2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 * FIXME: for all functions thunking down to Rtl* functions: implement SetLastError()
38 #include "wine/debug.h"
39 #include "wine/unicode.h"
41 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
43 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
44 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
45 PACL pAcl, LPDWORD cBytes);
46 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
47 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
48 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
49 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
50 LPCWSTR StringSecurityDescriptor,
51 SECURITY_DESCRIPTOR* SecurityDescriptor,
53 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
55 typedef struct _ACEFLAG
59 } ACEFLAG, *LPACEFLAG;
64 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
65 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
66 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
67 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
68 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
69 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
70 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
71 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
76 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
77 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
78 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
79 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
80 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
81 static const WCHAR SDDL_ALARM[] = {'A','L',0};
82 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
83 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
88 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
89 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
90 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
91 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
92 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
93 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
94 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
96 #define CallWin32ToNt(func) \
99 if (ret !=STATUS_SUCCESS) \
100 { SetLastError (RtlNtStatusToDosError(ret)); return FALSE; } \
104 static void dumpLsaAttributes( PLSA_OBJECT_ATTRIBUTES oa )
108 TRACE("\n\tlength=%lu, rootdir=%p, objectname=%s\n\tattr=0x%08lx, sid=%p qos=%p\n",
109 oa->Length, oa->RootDirectory,
110 oa->ObjectName?debugstr_w(oa->ObjectName->Buffer):"null",
111 oa->Attributes, oa->SecurityDescriptor, oa->SecurityQualityOfService);
115 /************************************************************
116 * ADVAPI_IsLocalComputer
118 * Checks whether the server name indicates local machine.
120 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
128 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
132 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
133 Result = GetComputerNameW(buf, &dwSize);
134 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
136 Result = Result && !lstrcmpW(ServerName, buf);
137 HeapFree(GetProcessHeap(), 0, buf);
143 #define ADVAPI_ForceLocalComputer(ServerName, FailureCode) \
144 if (!ADVAPI_IsLocalComputer(ServerName)) \
146 FIXME("Action Implemented for local computer only. " \
147 "Requested for server %s\n", debugstr_w(ServerName)); \
148 return FailureCode; \
151 /* ##############################
152 ###### TOKEN FUNCTIONS ######
153 ##############################
156 /******************************************************************************
157 * OpenProcessToken [ADVAPI32.@]
158 * Opens the access token associated with a process handle.
161 * ProcessHandle [I] Handle to process
162 * DesiredAccess [I] Desired access to process
163 * TokenHandle [O] Pointer to handle of open access token
166 * Success: TRUE. TokenHandle contains the access token.
170 * See NtOpenProcessToken.
173 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
174 HANDLE *TokenHandle )
176 CallWin32ToNt(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
179 /******************************************************************************
180 * OpenThreadToken [ADVAPI32.@]
182 * Opens the access token associated with a thread handle.
185 * ThreadHandle [I] Handle to process
186 * DesiredAccess [I] Desired access to the thread
188 * TokenHandle [O] Destination for the token handle
191 * Success: TRUE. TokenHandle contains the access token.
195 * See NtOpenThreadToken.
198 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
199 BOOL OpenAsSelf, HANDLE *TokenHandle)
201 CallWin32ToNt (NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
204 /******************************************************************************
205 * AdjustTokenPrivileges [ADVAPI32.@]
207 * Adjust the privileges of an open token handle.
210 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
211 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
212 * NewState [I] Desired new privileges of the token
213 * BufferLength [I] Length of NewState
214 * PreviousState [O] Destination for the previous state
215 * ReturnLength [I/O] Size of PreviousState
219 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
223 * See NtAdjustPrivilegesToken.
226 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
227 LPVOID NewState, DWORD BufferLength,
228 LPVOID PreviousState, LPDWORD ReturnLength )
230 CallWin32ToNt(NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges, NewState, BufferLength, PreviousState, ReturnLength));
233 /******************************************************************************
234 * CheckTokenMembership [ADVAPI32.@]
236 * Determine if an access token is a member of a SID.
239 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
240 * SidToCheck [I] SID that possibly contains the token
241 * IsMember [O] Destination for result.
244 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
248 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
251 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
257 /******************************************************************************
258 * GetTokenInformation [ADVAPI32.@]
261 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
262 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
263 * tokeninfo [O] Destination for token information
264 * tokeninfolength [I] Length of tokeninfo
265 * retlen [O] Destination for returned token information length
268 * Success: TRUE. tokeninfo contains retlen bytes of token information
272 * See NtQueryInformationToken.
275 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
276 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
278 TRACE("(%p, %s, %p, %ld, %p): \n",
280 (tokeninfoclass == TokenUser) ? "TokenUser" :
281 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
282 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
283 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
284 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
285 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
286 (tokeninfoclass == TokenSource) ? "TokenSource" :
287 (tokeninfoclass == TokenType) ? "TokenType" :
288 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
289 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
290 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
291 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
292 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
293 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
294 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
296 tokeninfo, tokeninfolength, retlen);
297 CallWin32ToNt (NtQueryInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength, retlen));
300 /******************************************************************************
301 * SetTokenInformation [ADVAPI32.@]
303 * Set information for an access token.
306 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
307 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
308 * tokeninfo [I] Token information to set
309 * tokeninfolength [I] Length of tokeninfo
312 * Success: TRUE. The information for the token is set to tokeninfo.
316 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
317 LPVOID tokeninfo, DWORD tokeninfolength )
319 FIXME("(%p, %s, %p, %ld): stub\n",
321 (tokeninfoclass == TokenUser) ? "TokenUser" :
322 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
323 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
324 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
325 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
326 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
327 (tokeninfoclass == TokenSource) ? "TokenSource" :
328 (tokeninfoclass == TokenType) ? "TokenType" :
329 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
330 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
331 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
332 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
333 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
334 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
335 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
337 tokeninfo, tokeninfolength);
339 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
344 /*************************************************************************
345 * SetThreadToken [ADVAPI32.@]
347 * Assigns an 'impersonation token' to a thread so it can assume the
348 * security privileges of another thread or process. Can also remove
349 * a previously assigned token.
