2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 * FIXME: for all functions thunking down to Rtl* functions: implement SetLastError()
38 #include "wine/debug.h"
39 #include "wine/unicode.h"
41 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
43 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
44 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
45 PACL pAcl, LPDWORD cBytes);
46 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
47 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
48 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
49 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
50 LPCWSTR StringSecurityDescriptor,
51 PSECURITY_DESCRIPTOR SecurityDescriptor,
53 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
55 typedef struct _ACEFLAG
59 } ACEFLAG, *LPACEFLAG;
64 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
65 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
66 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
67 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
68 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
69 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
70 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
71 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
76 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
77 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
78 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
79 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
80 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
81 static const WCHAR SDDL_ALARM[] = {'A','L',0};
82 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
83 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
88 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
89 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
90 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
91 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
92 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
93 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
94 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
96 #define CallWin32ToNt(func) \
99 if (ret !=STATUS_SUCCESS) \
100 { SetLastError (RtlNtStatusToDosError(ret)); return FALSE; } \
104 static void dumpLsaAttributes( PLSA_OBJECT_ATTRIBUTES oa )
108 TRACE("\n\tlength=%lu, rootdir=%p, objectname=%s\n\tattr=0x%08lx, sid=%p qos=%p\n",
109 oa->Length, oa->RootDirectory,
110 oa->ObjectName?debugstr_w(oa->ObjectName->Buffer):"null",
111 oa->Attributes, oa->SecurityDescriptor, oa->SecurityQualityOfService);
115 /************************************************************
116 * ADVAPI_IsLocalComputer
118 * Checks whether the server name indicates local machine.
120 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
128 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
132 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
133 Result = GetComputerNameW(buf, &dwSize);
134 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
136 Result = Result && !lstrcmpW(ServerName, buf);
137 HeapFree(GetProcessHeap(), 0, buf);
143 #define ADVAPI_ForceLocalComputer(ServerName, FailureCode) \
144 if (!ADVAPI_IsLocalComputer(ServerName)) \
146 FIXME("Action Implemented for local computer only. " \
147 "Requested for server %s\n", debugstr_w(ServerName)); \
148 return FailureCode; \
151 /* ##############################
152 ###### TOKEN FUNCTIONS ######
153 ##############################
156 /******************************************************************************
157 * OpenProcessToken [ADVAPI32.@]
158 * Opens the access token associated with a process handle.
161 * ProcessHandle [I] Handle to process
162 * DesiredAccess [I] Desired access to process
163 * TokenHandle [O] Pointer to handle of open access token
166 * Success: TRUE. TokenHandle contains the access token.
170 * See NtOpenProcessToken.
173 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
174 HANDLE *TokenHandle )
176 CallWin32ToNt(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
179 /******************************************************************************
180 * OpenThreadToken [ADVAPI32.@]
182 * Opens the access token associated with a thread handle.
185 * ThreadHandle [I] Handle to process
186 * DesiredAccess [I] Desired access to the thread
188 * TokenHandle [O] Destination for the token handle
191 * Success: TRUE. TokenHandle contains the access token.
195 * See NtOpenThreadToken.
198 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
199 BOOL OpenAsSelf, HANDLE *TokenHandle)
201 CallWin32ToNt (NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
204 /******************************************************************************
205 * AdjustTokenPrivileges [ADVAPI32.@]
207 * Adjust the privileges of an open token handle.
210 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
211 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
212 * NewState [I] Desired new privileges of the token
213 * BufferLength [I] Length of NewState
214 * PreviousState [O] Destination for the previous state
215 * ReturnLength [I/O] Size of PreviousState
219 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
223 * See NtAdjustPrivilegesToken.
226 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
227 LPVOID NewState, DWORD BufferLength,
228 LPVOID PreviousState, LPDWORD ReturnLength )
230 CallWin32ToNt(NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges, NewState, BufferLength, PreviousState, ReturnLength));
233 /******************************************************************************
234 * CheckTokenMembership [ADVAPI32.@]
236 * Determine if an access token is a member of a SID.
239 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
240 * SidToCheck [I] SID that possibly contains the token
241 * IsMember [O] Destination for result.
244 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
248 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
251 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
257 /******************************************************************************
258 * GetTokenInformation [ADVAPI32.@]
261 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
262 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
263 * tokeninfo [O] Destination for token information
264 * tokeninfolength [I] Length of tokeninfo
265 * retlen [O] Destination for returned token information length
268 * Success: TRUE. tokeninfo contains retlen bytes of token information
272 * See NtQueryInformationToken.
275 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
276 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
278 TRACE("(%p, %s, %p, %ld, %p): \n",
280 (tokeninfoclass == TokenUser) ? "TokenUser" :
281 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
282 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
283 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
284 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
285 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
286 (tokeninfoclass == TokenSource) ? "TokenSource" :
287 (tokeninfoclass == TokenType) ? "TokenType" :
288 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
289 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
290 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
291 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
292 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
293 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
294 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
296 tokeninfo, tokeninfolength, retlen);
297 CallWin32ToNt (NtQueryInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength, retlen));
300 /******************************************************************************
301 * SetTokenInformation [ADVAPI32.@]
303 * Set information for an access token.
306 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
307 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
308 * tokeninfo [I] Token information to set
309 * tokeninfolength [I] Length of tokeninfo
312 * Success: TRUE. The information for the token is set to tokeninfo.
