2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
37 #include "wine/debug.h"
38 #include "wine/unicode.h"
40 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
42 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
43 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
44 PACL pAcl, LPDWORD cBytes);
45 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
46 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
47 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
48 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
49 LPCWSTR StringSecurityDescriptor,
50 SECURITY_DESCRIPTOR* SecurityDescriptor,
52 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
54 typedef struct _ACEFLAG
58 } ACEFLAG, *LPACEFLAG;
63 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
64 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
65 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
66 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
67 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
68 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
69 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
70 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
75 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
76 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
77 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
78 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
79 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
80 static const WCHAR SDDL_ALARM[] = {'A','L',0};
81 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
82 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
87 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
88 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
89 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
90 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
91 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
92 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
93 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
95 #define CallWin32ToNt(func) \
98 if (ret !=STATUS_SUCCESS) \
99 { SetLastError (RtlNtStatusToDosError(ret)); return FALSE; } \
103 static void dumpLsaAttributes( PLSA_OBJECT_ATTRIBUTES oa )
107 TRACE("\n\tlength=%lu, rootdir=%p, objectname=%s\n\tattr=0x%08lx, sid=%p qos=%p\n",
108 oa->Length, oa->RootDirectory,
109 oa->ObjectName?debugstr_w(oa->ObjectName->Buffer):"null",
110 oa->Attributes, oa->SecurityDescriptor, oa->SecurityQualityOfService);
114 /************************************************************
115 * ADVAPI_IsLocalComputer
117 * Checks whether the server name indicates local machine.
119 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
125 else if (!ServerName[0])
131 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
135 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
136 Result = GetComputerNameW(buf, &dwSize);
137 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
139 Result = Result && !lstrcmpW(ServerName, buf);
140 HeapFree(GetProcessHeap(), 0, buf);
146 #define ADVAPI_ForceLocalComputer(ServerName, FailureCode) \
147 if (!ADVAPI_IsLocalComputer(ServerName)) \
149 FIXME("Action Implemented for local computer only. " \
150 "Requested for server %s\n", debugstr_w(ServerName)); \
151 return FailureCode; \
154 /* ##############################
155 ###### TOKEN FUNCTIONS ######
156 ##############################
159 /******************************************************************************
160 * OpenProcessToken [ADVAPI32.@]
161 * Opens the access token associated with a process handle.
164 * ProcessHandle [I] Handle to process
165 * DesiredAccess [I] Desired access to process
166 * TokenHandle [O] Pointer to handle of open access token
169 * Success: TRUE. TokenHandle contains the access token.
173 * See NtOpenProcessToken.
176 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
177 HANDLE *TokenHandle )
179 CallWin32ToNt(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
182 /******************************************************************************
183 * OpenThreadToken [ADVAPI32.@]
185 * Opens the access token associated with a thread handle.
188 * ThreadHandle [I] Handle to process
189 * DesiredAccess [I] Desired access to the thread
191 * TokenHandle [O] Destination for the token handle
194 * Success: TRUE. TokenHandle contains the access token.
198 * See NtOpenThreadToken.
201 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
202 BOOL OpenAsSelf, HANDLE *TokenHandle)
204 CallWin32ToNt (NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
207 /******************************************************************************
208 * AdjustTokenPrivileges [ADVAPI32.@]
210 * Adjust the privileges of an open token handle.
213 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
214 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
215 * NewState [I] Desired new privileges of the token
216 * BufferLength [I] Length of NewState
217 * PreviousState [O] Destination for the previous state
218 * ReturnLength [I/O] Size of PreviousState
222 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
226 * See NtAdjustPrivilegesToken.
229 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
230 LPVOID NewState, DWORD BufferLength,
231 LPVOID PreviousState, LPDWORD ReturnLength )
233 CallWin32ToNt(NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges, NewState, BufferLength, PreviousState, ReturnLength));
236 /******************************************************************************
237 * CheckTokenMembership [ADVAPI32.@]
239 * Determine if an access token is a member of a SID.
242 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
243 * SidToCheck [I] SID that possibly contains the token
244 * IsMember [O] Destination for result.
247 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
251 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
254 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
260 /******************************************************************************
261 * GetTokenInformation [ADVAPI32.@]
264 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
265 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
266 * tokeninfo [O] Destination for token information
267 * tokeninfolength [I] Length of tokeninfo
268 * retlen [O] Destination for returned token information length
271 * Success: TRUE. tokeninfo contains retlen bytes of token information
275 * See NtQueryInformationToken.
278 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
279 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
281 TRACE("(%p, %s, %p, %ld, %p): \n",
283 (tokeninfoclass == TokenUser) ? "TokenUser" :
284 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
285 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
286 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
287 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
288 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
289 (tokeninfoclass == TokenSource) ? "TokenSource" :
290 (tokeninfoclass == TokenType) ? "TokenType" :
291 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
292 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
293 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
294 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
295 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
296 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
297 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
299 tokeninfo, tokeninfolength, retlen);
300 CallWin32ToNt (NtQueryInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength, retlen));
303 /******************************************************************************
304 * SetTokenInformation [ADVAPI32.@]
306 * Set information for an access token.
309 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
310 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
311 * tokeninfo [I] Token information to set
312 * tokeninfolength [I] Length of tokeninfo
315 * Success: TRUE. The information for the token is set to tokeninfo.
319 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
320 LPVOID tokeninfo, DWORD tokeninfolength )
322 TRACE("(%p, %s, %p, %ld): stub\n",
324 (tokeninfoclass == TokenUser) ? "TokenUser" :
325 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
326 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
327 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
328 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
329 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
330 (tokeninfoclass == TokenSource) ? "TokenSource" :
331 (tokeninfoclass == TokenType) ? "TokenType" :
332 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
333 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
334 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
335 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
336 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
337 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
338 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
340 tokeninfo, tokeninfolength);
342 CallWin32ToNt (NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
345 /*************************************************************************
346 * SetThreadToken [ADVAPI32.@]
348 * Assigns an 'impersonation token' to a thread so it can assume the
349 * security privileges of another thread or process. Can also remove
350 * a previously assigned token.
353 * thread [O] Handle to thread to set the token for
354 * token [I] Token to set
357 * Success: TRUE. The threads access token is set to token
361 * Only supported on NT or higher. On Win9X this function does nothing.
362 * See SetTokenInformation.
