ReactOS 0.4.15-dev-5667-ged97270
security.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * WINE COPYRIGHT:
4 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
5 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
6 * Copyright 2006 Robert Reif
7 * Copyright 2006 Hervé Poussineau
8 *
9 * PROJECT: ReactOS system libraries
10 * FILE: dll/win32/advapi32/wine/security.c
11 */
12
13#include <advapi32.h>
14
15#include <sddl.h>
16
18
19static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
20#ifdef __REACTOS__
23#endif
24
25typedef struct _ACEFLAG
26{
30
31typedef struct _MAX_SID
32{
33 /* same fields as struct _SID */
39
40typedef struct WELLKNOWNSID
41{
46
48{
49 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
50 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
51 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
52 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
53 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
54 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
55 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
56 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
57 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
58 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
59 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
60 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
61 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
62 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
63 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
64 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
65 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
66 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
67 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
68 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
69 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
70 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
71 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
72 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
73 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
74 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
75 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
76 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
77 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
78 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
79 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
80 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
81 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
82 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
83 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
84 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
85 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
86 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
87 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
88 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
89 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
90 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
91 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
92 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
93 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
94 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
95 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
96 { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
97 { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
98 { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
99 { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
100 { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
101};
102
103/* these SIDs must be constructed as relative to some domain - only the RID is well-known */
104typedef struct WELLKNOWNRID
105{
110
111static const WELLKNOWNRID WellKnownRids[] = {
112 { {'L','A'}, WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
113 { {'L','G'}, WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
114 { {0,0}, WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
115 { {'D','A'}, WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
116 { {'D','U'}, WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
117 { {'D','G'}, WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
118 { {'D','C'}, WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
119 { {'D','D'}, WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
120 { {'C','A'}, WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
121 { {'S','A'}, WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
122 { {'E','A'}, WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
123 { {'P','A'}, WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
124 { {'R','S'}, WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
125};
126
127#ifndef __REACTOS__
129#endif
130
131static const WCHAR SDDL_NO_READ_UP[] = {'N','R',0};
132static const WCHAR SDDL_NO_WRITE_UP[] = {'N','W',0};
133static const WCHAR SDDL_NO_EXECUTE_UP[] = {'N','X',0};
134
135/*
136 * ACE types
137 */
138static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
139static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
140#ifndef __REACTOS__
141static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
142static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
143#endif
144static const WCHAR SDDL_AUDIT[] = {'A','U',0};
145static const WCHAR SDDL_ALARM[] = {'A','L',0};
146static const WCHAR SDDL_MANDATORY_LABEL[] = {'M','L',0};
147#ifndef __REACTOS__
148static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
149static const WCHAR SDDL_OBJECT_ALARM[] = {'O','L',0};
150#endif
151
152/*
153 * SDDL ADS Rights
154 */
155#define ADS_RIGHT_DS_CREATE_CHILD 0x0001
156#define ADS_RIGHT_DS_DELETE_CHILD 0x0002
157#define ADS_RIGHT_ACTRL_DS_LIST 0x0004
158#define ADS_RIGHT_DS_SELF 0x0008
159#define ADS_RIGHT_DS_READ_PROP 0x0010
160#define ADS_RIGHT_DS_WRITE_PROP 0x0020
161#define ADS_RIGHT_DS_DELETE_TREE 0x0040
162#define ADS_RIGHT_DS_LIST_OBJECT 0x0080
163#define ADS_RIGHT_DS_CONTROL_ACCESS 0x0100
164
165/*
166 * ACE flags
167 */
168static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
169static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
170static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
171static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
172static const WCHAR SDDL_INHERITED[] = {'I','D',0};
173static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
174static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
175
176static const char * debugstr_sid(PSID sid)
177{
178 int auth = 0;
179 SID * psid = (SID *)sid;
180
181 if (psid == NULL)
182 return "(null)";
183
184 auth = psid->IdentifierAuthority.Value[5] +
185 (psid->IdentifierAuthority.Value[4] << 8) +
186 (psid->IdentifierAuthority.Value[3] << 16) +
187 (psid->IdentifierAuthority.Value[2] << 24);
188
189 switch (psid->SubAuthorityCount) {
190 case 0:
191 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
192 case 1:
193 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
194 psid->SubAuthority[0]);
195 case 2:
196 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
197 psid->SubAuthority[0], psid->SubAuthority[1]);
198 case 3:
199 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
200 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
201 case 4:
202 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
203 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
204 psid->SubAuthority[3]);
205 case 5:
206 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
207 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
208 psid->SubAuthority[3], psid->SubAuthority[4]);
209 case 6:
210 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
211 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
212 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
213 case 7:
214 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
215 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
216 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
217 psid->SubAuthority[6]);
218 case 8:
219 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
220 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
221 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
222 psid->SubAuthority[6], psid->SubAuthority[7]);
223 }
224 return "(too-big)";
225}
226
227/* set last error code from NT status and get the proper boolean return value */
228/* used for functions that are a simple wrapper around the corresponding ntdll API */
230{
232 return NT_SUCCESS(status);
233}
234
236{
237 UINT len;
238 LPWSTR wstr;
239
240 if( !str )
241 return NULL;
242 len = MultiByteToWideChar( CP_ACP, 0, str, -1, NULL, 0 );
243 wstr = heap_alloc( len*sizeof (WCHAR) );
244 MultiByteToWideChar( CP_ACP, 0, str, -1, wstr, len );
245 return wstr;
246}
247
248/************************************************************
249 * ADVAPI_IsLocalComputer
250 *
251 * Checks whether the server name indicates local machine.
252 */
254{
256 BOOL Result;
257 LPWSTR buf;
258
259 if (!ServerName || !ServerName[0])
260 return TRUE;
261
262 buf = heap_alloc(dwSize * sizeof(WCHAR));
264 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
265 ServerName += 2;
266 Result = Result && !lstrcmpW(ServerName, buf);
267 heap_free(buf);
268
269 return Result;
270}
271
272/************************************************************
273 * ADVAPI_GetComputerSid
274 */
276{
277 static const struct /* same fields as struct SID */
278 {
282 DWORD SubAuthority[4];
283 } computer_sid =
285
286 memcpy( sid, &computer_sid, sizeof(computer_sid) );
287 return TRUE;
288}
289
290/* Exported functions */
291
292/*
293 * @implemented
294 */
299{
301
302 TRACE("%p, %x, %p.\n", ProcessHandle, DesiredAccess, TokenHandle);
303
307 if (!NT_SUCCESS(Status))
308 {
309 ERR("NtOpenProcessToken failed! Status %08x.\n", Status);
311 return FALSE;
312 }
313
314 TRACE("Returning token %p.\n", *TokenHandle);
315
316 return TRUE;
317}
318
319/******************************************************************************
320 * OpenThreadToken [ADVAPI32.@]
321 *
322 * Opens the access token associated with a thread handle.
323 *
324 * PARAMS
325 * ThreadHandle [I] Handle to process
326 * DesiredAccess [I] Desired access to the thread
327 * OpenAsSelf [I] ???
328 * TokenHandle [O] Destination for the token handle
329 *
330 * RETURNS
331 * Success: TRUE. TokenHandle contains the access token.
332 * Failure: FALSE.
333 *
334 * NOTES
335 * See NtOpenThreadToken.
336 */
340{
342}
343
344/*
345 * @implemented
346 */
349 BOOL ResetToDefault,
350 PTOKEN_GROUPS NewState,
354{
356
358 ResetToDefault,
359 NewState,
363 if (!NT_SUCCESS(Status))
364 {
366 return FALSE;
367 }
368
369 return TRUE;
370}
371
372/*
373 * @implemented
374 */
377 BOOL DisableAllPrivileges,
378 PTOKEN_PRIVILEGES NewState,
382{
384
386 DisableAllPrivileges,
387 NewState,
392 {
394 return TRUE;
395 }
396
397 if (!NT_SUCCESS(Status))
398 {
400 return FALSE;
401 }
402
403 /* AdjustTokenPrivileges is documented to do this */
405
406 return TRUE;
407}
408
409/*
410 * @implemented
411 */
415 LPVOID TokenInformation,
418{
420
423 TokenInformation,
426 if (!NT_SUCCESS(Status))
427 {
429 return FALSE;
430 }
431
432 return TRUE;
433}
434
435/*
436 * @implemented
437 */
441 LPVOID TokenInformation,
443{
445
448 TokenInformation,
450 if (!NT_SUCCESS(Status))
451 {
453 return FALSE;
454 }
455
456 return TRUE;
457}
458
459/*
460 * @implemented
461 */
465{
468
469 hThread = (ThreadHandle != NULL) ? *ThreadHandle : NtCurrentThread();
470
474 sizeof(HANDLE));
475 if (!NT_SUCCESS(Status))
476 {
478 return FALSE;
479 }
480
481 return TRUE;
482}
483
536 _In_ HANDLE ExistingTokenHandle,
538 _In_ DWORD DisableSidCount,
539 _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable,
540 _In_ DWORD DeletePrivilegeCount,
541 _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete,
542 _In_ DWORD RestrictedSidCount,
543 _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict,
545{
548 ULONG Index;
549 PTOKEN_GROUPS DisableSids = NULL;
550 PTOKEN_GROUPS RestrictedSids = NULL;
551 PTOKEN_PRIVILEGES DeletePrivileges = NULL;
552
553 /*
554 * Capture the elements we're being given from
555 * the caller and allocate the groups and/or
556 * privileges that have to be filtered in
557 * the token.
558 */
559 if (SidsToDisable != NULL)
560 {
561 DisableSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, DisableSidCount * sizeof(TOKEN_GROUPS));
562 if (DisableSids == NULL)
563 {
564 /* We failed, bail out */
566 return FALSE;
567 }
568
569 /* Copy the counter and loop the elements to copy the rest */
570 DisableSids->GroupCount = DisableSidCount;
571 for (Index = 0; Index < DisableSidCount; Index++)
572 {
573 DisableSids->Groups[Index].Sid = SidsToDisable[Index].Sid;
574 DisableSids->Groups[Index].Attributes = SidsToDisable[Index].Attributes;
575 }
576 }
577
578 if (PrivilegesToDelete != NULL)
579 {
580 DeletePrivileges = (PTOKEN_PRIVILEGES)LocalAlloc(LMEM_FIXED, DeletePrivilegeCount * sizeof(TOKEN_PRIVILEGES));
581 if (DeletePrivileges == NULL)
582 {
583 /* We failed, bail out */
585 Success = FALSE;
586 goto Cleanup;
587 }
588
589 /* Copy the counter and loop the elements to copy the rest */
590 DeletePrivileges->PrivilegeCount = DeletePrivilegeCount;
591 for (Index = 0; Index < DeletePrivilegeCount; Index++)
592 {
593 DeletePrivileges->Privileges[Index].Luid = PrivilegesToDelete[Index].Luid;
594 DeletePrivileges->Privileges[Index].Attributes = PrivilegesToDelete[Index].Attributes;
595 }
596 }
597
598 if (SidsToRestrict != NULL)
599 {
600 RestrictedSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, RestrictedSidCount * sizeof(TOKEN_GROUPS));
601 if (RestrictedSids == NULL)
602 {
603 /* We failed, bail out */
605 Success = FALSE;
606 goto Cleanup;
607 }
608
609 /* Copy the counter and loop the elements to copy the rest */
610 RestrictedSids->GroupCount = RestrictedSidCount;
611 for (Index = 0; Index < RestrictedSidCount; Index++)
612 {
613 RestrictedSids->Groups[Index].Sid = SidsToRestrict[Index].Sid;
614 RestrictedSids->Groups[Index].Attributes = SidsToRestrict[Index].Attributes;
615 }
616 }
617
618 /*
619 * Call the NT API to request a token filtering
620 * operation for us.
