d6/d9d/dll_2win32_2advapi32_2wine_2security_8c_source.html

 /*
  * COPYRIGHT:       See COPYING in the top level directory
  * WINE COPYRIGHT:
  * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
  * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
  * Copyright 2006 Robert Reif
  * Copyright 2006 Hervé Poussineau
  *
  * PROJECT:         ReactOS system libraries
  * FILE:            dll/win32/advapi32/wine/security.c
  */

 #include <advapi32.h>

 #include <sddl.h>

 WINE_DEFAULT_DEBUG_CHANNEL(advapi);

 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
 #ifdef __REACTOS__
 VOID WINAPI QuerySecurityAccessMask(SECURITY_INFORMATION,LPDWORD);
 VOID WINAPI SetSecurityAccessMask(SECURITY_INFORMATION,LPDWORD);
 #endif

 typedef struct _ACEFLAG
 {
    LPCWSTR wstr;
    DWORD value;
 } ACEFLAG, *LPACEFLAG;

 typedef struct _MAX_SID
 {
     /* same fields as struct _SID */
     BYTE Revision;
     BYTE SubAuthorityCount;
     SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
     DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
 } MAX_SID;

 typedef struct WELLKNOWNSID
 {
     WCHAR wstr[2];
     WELL_KNOWN_SID_TYPE Type;
     MAX_SID Sid;
 } WELLKNOWNSID;

 static const WELLKNOWNSID WellKnownSids[] =
 {
     { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
     { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
     { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
     { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
     { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
     { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
     { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
     { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
     { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
     { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
     { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
     { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
     { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
     { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
     { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
     { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
     { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
     { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
     { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
     { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
     { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
     { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
     { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
     { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
     { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
     { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
     { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
     { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
     { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
     { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
     { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
     { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
     { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
     { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
     { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
     { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
     { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
     { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
     { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
     { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
     { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
     { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
     { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS  } } },
     { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
     { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
     { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
     { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
     { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
     { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
     { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
     { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
     { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
 };

 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
 typedef struct WELLKNOWNRID
 {
     WCHAR wstr[2];
     WELL_KNOWN_SID_TYPE Type;
     DWORD Rid;
 } WELLKNOWNRID;

 static const WELLKNOWNRID WellKnownRids[] = {
     { {'L','A'}, WinAccountAdministratorSid,    DOMAIN_USER_RID_ADMIN },
     { {'L','G'}, WinAccountGuestSid,            DOMAIN_USER_RID_GUEST },
     { {0,0}, WinAccountKrbtgtSid,           DOMAIN_USER_RID_KRBTGT },
     { {'D','A'}, WinAccountDomainAdminsSid,     DOMAIN_GROUP_RID_ADMINS },
     { {'D','U'}, WinAccountDomainUsersSid,      DOMAIN_GROUP_RID_USERS },
     { {'D','G'}, WinAccountDomainGuestsSid,     DOMAIN_GROUP_RID_GUESTS },
     { {'D','C'}, WinAccountComputersSid,        DOMAIN_GROUP_RID_COMPUTERS },
     { {'D','D'}, WinAccountControllersSid,      DOMAIN_GROUP_RID_CONTROLLERS },
     { {'C','A'}, WinAccountCertAdminsSid,       DOMAIN_GROUP_RID_CERT_ADMINS },
     { {'S','A'}, WinAccountSchemaAdminsSid,     DOMAIN_GROUP_RID_SCHEMA_ADMINS },
     { {'E','A'}, WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
     { {'P','A'}, WinAccountPolicyAdminsSid,     DOMAIN_GROUP_RID_POLICY_ADMINS },
     { {'R','S'}, WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
 };

 #ifndef __REACTOS__
 static const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
 #endif

 static const WCHAR SDDL_NO_READ_UP[]       = {'N','R',0};
 static const WCHAR SDDL_NO_WRITE_UP[]      = {'N','W',0};
 static const WCHAR SDDL_NO_EXECUTE_UP[]    = {'N','X',0};

 /*
  * ACE types
  */
 static const WCHAR SDDL_ACCESS_ALLOWED[]        = {'A',0};
 static const WCHAR SDDL_ACCESS_DENIED[]         = {'D',0};
 #ifndef __REACTOS__
 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[]  = {'O','D',0};
 #endif
 static const WCHAR SDDL_AUDIT[]                 = {'A','U',0};
 static const WCHAR SDDL_ALARM[]                 = {'A','L',0};
 static const WCHAR SDDL_MANDATORY_LABEL[]       = {'M','L',0};
 #ifndef __REACTOS__
 static const WCHAR SDDL_OBJECT_AUDIT[]          = {'O','U',0};
 static const WCHAR SDDL_OBJECT_ALARM[]          = {'O','L',0};
 #endif

 /*
  * SDDL ADS Rights
  */
 #define ADS_RIGHT_DS_CREATE_CHILD   0x0001
 #define ADS_RIGHT_DS_DELETE_CHILD   0x0002
 #define ADS_RIGHT_ACTRL_DS_LIST     0x0004
 #define ADS_RIGHT_DS_SELF           0x0008
 #define ADS_RIGHT_DS_READ_PROP      0x0010
 #define ADS_RIGHT_DS_WRITE_PROP     0x0020
 #define ADS_RIGHT_DS_DELETE_TREE    0x0040
 #define ADS_RIGHT_DS_LIST_OBJECT    0x0080
 #define ADS_RIGHT_DS_CONTROL_ACCESS 0x0100

 /*
  * ACE flags
  */
 static const WCHAR SDDL_CONTAINER_INHERIT[]  = {'C','I',0};
 static const WCHAR SDDL_OBJECT_INHERIT[]     = {'O','I',0};
 static const WCHAR SDDL_NO_PROPAGATE[]       = {'N','P',0};
 static const WCHAR SDDL_INHERIT_ONLY[]       = {'I','O',0};
 static const WCHAR SDDL_INHERITED[]          = {'I','D',0};
 static const WCHAR SDDL_AUDIT_SUCCESS[]      = {'S','A',0};
 static const WCHAR SDDL_AUDIT_FAILURE[]      = {'F','A',0};

 static const char * debugstr_sid(PSID sid)
 {
     int auth = 0;
     SID * psid = (SID *)sid;

     if (psid == NULL)
         return "(null)";

     auth = psid->IdentifierAuthority.Value[5] +
            (psid->IdentifierAuthority.Value[4] << 8) +
            (psid->IdentifierAuthority.Value[3] << 16) +
            (psid->IdentifierAuthority.Value[2] << 24);

     switch (psid->SubAuthorityCount) {
     case 0:
         return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
     case 1:
         return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
             psid->SubAuthority[0]);
     case 2:
         return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
             psid->SubAuthority[0], psid->SubAuthority[1]);
     case 3:
         return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
             psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
     case 4:
         return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
             psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
             psid->SubAuthority[3]);
     case 5:
         return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
             psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
             psid->SubAuthority[3], psid->SubAuthority[4]);
     case 6:
         return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
             psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
             psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
     case 7:
         return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
             psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
             psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
             psid->SubAuthority[6]);
     case 8:
         return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
             psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
             psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
             psid->SubAuthority[6], psid->SubAuthority[7]);
     }
     return "(too-big)";
 }

 /* set last error code from NT status and get the proper boolean return value */
 /* used for functions that are a simple wrapper around the corresponding ntdll API */
 static __inline BOOL set_ntstatus( NTSTATUS status )
 {
     if (!NT_SUCCESS(status)) SetLastError( RtlNtStatusToDosError( status ));
     return NT_SUCCESS(status);
 }

 static LPWSTR SERV_dup( LPCSTR str )
 {
     UINT len;
     LPWSTR wstr;

     if( !str )
         return NULL;
     len = MultiByteToWideChar( CP_ACP, 0, str, -1, NULL, 0 );
     wstr = heap_alloc( len*sizeof (WCHAR) );
     MultiByteToWideChar( CP_ACP, 0, str, -1, wstr, len );
     return wstr;
 }

 /************************************************************
  *                ADVAPI_IsLocalComputer
  *
  * Checks whether the server name indicates local machine.
  */
 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
 {
     DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
     BOOL Result;
     LPWSTR buf;

     if (!ServerName || !ServerName[0])
         return TRUE;

     buf = heap_alloc(dwSize * sizeof(WCHAR));
     Result = GetComputerNameW(buf,  &dwSize);
     if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
         ServerName += 2;
     Result = Result && !lstrcmpW(ServerName, buf);
     heap_free(buf);

     return Result;
 }

 /************************************************************
  *                ADVAPI_GetComputerSid
  */
 BOOL ADVAPI_GetComputerSid(PSID sid)
 {
     static const struct /* same fields as struct SID */
     {
         BYTE Revision;
         BYTE SubAuthorityCount;
         SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
         DWORD SubAuthority[4];
     } computer_sid =
     { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } };

     memcpy( sid, &computer_sid, sizeof(computer_sid) );
     return TRUE;
 }

 /* Exported functions */

 /*
  * @implemented
  */
 BOOL WINAPI
 OpenProcessToken(HANDLE ProcessHandle,
                  DWORD DesiredAccess,
                  PHANDLE TokenHandle)
 {
     NTSTATUS Status;

     TRACE("%p, %x, %p.\n", ProcessHandle, DesiredAccess, TokenHandle);

     Status = NtOpenProcessToken(ProcessHandle,
                                 DesiredAccess,
                                 TokenHandle);
     if (!NT_SUCCESS(Status))
     {
         ERR("NtOpenProcessToken failed! Status %08x.\n", Status);
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     TRACE("Returning token %p.\n", *TokenHandle);

     return TRUE;
 }

 /******************************************************************************
  * OpenThreadToken [ADVAPI32.@]
  *
  * Opens the access token associated with a thread handle.
  *
  * PARAMS
  *   ThreadHandle  [I] Handle to process
  *   DesiredAccess [I] Desired access to the thread
  *   OpenAsSelf    [I] ???
  *   TokenHandle   [O] Destination for the token handle
  *
  * RETURNS
  *  Success: TRUE. TokenHandle contains the access token.
  *  Failure: FALSE.
  *
  * NOTES
  *  See NtOpenThreadToken.
  */
 BOOL WINAPI
 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
          BOOL OpenAsSelf, HANDLE *TokenHandle)
 {
     return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
 }

 /*
  * @implemented
  */
 BOOL WINAPI
 AdjustTokenGroups(HANDLE TokenHandle,
                   BOOL ResetToDefault,
                   PTOKEN_GROUPS NewState,
                   DWORD BufferLength,
                   PTOKEN_GROUPS PreviousState,
                   PDWORD ReturnLength)
 {
     NTSTATUS Status;

     Status = NtAdjustGroupsToken(TokenHandle,
                                  ResetToDefault,
                                  NewState,
                                  BufferLength,
                                  PreviousState,
                                  (PULONG)ReturnLength);
     if (!NT_SUCCESS(Status))
     {
        SetLastError(RtlNtStatusToDosError(Status));
        return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL WINAPI
 AdjustTokenPrivileges(HANDLE TokenHandle,
                       BOOL DisableAllPrivileges,
                       PTOKEN_PRIVILEGES NewState,
                       DWORD BufferLength,
                       PTOKEN_PRIVILEGES PreviousState,
                       PDWORD ReturnLength)
 {
     NTSTATUS Status;

     Status = NtAdjustPrivilegesToken(TokenHandle,
                                      DisableAllPrivileges,
                                      NewState,
                                      BufferLength,
                                      PreviousState,
                                      (PULONG)ReturnLength);
     if (STATUS_NOT_ALL_ASSIGNED == Status)
     {
         SetLastError(ERROR_NOT_ALL_ASSIGNED);
         return TRUE;
     }

     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     /* AdjustTokenPrivileges is documented to do this */
     SetLastError(ERROR_SUCCESS);

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL WINAPI
 GetTokenInformation(HANDLE TokenHandle,
                     TOKEN_INFORMATION_CLASS TokenInformationClass,
                     LPVOID TokenInformation,
                     DWORD TokenInformationLength,
                     PDWORD ReturnLength)
 {
     NTSTATUS Status;

     Status = NtQueryInformationToken(TokenHandle,
                                      TokenInformationClass,
                                      TokenInformation,
                                      TokenInformationLength,
                                      (PULONG)ReturnLength);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

   return TRUE;
 }

 /*
  * @implemented
  */
 BOOL WINAPI
 SetTokenInformation(HANDLE TokenHandle,
                     TOKEN_INFORMATION_CLASS TokenInformationClass,
                     LPVOID TokenInformation,
                     DWORD TokenInformationLength)
 {
     NTSTATUS Status;

     Status = NtSetInformationToken(TokenHandle,
                                    TokenInformationClass,
                                    TokenInformation,
                                    TokenInformationLength);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL WINAPI
 SetThreadToken(IN PHANDLE ThreadHandle  OPTIONAL,
                IN HANDLE TokenHandle)
 {
     NTSTATUS Status;
     HANDLE hThread;

     hThread = (ThreadHandle != NULL) ? *ThreadHandle : NtCurrentThread();

     Status = NtSetInformationThread(hThread,
                                     ThreadImpersonationToken,
                                     &TokenHandle,
                                     sizeof(HANDLE));
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 BOOL WINAPI CreateRestrictedToken(
     _In_ HANDLE ExistingTokenHandle,
     _In_ DWORD Flags,
     _In_ DWORD DisableSidCount,
     _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable,
     _In_ DWORD DeletePrivilegeCount,
     _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete,
     _In_ DWORD RestrictedSidCount,
     _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict,
     _Outptr_ PHANDLE NewTokenHandle)
 {
     NTSTATUS Status;
     BOOL Success;
     ULONG Index;
     PTOKEN_GROUPS DisableSids = NULL;
     PTOKEN_GROUPS RestrictedSids = NULL;
     PTOKEN_PRIVILEGES DeletePrivileges = NULL;

     /*
      * Capture the elements we're being given from
      * the caller and allocate the groups and/or
      * privileges that have to be filtered in
      * the token.
      */
     if (SidsToDisable != NULL)
     {
         DisableSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, DisableSidCount * sizeof(TOKEN_GROUPS));
         if (DisableSids == NULL)
         {
             /* We failed, bail out */
             SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
             return FALSE;
         }

         /* Copy the counter and loop the elements to copy the rest */
         DisableSids->GroupCount = DisableSidCount;
         for (Index = 0; Index < DisableSidCount; Index++)
         {
             DisableSids->Groups[Index].Sid = SidsToDisable[Index].Sid;
             DisableSids->Groups[Index].Attributes = SidsToDisable[Index].Attributes;
         }
     }

     if (PrivilegesToDelete != NULL)
     {
         DeletePrivileges = (PTOKEN_PRIVILEGES)LocalAlloc(LMEM_FIXED, DeletePrivilegeCount * sizeof(TOKEN_PRIVILEGES));
         if (DeletePrivileges == NULL)
         {
             /* We failed, bail out */
             SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
             Success = FALSE;
             goto Cleanup;
         }

         /* Copy the counter and loop the elements to copy the rest */
         DeletePrivileges->PrivilegeCount = DeletePrivilegeCount;
         for (Index = 0; Index < DeletePrivilegeCount; Index++)
         {
             DeletePrivileges->Privileges[Index].Luid = PrivilegesToDelete[Index].Luid;
             DeletePrivileges->Privileges[Index].Attributes = PrivilegesToDelete[Index].Attributes;
         }
     }

     if (SidsToRestrict != NULL)
     {
         RestrictedSids = (PTOKEN_GROUPS)LocalAlloc(LMEM_FIXED, RestrictedSidCount * sizeof(TOKEN_GROUPS));
         if (RestrictedSids == NULL)
         {
             /* We failed, bail out */
             SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
             Success = FALSE;
             goto Cleanup;
         }