364 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
366 CallWin32ToNt (NtSetInformationThread( thread ? *thread : GetCurrentThread(),
367 ThreadImpersonationToken, &token, sizeof token ));
370 /* ##############################
371 ###### SID FUNCTIONS ######
372 ##############################
375 /******************************************************************************
376 * AllocateAndInitializeSid [ADVAPI32.@]
379 * pIdentifierAuthority []
380 * nSubAuthorityCount []
392 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
393 BYTE nSubAuthorityCount,
394 DWORD nSubAuthority0, DWORD nSubAuthority1,
395 DWORD nSubAuthority2, DWORD nSubAuthority3,
396 DWORD nSubAuthority4, DWORD nSubAuthority5,
397 DWORD nSubAuthority6, DWORD nSubAuthority7,
400 CallWin32ToNt (RtlAllocateAndInitializeSid(
401 pIdentifierAuthority, nSubAuthorityCount,
402 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
403 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
407 /******************************************************************************
408 * FreeSid [ADVAPI32.@]
417 return NULL; /* is documented like this */
420 /******************************************************************************
421 * CopySid [ADVAPI32.@]
424 * nDestinationSidLength []
429 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
431 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
434 /******************************************************************************
435 * IsValidSid [ADVAPI32.@]
441 IsValidSid( PSID pSid )
443 return RtlValidSid( pSid );
446 /******************************************************************************
447 * EqualSid [ADVAPI32.@]
454 EqualSid( PSID pSid1, PSID pSid2 )
456 return RtlEqualSid( pSid1, pSid2 );
459 /******************************************************************************
460 * EqualPrefixSid [ADVAPI32.@]
462 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
464 return RtlEqualPrefixSid(pSid1, pSid2);
467 /******************************************************************************
468 * GetSidLengthRequired [ADVAPI32.@]
471 * nSubAuthorityCount []
474 GetSidLengthRequired( BYTE nSubAuthorityCount )
476 return RtlLengthRequiredSid(nSubAuthorityCount);
479 /******************************************************************************
480 * InitializeSid [ADVAPI32.@]
483 * pIdentifierAuthority []
488 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
489 BYTE nSubAuthorityCount)
491 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
494 /******************************************************************************
495 * GetSidIdentifierAuthority [ADVAPI32.@]
500 PSID_IDENTIFIER_AUTHORITY WINAPI
501 GetSidIdentifierAuthority( PSID pSid )
503 return RtlIdentifierAuthoritySid(pSid);
506 /******************************************************************************
507 * GetSidSubAuthority [ADVAPI32.@]
514 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
516 return RtlSubAuthoritySid(pSid, nSubAuthority);
519 /******************************************************************************
520 * GetSidSubAuthorityCount [ADVAPI32.@]
526 GetSidSubAuthorityCount (PSID pSid)
528 return RtlSubAuthorityCountSid(pSid);
531 /******************************************************************************
532 * GetLengthSid [ADVAPI32.@]
538 GetLengthSid (PSID pSid)
540 return RtlLengthSid(pSid);
543 /* ##############################################
544 ###### SECURITY DESCRIPTOR FUNCTIONS ######
545 ##############################################
548 /******************************************************************************
549 * InitializeSecurityDescriptor [ADVAPI32.@]
556 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision )
558 CallWin32ToNt (RtlCreateSecurityDescriptor(pDescr, revision ));
562 /******************************************************************************
563 * MakeAbsoluteSD [ADVAPI32.@]
565 BOOL WINAPI MakeAbsoluteSD (
566 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
567 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
568 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
570 OUT LPDWORD lpdwDaclSize,
572 OUT LPDWORD lpdwSaclSize,
574 OUT LPDWORD lpdwOwnerSize,
575 OUT PSID pPrimaryGroup,
576 OUT LPDWORD lpdwPrimaryGroupSize)
578 CallWin32ToNt (RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
579 pAbsoluteSecurityDescriptor, lpdwAbsoluteSecurityDescriptorSize,
580 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize, pOwner, lpdwOwnerSize,
581 pPrimaryGroup, lpdwPrimaryGroupSize));
585 /******************************************************************************
586 * GetSecurityDescriptorLength [ADVAPI32.@]
588 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr)
590 return (RtlLengthSecurityDescriptor(pDescr));
593 /******************************************************************************
594 * GetSecurityDescriptorOwner [ADVAPI32.@]
598 * lpbOwnerDefaulted []
601 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner,
602 LPBOOL lpbOwnerDefaulted )
604 CallWin32ToNt (RtlGetOwnerSecurityDescriptor( pDescr, pOwner, (PBOOLEAN)lpbOwnerDefaulted ));
607 /******************************************************************************
608 * SetSecurityDescriptorOwner [ADVAPI32.@]
612 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
613 PSID pOwner, BOOL bOwnerDefaulted)
615 CallWin32ToNt (RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
617 /******************************************************************************
618 * GetSecurityDescriptorGroup [ADVAPI32.@]
620 BOOL WINAPI GetSecurityDescriptorGroup(
621 PSECURITY_DESCRIPTOR SecurityDescriptor,
623 LPBOOL GroupDefaulted)
625 CallWin32ToNt (RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, (PBOOLEAN)GroupDefaulted));
627 /******************************************************************************
628 * SetSecurityDescriptorGroup [ADVAPI32.@]
630 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
631 PSID Group, BOOL GroupDefaulted)
633 CallWin32ToNt (RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
636 /******************************************************************************
637 * IsValidSecurityDescriptor [ADVAPI32.@]
643 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
645 CallWin32ToNt (RtlValidSecurityDescriptor(SecurityDescriptor));
648 /******************************************************************************
649 * GetSecurityDescriptorDacl [ADVAPI32.@]
651 BOOL WINAPI GetSecurityDescriptorDacl(
652 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
653 OUT LPBOOL lpbDaclPresent,
655 OUT LPBOOL lpbDaclDefaulted)
657 CallWin32ToNt (RtlGetDaclSecurityDescriptor(pSecurityDescriptor, (PBOOLEAN)lpbDaclPresent,
658 pDacl, (PBOOLEAN)lpbDaclDefaulted));
661 /******************************************************************************
662 * SetSecurityDescriptorDacl [ADVAPI32.@]
665 SetSecurityDescriptorDacl (
666 PSECURITY_DESCRIPTOR lpsd,
671 CallWin32ToNt (RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ));
673 /******************************************************************************
674 * GetSecurityDescriptorSacl [ADVAPI32.@]
676 BOOL WINAPI GetSecurityDescriptorSacl(
677 IN PSECURITY_DESCRIPTOR lpsd,
678 OUT LPBOOL lpbSaclPresent,
680 OUT LPBOOL lpbSaclDefaulted)
682 CallWin32ToNt (RtlGetSaclSecurityDescriptor(lpsd,
683 (PBOOLEAN)lpbSaclPresent, pSacl, (PBOOLEAN)lpbSaclDefaulted));
686 /**************************************************************************
687 * SetSecurityDescriptorSacl [ADVAPI32.@]
689 BOOL WINAPI SetSecurityDescriptorSacl (
690 PSECURITY_DESCRIPTOR lpsd,
695 CallWin32ToNt (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
697 /******************************************************************************
698 * MakeSelfRelativeSD [ADVAPI32.@]
707 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
708 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
709 IN OUT LPDWORD lpdwBufferLength)
711 CallWin32ToNt (RtlMakeSelfRelativeSD(pAbsoluteSecurityDescriptor,pSelfRelativeSecurityDescriptor, lpdwBufferLength));
714 /******************************************************************************
715 * GetSecurityDescriptorControl [ADVAPI32.@]
718 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
719 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
721 CallWin32ToNt (RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
