_ SECL_REQUEST *pRequest, _Out_ SECL_RESPONSE *pResponse)
Definition: rpcserver.c:57
FIXME
#define FIXME(fmt,...)
Definition: debug.h:111
UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: debug.h:115
WARN
#define WARN(fmt,...)
Definition: debug.h:112
ERR
#define ERR(fmt,...)
Definition: debug.h:110
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
sid
FT_UInt sid
Definition: cffcmap.c:139
GetComputerNameW
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
LPSTARTUPINFOW
SIZE_T LPSTARTUPINFOW
Definition: cordebug.idl:85
LPPROCESS_INFORMATION
SIZE_T LPPROCESS_INFORMATION
Definition: cordebug.idl:86
hBinding
handle_t hBinding
Definition: ctx_c.c:54
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
ERROR_INSUFFICIENT_BUFFER
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
Len
#define Len
Definition: deflate.h:82
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
LookupAccountNameW
BOOL WINAPI LookupAccountNameW(LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, LPDWORD cbSid, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:626
GetNamedSecurityInfoW
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1147
LookupPrivilegeDisplayNameW
BOOL WINAPI LookupPrivilegeDisplayNameW(LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
Definition: misc.c:901
LookupPrivilegeNameW
BOOL WINAPI LookupPrivilegeNameW(LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, LPDWORD cchName)
Definition: misc.c:832
SetNamedSecurityInfoW
DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1197
AdjustTokenPrivileges
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:376
GetAclInformation
BOOL WINAPI GetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:1196
GetTokenInformation
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:413
GetAnsiEnvironmentSize
static DWORD GetAnsiEnvironmentSize(PVOID pEnvironment)
Definition: security.c:3704
ADS_RIGHT_DS_LIST_OBJECT
#define ADS_RIGHT_DS_LIST_OBJECT
Definition: security.c:162
LookupAccountNameA
BOOL WINAPI LookupAccountNameA(LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
Definition: security.c:2014
DumpSacl
static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3411
SDDL_AUDIT_FAILURE
static const WCHAR SDDL_AUDIT_FAILURE[]
Definition: security.c:174
PrivilegeCheck
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
Definition: security.c:2068
AceFlags
static const ACEFLAG AceFlags[]
Definition: security.c:2626
OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
ConvertSecurityDescriptorToStringSecurityDescriptorA
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
Definition: security.c:3501
WellKnownRids
static const WELLKNOWNRID WellKnownRids[]
Definition: security.c:111
CreateRestrictedToken
BOOL WINAPI CreateRestrictedToken(_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
Creates a filtered token that is a restricted one of the regular access token. A restricted token can...
Definition: security.c:535
SetAclInformation
BOOL WINAPI SetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:2473
DuplicateToken
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3921
ConvertStringSidToSidW
BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID *Sid)
Definition: security.c:3538
ConvertSidToStringSidW
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3585
SetTokenInformation
BOOL WINAPI SetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
Definition: security.c:439
ParseAclStringFlags
static DWORD ParseAclStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2556
ConvertStringSecurityDescriptorToSecurityDescriptorA
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:3034
LookupPrivilegeDisplayNameA
BOOL WINAPI LookupPrivilegeDisplayNameA(LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
Definition: security.c:1241
GetTrusteeTypeW
TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEE_W pTrustee)
Definition: security.c:2463
AceRights
static const ACEFLAG AceRights[]
Definition: security.c:2671
ParseAceStringFlags
static BYTE ParseAceStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2638
SDDL_CONTAINER_INHERIT
static const WCHAR SDDL_CONTAINER_INHERIT[]
Definition: security.c:168
ParseStringSidToSid
static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
Definition: security.c:3975
InitializeSid
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:864
LPACEFLAG
struct _ACEFLAG * LPACEFLAG
ConvertSecurityDescriptorToStringSecurityDescriptorW
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
Definition: security.c:3437
SDDL_AUDIT
static const WCHAR SDDL_AUDIT[]
Definition: security.c:144
SERV_dup
static LPWSTR SERV_dup(LPCSTR str)
Definition: security.c:235
DumpGroup
static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3370
DumpAce
static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3262
GetSecurityInfoExA
DWORD WINAPI GetSecurityInfoExA(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup)
Definition: security.c:2094
ParseStringSecurityDescriptorToSecurityDescriptor
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
Definition: security.c:2886
ConvertStringSidToSidA
BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID *Sid)
Definition: security.c:3562
EqualPrefixSid
BOOL WINAPI EqualPrefixSid(PSID pSid1, PSID pSid2)
Definition: security.c:843
ADS_RIGHT_DS_DELETE_TREE
#define ADS_RIGHT_DS_DELETE_TREE
Definition: security.c:161
ADS_RIGHT_ACTRL_DS_LIST
#define ADS_RIGHT_ACTRL_DS_LIST
Definition: security.c:157
BuildTrusteeWithSidA
VOID WINAPI BuildTrusteeWithSidA(PTRUSTEE_A pTrustee, PSID pSid)
Definition: security.c:2344
GetSecurityInfoExW
DWORD WINAPI GetSecurityInfoExW(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup)
Definition: security.c:2114
GetTrusteeNameW
LPWSTR WINAPI GetTrusteeNameW(PTRUSTEE_W pTrustee)
Definition: security.c:2445
SDDL_NO_WRITE_UP
static const WCHAR SDDL_NO_WRITE_UP[]
Definition: security.c:132
ImpersonateSelf
BOOL WINAPI ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:1633
AddAccessDeniedAceEx
BOOL WINAPI AddAccessDeniedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:1116
SDDL_OBJECT_AUDIT
static const WCHAR SDDL_OBJECT_AUDIT[]
Definition: security.c:148