316 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
317 LPVOID tokeninfo, DWORD tokeninfolength )
319 FIXME("(%p, %s, %p, %ld): stub\n",
321 (tokeninfoclass == TokenUser) ? "TokenUser" :
322 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
323 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
324 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
325 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
326 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
327 (tokeninfoclass == TokenSource) ? "TokenSource" :
328 (tokeninfoclass == TokenType) ? "TokenType" :
329 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
330 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
331 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
332 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
333 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
334 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
335 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
337 tokeninfo, tokeninfolength);
339 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
344 /*************************************************************************
345 * SetThreadToken [ADVAPI32.@]
347 * Assigns an 'impersonation token' to a thread so it can assume the
348 * security privileges of another thread or process. Can also remove
349 * a previously assigned token.
352 * thread [O] Handle to thread to set the token for
353 * token [I] Token to set
356 * Success: TRUE. The threads access token is set to token
360 * Only supported on NT or higher. On Win9X this function does nothing.
361 * See SetTokenInformation.
363 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
365 FIXME("(%p, %p): stub (NT impl. only)\n", thread, token);
367 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
372 /* ##############################
373 ###### SID FUNCTIONS ######
374 ##############################
377 /******************************************************************************
378 * AllocateAndInitializeSid [ADVAPI32.@]
381 * pIdentifierAuthority []
382 * nSubAuthorityCount []
394 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
395 BYTE nSubAuthorityCount,
396 DWORD nSubAuthority0, DWORD nSubAuthority1,
397 DWORD nSubAuthority2, DWORD nSubAuthority3,
398 DWORD nSubAuthority4, DWORD nSubAuthority5,
399 DWORD nSubAuthority6, DWORD nSubAuthority7,
402 CallWin32ToNt (RtlAllocateAndInitializeSid(
403 pIdentifierAuthority, nSubAuthorityCount,
404 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
405 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
409 /******************************************************************************
410 * FreeSid [ADVAPI32.@]
419 return NULL; /* is documented like this */
422 /******************************************************************************
423 * CopySid [ADVAPI32.@]
426 * nDestinationSidLength []
431 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
433 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
436 /******************************************************************************
437 * IsValidSid [ADVAPI32.@]
443 IsValidSid( PSID pSid )
445 return RtlValidSid( pSid );
448 /******************************************************************************
449 * EqualSid [ADVAPI32.@]
456 EqualSid( PSID pSid1, PSID pSid2 )
458 return RtlEqualSid( pSid1, pSid2 );
461 /******************************************************************************
462 * EqualPrefixSid [ADVAPI32.@]
464 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
466 return RtlEqualPrefixSid(pSid1, pSid2);
469 /******************************************************************************
470 * GetSidLengthRequired [ADVAPI32.@]
473 * nSubAuthorityCount []
476 GetSidLengthRequired( BYTE nSubAuthorityCount )
478 return RtlLengthRequiredSid(nSubAuthorityCount);
481 /******************************************************************************
482 * InitializeSid [ADVAPI32.@]
485 * pIdentifierAuthority []
490 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
491 BYTE nSubAuthorityCount)
493 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
496 /******************************************************************************
497 * GetSidIdentifierAuthority [ADVAPI32.@]
502 PSID_IDENTIFIER_AUTHORITY WINAPI
503 GetSidIdentifierAuthority( PSID pSid )
505 return RtlIdentifierAuthoritySid(pSid);
508 /******************************************************************************
509 * GetSidSubAuthority [ADVAPI32.@]
516 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
518 return RtlSubAuthoritySid(pSid, nSubAuthority);
521 /******************************************************************************
522 * GetSidSubAuthorityCount [ADVAPI32.@]
528 GetSidSubAuthorityCount (PSID pSid)
530 return RtlSubAuthorityCountSid(pSid);
533 /******************************************************************************
534 * GetLengthSid [ADVAPI32.@]
540 GetLengthSid (PSID pSid)
542 return RtlLengthSid(pSid);
545 /* ##############################################
546 ###### SECURITY DESCRIPTOR FUNCTIONS ######
547 ##############################################
550 /******************************************************************************
551 * InitializeSecurityDescriptor [ADVAPI32.@]
558 InitializeSecurityDescriptor( SECURITY_DESCRIPTOR *pDescr, DWORD revision )
560 CallWin32ToNt (RtlCreateSecurityDescriptor(pDescr, revision ));
564 /******************************************************************************
565 * MakeAbsoluteSD [ADVAPI32.@]
567 BOOL WINAPI MakeAbsoluteSD (
568 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
569 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
570 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
572 OUT LPDWORD lpdwDaclSize,
574 OUT LPDWORD lpdwSaclSize,
576 OUT LPDWORD lpdwOwnerSize,
577 OUT PSID pPrimaryGroup,
578 OUT LPDWORD lpdwPrimaryGroupSize)
580 CallWin32ToNt (RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
581 pAbsoluteSecurityDescriptor, lpdwAbsoluteSecurityDescriptorSize,
582 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize, pOwner, lpdwOwnerSize,
583 pPrimaryGroup, lpdwPrimaryGroupSize));
587 /******************************************************************************
588 * GetSecurityDescriptorLength [ADVAPI32.@]
590 DWORD WINAPI GetSecurityDescriptorLength( SECURITY_DESCRIPTOR *pDescr)
592 return (RtlLengthSecurityDescriptor(pDescr));
595 /******************************************************************************
596 * GetSecurityDescriptorOwner [ADVAPI32.@]
600 * lpbOwnerDefaulted []
603 GetSecurityDescriptorOwner( SECURITY_DESCRIPTOR *pDescr, PSID *pOwner,
604 LPBOOL lpbOwnerDefaulted )
606 CallWin32ToNt (RtlGetOwnerSecurityDescriptor( pDescr, pOwner, (PBOOLEAN)lpbOwnerDefaulted ));
609 /******************************************************************************
610 * SetSecurityDescriptorOwner [ADVAPI32.@]
614 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
615 PSID pOwner, BOOL bOwnerDefaulted)
617 CallWin32ToNt (RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