724 /* ##############################
725 ###### ACL FUNCTIONS ######
726 ##############################
729 /*************************************************************************
730 * InitializeAcl [ADVAPI32.@]
732 DWORD WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
734 CallWin32ToNt (RtlCreateAcl(acl, size, rev));
737 /******************************************************************************
738 * AddAccessAllowedAce [ADVAPI32.@]
740 BOOL WINAPI AddAccessAllowedAce(
742 IN DWORD dwAceRevision,
746 CallWin32ToNt(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
749 /******************************************************************************
750 * AddAccessAllowedAceEx [ADVAPI32.@]
752 BOOL WINAPI AddAccessAllowedAceEx(
754 IN DWORD dwAceRevision,
759 CallWin32ToNt(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
762 /******************************************************************************
763 * AddAccessDeniedAce [ADVAPI32.@]
765 BOOL WINAPI AddAccessDeniedAce(
767 IN DWORD dwAceRevision,
771 CallWin32ToNt(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
774 /******************************************************************************
775 * AddAccessDeniedAceEx [ADVAPI32.@]
777 BOOL WINAPI AddAccessDeniedAceEx(
779 IN DWORD dwAceRevision,
784 CallWin32ToNt(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
787 /******************************************************************************
788 * AddAce [ADVAPI32.@]
792 IN DWORD dwAceRevision,
793 IN DWORD dwStartingAceIndex,
795 DWORD nAceListLength)
797 CallWin32ToNt(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
800 /******************************************************************************
801 * DeleteAce [ADVAPI32.@]
803 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
805 CallWin32ToNt(RtlDeleteAce(pAcl, dwAceIndex));
808 /******************************************************************************
809 * FindFirstFreeAce [ADVAPI32.@]
811 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
813 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
816 /******************************************************************************
817 * GetAce [ADVAPI32.@]
819 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
821 CallWin32ToNt(RtlGetAce(pAcl, dwAceIndex, pAce));
824 /******************************************************************************
825 * GetAclInformation [ADVAPI32.@]
827 BOOL WINAPI GetAclInformation(
829 LPVOID pAclInformation,
830 DWORD nAclInformationLength,
831 ACL_INFORMATION_CLASS dwAclInformationClass)
833 CallWin32ToNt(RtlQueryInformationAcl(pAcl, pAclInformation,
834 nAclInformationLength, dwAclInformationClass));
837 /******************************************************************************
838 * IsValidAcl [ADVAPI32.@]
840 BOOL WINAPI IsValidAcl(IN PACL pAcl)
842 return RtlValidAcl(pAcl);
845 /* ##############################
846 ###### MISC FUNCTIONS ######
847 ##############################
850 /******************************************************************************
851 * AllocateLocallyUniqueId [ADVAPI32.@]
856 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid )
858 CallWin32ToNt(NtAllocateLocallyUniqueId(lpLuid));
861 static const WCHAR SE_CREATE_TOKEN_NAME_W[] =
862 { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
863 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] =
864 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
865 static const WCHAR SE_LOCK_MEMORY_NAME_W[] =
866 { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 };
867 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] =
868 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
869 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] =
870 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
871 static const WCHAR SE_TCB_NAME_W[] =
872 { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 };
873 static const WCHAR SE_SECURITY_NAME_W[] =
874 { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
875 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] =
876 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
877 static const WCHAR SE_LOAD_DRIVER_NAME_W[] =
878 { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 };
879 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] =
880 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
881 static const WCHAR SE_SYSTEMTIME_NAME_W[] =
882 { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 };
883 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] =
884 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
885 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] =
886 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
887 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] =
888 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
889 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] =
890 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
891 static const WCHAR SE_BACKUP_NAME_W[] =
892 { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 };
893 static const WCHAR SE_RESTORE_NAME_W[] =
894 { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 };
895 static const WCHAR SE_SHUTDOWN_NAME_W[] =
896 { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
897 static const WCHAR SE_DEBUG_NAME_W[] =
898 { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 };
899 static const WCHAR SE_AUDIT_NAME_W[] =
900 { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 };
901 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] =
902 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
903 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] =
904 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
905 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] =
906 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
907 static const WCHAR SE_UNDOCK_NAME_W[] =
908 { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 };
909 static const WCHAR SE_SYNC_AGENT_NAME_W[] =
910 { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 };
911 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] =
912 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
913 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] =
914 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
915 static const WCHAR SE_IMPERSONATE_NAME_W[] =
916 { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 };
917 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
918 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
920 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
924 SE_CREATE_TOKEN_NAME_W,
925 SE_ASSIGNPRIMARYTOKEN_NAME_W,
926 SE_LOCK_MEMORY_NAME_W,
927 SE_INCREASE_QUOTA_NAME_W,
928 SE_MACHINE_ACCOUNT_NAME_W,
931 SE_TAKE_OWNERSHIP_NAME_W,
932 SE_LOAD_DRIVER_NAME_W,
933 SE_SYSTEM_PROFILE_NAME_W,
934 SE_SYSTEMTIME_NAME_W,
935 SE_PROF_SINGLE_PROCESS_NAME_W,
936 SE_INC_BASE_PRIORITY_NAME_W,
937 SE_CREATE_PAGEFILE_NAME_W,
938 SE_CREATE_PERMANENT_NAME_W,
944 SE_SYSTEM_ENVIRONMENT_NAME_W,
945 SE_CHANGE_NOTIFY_NAME_W,
946 SE_REMOTE_SHUTDOWN_NAME_W,
948 SE_SYNC_AGENT_NAME_W,
949 SE_ENABLE_DELEGATION_NAME_W,
950 SE_MANAGE_VOLUME_NAME_W,
951 SE_IMPERSONATE_NAME_W,
952 SE_CREATE_GLOBAL_NAME_W,
955 /******************************************************************************
956 * LookupPrivilegeValueW [ADVAPI32.@]
958 * See LookupPrivilegeValueA.
961 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
965 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
967 if (!ADVAPI_IsLocalComputer(lpSystemName))
969 SetLastError(RPC_S_SERVER_UNAVAILABLE);
974 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
977 for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<SE_MAX_WELL_KNOWN_PRIVILEGE; i++ )
979 if( !WellKnownPrivNames[i] )
981 if( strcmpiW( WellKnownPrivNames[i], lpName) )
984 lpLuid->HighPart = 0;
985 TRACE( "%s -> %08lx-%08lx\n",debugstr_w( lpSystemName ),
986 lpLuid->HighPart, lpLuid->LowPart );
989 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
993 /******************************************************************************
994 * LookupPrivilegeValueA [ADVAPI32.@]
996 * Retrieves LUID used on a system to represent the privilege name.
999 * lpSystemName [I] Name of the system
1000 * lpName [I] Name of the privilege
1001 * lpLuid [O] Destination for the resulting LUID
1004 * Success: TRUE. lpLuid contains the requested LUID.