352 * thread [O] Handle to thread to set the token for
353 * token [I] Token to set
356 * Success: TRUE. The threads access token is set to token
360 * Only supported on NT or higher. On Win9X this function does nothing.
361 * See SetTokenInformation.
363 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
365 CallWin32ToNt (NtSetInformationThread( thread ? *thread : GetCurrentThread(),
366 ThreadImpersonationToken, &token, sizeof token ));
369 /* ##############################
370 ###### SID FUNCTIONS ######
371 ##############################
374 /******************************************************************************
375 * AllocateAndInitializeSid [ADVAPI32.@]
378 * pIdentifierAuthority []
379 * nSubAuthorityCount []
391 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
392 BYTE nSubAuthorityCount,
393 DWORD nSubAuthority0, DWORD nSubAuthority1,
394 DWORD nSubAuthority2, DWORD nSubAuthority3,
395 DWORD nSubAuthority4, DWORD nSubAuthority5,
396 DWORD nSubAuthority6, DWORD nSubAuthority7,
399 CallWin32ToNt (RtlAllocateAndInitializeSid(
400 pIdentifierAuthority, nSubAuthorityCount,
401 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
402 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
406 /******************************************************************************
407 * FreeSid [ADVAPI32.@]
416 return NULL; /* is documented like this */
419 /******************************************************************************
420 * CopySid [ADVAPI32.@]
423 * nDestinationSidLength []
428 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
430 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
433 /******************************************************************************
434 * IsValidSid [ADVAPI32.@]
440 IsValidSid( PSID pSid )
442 return RtlValidSid( pSid );
445 /******************************************************************************
446 * EqualSid [ADVAPI32.@]
453 EqualSid( PSID pSid1, PSID pSid2 )
455 return RtlEqualSid( pSid1, pSid2 );
458 /******************************************************************************
459 * EqualPrefixSid [ADVAPI32.@]
461 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
463 return RtlEqualPrefixSid(pSid1, pSid2);
466 /******************************************************************************
467 * GetSidLengthRequired [ADVAPI32.@]
470 * nSubAuthorityCount []
473 GetSidLengthRequired( BYTE nSubAuthorityCount )
475 return RtlLengthRequiredSid(nSubAuthorityCount);
478 /******************************************************************************
479 * InitializeSid [ADVAPI32.@]
482 * pIdentifierAuthority []
487 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
488 BYTE nSubAuthorityCount)
490 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
493 /******************************************************************************
494 * GetSidIdentifierAuthority [ADVAPI32.@]
499 PSID_IDENTIFIER_AUTHORITY WINAPI
500 GetSidIdentifierAuthority( PSID pSid )
502 return RtlIdentifierAuthoritySid(pSid);
505 /******************************************************************************
506 * GetSidSubAuthority [ADVAPI32.@]
513 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
515 return RtlSubAuthoritySid(pSid, nSubAuthority);
518 /******************************************************************************
519 * GetSidSubAuthorityCount [ADVAPI32.@]
525 GetSidSubAuthorityCount (PSID pSid)
527 return RtlSubAuthorityCountSid(pSid);
530 /******************************************************************************
531 * GetLengthSid [ADVAPI32.@]
537 GetLengthSid (PSID pSid)
539 return RtlLengthSid(pSid);
542 /* ##############################################
543 ###### SECURITY DESCRIPTOR FUNCTIONS ######
544 ##############################################
547 /******************************************************************************
548 * InitializeSecurityDescriptor [ADVAPI32.@]
555 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision )
557 CallWin32ToNt (RtlCreateSecurityDescriptor(pDescr, revision ));
561 /******************************************************************************
562 * MakeAbsoluteSD [ADVAPI32.@]
564 BOOL WINAPI MakeAbsoluteSD (
565 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
566 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
567 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
569 OUT LPDWORD lpdwDaclSize,
571 OUT LPDWORD lpdwSaclSize,
573 OUT LPDWORD lpdwOwnerSize,
574 OUT PSID pPrimaryGroup,
575 OUT LPDWORD lpdwPrimaryGroupSize)
577 CallWin32ToNt (RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
578 pAbsoluteSecurityDescriptor, lpdwAbsoluteSecurityDescriptorSize,
579 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize, pOwner, lpdwOwnerSize,
580 pPrimaryGroup, lpdwPrimaryGroupSize));
584 /******************************************************************************
585 * GetSecurityDescriptorLength [ADVAPI32.@]
587 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr)
589 return (RtlLengthSecurityDescriptor(pDescr));
592 /******************************************************************************
593 * GetSecurityDescriptorOwner [ADVAPI32.@]
597 * lpbOwnerDefaulted []
600 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner,
601 LPBOOL lpbOwnerDefaulted )
603 CallWin32ToNt (RtlGetOwnerSecurityDescriptor( pDescr, pOwner, (PBOOLEAN)lpbOwnerDefaulted ));
606 /******************************************************************************
607 * SetSecurityDescriptorOwner [ADVAPI32.@]
611 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
612 PSID pOwner, BOOL bOwnerDefaulted)
614 CallWin32ToNt (RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
616 /******************************************************************************
617 * GetSecurityDescriptorGroup [ADVAPI32.@]
619 BOOL WINAPI GetSecurityDescriptorGroup(
620 PSECURITY_DESCRIPTOR SecurityDescriptor,
622 LPBOOL GroupDefaulted)
624 CallWin32ToNt (RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, (PBOOLEAN)GroupDefaulted));
626 /******************************************************************************
627 * SetSecurityDescriptorGroup [ADVAPI32.@]
629 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
630 PSID Group, BOOL GroupDefaulted)
632 CallWin32ToNt (RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
635 /******************************************************************************