619 /******************************************************************************
620 * GetSecurityDescriptorGroup [ADVAPI32.@]
622 BOOL WINAPI GetSecurityDescriptorGroup(
623 PSECURITY_DESCRIPTOR SecurityDescriptor,
625 LPBOOL GroupDefaulted)
627 CallWin32ToNt (RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, (PBOOLEAN)GroupDefaulted));
629 /******************************************************************************
630 * SetSecurityDescriptorGroup [ADVAPI32.@]
632 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
633 PSID Group, BOOL GroupDefaulted)
635 CallWin32ToNt (RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
638 /******************************************************************************
639 * IsValidSecurityDescriptor [ADVAPI32.@]
645 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
647 CallWin32ToNt (RtlValidSecurityDescriptor(SecurityDescriptor));
650 /******************************************************************************
651 * GetSecurityDescriptorDacl [ADVAPI32.@]
653 BOOL WINAPI GetSecurityDescriptorDacl(
654 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
655 OUT LPBOOL lpbDaclPresent,
657 OUT LPBOOL lpbDaclDefaulted)
659 CallWin32ToNt (RtlGetDaclSecurityDescriptor(pSecurityDescriptor, (PBOOLEAN)lpbDaclPresent,
660 pDacl, (PBOOLEAN)lpbDaclDefaulted));
663 /******************************************************************************
664 * SetSecurityDescriptorDacl [ADVAPI32.@]
667 SetSecurityDescriptorDacl (
668 PSECURITY_DESCRIPTOR lpsd,
673 CallWin32ToNt (RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ));
675 /******************************************************************************
676 * GetSecurityDescriptorSacl [ADVAPI32.@]
678 BOOL WINAPI GetSecurityDescriptorSacl(
679 IN PSECURITY_DESCRIPTOR lpsd,
680 OUT LPBOOL lpbSaclPresent,
682 OUT LPBOOL lpbSaclDefaulted)
684 CallWin32ToNt (RtlGetSaclSecurityDescriptor(lpsd,
685 (PBOOLEAN)lpbSaclPresent, pSacl, (PBOOLEAN)lpbSaclDefaulted));
688 /**************************************************************************
689 * SetSecurityDescriptorSacl [ADVAPI32.@]
691 BOOL WINAPI SetSecurityDescriptorSacl (
692 PSECURITY_DESCRIPTOR lpsd,
697 CallWin32ToNt (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
699 /******************************************************************************
700 * MakeSelfRelativeSD [ADVAPI32.@]
709 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
710 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
711 IN OUT LPDWORD lpdwBufferLength)
713 CallWin32ToNt (RtlMakeSelfRelativeSD(pAbsoluteSecurityDescriptor,pSelfRelativeSecurityDescriptor, lpdwBufferLength));
716 /******************************************************************************
717 * GetSecurityDescriptorControl [ADVAPI32.@]
720 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
721 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
723 CallWin32ToNt (RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
726 /* ##############################
727 ###### ACL FUNCTIONS ######
728 ##############################
731 /*************************************************************************
732 * InitializeAcl [ADVAPI32.@]
734 DWORD WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
736 CallWin32ToNt (RtlCreateAcl(acl, size, rev));
739 /******************************************************************************
740 * AddAccessAllowedAce [ADVAPI32.@]
742 BOOL WINAPI AddAccessAllowedAce(
744 IN DWORD dwAceRevision,
748 CallWin32ToNt(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
751 /******************************************************************************
752 * AddAccessAllowedAceEx [ADVAPI32.@]
754 BOOL WINAPI AddAccessAllowedAceEx(
756 IN DWORD dwAceRevision,
761 CallWin32ToNt(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
764 /******************************************************************************
765 * AddAccessDeniedAce [ADVAPI32.@]
767 BOOL WINAPI AddAccessDeniedAce(
769 IN DWORD dwAceRevision,
773 CallWin32ToNt(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
776 /******************************************************************************
777 * AddAccessDeniedAceEx [ADVAPI32.@]
779 BOOL WINAPI AddAccessDeniedAceEx(
781 IN DWORD dwAceRevision,
786 CallWin32ToNt(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
789 /******************************************************************************
790 * AddAce [ADVAPI32.@]
794 IN DWORD dwAceRevision,
795 IN DWORD dwStartingAceIndex,
797 DWORD nAceListLength)
799 CallWin32ToNt(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
802 /******************************************************************************
803 * DeleteAce [ADVAPI32.@]
805 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
807 CallWin32ToNt(RtlDeleteAce(pAcl, dwAceIndex));
810 /******************************************************************************
811 * FindFirstFreeAce [ADVAPI32.@]
813 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
815 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
818 /******************************************************************************
819 * GetAce [ADVAPI32.@]
821 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
823 CallWin32ToNt(RtlGetAce(pAcl, dwAceIndex, pAce));
826 /******************************************************************************
827 * GetAclInformation [ADVAPI32.@]
829 BOOL WINAPI GetAclInformation(
831 LPVOID pAclInformation,
832 DWORD nAclInformationLength,
833 ACL_INFORMATION_CLASS dwAclInformationClass)
835 CallWin32ToNt(RtlQueryInformationAcl(pAcl, pAclInformation,
836 nAclInformationLength, dwAclInformationClass));
839 /******************************************************************************
840 * IsValidAcl [ADVAPI32.@]
842 BOOL WINAPI IsValidAcl(IN PACL pAcl)
844 return RtlValidAcl(pAcl);
847 /* ##############################
848 ###### MISC FUNCTIONS ######
849 ##############################
852 static const char * const DefaultPrivNames[] =
855 "SeCreateTokenPrivilege", "SeAssignPrimaryTokenPrivilege",
856 "SeLockMemoryPrivilege", "SeIncreaseQuotaPrivilege",
857 "SeUnsolicitedInputPrivilege", "SeMachineAccountPrivilege",
858 "SeTcbPrivilege", "SeSecurityPrivilege",
859 "SeTakeOwnershipPrivilege", "SeLoadDriverPrivilege",
860 "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
861 "SeProfileSingleProcessPrivilege", "SeIncreaseBasePriorityPrivilege",
862 "SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege",
863 "SeBackupPrivilege", "SeRestorePrivilege",
864 "SeShutdownPrivilege", "SeDebugPrivilege",
865 "SeAuditPrivilege", "SeSystemEnvironmentPrivilege",
866 "SeChangeNotifyPrivilege", "SeRemoteShutdownPrivilege",
867 "SeUndockPrivilege", "SeSyncAgentPrivilege",
868 "SeEnableDelegationPrivilege", "SeManageVolumePrivilege",
869 "SeImpersonatePrivilege", "SeCreateGlobalPrivilege",
871 #define NUMPRIVS (sizeof DefaultPrivNames/sizeof DefaultPrivNames[0])
873 /******************************************************************************
874 * LookupPrivilegeValueW [ADVAPI32.@]
876 * See LookupPrivilegeValueA.