1008 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
1010 UNICODE_STRING lpSystemNameW;
1011 UNICODE_STRING lpNameW;
1014 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1015 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
1016 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
1017 RtlFreeUnicodeString(&lpNameW);
1018 RtlFreeUnicodeString(&lpSystemNameW);
1023 /******************************************************************************
1024 * LookupPrivilegeNameA [ADVAPI32.@]
1026 * See LookupPrivilegeNameW
1029 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName,
1032 UNICODE_STRING lpSystemNameW;
1036 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1038 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1039 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1040 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1042 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1044 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1048 /* Windows crashes if cchName is NULL, so will I */
1049 int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1050 *cchName, NULL, NULL);
1054 /* WideCharToMultiByte failed */
1057 else if (len > *cchName)
1060 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1065 /* WideCharToMultiByte succeeded, output length needs to be
1066 * length not including NULL terminator
1071 HeapFree(GetProcessHeap(), 0, lpNameW);
1073 RtlFreeUnicodeString(&lpSystemNameW);
1077 /******************************************************************************
1078 * LookupPrivilegeNameW [ADVAPI32.@]
1080 * Retrieves the privilege name referred to by the LUID lpLuid.
1083 * lpSystemName [I] Name of the system
1084 * lpLuid [I] Privilege value
1085 * lpName [O] Name of the privilege
1086 * cchName [I/O] Number of characters in lpName.
1089 * Success: TRUE. lpName contains the name of the privilege whose value is
1094 * Only well-known privilege names (those defined in winnt.h) can be retrieved
1095 * using this function.
1096 * If the length of lpName is too small, on return *cchName will contain the
1097 * number of WCHARs needed to contain the privilege, including the NULL
1098 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
1099 * On success, *cchName will contain the number of characters stored in
1100 * lpName, NOT including the NULL terminator.
1103 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
1108 TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
1110 if (!ADVAPI_IsLocalComputer(lpSystemName))
1112 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1115 if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
1116 lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
1118 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1121 privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
1122 /* Windows crashes if cchName is NULL, so will I */
1123 if (*cchName <= privNameLen)
1125 *cchName = privNameLen + 1;
1126 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1131 strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
1132 *cchName = privNameLen;
1137 /******************************************************************************
1138 * GetFileSecurityA [ADVAPI32.@]
1140 * Obtains Specified information about the security of a file or directory.
1143 * lpFileName [I] Name of the file to get info for
1144 * RequestedInformation [I] SE_ flags from "winnt.h"
1145 * pSecurityDescriptor [O] Destination for security information
1146 * nLength [I] Length of pSecurityDescriptor
1147 * lpnLengthNeeded [O] Destination for length of returned security information
1150 * Success: TRUE. pSecurityDescriptor contains the requested information.
1151 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1154 * The information returned is constrained by the callers access rights and
1158 GetFileSecurityA( LPCSTR lpFileName,
1159 SECURITY_INFORMATION RequestedInformation,
1160 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1161 DWORD nLength, LPDWORD lpnLengthNeeded )
1169 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1170 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1171 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1174 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor,
1175 nLength, lpnLengthNeeded );
1177 HeapFree( GetProcessHeap(), 0, name );
1182 /******************************************************************************
1183 * GetFileSecurityW [ADVAPI32.@]
1185 * See GetFileSecurityA.
1188 GetFileSecurityW( LPCWSTR lpFileName,
1189 SECURITY_INFORMATION RequestedInformation,
1190 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1191 DWORD nLength, LPDWORD lpnLengthNeeded )
1193 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1198 /******************************************************************************
1199 * LookupAccountSidA [ADVAPI32.@]
1206 IN OUT LPDWORD accountSize,
1208 IN OUT LPDWORD domainSize,
1209 OUT PSID_NAME_USE name_use )
1211 static const char ac[] = "Administrator";
1212 static const char dm[] = "DOMAIN";
1213 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1214 debugstr_a(system),sid,
1215 account,accountSize,accountSize?*accountSize:0,
1216 domain,domainSize,domainSize?*domainSize:0,
1219 if (accountSize) *accountSize = strlen(ac)+1;
1220 if (account && (*accountSize > strlen(ac)))
1221 strcpy(account, ac);
1223 if (domainSize) *domainSize = strlen(dm)+1;
1224 if (domain && (*domainSize > strlen(dm)))
1227 if (name_use) *name_use = SidTypeUser;
1231 /******************************************************************************
1232 * LookupAccountSidW [ADVAPI32.@]
1248 IN OUT LPDWORD accountSize,
1250 IN OUT LPDWORD domainSize,
1251 OUT PSID_NAME_USE name_use )
1253 static const WCHAR ac[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0};
1254 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
1255 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1256 debugstr_w(system),sid,
1257 account,accountSize,accountSize?*accountSize:0,
1258 domain,domainSize,domainSize?*domainSize:0,
1261 if (accountSize) *accountSize = strlenW(ac)+1;
1262 if (account && (*accountSize > strlenW(ac)))
1263 strcpyW(account, ac);
1265 if (domainSize) *domainSize = strlenW(dm)+1;
1266 if (domain && (*domainSize > strlenW(dm)))
1269 if (name_use) *name_use = SidTypeUser;
1273 /******************************************************************************
1274 * SetFileSecurityA [ADVAPI32.@]
1275 * Sets the security of a file or directory
1277 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
1278 SECURITY_INFORMATION RequestedInformation,
1279 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1287 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1288 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1289 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1292 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor );
1294 HeapFree( GetProcessHeap(), 0, name );
1299 /******************************************************************************
1300 * SetFileSecurityW [ADVAPI32.@]
1301 * Sets the security of a file or directory
1305 * RequestedInformation []
1306 * pSecurityDescriptor []
1309 SetFileSecurityW( LPCWSTR lpFileName,
1310 SECURITY_INFORMATION RequestedInformation,
1311 PSECURITY_DESCRIPTOR pSecurityDescriptor )
1313 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1317 /******************************************************************************
1318 * QueryWindows31FilesMigration [ADVAPI32.@]
1324 QueryWindows31FilesMigration( DWORD x1 )