621 */
622 Status = NtFilterToken(ExistingTokenHandle,
623 Flags,
624 DisableSids,
625 DeletePrivileges,
626 RestrictedSids,
628 if (!NT_SUCCESS(Status))
629 {
630 /* We failed to do the job, bail out */
632 Success = FALSE;
633 goto Cleanup;
634 }
635
636 /* If we reach here then we've successfully filtered the token */
637 Success = TRUE;
638
639Cleanup:
640 /* Free whatever we allocated before */
641 if (DisableSids != NULL)
642 {
643 LocalFree(DisableSids);
644 }
645
646 if (DeletePrivileges != NULL)
647 {
648 LocalFree(DeletePrivileges);
649 }
650
651 if (RestrictedSids != NULL)
652 {
653 LocalFree(RestrictedSids);
654 }
655
656 return Success;
657}
658
659/******************************************************************************
660 * AllocateAndInitializeSid [ADVAPI32.@]
661 *
662 * PARAMS
663 * pIdentifierAuthority []
664 * nSubAuthorityCount []
665 * nSubAuthority0 []
666 * nSubAuthority1 []
667 * nSubAuthority2 []
668 * nSubAuthority3 []
669 * nSubAuthority4 []
670 * nSubAuthority5 []
671 * nSubAuthority6 []
672 * nSubAuthority7 []
673 * pSid []
674 */
677 BYTE nSubAuthorityCount,
678 DWORD nSubAuthority0, DWORD nSubAuthority1,
679 DWORD nSubAuthority2, DWORD nSubAuthority3,
680 DWORD nSubAuthority4, DWORD nSubAuthority5,
681 DWORD nSubAuthority6, DWORD nSubAuthority7,
682 PSID *pSid )
683{
685 pIdentifierAuthority, nSubAuthorityCount,
686 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
687 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
688 pSid ));
689}
690
691/*
692 * @implemented
693 *
694 * RETURNS
695 * Docs says this function does NOT return a value
696 * even thou it's defined to return a PVOID...
697 */
698PVOID
699WINAPI
701{
702 return RtlFreeSid(pSid);
703}
704
705/******************************************************************************
706 * CopySid [ADVAPI32.@]
707 *
708 * PARAMS
709 * nDestinationSidLength []
710 * pDestinationSid []
711 * pSourceSid []
712 */
714CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
715{
716 return set_ntstatus(RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid));
717}
718
719/*
720 * @unimplemented
721 */
722BOOL
723WINAPI
725 IN PSID DomainSid OPTIONAL,
726 OUT PSID pSid,
727 IN OUT DWORD* cbSid)
728{
729 unsigned int i;
730 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
731
732 if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
733 {
735 return FALSE;
736 }
737
738 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
739 if (WellKnownSids[i].Type == WellKnownSidType) {
741
742 if (*cbSid < length)
743 {
744 *cbSid = length;
746 return FALSE;
747 }
748 if (!pSid)
749 {
751 return FALSE;
752 }
754 *cbSid = length;
755 return TRUE;
756 }
757 }
758
759 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
760 {
762 return FALSE;
763 }
764
765 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
766 if (WellKnownRids[i].Type == WellKnownSidType) {
767 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
768 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
769 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
770
771 if (*cbSid < output_sid_length)
772 {
773 *cbSid = output_sid_length;
775 return FALSE;
776 }
777 if (!pSid)
778 {
780 return FALSE;
781 }
782 CopyMemory(pSid, DomainSid, domain_sid_length);
784 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
785 *cbSid = output_sid_length;
786 return TRUE;
787 }
788
790 return FALSE;
791}
792
793/*
794 * @unimplemented
795 */
796BOOL
797WINAPI
799 IN WELL_KNOWN_SID_TYPE WellKnownSidType)
800{
801 unsigned int i;
802 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
803
804 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
805 {
806 if (WellKnownSids[i].Type == WellKnownSidType)
807 {
809 return TRUE;
810 }
811 }
812
813 return FALSE;
814}
815
816/*
817 * @implemented
818 */
819BOOL
820WINAPI
822{
823 return (BOOL)RtlValidSid(pSid);
824}
825
826/*
827 * @implemented
828 */
829BOOL
830WINAPI
832 PSID pSid2)
833{
835 return RtlEqualSid (pSid1, pSid2);
836}
837
838/*
839 * @implemented
840 */
841BOOL
842WINAPI
844 PSID pSid2)
845{
846 return RtlEqualPrefixSid (pSid1, pSid2);
847}
848
849/*
850 * @implemented
851 */
852DWORD
853WINAPI
854GetSidLengthRequired(UCHAR nSubAuthorityCount)
855{
856 return (DWORD)RtlLengthRequiredSid(nSubAuthorityCount);
857}
858
859/*
860 * @implemented
861 */
862BOOL
863WINAPI
865 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
866 BYTE nSubAuthorityCount)
867{
869
871 pIdentifierAuthority,
872 nSubAuthorityCount);
873 if (!NT_SUCCESS(Status))
874 {
876 return FALSE;
877 }
878
879 return TRUE;
880}
881
882/*
883 * @implemented
884 */
886WINAPI
888{
891}
892
893/*
894 * @implemented
895 */
896PDWORD
897WINAPI
899 DWORD nSubAuthority)
900{
902 return (PDWORD)RtlSubAuthoritySid(pSid, nSubAuthority);
903}
904
905/*
906 * @implemented
907 */
908PUCHAR
909WINAPI
911{
914}
915
916/*
917 * @implemented
918 */
919DWORD
920WINAPI
922{
923 return (DWORD)RtlLengthSid(pSid);
924}
925
926/*
927 * @implemented
928 */
929BOOL
930WINAPI
932 DWORD dwRevision)
933{
935
936 Status = RtlCreateSecurityDescriptor(pSecurityDescriptor,
937 dwRevision);
938 if (!NT_SUCCESS(Status))
939 {
941 return FALSE;
942 }
943
944 return TRUE;
945}
946
947/*
948 * @implemented
949 */
950BOOL
951WINAPI
952MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
953 PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
954 LPDWORD lpdwAbsoluteSecurityDescriptorSize,
955 PACL pDacl,
956 LPDWORD lpdwDaclSize,
957 PACL pSacl,
958 LPDWORD lpdwSaclSize,
959 PSID pOwner,
960 LPDWORD lpdwOwnerSize,
961 PSID pPrimaryGroup,
962 LPDWORD lpdwPrimaryGroupSize)
963{
965
966 Status = RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
967 pAbsoluteSecurityDescriptor,
968 lpdwAbsoluteSecurityDescriptorSize,
969 pDacl,
970 lpdwDaclSize,
971 pSacl,
972 lpdwSaclSize,
973 pOwner,
974 lpdwOwnerSize,
975 pPrimaryGroup,
976 lpdwPrimaryGroupSize);
977 if (!NT_SUCCESS(Status))
978 {
980 return FALSE;
981 }
982
983 return TRUE;
984}
985
986/******************************************************************************
987 * GetKernelObjectSecurity [ADVAPI32.@]
988 */
991 SECURITY_INFORMATION RequestedInformation,
992 PSECURITY_DESCRIPTOR pSecurityDescriptor,
994 LPDWORD lpnLengthNeeded )
995{
996 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
997 pSecurityDescriptor, nLength, lpnLengthNeeded);
998
999 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
1000 nLength, lpnLengthNeeded ));
1001}
1002
1003/*
1004 * @implemented
1005 */
1006BOOL
1007WINAPI
1009 DWORD nAclLength,
1010 DWORD dwAclRevision)
1011{
1013
1014 Status = RtlCreateAcl(pAcl,
1015 nAclLength,
1016 dwAclRevision);
1017 if (!NT_SUCCESS(Status))
1018 {
1020 return FALSE;
1021 }
1022
1023 return TRUE;
1024}
1025
1027{
1028 IO_STATUS_BLOCK io_block;
1029
1030 TRACE("(%p)\n", hNamedPipe);
1031
1032 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
1033 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
1034}
1035
1036/*
1037 * @implemented
1038 */
1039BOOL
1040WINAPI
1044 PSID pSid)
1045{
1047
1050 AccessMask,
1051 pSid);
1052 if (!NT_SUCCESS(Status))
1053 {
1055 return FALSE;
1056 }
1057
1058 return TRUE;
1059}
1060
1061/*
1062 * @implemented
1063 */
1069 PSID pSid)
1070{
1072
1075 AceFlags,
1076 AccessMask,
1077 pSid);
1078 if (!NT_SUCCESS(Status))
1079 {
1081 return FALSE;
1082 }
1083
1084 return TRUE;
1085}
1086
1087/*
1088 * @implemented
1089 */
1090BOOL
1091WINAPI
1095 PSID pSid)
1096{
1098
1101 AccessMask,
1102 pSid);
1103 if (!NT_SUCCESS(Status))
1104 {
1106 return FALSE;
1107 }
1108
1109 return TRUE;
1110}
1111
1112/*
1113 * @implemented
1114 */
1120 PSID pSid)
1121{
1123
1126 AceFlags,
1127 AccessMask,
1128 pSid);
1129 if (!NT_SUCCESS(Status))
1130 {
1132 return FALSE;
1133 }
1134
1135 return TRUE;
1136}
1137
1138/*
1139 * @implemented
1140 */
1141BOOL
1142WINAPI
1145 DWORD dwStartingAceIndex,
1146 LPVOID pAceList,
1147 DWORD nAceListLength)
1148{
1150
1151 Status = RtlAddAce(pAcl,
1153 dwStartingAceIndex,
1154 pAceList,
1155 nAceListLength);
1156 if (!NT_SUCCESS(Status))
1157 {
1159 return FALSE;
1160 }
1161
1162 return TRUE;
1163}
1164
1165/******************************************************************************
1166 * DeleteAce [ADVAPI32.@]
1167 */
1168BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
1169{
1170 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1171}
1172
1173/*
1174 * @implemented
1175 */
1176BOOL
1177WINAPI
1179 LPVOID *pAce)
1180{
1181 return RtlFirstFreeAce(pAcl,
1182 (PACE*)pAce);
1183}
1184
1185/******************************************************************************
1186 * GetAce [ADVAPI32.@]
1187 */
1188BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1189{
1190 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1191}
1192
1193/******************************************************************************
1194 * GetAclInformation [ADVAPI32.@]
1195 */
1197 PACL pAcl,
1198 LPVOID pAclInformation,
1199 DWORD nAclInformationLength,
1200 ACL_INFORMATION_CLASS dwAclInformationClass)
1201{
1202 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1203 nAclInformationLength, dwAclInformationClass));
1204}
1205
1206/*
1207 * @implemented
1208 */
1209BOOL
1210WINAPI
1212{
1213 return RtlValidAcl (pAcl);
1214}
1215
1216/*
1217 * @implemented
1218 */
1221{
1223
1225 if (!NT_SUCCESS (Status))
1226 {
1228 return FALSE;
1229 }
1230
1231 return TRUE;
1232}
1233
1234/**********************************************************************
1235 * LookupPrivilegeDisplayNameA EXPORTED
1236 *
1237 * @unimplemented
1238 */
1239BOOL
1240WINAPI
1242 LPCSTR lpName,
1246{
1247 UNICODE_STRING lpSystemNameW;
1248 UNICODE_STRING lpNameW;
1249 BOOL ret;
1250 DWORD wLen = 0;
1251
1252 TRACE("%s %s %p %p %p\n", debugstr_a(lpSystemName), debugstr_a(lpName), lpName, cchDisplayName, lpLanguageId);
1253
1254 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1256 ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, NULL, &wLen, lpLanguageId);
1258 {
1259 LPWSTR lpDisplayNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1260
1261 ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, lpDisplayNameW,
1262 &wLen, lpLanguageId);
1263 if (ret)
1264 {
1265 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpDisplayNameW, -1, lpDisplayName,
1267
1268 if (len == 0)
1269 {
1270 /* WideCharToMultiByte failed */
1271 ret = FALSE;
1272 }
1273 else if (len > *cchDisplayName)
1274 {
1277 ret = FALSE;
1278 }
1279 else
1280 {
1281 /* WideCharToMultiByte succeeded, output length needs to be
1282 * length not including NULL terminator
1283 */
1284 *cchDisplayName = len - 1;
1285 }
1286 }
1287 HeapFree(GetProcessHeap(), 0, lpDisplayNameW);
1288 }
1289 RtlFreeUnicodeString(&lpSystemNameW);
1290 RtlFreeUnicodeString(&lpNameW);
1291 return ret;
1292}
1293
1294/**********************************************************************
1295 * LookupPrivilegeNameA EXPORTED
1296 *
1297 * @implemented
1298 */
1299BOOL
1300WINAPI
1302 PLUID lpLuid,
1303 LPSTR lpName,
1305{
1306 UNICODE_STRING lpSystemNameW;
1307 BOOL ret;
1308 DWORD wLen = 0;
1309
1310 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1311
1312 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1313 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1315 {
1316 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1317
1318 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1319 &wLen);
1320 if (ret)
1321 {
1322 /* Windows crashes if cchName is NULL, so will I */
1323 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1324 *cchName, NULL, NULL);
1325
1326 if (len == 0)
1327 {
1328 /* WideCharToMultiByte failed */
1329 ret = FALSE;
1330 }
1331 else if (len > *cchName)
1332 {
1333 *cchName = len;
1335 ret = FALSE;
1336 }
1337 else
1338 {
1339 /* WideCharToMultiByte succeeded, output length needs to be
1340 * length not including NULL terminator
1341 */
1342 *cchName = len - 1;
1343 }
1344 }
1345 HeapFree(GetProcessHeap(), 0, lpNameW);
1346 }
1347 RtlFreeUnicodeString(&lpSystemNameW);
1348 return ret;
1349}
1350
1351/******************************************************************************
1352 * GetFileSecurityA [ADVAPI32.@]
1353 *
1354 * Obtains Specified information about the security of a file or directory.