879 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
884 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
886 for( i=0; i<NUMPRIVS; i++ )
888 if( !DefaultPrivNames[i] )
890 MultiByteToWideChar( CP_ACP, 0, DefaultPrivNames[i], -1,
892 if( strcmpW( priv, lpName) )
895 lpLuid->HighPart = 0;
896 TRACE( "%s -> %08lx-%08lx\n",debugstr_w( lpSystemName ),
897 lpLuid->HighPart, lpLuid->LowPart );
903 /******************************************************************************
904 * LookupPrivilegeValueA [ADVAPI32.@]
906 * Retrieves LUID used on a system to represent the privilege name.
909 * lpSystemName [I] Name of the system
910 * lpName [I] Name of the privilege
911 * lpLuid [O] Destination for the resulting LUID
914 * Success: TRUE. lpLuid contains the requested LUID.
918 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
920 UNICODE_STRING lpSystemNameW;
921 UNICODE_STRING lpNameW;
924 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
925 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
926 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
927 RtlFreeUnicodeString(&lpNameW);
928 RtlFreeUnicodeString(&lpSystemNameW);
933 /******************************************************************************
934 * LookupPrivilegeNameA [ADVAPI32.@]
937 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
939 FIXME("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
943 /******************************************************************************
944 * LookupPrivilegeNameW [ADVAPI32.@]
947 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
949 FIXME("%s %p %p %p\n", debugstr_w(lpSystemName), lpLuid, lpName, cchName);
953 /******************************************************************************
954 * GetFileSecurityA [ADVAPI32.@]
956 * Obtains Specified information about the security of a file or directory.
959 * lpFileName [I] Name of the file to get info for
960 * RequestedInformation [I] SE_ flags from "winnt.h"
961 * pSecurityDescriptor [O] Destination for security information
962 * nLength [I] Length of pSecurityDescriptor
963 * lpnLengthNeeded [O] Destination for length of returned security information
966 * Success: TRUE. pSecurityDescriptor contains the requested information.
967 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
970 * The information returned is constrained by the callers access rights and
974 GetFileSecurityA( LPCSTR lpFileName,
975 SECURITY_INFORMATION RequestedInformation,
976 PSECURITY_DESCRIPTOR pSecurityDescriptor,
977 DWORD nLength, LPDWORD lpnLengthNeeded )
979 FIXME("(%s) : stub\n", debugstr_a(lpFileName));
983 /******************************************************************************
984 * GetFileSecurityW [ADVAPI32.@]
986 * See GetFileSecurityA.
989 GetFileSecurityW( LPCWSTR lpFileName,
990 SECURITY_INFORMATION RequestedInformation,
991 PSECURITY_DESCRIPTOR pSecurityDescriptor,
992 DWORD nLength, LPDWORD lpnLengthNeeded )
994 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
999 /******************************************************************************
1000 * LookupAccountSidA [ADVAPI32.@]
1007 IN OUT LPDWORD accountSize,
1009 IN OUT LPDWORD domainSize,
1010 OUT PSID_NAME_USE name_use )
1012 static const char ac[] = "Administrator";
1013 static const char dm[] = "DOMAIN";
1014 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1015 debugstr_a(system),sid,
1016 account,accountSize,accountSize?*accountSize:0,
1017 domain,domainSize,domainSize?*domainSize:0,
1020 if (accountSize) *accountSize = strlen(ac)+1;
1021 if (account && (*accountSize > strlen(ac)))
1022 strcpy(account, ac);
1024 if (domainSize) *domainSize = strlen(dm)+1;
1025 if (domain && (*domainSize > strlen(dm)))
1028 if (name_use) *name_use = SidTypeUser;
1032 /******************************************************************************
1033 * LookupAccountSidW [ADVAPI32.@]
1049 IN OUT LPDWORD accountSize,
1051 IN OUT LPDWORD domainSize,
1052 OUT PSID_NAME_USE name_use )
1054 static const WCHAR ac[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0};
1055 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
1056 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1057 debugstr_w(system),sid,
1058 account,accountSize,accountSize?*accountSize:0,
1059 domain,domainSize,domainSize?*domainSize:0,
1062 if (accountSize) *accountSize = strlenW(ac)+1;
1063 if (account && (*accountSize > strlenW(ac)))
1064 strcpyW(account, ac);
1066 if (domainSize) *domainSize = strlenW(dm)+1;
1067 if (domain && (*domainSize > strlenW(dm)))
1070 if (name_use) *name_use = SidTypeUser;
1074 /******************************************************************************
1075 * SetFileSecurityA [ADVAPI32.@]
1076 * Sets the security of a file or directory
1078 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
1079 SECURITY_INFORMATION RequestedInformation,
1080 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1082 FIXME("(%s) : stub\n", debugstr_a(lpFileName));
1086 /******************************************************************************
1087 * SetFileSecurityW [ADVAPI32.@]
1088 * Sets the security of a file or directory
1092 * RequestedInformation []
1093 * pSecurityDescriptor []
1096 SetFileSecurityW( LPCWSTR lpFileName,
1097 SECURITY_INFORMATION RequestedInformation,
1098 PSECURITY_DESCRIPTOR pSecurityDescriptor )
1100 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1104 /******************************************************************************
1105 * QueryWindows31FilesMigration [ADVAPI32.@]
1111 QueryWindows31FilesMigration( DWORD x1 )
1113 FIXME("(%ld):stub\n",x1);