1326 FIXME("(%ld):stub\n",x1);
1330 /******************************************************************************
1331 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1340 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1343 FIXME("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1,x2,x3,x4);
1347 /******************************************************************************
1348 * LsaOpenPolicy [ADVAPI32.@]
1352 * ObjectAttributes [I]
1354 * PolicyHandle [I/O]
1358 IN PLSA_UNICODE_STRING SystemName,
1359 IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
1360 IN ACCESS_MASK DesiredAccess,
1361 IN OUT PLSA_HANDLE PolicyHandle)
1363 FIXME("(%s,%p,0x%08lx,%p):stub\n",
1364 SystemName?debugstr_w(SystemName->Buffer):"null",
1365 ObjectAttributes, DesiredAccess, PolicyHandle);
1366 ADVAPI_ForceLocalComputer(SystemName ? SystemName->Buffer : NULL,
1367 STATUS_ACCESS_VIOLATION);
1368 dumpLsaAttributes(ObjectAttributes);
1369 if(PolicyHandle) *PolicyHandle = (LSA_HANDLE)0xcafe;
1370 return STATUS_SUCCESS;
1373 /******************************************************************************
1374 * LsaQueryInformationPolicy [ADVAPI32.@]
1377 LsaQueryInformationPolicy(
1378 IN LSA_HANDLE PolicyHandle,
1379 IN POLICY_INFORMATION_CLASS InformationClass,
1382 FIXME("(%p,0x%08x,%p):stub\n",
1383 PolicyHandle, InformationClass, Buffer);
1385 if(!Buffer) return FALSE;
1386 switch (InformationClass)
1388 case PolicyAuditEventsInformation: /* 2 */
1390 PPOLICY_AUDIT_EVENTS_INFO p = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(POLICY_AUDIT_EVENTS_INFO));
1391 p->AuditingMode = FALSE; /* no auditing */
1395 case PolicyPrimaryDomainInformation: /* 3 */
1396 case PolicyAccountDomainInformation: /* 5 */
1399 { POLICY_PRIMARY_DOMAIN_INFO ppdi;
1402 SID_IDENTIFIER_AUTHORITY localSidAuthority = {SECURITY_NT_AUTHORITY};
1404 struct di * xdi = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(xdi));
1406 BOOL useDefault = TRUE;
1409 if ((ret = RegOpenKeyExA(HKEY_LOCAL_MACHINE,
1410 "System\\CurrentControlSet\\Services\\VxD\\VNETSUP", 0,
1411 KEY_READ, &key)) == ERROR_SUCCESS)
1414 static const WCHAR wg[] = { 'W','o','r','k','g','r','o','u','p',0 };
1416 ret = RegQueryValueExW(key, wg, NULL, NULL, NULL, &size);
1417 if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS)
1419 xdi->ppdi.Name.Buffer = HeapAlloc(GetProcessHeap(),
1420 HEAP_ZERO_MEMORY, size);
1421 if ((ret = RegQueryValueExW(key, wg, NULL, NULL,
1422 (LPBYTE)xdi->ppdi.Name.Buffer, &size)) == ERROR_SUCCESS)
1424 xdi->ppdi.Name.Length = (USHORT)size;
1429 HeapFree(GetProcessHeap(), 0, xdi->ppdi.Name.Buffer);
1430 xdi->ppdi.Name.Buffer = NULL;
1436 RtlCreateUnicodeStringFromAsciiz(&(xdi->ppdi.Name), "DOMAIN");
1437 TRACE("setting domain to %s\n", debugstr_w(xdi->ppdi.Name.Buffer));
1439 xdi->ppdi.Sid = &(xdi->sid);
1440 xdi->sid.Revision = SID_REVISION;
1441 xdi->sid.SubAuthorityCount = 1;
1442 xdi->sid.IdentifierAuthority = localSidAuthority;
1443 xdi->sid.SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID;
1447 case PolicyAuditLogInformation:
1448 case PolicyPdAccountInformation:
1449 case PolicyLsaServerRoleInformation:
1450 case PolicyReplicaSourceInformation:
1451 case PolicyDefaultQuotaInformation:
1452 case PolicyModificationInformation:
1453 case PolicyAuditFullSetInformation:
1454 case PolicyAuditFullQueryInformation:
1455 case PolicyDnsDomainInformation:
1457 FIXME("category not implemented\n");
1464 /******************************************************************************
1465 * LsaLookupSids [ADVAPI32.@]
1469 IN LSA_HANDLE PolicyHandle,
1472 OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1473 OUT PLSA_TRANSLATED_NAME *Names )
1475 FIXME("%p %lu %p %p %p\n",
1476 PolicyHandle, Count, Sids, ReferencedDomains, Names);
1480 /******************************************************************************
1481 * LsaFreeMemory [ADVAPI32.@]
1484 LsaFreeMemory(IN PVOID Buffer)
1486 TRACE("(%p)\n",Buffer);
1487 return HeapFree(GetProcessHeap(), 0, Buffer);
1489 /******************************************************************************
1490 * LsaClose [ADVAPI32.@]
1493 LsaClose(IN LSA_HANDLE ObjectHandle)
1495 FIXME("(%p):stub\n",ObjectHandle);
1499 /******************************************************************************
1500 * LsaStorePrivateData [ADVAPI32.@]
1502 NTSTATUS WINAPI LsaStorePrivateData( LSA_HANDLE PolicyHandle,
1503 PLSA_UNICODE_STRING KeyName, PLSA_UNICODE_STRING PrivateData)
1505 FIXME("%p %p %p\n", PolicyHandle, KeyName, PrivateData);
1506 return STATUS_OBJECT_NAME_NOT_FOUND;
1509 /******************************************************************************
1510 * LsaRetrievePrivateData [ADVAPI32.@]
1512 NTSTATUS WINAPI LsaRetrievePrivateData( LSA_HANDLE PolicyHandle,
1513 PLSA_UNICODE_STRING KeyName, PLSA_UNICODE_STRING* PrivateData)
1515 FIXME("%p %p %p\n", PolicyHandle, KeyName, PrivateData);
1516 return STATUS_OBJECT_NAME_NOT_FOUND;
1519 /******************************************************************************
1520 * LsaNtStatusToWinError [ADVAPI32.@]
1526 LsaNtStatusToWinError(NTSTATUS Status)
1528 return RtlNtStatusToDosError(Status);
1531 /******************************************************************************
1532 * NotifyBootConfigStatus [ADVAPI32.@]
1538 NotifyBootConfigStatus( DWORD x1 )
1540 FIXME("(0x%08lx):stub\n",x1);
1544 /******************************************************************************
1545 * RevertToSelf [ADVAPI32.@]
1551 RevertToSelf( void )
1553 FIXME("(), stub\n");
1557 /******************************************************************************
1558 * ImpersonateSelf [ADVAPI32.@]
1561 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1563 return RtlImpersonateSelf(ImpersonationLevel);
1566 /******************************************************************************
1567 * ImpersonateLoggedOnUser [ADVAPI32.@]
1569 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
1571 FIXME("(%p):stub returning FALSE\n", hToken);
1575 /******************************************************************************
1576 * AccessCheck [ADVAPI32.@]
1578 * FIXME check cast LPBOOL to PBOOLEAN
1582 PSECURITY_DESCRIPTOR SecurityDescriptor,
1584 DWORD DesiredAccess,
1585 PGENERIC_MAPPING GenericMapping,
1586 PPRIVILEGE_SET PrivilegeSet,
1587 LPDWORD PrivilegeSetLength,
1588 LPDWORD GrantedAccess,
1589 LPBOOL AccessStatus)
1591 CallWin32ToNt (NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
1592 GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, (PBOOLEAN)AccessStatus));
1596 /******************************************************************************
1597 * AccessCheckByType [ADVAPI32.@]
1599 BOOL WINAPI AccessCheckByType(
1600 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1601 PSID PrincipalSelfSid,
1603 DWORD DesiredAccess,
1604 POBJECT_TYPE_LIST ObjectTypeList,
1605 DWORD ObjectTypeListLength,
1606 PGENERIC_MAPPING GenericMapping,
1607 PPRIVILEGE_SET PrivilegeSet,
1608 LPDWORD PrivilegeSetLength,
1609 LPDWORD GrantedAccess,
1610 LPBOOL AccessStatus)
1614 *AccessStatus = TRUE;
1616 return !*AccessStatus;
1620 /*************************************************************************
1621 * SetKernelObjectSecurity [ADVAPI32.@]
1623 BOOL WINAPI SetKernelObjectSecurity (
1625 IN SECURITY_INFORMATION SecurityInformation,
1626 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
1628 CallWin32ToNt (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
1632 /******************************************************************************