1355 *
1356 * PARAMS
1357 * lpFileName [I] Name of the file to get info for
1358 * RequestedInformation [I] SE_ flags from "winnt.h"
1359 * pSecurityDescriptor [O] Destination for security information
1360 * nLength [I] Length of pSecurityDescriptor
1361 * lpnLengthNeeded [O] Destination for length of returned security information
1362 *
1363 * RETURNS
1364 * Success: TRUE. pSecurityDescriptor contains the requested information.
1365 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1366 *
1367 * NOTES
1368 * The information returned is constrained by the callers access rights and
1369 * privileges.
1370 *
1371 * @implemented
1372 */
1373BOOL
1374WINAPI
1376 SECURITY_INFORMATION RequestedInformation,
1377 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1378 DWORD nLength,
1379 LPDWORD lpnLengthNeeded)
1380{
1382 BOOL bResult;
1383
1385 {
1387 return FALSE;
1388 }
1389
1390 bResult = GetFileSecurityW(FileName.Buffer,
1391 RequestedInformation,
1392 pSecurityDescriptor,
1393 nLength,
1394 lpnLengthNeeded);
1395
1397
1398 return bResult;
1399}
1400
1401/*
1402 * @implemented
1403 */
1404BOOL
1405WINAPI
1407 SECURITY_INFORMATION RequestedInformation,
1408 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1409 DWORD nLength,
1410 LPDWORD lpnLengthNeeded)
1411{
1413 IO_STATUS_BLOCK StatusBlock;
1415 ULONG AccessMask = 0;
1418
1419 TRACE("GetFileSecurityW() called\n");
1420
1421 QuerySecurityAccessMask(RequestedInformation, &AccessMask);
1422
1424 &FileName,
1425 NULL,
1426 NULL))
1427 {
1428 ERR("Invalid path\n");
1430 return FALSE;
1431 }
1432
1434 &FileName,
1436 NULL,
1437 NULL);
1438
1440 AccessMask,
1442 &StatusBlock,
1444 0);
1445
1446 RtlFreeHeap(RtlGetProcessHeap(),
1447 0,
1448 FileName.Buffer);
1449
1450 if (!NT_SUCCESS(Status))
1451 {
1452 ERR("NtOpenFile() failed (Status %lx)\n", Status);
1454 return FALSE;
1455 }
1456
1458 RequestedInformation,
1459 pSecurityDescriptor,
1460 nLength,
1461 lpnLengthNeeded);
1463 if (!NT_SUCCESS(Status))
1464 {
1465 ERR("NtQuerySecurityObject() failed (Status %lx)\n", Status);
1467 return FALSE;
1468 }
1469
1470 return TRUE;
1471}
1472
1473/******************************************************************************
1474 * SetFileSecurityA [ADVAPI32.@]
1475 * Sets the security of a file or directory
1476 *
1477 * @implemented
1478 */
1479BOOL
1480WINAPI
1483 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1484{
1486 BOOL bResult;
1487
1489 {
1491 return FALSE;
1492 }
1493
1494 bResult = SetFileSecurityW(FileName.Buffer,
1496 pSecurityDescriptor);
1497
1499
1500 return bResult;
1501}
1502
1503/******************************************************************************
1504 * SetFileSecurityW [ADVAPI32.@]
1505 * Sets the security of a file or directory
1506 *
1507 * @implemented
1508 */
1509BOOL
1510WINAPI
1513 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1514{
1516 IO_STATUS_BLOCK StatusBlock;
1518 ULONG AccessMask = 0;
1521
1522 TRACE("SetFileSecurityW() called\n");
1523
1525
1527 &FileName,
1528 NULL,
1529 NULL))
1530 {
1531 ERR("Invalid path\n");
1533 return FALSE;
1534 }
1535
1537 &FileName,
1539 NULL,
1540 NULL);
1541
1543 AccessMask,
1545 &StatusBlock,
1547 0);
1548
1549 RtlFreeHeap(RtlGetProcessHeap(),
1550 0,
1551 FileName.Buffer);
1552
1553 if (!NT_SUCCESS(Status))
1554 {
1555 ERR("NtOpenFile() failed (Status %lx)\n", Status);
1557 return FALSE;
1558 }
1559
1562 pSecurityDescriptor);
1564
1565 if (!NT_SUCCESS(Status))
1566 {
1567 ERR("NtSetSecurityObject() failed (Status %lx)\n", Status);
1569 return FALSE;
1570 }
1571
1572 return TRUE;
1573}
1574
1575/******************************************************************************
1576 * QueryWindows31FilesMigration [ADVAPI32.@]
1577 *
1578 * PARAMS
1579 * x1 []
1580 */
1583{
1584 FIXME("(%d):stub\n",x1);
1585 return TRUE;
1586}
1587
1588/******************************************************************************
1589 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1590 *
1591 * PARAMS
1592 * x1 []
1593 * x2 []
1594 * x3 []
1595 * x4 []
1596 */
1599 DWORD x4 )
1600{
1601 FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
1602 return TRUE;
1603}
1604
1605/*
1606 * @implemented
1607 */
1608BOOL
1609WINAPI
1611{
1613 HANDLE Token = NULL;
1614
1617 &Token,
1618 sizeof(HANDLE));
1619 if (!NT_SUCCESS(Status))
1620 {
1622 return FALSE;
1623 }
1624
1625 return TRUE;
1626}
1627
1628/*
1629 * @implemented
1630 */
1631BOOL
1632WINAPI
1634{
1636
1638 if (!NT_SUCCESS(Status))
1639 {
1641 return FALSE;
1642 }
1643
1644 return TRUE;
1645}
1646
1647/*
1648 * @implemented
1649 */
1650BOOL
1651WINAPI
1653 IN HANDLE ClientToken,
1656 OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL,
1657 IN OUT LPDWORD PrivilegeSetLength,
1660{
1662 NTSTATUS NtAccessStatus;
1663
1664 /* Do the access check */
1665 Status = NtAccessCheck(pSecurityDescriptor,
1666 ClientToken,
1669 PrivilegeSet,
1670 (PULONG)PrivilegeSetLength,
1672 &NtAccessStatus);
1673
1674 /* See if the access check operation succeeded */
1675 if (!NT_SUCCESS(Status))
1676 {
1677 /* Check failed */
1679 return FALSE;
1680 }
1681
1682 /* Now check the access status */
1683 if (!NT_SUCCESS(NtAccessStatus))
1684 {
1685 /* Access denied */
1686 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1688 }
1689 else
1690 {
1691 /* Access granted */
1692 *AccessStatus = TRUE;
1693 }
1694
1695 /* Check succeeded */
1696 return TRUE;
1697}
1698
1699/*
1700 * @unimplemented
1701 */
1703 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1704 PSID PrincipalSelfSid,
1705 HANDLE ClientToken,
1707 POBJECT_TYPE_LIST ObjectTypeList,
1708 DWORD ObjectTypeListLength,
1710 PPRIVILEGE_SET PrivilegeSet,
1711 LPDWORD PrivilegeSetLength,
1714{
1715 FIXME("stub\n");
1716
1717 *AccessStatus = TRUE;
1718
1719 return !*AccessStatus;
1720}
1721
1722/*
1723 * @implemented
1724 */
1725BOOL
1726WINAPI
1730{
1732
1736 if (!NT_SUCCESS(Status))
1737 {
1739 return FALSE;
1740 }
1741
1742 return TRUE;
1743}
1744
1745/*
1746 * @implemented
1747 */
1748BOOL
1749WINAPI
1752 DWORD dwAccessMask,
1753 PSID pSid,
1754 BOOL bAuditSuccess,
1755 BOOL bAuditFailure)
1756{
1758
1761 dwAccessMask,
1762 pSid,
1763 bAuditSuccess,
1764 bAuditFailure);
1765 if (!NT_SUCCESS(Status))
1766 {
1768 return FALSE;
1769 }
1770
1771 return TRUE;
1772}
1773
1774/*
1775 * @implemented
1776 */
1781 DWORD dwAccessMask,
1782 PSID pSid,
1783 BOOL bAuditSuccess,
1784 BOOL bAuditFailure)
1785{
1787
1790 AceFlags,
1791 dwAccessMask,
1792 pSid,
1793 bAuditSuccess,
1794 bAuditFailure);
1795 if (!NT_SUCCESS(Status))
1796 {
1798 return FALSE;
1799 }
1800
1801 return TRUE;
1802}
1803
1804/******************************************************************************
1805 * LookupAccountNameA [ADVAPI32.@]
1806 *
1807 * @implemented
1808 */
1809BOOL
1810WINAPI
1812 LPCSTR AccountName,
1813 PSID Sid,
1814 LPDWORD SidLength,
1816 LPDWORD hReferencedDomainNameLength,
1817 PSID_NAME_USE SidNameUse)
1818{
1819 BOOL ret;
1820 UNICODE_STRING lpSystemW;
1821 UNICODE_STRING lpAccountW;
1822 LPWSTR lpReferencedDomainNameW = NULL;
1823
1824 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, SystemName);
1825 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, AccountName);
1826
1828 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(),
1829 0,
1830 *hReferencedDomainNameLength * sizeof(WCHAR));
1831
1832 ret = LookupAccountNameW(lpSystemW.Buffer,
1833 lpAccountW.Buffer,
1834 Sid,
1835 SidLength,
1836 lpReferencedDomainNameW,
1837 hReferencedDomainNameLength,
1838 SidNameUse);
1839
1840 if (ret && lpReferencedDomainNameW)
1841 {
1843 0,
1844 lpReferencedDomainNameW,
1845 *hReferencedDomainNameLength + 1,
1847 *hReferencedDomainNameLength + 1,
1848 NULL,
1849 NULL);
1850 }
1851
1852 RtlFreeUnicodeString(&lpSystemW);
1853 RtlFreeUnicodeString(&lpAccountW);
1854 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
1855
1856 return ret;
1857}
1858
1859/**********************************************************************
1860 * PrivilegeCheck EXPORTED
1861 *
1862 * @implemented
1863 */
1866 PPRIVILEGE_SET RequiredPrivileges,
1867 LPBOOL pfResult)
1868{
1871
1872 Status = NtPrivilegeCheck(ClientToken,
1873 RequiredPrivileges,
1874 &Result);
1875 if (!NT_SUCCESS(Status))
1876 {
1878 return FALSE;
1879 }
1880
1881 *pfResult = (BOOL)Result;
1882
1883 return TRUE;
1884}
1885
1886/******************************************************************************
1887 * GetSecurityInfoExW EXPORTED
1888 */
1889DWORD
1890WINAPI
1893 SECURITY_INFORMATION SecurityInfo,
1894 LPCSTR lpProvider,
1895 LPCSTR lpProperty,
1896 PACTRL_ACCESSA *ppAccessList,
1897 PACTRL_AUDITA *ppAuditList,
1898 LPSTR *lppOwner,
1899 LPSTR *lppGroup)
1900{
1901 FIXME("%s() not implemented!\n", __FUNCTION__);
1902 return ERROR_BAD_PROVIDER;
1903}
1904
1905
1906/******************************************************************************
1907 * GetSecurityInfoExW EXPORTED
1908 */
1909DWORD
1910WINAPI
1913 SECURITY_INFORMATION SecurityInfo,
1914 LPCWSTR lpProvider,
1915 LPCWSTR lpProperty,
1916 PACTRL_ACCESSW *ppAccessList,
1917 PACTRL_AUDITW *ppAuditList,
1918 LPWSTR *lppOwner,
1919 LPWSTR *lppGroup)
1920{
1921 FIXME("%s() not implemented!\n", __FUNCTION__);
1922 return ERROR_BAD_PROVIDER;
1923}
1924
1925/******************************************************************************
1926 * BuildExplicitAccessWithNameA [ADVAPI32.@]
1927 */
1930 LPSTR pTrusteeName,
1931 DWORD AccessPermissions,
1933 DWORD Inheritance)
1934{
1935 pExplicitAccess->grfAccessPermissions = AccessPermissions;
1936 pExplicitAccess->grfAccessMode = AccessMode;
1937 pExplicitAccess->grfInheritance = Inheritance;
1938
1939 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
1941 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
1942 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
1943 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
1944}
1945
1946
1947/******************************************************************************
1948 * BuildExplicitAccessWithNameW [ADVAPI32.@]
1949 */
1952 LPWSTR pTrusteeName,
1953 DWORD AccessPermissions,
1955 DWORD Inheritance)
1956{
1957 pExplicitAccess->grfAccessPermissions = AccessPermissions;
1958 pExplicitAccess->grfAccessMode = AccessMode;
1959 pExplicitAccess->grfInheritance = Inheritance;
1960
1961 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
1963 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
1964 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