         /* Copy the counter and loop the elements to copy the rest */
         RestrictedSids->GroupCount = RestrictedSidCount;
         for (Index = 0; Index < RestrictedSidCount; Index++)
         {
             RestrictedSids->Groups[Index].Sid = SidsToRestrict[Index].Sid;
             RestrictedSids->Groups[Index].Attributes = SidsToRestrict[Index].Attributes;
         }
     }

     /*
      * Call the NT API to request a token filtering
      * operation for us.
      */
     Status = NtFilterToken(ExistingTokenHandle,
                            Flags,
                            DisableSids,
                            DeletePrivileges,
                            RestrictedSids,
                            NewTokenHandle);
     if (!NT_SUCCESS(Status))
     {
         /* We failed to do the job, bail out */
         SetLastError(RtlNtStatusToDosError(Status));
         Success = FALSE;
         goto Cleanup;
     }

     /* If we reach here then we've successfully filtered the token */
     Success = TRUE;

 Cleanup:
     /* Free whatever we allocated before */
     if (DisableSids != NULL)
     {
         LocalFree(DisableSids);
     }

     if (DeletePrivileges != NULL)
     {
         LocalFree(DeletePrivileges);
     }

     if (RestrictedSids != NULL)
     {
         LocalFree(RestrictedSids);
     }

     return Success;
 }

 /******************************************************************************
  * AllocateAndInitializeSid [ADVAPI32.@]
  *
  * PARAMS
  *   pIdentifierAuthority []
  *   nSubAuthorityCount   []
  *   nSubAuthority0       []
  *   nSubAuthority1       []
  *   nSubAuthority2       []
  *   nSubAuthority3       []
  *   nSubAuthority4       []
  *   nSubAuthority5       []
  *   nSubAuthority6       []
  *   nSubAuthority7       []
  *   pSid                 []
  */
 BOOL WINAPI
 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
                           BYTE nSubAuthorityCount,
                           DWORD nSubAuthority0, DWORD nSubAuthority1,
                           DWORD nSubAuthority2, DWORD nSubAuthority3,
                           DWORD nSubAuthority4, DWORD nSubAuthority5,
                           DWORD nSubAuthority6, DWORD nSubAuthority7,
                           PSID *pSid )
 {
     return set_ntstatus( RtlAllocateAndInitializeSid(
                              pIdentifierAuthority, nSubAuthorityCount,
                              nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
                              nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
                              pSid ));
 }

 /*
  * @implemented
  *
  * RETURNS
  *  Docs says this function does NOT return a value
  *  even thou it's defined to return a PVOID...
  */
 PVOID
 WINAPI
 FreeSid(PSID pSid)
 {
     return RtlFreeSid(pSid);
 }

 /******************************************************************************
  * CopySid [ADVAPI32.@]
  *
  * PARAMS
  *   nDestinationSidLength []
  *   pDestinationSid       []
  *   pSourceSid            []
  */
 BOOL WINAPI
 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
 {
     return set_ntstatus(RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid));
 }

 /*
  * @unimplemented
  */
 BOOL
 WINAPI
 CreateWellKnownSid(IN WELL_KNOWN_SID_TYPE WellKnownSidType,
                    IN PSID DomainSid  OPTIONAL,
                    OUT PSID pSid,
                    IN OUT DWORD* cbSid)
 {
     unsigned int i;
     TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);

     if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
     {
         SetLastError(ERROR_INVALID_PARAMETER);
         return FALSE;
     }

     for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
         if (WellKnownSids[i].Type == WellKnownSidType) {
             DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);

             if (*cbSid < length)
             {
                 *cbSid = length;
                 SetLastError(ERROR_INSUFFICIENT_BUFFER);
                 return FALSE;
             }
             if (!pSid)
             {
                 SetLastError(ERROR_INVALID_PARAMETER);
                 return FALSE;
             }
             CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
             *cbSid = length;
             return TRUE;
         }
     }

     if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
     {
         SetLastError(ERROR_INVALID_PARAMETER);
         return FALSE;
     }

     for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
         if (WellKnownRids[i].Type == WellKnownSidType) {
             UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
             DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
             DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);

             if (*cbSid < output_sid_length)
             {
                 *cbSid = output_sid_length;
                 SetLastError(ERROR_INSUFFICIENT_BUFFER);
                 return FALSE;
             }
             if (!pSid)
             {
                 SetLastError(ERROR_INVALID_PARAMETER);
                 return FALSE;
             }
             CopyMemory(pSid, DomainSid, domain_sid_length);
             (*GetSidSubAuthorityCount(pSid))++;
             (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
             *cbSid = output_sid_length;
             return TRUE;
         }

     SetLastError(ERROR_INVALID_PARAMETER);
     return FALSE;
 }

 /*
  * @unimplemented
  */
 BOOL
 WINAPI
 IsWellKnownSid(IN PSID pSid,
                IN WELL_KNOWN_SID_TYPE WellKnownSidType)
 {
     unsigned int i;
     TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);

     for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
     {
         if (WellKnownSids[i].Type == WellKnownSidType)
         {
             if (EqualSid(pSid, (PSID)(&WellKnownSids[i].Sid.Revision)))
                 return TRUE;
         }
     }

     return FALSE;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 IsValidSid(PSID pSid)
 {
     return (BOOL)RtlValidSid(pSid);
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 EqualSid(PSID pSid1,
          PSID pSid2)
 {
     SetLastError(ERROR_SUCCESS);
     return RtlEqualSid (pSid1, pSid2);
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 EqualPrefixSid(PSID pSid1,
                PSID pSid2)
 {
     return RtlEqualPrefixSid (pSid1, pSid2);
 }

 /*
  * @implemented
  */
 DWORD
 WINAPI
 GetSidLengthRequired(UCHAR nSubAuthorityCount)
 {
     return (DWORD)RtlLengthRequiredSid(nSubAuthorityCount);
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 InitializeSid(PSID Sid,
               PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
               BYTE nSubAuthorityCount)
 {
     NTSTATUS Status;

     Status = RtlInitializeSid(Sid,
                               pIdentifierAuthority,
                               nSubAuthorityCount);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 PSID_IDENTIFIER_AUTHORITY
 WINAPI
 GetSidIdentifierAuthority(PSID pSid)
 {
     SetLastError(ERROR_SUCCESS);
     return RtlIdentifierAuthoritySid(pSid);
 }

 /*
  * @implemented
  */
 PDWORD
 WINAPI
 GetSidSubAuthority(PSID pSid,
                    DWORD nSubAuthority)
 {
     SetLastError(ERROR_SUCCESS);
     return (PDWORD)RtlSubAuthoritySid(pSid, nSubAuthority);
 }

 /*
  * @implemented
  */
 PUCHAR
 WINAPI
 GetSidSubAuthorityCount(PSID pSid)
 {
     SetLastError(ERROR_SUCCESS);
     return RtlSubAuthorityCountSid(pSid);
 }

 /*
  * @implemented
  */
 DWORD
 WINAPI
 GetLengthSid(PSID pSid)
 {
     return (DWORD)RtlLengthSid(pSid);
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor,
                              DWORD dwRevision)
 {
     NTSTATUS Status;

     Status = RtlCreateSecurityDescriptor(pSecurityDescriptor,
                                          dwRevision);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
                PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
                LPDWORD lpdwAbsoluteSecurityDescriptorSize,
                PACL pDacl,
                LPDWORD lpdwDaclSize,
                PACL pSacl,
                LPDWORD lpdwSaclSize,
                PSID pOwner,
                LPDWORD lpdwOwnerSize,
                PSID pPrimaryGroup,
                LPDWORD lpdwPrimaryGroupSize)
 {
     NTSTATUS Status;

     Status = RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
                                          pAbsoluteSecurityDescriptor,
                                          lpdwAbsoluteSecurityDescriptorSize,
                                          pDacl,
                                          lpdwDaclSize,
                                          pSacl,
                                          lpdwSaclSize,
                                          pOwner,
                                          lpdwOwnerSize,
                                          pPrimaryGroup,
                                          lpdwPrimaryGroupSize);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /******************************************************************************
  * GetKernelObjectSecurity [ADVAPI32.@]
  */
 BOOL WINAPI GetKernelObjectSecurity(
         HANDLE Handle,
         SECURITY_INFORMATION RequestedInformation,
         PSECURITY_DESCRIPTOR pSecurityDescriptor,
         DWORD nLength,
         LPDWORD lpnLengthNeeded )
 {
     TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
           pSecurityDescriptor, nLength, lpnLengthNeeded);

     return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
                                                nLength, lpnLengthNeeded ));
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 InitializeAcl(PACL pAcl,
               DWORD nAclLength,
               DWORD dwAclRevision)
 {
     NTSTATUS Status;

     Status = RtlCreateAcl(pAcl,
                           nAclLength,
                           dwAclRevision);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
 {
     IO_STATUS_BLOCK io_block;

     TRACE("(%p)\n", hNamedPipe);

     return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
                          &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 AddAccessAllowedAce(PACL pAcl,
                     DWORD dwAceRevision,
                     DWORD AccessMask,
                     PSID pSid)
 {
     NTSTATUS Status;

     Status = RtlAddAccessAllowedAce(pAcl,
                                     dwAceRevision,
                                     AccessMask,
                                     pSid);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL WINAPI
 AddAccessAllowedAceEx(PACL pAcl,
                       DWORD dwAceRevision,
                       DWORD AceFlags,
                       DWORD AccessMask,
                       PSID pSid)
 {
     NTSTATUS Status;

     Status = RtlAddAccessAllowedAceEx(pAcl,
                                       dwAceRevision,
                                       AceFlags,
                                       AccessMask,
                                       pSid);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 AddAccessDeniedAce(PACL pAcl,
                    DWORD dwAceRevision,
                    DWORD AccessMask,
                    PSID pSid)
 {
     NTSTATUS Status;

     Status = RtlAddAccessDeniedAce(pAcl,
                                    dwAceRevision,
                                    AccessMask,
                                    pSid);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL WINAPI
 AddAccessDeniedAceEx(PACL pAcl,
                      DWORD dwAceRevision,
                      DWORD AceFlags,
                      DWORD AccessMask,
                      PSID pSid)
 {
     NTSTATUS Status;

     Status = RtlAddAccessDeniedAceEx(pAcl,
                                      dwAceRevision,
                                      AceFlags,
                                      AccessMask,
                                      pSid);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 AddAce(PACL pAcl,
        DWORD dwAceRevision,
        DWORD dwStartingAceIndex,
        LPVOID pAceList,
        DWORD nAceListLength)
 {
     NTSTATUS Status;

     Status = RtlAddAce(pAcl,
                        dwAceRevision,
                        dwStartingAceIndex,
                        pAceList,
                        nAceListLength);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /******************************************************************************
  * DeleteAce [ADVAPI32.@]
  */
 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
 {
     return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 FindFirstFreeAce(PACL pAcl,
                  LPVOID *pAce)
 {
     return RtlFirstFreeAce(pAcl,
                            (PACE*)pAce);
 }

 /******************************************************************************
  * GetAce [ADVAPI32.@]
  */
 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
 {
     return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
 }

 /******************************************************************************
  * GetAclInformation [ADVAPI32.@]
  */
 BOOL WINAPI GetAclInformation(
   PACL pAcl,
   LPVOID pAclInformation,
   DWORD nAclInformationLength,
   ACL_INFORMATION_CLASS dwAclInformationClass)
 {
     return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
                                                nAclInformationLength, dwAclInformationClass));
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 IsValidAcl(PACL pAcl)
 {
     return RtlValidAcl (pAcl);
 }

 /*
  * @implemented
  */
 BOOL WINAPI
 AllocateLocallyUniqueId(PLUID Luid)
 {
     NTSTATUS Status;

     Status = NtAllocateLocallyUniqueId (Luid);
     if (!NT_SUCCESS (Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /**********************************************************************
  * LookupPrivilegeDisplayNameA          EXPORTED
  *
  * @unimplemented
  */
 BOOL
 WINAPI
 LookupPrivilegeDisplayNameA(LPCSTR lpSystemName,
                             LPCSTR lpName,
                             LPSTR lpDisplayName,
                             LPDWORD cchDisplayName,
                             LPDWORD lpLanguageId)
 {
     UNICODE_STRING lpSystemNameW;
     UNICODE_STRING lpNameW;
     BOOL ret;
     DWORD wLen = 0;

     TRACE("%s %s %p %p %p\n", debugstr_a(lpSystemName), debugstr_a(lpName), lpName, cchDisplayName, lpLanguageId);

     RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
     RtlCreateUnicodeStringFromAsciiz(&lpNameW, lpName);
     ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, NULL, &wLen, lpLanguageId);
     if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
     {
         LPWSTR lpDisplayNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));

         ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, lpDisplayNameW,
                                           &wLen, lpLanguageId);
         if (ret)
         {
             unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpDisplayNameW, -1, lpDisplayName,
                                                    *cchDisplayName, NULL, NULL);

             if (len == 0)
             {
                 /* WideCharToMultiByte failed */
                 ret = FALSE;
             }
             else if (len > *cchDisplayName)
             {
                 *cchDisplayName = len;
                 SetLastError(ERROR_INSUFFICIENT_BUFFER);
                 ret = FALSE;
             }
             else
             {
                 /* WideCharToMultiByte succeeded, output length needs to be
                  * length not including NULL terminator
                  */
                 *cchDisplayName = len - 1;
             }
         }
         HeapFree(GetProcessHeap(), 0, lpDisplayNameW);
     }
     RtlFreeUnicodeString(&lpSystemNameW);
     RtlFreeUnicodeString(&lpNameW);
     return ret;
 }

 /**********************************************************************
  * LookupPrivilegeNameA             EXPORTED
  *
  * @implemented
  */
 BOOL
 WINAPI
 LookupPrivilegeNameA(LPCSTR lpSystemName,
                      PLUID lpLuid,
                      LPSTR lpName,
                      LPDWORD cchName)
 {
     UNICODE_STRING lpSystemNameW;
     BOOL ret;
     DWORD wLen = 0;

     TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);

     RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
     ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
     if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
     {
         LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));

         ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
          &wLen);
         if (ret)
         {
             /* Windows crashes if cchName is NULL, so will I */
             unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
              *cchName, NULL, NULL);

             if (len == 0)
             {
                 /* WideCharToMultiByte failed */
                 ret = FALSE;
             }
             else if (len > *cchName)
             {
                 *cchName = len;
                 SetLastError(ERROR_INSUFFICIENT_BUFFER);
                 ret = FALSE;
             }
             else
             {
                 /* WideCharToMultiByte succeeded, output length needs to be
                  * length not including NULL terminator
                  */
                 *cchName = len - 1;
             }
         }
         HeapFree(GetProcessHeap(), 0, lpNameW);
     }
     RtlFreeUnicodeString(&lpSystemNameW);
     return ret;
 }