1633 * AddAuditAccessAce [ADVAPI32.@]
1635 BOOL WINAPI AddAuditAccessAce(
1637 IN DWORD dwAceRevision,
1638 IN DWORD dwAccessMask,
1640 IN BOOL bAuditSuccess,
1641 IN BOOL bAuditFailure)
1647 /******************************************************************************
1648 * LookupAccountNameA [ADVAPI32.@]
1656 LPSTR ReferencedDomainName,
1657 IN OUT LPDWORD cbReferencedDomainName,
1658 OUT PSID_NAME_USE name_use )
1660 /* Default implementation: Always return a default SID */
1661 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
1664 static const char dm[] = "DOMAIN";
1666 FIXME("(%s,%s,%p,%p,%p,%p,%p), stub.\n",system,account,sid,cbSid,ReferencedDomainName,cbReferencedDomainName,name_use);
1668 ret = AllocateAndInitializeSid(&identifierAuthority,
1670 SECURITY_BUILTIN_DOMAIN_RID,
1671 DOMAIN_ALIAS_RID_ADMINS,
1677 if(!RtlValidSid(pSid))
1683 if (sid != NULL && (*cbSid >= GetLengthSid(pSid)))
1684 CopySid(*cbSid, sid, pSid);
1685 if (*cbSid < GetLengthSid(pSid))
1687 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1690 *cbSid = GetLengthSid(pSid);
1692 if (ReferencedDomainName != NULL && (*cbReferencedDomainName > strlen(dm)))
1693 strcpy(ReferencedDomainName, dm);
1694 if (*cbReferencedDomainName <= strlen(dm))
1696 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1699 *cbReferencedDomainName = strlen(dm)+1;
1706 /******************************************************************************
1707 * PrivilegeCheck [ADVAPI32.@]
1709 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
1711 FIXME("stub %p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
1717 /******************************************************************************
1718 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
1720 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
1721 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1722 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1723 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1725 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
1726 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
1727 SecurityDescriptor, DesiredAccess, GenericMapping,
1728 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1732 /******************************************************************************
1733 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
1735 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
1736 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1737 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1738 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1740 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
1741 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
1742 SecurityDescriptor, DesiredAccess, GenericMapping,
1743 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1748 /******************************************************************************
1749 * GetSecurityInfo [ADVAPI32.@]
1751 DWORD WINAPI GetSecurityInfo(
1752 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1753 SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner,
1754 PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl,
1755 PSECURITY_DESCRIPTOR *ppSecurityDescriptor
1759 return ERROR_BAD_PROVIDER;
1762 /******************************************************************************
1763 * GetSecurityInfoExW [ADVAPI32.@]
1765 DWORD WINAPI GetSecurityInfoExW(
1766 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1767 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
1768 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
1769 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
1773 return ERROR_BAD_PROVIDER;
1776 /******************************************************************************
1777 * BuildTrusteeWithSidA [ADVAPI32.@]
1779 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
1781 TRACE("%p %p\n", pTrustee, pSid);
1783 pTrustee->pMultipleTrustee = NULL;
1784 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1785 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
1786 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1787 pTrustee->ptstrName = (LPSTR) pSid;
1790 /******************************************************************************
1791 * BuildTrusteeWithSidW [ADVAPI32.@]
1793 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
1795 TRACE("%p %p\n", pTrustee, pSid);
1797 pTrustee->pMultipleTrustee = NULL;
1798 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1799 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
1800 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1801 pTrustee->ptstrName = (LPWSTR) pSid;
1804 /******************************************************************************
1805 * BuildTrusteeWithNameA [ADVAPI32.@]
1807 VOID WINAPI BuildTrusteeWithNameA(PTRUSTEEA pTrustee, LPSTR name)
1809 TRACE("%p %s\n", pTrustee, debugstr_a(name) );
1811 pTrustee->pMultipleTrustee = NULL;
1812 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1813 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
1814 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1815 pTrustee->ptstrName = name;
1818 /******************************************************************************
1819 * BuildTrusteeWithNameW [ADVAPI32.@]
1821 VOID WINAPI BuildTrusteeWithNameW(PTRUSTEEW pTrustee, LPWSTR name)
1823 TRACE("%p %s\n", pTrustee, debugstr_w(name) );
1825 pTrustee->pMultipleTrustee = NULL;
1826 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1827 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
1828 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1829 pTrustee->ptstrName = name;
1832 /******************************************************************************
1833 * SetEntriesInAclA [ADVAPI32.@]
1835 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
1836 PACL OldAcl, PACL* NewAcl )
1838 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1839 return ERROR_CALL_NOT_IMPLEMENTED;
1842 /******************************************************************************
1843 * SetEntriesInAclW [ADVAPI32.@]
1845 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
1846 PACL OldAcl, PACL* NewAcl )
1848 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1849 return ERROR_CALL_NOT_IMPLEMENTED;
1852 /******************************************************************************
1853 * SetNamedSecurityInfoA [ADVAPI32.@]
1855 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
1856 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1857 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1863 TRACE("%s %d %ld %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
1864 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1868 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
1869 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
1870 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
1873 r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner,
1874 psidGroup, pDacl, pSacl );
1877 HeapFree( GetProcessHeap(), 0, wstr );
1882 /******************************************************************************
1883 * AreAnyAccessesGranted [ADVAPI32.@]
1885 * Determines whether or not any of a set of specified access permissions have
1886 * been granted or not.
1889 * GrantedAccess [I] The permissions that have been granted.
1890 * DesiredAccess [I] The permissions that you want to have.
1893 * Nonzero if any of the permissions have been granted, zero if none of the
1894 * permissions have been granted.