1117 /******************************************************************************
1118 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1127 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1130 FIXME("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1,x2,x3,x4);
1134 /******************************************************************************
1135 * LsaOpenPolicy [ADVAPI32.@]
1145 IN PLSA_UNICODE_STRING SystemName,
1146 IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
1147 IN ACCESS_MASK DesiredAccess,
1148 IN OUT PLSA_HANDLE PolicyHandle)
1150 FIXME("(%s,%p,0x%08lx,%p):stub\n",
1151 SystemName?debugstr_w(SystemName->Buffer):"null",
1152 ObjectAttributes, DesiredAccess, PolicyHandle);
1153 ADVAPI_ForceLocalComputer(SystemName ? SystemName->Buffer : NULL,
1154 STATUS_ACCESS_VIOLATION);
1155 dumpLsaAttributes(ObjectAttributes);
1156 if(PolicyHandle) *PolicyHandle = (LSA_HANDLE)0xcafe;
1157 return STATUS_SUCCESS;
1160 /******************************************************************************
1161 * LsaQueryInformationPolicy [ADVAPI32.@]
1164 LsaQueryInformationPolicy(
1165 IN LSA_HANDLE PolicyHandle,
1166 IN POLICY_INFORMATION_CLASS InformationClass,
1169 FIXME("(%p,0x%08x,%p):stub\n",
1170 PolicyHandle, InformationClass, Buffer);
1172 if(!Buffer) return FALSE;
1173 switch (InformationClass)
1175 case PolicyAuditEventsInformation: /* 2 */
1177 PPOLICY_AUDIT_EVENTS_INFO p = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(POLICY_AUDIT_EVENTS_INFO));
1178 p->AuditingMode = FALSE; /* no auditing */
1182 case PolicyPrimaryDomainInformation: /* 3 */
1183 case PolicyAccountDomainInformation: /* 5 */
1186 { POLICY_PRIMARY_DOMAIN_INFO ppdi;
1189 SID_IDENTIFIER_AUTHORITY localSidAuthority = {SECURITY_NT_AUTHORITY};
1191 struct di * xdi = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(xdi));
1193 BOOL useDefault = TRUE;
1196 if ((ret = RegOpenKeyExA(HKEY_LOCAL_MACHINE,
1197 "System\\CurrentControlSet\\Services\\VxD\\VNETSUP", 0,
1198 KEY_READ, &key)) == ERROR_SUCCESS)
1201 static const WCHAR wg[] = { 'W','o','r','k','g','r','o','u','p',0 };
1203 ret = RegQueryValueExW(key, wg, NULL, NULL, NULL, &size);
1204 if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS)
1206 xdi->ppdi.Name.Buffer = HeapAlloc(GetProcessHeap(),
1207 HEAP_ZERO_MEMORY, size);
1208 if ((ret = RegQueryValueExW(key, wg, NULL, NULL,
1209 (LPBYTE)xdi->ppdi.Name.Buffer, &size)) == ERROR_SUCCESS)
1211 xdi->ppdi.Name.Length = (USHORT)size;
1216 HeapFree(GetProcessHeap(), 0, xdi->ppdi.Name.Buffer);
1217 xdi->ppdi.Name.Buffer = NULL;
1223 RtlCreateUnicodeStringFromAsciiz(&(xdi->ppdi.Name), "DOMAIN");
1224 TRACE("setting domain to %s\n", debugstr_w(xdi->ppdi.Name.Buffer));
1226 xdi->ppdi.Sid = &(xdi->sid);
1227 xdi->sid.Revision = SID_REVISION;
1228 xdi->sid.SubAuthorityCount = 1;
1229 xdi->sid.IdentifierAuthority = localSidAuthority;
1230 xdi->sid.SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID;
1234 case PolicyAuditLogInformation:
1235 case PolicyPdAccountInformation:
1236 case PolicyLsaServerRoleInformation:
1237 case PolicyReplicaSourceInformation:
1238 case PolicyDefaultQuotaInformation:
1239 case PolicyModificationInformation:
1240 case PolicyAuditFullSetInformation:
1241 case PolicyAuditFullQueryInformation:
1242 case PolicyDnsDomainInformation:
1244 FIXME("category not implemented\n");
1251 /******************************************************************************
1252 * LsaLookupSids [ADVAPI32.@]
1257 LSA_UNICODE_STRING Name;
1259 } LSA_TRANSLATED_NAME, *PLSA_TRANSLATED_NAME;
1263 LSA_UNICODE_STRING Name;
1265 } LSA_TRUST_INFORMATION, *PLSA_TRUST_INFORMATION;
1270 PLSA_TRUST_INFORMATION Domains;
1271 } LSA_REFERENCED_DOMAIN_LIST, *PLSA_REFERENCED_DOMAIN_LIST;
1275 IN LSA_HANDLE PolicyHandle,
1278 OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1279 OUT PLSA_TRANSLATED_NAME *Names )
1281 FIXME("%p %lu %p %p %p\n",
1282 PolicyHandle, Count, Sids, ReferencedDomains, Names);
1286 /******************************************************************************
1287 * LsaFreeMemory [ADVAPI32.@]
1290 LsaFreeMemory(IN PVOID Buffer)
1292 TRACE("(%p)\n",Buffer);
1293 return HeapFree(GetProcessHeap(), 0, Buffer);
1295 /******************************************************************************
1296 * LsaClose [ADVAPI32.@]
1299 LsaClose(IN LSA_HANDLE ObjectHandle)
1301 FIXME("(%p):stub\n",ObjectHandle);
1305 /******************************************************************************
1306 * LsaNtStatusToWinError [ADVAPI32.@]
1312 LsaNtStatusToWinError(NTSTATUS Status)
1314 return RtlNtStatusToDosError(Status);
1317 /******************************************************************************
1318 * NotifyBootConfigStatus [ADVAPI32.@]
1324 NotifyBootConfigStatus( DWORD x1 )
1326 FIXME("(0x%08lx):stub\n",x1);
1330 /******************************************************************************
1331 * RevertToSelf [ADVAPI32.@]
1337 RevertToSelf( void )
1339 FIXME("(), stub\n");
1343 /******************************************************************************
1344 * ImpersonateSelf [ADVAPI32.@]
1347 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1349 return RtlImpersonateSelf(ImpersonationLevel);
1352 /******************************************************************************
1353 * ImpersonateLoggedOnUser [ADVAPI32.@]
1355 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
1357 FIXME("(%p):stub returning FALSE\n", hToken);
1361 /******************************************************************************
1362 * AccessCheck [ADVAPI32.@]
1364 * FIXME check cast LPBOOL to PBOOLEAN