 /******************************************************************************
  * GetFileSecurityA [ADVAPI32.@]
  *
  * Obtains Specified information about the security of a file or directory.
  *
  * PARAMS
  *  lpFileName           [I] Name of the file to get info for
  *  RequestedInformation [I] SE_ flags from "winnt.h"
  *  pSecurityDescriptor  [O] Destination for security information
  *  nLength              [I] Length of pSecurityDescriptor
  *  lpnLengthNeeded      [O] Destination for length of returned security information
  *
  * RETURNS
  *  Success: TRUE. pSecurityDescriptor contains the requested information.
  *  Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
  *
  * NOTES
  *  The information returned is constrained by the callers access rights and
  *  privileges.
  *
  * @implemented
  */
 BOOL
 WINAPI
 GetFileSecurityA(LPCSTR lpFileName,
                  SECURITY_INFORMATION RequestedInformation,
                  PSECURITY_DESCRIPTOR pSecurityDescriptor,
                  DWORD nLength,
                  LPDWORD lpnLengthNeeded)
 {
     UNICODE_STRING FileName;
     BOOL bResult;

     if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
     {
         SetLastError(ERROR_NOT_ENOUGH_MEMORY);
         return FALSE;
     }

     bResult = GetFileSecurityW(FileName.Buffer,
                                RequestedInformation,
                                pSecurityDescriptor,
                                nLength,
                                lpnLengthNeeded);

     RtlFreeUnicodeString(&FileName);

     return bResult;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 GetFileSecurityW(LPCWSTR lpFileName,
                  SECURITY_INFORMATION RequestedInformation,
                  PSECURITY_DESCRIPTOR pSecurityDescriptor,
                  DWORD nLength,
                  LPDWORD lpnLengthNeeded)
 {
     OBJECT_ATTRIBUTES ObjectAttributes;
     IO_STATUS_BLOCK StatusBlock;
     UNICODE_STRING FileName;
     ULONG AccessMask = 0;
     HANDLE FileHandle;
     NTSTATUS Status;

     TRACE("GetFileSecurityW() called\n");

     QuerySecurityAccessMask(RequestedInformation, &AccessMask);

     if (!RtlDosPathNameToNtPathName_U(lpFileName,
                                       &FileName,
                                       NULL,
                                       NULL))
     {
         ERR("Invalid path\n");
         SetLastError(ERROR_INVALID_NAME);
         return FALSE;
     }

     InitializeObjectAttributes(&ObjectAttributes,
                                &FileName,
                                OBJ_CASE_INSENSITIVE,
                                NULL,
                                NULL);

     Status = NtOpenFile(&FileHandle,
                         AccessMask,
                         &ObjectAttributes,
                         &StatusBlock,
                         FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
                         0);

     RtlFreeHeap(RtlGetProcessHeap(),
                 0,
                 FileName.Buffer);

     if (!NT_SUCCESS(Status))
     {
         ERR("NtOpenFile() failed (Status %lx)\n", Status);
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     Status = NtQuerySecurityObject(FileHandle,
                                    RequestedInformation,
                                    pSecurityDescriptor,
                                    nLength,
                                    lpnLengthNeeded);
     NtClose(FileHandle);
     if (!NT_SUCCESS(Status))
     {
         ERR("NtQuerySecurityObject() failed (Status %lx)\n", Status);
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /******************************************************************************
  * SetFileSecurityA [ADVAPI32.@]
  * Sets the security of a file or directory
  *
  * @implemented
  */
 BOOL
 WINAPI
 SetFileSecurityA(LPCSTR lpFileName,
                  SECURITY_INFORMATION SecurityInformation,
                  PSECURITY_DESCRIPTOR pSecurityDescriptor)
 {
     UNICODE_STRING FileName;
     BOOL bResult;

     if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
     {
         SetLastError(ERROR_NOT_ENOUGH_MEMORY);
         return FALSE;
     }

     bResult = SetFileSecurityW(FileName.Buffer,
                                SecurityInformation,
                                pSecurityDescriptor);

     RtlFreeUnicodeString(&FileName);

     return bResult;
 }

 /******************************************************************************
  * SetFileSecurityW [ADVAPI32.@]
  * Sets the security of a file or directory
  *
  * @implemented
  */
 BOOL
 WINAPI
 SetFileSecurityW(LPCWSTR lpFileName,
                  SECURITY_INFORMATION SecurityInformation,
                  PSECURITY_DESCRIPTOR pSecurityDescriptor)
 {
     OBJECT_ATTRIBUTES ObjectAttributes;
     IO_STATUS_BLOCK StatusBlock;
     UNICODE_STRING FileName;
     ULONG AccessMask = 0;
     HANDLE FileHandle;
     NTSTATUS Status;

     TRACE("SetFileSecurityW() called\n");

     SetSecurityAccessMask(SecurityInformation, &AccessMask);

     if (!RtlDosPathNameToNtPathName_U(lpFileName,
                                       &FileName,
                                       NULL,
                                       NULL))
     {
         ERR("Invalid path\n");
         SetLastError(ERROR_INVALID_NAME);
         return FALSE;
     }

     InitializeObjectAttributes(&ObjectAttributes,
                                &FileName,
                                OBJ_CASE_INSENSITIVE,
                                NULL,
                                NULL);

     Status = NtOpenFile(&FileHandle,
                         AccessMask,
                         &ObjectAttributes,
                         &StatusBlock,
                         FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
                         0);

     RtlFreeHeap(RtlGetProcessHeap(),
                 0,
                 FileName.Buffer);

     if (!NT_SUCCESS(Status))
     {
         ERR("NtOpenFile() failed (Status %lx)\n", Status);
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     Status = NtSetSecurityObject(FileHandle,
                                  SecurityInformation,
                                  pSecurityDescriptor);
     NtClose(FileHandle);

     if (!NT_SUCCESS(Status))
     {
         ERR("NtSetSecurityObject() failed (Status %lx)\n", Status);
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /******************************************************************************
  * QueryWindows31FilesMigration [ADVAPI32.@]
  *
  * PARAMS
  *   x1 []
  */
 BOOL WINAPI
 QueryWindows31FilesMigration( DWORD x1 )
 {
     FIXME("(%d):stub\n",x1);
     return TRUE;
 }

 /******************************************************************************
  * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
  *
  * PARAMS
  *   x1 []
  *   x2 []
  *   x3 []
  *   x4 []
  */
 BOOL WINAPI
 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
                                                DWORD x4 )
 {
     FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 RevertToSelf(VOID)
 {
     NTSTATUS Status;
     HANDLE Token = NULL;

     Status = NtSetInformationThread(NtCurrentThread(),
                                     ThreadImpersonationToken,
                                     &Token,
                                     sizeof(HANDLE));
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 {
     NTSTATUS Status;

     Status = RtlImpersonateSelf(ImpersonationLevel);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
             IN HANDLE ClientToken,
             IN DWORD DesiredAccess,
             IN PGENERIC_MAPPING GenericMapping,
             OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL,
             IN OUT LPDWORD PrivilegeSetLength,
             OUT LPDWORD GrantedAccess,
             OUT LPBOOL AccessStatus)
 {
     NTSTATUS Status;
     NTSTATUS NtAccessStatus;

     /* Do the access check */
     Status = NtAccessCheck(pSecurityDescriptor,
                            ClientToken,
                            DesiredAccess,
                            GenericMapping,
                            PrivilegeSet,
                            (PULONG)PrivilegeSetLength,
                            (PACCESS_MASK)GrantedAccess,
                            &NtAccessStatus);

     /* See if the access check operation succeeded */
     if (!NT_SUCCESS(Status))
     {
         /* Check failed */
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     /* Now check the access status  */
     if (!NT_SUCCESS(NtAccessStatus))
     {
         /* Access denied */
         SetLastError(RtlNtStatusToDosError(NtAccessStatus));
         *AccessStatus = FALSE;
     }
     else
     {
         /* Access granted */
         *AccessStatus = TRUE;
     }

     /* Check succeeded */
     return TRUE;
 }

 /*
  * @unimplemented
  */
 BOOL WINAPI AccessCheckByType(
     PSECURITY_DESCRIPTOR pSecurityDescriptor,
     PSID PrincipalSelfSid,
     HANDLE ClientToken,
     DWORD DesiredAccess,
     POBJECT_TYPE_LIST ObjectTypeList,
     DWORD ObjectTypeListLength,
     PGENERIC_MAPPING GenericMapping,
     PPRIVILEGE_SET PrivilegeSet,
     LPDWORD PrivilegeSetLength,
     LPDWORD GrantedAccess,
     LPBOOL AccessStatus)
 {
     FIXME("stub\n");

     *AccessStatus = TRUE;

     return !*AccessStatus;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 SetKernelObjectSecurity(HANDLE Handle,
                         SECURITY_INFORMATION SecurityInformation,
                         PSECURITY_DESCRIPTOR SecurityDescriptor)
 {
     NTSTATUS Status;

     Status = NtSetSecurityObject(Handle,
                                  SecurityInformation,
                                  SecurityDescriptor);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 AddAuditAccessAce(PACL pAcl,
                   DWORD dwAceRevision,
                   DWORD dwAccessMask,
                   PSID pSid,
                   BOOL bAuditSuccess,
                   BOOL bAuditFailure)
 {
     NTSTATUS Status;

     Status = RtlAddAuditAccessAce(pAcl,
                                   dwAceRevision,
                                   dwAccessMask,
                                   pSid,
                                   bAuditSuccess,
                                   bAuditFailure);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL WINAPI
 AddAuditAccessAceEx(PACL pAcl,
                     DWORD dwAceRevision,
                     DWORD AceFlags,
                     DWORD dwAccessMask,
                     PSID pSid,
                     BOOL bAuditSuccess,
                     BOOL bAuditFailure)
 {
     NTSTATUS Status;

     Status = RtlAddAuditAccessAceEx(pAcl,
                                     dwAceRevision,
                                     AceFlags,
                                     dwAccessMask,
                                     pSid,
                                     bAuditSuccess,
                                     bAuditFailure);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /******************************************************************************
  * LookupAccountNameA [ADVAPI32.@]
  *
  * @implemented
  */
 BOOL
 WINAPI
 LookupAccountNameA(LPCSTR SystemName,
                    LPCSTR AccountName,
                    PSID Sid,
                    LPDWORD SidLength,
                    LPSTR ReferencedDomainName,
                    LPDWORD hReferencedDomainNameLength,
                    PSID_NAME_USE SidNameUse)
 {
     BOOL ret;
     UNICODE_STRING lpSystemW;
     UNICODE_STRING lpAccountW;
     LPWSTR lpReferencedDomainNameW = NULL;

     RtlCreateUnicodeStringFromAsciiz(&lpSystemW, SystemName);
     RtlCreateUnicodeStringFromAsciiz(&lpAccountW, AccountName);

     if (ReferencedDomainName)
         lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(),
                                             0,
                                             *hReferencedDomainNameLength * sizeof(WCHAR));

     ret = LookupAccountNameW(lpSystemW.Buffer,
                              lpAccountW.Buffer,
                              Sid,
                              SidLength,
                              lpReferencedDomainNameW,
                              hReferencedDomainNameLength,
                              SidNameUse);

     if (ret && lpReferencedDomainNameW)
     {
         WideCharToMultiByte(CP_ACP,
                             0,
                             lpReferencedDomainNameW,
                             *hReferencedDomainNameLength + 1,
                             ReferencedDomainName,
                             *hReferencedDomainNameLength + 1,
                             NULL,
                             NULL);
     }

     RtlFreeUnicodeString(&lpSystemW);
     RtlFreeUnicodeString(&lpAccountW);
     HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);

     return ret;
 }

 /**********************************************************************
  *  PrivilegeCheck                  EXPORTED
  *
  * @implemented
  */
 BOOL WINAPI
 PrivilegeCheck(HANDLE ClientToken,
                PPRIVILEGE_SET RequiredPrivileges,
                LPBOOL pfResult)
 {
     BOOLEAN Result;
     NTSTATUS Status;

     Status = NtPrivilegeCheck(ClientToken,
                               RequiredPrivileges,
                               &Result);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     *pfResult = (BOOL)Result;

     return TRUE;
 }

 /******************************************************************************
  * GetSecurityInfoExW         EXPORTED
  */
 DWORD
 WINAPI
 GetSecurityInfoExA(HANDLE hObject,
                    SE_OBJECT_TYPE ObjectType,
                    SECURITY_INFORMATION SecurityInfo,
                    LPCSTR lpProvider,
                    LPCSTR lpProperty,
                    PACTRL_ACCESSA *ppAccessList,
                    PACTRL_AUDITA *ppAuditList,
                    LPSTR *lppOwner,
                    LPSTR *lppGroup)
 {
     FIXME("%s() not implemented!\n", __FUNCTION__);
     return ERROR_BAD_PROVIDER;
 }


 /******************************************************************************
  * GetSecurityInfoExW         EXPORTED
  */
 DWORD
 WINAPI
 GetSecurityInfoExW(HANDLE hObject,
                    SE_OBJECT_TYPE ObjectType,
                    SECURITY_INFORMATION SecurityInfo,
                    LPCWSTR lpProvider,
                    LPCWSTR lpProperty,
                    PACTRL_ACCESSW *ppAccessList,
                    PACTRL_AUDITW *ppAuditList,
                    LPWSTR *lppOwner,
                    LPWSTR *lppGroup)
 {
     FIXME("%s() not implemented!\n", __FUNCTION__);
     return ERROR_BAD_PROVIDER;
 }

 /******************************************************************************
  * BuildExplicitAccessWithNameA [ADVAPI32.@]
  */
 VOID WINAPI
 BuildExplicitAccessWithNameA(PEXPLICIT_ACCESSA pExplicitAccess,
                              LPSTR pTrusteeName,
                              DWORD AccessPermissions,
                              ACCESS_MODE AccessMode,
                              DWORD Inheritance)
 {
     pExplicitAccess->grfAccessPermissions = AccessPermissions;
     pExplicitAccess->grfAccessMode = AccessMode;
     pExplicitAccess->grfInheritance = Inheritance;

     pExplicitAccess->Trustee.pMultipleTrustee = NULL;
     pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
     pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
     pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
     pExplicitAccess->Trustee.ptstrName = pTrusteeName;
 }


 /******************************************************************************
  * BuildExplicitAccessWithNameW [ADVAPI32.@]
  */
 VOID WINAPI
 BuildExplicitAccessWithNameW(PEXPLICIT_ACCESSW pExplicitAccess,
                              LPWSTR pTrusteeName,
                              DWORD AccessPermissions,
                              ACCESS_MODE AccessMode,
                              DWORD Inheritance)
 {
     pExplicitAccess->grfAccessPermissions = AccessPermissions;
     pExplicitAccess->grfAccessMode = AccessMode;
     pExplicitAccess->grfInheritance = Inheritance;

     pExplicitAccess->Trustee.pMultipleTrustee = NULL;
     pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
     pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
     pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
     pExplicitAccess->Trustee.ptstrName = pTrusteeName;
 }

 /******************************************************************************
  * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
  */
 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
                                              SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
                                              LPSTR InheritedObjectTypeName, LPSTR Name )
 {
     DWORD ObjectsPresent = 0;

     TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
           ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));

     /* Fill the OBJECTS_AND_NAME structure */
     pObjName->ObjectType = ObjectType;
     if (ObjectTypeName != NULL)
     {
         ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
     }

     pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
     if (InheritedObjectTypeName != NULL)
     {
         ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
     }

     pObjName->ObjectsPresent = ObjectsPresent;
     pObjName->ptstrName = Name;

     /* Fill the TRUSTEE structure */
     pTrustee->pMultipleTrustee = NULL;
     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
     pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
     pTrustee->ptstrName = (LPSTR)pObjName;
 }

 /******************************************************************************
  * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
  */
 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
                                              SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
                                              LPWSTR InheritedObjectTypeName, LPWSTR Name )
 {
     DWORD ObjectsPresent = 0;

     TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
           ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));

     /* Fill the OBJECTS_AND_NAME structure */
     pObjName->ObjectType = ObjectType;
     if (ObjectTypeName != NULL)
     {
         ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
     }

     pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
     if (InheritedObjectTypeName != NULL)
     {
         ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
     }

     pObjName->ObjectsPresent = ObjectsPresent;
     pObjName->ptstrName = Name;