636 * IsValidSecurityDescriptor [ADVAPI32.@]
642 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
644 CallWin32ToNt (RtlValidSecurityDescriptor(SecurityDescriptor));
647 /******************************************************************************
648 * GetSecurityDescriptorDacl [ADVAPI32.@]
650 BOOL WINAPI GetSecurityDescriptorDacl(
651 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
652 OUT LPBOOL lpbDaclPresent,
654 OUT LPBOOL lpbDaclDefaulted)
656 CallWin32ToNt (RtlGetDaclSecurityDescriptor(pSecurityDescriptor, (PBOOLEAN)lpbDaclPresent,
657 pDacl, (PBOOLEAN)lpbDaclDefaulted));
660 /******************************************************************************
661 * SetSecurityDescriptorDacl [ADVAPI32.@]
664 SetSecurityDescriptorDacl (
665 PSECURITY_DESCRIPTOR lpsd,
670 CallWin32ToNt (RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ));
672 /******************************************************************************
673 * GetSecurityDescriptorSacl [ADVAPI32.@]
675 BOOL WINAPI GetSecurityDescriptorSacl(
676 IN PSECURITY_DESCRIPTOR lpsd,
677 OUT LPBOOL lpbSaclPresent,
679 OUT LPBOOL lpbSaclDefaulted)
681 CallWin32ToNt (RtlGetSaclSecurityDescriptor(lpsd,
682 (PBOOLEAN)lpbSaclPresent, pSacl, (PBOOLEAN)lpbSaclDefaulted));
685 /**************************************************************************
686 * SetSecurityDescriptorSacl [ADVAPI32.@]
688 BOOL WINAPI SetSecurityDescriptorSacl (
689 PSECURITY_DESCRIPTOR lpsd,
694 CallWin32ToNt (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
696 /******************************************************************************
697 * MakeSelfRelativeSD [ADVAPI32.@]
706 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
707 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
708 IN OUT LPDWORD lpdwBufferLength)
710 CallWin32ToNt (RtlMakeSelfRelativeSD(pAbsoluteSecurityDescriptor,pSelfRelativeSecurityDescriptor, lpdwBufferLength));
713 /******************************************************************************
714 * GetSecurityDescriptorControl [ADVAPI32.@]
717 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
718 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
720 CallWin32ToNt (RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
723 /* ##############################
724 ###### ACL FUNCTIONS ######
725 ##############################
728 /*************************************************************************
729 * InitializeAcl [ADVAPI32.@]
731 DWORD WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
733 CallWin32ToNt (RtlCreateAcl(acl, size, rev));
736 /******************************************************************************
737 * AddAccessAllowedAce [ADVAPI32.@]
739 BOOL WINAPI AddAccessAllowedAce(
741 IN DWORD dwAceRevision,
745 CallWin32ToNt(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
748 /******************************************************************************
749 * AddAccessAllowedAceEx [ADVAPI32.@]
751 BOOL WINAPI AddAccessAllowedAceEx(
753 IN DWORD dwAceRevision,
758 CallWin32ToNt(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
761 /******************************************************************************
762 * AddAccessDeniedAce [ADVAPI32.@]
764 BOOL WINAPI AddAccessDeniedAce(
766 IN DWORD dwAceRevision,
770 CallWin32ToNt(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
773 /******************************************************************************
774 * AddAccessDeniedAceEx [ADVAPI32.@]
776 BOOL WINAPI AddAccessDeniedAceEx(
778 IN DWORD dwAceRevision,
783 CallWin32ToNt(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
786 /******************************************************************************
787 * AddAce [ADVAPI32.@]
791 IN DWORD dwAceRevision,
792 IN DWORD dwStartingAceIndex,
794 DWORD nAceListLength)
796 CallWin32ToNt(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
799 /******************************************************************************
800 * DeleteAce [ADVAPI32.@]
802 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
804 CallWin32ToNt(RtlDeleteAce(pAcl, dwAceIndex));
807 /******************************************************************************
808 * FindFirstFreeAce [ADVAPI32.@]
810 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
812 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
815 /******************************************************************************
816 * GetAce [ADVAPI32.@]
818 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
820 CallWin32ToNt(RtlGetAce(pAcl, dwAceIndex, pAce));
823 /******************************************************************************
824 * GetAclInformation [ADVAPI32.@]
826 BOOL WINAPI GetAclInformation(
828 LPVOID pAclInformation,
829 DWORD nAclInformationLength,
830 ACL_INFORMATION_CLASS dwAclInformationClass)
832 CallWin32ToNt(RtlQueryInformationAcl(pAcl, pAclInformation,
833 nAclInformationLength, dwAclInformationClass));
836 /******************************************************************************
837 * IsValidAcl [ADVAPI32.@]
839 BOOL WINAPI IsValidAcl(IN PACL pAcl)
841 return RtlValidAcl(pAcl);
844 /* ##############################
845 ###### MISC FUNCTIONS ######
846 ##############################
849 static const char * const DefaultPrivNames[] =
852 "SeCreateTokenPrivilege", "SeAssignPrimaryTokenPrivilege",
853 "SeLockMemoryPrivilege", "SeIncreaseQuotaPrivilege",
854 "SeUnsolicitedInputPrivilege", "SeMachineAccountPrivilege",
855 "SeTcbPrivilege", "SeSecurityPrivilege",
856 "SeTakeOwnershipPrivilege", "SeLoadDriverPrivilege",
857 "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
858 "SeProfileSingleProcessPrivilege", "SeIncreaseBasePriorityPrivilege",
859 "SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege",
860 "SeBackupPrivilege", "SeRestorePrivilege",
861 "SeShutdownPrivilege", "SeDebugPrivilege",
862 "SeAuditPrivilege", "SeSystemEnvironmentPrivilege",
863 "SeChangeNotifyPrivilege", "SeRemoteShutdownPrivilege",
864 "SeUndockPrivilege", "SeSyncAgentPrivilege",
865 "SeEnableDelegationPrivilege", "SeManageVolumePrivilege",
866 "SeImpersonatePrivilege", "SeCreateGlobalPrivilege",
868 #define NUMPRIVS (sizeof DefaultPrivNames/sizeof DefaultPrivNames[0])
870 /******************************************************************************
871 * LookupPrivilegeValueW [ADVAPI32.@]
873 * See LookupPrivilegeValueA.