1368 PSECURITY_DESCRIPTOR SecurityDescriptor,
1370 DWORD DesiredAccess,
1371 PGENERIC_MAPPING GenericMapping,
1372 PPRIVILEGE_SET PrivilegeSet,
1373 LPDWORD PrivilegeSetLength,
1374 LPDWORD GrantedAccess,
1375 LPBOOL AccessStatus)
1377 CallWin32ToNt (NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
1378 GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, (PBOOLEAN)AccessStatus));
1382 /******************************************************************************
1383 * AccessCheckByType [ADVAPI32.@]
1385 BOOL WINAPI AccessCheckByType(
1386 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1387 PSID PrincipalSelfSid,
1389 DWORD DesiredAccess,
1390 POBJECT_TYPE_LIST ObjectTypeList,
1391 DWORD ObjectTypeListLength,
1392 PGENERIC_MAPPING GenericMapping,
1393 PPRIVILEGE_SET PrivilegeSet,
1394 LPDWORD PrivilegeSetLength,
1395 LPDWORD GrantedAccess,
1396 LPBOOL AccessStatus)
1400 *AccessStatus = TRUE;
1402 return !*AccessStatus;
1406 /*************************************************************************
1407 * SetKernelObjectSecurity [ADVAPI32.@]
1409 BOOL WINAPI SetKernelObjectSecurity (
1411 IN SECURITY_INFORMATION SecurityInformation,
1412 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
1414 CallWin32ToNt (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
1418 /******************************************************************************
1419 * AddAuditAccessAce [ADVAPI32.@]
1421 BOOL WINAPI AddAuditAccessAce(
1423 IN DWORD dwAceRevision,
1424 IN DWORD dwAccessMask,
1426 IN BOOL bAuditSuccess,
1427 IN BOOL bAuditFailure)
1433 /******************************************************************************
1434 * LookupAccountNameA [ADVAPI32.@]
1442 LPSTR ReferencedDomainName,
1443 IN OUT LPDWORD cbReferencedDomainName,
1444 OUT PSID_NAME_USE name_use )
1446 FIXME("(%s,%s,%p,%p,%p,%p,%p), stub.\n",system,account,sid,cbSid,ReferencedDomainName,cbReferencedDomainName,name_use);
1450 /******************************************************************************
1451 * PrivilegeCheck [ADVAPI32.@]
1453 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
1455 FIXME("stub %p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
1461 /******************************************************************************
1462 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
1464 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
1465 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1466 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1467 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1469 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
1470 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
1471 SecurityDescriptor, DesiredAccess, GenericMapping,
1472 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1476 /******************************************************************************
1477 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
1479 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
1480 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1481 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1482 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1484 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
1485 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
1486 SecurityDescriptor, DesiredAccess, GenericMapping,
1487 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1492 /******************************************************************************
1493 * GetSecurityInfoExW [ADVAPI32.@]
1495 DWORD WINAPI GetSecurityInfoExW(
1496 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1497 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
1498 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
1499 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
1503 return ERROR_BAD_PROVIDER;
1506 /******************************************************************************
1507 * BuildTrusteeWithSidA [ADVAPI32.@]
1509 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
1511 FIXME("%p %p\n", pTrustee, pSid);
1514 /******************************************************************************
1515 * BuildTrusteeWithSidW [ADVAPI32.@]
1517 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
1519 FIXME("%p %p\n", pTrustee, pSid);
1522 /******************************************************************************
1523 * SetEntriesInAclA [ADVAPI32.@]
1525 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
1526 PACL OldAcl, PACL* NewAcl )
1528 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1529 return ERROR_CALL_NOT_IMPLEMENTED;
1532 /******************************************************************************
1533 * SetEntriesInAclW [ADVAPI32.@]
1535 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
1536 PACL OldAcl, PACL* NewAcl )
1538 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1539 return ERROR_CALL_NOT_IMPLEMENTED;
1542 /******************************************************************************
1543 * SetNamedSecurityInfoA [ADVAPI32.@]
1545 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
1546 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1547 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1549 FIXME("%s %d %ld %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
1550 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1551 return ERROR_CALL_NOT_IMPLEMENTED;
1554 /******************************************************************************
1555 * AreAnyAccessesGranted [ADVAPI32.@]
1557 * Determines whether or not any of a set of specified access permissions have
1558 * been granted or not.