     /* Fill the TRUSTEE structure */
     pTrustee->pMultipleTrustee = NULL;
     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
     pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
     pTrustee->ptstrName = (LPWSTR)pObjName;
 }

 /******************************************************************************
  * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
  */
 VOID WINAPI
 BuildTrusteeWithObjectsAndSidA(PTRUSTEEA pTrustee,
                                POBJECTS_AND_SID pObjSid,
                                GUID *pObjectGuid,
                                GUID *pInheritedObjectGuid,
                                PSID pSid)
 {
     DWORD ObjectsPresent = 0;

     TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);

     /* Fill the OBJECTS_AND_SID structure */
     if (pObjectGuid != NULL)
     {
         pObjSid->ObjectTypeGuid = *pObjectGuid;
         ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
     }
     else
     {
         ZeroMemory(&pObjSid->ObjectTypeGuid,
                    sizeof(GUID));
     }

     if (pInheritedObjectGuid != NULL)
     {
         pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
         ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
     }
     else
     {
         ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
                    sizeof(GUID));
     }

     pObjSid->ObjectsPresent = ObjectsPresent;
     pObjSid->pSid = pSid;

     /* Fill the TRUSTEE structure */
     pTrustee->pMultipleTrustee = NULL;
     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
     pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
     pTrustee->ptstrName = (LPSTR) pObjSid;
 }


 /******************************************************************************
  * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
  */
 VOID WINAPI
 BuildTrusteeWithObjectsAndSidW(PTRUSTEEW pTrustee,
                                POBJECTS_AND_SID pObjSid,
                                GUID *pObjectGuid,
                                GUID *pInheritedObjectGuid,
                                PSID pSid)
 {
     DWORD ObjectsPresent = 0;

     TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);

     /* Fill the OBJECTS_AND_SID structure */
     if (pObjectGuid != NULL)
     {
         pObjSid->ObjectTypeGuid = *pObjectGuid;
         ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
     }
     else
     {
         ZeroMemory(&pObjSid->ObjectTypeGuid,
                    sizeof(GUID));
     }

     if (pInheritedObjectGuid != NULL)
     {
         pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
         ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
     }
     else
     {
         ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
                    sizeof(GUID));
     }

     pObjSid->ObjectsPresent = ObjectsPresent;
     pObjSid->pSid = pSid;

     /* Fill the TRUSTEE structure */
     pTrustee->pMultipleTrustee = NULL;
     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
     pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
     pTrustee->ptstrName = (LPWSTR) pObjSid;
 }

 /******************************************************************************
  * BuildTrusteeWithSidA [ADVAPI32.@]
  */
 VOID WINAPI
 BuildTrusteeWithSidA(PTRUSTEE_A pTrustee,
                      PSID pSid)
 {
     TRACE("%p %p\n", pTrustee, pSid);

     pTrustee->pMultipleTrustee = NULL;
     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
     pTrustee->TrusteeForm = TRUSTEE_IS_SID;
     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
     pTrustee->ptstrName = (LPSTR) pSid;
 }


 /******************************************************************************
  * BuildTrusteeWithSidW [ADVAPI32.@]
  */
 VOID WINAPI
 BuildTrusteeWithSidW(PTRUSTEE_W pTrustee,
                      PSID pSid)
 {
     TRACE("%p %p\n", pTrustee, pSid);

     pTrustee->pMultipleTrustee = NULL;
     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
     pTrustee->TrusteeForm = TRUSTEE_IS_SID;
     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
     pTrustee->ptstrName = (LPWSTR) pSid;
 }

 /******************************************************************************
  * BuildTrusteeWithNameA [ADVAPI32.@]
  */
 VOID WINAPI
 BuildTrusteeWithNameA(PTRUSTEE_A pTrustee,
                       LPSTR name)
 {
     TRACE("%p %s\n", pTrustee, name);

     pTrustee->pMultipleTrustee = NULL;
     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
     pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
     pTrustee->ptstrName = name;
 }

 /******************************************************************************
  * BuildTrusteeWithNameW [ADVAPI32.@]
  */
 VOID WINAPI
 BuildTrusteeWithNameW(PTRUSTEE_W pTrustee,
                       LPWSTR name)
 {
     TRACE("%p %s\n", pTrustee, name);

     pTrustee->pMultipleTrustee = NULL;
     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
     pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
     pTrustee->ptstrName = name;
 }

 /******************************************************************************
  * GetTrusteeFormA [ADVAPI32.@]
  */
 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
 {
     TRACE("(%p)\n", pTrustee);

     if (!pTrustee)
         return TRUSTEE_BAD_FORM;

     return pTrustee->TrusteeForm;
 }

 /******************************************************************************
  * GetTrusteeFormW [ADVAPI32.@]
  */
 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
 {
     TRACE("(%p)\n", pTrustee);

     if (!pTrustee)
         return TRUSTEE_BAD_FORM;

     return pTrustee->TrusteeForm;
 }

 /******************************************************************************
  * GetTrusteeNameA [ADVAPI32.@]
  */
 LPSTR WINAPI
 GetTrusteeNameA(PTRUSTEE_A pTrustee)
 {
     return pTrustee->ptstrName;
 }


 /******************************************************************************
  * GetTrusteeNameW [ADVAPI32.@]
  */
 LPWSTR WINAPI
 GetTrusteeNameW(PTRUSTEE_W pTrustee)
 {
     return pTrustee->ptstrName;
 }

 /******************************************************************************
  * GetTrusteeTypeA [ADVAPI32.@]
  */
 TRUSTEE_TYPE WINAPI
 GetTrusteeTypeA(PTRUSTEE_A pTrustee)
 {
     return pTrustee->TrusteeType;
 }

 /******************************************************************************
  * GetTrusteeTypeW [ADVAPI32.@]
  */
 TRUSTEE_TYPE WINAPI
 GetTrusteeTypeW(PTRUSTEE_W pTrustee)
 {
     return pTrustee->TrusteeType;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 SetAclInformation(PACL pAcl,
                   LPVOID pAclInformation,
                   DWORD nAclInformationLength,
                   ACL_INFORMATION_CLASS dwAclInformationClass)
 {
     NTSTATUS Status;

     Status = RtlSetInformationAcl(pAcl,
                                   pAclInformation,
                                   nAclInformationLength,
                                   dwAclInformationClass);
     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     return TRUE;
 }

 /**********************************************************************
  * SetNamedSecurityInfoA            EXPORTED
  *
  * @implemented
  */
 DWORD
 WINAPI
 SetNamedSecurityInfoA(LPSTR pObjectName,
                       SE_OBJECT_TYPE ObjectType,
                       SECURITY_INFORMATION SecurityInfo,
                       PSID psidOwner,
                       PSID psidGroup,
                       PACL pDacl,
                       PACL pSacl)
 {
     UNICODE_STRING ObjectName;
     DWORD Ret;

     if (!RtlCreateUnicodeStringFromAsciiz(&ObjectName, pObjectName))
     {
         return ERROR_NOT_ENOUGH_MEMORY;
     }

     Ret = SetNamedSecurityInfoW(ObjectName.Buffer,
                                 ObjectType,
                                 SecurityInfo,
                                 psidOwner,
                                 psidGroup,
                                 pDacl,
                                 pSacl);

     RtlFreeUnicodeString(&ObjectName);

     return Ret;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 AreAllAccessesGranted(DWORD GrantedAccess,
                       DWORD DesiredAccess)
 {
     return (BOOL)RtlAreAllAccessesGranted(GrantedAccess,
                                           DesiredAccess);
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 AreAnyAccessesGranted(DWORD GrantedAccess,
                       DWORD DesiredAccess)
 {
     return (BOOL)RtlAreAnyAccessesGranted(GrantedAccess,
                                           DesiredAccess);
 }

 /******************************************************************************
  * ParseAclStringFlags
  */
 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
 {
     DWORD flags = 0;
     LPCWSTR szAcl = *StringAcl;

     while (*szAcl && *szAcl != '(')
     {
         if (*szAcl == 'P')
         {
             flags |= SE_DACL_PROTECTED;
         }
         else if (*szAcl == 'A')
         {
             szAcl++;
             if (*szAcl == 'R')
                 flags |= SE_DACL_AUTO_INHERIT_REQ;
             else if (*szAcl == 'I')
                 flags |= SE_DACL_AUTO_INHERITED;
         }
         szAcl++;
     }

     *StringAcl = szAcl;
     return flags;
 }

 /******************************************************************************
  * ParseAceStringType
  */
 static const ACEFLAG AceType[] =
 {
     { SDDL_ALARM,          SYSTEM_ALARM_ACE_TYPE },
     { SDDL_AUDIT,          SYSTEM_AUDIT_ACE_TYPE },
     { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
     { SDDL_ACCESS_DENIED,  ACCESS_DENIED_ACE_TYPE },
     { SDDL_MANDATORY_LABEL,SYSTEM_MANDATORY_LABEL_ACE_TYPE },
     /*
     { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
     { SDDL_OBJECT_ACCESS_DENIED,  ACCESS_DENIED_OBJECT_ACE_TYPE },
     { SDDL_OBJECT_ALARM,          SYSTEM_ALARM_OBJECT_ACE_TYPE },
     { SDDL_OBJECT_AUDIT,          SYSTEM_AUDIT_OBJECT_ACE_TYPE },
     */
     { NULL, 0 },
 };

 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
 {
     UINT len = 0;
     LPCWSTR szAcl = *StringAcl;
     const ACEFLAG *lpaf = AceType;

     while (*szAcl == ' ')
         szAcl++;

     while (lpaf->wstr &&
         (len = strlenW(lpaf->wstr)) &&
         strncmpW(lpaf->wstr, szAcl, len))
         lpaf++;

     if (!lpaf->wstr)
         return 0;

     *StringAcl = szAcl + len;
     return lpaf->value;
 }


 /******************************************************************************
  * ParseAceStringFlags
  */
 static const ACEFLAG AceFlags[] =
 {
     { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
     { SDDL_AUDIT_FAILURE,     FAILED_ACCESS_ACE_FLAG },
     { SDDL_INHERITED,         INHERITED_ACE },
     { SDDL_INHERIT_ONLY,      INHERIT_ONLY_ACE },
     { SDDL_NO_PROPAGATE,      NO_PROPAGATE_INHERIT_ACE },
     { SDDL_OBJECT_INHERIT,    OBJECT_INHERIT_ACE },
     { SDDL_AUDIT_SUCCESS,     SUCCESSFUL_ACCESS_ACE_FLAG },
     { NULL, 0 },
 };

 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
 {
     UINT len = 0;
     BYTE flags = 0;
     LPCWSTR szAcl = *StringAcl;

     while (*szAcl == ' ')
         szAcl++;

     while (*szAcl != ';')
     {
         const ACEFLAG *lpaf = AceFlags;

         while (lpaf->wstr &&
                (len = strlenW(lpaf->wstr)) &&
                strncmpW(lpaf->wstr, szAcl, len))
             lpaf++;

         if (!lpaf->wstr)
             return 0;

     flags |= lpaf->value;
         szAcl += len;
     }

     *StringAcl = szAcl;
     return flags;
 }


 /******************************************************************************
  * ParseAceStringRights
  */
 static const ACEFLAG AceRights[] =
 {
     { SDDL_GENERIC_ALL,     GENERIC_ALL },
     { SDDL_GENERIC_READ,    GENERIC_READ },
     { SDDL_GENERIC_WRITE,   GENERIC_WRITE },
     { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },

     { SDDL_READ_CONTROL,    READ_CONTROL },
     { SDDL_STANDARD_DELETE, DELETE },
     { SDDL_WRITE_DAC,       WRITE_DAC },
     { SDDL_WRITE_OWNER,     WRITE_OWNER },

     { SDDL_READ_PROPERTY,   ADS_RIGHT_DS_READ_PROP},
     { SDDL_WRITE_PROPERTY,  ADS_RIGHT_DS_WRITE_PROP},
     { SDDL_CREATE_CHILD,    ADS_RIGHT_DS_CREATE_CHILD},
     { SDDL_DELETE_CHILD,    ADS_RIGHT_DS_DELETE_CHILD},
     { SDDL_LIST_CHILDREN,   ADS_RIGHT_ACTRL_DS_LIST},
     { SDDL_SELF_WRITE,      ADS_RIGHT_DS_SELF},
     { SDDL_LIST_OBJECT,     ADS_RIGHT_DS_LIST_OBJECT},
     { SDDL_DELETE_TREE,     ADS_RIGHT_DS_DELETE_TREE},
     { SDDL_CONTROL_ACCESS,  ADS_RIGHT_DS_CONTROL_ACCESS},

     { SDDL_FILE_ALL,        FILE_ALL_ACCESS },
     { SDDL_FILE_READ,       FILE_GENERIC_READ },
     { SDDL_FILE_WRITE,      FILE_GENERIC_WRITE },
     { SDDL_FILE_EXECUTE,    FILE_GENERIC_EXECUTE },

     { SDDL_KEY_ALL,         KEY_ALL_ACCESS },
     { SDDL_KEY_READ,        KEY_READ },
     { SDDL_KEY_WRITE,       KEY_WRITE },
     { SDDL_KEY_EXECUTE,     KEY_EXECUTE },

     { SDDL_NO_READ_UP,      SYSTEM_MANDATORY_LABEL_NO_READ_UP },
     { SDDL_NO_WRITE_UP,     SYSTEM_MANDATORY_LABEL_NO_WRITE_UP },
     { SDDL_NO_EXECUTE_UP,   SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP },
     { NULL, 0 },
 };

 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
 {
     UINT len = 0;
     DWORD rights = 0;
     LPCWSTR szAcl = *StringAcl;

     while (*szAcl == ' ')
         szAcl++;

     if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
     {
         LPCWSTR p = szAcl;

     while (*p && *p != ';')
             p++;

     if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
     {
         rights = strtoulW(szAcl, NULL, 16);
         szAcl = p;
     }
     else
             WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
     }
     else
     {
         while (*szAcl != ';')
         {
             const ACEFLAG *lpaf = AceRights;

             while (lpaf->wstr &&
                (len = strlenW(lpaf->wstr)) &&
                strncmpW(lpaf->wstr, szAcl, len))
         {
                lpaf++;
         }

             if (!lpaf->wstr)
                 return 0;

         rights |= lpaf->value;
             szAcl += len;
         }
     }

     *StringAcl = szAcl;
     return rights;
 }


 /******************************************************************************
  * ParseStringAclToAcl
  *
  * dacl_flags(string_ace1)(string_ace2)... (string_acen)
  */
 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
     PACL pAcl, LPDWORD cBytes)
 {
     DWORD val;
     DWORD sidlen;
     DWORD length = sizeof(ACL);
     DWORD acesize = 0;
     DWORD acecount = 0;
     PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
     DWORD error = ERROR_INVALID_ACL;

     TRACE("%s\n", debugstr_w(StringAcl));

     if (!StringAcl)
     return FALSE;

     if (pAcl) /* pAce is only useful if we're setting values */
         pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);

     /* Parse ACL flags */
     *lpdwFlags = ParseAclStringFlags(&StringAcl);

     /* Parse ACE */
     while (*StringAcl == '(')
     {
         StringAcl++;

         /* Parse ACE type */
         val = ParseAceStringType(&StringAcl);
     if (pAce)
             pAce->Header.AceType = (BYTE) val;
         if (*StringAcl != ';')
         {
             error = RPC_S_INVALID_STRING_UUID;
             goto lerr;
         }
         StringAcl++;