876 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
881 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
883 for( i=0; i<NUMPRIVS; i++ )
885 if( !DefaultPrivNames[i] )
887 MultiByteToWideChar( CP_ACP, 0, DefaultPrivNames[i], -1,
889 if( strcmpW( priv, lpName) )
892 lpLuid->HighPart = 0;
893 TRACE( "%s -> %08lx-%08lx\n",debugstr_w( lpSystemName ),
894 lpLuid->HighPart, lpLuid->LowPart );
900 /******************************************************************************
901 * LookupPrivilegeValueA [ADVAPI32.@]
903 * Retrieves LUID used on a system to represent the privilege name.
906 * lpSystemName [I] Name of the system
907 * lpName [I] Name of the privilege
908 * lpLuid [O] Destination for the resulting LUID
911 * Success: TRUE. lpLuid contains the requested LUID.
915 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
917 UNICODE_STRING lpSystemNameW;
918 UNICODE_STRING lpNameW;
921 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
922 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
923 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
924 RtlFreeUnicodeString(&lpNameW);
925 RtlFreeUnicodeString(&lpSystemNameW);
930 /******************************************************************************
931 * LookupPrivilegeNameA [ADVAPI32.@]
934 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
936 FIXME("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
940 /******************************************************************************
941 * LookupPrivilegeNameW [ADVAPI32.@]
944 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, LPDWORD cchName)
946 FIXME("%s %p %p %p\n", debugstr_w(lpSystemName), lpLuid, lpName, cchName);
950 /******************************************************************************
951 * GetFileSecurityA [ADVAPI32.@]
953 * Obtains Specified information about the security of a file or directory.
956 * lpFileName [I] Name of the file to get info for
957 * RequestedInformation [I] SE_ flags from "winnt.h"
958 * pSecurityDescriptor [O] Destination for security information
959 * nLength [I] Length of pSecurityDescriptor
960 * lpnLengthNeeded [O] Destination for length of returned security information
963 * Success: TRUE. pSecurityDescriptor contains the requested information.
964 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
967 * The information returned is constrained by the callers access rights and
971 GetFileSecurityA( LPCSTR lpFileName,
972 SECURITY_INFORMATION RequestedInformation,
973 PSECURITY_DESCRIPTOR pSecurityDescriptor,
974 DWORD nLength, LPDWORD lpnLengthNeeded )
982 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
983 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
984 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
987 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor,
988 nLength, lpnLengthNeeded );
990 HeapFree( GetProcessHeap(), 0, name );
995 /******************************************************************************
996 * GetFileSecurityW [ADVAPI32.@]
998 * See GetFileSecurityA.
1001 GetFileSecurityW( LPCWSTR lpFileName,
1002 SECURITY_INFORMATION RequestedInformation,
1003 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1004 DWORD nLength, LPDWORD lpnLengthNeeded )
1006 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1011 /******************************************************************************
1012 * LookupAccountSidA [ADVAPI32.@]
1019 IN OUT LPDWORD accountSize,
1021 IN OUT LPDWORD domainSize,
1022 OUT PSID_NAME_USE name_use )
1024 static const char ac[] = "Administrator";
1025 static const char dm[] = "DOMAIN";
1026 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1027 debugstr_a(system),sid,
1028 account,accountSize,accountSize?*accountSize:0,
1029 domain,domainSize,domainSize?*domainSize:0,
1032 if (accountSize) *accountSize = strlen(ac)+1;
1033 if (account && (*accountSize > strlen(ac)))
1034 strcpy(account, ac);
1036 if (domainSize) *domainSize = strlen(dm)+1;
1037 if (domain && (*domainSize > strlen(dm)))
1040 if (name_use) *name_use = SidTypeUser;
1044 /******************************************************************************
1045 * LookupAccountSidW [ADVAPI32.@]
1061 IN OUT LPDWORD accountSize,
1063 IN OUT LPDWORD domainSize,
1064 OUT PSID_NAME_USE name_use )
1066 static const WCHAR ac[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0};
1067 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
1068 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1069 debugstr_w(system),sid,
1070 account,accountSize,accountSize?*accountSize:0,
1071 domain,domainSize,domainSize?*domainSize:0,
1074 if (accountSize) *accountSize = strlenW(ac)+1;
1075 if (account && (*accountSize > strlenW(ac)))
1076 strcpyW(account, ac);
1078 if (domainSize) *domainSize = strlenW(dm)+1;
1079 if (domain && (*domainSize > strlenW(dm)))
1082 if (name_use) *name_use = SidTypeUser;
1086 /******************************************************************************
1087 * SetFileSecurityA [ADVAPI32.@]
1088 * Sets the security of a file or directory
1090 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
1091 SECURITY_INFORMATION RequestedInformation,
1092 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1100 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1101 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1102 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1105 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor );
1107 HeapFree( GetProcessHeap(), 0, name );
1112 /******************************************************************************
1113 * SetFileSecurityW [ADVAPI32.@]
1114 * Sets the security of a file or directory
1118 * RequestedInformation []
1119 * pSecurityDescriptor []
1122 SetFileSecurityW( LPCWSTR lpFileName,
1123 SECURITY_INFORMATION RequestedInformation,
1124 PSECURITY_DESCRIPTOR pSecurityDescriptor )
1126 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1130 /******************************************************************************
1131 * QueryWindows31FilesMigration [ADVAPI32.@]