1561 * GrantedAccess [I] The permissions that have been granted.
1562 * DesiredAccess [I] The permissions that you want to have.
1565 * Nonzero if any of the permissions have been granted, zero if none of the
1566 * permissions have been granted.
1569 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
1571 return (GrantedAccess & DesiredAccess) != 0;
1574 /******************************************************************************
1575 * SetNamedSecurityInfoW [ADVAPI32.@]
1577 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
1578 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1579 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1581 FIXME("%s %d %ld %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
1582 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1583 return ERROR_CALL_NOT_IMPLEMENTED;
1586 /******************************************************************************
1587 * GetExplicitEntriesFromAclA [ADVAPI32.@]
1589 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
1590 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
1592 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1593 return ERROR_CALL_NOT_IMPLEMENTED;
1596 /******************************************************************************
1597 * GetExplicitEntriesFromAclW [ADVAPI32.@]
1599 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
1600 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
1602 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1603 return ERROR_CALL_NOT_IMPLEMENTED;
1607 /******************************************************************************
1608 * ParseAclStringFlags
1610 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
1613 LPCWSTR szAcl = *StringAcl;
1615 while (*szAcl != '(')
1619 flags |= SE_DACL_PROTECTED;
1621 else if (*szAcl == 'A')
1625 flags |= SE_DACL_AUTO_INHERIT_REQ;
1626 else if (*szAcl == 'I')
1627 flags |= SE_DACL_AUTO_INHERITED;
1636 /******************************************************************************
1637 * ParseAceStringType
1641 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
1642 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
1643 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
1644 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
1646 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
1647 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
1648 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
1649 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
1654 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
1657 LPCWSTR szAcl = *StringAcl;
1658 LPACEFLAG lpaf = AceType;
1660 while (lpaf->wstr &&
1661 (len = strlenW(lpaf->wstr)) &&
1662 strncmpW(lpaf->wstr, szAcl, len))
1673 /******************************************************************************
1674 * ParseAceStringFlags
1676 ACEFLAG AceFlags[] =
1678 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
1679 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
1680 { SDDL_INHERITED, INHERITED_ACE },
1681 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
1682 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
1683 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
1684 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
1688 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
1692 LPCWSTR szAcl = *StringAcl;
1694 while (*szAcl != ';')
1696 LPACEFLAG lpaf = AceFlags;
1698 while (lpaf->wstr &&
1699 (len = strlenW(lpaf->wstr)) &&
1700 strncmpW(lpaf->wstr, szAcl, len))
1706 flags |= lpaf->value;
1715 /******************************************************************************
1716 * ParseAceStringRights
1718 ACEFLAG AceRights[] =
1720 { SDDL_GENERIC_ALL, GENERIC_ALL },
1721 { SDDL_GENERIC_READ, GENERIC_READ },
1722 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
1723 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
1724 { SDDL_READ_CONTROL, READ_CONTROL },
1725 { SDDL_STANDARD_DELETE, DELETE },
1726 { SDDL_WRITE_DAC, WRITE_DAC },
1727 { SDDL_WRITE_OWNER, WRITE_OWNER },
1731 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
1735 LPCWSTR szAcl = *StringAcl;
1737 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
1741 while (*p && *p != ';')
1746 rights = strtoulW(szAcl, NULL, 16);
1750 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
1754 while (*szAcl != ';')
1756 LPACEFLAG lpaf = AceRights;
1758 while (lpaf->wstr &&
1759 (len = strlenW(lpaf->wstr)) &&
1760 strncmpW(lpaf->wstr, szAcl, len))
1768 rights |= lpaf->value;
1778 /******************************************************************************
1779 * ParseStringAclToAcl
1781 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
1783 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
1784 PACL pAcl, LPDWORD cBytes)
1788 DWORD length = sizeof(ACL);
1789 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
1791 TRACE("%s\n", debugstr_w(StringAcl));
1796 if (pAcl) /* pAce is only useful if we're setting values */
1797 pAce = (PACCESS_ALLOWED_ACE) ((LPBYTE)pAcl + sizeof(PACL));
1799 /* Parse ACL flags */
1800 *lpdwFlags = ParseAclStringFlags(&StringAcl);
1803 while (*StringAcl == '(')
1807 /* Parse ACE type */
1808 val = ParseAceStringType(&StringAcl);
1810 pAce->Header.AceType = (BYTE) val;
1811 if (*StringAcl != ';')
1815 /* Parse ACE flags */
1816 val = ParseAceStringFlags(&StringAcl);
1818 pAce->Header.AceFlags = (BYTE) val;
1819 if (*StringAcl != ';')
1823 /* Parse ACE rights */
1824 val = ParseAceStringRights(&StringAcl);
1827 if (*StringAcl != ';')
1831 /* Parse ACE object guid */
1832 if (*StringAcl != ';')
1834 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
1839 /* Parse ACE inherit object guid */
1840 if (*StringAcl != ';')
1842 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
1847 /* Parse ACE account sid */
1848 if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
1850 while (*StringAcl && *StringAcl != ')')
1854 if (*StringAcl != ')')
1858 length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
1865 WARN("Invalid ACE string format\n");
1870 /******************************************************************************
1871 * ParseStringSecurityDescriptorToSecurityDescriptor
1873 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
1874 LPCWSTR StringSecurityDescriptor,
1875 PSECURITY_DESCRIPTOR SecurityDescriptor,
1880 WCHAR tok[MAX_PATH];