1965 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
1966}
1967
1968/******************************************************************************
1969 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
1970 */
1974{
1975 DWORD ObjectsPresent = 0;
1976
1977 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
1979
1980 /* Fill the OBJECTS_AND_NAME structure */
1982 if (ObjectTypeName != NULL)
1983 {
1984 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1985 }
1986
1989 {
1990 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1991 }
1992
1993 pObjName->ObjectsPresent = ObjectsPresent;
1995
1996 /* Fill the TRUSTEE structure */
1997 pTrustee->pMultipleTrustee = NULL;
2000 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2001 pTrustee->ptstrName = (LPSTR)pObjName;
2002}
2003
2004/******************************************************************************
2005 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
2006 */
2010{
2011 DWORD ObjectsPresent = 0;
2012
2013 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2015
2016 /* Fill the OBJECTS_AND_NAME structure */
2018 if (ObjectTypeName != NULL)
2019 {
2020 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2021 }
2022
2025 {
2026 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2027 }
2028
2029 pObjName->ObjectsPresent = ObjectsPresent;
2031
2032 /* Fill the TRUSTEE structure */
2033 pTrustee->pMultipleTrustee = NULL;
2036 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2037 pTrustee->ptstrName = (LPWSTR)pObjName;
2038}
2039
2040/******************************************************************************
2041 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
2042 */
2048 PSID pSid)
2049{
2050 DWORD ObjectsPresent = 0;
2051
2052 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2053
2054 /* Fill the OBJECTS_AND_SID structure */
2055 if (pObjectGuid != NULL)
2056 {
2058 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2059 }
2060 else
2061 {
2063 sizeof(GUID));
2064 }
2065
2067 {
2069 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2070 }
2071 else
2072 {
2074 sizeof(GUID));
2075 }
2076
2077 pObjSid->ObjectsPresent = ObjectsPresent;
2078 pObjSid->pSid = pSid;
2079
2080 /* Fill the TRUSTEE structure */
2081 pTrustee->pMultipleTrustee = NULL;
2084 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2085 pTrustee->ptstrName = (LPSTR) pObjSid;
2086}
2087
2088
2089/******************************************************************************
2090 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
2091 */
2097 PSID pSid)
2098{
2099 DWORD ObjectsPresent = 0;
2100
2101 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2102
2103 /* Fill the OBJECTS_AND_SID structure */
2104 if (pObjectGuid != NULL)
2105 {
2107 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
2108 }
2109 else
2110 {
2112 sizeof(GUID));
2113 }
2114
2116 {
2118 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
2119 }
2120 else
2121 {
2123 sizeof(GUID));
2124 }
2125
2126 pObjSid->ObjectsPresent = ObjectsPresent;
2127 pObjSid->pSid = pSid;
2128
2129 /* Fill the TRUSTEE structure */
2130 pTrustee->pMultipleTrustee = NULL;
2133 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2134 pTrustee->ptstrName = (LPWSTR) pObjSid;
2135}
2136
2137/******************************************************************************
2138 * BuildTrusteeWithSidA [ADVAPI32.@]
2139 */
2142 PSID pSid)
2143{
2144 TRACE("%p %p\n", pTrustee, pSid);
2145
2146 pTrustee->pMultipleTrustee = NULL;
2148 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2149 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2150 pTrustee->ptstrName = (LPSTR) pSid;
2151}
2152
2153
2154/******************************************************************************
2155 * BuildTrusteeWithSidW [ADVAPI32.@]
2156 */
2159 PSID pSid)
2160{
2161 TRACE("%p %p\n", pTrustee, pSid);
2162
2163 pTrustee->pMultipleTrustee = NULL;
2165 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2166 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2167 pTrustee->ptstrName = (LPWSTR) pSid;
2168}
2169
2170/******************************************************************************
2171 * BuildTrusteeWithNameA [ADVAPI32.@]
2172 */
2175 LPSTR name)
2176{
2177 TRACE("%p %s\n", pTrustee, name);
2178
2179 pTrustee->pMultipleTrustee = NULL;
2181 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2182 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2183 pTrustee->ptstrName = name;
2184}
2185
2186/******************************************************************************
2187 * BuildTrusteeWithNameW [ADVAPI32.@]
2188 */
2191 LPWSTR name)
2192{
2193 TRACE("%p %s\n", pTrustee, name);
2194
2195 pTrustee->pMultipleTrustee = NULL;
2197 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2198 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2199 pTrustee->ptstrName = name;
2200}
2201
2202/******************************************************************************
2203 * GetTrusteeFormA [ADVAPI32.@]
2204 */
2206{
2207 TRACE("(%p)\n", pTrustee);
2208
2209 if (!pTrustee)
2210 return TRUSTEE_BAD_FORM;
2211
2212 return pTrustee->TrusteeForm;
2213}
2214
2215/******************************************************************************
2216 * GetTrusteeFormW [ADVAPI32.@]
2217 */
2219{
2220 TRACE("(%p)\n", pTrustee);
2221
2222 if (!pTrustee)
2223 return TRUSTEE_BAD_FORM;
2224
2225 return pTrustee->TrusteeForm;
2226}
2227
2228/******************************************************************************
2229 * GetTrusteeNameA [ADVAPI32.@]
2230 */
2233{
2234 return pTrustee->ptstrName;
2235}
2236
2237
2238/******************************************************************************
2239 * GetTrusteeNameW [ADVAPI32.@]
2240 */
2243{
2244 return pTrustee->ptstrName;
2245}
2246
2247/******************************************************************************
2248 * GetTrusteeTypeA [ADVAPI32.@]
2249 */
2252{
2253 return pTrustee->TrusteeType;
2254}
2255
2256/******************************************************************************
2257 * GetTrusteeTypeW [ADVAPI32.@]
2258 */
2261{
2262 return pTrustee->TrusteeType;
2263}
2264
2265/*
2266 * @implemented
2267 */
2268BOOL
2269WINAPI
2271 LPVOID pAclInformation,
2272 DWORD nAclInformationLength,
2273 ACL_INFORMATION_CLASS dwAclInformationClass)
2274{
2276
2278 pAclInformation,
2279 nAclInformationLength,
2280 dwAclInformationClass);
2281 if (!NT_SUCCESS(Status))
2282 {
2284 return FALSE;
2285 }
2286
2287 return TRUE;
2288}
2289
2290/**********************************************************************
2291 * SetNamedSecurityInfoA EXPORTED
2292 *
2293 * @implemented
2294 */
2295DWORD
2296WINAPI
2299 SECURITY_INFORMATION SecurityInfo,
2300 PSID psidOwner,
2301 PSID psidGroup,
2302 PACL pDacl,
2303 PACL pSacl)
2304{
2306 DWORD Ret;
2307
2308 if (!RtlCreateUnicodeStringFromAsciiz(&ObjectName, pObjectName))
2309 {
2311 }
2312
2313 Ret = SetNamedSecurityInfoW(ObjectName.Buffer,
2314 ObjectType,
2315 SecurityInfo,
2316 psidOwner,
2317 psidGroup,
2318 pDacl,
2319 pSacl);
2320
2322
2323 return Ret;
2324}
2325
2326/*
2327 * @implemented
2328 */
2329BOOL
2330WINAPI
2333{
2336}
2337
2338/*
2339 * @implemented
2340 */
2341BOOL
2342WINAPI
2345{
2348}
2349
2350/******************************************************************************
2351 * ParseAclStringFlags
2352 */
2354{
2355 DWORD flags = 0;
2356 LPCWSTR szAcl = *StringAcl;
2357
2358 while (*szAcl && *szAcl != '(')
2359 {
2360 if (*szAcl == 'P')
2361 {
2363 }
2364 else if (*szAcl == 'A')
2365 {
2366 szAcl++;
2367 if (*szAcl == 'R')
2369 else if (*szAcl == 'I')
2371 }
2372 szAcl++;
2373 }
2374
2375 *StringAcl = szAcl;
2376 return flags;
2377}
2378
2379/******************************************************************************
2380 * ParseAceStringType
2381 */
2382static const ACEFLAG AceType[] =
2383{
2389 /*
2390 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
2391 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
2392 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
2393 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
2394 */
2395 { NULL, 0 },
2396};
2397
2399{
2400 UINT len = 0;
2401 LPCWSTR szAcl = *StringAcl;
2402 const ACEFLAG *lpaf = AceType;
2403
2404 while (*szAcl == ' ')
2405 szAcl++;
2406
2407 while (lpaf->wstr &&
2408 (len = strlenW(lpaf->wstr)) &&
2409 strncmpW(lpaf->wstr, szAcl, len))
2410 lpaf++;
2411
2412 if (!lpaf->wstr)
2413 return 0;
2414
2415 *StringAcl = szAcl + len;
2416 return lpaf->value;
2417}
2418
2419
2420/******************************************************************************
2421 * ParseAceStringFlags
2422 */
2423static const ACEFLAG AceFlags[] =
2424{
2432 { NULL, 0 },
2433};
2434
2436{
2437 UINT len = 0;
2438 BYTE flags = 0;
2439 LPCWSTR szAcl = *StringAcl;
2440
2441 while (*szAcl == ' ')
2442 szAcl++;
2443
2444 while (*szAcl != ';')
2445 {
2446 const ACEFLAG *lpaf = AceFlags;
2447
2448 while (lpaf->wstr &&
2449 (len = strlenW(lpaf->wstr)) &&
2450 strncmpW(lpaf->wstr, szAcl, len))
2451 lpaf++;
2452
2453 if (!lpaf->wstr)
2454 return 0;
2455
2456 flags |= lpaf->value;
2457 szAcl += len;
2458 }
2459
2460 *StringAcl = szAcl;
2461 return flags;
2462}
2463
2464
2465/******************************************************************************
2466 * ParseAceStringRights
2467 */
2468static const ACEFLAG AceRights[] =
2469{
2474
2479
2489
2494
2499
2503 { NULL, 0 },
2504};
2505
2507{
2508 UINT len = 0;
2509 DWORD rights = 0;
2510 LPCWSTR szAcl = *StringAcl;
2511
2512 while (*szAcl == ' ')
2513 szAcl++;
2514
2515 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2516 {
2517 LPCWSTR p = szAcl;
2518
2519 while (*p && *p != ';')
2520 p++;
2521
2522 if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
2523 {
2524 rights = strtoulW(szAcl, NULL, 16);
2525 szAcl = p;
2526 }
2527 else
2528 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2529 }
2530 else
2531 {
2532 while (*szAcl != ';')
2533 {
2534 const ACEFLAG *lpaf = AceRights;
2535
2536 while (lpaf->wstr &&
2537 (len = strlenW(lpaf->wstr)) &&
2538 strncmpW(lpaf->wstr, szAcl, len))
2539 {
2540 lpaf++;
2541 }
2542
2543 if (!lpaf->wstr)
2544 return 0;
2545
2546 rights |= lpaf->value;
2547 szAcl += len;
2548 }
2549 }
2550
2551 *StringAcl = szAcl;
2552 return rights;
2553}
2554
2555
2556/******************************************************************************
2557 * ParseStringAclToAcl
2558 *
2559 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
2560 */