1137 QueryWindows31FilesMigration( DWORD x1 )
1139 FIXME("(%ld):stub\n",x1);
1143 /******************************************************************************
1144 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1153 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1156 FIXME("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1,x2,x3,x4);
1160 /******************************************************************************
1161 * LsaOpenPolicy [ADVAPI32.@]
1171 IN PLSA_UNICODE_STRING SystemName,
1172 IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
1173 IN ACCESS_MASK DesiredAccess,
1174 IN OUT PLSA_HANDLE PolicyHandle)
1176 FIXME("(%s,%p,0x%08lx,%p):stub\n",
1177 SystemName?debugstr_w(SystemName->Buffer):"null",
1178 ObjectAttributes, DesiredAccess, PolicyHandle);
1179 ADVAPI_ForceLocalComputer(SystemName ? SystemName->Buffer : NULL,
1180 STATUS_ACCESS_VIOLATION);
1181 dumpLsaAttributes(ObjectAttributes);
1182 if(PolicyHandle) *PolicyHandle = (LSA_HANDLE)0xcafe;
1183 return STATUS_SUCCESS;
1186 /******************************************************************************
1187 * LsaQueryInformationPolicy [ADVAPI32.@]
1190 LsaQueryInformationPolicy(
1191 IN LSA_HANDLE PolicyHandle,
1192 IN POLICY_INFORMATION_CLASS InformationClass,
1195 FIXME("(%p,0x%08x,%p):stub\n",
1196 PolicyHandle, InformationClass, Buffer);
1198 if(!Buffer) return FALSE;
1199 switch (InformationClass)
1201 case PolicyAuditEventsInformation: /* 2 */
1203 PPOLICY_AUDIT_EVENTS_INFO p = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(POLICY_AUDIT_EVENTS_INFO));
1204 p->AuditingMode = FALSE; /* no auditing */
1208 case PolicyPrimaryDomainInformation: /* 3 */
1209 case PolicyAccountDomainInformation: /* 5 */
1212 { POLICY_PRIMARY_DOMAIN_INFO ppdi;
1215 SID_IDENTIFIER_AUTHORITY localSidAuthority = {SECURITY_NT_AUTHORITY};
1217 struct di * xdi = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(xdi));
1219 BOOL useDefault = TRUE;
1222 if ((ret = RegOpenKeyExA(HKEY_LOCAL_MACHINE,
1223 "System\\CurrentControlSet\\Services\\VxD\\VNETSUP", 0,
1224 KEY_READ, &key)) == ERROR_SUCCESS)
1227 static const WCHAR wg[] = { 'W','o','r','k','g','r','o','u','p',0 };
1229 ret = RegQueryValueExW(key, wg, NULL, NULL, NULL, &size);
1230 if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS)
1232 xdi->ppdi.Name.Buffer = HeapAlloc(GetProcessHeap(),
1233 HEAP_ZERO_MEMORY, size);
1234 if ((ret = RegQueryValueExW(key, wg, NULL, NULL,
1235 (LPBYTE)xdi->ppdi.Name.Buffer, &size)) == ERROR_SUCCESS)
1237 xdi->ppdi.Name.Length = (USHORT)size;
1242 HeapFree(GetProcessHeap(), 0, xdi->ppdi.Name.Buffer);
1243 xdi->ppdi.Name.Buffer = NULL;
1249 RtlCreateUnicodeStringFromAsciiz(&(xdi->ppdi.Name), "DOMAIN");
1250 TRACE("setting domain to %s\n", debugstr_w(xdi->ppdi.Name.Buffer));
1252 xdi->ppdi.Sid = &(xdi->sid);
1253 xdi->sid.Revision = SID_REVISION;
1254 xdi->sid.SubAuthorityCount = 1;
1255 xdi->sid.IdentifierAuthority = localSidAuthority;
1256 xdi->sid.SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID;
1260 case PolicyAuditLogInformation:
1261 case PolicyPdAccountInformation:
1262 case PolicyLsaServerRoleInformation:
1263 case PolicyReplicaSourceInformation:
1264 case PolicyDefaultQuotaInformation:
1265 case PolicyModificationInformation:
1266 case PolicyAuditFullSetInformation:
1267 case PolicyAuditFullQueryInformation:
1268 case PolicyDnsDomainInformation:
1270 FIXME("category not implemented\n");
1277 /******************************************************************************
1278 * LsaLookupSids [ADVAPI32.@]
1282 IN LSA_HANDLE PolicyHandle,
1285 OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1286 OUT PLSA_TRANSLATED_NAME *Names )
1288 FIXME("%p %lu %p %p %p\n",
1289 PolicyHandle, Count, Sids, ReferencedDomains, Names);
1293 /******************************************************************************
1294 * LsaFreeMemory [ADVAPI32.@]
1297 LsaFreeMemory(IN PVOID Buffer)
1299 TRACE("(%p)\n",Buffer);
1300 return HeapFree(GetProcessHeap(), 0, Buffer);
1302 /******************************************************************************
1303 * LsaClose [ADVAPI32.@]
1306 LsaClose(IN LSA_HANDLE ObjectHandle)
1308 FIXME("(%p):stub\n",ObjectHandle);
1312 /******************************************************************************
1313 * LsaNtStatusToWinError [ADVAPI32.@]
1319 LsaNtStatusToWinError(NTSTATUS Status)
1321 return RtlNtStatusToDosError(Status);
1324 /******************************************************************************
1325 * NotifyBootConfigStatus [ADVAPI32.@]
1331 NotifyBootConfigStatus( DWORD x1 )
1333 FIXME("(0x%08lx):stub\n",x1);
1337 /******************************************************************************
1338 * RevertToSelf [ADVAPI32.@]
1344 RevertToSelf( void )
1346 FIXME("(), stub\n");
1350 /******************************************************************************
1351 * ImpersonateSelf [ADVAPI32.@]
1354 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1356 return RtlImpersonateSelf(ImpersonationLevel);
1359 /******************************************************************************
1360 * ImpersonateLoggedOnUser [ADVAPI32.@]
1362 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
1364 FIXME("(%p):stub returning FALSE\n", hToken);
1368 /******************************************************************************
1369 * AccessCheck [ADVAPI32.@]
1371 * FIXME check cast LPBOOL to PBOOLEAN
1375 PSECURITY_DESCRIPTOR SecurityDescriptor,
1377 DWORD DesiredAccess,
1378 PGENERIC_MAPPING GenericMapping,
1379 PPRIVILEGE_SET PrivilegeSet,
1380 LPDWORD PrivilegeSetLength,
1381 LPDWORD GrantedAccess,
1382 LPBOOL AccessStatus)
1384 CallWin32ToNt (NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
1385 GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, (PBOOLEAN)AccessStatus));
1389 /******************************************************************************
1390 * AccessCheckByType [ADVAPI32.@]
1392 BOOL WINAPI AccessCheckByType(
1393 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1394 PSID PrincipalSelfSid,
1396 DWORD DesiredAccess,