1897 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
1899 return (GrantedAccess & DesiredAccess) != 0;
1902 /******************************************************************************
1903 * SetNamedSecurityInfoW [ADVAPI32.@]
1905 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
1906 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1907 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1909 FIXME("%s %d %ld %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
1910 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1911 return ERROR_CALL_NOT_IMPLEMENTED;
1914 /******************************************************************************
1915 * GetExplicitEntriesFromAclA [ADVAPI32.@]
1917 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
1918 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
1920 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1921 return ERROR_CALL_NOT_IMPLEMENTED;
1924 /******************************************************************************
1925 * GetExplicitEntriesFromAclW [ADVAPI32.@]
1927 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
1928 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
1930 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1931 return ERROR_CALL_NOT_IMPLEMENTED;
1935 /******************************************************************************
1936 * ParseAclStringFlags
1938 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
1941 LPCWSTR szAcl = *StringAcl;
1943 while (*szAcl != '(')
1947 flags |= SE_DACL_PROTECTED;
1949 else if (*szAcl == 'A')
1953 flags |= SE_DACL_AUTO_INHERIT_REQ;
1954 else if (*szAcl == 'I')
1955 flags |= SE_DACL_AUTO_INHERITED;
1964 /******************************************************************************
1965 * ParseAceStringType
1969 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
1970 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
1971 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
1972 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
1974 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
1975 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
1976 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
1977 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
1982 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
1985 LPCWSTR szAcl = *StringAcl;
1986 LPACEFLAG lpaf = AceType;
1988 while (lpaf->wstr &&
1989 (len = strlenW(lpaf->wstr)) &&
1990 strncmpW(lpaf->wstr, szAcl, len))
2001 /******************************************************************************
2002 * ParseAceStringFlags
2004 ACEFLAG AceFlags[] =
2006 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
2007 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
2008 { SDDL_INHERITED, INHERITED_ACE },
2009 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
2010 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
2011 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
2012 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
2016 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
2020 LPCWSTR szAcl = *StringAcl;
2022 while (*szAcl != ';')
2024 LPACEFLAG lpaf = AceFlags;
2026 while (lpaf->wstr &&
2027 (len = strlenW(lpaf->wstr)) &&
2028 strncmpW(lpaf->wstr, szAcl, len))
2034 flags |= lpaf->value;
2043 /******************************************************************************
2044 * ParseAceStringRights
2046 ACEFLAG AceRights[] =
2048 { SDDL_GENERIC_ALL, GENERIC_ALL },
2049 { SDDL_GENERIC_READ, GENERIC_READ },
2050 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
2051 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
2052 { SDDL_READ_CONTROL, READ_CONTROL },
2053 { SDDL_STANDARD_DELETE, DELETE },
2054 { SDDL_WRITE_DAC, WRITE_DAC },
2055 { SDDL_WRITE_OWNER, WRITE_OWNER },
2059 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
2063 LPCWSTR szAcl = *StringAcl;
2065 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2069 while (*p && *p != ';')
2074 rights = strtoulW(szAcl, NULL, 16);
2078 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2082 while (*szAcl != ';')
2084 LPACEFLAG lpaf = AceRights;
2086 while (lpaf->wstr &&
2087 (len = strlenW(lpaf->wstr)) &&
2088 strncmpW(lpaf->wstr, szAcl, len))
2096 rights |= lpaf->value;
2106 /******************************************************************************
2107 * ParseStringAclToAcl
2109 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
2111 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
2112 PACL pAcl, LPDWORD cBytes)
2116 DWORD length = sizeof(ACL);
2117 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
2119 TRACE("%s\n", debugstr_w(StringAcl));
2124 if (pAcl) /* pAce is only useful if we're setting values */
2125 pAce = (PACCESS_ALLOWED_ACE) ((LPBYTE)pAcl + sizeof(PACL));
2127 /* Parse ACL flags */
2128 *lpdwFlags = ParseAclStringFlags(&StringAcl);
2131 while (*StringAcl == '(')
2135 /* Parse ACE type */
2136 val = ParseAceStringType(&StringAcl);
2138 pAce->Header.AceType = (BYTE) val;
2139 if (*StringAcl != ';')
2143 /* Parse ACE flags */
2144 val = ParseAceStringFlags(&StringAcl);
2146 pAce->Header.AceFlags = (BYTE) val;
2147 if (*StringAcl != ';')
2151 /* Parse ACE rights */
2152 val = ParseAceStringRights(&StringAcl);
2155 if (*StringAcl != ';')
2159 /* Parse ACE object guid */
2160 if (*StringAcl != ';')
2162 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2167 /* Parse ACE inherit object guid */
2168 if (*StringAcl != ';')
2170 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2175 /* Parse ACE account sid */
2176 if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
2178 while (*StringAcl && *StringAcl != ')')
2182 if (*StringAcl != ')')
2186 length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
2193 WARN("Invalid ACE string format\n");
2198 /******************************************************************************
2199 * ParseStringSecurityDescriptorToSecurityDescriptor
2201 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
2202 LPCWSTR StringSecurityDescriptor,
2203 SECURITY_DESCRIPTOR* SecurityDescriptor,
2208 WCHAR tok[MAX_PATH];
2210 LPBYTE lpNext = NULL;
2214 if (SecurityDescriptor)
2215 lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
2217 while (*StringSecurityDescriptor)
2219 toktype = *StringSecurityDescriptor;
2221 /* Expect char identifier followed by ':' */
2222 StringSecurityDescriptor++;
2223 if (*StringSecurityDescriptor != ':')
2225 SetLastError(ERROR_INVALID_PARAMETER);
2228 StringSecurityDescriptor++;
2231 lptoken = StringSecurityDescriptor;
2232 while (*lptoken && *lptoken != ':')
2238 strncpyW(tok, StringSecurityDescriptor, lptoken - StringSecurityDescriptor);
2246 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
2249 if (SecurityDescriptor)
2251 SecurityDescriptor->Owner = (PSID) ((DWORD) lpNext -
2252 (DWORD) SecurityDescriptor);
2253 lpNext += bytes; /* Advance to next token */
2265 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
2268 if (SecurityDescriptor)
2270 SecurityDescriptor->Group = (PSID) ((DWORD) lpNext -
2271 (DWORD) SecurityDescriptor);
2272 lpNext += bytes; /* Advance to next token */
2285 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2288 if (SecurityDescriptor)
2290 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
2291 SecurityDescriptor->Dacl = (PACL) ((DWORD) lpNext -
2292 (DWORD) SecurityDescriptor);
2293 lpNext += bytes; /* Advance to next token */
2306 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2309 if (SecurityDescriptor)
2311 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
2312 SecurityDescriptor->Sacl = (PACL) ((DWORD) lpNext -
2313 (DWORD) SecurityDescriptor);
2314 lpNext += bytes; /* Advance to next token */
2323 FIXME("Unknown token\n");
2324 SetLastError(ERROR_INVALID_PARAMETER);
2328 StringSecurityDescriptor = lptoken;
2337 /******************************************************************************
2338 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2340 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
2341 LPCWSTR StringSecurityDescriptor,
2342 DWORD StringSDRevision,
2343 PSECURITY_DESCRIPTOR* SecurityDescriptor,
2344 PULONG SecurityDescriptorSize)
2347 SECURITY_DESCRIPTOR* psd;
2350 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2352 if (GetVersion() & 0x80000000)
2354 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2357 else if (StringSDRevision != SID_REVISION)
2359 SetLastError(ERROR_UNKNOWN_REVISION);
2363 /* Compute security descriptor length */