1882 LPBYTE lpNext = NULL;
1886 if (SecurityDescriptor)
1887 lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
1889 while (*StringSecurityDescriptor)
1891 toktype = *StringSecurityDescriptor;
1893 /* Expect char identifier followed by ':' */
1894 StringSecurityDescriptor++;
1895 if (*StringSecurityDescriptor != ':')
1897 SetLastError(ERROR_INVALID_PARAMETER);
1900 StringSecurityDescriptor++;
1903 lptoken = StringSecurityDescriptor;
1904 while (*lptoken && *lptoken != ':')
1910 strncpyW(tok, StringSecurityDescriptor, lptoken - StringSecurityDescriptor);
1918 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
1921 if (SecurityDescriptor)
1923 SecurityDescriptor->Owner = (PSID) ((DWORD) lpNext -
1924 (DWORD) SecurityDescriptor);
1925 lpNext += bytes; /* Advance to next token */
1937 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
1940 if (SecurityDescriptor)
1942 SecurityDescriptor->Group = (PSID) ((DWORD) lpNext -
1943 (DWORD) SecurityDescriptor);
1944 lpNext += bytes; /* Advance to next token */
1957 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
1960 if (SecurityDescriptor)
1962 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
1963 SecurityDescriptor->Dacl = (PACL) ((DWORD) lpNext -
1964 (DWORD) SecurityDescriptor);
1965 lpNext += bytes; /* Advance to next token */
1978 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
1981 if (SecurityDescriptor)
1983 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
1984 SecurityDescriptor->Sacl = (PACL) ((DWORD) lpNext -
1985 (DWORD) SecurityDescriptor);
1986 lpNext += bytes; /* Advance to next token */
1995 FIXME("Unknown token\n");
1996 SetLastError(ERROR_INVALID_PARAMETER);
2000 StringSecurityDescriptor = lptoken;
2009 /******************************************************************************
2010 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2012 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
2013 LPCWSTR StringSecurityDescriptor,
2014 DWORD StringSDRevision,
2015 PSECURITY_DESCRIPTOR* SecurityDescriptor,
2016 PULONG SecurityDescriptorSize)
2019 PSECURITY_DESCRIPTOR psd;
2022 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2024 if (GetVersion() & 0x80000000)
2026 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2029 else if (StringSDRevision != SID_REVISION)
2031 SetLastError(ERROR_UNKNOWN_REVISION);
2035 /* Compute security descriptor length */
2036 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2040 psd = *SecurityDescriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(
2041 GMEM_ZEROINIT, cBytes);
2043 psd->Revision = SID_REVISION;
2044 psd->Control |= SE_SELF_RELATIVE;
2046 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2053 if (SecurityDescriptorSize)
2054 *SecurityDescriptorSize = cBytes;
2059 TRACE(" ret=%d\n", bret);
2063 /******************************************************************************
2064 * ConvertStringSidToSidW [ADVAPI32.@]
2066 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
2071 if (GetVersion() & 0x80000000)
2072 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2073 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
2075 PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
2077 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
2085 /******************************************************************************
2086 * ComputeStringSidSize
2088 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
2091 DWORD size = sizeof(SID);
2095 if (*StringSid == '-')
2101 size += (ctok - 3) * sizeof(DWORD);
2106 /******************************************************************************
2107 * ParseStringSidToSid
2109 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
2115 SetLastError(ERROR_INVALID_PARAMETER);
2119 *cBytes = ComputeStringSidSize(StringSid);
2120 if (!pSid) /* Simply compute the size */
2123 if (*StringSid != 'S' || *StringSid != '-') /* S-R-I-S-S */
2126 int csubauth = ((*cBytes - sizeof(SID)) / sizeof(DWORD)) + 1;
2128 StringSid += 2; /* Advance to Revision */
2129 pSid->Revision = atoiW(StringSid);
2131 if (pSid->Revision != SDDL_REVISION)
2132 goto lend; /* ERROR_INVALID_SID */
2134 pSid->SubAuthorityCount = csubauth;
2136 while (*StringSid && *StringSid != '-')
2137 StringSid++; /* Advance to identifier authority */
2139 pSid->IdentifierAuthority.Value[5] = atoiW(StringSid);
2141 if (pSid->IdentifierAuthority.Value[5] > 5)
2142 goto lend; /* ERROR_INVALID_SID */
2146 while (*StringSid && *StringSid != '-')
2149 pSid->SubAuthority[i++] = atoiW(StringSid);
2152 if (i != pSid->SubAuthorityCount)
2153 goto lend; /* ERROR_INVALID_SID */
2157 else /* String constant format - Only available in winxp and above */
2159 pSid->Revision = SDDL_REVISION;
2160 pSid->SubAuthorityCount = 1;
2162 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
2164 /* TODO: Lookup string of well-known SIDs in table */
2165 pSid->IdentifierAuthority.Value[5] = 0;
2166 pSid->SubAuthority[0] = 0;
2173 SetLastError(ERROR_INVALID_SID);
2178 /******************************************************************************
2179 * GetNamedSecurityInfoA [ADVAPI32.@]
2181 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
2182 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2183 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2184 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2190 TRACE("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
2191 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2195 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
2196 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
2197 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
2200 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
2201 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
2204 HeapFree( GetProcessHeap(), 0, wstr );
2209 /******************************************************************************
2210 * GetNamedSecurityInfoW [ADVAPI32.@]
2212 DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName,
2213 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2214 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2215 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2217 FIXME("%s %d %ld %p %p %p %p %p\n", debugstr_w(pObjectName), ObjectType, SecurityInfo,
2218 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2219 return ERROR_CALL_NOT_IMPLEMENTED;
projects / wine / blob