2561static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
2562 PACL pAcl, LPDWORD cBytes)
2563{
2564 DWORD val;
2565 DWORD sidlen;
2566 DWORD length = sizeof(ACL);
2567 DWORD acesize = 0;
2568 DWORD acecount = 0;
2569 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
2571
2572 TRACE("%s\n", debugstr_w(StringAcl));
2573
2574 if (!StringAcl)
2575 return FALSE;
2576
2577 if (pAcl) /* pAce is only useful if we're setting values */
2578 pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);
2579
2580 /* Parse ACL flags */
2581 *lpdwFlags = ParseAclStringFlags(&StringAcl);
2582
2583 /* Parse ACE */
2584 while (*StringAcl == '(')
2585 {
2586 StringAcl++;
2587
2588 /* Parse ACE type */
2589 val = ParseAceStringType(&StringAcl);
2590 if (pAce)
2591 pAce->Header.AceType = (BYTE) val;
2592 if (*StringAcl != ';')
2593 {
2595 goto lerr;
2596 }
2597 StringAcl++;
2598
2599 /* Parse ACE flags */
2600 val = ParseAceStringFlags(&StringAcl);
2601 if (pAce)
2602 pAce->Header.AceFlags = (BYTE) val;
2603 if (*StringAcl != ';')
2604 goto lerr;
2605 StringAcl++;
2606
2607 /* Parse ACE rights */
2608 val = ParseAceStringRights(&StringAcl);
2609 if (pAce)
2610 pAce->Mask = val;
2611 if (*StringAcl != ';')
2612 goto lerr;
2613 StringAcl++;
2614
2615 /* Parse ACE object guid */
2616 while (*StringAcl == ' ')
2617 StringAcl++;
2618 if (*StringAcl != ';')
2619 {
2620 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2621 goto lerr;
2622 }
2623 StringAcl++;
2624
2625 /* Parse ACE inherit object guid */
2626 while (*StringAcl == ' ')
2627 StringAcl++;
2628 if (*StringAcl != ';')
2629 {
2630 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2631 goto lerr;
2632 }
2633 StringAcl++;
2634
2635 /* Parse ACE account sid */
2636 if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen))
2637 {
2638 while (*StringAcl && *StringAcl != ')')
2639 StringAcl++;
2640 }
2641
2642 if (*StringAcl != ')')
2643 goto lerr;
2644 StringAcl++;
2645
2646 acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
2647 length += acesize;
2648 if (pAce)
2649 {
2650 pAce->Header.AceSize = acesize;
2651 pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize);
2652 }
2653 acecount++;
2654 }
2655
2656 *cBytes = length;
2657
2658 if (length > 0xffff)
2659 {
2660 ERR("ACL too large\n");
2661 goto lerr;
2662 }
2663
2664 if (pAcl)
2665 {
2666 pAcl->AclRevision = ACL_REVISION;
2667 pAcl->Sbz1 = 0;
2668 pAcl->AclSize = length;
2669 pAcl->AceCount = acecount;
2670 pAcl->Sbz2 = 0;
2671 }
2672 return TRUE;
2673
2674lerr:
2676 WARN("Invalid ACE string format\n");
2677 return FALSE;
2678}
2679
2680/******************************************************************************
2681 * ParseStringSecurityDescriptorToSecurityDescriptor
2682 */
2684 LPCWSTR StringSecurityDescriptor,
2686 LPDWORD cBytes)
2687{
2688 BOOL bret = FALSE;
2689 WCHAR toktype;
2690 WCHAR *tok;
2691 LPCWSTR lptoken;
2692 LPBYTE lpNext = NULL;
2693 DWORD len;
2694
2695 *cBytes = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
2696
2697 tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
2698
2700 lpNext = (LPBYTE)(SecurityDescriptor + 1);
2701
2702 while (*StringSecurityDescriptor == ' ')
2703 StringSecurityDescriptor++;
2704
2705 while (*StringSecurityDescriptor)
2706 {
2707 toktype = *StringSecurityDescriptor;
2708
2709 /* Expect char identifier followed by ':' */
2710 StringSecurityDescriptor++;
2711 if (*StringSecurityDescriptor != ':')
2712 {
2714 goto lend;
2715 }
2716 StringSecurityDescriptor++;
2717
2718 /* Extract token */
2719 lptoken = StringSecurityDescriptor;
2720 while (*lptoken && *lptoken != ':')
2721 lptoken++;
2722
2723 if (*lptoken)
2724 lptoken--;
2725
2726 len = lptoken - StringSecurityDescriptor;
2727 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
2728 tok[len] = 0;
2729
2730 switch (toktype)
2731 {
2732 case 'O':
2733 {
2734 DWORD bytes;
2735
2736 if (!ParseStringSidToSid(tok, lpNext, &bytes))
2737 goto lend;
2738
2740 {
2741 SecurityDescriptor->Owner = lpNext - (LPBYTE)SecurityDescriptor;
2742 lpNext += bytes; /* Advance to next token */
2743 }
2744
2745 *cBytes += bytes;
2746
2747 break;
2748 }
2749
2750 case 'G':
2751 {
2752 DWORD bytes;
2753
2754 if (!ParseStringSidToSid(tok, lpNext, &bytes))
2755 goto lend;
2756
2758 {
2759 SecurityDescriptor->Group = lpNext - (LPBYTE)SecurityDescriptor;
2760 lpNext += bytes; /* Advance to next token */
2761 }
2762
2763 *cBytes += bytes;
2764
2765 break;
2766 }
2767
2768 case 'D':
2769 {
2770 DWORD flags;
2771 DWORD bytes;
2772
2773 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2774 goto lend;
2775
2777 {
2780 lpNext += bytes; /* Advance to next token */
2781 }
2782
2783 *cBytes += bytes;
2784
2785 break;
2786 }
2787
2788 case 'S':
2789 {
2790 DWORD flags;
2791 DWORD bytes;
2792
2793 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2794 goto lend;
2795
2797 {
2800 lpNext += bytes; /* Advance to next token */
2801 }
2802
2803 *cBytes += bytes;
2804
2805 break;
2806 }
2807
2808 default:
2809 FIXME("Unknown token\n");
2811 goto lend;
2812 }
2813
2814 StringSecurityDescriptor = lptoken;
2815 }
2816
2817 bret = TRUE;
2818
2819lend:
2820 heap_free(tok);
2821 return bret;
2822}
2823
2824/* Winehq cvs 20050916 */
2825/******************************************************************************
2826 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
2827 * @implemented
2828 */
2829BOOL
2830WINAPI
2832 DWORD StringSDRevision,
2834 PULONG SecurityDescriptorSize)
2835{
2836 UINT len;
2837 BOOL ret = FALSE;
2838 LPWSTR StringSecurityDescriptorW;
2839
2840 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
2841 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
2842
2843 if (StringSecurityDescriptorW)
2844 {
2845 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
2846
2848 StringSDRevision, SecurityDescriptor,
2849 SecurityDescriptorSize);
2850 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
2851 }
2852
2853 return ret;
2854}
2855
2856/******************************************************************************
2857 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2858 * @implemented
2859 */
2862 DWORD StringSDRevision,
2864 PULONG SecurityDescriptorSize)
2865{
2866 DWORD cBytes;
2868 BOOL bret = FALSE;
2869
2870 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2871
2872 if (GetVersion() & 0x80000000)
2873 {
2875 goto lend;
2876 }
2877 else if (!StringSecurityDescriptor || !SecurityDescriptor)
2878 {
2880 goto lend;
2881 }
2882 else if (StringSDRevision != SID_REVISION)
2883 {
2885 goto lend;
2886 }
2887
2888 /* Compute security descriptor length */
2889 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2890 NULL, &cBytes))
2891 goto lend;
2892
2894 if (!psd) goto lend;
2895
2896 psd->Revision = SID_REVISION;
2897 psd->Control |= SE_SELF_RELATIVE;
2898
2899 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2900 (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
2901 {
2902 LocalFree(psd);
2903 goto lend;
2904 }
2905
2906 if (SecurityDescriptorSize)
2907 *SecurityDescriptorSize = cBytes;
2908
2909 bret = TRUE;
2910
2911lend:
2912 TRACE(" ret=%d\n", bret);
2913 return bret;
2914}
2915
2916static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
2917{
2918 if (cch == -1)
2919 cch = strlenW(string);
2920
2921 if (plen)
2922 *plen += cch;
2923
2924 if (pwptr)
2925 {
2926 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
2927 *pwptr += cch;
2928 }
2929}
2930
2931static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
2932{
2933 DWORD i;
2934 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
2935 WCHAR subauthfmt[] = { '-','%','u',0 };
2936 WCHAR buf[26];
2937 SID *pisid = psid;
2938
2939 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
2940 {
2942 return FALSE;
2943 }
2944
2945 if (pisid->IdentifierAuthority.Value[0] ||
2946 pisid->IdentifierAuthority.Value[1])
2947 {
2948 FIXME("not matching MS' bugs\n");
2950 return FALSE;
2951 }
2952
2953 sprintfW( buf, fmt, pisid->Revision,
2954 MAKELONG(
2956 pisid->IdentifierAuthority.Value[4] ),
2958 pisid->IdentifierAuthority.Value[2] )
2959 ) );
2960 DumpString(buf, -1, pwptr, plen);
2961
2962 for( i=0; i<pisid->SubAuthorityCount; i++ )
2963 {
2964 sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
2965 DumpString(buf, -1, pwptr, plen);
2966 }
2967 return TRUE;
2968}
2969
2970static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
2971{
2972 size_t i;
2973 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
2974 {
2975 if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
2976 {
2977 DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
2978 return TRUE;
2979 }
2980 }
2981
2982 return DumpSidNumeric(psid, pwptr, plen);
2983}
2984
2985static const LPCWSTR AceRightBitNames[32] = {
2986 SDDL_CREATE_CHILD, /* 0 */
2990 SDDL_READ_PROPERTY, /* 4 */
2994 SDDL_CONTROL_ACCESS, /* 8 */
2995 NULL,
2996 NULL,
2997 NULL,
2998 NULL, /* 12 */
2999 NULL,
3000 NULL,
3001 NULL,
3002 SDDL_STANDARD_DELETE, /* 16 */
3006 NULL, /* 20 */
3007 NULL,
3008 NULL,
3009 NULL,
3010 NULL, /* 24 */
3011 NULL,
3012 NULL,
3013 NULL,
3014 SDDL_GENERIC_ALL, /* 28 */
3018};
3019
3020static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
3021{
3022 static const WCHAR fmtW[] = {'0','x','%','x',0};
3023 WCHAR buf[15];
3024 size_t i;
3025
3026 if (mask == 0)
3027 return;
3028
3029 /* first check if the right have name */
3030 for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
3031 {
3032 if (AceRights[i].wstr == NULL)
3033 break;
3034 if (mask == AceRights[i].value)
3035 {
3036 DumpString(AceRights[i].wstr, -1, pwptr, plen);
3037 return;
3038 }
3039 }
3040
3041 /* then check if it can be built from bit names */
3042 for (i = 0; i < 32; i++)
3043 {
3044 if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
3045 {
3046 /* can't be built from bit names */
3047 sprintfW(buf, fmtW, mask);
3048 DumpString(buf, -1, pwptr, plen);
3049 return;
3050 }
3051 }
3052
3053 /* build from bit names */
3054 for (i = 0; i < 32; i++)
3055 if (mask & (1 << i))
3056 DumpString(AceRightBitNames[i], -1, pwptr, plen);
3057}
3058
3059static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
3060{
3061 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
3062 static const WCHAR openbr = '(';
3063 static const WCHAR closebr = ')';
3064 static const WCHAR semicolon = ';';
3065
3066 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
3067 {
3069 return FALSE;
3070 }
3071
3072 piace = pace;
3073 DumpString(&openbr, 1, pwptr, plen);