1397 POBJECT_TYPE_LIST ObjectTypeList,
1398 DWORD ObjectTypeListLength,
1399 PGENERIC_MAPPING GenericMapping,
1400 PPRIVILEGE_SET PrivilegeSet,
1401 LPDWORD PrivilegeSetLength,
1402 LPDWORD GrantedAccess,
1403 LPBOOL AccessStatus)
1407 *AccessStatus = TRUE;
1409 return !*AccessStatus;
1413 /*************************************************************************
1414 * SetKernelObjectSecurity [ADVAPI32.@]
1416 BOOL WINAPI SetKernelObjectSecurity (
1418 IN SECURITY_INFORMATION SecurityInformation,
1419 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
1421 CallWin32ToNt (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
1425 /******************************************************************************
1426 * AddAuditAccessAce [ADVAPI32.@]
1428 BOOL WINAPI AddAuditAccessAce(
1430 IN DWORD dwAceRevision,
1431 IN DWORD dwAccessMask,
1433 IN BOOL bAuditSuccess,
1434 IN BOOL bAuditFailure)
1440 /******************************************************************************
1441 * LookupAccountNameA [ADVAPI32.@]
1449 LPSTR ReferencedDomainName,
1450 IN OUT LPDWORD cbReferencedDomainName,
1451 OUT PSID_NAME_USE name_use )
1453 FIXME("(%s,%s,%p,%p,%p,%p,%p), stub.\n",system,account,sid,cbSid,ReferencedDomainName,cbReferencedDomainName,name_use);
1457 /******************************************************************************
1458 * PrivilegeCheck [ADVAPI32.@]
1460 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
1462 FIXME("stub %p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
1468 /******************************************************************************
1469 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
1471 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
1472 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1473 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1474 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1476 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
1477 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
1478 SecurityDescriptor, DesiredAccess, GenericMapping,
1479 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1483 /******************************************************************************
1484 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
1486 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
1487 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1488 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1489 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1491 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
1492 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
1493 SecurityDescriptor, DesiredAccess, GenericMapping,
1494 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1499 /******************************************************************************
1500 * GetSecurityInfoExW [ADVAPI32.@]
1502 DWORD WINAPI GetSecurityInfoExW(
1503 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1504 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
1505 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
1506 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
1510 return ERROR_BAD_PROVIDER;
1513 /******************************************************************************
1514 * BuildTrusteeWithSidA [ADVAPI32.@]
1516 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
1518 TRACE("%p %p\n", pTrustee, pSid);
1520 pTrustee->pMultipleTrustee = NULL;
1521 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1522 pTrustee->TrusteeForm = NO_MULTIPLE_TRUSTEE;
1523 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1524 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1525 pTrustee->ptstrName = (LPSTR) pSid;
1528 /******************************************************************************
1529 * BuildTrusteeWithSidW [ADVAPI32.@]
1531 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
1533 TRACE("%p %p\n", pTrustee, pSid);
1535 pTrustee->pMultipleTrustee = NULL;
1536 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1537 pTrustee->TrusteeForm = NO_MULTIPLE_TRUSTEE;
1538 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1539 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1540 pTrustee->ptstrName = (LPWSTR) pSid;
1543 /******************************************************************************
1544 * SetEntriesInAclA [ADVAPI32.@]
1546 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
1547 PACL OldAcl, PACL* NewAcl )
1549 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1550 return ERROR_CALL_NOT_IMPLEMENTED;
1553 /******************************************************************************
1554 * SetEntriesInAclW [ADVAPI32.@]
1556 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
1557 PACL OldAcl, PACL* NewAcl )
1559 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1560 return ERROR_CALL_NOT_IMPLEMENTED;
1563 /******************************************************************************
1564 * SetNamedSecurityInfoA [ADVAPI32.@]
1566 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
1567 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1568 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1574 TRACE("%s %d %ld %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
1575 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1579 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
1580 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
1581 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
1584 r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner,
1585 psidGroup, pDacl, pSacl );
1588 HeapFree( GetProcessHeap(), 0, wstr );
1593 /******************************************************************************
1594 * AreAnyAccessesGranted [ADVAPI32.@]
1596 * Determines whether or not any of a set of specified access permissions have
1597 * been granted or not.
1600 * GrantedAccess [I] The permissions that have been granted.
1601 * DesiredAccess [I] The permissions that you want to have.
1604 * Nonzero if any of the permissions have been granted, zero if none of the
1605 * permissions have been granted.