         /* Parse ACE flags */
     val = ParseAceStringFlags(&StringAcl);
     if (pAce)
             pAce->Header.AceFlags = (BYTE) val;
         if (*StringAcl != ';')
             goto lerr;
         StringAcl++;

         /* Parse ACE rights */
     val = ParseAceStringRights(&StringAcl);
     if (pAce)
             pAce->Mask = val;
         if (*StringAcl != ';')
             goto lerr;
         StringAcl++;

         /* Parse ACE object guid */
         while (*StringAcl == ' ')
             StringAcl++;
         if (*StringAcl != ';')
         {
             FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
             goto lerr;
         }
         StringAcl++;

         /* Parse ACE inherit object guid */
         while (*StringAcl == ' ')
             StringAcl++;
         if (*StringAcl != ';')
         {
             FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
             goto lerr;
         }
         StringAcl++;

         /* Parse ACE account sid */
         if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen))
     {
             while (*StringAcl && *StringAcl != ')')
                 StringAcl++;
     }

         if (*StringAcl != ')')
             goto lerr;
         StringAcl++;

         acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
         length += acesize;
         if (pAce)
         {
             pAce->Header.AceSize = acesize;
             pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize);
         }
         acecount++;
     }

     *cBytes = length;

     if (length > 0xffff)
     {
         ERR("ACL too large\n");
         goto lerr;
     }

     if (pAcl)
     {
         pAcl->AclRevision = ACL_REVISION;
         pAcl->Sbz1 = 0;
         pAcl->AclSize = length;
         pAcl->AceCount = acecount;
         pAcl->Sbz2 = 0;
     }
     return TRUE;

 lerr:
     SetLastError(error);
     WARN("Invalid ACE string format\n");
     return FALSE;
 }

 /******************************************************************************
  * ParseStringSecurityDescriptorToSecurityDescriptor
  */
 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
     LPCWSTR StringSecurityDescriptor,
     SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
     LPDWORD cBytes)
 {
     BOOL bret = FALSE;
     WCHAR toktype;
     WCHAR *tok;
     LPCWSTR lptoken;
     LPBYTE lpNext = NULL;
     DWORD len;

     *cBytes = sizeof(SECURITY_DESCRIPTOR_RELATIVE);

     tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));

     if (SecurityDescriptor)
         lpNext = (LPBYTE)(SecurityDescriptor + 1);

     while (*StringSecurityDescriptor == ' ')
         StringSecurityDescriptor++;

     while (*StringSecurityDescriptor)
     {
         toktype = *StringSecurityDescriptor;

     /* Expect char identifier followed by ':' */
     StringSecurityDescriptor++;
         if (*StringSecurityDescriptor != ':')
         {
             SetLastError(ERROR_INVALID_PARAMETER);
             goto lend;
         }
     StringSecurityDescriptor++;

     /* Extract token */
     lptoken = StringSecurityDescriptor;
     while (*lptoken && *lptoken != ':')
             lptoken++;

     if (*lptoken)
             lptoken--;

         len = lptoken - StringSecurityDescriptor;
         memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
         tok[len] = 0;

         switch (toktype)
     {
             case 'O':
             {
                 DWORD bytes;

                 if (!ParseStringSidToSid(tok, lpNext, &bytes))
                     goto lend;

                 if (SecurityDescriptor)
                 {
                     SecurityDescriptor->Owner = lpNext - (LPBYTE)SecurityDescriptor;
                     lpNext += bytes; /* Advance to next token */
                 }

         *cBytes += bytes;

                 break;
             }

             case 'G':
             {
                 DWORD bytes;

                 if (!ParseStringSidToSid(tok, lpNext, &bytes))
                     goto lend;

                 if (SecurityDescriptor)
                 {
                     SecurityDescriptor->Group = lpNext - (LPBYTE)SecurityDescriptor;
                     lpNext += bytes; /* Advance to next token */
                 }

         *cBytes += bytes;

                 break;
             }

             case 'D':
         {
                 DWORD flags;
                 DWORD bytes;

                 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
                     goto lend;

                 if (SecurityDescriptor)
                 {
                     SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
                     SecurityDescriptor->Dacl = lpNext - (LPBYTE)SecurityDescriptor;
                     lpNext += bytes; /* Advance to next token */
         }

         *cBytes += bytes;

         break;
             }

             case 'S':
             {
                 DWORD flags;
                 DWORD bytes;

                 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
                     goto lend;

                 if (SecurityDescriptor)
                 {
                     SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
                     SecurityDescriptor->Sacl = lpNext - (LPBYTE)SecurityDescriptor;
                     lpNext += bytes; /* Advance to next token */
         }

         *cBytes += bytes;

         break;
             }

             default:
                 FIXME("Unknown token\n");
                 SetLastError(ERROR_INVALID_PARAMETER);
         goto lend;
     }

         StringSecurityDescriptor = lptoken;
     }

     bret = TRUE;

 lend:
     heap_free(tok);
     return bret;
 }

 /* Winehq cvs 20050916 */
 /******************************************************************************
  * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
  * @implemented
  */
 BOOL
 WINAPI
 ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor,
                                                      DWORD StringSDRevision,
                                                      PSECURITY_DESCRIPTOR* SecurityDescriptor,
                                                      PULONG SecurityDescriptorSize)
 {
     UINT len;
     BOOL ret = FALSE;
     LPWSTR StringSecurityDescriptorW;

     len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
     StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));

     if (StringSecurityDescriptorW)
     {
         MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);

         ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
                                                                    StringSDRevision, SecurityDescriptor,
                                                                    SecurityDescriptorSize);
         HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
     }

     return ret;
 }

 /******************************************************************************
  * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
  * @implemented
  */
 BOOL WINAPI
 ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor,
                                                      DWORD StringSDRevision,
                                                      PSECURITY_DESCRIPTOR* SecurityDescriptor,
                                                      PULONG SecurityDescriptorSize)
 {
     DWORD cBytes;
     SECURITY_DESCRIPTOR* psd;
     BOOL bret = FALSE;

     TRACE("%s\n", debugstr_w(StringSecurityDescriptor));

     if (GetVersion() & 0x80000000)
     {
         SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
         goto lend;
     }
     else if (!StringSecurityDescriptor || !SecurityDescriptor)
     {
         SetLastError(ERROR_INVALID_PARAMETER);
         goto lend;
     }
     else if (StringSDRevision != SID_REVISION)
     {
         SetLastError(ERROR_UNKNOWN_REVISION);
         goto lend;
     }

     /* Compute security descriptor length */
     if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
         NULL, &cBytes))
         goto lend;

     psd = *SecurityDescriptor = LocalAlloc(GMEM_ZEROINIT, cBytes);
     if (!psd) goto lend;

     psd->Revision = SID_REVISION;
     psd->Control |= SE_SELF_RELATIVE;

     if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
              (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
     {
         LocalFree(psd);
         goto lend;
     }

     if (SecurityDescriptorSize)
         *SecurityDescriptorSize = cBytes;

     bret = TRUE;

 lend:
     TRACE(" ret=%d\n", bret);
     return bret;
 }

 static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
 {
     if (cch == -1)
         cch = strlenW(string);

     if (plen)
         *plen += cch;

     if (pwptr)
     {
         memcpy(*pwptr, string, sizeof(WCHAR)*cch);
         *pwptr += cch;
     }
 }

 static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
 {
     DWORD i;
     WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
     WCHAR subauthfmt[] = { '-','%','u',0 };
     WCHAR buf[26];
     SID *pisid = psid;

     if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
     {
         SetLastError(ERROR_INVALID_SID);
         return FALSE;
     }

     if (pisid->IdentifierAuthority.Value[0] ||
      pisid->IdentifierAuthority.Value[1])
     {
         FIXME("not matching MS' bugs\n");
         SetLastError(ERROR_INVALID_SID);
         return FALSE;
     }

     sprintfW( buf, fmt, pisid->Revision,
         MAKELONG(
             MAKEWORD( pisid->IdentifierAuthority.Value[5],
                     pisid->IdentifierAuthority.Value[4] ),
             MAKEWORD( pisid->IdentifierAuthority.Value[3],
                     pisid->IdentifierAuthority.Value[2] )
         ) );
     DumpString(buf, -1, pwptr, plen);

     for( i=0; i<pisid->SubAuthorityCount; i++ )
     {
         sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
         DumpString(buf, -1, pwptr, plen);
     }
     return TRUE;
 }

 static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
 {
     size_t i;
     for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
     {
         if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
         {
             DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
             return TRUE;
         }
     }

     return DumpSidNumeric(psid, pwptr, plen);
 }

 static const LPCWSTR AceRightBitNames[32] = {
         SDDL_CREATE_CHILD,        /*  0 */
         SDDL_DELETE_CHILD,
         SDDL_LIST_CHILDREN,
         SDDL_SELF_WRITE,
         SDDL_READ_PROPERTY,       /*  4 */
         SDDL_WRITE_PROPERTY,
         SDDL_DELETE_TREE,
         SDDL_LIST_OBJECT,
         SDDL_CONTROL_ACCESS,      /*  8 */
         NULL,
         NULL,
         NULL,
         NULL,                     /* 12 */
         NULL,
         NULL,
         NULL,
         SDDL_STANDARD_DELETE,     /* 16 */
         SDDL_READ_CONTROL,
         SDDL_WRITE_DAC,
         SDDL_WRITE_OWNER,
         NULL,                     /* 20 */
         NULL,
         NULL,
         NULL,
         NULL,                     /* 24 */
         NULL,
         NULL,
         NULL,
         SDDL_GENERIC_ALL,         /* 28 */
         SDDL_GENERIC_EXECUTE,
         SDDL_GENERIC_WRITE,
         SDDL_GENERIC_READ
 };

 static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
 {
     static const WCHAR fmtW[] = {'0','x','%','x',0};
     WCHAR buf[15];
     size_t i;

     if (mask == 0)
         return;

     /* first check if the right have name */
     for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
     {
         if (AceRights[i].wstr == NULL)
             break;
         if (mask == AceRights[i].value)
         {
             DumpString(AceRights[i].wstr, -1, pwptr, plen);
             return;
         }
     }

     /* then check if it can be built from bit names */
     for (i = 0; i < 32; i++)
     {
         if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
         {
             /* can't be built from bit names */
             sprintfW(buf, fmtW, mask);
             DumpString(buf, -1, pwptr, plen);
             return;
         }
     }

     /* build from bit names */
     for (i = 0; i < 32; i++)
         if (mask & (1 << i))
             DumpString(AceRightBitNames[i], -1, pwptr, plen);
 }

 static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
 {
     ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
     static const WCHAR openbr = '(';
     static const WCHAR closebr = ')';
     static const WCHAR semicolon = ';';

     if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
     {
         SetLastError(ERROR_INVALID_ACL);
         return FALSE;
     }

     piace = pace;
     DumpString(&openbr, 1, pwptr, plen);
     switch (piace->Header.AceType)
     {
         case ACCESS_ALLOWED_ACE_TYPE:
             DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
             break;
         case ACCESS_DENIED_ACE_TYPE:
             DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
             break;
         case SYSTEM_AUDIT_ACE_TYPE:
             DumpString(SDDL_AUDIT, -1, pwptr, plen);
             break;
         case SYSTEM_ALARM_ACE_TYPE:
             DumpString(SDDL_ALARM, -1, pwptr, plen);
             break;
     }
     DumpString(&semicolon, 1, pwptr, plen);

     if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
         DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
     if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
         DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
     if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE)
         DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
     if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
         DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
     if (piace->Header.AceFlags & INHERITED_ACE)
         DumpString(SDDL_INHERITED, -1, pwptr, plen);
     if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
         DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
     if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
         DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
     DumpString(&semicolon, 1, pwptr, plen);
     DumpRights(piace->Mask, pwptr, plen);
     DumpString(&semicolon, 1, pwptr, plen);
     /* objects not supported */
     DumpString(&semicolon, 1, pwptr, plen);
     /* objects not supported */
     DumpString(&semicolon, 1, pwptr, plen);
     if (!DumpSid((PSID)&piace->SidStart, pwptr, plen))
         return FALSE;
     DumpString(&closebr, 1, pwptr, plen);
     return TRUE;
 }

 static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
 {
     WORD count;
     int i;

     if (protected)
         DumpString(SDDL_PROTECTED, -1, pwptr, plen);
     if (autoInheritReq)
         DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
     if (autoInherited)
         DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);

     if (pacl == NULL)
         return TRUE;

     if (!IsValidAcl(pacl))
         return FALSE;

     count = pacl->AceCount;
     for (i = 0; i < count; i++)
     {
         LPVOID ace;
         if (!GetAce(pacl, i, &ace))
             return FALSE;
         if (!DumpAce(ace, pwptr, plen))
             return FALSE;
     }

     return TRUE;
 }

 static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 {
     static const WCHAR prefix[] = {'O',':',0};
     BOOL bDefaulted;
     PSID psid;

     if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
         return FALSE;

     if (psid == NULL)
         return TRUE;

     DumpString(prefix, -1, pwptr, plen);
     if (!DumpSid(psid, pwptr, plen))
         return FALSE;
     return TRUE;
 }

 static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 {
     static const WCHAR prefix[] = {'G',':',0};
     BOOL bDefaulted;
     PSID psid;

     if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
         return FALSE;

     if (psid == NULL)
         return TRUE;

     DumpString(prefix, -1, pwptr, plen);
     if (!DumpSid(psid, pwptr, plen))
         return FALSE;
     return TRUE;
 }

 static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 {
     static const WCHAR dacl[] = {'D',':',0};
     SECURITY_DESCRIPTOR_CONTROL control;
     BOOL present, defaulted;
     DWORD revision;
     PACL pacl;

     if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
         return FALSE;

     if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
         return FALSE;

     if (!present)
         return TRUE;

     DumpString(dacl, 2, pwptr, plen);
     if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
         return FALSE;
     return TRUE;
 }

 static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
 {
     static const WCHAR sacl[] = {'S',':',0};
     SECURITY_DESCRIPTOR_CONTROL control;
     BOOL present, defaulted;
     DWORD revision;
     PACL pacl;

     if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
         return FALSE;

     if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
         return FALSE;

     if (!present)
         return TRUE;

     DumpString(sacl, 2, pwptr, plen);
     if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
         return FALSE;
     return TRUE;
 }

 /******************************************************************************
  * ConvertSecurityDescriptorToStringSecurityDescriptorW [ADVAPI32.@]
  */
 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
 {
     ULONG len;
     WCHAR *wptr, *wstr;

     if (SDRevision != SDDL_REVISION_1)
     {
         ERR("Program requested unknown SDDL revision %d\n", SDRevision);
         SetLastError(ERROR_UNKNOWN_REVISION);
         return FALSE;
     }

     len = 0;
     if (RequestedInformation & OWNER_SECURITY_INFORMATION)
         if (!DumpOwner(SecurityDescriptor, NULL, &len))
             return FALSE;
     if (RequestedInformation & GROUP_SECURITY_INFORMATION)
         if (!DumpGroup(SecurityDescriptor, NULL, &len))
             return FALSE;
     if (RequestedInformation & DACL_SECURITY_INFORMATION)
         if (!DumpDacl(SecurityDescriptor, NULL, &len))
             return FALSE;
     if (RequestedInformation & SACL_SECURITY_INFORMATION)
         if (!DumpSacl(SecurityDescriptor, NULL, &len))
             return FALSE;

     wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
 #ifdef __REACTOS__
     if (wstr == NULL)
         return FALSE;
 #endif

     if (RequestedInformation & OWNER_SECURITY_INFORMATION)
         if (!DumpOwner(SecurityDescriptor, &wptr, NULL)) {
             LocalFree (wstr);
             return FALSE;
         }
     if (RequestedInformation & GROUP_SECURITY_INFORMATION)
         if (!DumpGroup(SecurityDescriptor, &wptr, NULL)) {
             LocalFree (wstr);
             return FALSE;
         }
     if (RequestedInformation & DACL_SECURITY_INFORMATION)
         if (!DumpDacl(SecurityDescriptor, &wptr, NULL)) {
             LocalFree (wstr);
             return FALSE;
         }
     if (RequestedInformation & SACL_SECURITY_INFORMATION)
         if (!DumpSacl(SecurityDescriptor, &wptr, NULL)) {
             LocalFree (wstr);
             return FALSE;
         }
     *wptr = 0;

     TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
     *OutputString = wstr;
     if (OutputLen)
         *OutputLen = strlenW(*OutputString)+1;
     return TRUE;
 }

 /******************************************************************************
  * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
  */
 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
 {
     LPWSTR wstr;
     ULONG len;
     if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
     {
         int lenA;

         lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
         *OutputString = heap_alloc(lenA);
 #ifdef __REACTOS__
         if (*OutputString == NULL)
         {
             LocalFree(wstr);
             *OutputLen = 0;
             return FALSE;
         }
 #endif
         WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
         LocalFree(wstr);

         if (OutputLen != NULL)
             *OutputLen = lenA;
         return TRUE;
     }
     else
     {
         *OutputString = NULL;
         if (OutputLen)
             *OutputLen = 0;
         return FALSE;
     }
 }

 /******************************************************************************
  * ConvertStringSidToSidW [ADVAPI32.@]
  */
 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
 {
     BOOL bret = FALSE;
     DWORD cBytes;

     TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
     if (GetVersion() & 0x80000000)
         SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
     else if (!StringSid || !Sid)
         SetLastError(ERROR_INVALID_PARAMETER);
     else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
     {
         PSID pSid = *Sid = LocalAlloc(0, cBytes);

         bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
         if (!bret)
             LocalFree(*Sid);
     }
     return bret;
 }

 /******************************************************************************
  * ConvertStringSidToSidA [ADVAPI32.@]
  */
 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
 {
     BOOL bret = FALSE;

     TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
     if (GetVersion() & 0x80000000)
         SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
     else if (!StringSid || !Sid)
         SetLastError(ERROR_INVALID_PARAMETER);
     else
     {
         WCHAR *wStringSid = SERV_dup(StringSid);
         bret = ConvertStringSidToSidW(wStringSid, Sid);
         heap_free(wStringSid);
     }
     return bret;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 ConvertSidToStringSidW(PSID Sid,
                        LPWSTR *StringSid)
 {
     NTSTATUS Status;
     UNICODE_STRING UnicodeString;
     WCHAR FixedBuffer[64];

     if (!RtlValidSid(Sid))
     {
         SetLastError(ERROR_INVALID_SID);
         return FALSE;
     }

     UnicodeString.Length = 0;
     UnicodeString.MaximumLength = sizeof(FixedBuffer);
     UnicodeString.Buffer = FixedBuffer;
     Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, FALSE);
     if (STATUS_BUFFER_TOO_SMALL == Status)
     {
         Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, TRUE);
     }

     if (!NT_SUCCESS(Status))
     {
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     *StringSid = LocalAlloc(LMEM_FIXED, UnicodeString.Length + sizeof(WCHAR));
     if (NULL == *StringSid)
     {
         if (UnicodeString.Buffer != FixedBuffer)
         {
             RtlFreeUnicodeString(&UnicodeString);
         }
       SetLastError(ERROR_NOT_ENOUGH_MEMORY);
       return FALSE;
     }

     MoveMemory(*StringSid, UnicodeString.Buffer, UnicodeString.Length);
     ZeroMemory((PCHAR) *StringSid + UnicodeString.Length, sizeof(WCHAR));
     if (UnicodeString.Buffer != FixedBuffer)
     {
         RtlFreeUnicodeString(&UnicodeString);
     }

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL
 WINAPI
 ConvertSidToStringSidA(PSID Sid,
                        LPSTR *StringSid)
 {
     LPWSTR StringSidW;
     int Len;

     if (!ConvertSidToStringSidW(Sid, &StringSidW))
     {
         return FALSE;
     }

     Len = WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, NULL, 0, NULL, NULL);
     if (Len <= 0)
     {
         LocalFree(StringSidW);
         SetLastError(ERROR_NOT_ENOUGH_MEMORY);
         return FALSE;
     }

     *StringSid = LocalAlloc(LMEM_FIXED, Len);
     if (NULL == *StringSid)
     {
         LocalFree(StringSidW);
         SetLastError(ERROR_NOT_ENOUGH_MEMORY);
         return FALSE;
     }

     if (!WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, *StringSid, Len, NULL, NULL))
     {
         LocalFree(StringSid);
         LocalFree(StringSidW);
         return FALSE;
     }

     LocalFree(StringSidW);

     return TRUE;
 }

 /*
  * @unimplemented
  */
 BOOL
 WINAPI
 CreateProcessWithLogonW(
     _In_ LPCWSTR lpUsername,
     _In_opt_ LPCWSTR lpDomain,
     _In_ LPCWSTR lpPassword,
     _In_ DWORD dwLogonFlags,
     _In_opt_ LPCWSTR lpApplicationName,
     _Inout_opt_ LPWSTR lpCommandLine,
     _In_ DWORD dwCreationFlags,
     _In_opt_ LPVOID lpEnvironment,
     _In_opt_ LPCWSTR lpCurrentDirectory,
     _In_ LPSTARTUPINFOW lpStartupInfo,
     _Out_ LPPROCESS_INFORMATION lpProcessInformation)
 {
     LPWSTR pszStringBinding = NULL;
     handle_t hBinding = NULL;
     SECL_REQUEST Request;
     SECL_RESPONSE Response;
     RPC_STATUS Status;

     TRACE("CreateProcessWithLogonW(%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p)\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
     debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
     debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
     lpStartupInfo, lpProcessInformation);

     Status = RpcStringBindingComposeW(NULL,
                                       L"ncacn_np",
                                       NULL,
                                       L"\\pipe\\seclogon",
                                       NULL,
                                       &pszStringBinding);
     if (Status != RPC_S_OK)
     {
         WARN("RpcStringBindingCompose returned 0x%x\n", Status);
         SetLastError(Status);
         return FALSE;
     }

     /* Set the binding handle that will be used to bind to the server. */
     Status = RpcBindingFromStringBindingW(pszStringBinding,
                                           &hBinding);
     if (Status != RPC_S_OK)
     {
         WARN("RpcBindingFromStringBinding returned 0x%x\n", Status);
     }

     Status = RpcStringFreeW(&pszStringBinding);
     if (Status != RPC_S_OK)
     {
         WARN("RpcStringFree returned 0x%x\n", Status);
     }

     Request.Username = (LPWSTR)lpUsername;
     Request.Domain = (LPWSTR)lpDomain;
     Request.Password = (LPWSTR)lpPassword;
     Request.ApplicationName = (LPWSTR)lpApplicationName;
     Request.CommandLine = (LPWSTR)lpCommandLine;
     Request.CurrentDirectory = (LPWSTR)lpCurrentDirectory;

     Request.dwLogonFlags = dwLogonFlags;
     Request.dwCreationFlags = dwCreationFlags;

     Response.ulError = ERROR_SUCCESS;

     RpcTryExcept
     {
         SeclCreateProcessWithLogonW(hBinding, &Request, &Response);
     }
     RpcExcept(EXCEPTION_EXECUTE_HANDLER)
     {
         WARN("Exception: %lx\n", RpcExceptionCode());
     }
     RpcEndExcept;

     if (hBinding)
     {
         Status = RpcBindingFree(&hBinding);
         if (Status != RPC_S_OK)
         {
             WARN("RpcBindingFree returned 0x%x\n", Status);
         }

         hBinding = NULL;
     }

     TRACE("Response.ulError %lu\n", Response.ulError);
     if (Response.ulError != ERROR_SUCCESS)
         SetLastError(Response.ulError);

     TRACE("CreateProcessWithLogonW() done\n");

     return (Response.ulError == ERROR_SUCCESS);
 }

 BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line,
         DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info,
         PROCESS_INFORMATION *process_information )
 {
     FIXME("%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n", token,
           logon_flags, debugstr_w(application_name), debugstr_w(command_line),
           creation_flags, environment, debugstr_w(current_directory),
           startup_info, process_information);

     /* FIXME: check if handles should be inherited */
     return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
                            current_directory, startup_info, process_information );
 }

 /*
  * @implemented
  */
 BOOL WINAPI
 DuplicateTokenEx(IN HANDLE ExistingTokenHandle,
                  IN DWORD dwDesiredAccess,
                  IN LPSECURITY_ATTRIBUTES lpTokenAttributes  OPTIONAL,
                  IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
                  IN TOKEN_TYPE TokenType,
                  OUT PHANDLE DuplicateTokenHandle)
 {
     OBJECT_ATTRIBUTES ObjectAttributes;
     NTSTATUS Status;
     SECURITY_QUALITY_OF_SERVICE Sqos;

     TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
         ImpersonationLevel, TokenType, DuplicateTokenHandle);

     Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
     Sqos.ImpersonationLevel = ImpersonationLevel;
     Sqos.ContextTrackingMode = 0;
     Sqos.EffectiveOnly = FALSE;

     if (lpTokenAttributes != NULL)
     {
         InitializeObjectAttributes(&ObjectAttributes,
                                    NULL,
                                    lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0,
                                    NULL,
                                    lpTokenAttributes->lpSecurityDescriptor);
     }
     else
     {
         InitializeObjectAttributes(&ObjectAttributes,
                                    NULL,
                                    0,
                                    NULL,
                                    NULL);
     }

     ObjectAttributes.SecurityQualityOfService = &Sqos;

     Status = NtDuplicateToken(ExistingTokenHandle,
                               dwDesiredAccess,
                               &ObjectAttributes,
                               FALSE,
                               TokenType,
                               DuplicateTokenHandle);
     if (!NT_SUCCESS(Status))
     {
         ERR("NtDuplicateToken failed: Status %08x\n", Status);
         SetLastError(RtlNtStatusToDosError(Status));
         return FALSE;
     }

     TRACE("Returning token %p.\n", *DuplicateTokenHandle);

     return TRUE;
 }

 /*
  * @implemented
  */
 BOOL WINAPI
 DuplicateToken(IN HANDLE ExistingTokenHandle,
                IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
                OUT PHANDLE DuplicateTokenHandle)
 {
     return DuplicateTokenEx(ExistingTokenHandle,
                             TOKEN_IMPERSONATE | TOKEN_QUERY,
                             NULL,
                             ImpersonationLevel,
                             TokenImpersonation,
                             DuplicateTokenHandle);
 }

 /******************************************************************************
  * ComputeStringSidSize
  */
 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
 {
     if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
     {
         int ctok = 0;
         while (*StringSid)
         {
             if (*StringSid == '-')
                 ctok++;
             StringSid++;
         }

         if (ctok >= 3)
             return GetSidLengthRequired(ctok - 2);
     }
     else /* String constant format  - Only available in winxp and above */
     {
         unsigned int i;

         for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
             if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
                 return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);

         for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
             if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
             {
                 MAX_SID local;
                 ADVAPI_GetComputerSid(&local);
                 return GetSidLengthRequired(*GetSidSubAuthorityCount(&local) + 1);
             }

     }

     return GetSidLengthRequired(0);
 }

 /******************************************************************************
  * ParseStringSidToSid
  */
 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
 {
     BOOL bret = FALSE;
     SID* pisid=pSid;

     TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
     if (!StringSid)
     {
         SetLastError(ERROR_INVALID_PARAMETER);
         TRACE("StringSid is NULL, returning FALSE\n");
         return FALSE;
     }

     while (*StringSid == ' ')
         StringSid++;

     if (!*StringSid)
         goto lend; /* ERROR_INVALID_SID */

     *cBytes = ComputeStringSidSize(StringSid);
     if (!pisid) /* Simply compute the size */
     {
         TRACE("only size requested, returning TRUE with %d\n", *cBytes);
         return TRUE;
     }

     if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
     {
         DWORD i = 0, identAuth;
         DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD));

         StringSid += 2; /* Advance to Revision */
         pisid->Revision = atoiW(StringSid);

         if (pisid->Revision != SDDL_REVISION)
         {
             TRACE("Revision %d is unknown\n", pisid->Revision);
             goto lend; /* ERROR_INVALID_SID */
         }
         if (csubauth == 0)
         {
             TRACE("SubAuthorityCount is 0\n");
             goto lend; /* ERROR_INVALID_SID */
         }

         pisid->SubAuthorityCount = csubauth;

         /* Advance to identifier authority */
         while (*StringSid && *StringSid != '-')
             StringSid++;
         if (*StringSid == '-')
             StringSid++;

         /* MS' implementation can't handle values greater than 2^32 - 1, so
          * we don't either; assume most significant bytes are always 0
          */
         pisid->IdentifierAuthority.Value[0] = 0;
         pisid->IdentifierAuthority.Value[1] = 0;
         identAuth = atoiW(StringSid);
         pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
         pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
         pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
         pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;

         /* Advance to first sub authority */
         while (*StringSid && *StringSid != '-')
             StringSid++;
         if (*StringSid == '-')
             StringSid++;

         while (*StringSid)
         {
             pisid->SubAuthority[i++] = atoiW(StringSid);

             while (*StringSid && *StringSid != '-')
                 StringSid++;
             if (*StringSid == '-')
                 StringSid++;
         }

         if (i != pisid->SubAuthorityCount)
             goto lend; /* ERROR_INVALID_SID */

         bret = TRUE;
     }
     else /* String constant format  - Only available in winxp and above */
     {
         unsigned int i;
         pisid->Revision = SDDL_REVISION;

         for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
             if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
             {
                 DWORD j;
                 pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount;
                 pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority;
                 for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
                     pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j];
                 bret = TRUE;
             }

         for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
             if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
             {
                 ADVAPI_GetComputerSid(pisid);
                 pisid->SubAuthority[pisid->SubAuthorityCount] = WellKnownRids[i].Rid;
                 pisid->SubAuthorityCount++;
                 bret = TRUE;
             }

         if (!bret)
             FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
     }

 lend:
     if (!bret)
         SetLastError(ERROR_INVALID_SID);

     TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
     return bret;
 }

 /**********************************************************************
  * GetNamedSecurityInfoA            EXPORTED
  *
  * @implemented
  */
 DWORD
 WINAPI
 GetNamedSecurityInfoA(LPSTR pObjectName,
                       SE_OBJECT_TYPE ObjectType,
                       SECURITY_INFORMATION SecurityInfo,
                       PSID *ppsidOwner,
                       PSID *ppsidGroup,
                       PACL *ppDacl,
                       PACL *ppSacl,
                       PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
 {
     DWORD len;
     LPWSTR wstr = NULL;
     DWORD r;

     TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
         ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);

     if( pObjectName )
     {
         len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
         wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
         MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
     }

     r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
                            ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );

     HeapFree( GetProcessHeap(), 0, wstr );

     return r;
 }

 /******************************************************************************
  * GetWindowsAccountDomainSid         [ADVAPI32.@]
  */
 BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
 {
     SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
     DWORD required_size;
     int i;

     FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );

     if (!sid || !IsValidSid( sid ))
     {
         SetLastError( ERROR_INVALID_SID );
         return FALSE;
     }

     if (!size)
     {
         SetLastError( ERROR_INVALID_PARAMETER );
         return FALSE;
     }

     if (*GetSidSubAuthorityCount( sid ) < 4)
     {
         SetLastError( ERROR_INVALID_SID );
         return FALSE;
     }

     required_size = GetSidLengthRequired( 4 );
     if (*size < required_size || !domain_sid)
     {
         *size = required_size;
         SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER :
                                    ERROR_INVALID_PARAMETER );
         return FALSE;
     }

     InitializeSid( domain_sid, &domain_ident, 4 );
     for (i = 0; i < 4; i++)
         *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );

     *size = required_size;
     return TRUE;
 }

 /*
  * @unimplemented
  */
 BOOL
 WINAPI
 EqualDomainSid(IN PSID pSid1,
                IN PSID pSid2,
                OUT BOOL* pfEqual)
 {
     UNIMPLEMENTED;
     return FALSE;
 }

 /* EOF */
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301

ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77

GetSecurityDescriptorControl
BOOL WINAPI GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
Definition: sec.c:21

PCHAR
signed char * PCHAR
Definition: retypes.h:7

ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101

FILE_GENERIC_READ
#define FILE_GENERIC_READ
Definition: nt_native.h:653

RpcBindingFromStringBindingW
RPC_STATUS WINAPI RpcBindingFromStringBindingW(RPC_WSTR StringBinding, RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:876

SECURITY_BATCH_RID
#define SECURITY_BATCH_RID
Definition: setypes.h:558

GetTrusteeNameW
LPWSTR WINAPI GetTrusteeNameW(PTRUSTEE_W pTrustee)
Definition: security.c:2242

GetNamedSecurityInfoW
DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1147

_LUID_AND_ATTRIBUTES
Definition: setypes.h:73

SDDL_OBJECT_INHERIT
static const WCHAR SDDL_OBJECT_INHERIT[]
Definition: security.c:169

ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35

_SID_IDENTIFIER_AUTHORITY::Value
BYTE Value[6]
Definition: ms-dtyp.idl:195

_OBJECTS_AND_SID::ObjectTypeGuid
GUID ObjectTypeGuid
Definition: accctrl.h:349

ObjectType
ObjectType
Definition: metafile.c:80

SDDL_GENERIC_WRITE
#define SDDL_GENERIC_WRITE
Definition: sddl.h:66

ReturnLength
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39

STATUS_NOT_ALL_ASSIGNED
#define STATUS_NOT_ALL_ASSIGNED
Definition: ntstatus.h:85

SDDL_WRITE_PROPERTY
#define SDDL_WRITE_PROPERTY
Definition: sddl.h:52

_TRUSTEE_A::TrusteeType
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:207

IN
#define IN
Definition: typedefs.h:39

SE_SACL_PRESENT
#define SE_SACL_PRESENT
Definition: setypes.h:819

ParseStringSecurityDescriptorToSecurityDescriptor
static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, SECURITY_DESCRIPTOR_RELATIVE *SecurityDescriptor, LPDWORD cBytes)
Definition: security.c:2683

BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767

ERROR_BAD_PROVIDER
#define ERROR_BAD_PROVIDER
Definition: winerror.h:707

SECURITY_AUTHENTICATED_USER_RID
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:568

RpcEndExcept
#define RpcEndExcept
Definition: rpc.h:128

RpcBindingFree
RPC_STATUS WINAPI RpcBindingFree(RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:783

ImpersonateNamedPipeClient
BOOL WINAPI ImpersonateNamedPipeClient(HANDLE hNamedPipe)
Definition: security.c:1026

DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654

SDDL_GENERIC_EXECUTE
#define SDDL_GENERIC_EXECUTE
Definition: sddl.h:67

GENERIC_ALL
#define GENERIC_ALL
Definition: nt_native.h:92

SECURITY_LOCAL_SYSTEM_RID
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:574

ACE_OBJECT_TYPE_PRESENT
#define ACE_OBJECT_TYPE_PRESENT
Definition: winnt_old.h:106

value
Definition: pdh_main.c:93

_ACE_HEADER::AceFlags
UCHAR AceFlags
Definition: ms-dtyp.idl:211

DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS
#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS
Definition: setypes.h:672

lpLanguageId
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR _Inout_ LPDWORD _Out_ LPDWORD lpLanguageId
Definition: winbase.h:2774

lpLuid
_In_ PLUID lpLuid
Definition: winbase.h:2793

DOMAIN_ALIAS_RID_GUESTS
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:654

DOMAIN_GROUP_RID_GUESTS
#define DOMAIN_GROUP_RID_GUESTS
Definition: setypes.h:641

_TRUSTEE_W::TrusteeForm
TRUSTEE_FORM TrusteeForm
Definition: accctrl.h:215

_ACCESS_ALLOWED_ACE::SidStart
DWORD SidStart
Definition: ms-dtyp.idl:218

STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158

_OBJECTS_AND_SID::pSid
SID * pSid
Definition: accctrl.h:351

_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:506

_TRUSTEE_A
Definition: accctrl.h:202

SECURITY_THIS_ORGANIZATION_RID
#define SECURITY_THIS_ORGANIZATION_RID
Definition: setypes.h:572

_STARTUPINFOW
Definition: winbase.h:848

SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP
Definition: setypes.h:806

SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:830

_In_opt_
#define _In_opt_
Definition: ms_sal.h:309

strlenW
WINE_UNICODE_INLINE unsigned int strlenW(const WCHAR *str)
Definition: unicode.h:212

_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:832

SDDL_INHERITED
static const WCHAR SDDL_INHERITED[]
Definition: security.c:172

DeleteAce
BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
Definition: security.c:1168

_EXPLICIT_ACCESS_A::grfAccessMode
ACCESS_MODE grfAccessMode
Definition: accctrl.h:333

ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10

ACL_INFORMATION_CLASS
enum _ACL_INFORMATION_CLASS ACL_INFORMATION_CLASS

SECURITY_TERMINAL_SERVER_RID
#define SECURITY_TERMINAL_SERVER_RID
Definition: setypes.h:570

WideCharToMultiByte
#define WideCharToMultiByte
Definition: compat.h:111

_TOKEN_GROUPS
Definition: setypes.h:1009

error
#define error(str)
Definition: mkdosfs.c:1605

_SID
Definition: ms-dtyp.idl:198

FILE_ALL_ACCESS
#define FILE_ALL_ACCESS
Definition: nt_native.h:651

OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228

SetNamedSecurityInfoW
DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1197

LPCWSTR
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185

DumpOwner
static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3149

InheritedObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR InheritedObjectTypeName
Definition: security.c:77

InitializeAcl
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:1008

_TRUSTEE_A::MultipleTrusteeOperation
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:205

ACEFLAG
struct _ACEFLAG ACEFLAG

_MAX_SID
Definition: security.c:31

hBinding
handle_t hBinding
Definition: ctx_c.c:54

_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215

SetSecurityAccessMask
VOID WINAPI SetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
Definition: sec.c:398

ConvertSecurityDescriptorToStringSecurityDescriptorA
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
Definition: security.c:3298

GetSecurityDescriptorSacl
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146

RpcStringFreeW
RPC_STATUS WINAPI RpcStringFreeW(RPC_WSTR *String)
Definition: rpcrt4_main.c:174

_Out_
#define _Out_
Definition: ms_sal.h:345

FSCTL_PIPE_IMPERSONATE
#define FSCTL_PIPE_IMPERSONATE
Definition: winioctl.h:85

TRUSTEE_BAD_FORM
Definition: accctrl.h:191

DOMAIN_GROUP_RID_SCHEMA_ADMINS
#define DOMAIN_GROUP_RID_SCHEMA_ADMINS
Definition: setypes.h:645

PSID_IDENTIFIER_AUTHORITY
* PSID_IDENTIFIER_AUTHORITY
Definition: setypes.h:464

CreateProcessWithLogonW
BOOL WINAPI CreateProcessWithLogonW(_In_ LPCWSTR lpUsername, _In_opt_ LPCWSTR lpDomain, _In_ LPCWSTR lpPassword, _In_ DWORD dwLogonFlags, _In_opt_ LPCWSTR lpApplicationName, _Inout_opt_ LPWSTR lpCommandLine, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCWSTR lpCurrentDirectory, _In_ LPSTARTUPINFOW lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation)
Definition: security.c:3480

MAKEWORD
#define MAKEWORD(a, b)
Definition: typedefs.h:248

_ACEFLAG
Definition: security.c:25

SetAclInformation
BOOL WINAPI SetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:2270

SDDL_DELETE_CHILD
#define SDDL_DELETE_CHILD
Definition: sddl.h:54

TRUSTEE_IS_NAME
Definition: accctrl.h:190

SDDL_CONTAINER_INHERIT
static const WCHAR SDDL_CONTAINER_INHERIT[]
Definition: security.c:168

AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13

TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:312

KEY_READ
#define KEY_READ
Definition: nt_native.h:1023

_TOKEN_PRIVILEGES
Definition: setypes.h:1018

TRUE
#define TRUE
Definition: types.h:120

_OBJECT_ATTRIBUTES
Definition: umtypes.h:181

SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182

WellKnownSids
static const WELLKNOWNSID WellKnownSids[]
Definition: security.c:47

_ACL::AclSize
USHORT AclSize
Definition: ms-dtyp.idl:296

SDDL_AUTO_INHERITED
#define SDDL_AUTO_INHERITED
Definition: sddl.h:46

RevertToSelf
BOOL WINAPI RevertToSelf(VOID)
Definition: security.c:1610

_ACL
Definition: ms-dtyp.idl:293

ADS_RIGHT_DS_CREATE_CHILD
#define ADS_RIGHT_DS_CREATE_CHILD
Definition: security.c:155

MakeAbsoluteSD
BOOL WINAPI MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
Definition: security.c:952

r
GLdouble GLdouble GLdouble r
Definition: gl.h:2055

wine_dbgstr_w
char * wine_dbgstr_w(const wchar_t *wstr)
Definition: atltest.h:87

DOMAIN_ALIAS_RID_ACCOUNT_OPS
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:657

SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:741

CP_ACP
#define CP_ACP
Definition: compat.h:109

DumpSid
static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2970

InitializeSecurityDescriptor
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:931

EqualSid
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:831

lstrcmpW
int WINAPI lstrcmpW(LPCWSTR lpString1, LPCWSTR lpString2)
Definition: lstring.c:170

ADS_RIGHT_DS_DELETE_CHILD
#define ADS_RIGHT_DS_DELETE_CHILD
Definition: security.c:156

LPSTR
static LPSTR(WINAPI *pGetTrusteeNameA)(PTRUSTEEA pTrustee)

AddAccessAllowedAceEx
BOOL WINAPI AddAccessAllowedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:1065

_MAX_SID::SubAuthorityCount
BYTE SubAuthorityCount
Definition: security.c:35

RtlFreeSid
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)

LookupAccountNameA
BOOL WINAPI LookupAccountNameA(LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
Definition: security.c:1811

SECURITY_DIALUP_RID
#define SECURITY_DIALUP_RID
Definition: setypes.h:556

count
GLuint GLuint GLsizei count
Definition: gl.h:1545

PUCHAR
unsigned char * PUCHAR
Definition: retypes.h:3

_OBJECTS_AND_NAME_A::ObjectsPresent
DWORD ObjectsPresent
Definition: accctrl.h:356

SID_REVISION
#define SID_REVISION
Definition: setypes.h:481

SetNamedSecurityInfoA
DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: security.c:2297

x1
_In_ CLIPOBJ _In_ BRUSHOBJ _In_ LONG x1
Definition: winddi.h:3706

GetNamedSecurityInfoA
DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: security.c:3834

WARN
#define WARN(fmt,...)
Definition: debug.h:112

_Outptr_
#define _Outptr_
Definition: ms_sal.h:427

SetFileSecurityA
BOOL WINAPI SetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: security.c:1481

ERROR_INVALID_SID
#define ERROR_INVALID_SID
Definition: winerror.h:819

ACCESS_MODE
enum _ACCESS_MODE ACCESS_MODE

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

ConvertStringSidToSidW
BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID *Sid)
Definition: security.c:3335

RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606

BuildTrusteeWithNameW
VOID WINAPI BuildTrusteeWithNameW(PTRUSTEE_W pTrustee, LPWSTR name)
Definition: security.c:2190

PrivilegeCheck
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
Definition: security.c:1865

Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711

AddAccessAllowedAce
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1041

SECURITY_NETWORK_RID
#define SECURITY_NETWORK_RID
Definition: setypes.h:557

LookupPrivilegeNameW
BOOL WINAPI LookupPrivilegeNameW(LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, LPDWORD cchName)
Definition: misc.c:832

ADS_RIGHT_DS_CONTROL_ACCESS
#define ADS_RIGHT_DS_CONTROL_ACCESS
Definition: security.c:163

LPPROCESS_INFORMATION
SIZE_T LPPROCESS_INFORMATION
Definition: cordebug.idl:86

SDDL_WRITE_DAC
#define SDDL_WRITE_DAC
Definition: sddl.h:61

nLength
_In_ DWORD nLength
Definition: wincon.h:473

TRUSTEE_IS_UNKNOWN
Definition: accctrl.h:176

NtCurrentThread
#define NtCurrentThread()

lpName
_In_ LPCSTR lpName
Definition: winbase.h:2773

_TRUSTEE_A::pMultipleTrustee
struct _TRUSTEE_A * pMultipleTrustee
Definition: accctrl.h:204

SECURITY_MANDATORY_MEDIUM_RID
#define SECURITY_MANDATORY_MEDIUM_RID
Definition: setypes.h:685

GetTrusteeTypeA
TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEE_A pTrustee)
Definition: security.c:2251

_EXPLICIT_ACCESS_A::Trustee
TRUSTEE_A Trustee
Definition: accctrl.h:335

BuildExplicitAccessWithNameA
VOID WINAPI BuildExplicitAccessWithNameA(PEXPLICIT_ACCESSA pExplicitAccess, LPSTR pTrusteeName, DWORD AccessPermissions, ACCESS_MODE AccessMode, DWORD Inheritance)
Definition: security.c:1929

_PRIVILEGE_SET
Definition: setypes.h:85

DOMAIN_ALIAS_RID_DCOM_USERS
#define DOMAIN_ALIAS_RID_DCOM_USERS
Definition: setypes.h:673

ConvertSecurityDescriptorToStringSecurityDescriptorW
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
Definition: security.c:3234

GUID
Definition: shobjidl.idl:2870

_OBJECTS_AND_NAME_W
Definition: accctrl.h:363

_TOKEN_PRIVILEGES::PrivilegeCount
$ULONG PrivilegeCount
Definition: setypes.h:1019

WELLKNOWNRID::wstr
WCHAR wstr[2]
Definition: security.c:106

ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7

sid
FT_UInt sid
Definition: cffcmap.c:139

GetLastError
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040

ZeroMemory
#define ZeroMemory
Definition: winbase.h:1667

ACCESS_ALLOWED_ACE
struct _ACCESS_ALLOWED_ACE ACCESS_ALLOWED_ACE

RtlSubAuthoritySid
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)

LPACEFLAG
struct _ACEFLAG * LPACEFLAG

_TRUSTEE_W::TrusteeType
TRUSTEE_TYPE TrusteeType
Definition: accctrl.h:216

Request
_In_ WDFREQUEST Request
Definition: wdfdevice.h:547

LPSTARTUPINFOW
SIZE_T LPSTARTUPINFOW
Definition: cordebug.idl:85

DumpSacl
static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
Definition: security.c:3208

RtlQueryInformationAcl
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationAcl(PACL, LPVOID, DWORD, ACL_INFORMATION_CLASS)