3074 switch (piace->Header.AceType)
3075 {
3077 DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
3078 break;
3080 DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
3081 break;
3083 DumpString(SDDL_AUDIT, -1, pwptr, plen);
3084 break;
3086 DumpString(SDDL_ALARM, -1, pwptr, plen);
3087 break;
3088 }
3089 DumpString(&semicolon, 1, pwptr, plen);
3090
3091 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
3092 DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
3094 DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
3096 DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
3097 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
3098 DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
3099 if (piace->Header.AceFlags & INHERITED_ACE)
3100 DumpString(SDDL_INHERITED, -1, pwptr, plen);
3102 DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
3104 DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
3105 DumpString(&semicolon, 1, pwptr, plen);
3106 DumpRights(piace->Mask, pwptr, plen);
3107 DumpString(&semicolon, 1, pwptr, plen);
3108 /* objects not supported */
3109 DumpString(&semicolon, 1, pwptr, plen);
3110 /* objects not supported */
3111 DumpString(&semicolon, 1, pwptr, plen);
3112 if (!DumpSid((PSID)&piace->SidStart, pwptr, plen))
3113 return FALSE;
3114 DumpString(&closebr, 1, pwptr, plen);
3115 return TRUE;
3116}
3117
3118static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
3119{
3120 WORD count;
3121 int i;
3122
3123 if (protected)
3124 DumpString(SDDL_PROTECTED, -1, pwptr, plen);
3125 if (autoInheritReq)
3126 DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
3127 if (autoInherited)
3128 DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
3129
3130 if (pacl == NULL)
3131 return TRUE;
3132
3133 if (!IsValidAcl(pacl))
3134 return FALSE;
3135
3136 count = pacl->AceCount;
3137 for (i = 0; i < count; i++)
3138 {
3139 LPVOID ace;
3140 if (!GetAce(pacl, i, &ace))
3141 return FALSE;
3142 if (!DumpAce(ace, pwptr, plen))
3143 return FALSE;
3144 }
3145
3146 return TRUE;
3147}
3148
3150{
3151 static const WCHAR prefix[] = {'O',':',0};
3152 BOOL bDefaulted;
3153 PSID psid;
3154
3155 if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
3156 return FALSE;
3157
3158 if (psid == NULL)
3159 return TRUE;
3160
3161 DumpString(prefix, -1, pwptr, plen);
3162 if (!DumpSid(psid, pwptr, plen))
3163 return FALSE;
3164 return TRUE;
3165}
3166
3168{
3169 static const WCHAR prefix[] = {'G',':',0};
3170 BOOL bDefaulted;
3171 PSID psid;
3172
3173 if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
3174 return FALSE;
3175
3176 if (psid == NULL)
3177 return TRUE;
3178
3179 DumpString(prefix, -1, pwptr, plen);
3180 if (!DumpSid(psid, pwptr, plen))
3181 return FALSE;
3182 return TRUE;
3183}
3184
3186{
3187 static const WCHAR dacl[] = {'D',':',0};
3189 BOOL present, defaulted;
3190 DWORD revision;
3191 PACL pacl;
3192
3193 if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
3194 return FALSE;
3195
3196 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3197 return FALSE;
3198
3199 if (!present)
3200 return TRUE;
3201
3202 DumpString(dacl, 2, pwptr, plen);
3203 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
3204 return FALSE;
3205 return TRUE;
3206}
3207
3209{
3210 static const WCHAR sacl[] = {'S',':',0};
3212 BOOL present, defaulted;
3213 DWORD revision;
3214 PACL pacl;
3215
3216 if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
3217 return FALSE;
3218
3219 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3220 return FALSE;
3221
3222 if (!present)
3223 return TRUE;
3224
3225 DumpString(sacl, 2, pwptr, plen);
3226 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
3227 return FALSE;
3228 return TRUE;
3229}
3230
3231/******************************************************************************
3232 * ConvertSecurityDescriptorToStringSecurityDescriptorW [ADVAPI32.@]
3233 */
3235{
3236 ULONG len;
3237 WCHAR *wptr, *wstr;
3238
3239 if (SDRevision != SDDL_REVISION_1)
3240 {
3241 ERR("Program requested unknown SDDL revision %d\n", SDRevision);
3243 return FALSE;
3244 }
3245
3246 len = 0;
3247 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3249 return FALSE;
3250 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3252 return FALSE;
3253 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3255 return FALSE;
3256 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3258 return FALSE;
3259
3260 wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
3261#ifdef __REACTOS__
3262 if (wstr == NULL)
3263 return FALSE;
3264#endif
3265
3266 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3267 if (!DumpOwner(SecurityDescriptor, &wptr, NULL)) {
3268 LocalFree (wstr);
3269 return FALSE;
3270 }
3271 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3272 if (!DumpGroup(SecurityDescriptor, &wptr, NULL)) {
3273 LocalFree (wstr);
3274 return FALSE;
3275 }
3276 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3277 if (!DumpDacl(SecurityDescriptor, &wptr, NULL)) {
3278 LocalFree (wstr);
3279 return FALSE;
3280 }
3281 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3282 if (!DumpSacl(SecurityDescriptor, &wptr, NULL)) {
3283 LocalFree (wstr);
3284 return FALSE;
3285 }
3286 *wptr = 0;
3287
3288 TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
3289 *OutputString = wstr;
3290 if (OutputLen)
3291 *OutputLen = strlenW(*OutputString)+1;
3292 return TRUE;
3293}
3294
3295/******************************************************************************
3296 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
3297 */
3299{
3300 LPWSTR wstr;
3301 ULONG len;
3303 {
3304 int lenA;
3305
3306 lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
3307 *OutputString = heap_alloc(lenA);
3308#ifdef __REACTOS__
3309 if (*OutputString == NULL)
3310 {
3311 LocalFree(wstr);
3312 *OutputLen = 0;
3313 return FALSE;
3314 }
3315#endif
3316 WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
3317 LocalFree(wstr);
3318
3319 if (OutputLen != NULL)
3320 *OutputLen = lenA;
3321 return TRUE;
3322 }
3323 else
3324 {
3325 *OutputString = NULL;
3326 if (OutputLen)
3327 *OutputLen = 0;
3328 return FALSE;
3329 }
3330}
3331
3332/******************************************************************************
3333 * ConvertStringSidToSidW [ADVAPI32.@]
3334 */
3336{
3337 BOOL bret = FALSE;
3338 DWORD cBytes;
3339
3340 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
3341 if (GetVersion() & 0x80000000)
3343 else if (!StringSid || !Sid)
3345 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
3346 {
3347 PSID pSid = *Sid = LocalAlloc(0, cBytes);
3348
3349 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
3350 if (!bret)
3351 LocalFree(*Sid);
3352 }
3353 return bret;
3354}
3355
3356/******************************************************************************
3357 * ConvertStringSidToSidA [ADVAPI32.@]
3358 */
3360{
3361 BOOL bret = FALSE;
3362
3363 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
3364 if (GetVersion() & 0x80000000)
3366 else if (!StringSid || !Sid)
3368 else
3369 {
3370 WCHAR *wStringSid = SERV_dup(StringSid);
3371 bret = ConvertStringSidToSidW(wStringSid, Sid);
3372 heap_free(wStringSid);
3373 }
3374 return bret;
3375}
3376
3377/*
3378 * @implemented
3379 */
3380BOOL
3381WINAPI
3383 LPWSTR *StringSid)
3384{
3387 WCHAR FixedBuffer[64];
3388
3389 if (!RtlValidSid(Sid))
3390 {
3392 return FALSE;
3393 }
3394
3395 UnicodeString.Length = 0;
3396 UnicodeString.MaximumLength = sizeof(FixedBuffer);
3397 UnicodeString.Buffer = FixedBuffer;
3400 {
3402 }
3403
3404 if (!NT_SUCCESS(Status))
3405 {
3407 return FALSE;
3408 }
3409
3410 *StringSid = LocalAlloc(LMEM_FIXED, UnicodeString.Length + sizeof(WCHAR));
3411 if (NULL == *StringSid)
3412 {
3413 if (UnicodeString.Buffer != FixedBuffer)
3414 {
3416 }
3418 return FALSE;
3419 }
3420
3421 MoveMemory(*StringSid, UnicodeString.Buffer, UnicodeString.Length);
3422 ZeroMemory((PCHAR) *StringSid + UnicodeString.Length, sizeof(WCHAR));
3423 if (UnicodeString.Buffer != FixedBuffer)
3424 {
3426 }
3427
3428 return TRUE;
3429}
3430
3431/*
3432 * @implemented
3433 */
3434BOOL
3435WINAPI
3437 LPSTR *StringSid)
3438{
3439 LPWSTR StringSidW;
3440 int Len;
3441
3442 if (!ConvertSidToStringSidW(Sid, &StringSidW))
3443 {
3444 return FALSE;
3445 }
3446
3447 Len = WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, NULL, 0, NULL, NULL);
3448 if (Len <= 0)
3449 {
3450 LocalFree(StringSidW);
3452 return FALSE;
3453 }
3454
3455 *StringSid = LocalAlloc(LMEM_FIXED, Len);
3456 if (NULL == *StringSid)
3457 {
3458 LocalFree(StringSidW);
3460 return FALSE;
3461 }
3462
3463 if (!WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, *StringSid, Len, NULL, NULL))
3464 {
3465 LocalFree(StringSid);
3466 LocalFree(StringSidW);
3467 return FALSE;
3468 }
3469
3470 LocalFree(StringSidW);
3471
3472 return TRUE;
3473}
3474
3475/*
3476 * @unimplemented
3477 */
3478BOOL
3479WINAPI
3481 _In_ LPCWSTR lpUsername,
3482 _In_opt_ LPCWSTR lpDomain,
3483 _In_ LPCWSTR lpPassword,
3484 _In_ DWORD dwLogonFlags,
3485 _In_opt_ LPCWSTR lpApplicationName,
3486 _Inout_opt_ LPWSTR lpCommandLine,
3487 _In_ DWORD dwCreationFlags,
3488 _In_opt_ LPVOID lpEnvironment,
3489 _In_opt_ LPCWSTR lpCurrentDirectory,
3490 _In_ LPSTARTUPINFOW lpStartupInfo,
3491 _Out_ LPPROCESS_INFORMATION lpProcessInformation)
3492{
3493 LPWSTR pszStringBinding = NULL;
3498
3499 TRACE("CreateProcessWithLogonW(%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p)\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
3500 debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
3501 debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
3502 lpStartupInfo, lpProcessInformation);
3503
3505 L"ncacn_np",
3506 NULL,
3507 L"\\pipe\\seclogon",
3508 NULL,
3509 &pszStringBinding);
3510 if (Status != RPC_S_OK)
3511 {
3512 WARN("RpcStringBindingCompose returned 0x%x\n", Status);
3514 return FALSE;
3515 }
3516
3517 /* Set the binding handle that will be used to bind to the server. */
3518 Status = RpcBindingFromStringBindingW(pszStringBinding,
3519 &hBinding);
3520 if (Status != RPC_S_OK)
3521 {
3522 WARN("RpcBindingFromStringBinding returned 0x%x\n", Status);
3523 }
3524
3525 Status = RpcStringFreeW(&pszStringBinding);
3526 if (Status != RPC_S_OK)
3527 {
3528 WARN("RpcStringFree returned 0x%x\n", Status);
3529 }
3530
3531 Request.Username = (LPWSTR)lpUsername;
3532 Request.Domain = (LPWSTR)lpDomain;
3533 Request.Password = (LPWSTR)lpPassword;
3534 Request.ApplicationName = (LPWSTR)lpApplicationName;