1608 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
1610 return (GrantedAccess & DesiredAccess) != 0;
1613 /******************************************************************************
1614 * SetNamedSecurityInfoW [ADVAPI32.@]
1616 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
1617 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1618 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1620 FIXME("%s %d %ld %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
1621 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1622 return ERROR_CALL_NOT_IMPLEMENTED;
1625 /******************************************************************************
1626 * GetExplicitEntriesFromAclA [ADVAPI32.@]
1628 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
1629 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
1631 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1632 return ERROR_CALL_NOT_IMPLEMENTED;
1635 /******************************************************************************
1636 * GetExplicitEntriesFromAclW [ADVAPI32.@]
1638 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
1639 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
1641 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1642 return ERROR_CALL_NOT_IMPLEMENTED;
1646 /******************************************************************************
1647 * ParseAclStringFlags
1649 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
1652 LPCWSTR szAcl = *StringAcl;
1654 while (*szAcl != '(')
1658 flags |= SE_DACL_PROTECTED;
1660 else if (*szAcl == 'A')
1664 flags |= SE_DACL_AUTO_INHERIT_REQ;
1665 else if (*szAcl == 'I')
1666 flags |= SE_DACL_AUTO_INHERITED;
1675 /******************************************************************************
1676 * ParseAceStringType
1680 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
1681 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
1682 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
1683 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
1685 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
1686 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
1687 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
1688 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
1693 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
1696 LPCWSTR szAcl = *StringAcl;
1697 LPACEFLAG lpaf = AceType;
1699 while (lpaf->wstr &&
1700 (len = strlenW(lpaf->wstr)) &&
1701 strncmpW(lpaf->wstr, szAcl, len))
1712 /******************************************************************************
1713 * ParseAceStringFlags
1715 ACEFLAG AceFlags[] =
1717 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
1718 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
1719 { SDDL_INHERITED, INHERITED_ACE },
1720 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
1721 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
1722 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
1723 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
1727 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
1731 LPCWSTR szAcl = *StringAcl;
1733 while (*szAcl != ';')
1735 LPACEFLAG lpaf = AceFlags;
1737 while (lpaf->wstr &&
1738 (len = strlenW(lpaf->wstr)) &&
1739 strncmpW(lpaf->wstr, szAcl, len))
1745 flags |= lpaf->value;
1754 /******************************************************************************
1755 * ParseAceStringRights
1757 ACEFLAG AceRights[] =
1759 { SDDL_GENERIC_ALL, GENERIC_ALL },
1760 { SDDL_GENERIC_READ, GENERIC_READ },
1761 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
1762 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
1763 { SDDL_READ_CONTROL, READ_CONTROL },
1764 { SDDL_STANDARD_DELETE, DELETE },
1765 { SDDL_WRITE_DAC, WRITE_DAC },
1766 { SDDL_WRITE_OWNER, WRITE_OWNER },
1770 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
1774 LPCWSTR szAcl = *StringAcl;
1776 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
1780 while (*p && *p != ';')
1785 rights = strtoulW(szAcl, NULL, 16);
1789 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
1793 while (*szAcl != ';')
1795 LPACEFLAG lpaf = AceRights;
1797 while (lpaf->wstr &&
1798 (len = strlenW(lpaf->wstr)) &&
1799 strncmpW(lpaf->wstr, szAcl, len))
1807 rights |= lpaf->value;
1817 /******************************************************************************
1818 * ParseStringAclToAcl
1820 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
1822 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
1823 PACL pAcl, LPDWORD cBytes)
1827 DWORD length = sizeof(ACL);
1828 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
1830 TRACE("%s\n", debugstr_w(StringAcl));
1835 if (pAcl) /* pAce is only useful if we're setting values */
1836 pAce = (PACCESS_ALLOWED_ACE) ((LPBYTE)pAcl + sizeof(PACL));
1838 /* Parse ACL flags */
1839 *lpdwFlags = ParseAclStringFlags(&StringAcl);
1842 while (*StringAcl == '(')
1846 /* Parse ACE type */
1847 val = ParseAceStringType(&StringAcl);
1849 pAce->Header.AceType = (BYTE) val;
1850 if (*StringAcl != ';')
1854 /* Parse ACE flags */
1855 val = ParseAceStringFlags(&StringAcl);
1857 pAce->Header.AceFlags = (BYTE) val;
1858 if (*StringAcl != ';')
1862 /* Parse ACE rights */
1863 val = ParseAceStringRights(&StringAcl);
1866 if (*StringAcl != ';')
1870 /* Parse ACE object guid */
1871 if (*StringAcl != ';')
1873 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
1878 /* Parse ACE inherit object guid */
1879 if (*StringAcl != ';')
1881 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
1886 /* Parse ACE account sid */
1887 if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
1889 while (*StringAcl && *StringAcl != ')')
1893 if (*StringAcl != ')')
1897 length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
1904 WARN("Invalid ACE string format\n");
1909 /******************************************************************************
1910 * ParseStringSecurityDescriptorToSecurityDescriptor
1912 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
1913 LPCWSTR StringSecurityDescriptor,
1914 SECURITY_DESCRIPTOR* SecurityDescriptor,
1919 WCHAR tok[MAX_PATH];
1921 LPBYTE lpNext = NULL;
1925 if (SecurityDescriptor)
1926 lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
1928 while (*StringSecurityDescriptor)
1930 toktype = *StringSecurityDescriptor;
1932 /* Expect char identifier followed by ':' */
1933 StringSecurityDescriptor++;
1934 if (*StringSecurityDescriptor != ':')
1936 SetLastError(ERROR_INVALID_PARAMETER);
1939 StringSecurityDescriptor++;
1942 lptoken = StringSecurityDescriptor;
1943 while (*lptoken && *lptoken != ':')
1949 strncpyW(tok, StringSecurityDescriptor, lptoken - StringSecurityDescriptor);
1957 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
1960 if (SecurityDescriptor)
1962 SecurityDescriptor->Owner = (PSID) ((DWORD) lpNext -
1963 (DWORD) SecurityDescriptor);
1964 lpNext += bytes; /* Advance to next token */
1976 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
1979 if (SecurityDescriptor)
1981 SecurityDescriptor->Group = (PSID) ((DWORD) lpNext -
1982 (DWORD) SecurityDescriptor);