2364 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2368 psd = *SecurityDescriptor = (SECURITY_DESCRIPTOR*) LocalAlloc(
2369 GMEM_ZEROINIT, cBytes);
2371 psd->Revision = SID_REVISION;
2372 psd->Control |= SE_SELF_RELATIVE;
2374 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2381 if (SecurityDescriptorSize)
2382 *SecurityDescriptorSize = cBytes;
2387 TRACE(" ret=%d\n", bret);
2391 /******************************************************************************
2392 * ConvertStringSidToSidW [ADVAPI32.@]
2394 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
2399 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
2400 if (GetVersion() & 0x80000000)
2401 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2402 else if (!StringSid || !Sid)
2403 SetLastError(ERROR_INVALID_PARAMETER);
2404 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
2406 PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
2408 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
2412 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2416 /******************************************************************************
2417 * ConvertStringSidToSidA [ADVAPI32.@]
2419 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
2423 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
2424 if (GetVersion() & 0x80000000)
2425 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2426 else if (!StringSid || !Sid)
2427 SetLastError(ERROR_INVALID_PARAMETER);
2430 UINT len = MultiByteToWideChar(CP_ACP, 0, StringSid, -1, NULL, 0);
2431 LPWSTR wStringSid = (LPWSTR)HeapAlloc(GetProcessHeap(), 0,
2432 len * sizeof(WCHAR));
2434 MultiByteToWideChar(CP_ACP, 0, StringSid, -1, wStringSid, len);
2435 bret = ConvertStringSidToSidW(wStringSid, Sid);
2436 HeapFree(GetProcessHeap(), 0, wStringSid);
2438 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2442 /******************************************************************************
2443 * ConvertSidToStringSidW [ADVAPI32.@]
2445 * format of SID string is:
2446 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
2448 * <rev> is the revision of the SID encoded as decimal
2449 * <auth> is the identifier authority encoded as hex
2450 * <subauthN> is the subauthority id encoded as decimal
2452 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr )
2456 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
2457 WCHAR subauthfmt[] = { '-','%','u',0 };
2460 TRACE("%p %p\n", pSid, pstr );
2462 if( !IsValidSid( pSid ) )
2465 if (pisid->Revision != SDDL_REVISION)
2467 if (pisid->IdentifierAuthority.Value[0] ||
2468 pisid->IdentifierAuthority.Value[1])
2470 FIXME("not matching MS' bugs\n");
2474 sz = 14 + pisid->SubAuthorityCount * 11;
2475 str = LocalAlloc( 0, sz*sizeof(WCHAR) );
2476 sprintfW( str, fmt, pisid->Revision, MAKELONG(
2477 MAKEWORD( pisid->IdentifierAuthority.Value[5],
2478 pisid->IdentifierAuthority.Value[4] ),
2479 MAKEWORD( pisid->IdentifierAuthority.Value[3],
2480 pisid->IdentifierAuthority.Value[2] ) ) );
2481 for( i=0; i<pisid->SubAuthorityCount; i++ )
2482 sprintfW( str + strlenW(str), subauthfmt, pisid->SubAuthority[i] );
2488 /******************************************************************************
2489 * ConvertSidToStringSidA [ADVAPI32.@]
2491 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr)
2497 TRACE("%p %p\n", pSid, pstr );
2499 if( !ConvertSidToStringSidW( pSid, &wstr ) )
2502 len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL );
2503 str = LocalAlloc( 0, len );
2504 WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL );
2512 /******************************************************************************
2513 * ComputeStringSidSize
2515 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
2518 DWORD size = sizeof(SID);
2522 if (*StringSid == '-')
2528 size += (ctok - 3) * sizeof(DWORD);
2533 /******************************************************************************
2534 * ParseStringSidToSid
2536 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
2541 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
2544 SetLastError(ERROR_INVALID_PARAMETER);
2545 TRACE("StringSid is NULL, returning FALSE\n");
2549 *cBytes = ComputeStringSidSize(StringSid);
2550 if (!pisid) /* Simply compute the size */
2552 TRACE("only size requested, returning TRUE\n");
2556 if (*StringSid != 'S' || *StringSid != '-') /* S-R-I-S-S */
2558 DWORD i = 0, identAuth;
2559 DWORD csubauth = ((*cBytes - sizeof(SID)) / sizeof(DWORD)) + 1;
2561 StringSid += 2; /* Advance to Revision */
2562 pisid->Revision = atoiW(StringSid);
2564 if (pisid->Revision != SDDL_REVISION)
2566 TRACE("Revision %d is unknown\n", pisid->Revision);
2567 goto lend; /* ERROR_INVALID_SID */
2571 TRACE("SubAuthorityCount is 0\n");
2572 goto lend; /* ERROR_INVALID_SID */
2575 pisid->SubAuthorityCount = csubauth;
2577 /* Advance to identifier authority */
2578 while (*StringSid && *StringSid != '-')
2580 if (*StringSid == '-')
2583 /* MS' implementation can't handle values greater than 2^32 - 1, so
2584 * we don't either; assume most significant bytes are always 0
2586 pisid->IdentifierAuthority.Value[0] = 0;
2587 pisid->IdentifierAuthority.Value[1] = 0;
2588 identAuth = atoiW(StringSid);
2589 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
2590 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
2591 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
2592 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
2594 /* Advance to first sub authority */
2595 while (*StringSid && *StringSid != '-')
2597 if (*StringSid == '-')
2602 while (*StringSid && *StringSid != '-')
2605 pisid->SubAuthority[i++] = atoiW(StringSid);
2608 if (i != pisid->SubAuthorityCount)
2609 goto lend; /* ERROR_INVALID_SID */
2613 else /* String constant format - Only available in winxp and above */
2615 pisid->Revision = SDDL_REVISION;
2616 pisid->SubAuthorityCount = 1;
2618 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
2620 /* TODO: Lookup string of well-known SIDs in table */
2621 pisid->IdentifierAuthority.Value[5] = 0;
2622 pisid->SubAuthority[0] = 0;
2629 SetLastError(ERROR_INVALID_SID);
2631 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2635 /******************************************************************************
2636 * GetNamedSecurityInfoA [ADVAPI32.@]
2638 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
2639 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2640 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2641 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2647 TRACE("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
2648 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2652 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
2653 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
2654 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
2657 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
2658 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
2661 HeapFree( GetProcessHeap(), 0, wstr );
2666 /******************************************************************************
2667 * GetNamedSecurityInfoW [ADVAPI32.@]
2669 DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName,
2670 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2671 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2672 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2674 FIXME("%s %d %ld %p %p %p %p %p\n", debugstr_w(pObjectName), ObjectType, SecurityInfo,
2675 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2676 return ERROR_CALL_NOT_IMPLEMENTED;
2679 /******************************************************************************
2680 * DecryptFileW [ADVAPI32.@]
2682 BOOL WINAPI DecryptFileW(LPCWSTR lpFileName, DWORD dwReserved)
2684 FIXME("%s %08lx\n", debugstr_w(lpFileName), dwReserved);
2688 /******************************************************************************
2689 * DecryptFileA [ADVAPI32.@]
2691 BOOL WINAPI DecryptFileA(LPCSTR lpFileName, DWORD dwReserved)
2693 FIXME("%s %08lx\n", debugstr_a(lpFileName), dwReserved);
2697 /******************************************************************************
2698 * EncryptFileW [ADVAPI32.@]
2700 BOOL WINAPI EncryptFileW(LPCWSTR lpFileName)
2702 FIXME("%s\n", debugstr_w(lpFileName));
2706 /******************************************************************************
2707 * EncryptFileA [ADVAPI32.@]
2709 BOOL WINAPI EncryptFileA(LPCSTR lpFileName)
2711 FIXME("%s\n", debugstr_a(lpFileName));
projects / wine / blob