3535 Request.CommandLine = (LPWSTR)lpCommandLine;
3536 Request.CurrentDirectory = (LPWSTR)lpCurrentDirectory;
3537
3538 Request.dwLogonFlags = dwLogonFlags;
3539 Request.dwCreationFlags = dwCreationFlags;
3540
3541 Request.dwProcessId = GetCurrentProcessId();
3542 TRACE("Request.dwProcessId %lu\n", Request.dwProcessId);
3543
3544 Response.hProcess = 0;
3545 Response.hThread = 0;
3546 Response.dwProcessId = 0;
3547 Response.dwThreadId = 0;
3548 Response.dwError = ERROR_SUCCESS;
3549
3551 {
3553 }
3555 {
3556 WARN("Exception: %lx\n", RpcExceptionCode());
3557 }
3559
3560 if (hBinding)
3561 {
3563 if (Status != RPC_S_OK)
3564 {
3565 WARN("RpcBindingFree returned 0x%x\n", Status);
3566 }
3567
3568 hBinding = NULL;
3569 }
3570
3571 TRACE("Response.hProcess %p\n", Response.hProcess);
3572 TRACE("Response.hThread %p\n", Response.hThread);
3573 TRACE("Response.dwProcessId %lu\n", Response.dwProcessId);
3574 TRACE("Response.dwThreadId %lu\n", Response.dwThreadId);
3575 TRACE("Response.dwError %lu\n", Response.dwError);
3576 if (Response.dwError != ERROR_SUCCESS)
3577 SetLastError(Response.dwError);
3578
3579 TRACE("CreateProcessWithLogonW() done\n");
3580
3581 return (Response.dwError == ERROR_SUCCESS);
3582}
3583
3584BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line,
3585 DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info,
3586 PROCESS_INFORMATION *process_information )
3587{
3588 FIXME("%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n", token,
3589 logon_flags, debugstr_w(application_name), debugstr_w(command_line),
3590 creation_flags, environment, debugstr_w(current_directory),
3591 startup_info, process_information);
3592
3593 /* FIXME: check if handles should be inherited */
3594 return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
3595 current_directory, startup_info, process_information );
3596}
3597
3598/*
3599 * @implemented
3600 */
3602DuplicateTokenEx(IN HANDLE ExistingTokenHandle,
3603 IN DWORD dwDesiredAccess,
3604 IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL,
3607 OUT PHANDLE DuplicateTokenHandle)
3608{
3612
3613 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3614 ImpersonationLevel, TokenType, DuplicateTokenHandle);
3615
3616 Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
3618 Sqos.ContextTrackingMode = 0;
3619 Sqos.EffectiveOnly = FALSE;
3620
3621 if (lpTokenAttributes != NULL)
3622 {
3624 NULL,
3625 lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0,
3626 NULL,
3627 lpTokenAttributes->lpSecurityDescriptor);
3628 }
3629 else
3630 {
3632 NULL,
3633 0,
3634 NULL,
3635 NULL);
3636 }
3637
3638 ObjectAttributes.SecurityQualityOfService = &Sqos;
3639
3640 Status = NtDuplicateToken(ExistingTokenHandle,
3641 dwDesiredAccess,
3643 FALSE,
3644 TokenType,
3645 DuplicateTokenHandle);
3646 if (!NT_SUCCESS(Status))
3647 {
3648 ERR("NtDuplicateToken failed: Status %08x\n", Status);
3650 return FALSE;
3651 }
3652
3653 TRACE("Returning token %p.\n", *DuplicateTokenHandle);
3654
3655 return TRUE;
3656}
3657
3658/*
3659 * @implemented
3660 */
3662DuplicateToken(IN HANDLE ExistingTokenHandle,
3664 OUT PHANDLE DuplicateTokenHandle)
3665{
3666 return DuplicateTokenEx(ExistingTokenHandle,
3668 NULL,
3671 DuplicateTokenHandle);
3672}
3673
3674/******************************************************************************
3675 * ComputeStringSidSize
3676 */
3678{
3679 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
3680 {
3681 int ctok = 0;
3682 while (*StringSid)
3683 {
3684 if (*StringSid == '-')
3685 ctok++;
3686 StringSid++;
3687 }
3688
3689 if (ctok >= 3)
3690 return GetSidLengthRequired(ctok - 2);
3691 }
3692 else /* String constant format - Only available in winxp and above */
3693 {
3694 unsigned int i;
3695
3696 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3697 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3699
3700 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3701 if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3702 {
3703 MAX_SID local;
3706 }
3707
3708 }
3709
3710 return GetSidLengthRequired(0);
3711}
3712
3713/******************************************************************************
3714 * ParseStringSidToSid
3715 */
3717{
3718 BOOL bret = FALSE;
3719 SID* pisid=pSid;
3720
3721 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
3722 if (!StringSid)
3723 {
3725 TRACE("StringSid is NULL, returning FALSE\n");
3726 return FALSE;
3727 }
3728
3729 while (*StringSid == ' ')
3730 StringSid++;
3731
3732 if (!*StringSid)
3733 goto lend; /* ERROR_INVALID_SID */
3734
3735 *cBytes = ComputeStringSidSize(StringSid);
3736 if (!pisid) /* Simply compute the size */
3737 {
3738 TRACE("only size requested, returning TRUE with %d\n", *cBytes);
3739 return TRUE;
3740 }
3741
3742 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
3743 {
3744 DWORD i = 0, identAuth;
3745 DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD));
3746
3747 StringSid += 2; /* Advance to Revision */
3748 pisid->Revision = atoiW(StringSid);
3749
3750 if (pisid->Revision != SDDL_REVISION)
3751 {
3752 TRACE("Revision %d is unknown\n", pisid->Revision);
3753 goto lend; /* ERROR_INVALID_SID */
3754 }
3755 if (csubauth == 0)
3756 {
3757 TRACE("SubAuthorityCount is 0\n");
3758 goto lend; /* ERROR_INVALID_SID */
3759 }
3760
3761 pisid->SubAuthorityCount = csubauth;
3762
3763 /* Advance to identifier authority */
3764 while (*StringSid && *StringSid != '-')
3765 StringSid++;
3766 if (*StringSid == '-')
3767 StringSid++;
3768
3769 /* MS' implementation can't handle values greater than 2^32 - 1, so
3770 * we don't either; assume most significant bytes are always 0
3771 */
3772 pisid->IdentifierAuthority.Value[0] = 0;
3773 pisid->IdentifierAuthority.Value[1] = 0;
3774 identAuth = atoiW(StringSid);
3775 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
3776 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
3777 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
3778 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
3779
3780 /* Advance to first sub authority */
3781 while (*StringSid && *StringSid != '-')
3782 StringSid++;
3783 if (*StringSid == '-')
3784 StringSid++;
3785
3786 while (*StringSid)
3787 {
3788 pisid->SubAuthority[i++] = atoiW(StringSid);
3789
3790 while (*StringSid && *StringSid != '-')
3791 StringSid++;
3792 if (*StringSid == '-')
3793 StringSid++;
3794 }
3795
3796 if (i != pisid->SubAuthorityCount)
3797 goto lend; /* ERROR_INVALID_SID */
3798
3799 bret = TRUE;
3800 }
3801 else /* String constant format - Only available in winxp and above */
3802 {
3803 unsigned int i;
3804 pisid->Revision = SDDL_REVISION;
3805
3806 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3807 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3808 {
3809 DWORD j;
3812 for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
3814 bret = TRUE;
3815 }
3816
3817 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3818 if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3819 {
3820 ADVAPI_GetComputerSid(pisid);
3822 pisid->SubAuthorityCount++;
3823 bret = TRUE;
3824 }
3825
3826 if (!bret)
3827 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
3828 }
3829
3830lend:
3831 if (!bret)
3833
3834 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3835 return bret;
3836}
3837
3838/**********************************************************************
3839 * GetNamedSecurityInfoA EXPORTED
3840 *
3841 * @implemented
3842 */
3843DWORD
3844WINAPI
3847 SECURITY_INFORMATION SecurityInfo,
3848 PSID *ppsidOwner,
3849 PSID *ppsidGroup,
3850 PACL *ppDacl,
3851 PACL *ppSacl,
3852 PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
3853{
3854 DWORD len;
3855 LPWSTR wstr = NULL;
3856 DWORD r;
3857
3858 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
3859 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
3860
3861 if( pObjectName )
3862 {
3863 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3864 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3865 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3866 }
3867
3868 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
3869 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
3870
3871 HeapFree( GetProcessHeap(), 0, wstr );
3872
3873 return r;
3874}
3875
3876/******************************************************************************
3877 * GetWindowsAccountDomainSid [ADVAPI32.@]
3878 */
3880{
3882 DWORD required_size;
3883 int i;
3884
3885 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
3886
3887 if (!sid || !IsValidSid( sid ))
3888 {
3890 return FALSE;
3891 }
3892
3893 if (!size)
3894 {
3896 return FALSE;
3897 }
3898
3899 if (*GetSidSubAuthorityCount( sid ) < 4)
3900 {
3902 return FALSE;
3903 }
3904
3905 required_size = GetSidLengthRequired( 4 );
3906 if (*size < required_size || !domain_sid)
3907 {
3908 *size = required_size;
3911 return FALSE;
3912 }
3913
3914 InitializeSid( domain_sid, &domain_ident, 4 );
3915 for (i = 0; i < 4; i++)
3916 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
3917
3918 *size = required_size;
3919 return TRUE;
3920}
3921
3922/*
3923 * @unimplemented
3924 */
3925BOOL
3926WINAPI
3928 IN PSID pSid2,
3929 OUT BOOL* pfEqual)
3930{
3932 return FALSE;
3933}
3934
3935/* EOF */
unsigned char BOOLEAN
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
Type
Definition: Type.h:7
enum _ACCESS_MODE ACCESS_MODE
enum _TRUSTEE_FORM TRUSTEE_FORM
enum _TRUSTEE_TYPE TRUSTEE_TYPE
@ TRUSTEE_IS_SID
Definition: accctrl.h:189
@ TRUSTEE_IS_OBJECTS_AND_SID
Definition: accctrl.h:192
@ TRUSTEE_BAD_FORM
Definition: accctrl.h:191
@ TRUSTEE_IS_NAME
Definition: accctrl.h:190
@ TRUSTEE_IS_OBJECTS_AND_NAME
Definition: accctrl.h:193
@ TRUSTEE_IS_UNKNOWN
Definition: accctrl.h:176
enum _SE_OBJECT_TYPE SE_OBJECT_TYPE
Definition: security.c:104
@ NO_MULTIPLE_TRUSTEE
Definition: accctrl.h:198
NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_opt_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1164
static unsigned char bytes[4]
Definition: adnsresfilter.c:74
struct NameRec_ * Name
Definition: cdprocs.h:460
static void * heap_alloc(size_t len)
Definition: appwiz.h:65
static BOOL heap_free(void *mem)
Definition: appwiz.h:75
TOKEN_TYPE
Definition: asmpp.cpp:29
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
Definition: precomp.h:23
LONG NTSTATUS
Definition: precomp.h:26
VOID __stdcall SeclCreateProcessWithLogonW(_In_ handle_t hBinding, _In_ SECL_REQUEST *pRequest, _Out_ SECL_RESPONSE *pResponse)
Definition: rpcserver.c:57
#define FIXME(fmt,...)