ParseAceStringRights
static DWORD ParseAceStringRights(LPCWSTR *StringAcl)
Definition: security.c:2506

BuildTrusteeWithSidA
VOID WINAPI BuildTrusteeWithSidA(PTRUSTEE_A pTrustee, PSID pSid)
Definition: security.c:2141

IsValidAcl
BOOL WINAPI IsValidAcl(PACL pAcl)
Definition: security.c:1211

SetThreadToken
BOOL WINAPI SetThreadToken(IN PHANDLE ThreadHandle OPTIONAL, IN HANDLE TokenHandle)
Definition: security.c:463

GetSidLengthRequired
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:854

GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124

RtlGetAce
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)

RtlSelfRelativeToAbsoluteSD
NTSYSAPI NTSTATUS WINAPI RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PDWORD, PACL, PDWORD, PACL, PDWORD, PSID, PDWORD, PSID, PDWORD)

DOMAIN_ALIAS_RID_POWER_USERS
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:655

SECURITY_INTERACTIVE_RID
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:559

CreateRestrictedToken
BOOL WINAPI CreateRestrictedToken(_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
Creates a filtered token that is a restricted one of the regular access token. A restricted token can...
Definition: security.c:535

TOKEN_IMPERSONATE
#define TOKEN_IMPERSONATE
Definition: setypes.h:923

RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)

NtOpenProcessToken
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350

SECURITY_NULL_SID_AUTHORITY
#define SECURITY_NULL_SID_AUTHORITY
Definition: setypes.h:524

UnicodeString
WDF_EXTERN_C_START typedef _Must_inspect_result_ _In_opt_ PCUNICODE_STRING UnicodeString
Definition: wdfstring.h:64

WRITE_OWNER
#define WRITE_OWNER
Definition: nt_native.h:60

FILE_SHARE_WRITE
#define FILE_SHARE_WRITE
Definition: nt_native.h:681

GetSidSubAuthority
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:898

DumpSidNumeric
static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
Definition: security.c:2931

GetTrusteeFormW
TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
Definition: security.c:2218

GetComputerNameW
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446

NO_PROPAGATE_INHERIT_ACE
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:748

ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62

WELLKNOWNSID
struct WELLKNOWNSID WELLKNOWNSID

SE_DACL_PRESENT
#define SE_DACL_PRESENT
Definition: setypes.h:817

MoveMemory
#define MoveMemory
Definition: winbase.h:1664

RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)

LPSTR
char * LPSTR
Definition: xmlstorage.h:182

NtAllocateLocallyUniqueId
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:348

ConvertSidToStringSidW
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3382

TRUSTEE_TYPE
enum _TRUSTEE_TYPE TRUSTEE_TYPE

RtlAllocateAndInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290

_ACCESS_ALLOWED_ACE::Header
ACE_HEADER Header
Definition: ms-dtyp.idl:216

lstrlenW
#define lstrlenW
Definition: compat.h:609

_ACL::AceCount
USHORT AceCount
Definition: ms-dtyp.idl:297

Information
_In_ WDFREQUEST _In_ NTSTATUS _In_ ULONG_PTR Information
Definition: wdfrequest.h:1044

_In_reads_opt_
#define _In_reads_opt_(size)
Definition: ms_sal.h:320

Revision
_In_ ULONG Revision
Definition: rtlfuncs.h:1103

GetTrusteeTypeW
TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEE_W pTrustee)
Definition: security.c:2260

RpcStringBindingComposeW
RPC_STATUS WINAPI RpcStringBindingComposeW(RPC_WSTR ObjUuid, RPC_WSTR Protseq, RPC_WSTR NetworkAddr, RPC_WSTR Endpoint, RPC_WSTR Options, RPC_WSTR *StringBinding)
Definition: rpc_binding.c:510

SDDL_KEY_EXECUTE
#define SDDL_KEY_EXECUTE
Definition: sddl.h:75

SE_DACL_AUTO_INHERITED
#define SE_DACL_AUTO_INHERITED
Definition: setypes.h:825

GetVersion
DWORD WINAPI GetVersion(VOID)
Definition: version.c:22

GetSecurityDescriptorGroup
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76

ParseAclStringFlags
static DWORD ParseAclStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2353

heap_alloc
static void * heap_alloc(size_t len)
Definition: appwiz.h:65

FILE_SHARE_READ
#define FILE_SHARE_READ
Definition: compat.h:136

_LUID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:75

BOOL
static BOOL
Definition: security.c:72

SECURITY_PACKAGE_SCHANNEL_RID
#define SECURITY_PACKAGE_SCHANNEL_RID
Definition: setypes.h:588

_SECURITY_DESCRIPTOR::Control
USHORT Control
Definition: ms-dtyp.idl:304

SDDL_OBJECT_ACCESS_DENIED
static const WCHAR SDDL_OBJECT_ACCESS_DENIED[]
Definition: security.c:142

strncmpW
WINE_UNICODE_INLINE int strncmpW(const WCHAR *str1, const WCHAR *str2, int n)
Definition: unicode.h:235

STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69

_SECURITY_QUALITY_OF_SERVICE::ContextTrackingMode
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66

_SECURITY_DESCRIPTOR::Revision
UCHAR Revision
Definition: ms-dtyp.idl:302

Name
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR LPSTR Name
Definition: security.c:77

BuildTrusteeWithNameA
VOID WINAPI BuildTrusteeWithNameA(PTRUSTEE_A pTrustee, LPSTR name)
Definition: security.c:2174

SDDL_NO_PROPAGATE
static const WCHAR SDDL_NO_PROPAGATE[]
Definition: security.c:170

_TRUSTEE_A::ptstrName
LPSTR ptstrName
Definition: accctrl.h:208

RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)

debugstr_sid
static const char * debugstr_sid(PSID sid)
Definition: security.c:176

wine_dbg_sprintf
const char * wine_dbg_sprintf(const char *format,...)
Definition: compat.c:296

RtlAreAnyAccessesGranted
NTSYSAPI BOOLEAN NTAPI RtlAreAnyAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)

BuildTrusteeWithObjectsAndNameA
VOID WINAPI BuildTrusteeWithObjectsAndNameA(PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName, SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName, LPSTR InheritedObjectTypeName, LPSTR Name)
Definition: security.c:1971

sidWorld
static const SID sidWorld
Definition: security.c:128

SDDL_OBJECT_ACCESS_ALLOWED
static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[]
Definition: security.c:141

SDDL_ACCESS_ALLOWED
static const WCHAR SDDL_ACCESS_ALLOWED[]
Definition: security.c:138

SDDL_KEY_ALL
#define SDDL_KEY_ALL
Definition: sddl.h:72

buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751

_MAX_SID::Revision
BYTE Revision
Definition: security.c:34

cchName
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2750

ParseStringAclToAcl
static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags, PACL pAcl, LPDWORD cBytes)
Definition: security.c:2561

SUCCESSFUL_ACCESS_ACE_FLAG
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:753

SDDL_DELETE_TREE
#define SDDL_DELETE_TREE
Definition: sddl.h:58

FileHandle
HANDLE FileHandle
Definition: stats.c:38

DOMAIN_GROUP_RID_COMPUTERS
#define DOMAIN_GROUP_RID_COMPUTERS
Definition: setypes.h:642

RPC_STATUS
long RPC_STATUS
Definition: rpc.h:52

SDDL_LIST_OBJECT
#define SDDL_LIST_OBJECT
Definition: sddl.h:57

SECURITY_PRINCIPAL_SELF_RID
#define SECURITY_PRINCIPAL_SELF_RID
Definition: setypes.h:567

RtlInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)

_ACE_HEADER::AceSize
USHORT AceSize
Definition: ms-dtyp.idl:212

DOMAIN_GROUP_RID_ADMINS
#define DOMAIN_GROUP_RID_ADMINS
Definition: setypes.h:639

L
#define L(x)
Definition: ntvdm.h:50

RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)

NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:401

FAILED_ACCESS_ACE_FLAG
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:754

mask
GLenum GLint GLuint mask
Definition: glext.h:6028

_SECL_RESPONSE
Definition: seclogon.idl:19

LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53

bytes
static unsigned char bytes[4]
Definition: adnsresfilter.c:74

SDDL_KEY_WRITE
#define SDDL_KEY_WRITE
Definition: sddl.h:74

SDDL_AUDIT_FAILURE
static const WCHAR SDDL_AUDIT_FAILURE[]
Definition: security.c:174

ParseAceStringFlags
static BYTE ParseAceStringFlags(LPCWSTR *StringAcl)
Definition: security.c:2435

FALSE
#define FALSE
Definition: types.h:117

ADVAPI_GetComputerSid
BOOL ADVAPI_GetComputerSid(PSID sid)
Definition: security.c:275

_LUID
Definition: devicetopology.idl:136

NO_MULTIPLE_TRUSTEE
Definition: accctrl.h:198

BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94

SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311

NtFilterToken
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
Definition: token.c:6573

_OBJECTS_AND_SID
Definition: accctrl.h:346

SECURITY_LOCAL_SID_AUTHORITY
#define SECURITY_LOCAL_SID_AUTHORITY
Definition: setypes.h:530

SDDL_NO_EXECUTE_UP
static const WCHAR SDDL_NO_EXECUTE_UP[]
Definition: security.c:133

_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371

SECURITY_DESCRIPTOR_CONTROL
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37

FreeSid
PVOID WINAPI FreeSid(PSID pSid)
Definition: security.c:700

DOMAIN_USER_RID_ADMIN
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:631

token
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210

SECURITY_IMPERSONATION_LEVEL
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL

GENERIC_WRITE
#define GENERIC_WRITE
Definition: nt_native.h:90

debugstr_w
#define debugstr_w
Definition: kernel32.h:32

WELLKNOWNRID::Type
WELL_KNOWN_SID_TYPE Type
Definition: security.c:107

SECURITY_MANDATORY_LABEL_AUTHORITY
#define SECURITY_MANDATORY_LABEL_AUTHORITY
Definition: setypes.h:682

AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395

FIXME
#define FIXME(fmt,...)
Definition: debug.h:111

length
GLenum GLuint GLenum GLsizei length
Definition: glext.h:5579

RtlValidAcl
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)

RpcTryExcept
#define RpcTryExcept
Definition: rpc.h:126

SDDL_WRITE_OWNER
#define SDDL_WRITE_OWNER
Definition: sddl.h:62

SetTokenInformation
BOOL WINAPI SetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
Definition: security.c:439

ADS_RIGHT_DS_DELETE_TREE
#define ADS_RIGHT_DS_DELETE_TREE
Definition: security.c:161

str
const WCHAR * str
Definition: rpc_transport.c:2712

SECURITY_PACKAGE_BASE_RID
#define SECURITY_PACKAGE_BASE_RID
Definition: setypes.h:585

MAKELONG
#define MAKELONG(a, b)
Definition: typedefs.h:249

ACE_INHERITED_OBJECT_TYPE_PRESENT
#define ACE_INHERITED_OBJECT_TYPE_PRESENT
Definition: winnt_old.h:107

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

ADS_RIGHT_DS_SELF
#define ADS_RIGHT_DS_SELF
Definition: security.c:158

SID_MAX_SUB_AUTHORITIES
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:482

ACL
struct _ACL ACL

NameRec_
Definition: apinames.c:48

_OBJECTS_AND_NAME_A::ObjectType
SE_OBJECT_TYPE ObjectType
Definition: accctrl.h:357

SDDL_FILE_EXECUTE
#define SDDL_FILE_EXECUTE
Definition: sddl.h:71

NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: token.c:3652

Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426

_In_
#define _In_
Definition: ms_sal.h:308

cbSid
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD cbSid
Definition: winbase.h:2726

Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103

SDDL_FILE_ALL
#define SDDL_FILE_ALL
Definition: sddl.h:68

AddAuditAccessAceEx
BOOL WINAPI AddAuditAccessAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
Definition: security.c:1778

DOMAIN_GROUP_RID_POLICY_ADMINS
#define DOMAIN_GROUP_RID_POLICY_ADMINS
Definition: setypes.h:647

SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339

ADVAPI_IsLocalComputer
BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
Definition: security.c:253

TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715

BuildTrusteeWithObjectsAndSidW
VOID WINAPI BuildTrusteeWithObjectsAndSidW(PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
Definition: security.c:2093

RtlCreateUnicodeStringFromAsciiz
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)

pObjName
static POBJECTS_AND_NAME_A pObjName
Definition: security.c:77

_FileName
Definition: filecomp.c:347

RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150

AccessCheckByType
BOOL WINAPI AccessCheckByType(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID PrincipalSelfSid, HANDLE ClientToken, DWORD DesiredAccess, POBJECT_TYPE_LIST ObjectTypeList, DWORD ObjectTypeListLength, PGENERIC_MAPPING GenericMapping, PPRIVILEGE_SET PrivilegeSet, LPDWORD PrivilegeSetLength, LPDWORD GrantedAccess, LPBOOL AccessStatus)
Definition: security.c:1702

_EXPLICIT_ACCESS_W
Definition: accctrl.h:338

NtSetInformationThread
NTSTATUS NTAPI NtSetInformationThread(IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength)
Definition: query.c:2018

LPCSTR
const char * LPCSTR
Definition: xmlstorage.h:183

BuildTrusteeWithObjectsAndSidA
VOID WINAPI BuildTrusteeWithObjectsAndSidA(PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid, GUID *pObjectGuid, GUID *pInheritedObjectGuid, PSID pSid)
Definition: security.c:2044

GetSecurityInfoExW
DWORD WINAPI GetSecurityInfoExW(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup)
Definition: security.c:1911

AreAnyAccessesGranted
BOOL WINAPI AreAnyAccessesGranted(DWORD GrantedAccess, DWORD DesiredAccess)
Definition: security.c:2343

SECURITY_LOCAL_SERVICE_RID
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:575

AddAccessDeniedAceEx
BOOL WINAPI AddAccessDeniedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:1116

PTOKEN_GROUPS
struct _TOKEN_GROUPS * PTOKEN_GROUPS

RtlValidSid
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21

_TRUSTEE_W
Definition: accctrl.h:211

GetSecurityDescriptorDacl
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45

SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554

WELLKNOWNRID
struct WELLKNOWNRID WELLKNOWNRID

_ACE_HEADER
Definition: ms-dtyp.idl:209

GetSecurityInfoExA
DWORD WINAPI GetSecurityInfoExA(HANDLE hObject, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup)
Definition: security.c:1891

CreateProcessW
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
Definition: proc.c:4594

val
GLuint GLfloat * val
Definition: glext.h:7180

j
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250

FILE_GENERIC_EXECUTE
#define FILE_GENERIC_EXECUTE
Definition: nt_native.h:668

AceRights
static const ACEFLAG AceRights[]
Definition: security.c:2468

LMEM_FIXED
#define LMEM_FIXED
Definition: winbase.h:365

Status
Status
Definition: gdiplustypes.h:24

KEY_WRITE
#define KEY_WRITE
Definition: nt_native.h:1031

CONTAINER_INHERIT_ACE
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:747

NtPrivilegeCheck
NTSTATUS NTAPI NtPrivilegeCheck(_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
Checks a client access token if it has the required set of privileges.
Definition: priv.c:868

NtOpenFile
NTSYSAPI NTSTATUS NTAPI NtOpenFile(OUT PHANDLE phFile, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG ShareMode, IN ULONG OpenMode)
Definition: file.c:3951

DOMAIN_USER_RID_GUEST
#define DOMAIN_USER_RID_GUEST
Definition: setypes.h:632

NtQuerySecurityObject
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803

RpcExceptionCode
#define RpcExceptionCode()
Definition: rpc.h:132