1983 lpNext += bytes; /* Advance to next token */
1996 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
1999 if (SecurityDescriptor)
2001 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
2002 SecurityDescriptor->Dacl = (PACL) ((DWORD) lpNext -
2003 (DWORD) SecurityDescriptor);
2004 lpNext += bytes; /* Advance to next token */
2017 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2020 if (SecurityDescriptor)
2022 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
2023 SecurityDescriptor->Sacl = (PACL) ((DWORD) lpNext -
2024 (DWORD) SecurityDescriptor);
2025 lpNext += bytes; /* Advance to next token */
2034 FIXME("Unknown token\n");
2035 SetLastError(ERROR_INVALID_PARAMETER);
2039 StringSecurityDescriptor = lptoken;
2048 /******************************************************************************
2049 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2051 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
2052 LPCWSTR StringSecurityDescriptor,
2053 DWORD StringSDRevision,
2054 PSECURITY_DESCRIPTOR* SecurityDescriptor,
2055 PULONG SecurityDescriptorSize)
2058 SECURITY_DESCRIPTOR* psd;
2061 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2063 if (GetVersion() & 0x80000000)
2065 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2068 else if (StringSDRevision != SID_REVISION)
2070 SetLastError(ERROR_UNKNOWN_REVISION);
2074 /* Compute security descriptor length */
2075 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2079 psd = *SecurityDescriptor = (SECURITY_DESCRIPTOR*) LocalAlloc(
2080 GMEM_ZEROINIT, cBytes);
2082 psd->Revision = SID_REVISION;
2083 psd->Control |= SE_SELF_RELATIVE;
2085 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2092 if (SecurityDescriptorSize)
2093 *SecurityDescriptorSize = cBytes;
2098 TRACE(" ret=%d\n", bret);
2102 /******************************************************************************
2103 * ConvertStringSidToSidW [ADVAPI32.@]
2105 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
2110 if (GetVersion() & 0x80000000)
2111 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2112 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
2114 PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
2116 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
2124 /******************************************************************************
2125 * ConvertSidToStringSidW [ADVAPI32.@]
2127 * format of SID string is:
2128 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
2130 * <rev> is the revision of the SID encoded as decimal
2131 * <auth> is the identifier authority encoded as hex
2132 * <subauthN> is the subauthority id encoded as decimal
2134 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr )
2139 'S','-','%','u','-','%','2','X','%','2','X','%','X','%','X','%','X','%','X',0 };
2140 WCHAR subauthfmt[] = { '-','%','u',0 };
2143 TRACE("%p %p\n", pSid, pstr );
2145 if( !IsValidSid( pSid ) )
2148 if (pisid->Revision != SDDL_REVISION)
2151 sz = 14 + pisid->SubAuthorityCount * 11;
2152 str = LocalAlloc( 0, sz*sizeof(WCHAR) );
2153 sprintfW( str, fmt, pisid->Revision,
2154 pisid->IdentifierAuthority.Value[2],
2155 pisid->IdentifierAuthority.Value[3],
2156 pisid->IdentifierAuthority.Value[0]&0x0f,
2157 pisid->IdentifierAuthority.Value[4]&0x0f,
2158 pisid->IdentifierAuthority.Value[1]&0x0f,
2159 pisid->IdentifierAuthority.Value[5]&0x0f);
2160 for( i=0; i<pisid->SubAuthorityCount; i++ )
2161 sprintfW( str + strlenW(str), subauthfmt, pisid->SubAuthority[i] );
2167 /******************************************************************************
2168 * ConvertSidToStringSidA [ADVAPI32.@]
2170 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr)
2176 TRACE("%p %p\n", pSid, pstr );
2178 if( !ConvertSidToStringSidW( pSid, &wstr ) )
2181 len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL );
2182 str = LocalAlloc( 0, len );
2183 WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL );
2191 /******************************************************************************
2192 * ComputeStringSidSize
2194 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
2197 DWORD size = sizeof(SID);
2201 if (*StringSid == '-')
2207 size += (ctok - 3) * sizeof(DWORD);
2212 /******************************************************************************
2213 * ParseStringSidToSid
2215 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
2222 SetLastError(ERROR_INVALID_PARAMETER);
2226 *cBytes = ComputeStringSidSize(StringSid);
2227 if (!pisid) /* Simply compute the size */
2230 if (*StringSid != 'S' || *StringSid != '-') /* S-R-I-S-S */
2233 int csubauth = ((*cBytes - sizeof(SID)) / sizeof(DWORD)) + 1;
2235 StringSid += 2; /* Advance to Revision */
2236 pisid->Revision = atoiW(StringSid);
2238 if (pisid->Revision != SDDL_REVISION)
2239 goto lend; /* ERROR_INVALID_SID */
2241 pisid->SubAuthorityCount = csubauth;
2243 while (*StringSid && *StringSid != '-')
2244 StringSid++; /* Advance to identifier authority */
2246 pisid->IdentifierAuthority.Value[5] = atoiW(StringSid);
2248 if (pisid->IdentifierAuthority.Value[5] > 5)
2249 goto lend; /* ERROR_INVALID_SID */
2253 while (*StringSid && *StringSid != '-')
2256 pisid->SubAuthority[i++] = atoiW(StringSid);
2259 if (i != pisid->SubAuthorityCount)
2260 goto lend; /* ERROR_INVALID_SID */
2264 else /* String constant format - Only available in winxp and above */
2266 pisid->Revision = SDDL_REVISION;
2267 pisid->SubAuthorityCount = 1;
2269 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
2271 /* TODO: Lookup string of well-known SIDs in table */
2272 pisid->IdentifierAuthority.Value[5] = 0;
2273 pisid->SubAuthority[0] = 0;
2280 SetLastError(ERROR_INVALID_SID);
2285 /******************************************************************************
2286 * GetNamedSecurityInfoA [ADVAPI32.@]
2288 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
2289 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2290 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2291 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2297 TRACE("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
2298 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2302 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
2303 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
2304 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
2307 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
2308 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
2311 HeapFree( GetProcessHeap(), 0, wstr );
2316 /******************************************************************************
2317 * GetNamedSecurityInfoW [ADVAPI32.@]
2319 DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName,
2320 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2321 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2322 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2324 FIXME("%s %d %ld %p %p %p %p %p\n", debugstr_w(pObjectName), ObjectType, SecurityInfo,
2325 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2326 return ERROR_CALL_NOT_IMPLEMENTED;
projects / wine / blob