Definition: debug.h:111
#define UNIMPLEMENTED
Definition: debug.h:115
#define WARN(fmt,...)
Definition: debug.h:112
#define ERR(fmt,...)
Definition: debug.h:110
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
FT_UInt sid
Definition: cffcmap.c:139
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
SIZE_T LPSTARTUPINFOW
Definition: cordebug.idl:85
SIZE_T LPPROCESS_INFORMATION
Definition: cordebug.idl:86
handle_t hBinding
Definition: ctx_c.c:54
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
#define Len
Definition: deflate.h:82
#define ERROR_SUCCESS
Definition: deptool.c:10
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
BOOL WINAPI LookupAccountNameW(LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, LPDWORD cbSid, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:626
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1147
BOOL WINAPI LookupPrivilegeDisplayNameW(LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
Definition: misc.c:901
BOOL WINAPI LookupPrivilegeNameW(LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, LPDWORD cchName)
Definition: misc.c:832
DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1197
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:376
BOOL WINAPI GetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:1196
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:413
#define ADS_RIGHT_DS_LIST_OBJECT
Definition: security.c:162
BOOL WINAPI LookupAccountNameA(LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
Definition: security.c:1811
static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3208
static const WCHAR SDDL_AUDIT_FAILURE[]
Definition: security.c:174
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
Definition: security.c:1865
static const ACEFLAG AceFlags[]
Definition: security.c:2423
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
Definition: security.c:3298
static const WELLKNOWNRID WellKnownRids[]
Definition: security.c:111
BOOL WINAPI CreateRestrictedToken(_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
Creates a filtered token that is a restricted one of the regular access token. A restricted token can...
Definition: security.c:535
BOOL WINAPI SetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:2270
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3662
BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID *Sid)
Definition: security.c:3335
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3382
BOOL WINAPI SetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
Definition: security.c:439
static DWORD ParseAclStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2353
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:2831
BOOL WINAPI LookupPrivilegeDisplayNameA(LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId)
Definition: security.c:1241
TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEE_W pTrustee)
Definition: security.c:2260
static const ACEFLAG AceRights[]
Definition: security.c:2468
static BYTE ParseAceStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2435
static const WCHAR SDDL_CONTAINER_INHERIT[]
Definition: security.c:168
static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
Definition: security.c:3716
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:864
struct _ACEFLAG * LPACEFLAG
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
Definition: security.c:3234
static const WCHAR SDDL_AUDIT[]
Definition: security.c:144
static LPWSTR SERV_dup(LPCSTR str)
Definition: security.c:235
static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3167
static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3059
DWORD WINAPI GetSecurityInfoExA(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup)
Definition: security.c:1891
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
Definition: security.c:2683
BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID *Sid)
Definition: security.c:3359
BOOL WINAPI EqualPrefixSid(PSID pSid1, PSID pSid2)
Definition: security.c:843
#define ADS_RIGHT_DS_DELETE_TREE
Definition: security.c:161
#define ADS_RIGHT_ACTRL_DS_LIST
Definition: security.c:157
VOID WINAPI BuildTrusteeWithSidA(PTRUSTEE_A pTrustee, PSID pSid)
Definition: security.c:2141
DWORD WINAPI GetSecurityInfoExW(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup)
Definition: security.c:1911
LPWSTR WINAPI GetTrusteeNameW(PTRUSTEE_W pTrustee)
Definition: security.c:2242
static const WCHAR SDDL_NO_WRITE_UP[]
Definition: security.c:132
BOOL WINAPI ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:1633
BOOL WINAPI AddAccessDeniedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:1116
static const WCHAR SDDL_OBJECT_AUDIT[]
Definition: security.c:148
BOOL WINAPI AddAce(PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
Definition: security.c:1143
static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3149
static const WCHAR SDDL_OBJECT_INHERIT[]
Definition: security.c:169
static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2916
BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
Definition: security.c:1168
TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEE_A pTrustee)
Definition: security.c:2251
static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2970
BOOL WINAPI MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
Definition: security.c:952
#define ADS_RIGHT_DS_CREATE_CHILD
Definition: security.c:155
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:898
static const WCHAR SDDL_ACCESS_ALLOWED[]
Definition: security.c:138
static const WCHAR SDDL_OBJECT_ACCESS_DENIED[]
Definition: security.c:142
LPSTR WINAPI GetTrusteeNameA(PTRUSTEE_A pTrustee)
Definition: security.c:2232
static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2931
BOOL WINAPI SetFileSecurityW(LPCWSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: security.c:1511
VOID WINAPI BuildExplicitAccessWithNameA(PEXPLICIT_ACCESSA pExplicitAccess, LPSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
Definition: security.c:1929
#define ADS_RIGHT_DS_READ_PROP
Definition: security.c:159
BOOL WINAPI SetThreadToken(IN PHANDLE ThreadHandle OPTIONAL, IN HANDLE TokenHandle)
Definition: security.c:463
BOOL WINAPI AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
Definition: security.c:676
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:854
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:821
static const WCHAR SDDL_INHERIT_ONLY[]
Definition: security.c:171
#define ADS_RIGHT_DS_DELETE_CHILD
Definition: security.c:156
BOOL WINAPI SynchronizeWindows31FilesAndWindowsNTRegistry(DWORD x1, DWORD x2, DWORD x3, DWORD x4)
Definition: security.c:1598
BOOL WINAPI AreAnyAccessesGranted(DWORD GrantedAccess, DWORD DesiredAccess)
Definition: security.c:2343
BOOL WINAPI IsWellKnownSid(IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType)
Definition: security.c:798
VOID WINAPI BuildTrusteeWithObjectsAndNameW(PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName, SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName, LPWSTR InheritedObjectTypeName, LPWSTR Name)
Definition: security.c:2007
BOOL WINAPI CopySid(DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
Definition: security.c:714
static const WCHAR SDDL_INHERITED[]
Definition: security.c:172
static const WCHAR SDDL_ACCESS_DENIED[]
Definition: security.c:139
BOOL WINAPI AddAuditAccessAce(PACL pAcl, DWORD dwAceRevision, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
Definition: security.c:1750
BOOL WINAPI AllocateLocallyUniqueId(PLUID Luid)
Definition: security.c:1220
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:910
BOOL WINAPI GetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:989
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:1008
struct _ACEFLAG ACEFLAG
#define ADS_RIGHT_DS_CONTROL_ACCESS
Definition: security.c:163
BOOL WINAPI ImpersonateNamedPipeClient(HANDLE hNamedPipe)
Definition: security.c:1026
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:931
VOID WINAPI BuildExplicitAccessWithNameW(PEXPLICIT_ACCESSW pExplicitAccess, LPWSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
Definition: security.c:1951
static DWORD ComputeStringSidSize(LPCWSTR StringSid)
Definition: security.c:3677
static const WCHAR SDDL_OBJECT_ALARM[]
Definition: security.c:149
VOID WINAPI BuildTrusteeWithObjectsAndSidW(PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
Definition: security.c:2093
static const WCHAR SDDL_MANDATORY_LABEL[]
Definition: security.c:146
static const WCHAR SDDL_ALARM[]
Definition: security.c:145
static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[]
Definition: security.c:141
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1041
static const SID sidWorld
Definition: security.c:128
BOOL WINAPI AddAccessAllowedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:1065
BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
Definition: security.c:253
VOID WINAPI BuildTrusteeWithObjectsAndNameA(PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName, SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName, LPSTR InheritedObjectTypeName, LPSTR Name)
Definition: security.c:1971
DWORD WINAPI GetLengthSid(PSID pSid)
Definition: security.c:921
BOOL WINAPI QueryWindows31FilesMigration(DWORD x1)
Definition: security.c:1582
static const WCHAR SDDL_NO_PROPAGATE[]
Definition: security.c:170
VOID WINAPI BuildTrusteeWithNameA(PTRUSTEE_A pTrustee, LPSTR name)
Definition: security.c:2174
static const WELLKNOWNSID WellKnownSids[]
Definition: security.c:47
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
Definition: security.c:338
PVOID WINAPI FreeSid(PSID pSid)
Definition: security.c:700
BOOL WINAPI ConvertSidToStringSidA(PSID Sid, LPSTR *StringSid)
Definition: security.c:3436
BOOL WINAPI SetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: security.c:1481
BOOL WINAPI GetWindowsAccountDomainSid(PSID sid, PSID domain_sid, DWORD *size)
Definition: security.c:3879
static const WCHAR SDDL_NO_EXECUTE_UP[]
Definition: security.c:133
#define ADS_RIGHT_DS_WRITE_PROP
Definition: security.c:160
BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line, DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info, PROCESS_INFORMATION *process_information)
Definition: security.c:3584
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:831
BOOL WINAPI AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_